[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN102457374A - Security authentication method and system for mobile terminal - Google Patents

Security authentication method and system for mobile terminal Download PDF

Info

Publication number
CN102457374A
CN102457374A CN2010105115056A CN201010511505A CN102457374A CN 102457374 A CN102457374 A CN 102457374A CN 2010105115056 A CN2010105115056 A CN 2010105115056A CN 201010511505 A CN201010511505 A CN 201010511505A CN 102457374 A CN102457374 A CN 102457374A
Authority
CN
China
Prior art keywords
portable terminal
safety certification
service end
security service
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2010105115056A
Other languages
Chinese (zh)
Inventor
邓辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aspire Technologies Shenzhen Ltd
Original Assignee
Aspire Technologies Shenzhen Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aspire Technologies Shenzhen Ltd filed Critical Aspire Technologies Shenzhen Ltd
Priority to CN2010105115056A priority Critical patent/CN102457374A/en
Publication of CN102457374A publication Critical patent/CN102457374A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention discloses a security authentication method of a mobile terminal, which comprises the following steps: when a specific service request of a mobile terminal is received, a security server sends a security authentication instruction to the mobile terminal; and according to the pre-stored digital certificate of the mobile terminal, the security service terminal carries out security authentication on the information to be authenticated generated by the mobile terminal under the control of the security authentication instruction, and provides the requested specific service for the mobile terminal after the authentication is passed. The embodiment of the invention also discloses a security authentication system of the mobile terminal. By adopting the invention, the security authentication of the mobile terminal can be realized, the security of the mobile electronic commerce is improved, and the experience of the user on the mobile electronic commerce is improved.

