Method, system and device for managing multiple digital certificates based on mobile terminal

Abstract

The invention provides a method, a system and equipment for management of multiple digital certificates on the basis of a mobile terminal. The method includes setting a CA (certification authority) mapping table containing multiple pieces of CA information in an MSSP (managed security service provider); when users apply for digital certificates, by the MSSP, inquiring the saved CA mapping table to acquire corresponding CA information, then indicating a mobile signature device in the mobile terminal to store the CA information and generate and store public and private key pairs, converting the digital certificates generated in a certificate center into certificate information files, and then sending the certificate information files to the mobile signature device; when in digital signing, by the MSSP, sending to-be-signed data from an application server to the mobile signature device, and sending the signed data returned from the mobile signature device to the application server to be verified. By the method, the system and the equipment for management of multiple digital certificates on the basis of the mobile terminal, the users can store and manage information of multiple digital certificates in the mobile signature device of one mobile terminal and can manage and use the multiple digital certificates conveniently, and service cost is reduced for the users.

Description

technical field [0001] The invention relates to the technical fields of data services and information security, and in particular to a management method, system and equipment for multiple digital certificates based on mobile terminals. Background technique [0002] In the existing public key infrastructure (PKI, PublicKeyInfrastructure) technical solutions, the certificate certification authority (CA, CertificationAuthority) is often bound to one or several fixed business applications, and the CA issues corresponding certificates for users, including User identity, public key and private key corresponding to the above business applications. At present, there are hundreds of CAs that have been established, such as Beijing CA, Tianwei Chengxin, CFCA, etc., which are operated as third parties, and ICBC CA, CCB CA, etc., which are self-built for specific systems. When the above-mentioned various CAs issue digital certificates to users, they usually store the digital certificate...

AI Technical Summary

Problems solved by technology

[0014] 1. It is inconvenient for users to carry and the cost is high

[0015] In the above-mentioned digital signature method, a business application usually only uses the digital certificate of a certain CA, so generally only one private key is stored in the USB-Key, and the private key only corresponds to one or several business applications , so a USB-Key can only be applied to one or several specific business applications, but not to other business applications, thus causing the USB-Keys of various business applications to be incompatible

If a user wants to use a certain business application, he must purchase a USB-Key corresponding to the business application; and when the user needs to use multiple business applications, he also needs to carry multiple USB-Keys with him, which is not only inconvenient to use, but also but also need to bear the additional cost of using

[0016] 2. It is platform dependent and can only be used in Windows environment

[0017] Since the above method of implementing digital signature must rely on the CSP component of the Windows system, it can only be applied to the Windows series platform, but not to other operating systems

[0018] 3. Poor terminal adaptability

[0019] Since the USB-Key needs to be connected to the user terminal through the USB socket, the user terminal used by the user must have a USB socket, and other devices (such as mobile phones, Pads, etc.) that do not have a USB socket cannot be used, so the terminal adaptability is poor

[0020] 4. Need to install a specific client program

[0021] Since various USB-Keys are not universal, different client programs need to be installed on the user terminal for different USB-Keys, which requires the user to have a high level of operation and increases the complexity of the user's operation. Moreover, there is also the problem of version adaptation of various client programs, and often the installation fails and the USB-Key cannot be used.

[0022] In today's mobile Internet era, there are more and more types of user terminals and business applications, and the security requirements of various business applications are becoming stronger and stronger. However, the methods for implementing digital signatures in the prior art have the above-mentioned deficiencies Therefore, the method of realizing digital signature through traditional PKI in the prior art has been unable to meet the needs of users

Images