[go: up one dir, main page]

HK1215905B - Usb key, method for writing usb key digital certificate and apparatus - Google Patents

Usb key, method for writing usb key digital certificate and apparatus Download PDF

Info

Publication number
HK1215905B
HK1215905B HK16103805.1A HK16103805A HK1215905B HK 1215905 B HK1215905 B HK 1215905B HK 16103805 A HK16103805 A HK 16103805A HK 1215905 B HK1215905 B HK 1215905B
Authority
HK
Hong Kong
Prior art keywords
certificate
usb key
key
request
signature
Prior art date
Application number
HK16103805.1A
Other languages
Chinese (zh)
Other versions
HK1215905A1 (en
Inventor
夏巨鹏
Original Assignee
创新先进技术有限公司
Filing date
Publication date
Priority claimed from CN201410353939.6A external-priority patent/CN105281908B/en
Application filed by 创新先进技术有限公司 filed Critical 创新先进技术有限公司
Publication of HK1215905A1 publication Critical patent/HK1215905A1/en
Publication of HK1215905B publication Critical patent/HK1215905B/en

Links

Description

USB Key、USB Key数字证书写入方法和装置USB Key, USB Key digital certificate writing method and device

技术领域Technical Field

本申请涉及信息安全领域,尤其涉及一种USB Key、USB Key数字证书写入方法和装置。The present application relates to the field of information security, and in particular to a USB Key and a method and device for writing a USB Key digital certificate.

背景技术Background Art

随着互联网技术的广泛发展,信息安全问题尤为突出,USB Key应运而生。USB Key是一种USB接口的硬件设备,它内置单片机或智能卡芯片,有一定的存储空间,可以存储用户的私钥和数字证书。数字证书由第三方权威机构CA机构(Certificate Authority,证书授权中心)发行,使用USB Key设备的用户通过数字证书来表明用户的身份。With the widespread development of internet technology, information security issues have become increasingly prominent, leading to the emergence of USB keys. A USB key is a hardware device with a USB interface. It has a built-in microcontroller or smart card chip and a certain amount of storage space for users' private keys and digital certificates. Digital certificates are issued by a third-party authority, a Certificate Authority (CA). Users of USB key devices use digital certificates to verify their identity.

其中,将数字证书写入USB Key的过程如下:The process of writing a digital certificate to a USB key is as follows:

1.客户端请求USB Key生成非对称的密钥对;1. The client requests the USB Key to generate an asymmetric key pair;

2.客户端使用该非对称的密钥对生成CSR(Certificate Signing Request,证书请求文件),并发送给服务端;2. The client uses the asymmetric key pair to generate a CSR (Certificate Signing Request) and sends it to the server;

3.服务端在校验USB Key合法时,颁发数字证书;3. The server issues a digital certificate after verifying the legitimacy of the USB Key;

4.客户端将所述数字证书写入USB Key,并将其与私钥进行关联。4. The client writes the digital certificate into the USB Key and associates it with the private key.

上述步骤中,服务端通过USB Key的序列号校验USB Key是否合法。然而,USB Key的序列号是一个字符串,极易被伪造并提交到服务端,故难以保证用户的数字证书被写入到合法的USB Key中。In the above steps, the server verifies whether the USB key is legitimate by its serial number. However, the USB key serial number is a string of characters that can be easily forged and submitted to the server, making it difficult to ensure that the user's digital certificate is written into a legitimate USB key.

针对序列号极易被仿造的问题,还可以在USB Key中内置一个外界无法获取到的共享密钥对,由服务端存储USB Key序列号和所述共享密钥对的对应关系。客户端在生成CSR时,使用所述共享密钥对的私钥加密CSR,如果服务端解密成功,则认为所述USB Key合法。To address the issue of serial numbers being easily forged, a shared key pair can be embedded in the USB key, which is inaccessible to the outside world. The server stores the correspondence between the USB key serial number and the shared key pair. When the client generates a CSR, it encrypts the CSR using the private key of the shared key pair. If the server successfully decrypts the CSR, the USB key is considered legitimate.

然而,在这样的实现方式中,攻击者可以自行生成共享密钥对和CSR,然后随机生成的一个序列号,发送给服务端进行校验,也难以保证用户的数字证书被写入到合法的USBKey中。However, in such an implementation, an attacker can generate a shared key pair and CSR by himself, and then randomly generate a serial number and send it to the server for verification. It is also difficult to ensure that the user's digital certificate is written into a legitimate USBKey.

发明内容Summary of the Invention

有鉴于此,本申请提供一种USB Key、USB Key数字证书写入方法和装置。In view of this, the present application provides a USB Key, a method and an apparatus for writing a USB Key digital certificate.

具体地,本申请是通过如下技术方案实现的:Specifically, this application is implemented through the following technical solutions:

一种USB Key数字证书写入方法,所述方法包括:A method for writing a USB Key digital certificate, the method comprising:

接收客户端发送的第一签名证书请求,所述第一签名证书请求由客户端使用USBKey内置的标识数字证书及其对应的第一私钥签名数字证书请求而生成;Receive a first signature certificate request sent by a client, where the first signature certificate request is generated by the client using a built-in identification digital certificate of a USBKey and its corresponding first private key to sign the digital certificate request;

根据所述第一签名证书请求校验所述USB Key是否合法;Verify whether the USB Key is legitimate according to the first signature certificate request;

在校验所述USB Key合法时,颁发数字证书,以供客户端将所述数字证书写入所述USB Key。When the USB Key is verified to be legitimate, a digital certificate is issued so that the client can write the digital certificate into the USB Key.

进一步地,所述根据所述第一签名证书请求校验所述USB Key的合法性包括:Furthermore, the requesting to verify the legitimacy of the USB Key according to the first signature certificate includes:

校验所述第一签名证书请求;Verifying the first signed certificate request;

如果校验所述第一签名证书请求成功,则校验所述标识证书的合法性;If the verification of the first signature certificate request is successful, then verifying the legitimacy of the identification certificate;

如果校验所述标识证书合法,则校验所述数字证书请求;If the identification certificate is verified to be legal, verify the digital certificate request;

如果校验所述数字证书请求成功,则确认所述USB Key合法。If the digital certificate request is successfully verified, the USB Key is confirmed to be legitimate.