Description

A kind of safety certifying method of portable terminal and system
Technical field
The present invention relates to technical field of mobile terminals, relate in particular to the safety certifying method and the system of portable terminal.
Background technology
Development along with the portable terminal technology; The function of portable terminal is more and more; The mobile e-business that utilizes portable terminal to carry out has also obtained swift and violent development, such as: people's portable terminal capable of using carries out shopping online, utilizes portable terminal to transfer accounts etc. on the net.In order to guarantee the fail safe of mobile e-business, the safety certification of portable terminal also just becomes a vital link.
Digital certificate is meant on the internet, is used for indicating and proving the digital information file of network service both sides identity.Briefly, digital certificate is a file that comprises public-key cryptography owner information and public-key cryptography through certificate authorization center digital signature.The common safety certification scheme based on digital certificate is mainly used in PC (the Personal Computer in the Internet; Personal computer) on the machine; Safety certification scheme commonly used is: based on USB-Key (Universal Serial BUS Key, USB key) digital certificate, built-in intelligence chip in USB-Key; And there is special-purpose place of safety to preserve certificate private key; The USB-Key certificate private key can not be derived, and therefore the file of backup can't use, thereby can reach the safeguard protection to PC.
The inventor finds that in the process of embodiment of the present invention existing safety certification scheme is mainly used on the PC, and portable terminal is not had safety certification strategy preferably.In addition, because most of portable terminal do not have USB interface, therefore, existing safety certification scheme based on the USB-Key digital certificate can't satisfy identity and the demand of transaction authentication on the portable terminal.How to realize safety certification,, become a technical problem that needs to be resolved hurrily to guarantee the fail safe of mobile e-business to portable terminal.
Summary of the invention
Embodiment of the invention technical problem to be solved is; A kind of safety certifying method and system of portable terminal are provided; When portable terminal carries out specific transactions, portable terminal is carried out safety certification, can realize the transaction security of specific transactions; Improve the fail safe of mobile e-business, promote the experience of user mobile e-business.
In order to solve the problems of the technologies described above, the embodiment of the invention provides a kind of safety certifying method of portable terminal, comprising:
When receiving the specific transactions request of portable terminal, the security service end sends the safety certification instruction to said portable terminal;
Digital certificate according to the portable terminal that prestores; The security service end carries out safety certification to the information to be certified that said portable terminal generates under the control of said safety certification instruction; And after authentication is passed through, the specific transactions that provides it to ask to said portable terminal.
Wherein, said safety certification instruction comprises: the digital signature instruction; Said information to be certified comprises: the digital signature information that portable terminal generates under the safety certification commands for controlling that said security service end sends.
Wherein, said security service end also comprises after said portable terminal sends the safety certification instruction:
Said portable terminal receives the safety certification instruction that said security service end sends;
Said portable terminal adopts the private key of the key pair of local terminal storage and management under the control of said safety certification instruction, generate digital signature;
Said portable terminal is back to the security service end with said digital signature.
Wherein, the digital certificate of the portable terminal that said basis prestores, the security service end carries out safety certification to the information to be certified that said portable terminal generates under the control of said safety certification instruction, comprising:
The security service termination is received the digital signature that said portable terminal returns;
The security service end is according to the digital certificate of the corresponding said portable terminal of the number inquiry of said portable terminal, and said digital certificate comprises the PKI of the key pair of said mobile terminal stores and management;
The security service end adopts the PKI in the said digital certificate that inquires, and the digital signature of said portable terminal is tested label.
Wherein, said when receiving the specific transactions request of portable terminal, the security service end also comprised before said portable terminal sends the safety certification instruction: the security service end is stored the number of each portable terminal and the digital certificate of each portable terminal in advance; Wherein, the number of said each portable terminal is corresponding one by one with the digital certificate of said each portable terminal.
Correspondingly, the embodiment of the invention also provides a kind of security certification system of portable terminal, comprising: security service end and at least one portable terminal,
Said portable terminal; Be used for sending the specific transactions request to said security service end; Reception is instructed from the safety certification of said security service end, and under the control of said safety certification instruction, generates information to be certified, and said information to be certified is returned to said security service end;
Said security service end; Be used for when receiving the specific transactions request of said portable terminal; Send the safety certification instruction to said portable terminal, receiving said portable terminal in the control of said safety certification instruction down during the information to be certified of generation, said information to be certified is carried out safety certification according to the digital certificate of the portable terminal that prestores; And after authentication is passed through, the specific transactions that provides it to ask to said portable terminal.
Wherein, said security service end comprises: business platform, certificate server and OTA (Over-the-Air Technology, aerospace technology communication) server,
Said business platform is used for the service request of mobile terminal receive, and the business that provides it to ask to said portable terminal;
Said certificate server; Be used for when said business platform receives the specific transactions request of portable terminal; Send safety certification request to said OTA server, receive the information to be certified that said OTA server returns, said information to be certified is carried out safety certification; And after authentication is passed through, trigger the specific transactions that said business platform provides it to ask to said portable terminal;
Said OTA server; Be used for when receiving the safety certification request of said certificate server; The instruction of generation safety certification; The instruction of said safety certification is sent to said portable terminal, and with said portable terminal the control of said safety certification instruction down the information to be certified of generation be back to said certificate server and carry out safety certification.
Wherein, said certificate server comprises:
Memory cell is used for storing in advance the number of each portable terminal and the digital certificate of each portable terminal, and wherein, the number of said each portable terminal is corresponding one by one with the digital certificate of each portable terminal;
Transmit-Receive Unit is used for when said business platform receives the specific transactions request of portable terminal, sends safety certification request to said OTA server, and receives the information to be certified that said OTA server returns;
Authentication ' unit, the digital certificate of each portable terminal that is used for prestoring according to said memory cell carries out safety certification to the information to be certified that said Transmit-Receive Unit receives;
Trigger element is used for after said authentication ' unit authentication is passed through, triggering the specific transactions that said business platform provides it to ask to said portable terminal.
Wherein said authentication ' unit comprises:
Query unit is used for the number according to said portable terminal, the digital certificate of the said portable terminal of inquiry correspondence from said memory cell, and said digital certificate comprises the PKI of the key pair of said mobile terminal stores and management;
The authentication subelement is used for adopting the PKI of the said digital certificate that said query unit inquires, and the digital signature of said portable terminal is tested label.
Wherein, said portable terminal comprises:
Key management unit, it is right to be used to generate key, and storage and to manage said key right;
Signature unit is used under the control of the safety certification instruction that said security service end sends, adopting the private key of the key pair of said key management unit storage and management, generates digital signature;
Transmit-Receive Unit is used to receive the safety certification instruction that said security service end sends, and said safety certification instruction is offered said signature unit, and return the digital signature that said signature unit generates to said security service end.
Embodiment of the present invention embodiment has following beneficial effect:
1, the security service end of the embodiment of the invention sends the safety certification instruction to portable terminal, according to the digital certificate of portable terminal when the specific transactions request that receives portable terminal; The portable terminal information to be certified that instruction is generated according to safety certification is carried out safety certification; After authentication is passed through, the specific transactions of mobile terminal request is provided, guaranteed the transaction security of specific transactions; Improved the fail safe of mobile e-business, promoted the experience of user mobile e-business;
2, the security service end of the embodiment of the invention utilizes the PKI in the digital certificate of portable terminal; Digital signature to portable terminal adopts private key to generate is tested label; Asymmetric enciphering and deciphering algorithm based on traditional is realized the safety certification to portable terminal, makes safety certification more convenient, practical;
3, it is right that the portable terminal of the embodiment of the invention self generates key, and to key to storing and manage, the key of portable terminal utilization management is to realizing the digital signature of portable terminal, thereby makes portable terminal possess the ability that realizes transaction security.
4, the security service end of the embodiment of the invention; Constitute by existing business platform, OTA server and certificate server, do not need extra increase corresponding apparatus, practiced thrift cost; And framework is simple and practical, has further promoted the experience property of user to mobile e-business.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work property, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the structural representation of embodiment of the security certification system of portable terminal of the present invention;
Fig. 2 is the structural representation of the embodiment of portable terminal of the present invention;
Fig. 3 is the structural representation of the embodiment of security service end of the present invention;
Fig. 4 is the structural representation of the embodiment of certificate server of the present invention;
Fig. 5 is the structural representation of embodiment of the authentication ' unit of certificate server shown in Figure 4;
Fig. 6 is the flow chart of first embodiment of the safety certifying method of portable terminal of the present invention;
Fig. 7 is the flow chart of second embodiment of the safety certifying method of portable terminal of the present invention.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
See also Fig. 1, be the structural representation of the embodiment of the security certification system of portable terminal of the present invention; Said system comprises: security service end 20 and at least one portable terminal 10 (only illustrate 3 among the figure, and only one of them is carried out label, but in practical application, the security certification system of said portable terminal should comprise all signatory portable terminals).
Said portable terminal 10; Be used for sending the specific transactions request to said security service end 20; Reception is instructed from the safety certification of said security service end 20, and under the control of said safety certification instruction, generates information to be certified, and said information to be certified is returned to said security service end 20;
In concrete the realization; To be portable terminal 10 carry out at security service end 20 said specific transactions that all need carry out the business of safety certification, includes but not limited in the following business any one or more: based on the shopping at network of portable terminal, based on the network trading (pay the bill, transfer accounts etc.) of portable terminal, based on chatroom business of portable terminal etc.Wherein, said safety certification instruction comprises: the digital signature instruction; Said information to be certified comprises: the digital signature information that portable terminal 10 generates under the safety certification commands for controlling that said security service end 20 sends.
Said security service end 20; Be used for when receiving the specific transactions request of said portable terminal 10; Send the safety certifications instruction to said portable terminal 10, receiving said portable terminal 10 in the control of said safety certification instruction down during the information to be certified of generation, said information to be certified is carried out safety certification according to the digital certificate of the portable terminal that prestores; And after authentication is passed through, the specific transactions that provides it to ask to said portable terminal 10.
In concrete the realization, said security service end 20 is mainly by business platform, certificate server and OTA server.Wherein, Said business platform is the interactive window of security service end 20 and portable terminal 10; It comprises a user interface, and said business platform can show miscellaneous service and professional process of exchange and the transaction results that is provided to portable terminal 10 on this user interface.Said certificate server; Be used for portable terminal 10 is carried out safety certification; It mainly tests label based on digital certificate to the digital signature of portable terminal 10, and according to the final authentication result, triggers the work of business platform; Be specially: if authentication is passed through, said certificate server triggers business platform provides specific transactions from its request to portable terminal 10; If authentication do not pass through, said certificate server then triggers business platform and to portable terminal 10 corresponding prompt information is provided, such as the information of " Fail Transaction ", and the perhaps information of " authentification failure " etc.Said OTA server; Be used for to 10 of portable terminals based on aerial passage manage, it generates corresponding safety certification instruction according to the safety certification request of certificate server; Through aerial channel transfer to portable terminal 10;, generate the corresponding digital signature and also be back to said OTA server according to the instruction of this safety certification with control portable terminal 10, said OTA server is back to certificate server with the digital signature of portable terminal 10 again and verifies.
Need to prove that said security service end 20 is with its all professional classification that can provide for portable terminal 10, one type is specific transactions, comprising: said security service end 20 provide for portable terminal 10 all need carry out the business of safety certification; Another kind of is general service, comprising: the business common, that need not carry out safety certification that said security service end 20 provides for portable terminal 10, such as: talk business, short message service etc.; When portable terminal 10 when business platform request Lay is professional, business platform can judge that when being judged as specific transactions, then the notification authentication server carries out corresponding safety certification to the business of being asked; When being judged as general service, then notify the corresponding business service device to handle, the processing procedure of the concrete processing procedure of general service and existing mobile terminal service is similar here, does not give unnecessary details at this.
The security service end of the embodiment of the invention sends the safety certification instruction to portable terminal, according to the digital certificate of portable terminal when the specific transactions request that receives portable terminal; The portable terminal information to be certified that instruction is generated according to safety certification is carried out safety certification; After authentication is passed through, the specific transactions of mobile terminal request is provided, guaranteed the transaction security of specific transactions; Improved the fail safe of mobile e-business, promoted the experience of user mobile e-business.
For clearer explanation the present invention, will describe in detail to the portable terminal in the security certification system of above-mentioned portable terminal 10 below.
See also Fig. 2, be the structural representation of the embodiment of portable terminal of the present invention; Said portable terminal 10 comprises:
Key management unit 101, it is right to be used to generate key, and storage and to manage said key right;
In concrete the realization; Said key management unit 101 can be an intelligent chip in the portable terminal 10; Such as: it can be SIM (Subscriber Identity Module, the user identification module) smart card of portable terminal 10, and it is right to be used to portable terminal 10 generation keys; The key that storage generates is right, and to this key to managing.Particularly; In order further to improve the fail safe of mobile e-business; Said key management unit 101 also should storage security service end 20 the corresponding authentication information of business platform, when portable terminal 10 during, simultaneously business platform is carried out safety certification to the business platform requested service of security service end 20; And pass through the back in authentication and send follow-up request or other information to this business platform; Like this, can prevent that some illegal business platforms from stealing the information of portable terminal 10, further improve the fail safe of mobile e-business.