进一步地,所述校验所述第一签名证书请求包括:Furthermore, the verifying the first signature certificate request includes:

获取所述第一签名证书请求中携带的所述标识数字证书对应的第一公钥;Obtaining a first public key corresponding to the identification digital certificate carried in the first signature certificate request;

使用所述第一公钥校验所述第一签名证书请求。The first signed certificate request is verified using the first public key.

进一步地,所述校验所述标识证书的合法性包括:Furthermore, the verifying the legitimacy of the identification certificate includes:

从所述标识证书中获取所述标识证书的发行者;Obtaining the issuer of the identification certificate from the identification certificate;

查找所述发行者对应的子CA证书;Find the sub-CA certificate corresponding to the issuer;

使用所述子CA证书中携带的第二公钥校验所述标识证书是否合法。The second public key carried in the sub-CA certificate is used to verify whether the identification certificate is legal.

进一步地,所述校验所述标识证书的合法性包括:Furthermore, the verifying the legitimacy of the identification certificate includes:

从所述标识证书中获取所述USB Key的序列号;Obtain the serial number of the USB Key from the identification certificate;

查看本设备上是否存储有所述序列号与所述第一公钥的对应关系;Check whether the corresponding relationship between the serial number and the first public key is stored on the device;

如果是,则校验所述标识证书合法。If yes, then verify that the identification certificate is legitimate.

一种USB Key数字证书写入方法,所述方法包括:A method for writing a USB Key digital certificate, the method comprising:

使用USB Key内置的标识数字证书及其对应的第一私钥签名数字证书请求,以生成第一签名证书请求;Use the identification digital certificate built into the USB Key and its corresponding first private key to sign the digital certificate request to generate a first signed certificate request;

将所述第一签名证书请求发送给服务端,以供服务端校验所述USB Key是否合法;Sending the first signature certificate request to the server for the server to verify whether the USB Key is legitimate;

将服务端在校验所述USB Key合法时颁发的数字证书写入所述USB Key。The digital certificate issued by the server when verifying the legitimacy of the USB Key is written into the USB Key.

一种USB Key数字证书写入装置,所述装置包括:A USB Key digital certificate writing device, the device comprising:

接收单元,接收客户端发送的第一签名证书请求,所述第一签名证书请求由客户端使用USB Key内置的标识数字证书及其对应的第一私钥签名数字证书请求而生成;A receiving unit receives a first signature certificate request sent by a client, where the first signature certificate request is generated by the client using a built-in identification digital certificate of a USB key and its corresponding first private key to sign the digital certificate request;

校验单元,根据所述第一签名证书请求校验所述USB Key是否合法;a verification unit, configured to verify whether the USB Key is legitimate according to the first signature certificate request;

颁发单元,在校验所述USB Key合法时,颁发数字证书,以供客户端将所述数字证书写入所述USB Key。The issuing unit issues a digital certificate when verifying that the USB Key is legitimate, so that the client can write the digital certificate into the USB Key.

进一步地,所述校验单元,具体校验所述第一签名证书请求;Furthermore, the verification unit specifically verifies the first signature certificate request;

在校验所述第一签名证书请求成功时,校验所述标识证书的合法性;When verifying that the first signature certificate request is successful, verifying the legitimacy of the identification certificate;

在校验所述标识证书合法时,校验所述数字证书请求;When verifying the legality of the identification certificate, verifying the digital certificate request;

在校验所述数字证书请求成功时,确认所述USB Key合法。When the digital certificate request is verified to be successful, the USB Key is confirmed to be legitimate.

进一步地,所述校验单元校验所述第一签名证书请求包括:获取所述第一签名证书请求中携带的所述标识数字证书对应的第一公钥;Furthermore, the verification unit verifies the first signature certificate request including: obtaining a first public key corresponding to the identification digital certificate carried in the first signature certificate request;

使用所述第一公钥校验所述第一签名证书请求。The first signed certificate request is verified using the first public key.

进一步地,所述校验单元校验所述标识证书的合法性包括:Furthermore, the verification unit verifies the legitimacy of the identification certificate including:

从所述标识证书中获取所述标识证书的发行者;Obtaining the issuer of the identification certificate from the identification certificate;

查找所述发行者对应的子CA证书;Find the sub-CA certificate corresponding to the issuer;

使用所述子CA证书中携带的第二公钥校验所述标识证书是否合法。The second public key carried in the sub-CA certificate is used to verify whether the identification certificate is legal.

进一步地,所述校验单元校验所述标识证书的合法性包括:Furthermore, the verification unit verifies the legitimacy of the identification certificate including:

从所述标识证书中获取所述USB Key的序列号;Obtain the serial number of the USB Key from the identification certificate;

查看本设备上是否存储有所述序列号与所述第一公钥的对应关系;Check whether the corresponding relationship between the serial number and the first public key is stored on the device;

在本设备上存储有所述序列号与所述第一公钥的对应关系时,确认校验所述标识证书合法。When the corresponding relationship between the serial number and the first public key is stored on the device, the legality of the identification certificate is confirmed and verified.

一种USB Key数字证书写入装置,所述装置包括:A USB Key digital certificate writing device, the device comprising:

签名单元,使用USB Key内置的标识数字证书及其对应的第一私钥签名数字证书请求,以生成第一签名证书请求;The signature unit uses the identification digital certificate built into the USB key and its corresponding first private key to sign the digital certificate request to generate a first signature certificate request;

发送单元,将所述第一签名证书请求发送给服务端,以供服务端校验所述USB Key是否合法;A sending unit, sending the first signature certificate request to a server, so that the server can verify whether the USB Key is legitimate;

写入单元,将服务端在校验所述USB Key合法时颁发的数字证书写入所述USBKey。The writing unit writes the digital certificate issued by the service end when verifying the legitimacy of the USB Key into the USB Key.

一种USB Key,包括:USB Key接口、USB Key芯片以及存储模块,A USB Key, comprising: a USB Key interface, a USB Key chip and a storage module,

所述USB Key的存储模块中内置有标识数字证书以其对应的第一私钥,以供客户端根据所述标识数字证书以及对应的第一私钥生成第一签名证书请求;The USB Key storage module has a built-in identification digital certificate and its corresponding first private key, so that the client can generate a first signature certificate request according to the identification digital certificate and the corresponding first private key;

所述客户端通过所述USB Key接口与USB Key连接。The client is connected to the USB Key via the USB Key interface.

进一步地,所述USB Key芯片根据客户端的请求生成第三私钥和对应的第三公钥,以供客户端根据所述第三私钥和第三公钥生成数字证书请求;以供客户端根据所述标识数字证书以及对应的第一私钥,签名所述数字证书请求生成所述第一签名证书请求。Furthermore, the USB Key chip generates a third private key and a corresponding third public key according to the client's request, so that the client can generate a digital certificate request based on the third private key and the third public key; and the client can sign the digital certificate request based on the identification digital certificate and the corresponding first private key to generate the first signature certificate request.

进一步地,所述USB Key芯片根据客户端的指令,将服务端在根据所述第一签名证书请求验证所述USB Key合法时颁发的数字证书存储在所述存储模块中。Furthermore, the USB Key chip stores, in accordance with an instruction from the client, a digital certificate issued by the server when verifying the legitimacy of the USB Key according to the first signature certificate request in the storage module.

进一步地,所述标识数字证书是USB Key生产厂商或第三方CA颁发的。Furthermore, the identification digital certificate is issued by the USB Key manufacturer or a third-party CA.

由以上描述可以看出,本申请利用标准的USB Key证书写入流程,为USB Key预置标识证书,服务端在颁发数字证书时,通过校验所述标识证书的合法性来校验USB Key的合法性,进而确保颁发的数字证书能够写入到合法的USB Key中。As can be seen from the above description, this application uses the standard USB Key certificate writing process to pre-set the identification certificate for the USB Key. When the server issues a digital certificate, it verifies the legitimacy of the USB Key by verifying the legitimacy of the identification certificate, thereby ensuring that the issued digital certificate can be written into a legal USB Key.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1是本申请一实施例中USB Key数字证书写入方法的流程示意图。FIG1 is a flow chart of a method for writing a USB Key digital certificate in one embodiment of the present application.

图2是本申请另一实施例中USB Key数字证书写入方法的流程示意图。FIG2 is a flow chart of a method for writing a USB Key digital certificate in another embodiment of the present application.

图3是本申请另一实施例中USB Key数字证书写入方法的流程示意图。FIG3 is a flow chart of a method for writing a USB Key digital certificate in another embodiment of the present application.

图4是本申请一实施例中服务端的结构示意图。FIG4 is a schematic diagram of the structure of the server in one embodiment of the present application.

图5是本申请一实施例中USB Key数字证书写入装置的结构示意图。FIG5 is a schematic structural diagram of a USB Key digital certificate writing device in an embodiment of the present application.

图6是本申请一实施例中客户端的结构示意图。FIG6 is a schematic diagram of the structure of a client in an embodiment of the present application.

图7是本申请另一实施例中USB Key数字证书写入装置的结构示意图。FIG7 is a schematic structural diagram of a USB Key digital certificate writing device in another embodiment of the present application.

图8是本申请一实施例中USB Key的结构示意图。FIG8 is a schematic diagram of the structure of a USB Key in an embodiment of the present application.

具体实施方式DETAILED DESCRIPTION

这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本申请相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本申请的一些方面相一致的装置和方法的例子。Exemplary embodiments will be described in detail herein, with examples illustrated in the accompanying drawings. In the following description, when referring to the drawings, identical numerals in different figures represent identical or similar elements, unless otherwise indicated. The embodiments described in the following exemplary embodiments are not intended to represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.

在本申请使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本申请。在本申请和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。The terms used in this application are for the purpose of describing specific embodiments only and are not intended to limit this application. As used in this application and the appended claims, the singular forms "a," "an," "the," and "the" are intended to include the plural forms, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.

应当理解,尽管在本申请可能采用术语第一、第二、第三等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本申请范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。It should be understood that although the terms first, second, third, etc. may be used in this application to describe various information, such information should not be limited to these terms. These terms are only used to distinguish information of the same type from each other. For example, without departing from the scope of this application, first information may also be referred to as second information, and similarly, second information may also be referred to as first information. Depending on the context, the word "if" as used herein may be interpreted as "at the time of" or "when" or "in response to determining".

针对上述问题,本申请提供一种USB Key数字证书写入方案,通过在USB Key内预先存储一张标识证书,在服务端验证所述标识证书的合法性以验证所述USB Key的合法性。To address the above issues, the present application provides a USB Key digital certificate writing solution, which pre-stores an identification certificate in the USB Key and verifies the legitimacy of the identification certificate on the server to verify the legitimacy of the USB Key.

下面结合具体的实施例来描述本申请的实现过程。The implementation process of this application is described below with reference to specific embodiments.

本申请提供一种USB Key数字证书写入方法,分别应用在客户端和服务端上。请参考图1,应用在客户端的数字证书写入方法包括以下步骤:This application provides a method for writing a digital certificate to a USB key, which is applied to both the client and the server. Referring to FIG1 , the method for writing a digital certificate to the client includes the following steps:

步骤101,使用USB Key内置的标识数字证书及其对应的第一私钥签名数字证书请求,以生成第一签名证书请求。Step 101: Use the identification digital certificate built into the USB Key and its corresponding first private key to sign a digital certificate request to generate a first signed certificate request.

步骤102,将所述第一签名证书请求发送给服务端,以供服务端校验所述USB Key是否合法。Step 102: Send the first signature certificate request to the server so that the server can verify whether the USB Key is legitimate.

步骤103,将服务端在校验所述USB Key合法时颁发的数字证书写入所述USB Key。Step 103: Write the digital certificate issued by the server when verifying the legitimacy of the USB Key into the USB Key.

请参考图2,应用在服务端的数字证书写入方法包括以下步骤:Referring to Figure 2, the method for writing a digital certificate on the server side includes the following steps:

步骤201,接收客户端发送的第一签名证书请求,所述第一签名证书请求由客户端使用USB Key内置的标识数字证书及其对应的第一私钥签名数字证书请求而生成。Step 201: Receive a first signature certificate request sent by a client, where the first signature certificate request is generated by the client using a built-in identification digital certificate in a USB Key and its corresponding first private key to sign the digital certificate request.

步骤202,根据所述第一签名证书请求校验所述USB Key是否合法。Step 202: Verify whether the USB Key is legitimate according to the first signature certificate request.