Signature unit 102 is used under the control of the safety certification instruction that said security service end 20 sends, and adopts the private key of the key pair of said key management unit 101 storages and management, generates digital signature;
In concrete the realization, the safety certification instruction that the OTA server of said security service end 20 is sent comprises the digital signature instruction.Wherein, said signature unit 102 is a ciphering unit, and it is used under the control of the safety certification instruction that the OTA server sends, and adopts the private key of the key pair of said key management unit 101 storages and management, generates digital signature.Particularly; In order to prevent that non-moving terminal use from carrying out the corresponding digital signature to portable terminal 10; Said signature unit 102 also is provided with corresponding digital signature authority, and when receiving the safety certification instruction of OTA server transmission, said portable terminal prompting user inputs Pin sign indicating number (the individual identification password of SIM); After the user imports correct Pin sign indicating number; Just can open the digital signature authority of said signature unit 102, then by said signature unit 102 under the control of said safety certification instruction, accomplish digital signature.It is understandable that it is an encrypted process that said signature unit 102 is accomplished on the process nature of digital signature, on this process and the existing P C machine to utilize AES to carry out encrypted process similar, do not give unnecessary details at this.
Transmit-Receive Unit 103 is used to receive the safety certification instruction that said security service end 20 sends, and said safety certification instruction is offered said signature unit 102, and return the digital signature that said signature unit 102 generates to said security service end 20.
In concrete the realization; Said Transmit-Receive Unit 103 is used to receive the safety certification instruction that the OTA server of said security service end 20 sends; Said safety certification instruction is offered said signature unit 102, and return the digital signature that said signature unit 102 generates to the OTA of said security service end 20 server.
It is right that the portable terminal of the embodiment of the invention self generates key, and to key to storing and manage, the key of portable terminal utilization management is to realizing the digital signature of portable terminal, thereby makes portable terminal possess the ability that realizes transaction security.
For clearer explanation the present invention, will the security service end 20 in the security certification system of portable terminal of the present invention be described in detail below.
Fig. 3 is the structural representation of the embodiment of security service end of the present invention; Said security service end 20 comprises: business platform 201, certificate server 202 and OTA server 203.
Said business platform 201 is used for the service request of mobile terminal receive 10, and the business that provides it to ask to said portable terminal 10;
In concrete the realization; Said business platform 201 is the interactive window of security service end 20 with portable terminal 10; It comprises a user interface, and said business platform 201 can show miscellaneous service and professional process of exchange and the transaction results that is provided to portable terminal 10 on this user interface.
Said certificate server 202; Be used for when said business platform 201 receives the specific transactions request of portable terminal 10; Send safety certification request to said OTA server 203, receive the information to be certified that said OTA server 203 returns, said information to be certified is carried out safety certification; And after authentication is passed through, trigger the specific transactions that said business platform 201 provides it to ask to said portable terminal 10;
In concrete the realization, as aforementioned, said certificate server 202; Be used for portable terminal 10 is carried out safety certification; It mainly tests label based on digital certificate to the digital signature of portable terminal 10, and according to the final authentication result, triggers the work of business platform 201; Be specially: if authentication is passed through, said certificate server 202 triggers business platform 201 provides specific transactions from its request to portable terminal 10; If authentication do not pass through, said certificate server then triggers business platform 201 and to portable terminal 10 corresponding prompt information is provided, such as the information of " Fail Transaction ", and the perhaps information of " authentification failure " etc.It is understandable that; It is the process of a deciphering that the testing of the digital signature of 202 pairs of portable terminals 10 of said certificate server signed on the process nature; This decrypting process is corresponding with the ciphering process of portable terminal 10; It adopts portable terminal PKI 10 that managed, that be stored in the digital certificate in the certificate server 202 in advance to decipher, and the process of utilizing decipherment algorithm to decipher on this process and the existing P C machine is similar, does not give unnecessary details at this.
Said OTA server 203; Be used for when receiving the safety certification request of said certificate server 202; The instruction of generation safety certification; The instruction of said safety certification is sent to said portable terminal 10, and with said portable terminal 10 the control of said safety certification instruction down the information to be certified of generation be back to said certificate server 202 and carry out safety certification.
In concrete the realization; Said OTA server 203 be used for to 10 of portable terminals based on aerial passage manage, it generates corresponding safety certification instruction according to the safety certification request of certificate server 202; Through aerial channel transfer to portable terminal 10;, generate the corresponding digital signature and also be back to said OTA server 203 according to safety certification instruction with control portable terminal 10, said OTA server 203 is back to certificate server 202 with the digital signature of portable terminal 10 again and verifies.
The security service end of the embodiment of the invention utilizes the PKI in the digital certificate of portable terminal; Digital signature to portable terminal adopts private key to generate is tested label; Asymmetric enciphering and deciphering algorithm based on traditional is realized the safety certification to portable terminal, makes safety certification more convenient, practical; Further, the security service end of the embodiment of the invention is made up of existing business platform, OTA server and certificate server; Do not need extra increase corresponding apparatus; Practiced thrift cost, and framework is simple and practical, has further promoted the experience property of user mobile e-business.
For clearer explanation the present invention, will the certificate server 202 of security service end 20 of the present invention be described in detail below.
See also Fig. 4, be the structural representation of the embodiment of certificate server of the present invention; Said certificate server 202 comprises:
Memory cell 221 is used for storing in advance the number of each portable terminal and the digital certificate of each portable terminal, and wherein, the number of said each portable terminal is corresponding one by one with the digital certificate of each portable terminal;
In concrete the realization; As aforementioned; The described portable terminal of the embodiment of the invention comprises all signatory portable terminals of security certification system of portable terminal; The corresponding unique digital certificate of each portable terminal, said memory cell 221 is then stored the number of each portable terminal in advance with corresponding digital certificate.With the digital certificate of the number of portable terminal and portable terminal corresponding stored one by one, then can directly search the digital certificate of portable terminal according to the number of portable terminal here, make search more convenient, quick.Need to prove that the number of portable terminal can be the number of portable terminal itself here, such as: phone number; But it also can be the identification number of other unique identification portable terminals, such as: the signatory sequence number of portable terminal in security certification system, the ID in the security certification system of portable terminal number etc.
Transmit-Receive Unit 222 is used for when said business platform 201 receives the specific transactions request of portable terminal 10, sends safety certification request to said OTA server 203, and receives the information to be certified that said OTA server 203 returns;
In concrete the realization; When said business platform 201 receives the specific transactions request from portable terminal 10; Said certificate server generates safety certification request; Said safety certification request comprises: the business description of the specific transactions that portable terminal 10 is asked, and need portable terminal 10 to carry out the content of actual signature, and information such as communication security parameter.Said safety certification request is sent to said OTA server 203 by said Transmit-Receive Unit 222; So that said OTA server 203 generates the safety certification instruction that comprises the digital signature instruction according to said safety certification request, control portable terminal 10 comprises the information to be certified of digital signature information.