步骤203,在校验所述USB Key合法时,颁发数字证书,以供客户端将所述数字证书写入所述USB Key。Step 203: When the USB Key is verified to be legitimate, a digital certificate is issued, so that the client can write the digital certificate into the USB Key.

在本申请中,服务端在接收到客户端发送的第一签名证书请求后,可以通过验证USB Key标识证书的合法性来判断USB Key的合法性。所述标识证书通常是在所述USB Key售卖前写入的,可以是USB Key的生产厂商写入的,也可以是第三方CA的服务在USB Key出厂售卖前写入的,比如:银行在将USB Key售卖给用户前在所述USB Key中写入标识证书。具体地,所述标识证书的写入过程可以使用背景技术中描述的标准的USB Key证书写入流程:In this application, after receiving the first signature certificate request sent by the client, the server can determine the legitimacy of the USB Key by verifying the legitimacy of the USB Key identification certificate. The identification certificate is usually written before the USB Key is sold. It can be written by the USB Key manufacturer or by a third-party CA service before the USB Key is sold. For example, a bank writes an identification certificate into the USB Key before selling it to the user. Specifically, the writing process of the identification certificate can use the standard USB Key certificate writing process described in the background technology:

1.在连接USB Key后,客户端请求USB Key生成非对称的密钥对:第一私钥和第一公钥。1. After connecting to the USB Key, the client requests the USB Key to generate an asymmetric key pair: a first private key and a first public key.

2.客户端根据所述第一公钥和第一私钥生成CSR,并发送给服务端。2. The client generates a CSR based on the first public key and the first private key, and sends it to the server.

3.服务端使用所述第一公钥校验所述CSR,如果校验成功,则将标识证书颁发给客户端。3. The server verifies the CSR using the first public key. If the verification is successful, the server issues the identification certificate to the client.

4.客户端将所述标识证书写入USB Key,并将所述标识证书与所述第一私钥关联。4. The client writes the identification certificate into the USB Key and associates the identification certificate with the first private key.

在这个过程中,由于是在售卖前向所述USB Key写入标识证书,客户端和服务端可以使用内网通信,进而可以确保将合法的标识证书写入到USB Key中。In this process, since the identification certificate is written into the USB Key before the sale, the client and the server can use the intranet to communicate, thereby ensuring that the legal identification certificate is written into the USB Key.

将标识证书写入USB Key之后,就可以将所述USB Key售卖给用户。用户在购买到所述USB Key之后,首次使用所述USB Key时,需要向CA请求数字证书,然后将CA颁发的数字证书写入USB Key中,以后在使用所述USB Key时,就可以直接使用所述数字证书来证明自己是身份。当然,在实际应用中也可以由USB Key售卖方协助用户将其数字证书写入USBKey中。所述CA可以是独立的CA服务器,也可以将CA功能集成到商家的服务端上,本申请对此不作限制。以下以服务端集成CA功能模块为例进行描述。After writing the identification certificate into the USB Key, the USB Key can be sold to the user. After purchasing the USB Key, the user needs to request a digital certificate from the CA when using the USB Key for the first time, and then write the digital certificate issued by the CA into the USB Key. When using the USB Key in the future, the user can directly use the digital certificate to prove his or her identity. Of course, in actual applications, the USB Key seller can also assist the user in writing his or her digital certificate into the USB Key. The CA can be an independent CA server, or the CA function can be integrated into the merchant's service end, which is not limited in this application. The following description takes the server-side integrated CA function module as an example.

请参考图3,在获取用户数字证书的过程中,依据标准的USB Key证书写入流程,包括以下步骤:Please refer to Figure 3. In the process of obtaining the user digital certificate, according to the standard USB Key certificate writing process, the following steps are included:

步骤301,客户端请求USB Key生成非对称密钥对。Step 301: The client requests the USB Key to generate an asymmetric key pair.

为了进行区分,在本步骤中,将USB Key生成的非对称密钥对称为第三公钥和第三私钥。For the purpose of distinction, in this step, the asymmetric key pair generated by the USB Key is referred to as a third public key and a third private key.

步骤302,客户端根据所述第三公钥和第三私钥生成用户的数字证书请求。Step 302: The client generates a digital certificate request for the user based on the third public key and the third private key.

在本步骤中,使用所述第三私钥签名用户提交申请的内容和所述第三公钥,以生成第三签名。所述数字证书请求通常包括:用户提交申请的内容、第三公钥以及所述第三签名。其中,所述用户提交申请的内容包括有用户的信息,比如:用户名、密码、Email地址等等。所述数字证书请求可以使用PKCS10标准。In this step, the third private key is used to sign the user's application content and the third public key to generate a third signature. The digital certificate request typically includes the user's application content, the third public key, and the third signature. The user's application content includes user information, such as username, password, email address, etc. The digital certificate request can use the PKCS10 standard.

步骤303,客户端使用USB Key内置的标识证书以及其对应的第一私钥签名所述数字证书请求,以生成第一签名证书请求。In step 303 , the client uses the identification certificate built into the USB Key and its corresponding first private key to sign the digital certificate request to generate a first signed certificate request.

在本步骤中,可以使用PKCS7标准签名所述数字证书请求,生成的所述第一签名证书请求中携带有所述标识证书。In this step, the digital certificate request may be signed using the PKCS7 standard, and the generated first signature certificate request carries the identification certificate.

步骤304,客户端将所述第一签名证书请求发送给服务端。Step 304: The client sends the first signature certificate request to the server.

步骤305,服务端接收客户端发送的所述第一签名证书请求。Step 305: The server receives the first signature certificate request sent by the client.

步骤306,服务端校验所述第一签名证书请求。Step 306: The server verifies the first signature certificate request.

本步骤中,服务端从所述第一签名证书请求中携带的标识证书中获取所述标识证书对应的第一公钥,然后使用所述第一公钥校验所述第一签名证书的签名,如果校验成功,则转步骤307,如果校验不成功,则结束流程。In this step, the server obtains the first public key corresponding to the identification certificate from the identification certificate carried in the first signature certificate request, and then uses the first public key to verify the signature of the first signature certificate. If the verification is successful, go to step 307. If the verification is unsuccessful, end the process.

步骤307,服务端校验所述标识证书的合法性。Step 307: The server verifies the legitimacy of the identification certificate.

本步骤中,服务端从是标识证书中获取所述标识证书的发行者。具体地,以所述标识证书是USB Key生产厂商颁发的为例,所述标识证书的发行者为所述USB Key生产厂商。服务端进而根据所述USB Key生产厂商查找对应的子CA证书,即查找所述USB Key生产厂商的证书。具体地,可以在服务端上预先存储各个USB Key生产厂商的证书。如果根据标识证书的发行者没有查找到所述USB Key生产厂商的证书,则结束流程。如果根据所述标识证书查找到所述USB Key生产厂商的证书,则从所述USB Key生产厂商的证书中获取USB Key生产厂商的公钥,本申请中称之为第二公钥,然后使用所述第二公钥验证所述标识证书是否合法。具体地,合法的标识证书会带有USB Key生产厂商签名,所以可以使用USB Key生产厂商的公钥,即所述第二公钥验证所述标识证书的合法性,如果所述标识证书合法,则转步骤308。如果所述标识证书不合法,则结束流程。In this step, the server obtains the issuer of the identification certificate from the identification certificate. Specifically, taking the identification certificate issued by the USB Key manufacturer as an example, the issuer of the identification certificate is the USB Key manufacturer. The server then searches for the corresponding sub-CA certificate based on the USB Key manufacturer, that is, searches for the certificate of the USB Key manufacturer. Specifically, the certificates of each USB Key manufacturer can be pre-stored on the server. If the certificate of the USB Key manufacturer is not found based on the issuer of the identification certificate, the process ends. If the certificate of the USB Key manufacturer is found based on the identification certificate, the public key of the USB Key manufacturer is obtained from the certificate of the USB Key manufacturer, referred to as the second public key in this application, and then the second public key is used to verify the legitimacy of the identification certificate. Specifically, a legitimate identification certificate will be signed by the USB Key manufacturer, so the public key of the USB Key manufacturer, that is, the second public key, can be used to verify the legitimacy of the identification certificate. If the identification certificate is legitimate, the process proceeds to step 308. If the identification certificate is not legitimate, the process ends.

在本申请的另一种实施方式中,也可以使用USB Key的序列号来验证所述标识证书的合法性。具体地,USB Key生产厂商可以将USB Key的序列号存在所述标识证书中,比如将所述标识证书的主题设为USB Key的序列号。然后将所述序列号和标识证书对应的第一公钥的对应关系记录下来,并让服务端预先存储。在校验标识证书的合法性时,服务端从所述标识证书中获取USB Key的序列号,然后查看本设备上是否存储有所述序列号和第一公钥的对应关系,如果有,则确认所述标识证书合法,转步骤308。如果没有,则结束流程。使用序列号来验证标识证书的合法性,在USB Key生产厂商的私钥泄露时,攻击者仍无法伪造序列号以及所述第一公钥的对应关系,可以进一步提高USB Key的安全性。In another embodiment of the present application, the serial number of the USB Key can also be used to verify the legitimacy of the identification certificate. Specifically, the USB Key manufacturer can store the serial number of the USB Key in the identification certificate, such as setting the subject of the identification certificate to the serial number of the USB Key. The correspondence between the serial number and the first public key corresponding to the identification certificate is then recorded and pre-stored by the server. When verifying the legitimacy of the identification certificate, the server obtains the serial number of the USB Key from the identification certificate, and then checks whether the correspondence between the serial number and the first public key is stored on the device. If so, the identification certificate is confirmed to be legal and the process is terminated. If not, the process is terminated. By using the serial number to verify the legitimacy of the identification certificate, when the private key of the USB Key manufacturer is leaked, the attacker still cannot forge the correspondence between the serial number and the first public key, which can further improve the security of the USB Key.

步骤308,服务端校验所述数字证书请求。Step 308: The server verifies the digital certificate request.

本步骤中,服务端使用所述数字证书请求中携带的所述第三公钥校验所述第三签名,如果校验成功,则确认所述USB Key合法,转步骤309。如果校验失败,则结束流程。In this step, the server verifies the third signature using the third public key carried in the digital certificate request. If the verification succeeds, the USB Key is confirmed to be legitimate, and the process goes to step 309. If the verification fails, the process ends.

步骤309,服务端颁发数字证书。Step 309: The server issues a digital certificate.

步骤310,客户端将所述数字证书写入所述USB Key。Step 310: The client writes the digital certificate into the USB Key.

由以上描述可以看出,本申请利用标准的USB Key证书写入流程,为USB Key预置标识证书,服务端在颁发数字证书时,通过校验所述标识证书的合法性来校验USB Key的合法性,进而确保颁发的数字证书能够写入到合法的USB Key中。As can be seen from the above description, this application uses the standard USB Key certificate writing process to pre-set the identification certificate for the USB Key. When the server issues a digital certificate, it verifies the legitimacy of the USB Key by verifying the legitimacy of the identification certificate, thereby ensuring that the issued digital certificate can be written into a legal USB Key.

与上述USB Key数字证书写入方法相对应,在本申请另一实施例中,提供一种USBKey数字证书写入装置400。请参考图4和图5,所述装置400应用在服务端上,包括有:接收单元401、校验单元402以及颁发单元403。Corresponding to the above-mentioned USB Key digital certificate writing method, in another embodiment of the present application, a USB Key digital certificate writing device 400 is provided. Referring to Figures 4 and 5 , the device 400 is applied on the server and includes: a receiving unit 401 , a verification unit 402 , and an issuing unit 403 .

其中,所述接收单元401,接收客户端发送的第一签名证书请求,所述第一签名证书请求由客户端使用USB Key内置的标识数字证书及其对应的第一私钥签名数字证书请求而生成。The receiving unit 401 receives a first signature certificate request sent by a client, where the first signature certificate request is generated by the client using a built-in identification digital certificate in a USB key and its corresponding first private key to sign the digital certificate request.

所述校验单元402,根据所述第一签名证书请求校验所述USB Key是否合法。The verification unit 402 verifies whether the USB Key is legitimate according to the first signature certificate request.

所述颁发单元403,在校验所述USB Key合法时,颁发数字证书,以供客户端将所述数字证书写入所述USB Key。The issuing unit 403 issues a digital certificate when verifying that the USB Key is legitimate, so that the client can write the digital certificate into the USB Key.