Authentication ' unit 223, the digital certificate of each portable terminal that is used for prestoring according to said memory cell 221 carries out safety certification to the information to be certified that said Transmit-Receive Unit 222 receives;
In concrete the realization, please be the structural representation of embodiment of the authentication ' unit of certificate server shown in Figure 4 in the lump referring to Fig. 5; Said authentication ' unit 223 comprises:
Query unit 31 is used for the number according to said portable terminal 10, and the digital certificate of the said portable terminal 10 of inquiry correspondence from said memory cell 221, said digital certificate comprise the PKI of the key pair of said portable terminal 10 storages and management;
Authentication subelement 32 is used for adopting the PKI of the said digital certificate that said query unit 31 inquires, and the digital signature of said portable terminal 10 is tested label.
In concrete the realization; It is the process of a deciphering that the testing of the digital signature of 32 pairs of portable terminals 10 of said authentication subelement signed on the process nature; This decrypting process is corresponding with the ciphering process of portable terminal 10; It adopts portable terminal PKI 10 that managed, that be stored in the digital certificate in the memory cell 221 in advance to decipher, and the process of utilizing decipherment algorithm to decipher on this process and the existing P C machine is similar, does not give unnecessary details at this.
See also Fig. 4 again, said certificate server 202 also comprises:
Trigger element 224 is used for after said authentication ' unit 223 authentications are passed through, triggering the specific transactions that said business platform 201 provides it to ask to said portable terminal 10.
In concrete the realization; Said trigger element 224 is according to the final authentication result of said authentication ' unit 223; Trigger the work of business platform 201, be specially: if authentication is passed through, said trigger element 224 triggers business platform 201 provides specific transactions from its request to portable terminal 10; If authentication do not pass through, 224 of said trigger elements trigger business platform 201 and to portable terminal 10 corresponding prompt information are provided, such as the information of " Fail Transaction ", and the perhaps information of " authentification failure " etc.
The security service end of the embodiment of the invention sends the safety certification instruction to portable terminal, according to the digital certificate of portable terminal when the specific transactions request that receives portable terminal; The portable terminal information to be certified that instruction is generated according to safety certification is carried out safety certification; After authentication is passed through, the specific transactions of mobile terminal request is provided, guaranteed the transaction security of specific transactions; Improved the fail safe of mobile e-business, promoted the experience of user mobile e-business.
For clearer explanation the present invention; To the safety certifying method of portable terminal of the present invention be described in detail below; Need to prove that the safety certifying method of portable terminal of the present invention is performed by respectively installing in the security certification system of said portable terminal.
See also Fig. 6, be the flow chart of first embodiment of the safety certifying method of portable terminal of the present invention; Said method comprises:
S101, when receiving the specific transactions request of portable terminal, the security service end sends the safety certification instruction to said portable terminal;
In concrete the realization, said security service end is with its all professional classification that can provide for portable terminal, and one type is specific transactions, comprising: said security service end be portable terminal provide all need carry out the business of safety certification; Another kind of is general service, comprising: said security service end is the business common, that need not carry out safety certification that portable terminal provides, such as: talk business, short message service etc.; When portable terminal when the request of security service end is professional, the security service end can be judged the business of being asked, and when being judged as specific transactions, then carries out S101, sends the safety certification instruction to said portable terminal.It is understandable that when being judged as general service as if said security service end, then notify the corresponding business service device to handle, the processing procedure of the concrete processing procedure of general service and existing mobile terminal service is similar, does not give unnecessary details at this here.
S102; Digital certificate according to the portable terminal that prestores; The security service end to said portable terminal the control of said safety certification instruction down the information to be certified of generation carry out safety certification, and after authentication is passed through, the specific transactions that provides it to ask to said portable terminal.
In concrete the realization, said security service end is mainly by business platform, certificate server and OTA server.Wherein, said business platform is the interactive window of security service end and portable terminal, and it comprises a user interface, said business platform can be on this user interface to miscellaneous service that mobile terminal displays provided and professional process of exchange and transaction results.Said certificate server; Be used for portable terminal is carried out safety certification; It mainly tests label based on digital certificate to the digital signature of portable terminal, and according to the final authentication result, triggers the work of business platform; Be specially: if authentication is passed through, said certificate server triggers business platform provides specific transactions from its request to portable terminal; If authentication do not pass through, said certificate server then triggers business platform and to portable terminal corresponding prompt information is provided, such as the information of " Fail Transaction ", and the perhaps information of " authentification failure " etc.Said OTA server; Be used for to portable terminal based on aerial passage manage, it is according to the safety certification request of certificate server, generates corresponding safety certification instruction; Through aerial channel transfer to portable terminal; Instruct according to safety certification with the control portable terminal, generate the corresponding digital signature and also be back to said OTA server, said OTA server is back to certificate server with the digital signature of portable terminal again and verifies.
The security service end of the embodiment of the invention sends the safety certification instruction to portable terminal, according to the digital certificate of portable terminal when the specific transactions request that receives portable terminal; The portable terminal information to be certified that instruction is generated according to safety certification is carried out safety certification; After authentication is passed through, the specific transactions of mobile terminal request is provided, guaranteed the transaction security of specific transactions; Improved the fail safe of mobile e-business, promoted the experience of user mobile e-business.
See also Fig. 7, be the flow chart of second embodiment of the safety certifying method of portable terminal of the present invention; Said method comprises:
S201, certificate server store the number of each portable terminal and the digital certificate of each portable terminal in advance, and wherein, the number of said each portable terminal is corresponding one by one with the digital certificate of each portable terminal;
In concrete the realization; As aforementioned; The portable terminal of the embodiment of the invention comprises all signatory portable terminals of security certification system of portable terminal; The corresponding unique digital certificate of each portable terminal, said certificate server is then carried out S201, in advance the number of each portable terminal is stored with corresponding digital certificate.With the digital certificate of the number of portable terminal and portable terminal corresponding stored one by one, then can directly search the digital certificate of portable terminal according to the number of portable terminal here, make search more convenient, quick.Need to prove that the number of portable terminal can be the number of portable terminal itself here, such as: phone number; But it also can be the identification number of other unique identification portable terminals, such as: the signatory sequence number of portable terminal in security certification system, the ID in the security certification system of portable terminal number etc.
S202, the specific transactions request of business platform mobile terminal receive;
In concrete the realization; Said specific transactions can be carried out at the security service end for portable terminal all need carry out the business of safety certification, include but not limited in the following business any one or more: based on the shopping at network of portable terminal, based on the network trading (pay the bill, transfer accounts etc.) of portable terminal, based on chatroom business of portable terminal etc.Said security service end is with its all professional classification that can provide for portable terminal, and one type is specific transactions, comprising: said security service end be portable terminal provide all need carry out the business of safety certification; Another kind of is general service, comprising: said security service end is the business common, that need not carry out safety certification that portable terminal provides, such as: talk business, short message service etc.; When portable terminal when the business platform request is professional, business platform can judge that when being judged as specific transactions, then the notification authentication server is carried out follow-up security authentication process to the business of being asked; When being judged as general service, then notify the corresponding business service device to handle, the processing procedure of the concrete processing procedure of general service and existing mobile terminal service is similar here, does not give unnecessary details at this.
S203, certificate server sends safety certification request to the OTA server;
In concrete the realization; When business platform among the said S202 receives the specific transactions request of portable terminal; Said certificate server generates safety certification request; Said safety certification request comprises: the business description of the specific transactions that portable terminal is asked, and need portable terminal to carry out the content of actual signature, and information such as communication security parameter.Said Security Authentication Service device is carried out S203, and said safety certification request is sent to said OTA service.
S204, the safety certification request that the OTA server sends according to said certificate server generates the safety certification instruction;
In concrete the realization, said OTA server be used for to portable terminal institute based on aerial passage manage, it carries out the safety certification request that S203 sent according to certificate server, generates corresponding safety certification and instructs.Wherein, said safety certification instruction comprises: the digital signature instruction.
S205, the OTA server sends said safety certification instruction to portable terminal;
In concrete the realization, the OTA server is carried out S205, through aerial passage the safety certification instruction is transferred to portable terminal, instructs according to safety certification with the control portable terminal, generates the corresponding digital signature.
S206, it is right that said portable terminal generates key, and storage and to manage said key right;
In concrete the realization, said S206 can adopt an intelligent chip in the portable terminal, such as: it can be the SIM smart card of portable terminal, and it is used to portable terminal, and to generate key right, and the key that storage generates is right, and to this key to managing.Particularly, in order further to improve the fail safe of mobile e-business, corresponding authentication information that also should the storage service platform in the said SIM smart card; When portable terminal during to the business platform requested service; Simultaneously business platform is carried out safety certification, and send follow-up request or other information through the back to this business platform, like this in authentication; Can prevent that some illegal business platforms from stealing the information of portable terminal, further improve the fail safe of mobile e-business.
S207, said portable terminal adopt the private key of the said key pair of local terminal storage and management under the control of the safety certification instruction that said OTA server sends, generate digital signature;
In concrete the realization, said S207 can adopt a ciphering unit, and it is used under the control of the safety certification instruction that the OTA server sends, adopting the private key of the key pair of said S206 storage and management, generates digital signature.Particularly; In order to prevent that non-moving terminal use from carrying out the corresponding digital signature to portable terminal; Said ciphering unit also is provided with corresponding digital signature authority, and when receiving the safety certification instruction of OTA server transmission, said portable terminal prompting user inputs Pin sign indicating number (the individual identification password of SIM); After the user imports correct Pin sign indicating number; Just can open the digital signature authority of said portable terminal, then by said S207 under the control of said safety certification instruction, accomplish digital signature.It is understandable that it is an encrypted process that said S207 accomplishes on the process nature of digital signature, on this process and the existing P C machine to utilize AES to carry out encrypted process similar, do not give unnecessary details at this.
S208, said portable terminal returns said digital signature to said OTA server;
S209, said OTA server returns to said certificate server with the digital signature that said portable terminal sends;
S210, said certificate server inquire about corresponding digital certificate according to the number of said portable terminal;
S211, said certificate server adopts the PKI in the said digital certificate that inquires, and the digital signature of said portable terminal is tested label;
In concrete the realization; It is the process of a deciphering that said S211 signs on the process nature to testing of the digital signature of portable terminal; This decrypting process is corresponding with the ciphering process of portable terminal; It adopts PKI that portable terminal is managed, that be stored in advance in the digital certificate in the certificate server to decipher, and the process of utilizing decipherment algorithm to decipher on this process and the existing P C machine is similar, does not give unnecessary details at this.
S212, said certificate server is to said business platform return authentication result;
S213, the authentication result that said business platform returns according to said certificate server is if said authentication result is for passing through the specific transactions that then said business platform provides it to ask to said portable terminal.
In concrete the realization, the final authentication result according to S212 when said business platform is carried out S213 carries out work: if the authentication result that said S212 returns is that authentication is passed through, among the said S213, business platform provides the specific transactions of its request to portable terminal; If the authentication result of said S212 is that authentication is not passed through, among the said S213, business platform provides corresponding prompt information to portable terminal, such as the information of " Fail Transaction ", and the perhaps information of " authentification failure " etc.
The security service end of the embodiment of the invention sends the safety certification instruction to portable terminal, according to the digital certificate of portable terminal when the specific transactions request that receives portable terminal; The portable terminal information to be certified that instruction is generated according to safety certification is carried out safety certification; After authentication is passed through, the specific transactions of mobile terminal request is provided, guaranteed the transaction security of specific transactions; Improved the fail safe of mobile e-business, promoted the experience of user mobile e-business.
Description through the foregoing description; The security service end of the embodiment of the invention sends the safety certification instruction to portable terminal, according to the digital certificate of portable terminal when the specific transactions request that receives portable terminal; The portable terminal information to be certified that instruction is generated according to safety certification is carried out safety certification; After authentication is passed through, the specific transactions of mobile terminal request is provided, guaranteed the transaction security of specific transactions; Improved the fail safe of mobile e-business, promoted the experience of user mobile e-business; The security service end of the embodiment of the invention utilizes the PKI in the digital certificate of portable terminal; Digital signature to portable terminal adopts private key to generate is tested label; Asymmetric enciphering and deciphering algorithm based on traditional is realized the safety certification to portable terminal, makes safety certification more convenient, practical; It is right that the portable terminal of the embodiment of the invention self generates key, and to key to storing and manage, the key of portable terminal utilization management is to realizing the digital signature of portable terminal, thereby makes portable terminal possess the ability that realizes transaction security; The security service end of the embodiment of the invention; Constitute by existing business platform, OTA server and certificate server, do not need extra increase corresponding apparatus, practiced thrift cost; And framework is simple and practical, has further promoted the experience property of user to mobile e-business.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method; Be to instruct relevant hardware to accomplish through computer program; Described program can be stored in the computer read/write memory medium; This program can comprise the flow process like the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (RandomAccess Memory, RAM) etc.
Above disclosedly be merely preferred embodiment of the present invention; Certainly can not limit the present invention's interest field with this; One of ordinary skill in the art will appreciate that all or part of flow process that realizes the foregoing description; And, still belong to the scope that invention is contained according to the equivalent variations that claim of the present invention is done.