进一步地,所述校验单元402,具体校验所述第一签名证书请求;Furthermore, the verification unit 402 specifically verifies the first signature certificate request;

在校验所述第一签名证书请求成功时,校验所述标识证书的合法性;When verifying that the first signature certificate request is successful, verifying the legitimacy of the identification certificate;

在校验所述标识证书合法时,校验所述数字证书请求;When verifying the legality of the identification certificate, verifying the digital certificate request;

在校验所述数字证书请求成功时,确认所述USB Key合法。When the digital certificate request is verified to be successful, the USB Key is confirmed to be legitimate.

进一步地,所述校验单元402校验所述第一签名证书请求包括:获取所述第一签名证书请求中携带的所述标识数字证书对应的第一公钥;Furthermore, the verification unit 402 verifies the first signature certificate request including: obtaining a first public key corresponding to the identification digital certificate carried in the first signature certificate request;

使用所述第一公钥校验所述第一签名证书请求。The first signed certificate request is verified using the first public key.

进一步地,所述校验单元402校验所述标识证书的合法性包括:Furthermore, the verification unit 402 verifies the legitimacy of the identification certificate including:

从所述标识证书中获取所述标识证书的发行者;Obtaining the issuer of the identification certificate from the identification certificate;

查找所述发行者对应的子CA证书;Find the sub-CA certificate corresponding to the issuer;

使用所述子CA证书中携带的第二公钥校验所述标识证书是否合法。The second public key carried in the sub-CA certificate is used to verify whether the identification certificate is legal.

进一步地,所述校验单元402校验所述标识证书的合法性包括:Furthermore, the verification unit 402 verifies the legitimacy of the identification certificate including:

从所述标识证书中获取所述USB Key的序列号;Obtain the serial number of the USB Key from the identification certificate;

查看本设备上是否存储有所述序列号与所述第一公钥的对应关系;Check whether the corresponding relationship between the serial number and the first public key is stored on the device;

在本设备上存储有所述序列号与所述第一公钥的对应关系时,确认校验所述标识证书合法。When the corresponding relationship between the serial number and the first public key is stored on the device, the legality of the identification certificate is confirmed and verified.

在本申请另一实施例中,提供一种USB Key数字证书写入装置500。请参考图6和图7,所述装置应用在客户端上,包括有:签名单元501、发送单元502以及写入单元503。In another embodiment of the present application, a USB Key digital certificate writing device 500 is provided. Referring to FIG6 and FIG7 , the device is applied on a client and includes: a signing unit 501 , a sending unit 502 , and a writing unit 503 .

其中,所述签名单元501,使用USB Key内置的标识数字证书及其对应的第一私钥签名数字证书请求,以生成第一签名证书请求。The signature unit 501 uses the identification digital certificate built into the USB Key and its corresponding first private key to sign the digital certificate request to generate a first signature certificate request.

所述发送单元502,将所述第一签名证书请求发送给服务端,以供服务端校验所述USB Key是否合法。The sending unit 502 sends the first signature certificate request to the server, so that the server can verify whether the USB Key is legal.

所述写入单元503,将服务端在校验所述USB Key合法时颁发的数字证书写入所述USB Key。The writing unit 503 writes the digital certificate issued by the server when verifying the legitimacy of the USB Key into the USB Key.

上述装置中各个单元的功能和作用的实现过程具体详见上述方法中对应步骤的实现过程,在此不再赘述。The implementation process of the functions and effects of each unit in the above-mentioned device is specifically described in the implementation process of the corresponding steps in the above-mentioned method, and will not be repeated here.

对于装置实施例而言,由于其基本对应于方法实施例,所以相关之处参见方法实施例的部分说明即可。以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本公开方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。For the device embodiments, since they basically correspond to the method embodiments, the relevant parts can be referred to the partial description of the method embodiments. The device embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the disclosed solution. A person of ordinary skill in the art can understand and implement it without paying any creative work.

请参考图8,本申请还提供一种USB Key。所述USB Key包括有:USB Key接口、USBKey芯片以及存储模块,当然,所述USB Key内还可能包括有硬件电路等。所述存储模块通常可以设置在USB Key芯片上,用于存储各种数字证书。Referring to FIG8 , the present application also provides a USB key. The USB key includes a USB key interface, a USB key chip, and a storage module. Of course, the USB key may also include hardware circuits. The storage module is typically provided on the USB key chip and is used to store various digital certificates.

具体地,所述USB Key的存储模块中内置有标识数字证书以其对应的第一私钥,以供客户端根据所述标识数字证书以及对应的第一私钥生成第一签名证书请求;Specifically, the storage module of the USB Key has a built-in identification digital certificate and its corresponding first private key, so that the client can generate a first signature certificate request according to the identification digital certificate and the corresponding first private key;

所述客户端通过所述USB Key接口与USB Key连接。The client is connected to the USB Key via the USB Key interface.

进一步地,所述USB Key芯片根据客户端的请求生成第三私钥和对应的第三公钥,以供客户端根据所述第三私钥和第三公钥生成数字证书请求;以供客户端根据所述标识数字证书以及对应的第一私钥,签名所述数字证书请求生成所述第一签名证书请求。Furthermore, the USB Key chip generates a third private key and a corresponding third public key according to the client's request, so that the client can generate a digital certificate request based on the third private key and the third public key; and the client can sign the digital certificate request based on the identification digital certificate and the corresponding first private key to generate the first signature certificate request.

进一步地,所述USB Key芯片根据客户端的指令,将服务端在根据所述第一签名证书请求验证所述USB Key合法时颁发的数字证书存储在所述存储模块中。Furthermore, the USB Key chip stores, in accordance with an instruction from the client, a digital certificate issued by the server when verifying the legitimacy of the USB Key according to the first signature certificate request in the storage module.

进一步地,所述标识数字证书是USB Key生产厂商或第三方CA颁发的。Furthermore, the identification digital certificate is issued by the USB Key manufacturer or a third-party CA.

所述USB Key的上述具体实现可以参照本申请方法实施例中的描述,在此不再赘述。The above-mentioned specific implementation of the USB Key can refer to the description in the embodiment of the method of this application, and will not be repeated here.

以上所述仅为本申请的较佳实施例而已,并不用以限制本申请,凡在本申请的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本申请保护的范围之内。The above description is only a preferred embodiment of the present application and is not intended to limit the present application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present application shall be included in the scope of protection of the present application.

Claims (16)

1.一种USB Key数字证书写入方法,其特征在于,所述方法包括:1. A method for writing a USB Key digital certificate, characterized in that the method includes: 接收客户端发送的第一签名证书请求,所述第一签名证书请求由客户端使用USB Key内置的标识证书及其对应的第一私钥签名数字证书请求而生成;其中,所述标识证书与第一私钥具有关联关系;The system receives a first signature certificate request sent by the client. The first signature certificate request is generated by the client signing the digital certificate request using the identity certificate built into the USB Key and its corresponding first private key; wherein, the identity certificate and the first private key are associated. 根据所述第一签名证书请求校验所述USB Key是否合法;Verify the validity of the USB Key according to the first signature certificate request; 在校验所述USB Key合法时,颁发数字证书,以供客户端将所述数字证书写入所述USBKey。Upon verifying the validity of the USB Key, a digital certificate is issued, which the client can then write to the USB Key. 2.根据权利要求1所述的方法,其特征在于,2. The method according to claim 1, characterized in that, 所述根据所述第一签名证书请求校验所述USB Key的合法性包括:The step of verifying the legitimacy of the USB Key according to the first signature certificate request includes: 校验所述第一签名证书请求;Verify the first signature certificate request; 如果校验所述第一签名证书请求成功,则校验所述标识证书的合法性;If the verification of the first signature certificate request is successful, then the validity of the identification certificate is verified. 如果校验所述标识证书合法,则校验所述数字证书请求;If the identity certificate is verified to be valid, then the digital certificate request is verified. 如果校验所述数字证书请求成功,则确认所述USB Key合法。If the verification of the digital certificate request is successful, the USB Key is confirmed to be valid. 3.根据权利要求2所述的方法,其特征在于,3. The method according to claim 2, characterized in that, 所述校验所述第一签名证书请求包括:The verification request for the first signature certificate includes: 获取所述第一签名证书请求中携带的所述标识证书对应的第一公钥;Obtain the first public key corresponding to the identifier certificate carried in the first signature certificate request; 使用所述第一公钥校验所述第一签名证书请求。Use the first public key to verify the first signature certificate request. 4.根据权利要求2所述的方法,其特征在于,4. The method according to claim 2, characterized in that, 所述校验所述标识证书的合法性包括:The verification of the legitimacy of the identifier certificate includes: 从所述标识证书中获取所述标识证书的发行者;Obtain the issuer of the identity certificate from the identity certificate; 查找所述发行者对应的子CA证书;Locate the sub-CA certificate corresponding to the issuer; 使用所述子CA证书中携带的第二公钥校验所述标识证书是否合法。The second public key carried in the sub-CA certificate is used to verify whether the identity certificate is valid. 5.根据权利要求3所述的方法,其特征在于,5. The method according to claim 3, characterized in that, 所述校验所述标识证书的合法性包括:The verification of the legitimacy of the identifier certificate includes: 从所述标识证书中获取所述USB Key的序列号;Obtain the serial number of the USB Key from the identification certificate; 查看本设备上是否存储有所述序列号与所述第一公钥的对应关系;Check whether the device stores the correspondence between the serial number and the first public key; 如果是,则校验所述标识证书合法。If so, verify the validity of the identification certificate. 6.一种USB Key数字证书写入方法,其特征在于,所述方法包括:6. A method for writing a USB Key digital certificate, characterized in that the method includes: 使用USB Key内置的标识证书及其对应的第一私钥签名数字证书请求,以生成第一签名证书请求;其中,所述标识证书与第一私钥具有关联关系;The first signature certificate request is generated by signing the digital certificate request using the built-in identifier certificate of the USB Key and its corresponding first private key; wherein the identifier certificate and the first private key are associated. 将所述第一签名证书请求发送给服务端,以供服务端校验所述USB Key是否合法;The first signature certificate request is sent to the server so that the server can verify whether the USB Key is valid; 将服务端在校验所述USB Key合法时颁发的数字证书写入所述USB Key。Write the digital certificate issued by the server when verifying the validity of the USB Key into the USB Key. 7.一种USB Key数字证书写入装置,其特征在于,所述装置包括:7. A USB Key digital certificate writing device, characterized in that the device comprises: 接收单元,接收客户端发送的第一签名证书请求,所述第一签名证书请求由客户端使用USB Key内置的标识证书及其对应的第一私钥签名数字证书请求而生成;其中,所述标识证书与第一私钥具有关联关系;The receiving unit receives a first signature certificate request sent by the client. The first signature certificate request is generated by the client signing the digital certificate request using the identifier certificate built into the USB Key and its corresponding first private key; wherein, the identifier certificate and the first private key are associated. 校验单元,根据所述第一签名证书请求校验所述USB Key是否合法;The verification unit verifies whether the USB Key is valid based on the first signature certificate request. 颁发单元,在校验所述USB Key合法时,颁发数字证书,以供客户端将所述数字证书写入所述USB Key。The issuing unit issues a digital certificate when verifying the validity of the USB Key, so that the client can write the digital certificate into the USB Key. 8.根据权利要求7所述的装置,其特征在于,8. The apparatus according to claim 7, characterized in that, 所述校验单元,具体校验所述第一签名证书请求;The verification unit specifically verifies the first signature certificate request; 在校验所述第一签名证书请求成功时,校验所述标识证书的合法性;Upon successful verification of the first signature certificate request, the validity of the identification certificate is verified. 在校验所述标识证书合法时,校验所述数字证书请求;While verifying the validity of the identification certificate, verify the digital certificate request; 在校验所述数字证书请求成功时,确认所述USB Key合法。If the digital certificate request is successfully verified, the USB Key is confirmed to be valid. 9.根据权利要求8所述的装置,其特征在于,9. The apparatus according to claim 8, characterized in that, 所述校验单元校验所述第一签名证书请求包括:获取所述第一签名证书请求中携带的所述标识证书对应的第一公钥;The verification unit verifies the first signature certificate request by: obtaining the first public key corresponding to the identifier certificate carried in the first signature certificate request; 使用所述第一公钥校验所述第一签名证书请求。Use the first public key to verify the first signature certificate request. 10.根据权利要求8所述的装置,其特征在于,10. The apparatus according to claim 8, characterized in that, 所述校验单元校验所述标识证书的合法性包括:The verification unit verifies the legality of the identifier certificate by including: 从所述标识证书中获取所述标识证书的发行者;Obtain the issuer of the identity certificate from the identity certificate; 查找所述发行者对应的子CA证书;Locate the sub-CA certificate corresponding to the issuer; 使用所述子CA证书中携带的第二公钥校验所述标识证书是否合法。The second public key carried in the sub-CA certificate is used to verify whether the identity certificate is valid. 11.根据权利要求6所述的装置,其特征在于,11. The apparatus according to claim 6, characterized in that, 所述校验单元校验所述标识证书的合法性包括:The verification unit verifies the legality of the identifier certificate by including: 从所述标识证书中获取所述USB Key的序列号;Obtain the serial number of the USB Key from the identification certificate; 查看本设备上是否存储有所述序列号与所述第一公钥的对应关系;Check whether the device stores the correspondence between the serial number and the first public key; 在本设备上存储有所述序列号与所述第一公钥的对应关系时,确认校验所述标识证书合法。When the device stores the correspondence between the serial number and the first public key, the validity of the identification certificate is verified. 12.一种USB Key数字证书写入装置,其特征在于,所述装置包括:12. A USB Key digital certificate writing device, characterized in that the device comprises: 签名单元,使用USB Key内置的标识证书及其对应的第一私钥签名数字证书请求,以生成第一签名证书请求;其中,所述标识证书与第一私钥具有关联关系;The signing unit uses the identifier certificate built into the USB Key and its corresponding first private key to sign the digital certificate request, thereby generating a first signature certificate request; wherein, the identifier certificate and the first private key are associated. 发送单元,将所述第一签名证书请求发送给服务端,以供服务端校验所述USB Key是否合法;The sending unit sends the first signature certificate request to the server so that the server can verify whether the USB Key is valid; 写入单元,将服务端在校验所述USB Key合法时颁发的数字证书写入所述USB Key。The writing unit writes the digital certificate issued by the server when verifying the validity of the USB Key into the USB Key. 13.一种USB Key,包括:USB Key接口、USB Key芯片以及存储模块,其特征在于,13. A USB Key, comprising: a USB Key interface, a USB Key chip, and a storage module, characterized in that, 所述USB Key的存储模块中内置有标识证书以其对应的第一私钥,以供客户端根据所述标识证书以及对应的第一私钥生成第一签名证书请求;其中,所述标识证书与第一私钥具有关联关系;The USB Key's storage module contains a built-in identification certificate and its corresponding first private key, which allows the client to generate a first signature certificate request based on the identification certificate and the corresponding first private key; wherein, the identification certificate and the first private key are associated. 所述客户端通过所述USB Key接口与USB Key连接。The client connects to the USB Key via the USB Key interface. 14.根据权利要求13所述的USB Key,其特征在于,14. The USB Key according to claim 13, characterized in that, 所述USB Key芯片根据客户端的请求生成第三私钥和对应的第三公钥,以供客户端根据所述第三私钥和第三公钥生成数字证书请求;以供客户端根据所述标识证书以及对应的第一私钥,签名所述数字证书请求生成所述第一签名证书请求。The USB Key chip generates a third private key and a corresponding third public key according to the client's request, so that the client can generate a digital certificate request based on the third private key and the third public key; so that the client can sign the digital certificate request based on the identification certificate and the corresponding first private key to generate the first signature certificate request. 15.根据权利要求13所述的USB Key,其特征在于,15. The USB Key according to claim 13, characterized in that, 所述USB Key芯片根据客户端的指令,将服务端在根据所述第一签名证书请求验证所述USB Key合法时颁发的数字证书存储在所述存储模块中。The USB Key chip stores the digital certificate issued by the server when verifying the validity of the USB Key according to the first signature certificate request in the storage module, according to the client's instructions. 16.根据权利要求13所述的USB Key,其特征在于,16. The USB Key according to claim 13, characterized in that, 所述标识证书是USB Key生产厂商或第三方CA颁发的。The identification certificate is issued by the USB Key manufacturer or a third-party CA.
HK16103805.1A 2016-04-05 Usb key, method for writing usb key digital certificate and apparatus HK1215905B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410353939.6A CN105281908B (en) 2014-07-23 2014-07-23 USB Key, USB Key digital certificate wiring method and device