Claims (10)

1. the safety certifying method of a portable terminal is characterized in that, comprising:
When receiving the specific transactions request of portable terminal, the security service end sends the safety certification instruction to said portable terminal;
Digital certificate according to the portable terminal that prestores; The security service end carries out safety certification to the information to be certified that said portable terminal generates under the control of said safety certification instruction; And after authentication is passed through, the specific transactions that provides it to ask to said portable terminal.
2. the method for claim 1 is characterized in that:
Said safety certification instruction comprises: the digital signature instruction;
Said information to be certified comprises: the digital signature information that portable terminal generates under the safety certification commands for controlling that said security service end sends.
3. method as claimed in claim 2 is characterized in that, said security service end also comprises after said portable terminal sends the safety certification instruction:
Said portable terminal receives the safety certification instruction that said security service end sends;
Said portable terminal adopts the private key of the key pair of local terminal storage and management under the control of said safety certification instruction, generate digital signature;
Said portable terminal is back to the security service end with said digital signature.
4. method as claimed in claim 3 is characterized in that, the digital certificate of the portable terminal that said basis prestores, and the security service end carries out safety certification to the information to be certified that said portable terminal generates under the control of said safety certification instruction, comprising:
The security service termination is received the digital signature that said portable terminal returns;
The security service end is according to the digital certificate of the corresponding said portable terminal of the number inquiry of said portable terminal, and said digital certificate comprises the PKI of the key pair of said mobile terminal stores and management;
The security service end adopts the PKI in the said digital certificate that inquires, and the digital signature of said portable terminal is tested label.
5. method as claimed in claim 4 is characterized in that, and is said when receiving the specific transactions request of portable terminal, and the security service end also comprised before said portable terminal sends the safety certification instruction:
The security service end is stored the number of each portable terminal and the digital certificate of each portable terminal in advance;
Wherein, the number of said each portable terminal is corresponding one by one with the digital certificate of said each portable terminal.
6. the security certification system of a portable terminal comprises security service end and at least one portable terminal, it is characterized in that:
Said portable terminal; Be used for sending the specific transactions request to said security service end; Reception is instructed from the safety certification of said security service end, and under the control of said safety certification instruction, generates information to be certified, and said information to be certified is returned to said security service end;
Said security service end; Be used for when receiving the specific transactions request of said portable terminal; Send the safety certification instruction to said portable terminal, receiving said portable terminal in the control of said safety certification instruction down during the information to be certified of generation, said information to be certified is carried out safety certification according to the digital certificate of the portable terminal that prestores; And after authentication is passed through, the specific transactions that provides it to ask to said portable terminal.
7. system as claimed in claim 6 is characterized in that, said security service end comprises: business platform, certificate server and OTA server,
Said business platform is used for the service request of mobile terminal receive, and the business that provides it to ask to said portable terminal;
Said certificate server; Be used for when said business platform receives the specific transactions request of portable terminal; Send safety certification request to said OTA server, receive the information to be certified that said OTA server returns, said information to be certified is carried out safety certification; And after authentication is passed through, trigger the specific transactions that said business platform provides it to ask to said portable terminal;
Said OTA server; Be used for when receiving the safety certification request of said certificate server; The instruction of generation safety certification; The instruction of said safety certification is sent to said portable terminal, and with said portable terminal the control of said safety certification instruction down the information to be certified of generation be back to said certificate server and carry out safety certification.
8. system as claimed in claim 7 is characterized in that, said certificate server comprises:
Memory cell is used for storing in advance the number of each portable terminal and the digital certificate of each portable terminal, and wherein, the number of said each portable terminal is corresponding one by one with the digital certificate of each portable terminal;
Transmit-Receive Unit is used for when said business platform receives the specific transactions request of portable terminal, sends safety certification request to said OTA server, and receives the information to be certified that said OTA server returns;
Authentication ' unit, the digital certificate of each portable terminal that is used for prestoring according to said memory cell carries out safety certification to the information to be certified that said Transmit-Receive Unit receives;
Trigger element is used for after said authentication ' unit authentication is passed through, triggering the specific transactions that said business platform provides it to ask to said portable terminal.
9. system as claimed in claim 8 is characterized in that, said authentication ' unit comprises:
Query unit is used for the number according to said portable terminal, the digital certificate of the said portable terminal of inquiry correspondence from said memory cell, and said digital certificate comprises the PKI of the key pair of said mobile terminal stores and management;
The authentication subelement is used for adopting the PKI of the said digital certificate that said query unit inquires, and the digital signature of said portable terminal is tested label.
10. like each described system of claim 6-9, it is characterized in that said portable terminal comprises:
Key management unit, it is right to be used to generate key, and storage and to manage said key right;
Signature unit is used under the control of the safety certification instruction that said security service end sends, adopting the private key of the key pair of said key management unit storage and management, generates digital signature;
Transmit-Receive Unit is used to receive the safety certification instruction that said security service end sends, and said safety certification instruction is offered said signature unit, and return the digital signature that said signature unit generates to said security service end.
CN2010105115056A 2010-10-18 2010-10-18 Security authentication method and system for mobile terminal Pending CN102457374A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010105115056A CN102457374A (en) 2010-10-18 2010-10-18 Security authentication method and system for mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010105115056A CN102457374A (en) 2010-10-18 2010-10-18 Security authentication method and system for mobile terminal