Publications (2)

Publication Number Publication Date
HK1215905A1 HK1215905A1 (en) 2016-09-23
HK1215905B true HK1215905B (en) 2020-09-04

Family

ID=

Similar Documents

Publication Publication Date Title
US10586229B2 (en) Anytime validation tokens
CN106416189B (en) System and method for improved authentication
CN104662864B (en) The convenient authentication method of user and device that mobile authentication is applied are used
US9860245B2 (en) System and methods for online authentication
CN105281908B (en) USB Key, USB Key digital certificate wiring method and device
WO2018103166A1 (en) Method and device for downloading key of pos terminal
JPWO2019239591A1 (en) Authentication system, authentication method, application provider, authentication device, and authentication program
GB2434724A (en) Secure transactions using authentication tokens based on a device "fingerprint" derived from its physical parameters
TWI471804B (en) Blank smart card device issuance system
JP7222436B2 (en) Security control method, information processing device and security control program
JP2009503967A (en) Method for controlling protected transaction using a single physical device, and corresponding physical device, system and computer program
GB2468890A (en) Software and USB key for user authentication during credit and debit card transactions on a computer.
CN105160233B (en) A kind of method, apparatus and system for reading customer digital certificate
CN104980276B (en) Identity identifying method for safety information interaction
HK1215905B (en) Usb key, method for writing usb key digital certificate and apparatus
JP5793593B2 (en) Network authentication method for securely verifying user identification information
JP4044415B2 (en) Article possession agent confirmation system and article possession agent confirmation method
TWI612436B (en) Citizen digital certificate authentication method
TWI813905B (en) System for using authentication mechanism of fast identity online to enable certificate and method thereof
TWI603222B (en) Trusted service opening method, system, device and computer program product on the internet
JP4682268B1 (en) Identification information confirmation method, server device for confirming identification information, and system for confirming identification information
TWI704795B (en) Login authentication method
WO2024243851A1 (en) Identity authentication method and system, signing method, device, platform, and server
CN1436339A (en) Method and apparatus for electronic contract and identity verification applications using electronic networks
CN119071007A (en) Login verification method, device, electronic device and computer-readable storage medium