Publications (1)

Publication Number Publication Date
CN102457374A true CN102457374A (en) 2012-05-16

Family

ID=46040083

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010105115056A Pending CN102457374A (en) 2010-10-18 2010-10-18 Security authentication method and system for mobile terminal

Country Status (1)

Country Link
CN (1) CN102457374A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014110877A1 (en) * 2013-01-18 2014-07-24 深圳市华营数字商业有限公司 Mobile terminal device and user authentication method based on pki technology
CN109992949A (en) * 2017-12-29 2019-07-09 中移(杭州)信息技术有限公司 A kind of equipment authentication method, air card-writing method and apparatus authentication device
CN112654039A (en) * 2019-09-25 2021-04-13 北京紫光青藤微系统有限公司 Terminal validity identification method, device and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101183932A (en) * 2007-12-03 2008-05-21 宇龙计算机通信科技(深圳)有限公司 Security identification system of wireless application service and login and entry method thereof
US20090215431A1 (en) * 2005-03-31 2009-08-27 Vodafone House, The Connection Facilitating and authenticating transactions
CN101587458A (en) * 2009-06-30 2009-11-25 北京握奇数据系统有限公司 Operation method and device for intelligent storing card
CN101588573A (en) * 2009-06-29 2009-11-25 方秀芹 Safe verification method, system and portable terminal, server
CN101765108A (en) * 2009-07-01 2010-06-30 北京华胜天成科技股份有限公司 Safety certification service platform system, device and method based on mobile terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090215431A1 (en) * 2005-03-31 2009-08-27 Vodafone House, The Connection Facilitating and authenticating transactions
CN101183932A (en) * 2007-12-03 2008-05-21 宇龙计算机通信科技(深圳)有限公司 Security identification system of wireless application service and login and entry method thereof
CN101588573A (en) * 2009-06-29 2009-11-25 方秀芹 Safe verification method, system and portable terminal, server
CN101587458A (en) * 2009-06-30 2009-11-25 北京握奇数据系统有限公司 Operation method and device for intelligent storing card
CN101765108A (en) * 2009-07-01 2010-06-30 北京华胜天成科技股份有限公司 Safety certification service platform system, device and method based on mobile terminal

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014110877A1 (en) * 2013-01-18 2014-07-24 深圳市华营数字商业有限公司 Mobile terminal device and user authentication method based on pki technology
CN109992949A (en) * 2017-12-29 2019-07-09 中移(杭州)信息技术有限公司 A kind of equipment authentication method, air card-writing method and apparatus authentication device
CN112654039A (en) * 2019-09-25 2021-04-13 北京紫光青藤微系统有限公司 Terminal validity identification method, device and system
CN112654039B (en) * 2019-09-25 2024-03-01 紫光同芯微电子有限公司 Terminal validity identification method, device and system

Similar Documents

Publication Publication Date Title
CN106559217B (en) A kind of dynamic encrypting method, terminal, server
CN106161359B (en) It authenticates the method and device of user, register the method and device of wearable device
CN107358441B (en) Payment verification method and system, mobile device and security authentication device
KR101451214B1 (en) Payment method, server performing the same, storage media storing the same and system performing the same
CN102103778B (en) Mobile payment system, mobile terminal and method for realizing mobile payment service
US10237072B2 (en) Signatures for near field communications
CN101860525B (en) Realizing method of electronic authorization warrant, intelligent terminal, authorization system and verification terminal
CN103793815A (en) Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards
US9445269B2 (en) Terminal identity verification and service authentication method, system and terminal
CN102056077B (en) Method and device for applying smart card by key
CN111787530A (en) Block chain digital identity management method based on SIM card
CN103326862A (en) Electronically signing method and system
CN109063450B (en) Control method of safe storage medium, safe storage medium and system
CN105553654A (en) Key information query processing method and device and key information management system
El Madhoun et al. A cloud-based secure authentication protocol for contactless-nfc payment
CN105376059A (en) Method and system for performing application signature based on electronic key
CN105704092A (en) User identity authentication method, device and system
KR101792220B1 (en) Method, mobile terminal, device and program for providing user authentication service of combining biometric authentication
CN103107888A (en) Dynamic multi-attribute multilevel identity authentication method for mobile terminal (MT)
CN107609878B (en) Security authentication method and system for shared automobile
CN105741116A (en) Fast payment method, apparatus and system
CN110321682B (en) Unified identity authentication method and device based on UAF (Universal authentication framework) and IBC (identity based communication)
US20160359832A1 (en) Virtual device authorization method and device
CN105635164B (en) The method and apparatus of safety certification
CN104796399A (en) Key negotiation method of data encryption transmission

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20120516