Certificate application method, device and equipment
A certificate and encryption certificate technology, applied in the field of data processing, can solve the problems of constant change, threat to terminal information security, explicit public key information, etc.
Active Publication Date: 2019-10-22
NEUSOFT CORP
5 Cites 11 Cited by
AI-Extracted Technical Summary
Problems solved by technology
[0003] Certificates are usually divided into explicit certificates and implicit certificates. At present, explicit certificates are widely used in many fields in our country. However, compared with implicit certificates, the defect of explicit certificates is that the public key ...
Method used
Because the embodiment of the application transmits it based on the ciphertext of encrypted public key, so the information security of encrypted public key is ensured in the transmission process, therefore, PCA utilizes this encrypted public key to generate the anonymous certificate Encryption can ensure the security of anonymous certificates, and ultimately ensure the information security of terminals that communicate based on the anonymous certificates.
In another embodiment, in order to further ensure the information security of the encryption public key, the embodiment of the present application first encrypts the encryption public key of the terminal using the public key of PCA before encrypting the certificate application request, Obtain the public key ciphertext, and secondly encrypt the certificate application request carrying the public key ciphertext to obtain the encrypted certificate application request. In the embodiment of the present application, the information security of the encryption public key can be further ensured through the secondary encryption processing method.
In practical application, PCA sends the anonymous certificate that utilizes encrypted public key encryption to RA, and it is forwarded to corresponding terminal by RA, thereby avoids the terminal that can know anonymous certificate correspondence on PCA side, finally avoids in PCA- The side leaks the terminal information corresponding to the anonymous certificate to ensure the information security of the terminal.
The root CA (also known as RootCA or RCA) of certification authority (Certificate Authority; CA) end is the manager of all CAs, is also the center of credible system, issues subordinate CA certificates in a hierarchical manner, and root CA's Operation and operation are required to be in an isolated security environment and to ensure that its server is offline to prevent it from being attacked by the Internet.
[0097] Since the time management system sends the private key to the terminal when th...
Abstract
The invention discloses a certificate application method, device and equipment, and the method comprises the steps: a terminal encrypting a certificate application request carrying an encryption public key through a public key of an anonymous certificate issuing system PCA, and obtaining an encrypted certificate application request; wherein the encryption public key is generated by the terminal; sending the encrypted certificate application request to an access authentication system RA, the RA receiving the encrypted certificate application request, and sending the encrypted certificate application request to the PCA through the RA, so that the PCA decrypts the encrypted certificate application request to obtain the encrypted public key, encrypts the encrypted public key into an anonymouscertificate generated by the terminal, and sends the anonymous certificate to the RA; and receiving the anonymous certificate sent by the RA. According to the application, the encrypted public key ofthe terminal at one side of the certificate issuing mechanism is not leaked in the certificate application process, so that the information security of the certificate encrypted by using the encryptedpublic key is ensured, and finally, the information security of the terminal using the certificate for communication is ensured.
Application Domain
User identity/authority verification
Technology Topic
Authentication systemEncryption +2
Image
Examples
- Experimental program(1)
Example Embodiment
[0062] The technical solutions in the embodiments of the present application will be described clearly and completely in conjunction with the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only a part of the embodiments of the present application, rather than all the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of this application.
[0063] In the field of information security, there is a problem of information leakage in the current certificate application process, which threatens the information security of terminals that need to apply for a certificate. In order to avoid information leakage during the certificate application process, ensure information security during the certificate application process, and ultimately ensure the information security of the terminal, this application provides a certificate application method, device and equipment. Specifically, before the terminal sends a certificate application request to the PCA, the PCA’s public key is first used to encrypt the certificate application request carrying the encrypted public key to ensure the encryption of the terminal during the certificate application process and on the side of the certificate authority. The public key is not leaked, thereby ensuring the information security of the certificate encrypted by the encryption public key, and ultimately ensuring the information security of the terminal communicating using the certificate.
[0064] Before introducing the specific technical solutions in this application, the following concepts are first briefly introduced to facilitate the understanding of the technical solutions.
[0065] The root CA (also known as RootCA or RCA) on the certificate authority (Certificate Authority; CA) side is the administrator of all CAs and the center of the trusted system. It issues lower-level CA certificates in a hierarchical manner, and the operation and operation of root CAs They are required to be in an isolated security environment and to ensure that their servers are offline to prevent them from encountering Internet attacks.
[0066] The admission verification system (Registration Authority; RA) is used to verify the admission certificate. Only the request that confirms the validity of the admission certificate is executed. It is mainly used to process anonymous certificate requests from terminal devices, provide device anonymous certificate downloads, and certificate requests. Obfuscate computing, communicate with the device terminal and obtain communication information, and request an anonymous certificate from the anonymous certificate issuing system PCA.
[0067] The anonymous certificate issuing system (PseudoymCA; PCA) is used to issue short-term anonymous certificates for terminal devices, so that terminal devices can interact with trusted information through anonymous certificates.
[0068] In addition, before introducing the specific technical solutions in this application, we need to introduce the system architecture applied by the certificate application method provided in this application. figure 1 , An architecture diagram of a certificate application system provided by this embodiment of the application, where the certificate application system 100 includes a terminal 101, an admission verification system RA102, and an anonymous certificate issuing system PCA103.
[0069] The terminal 101 is configured to use the public key of the PCA103 to encrypt the certificate application request carrying the encrypted public key to obtain the encrypted certificate application request, and send the encrypted certificate application request to the RA102.
[0070] The terminal in the embodiment of the present application may be a terminal that has an anonymous and secure communication requirement in various fields, for example, it may be an IoV terminal in the LTE-V2X (Vehicle-To-Everything) Internet of Vehicles security field.
[0071] In practical applications, the terminal first generates a certificate application request before applying for a certificate, where the certificate application request may include the type and validity period of the certificate applied for. Specifically, the type of certificate application can indicate that the certificate to be applied for is an anonymous certificate, and the validity period refers to the validity period of the certificate.
[0072] In addition, in order to ensure the information security of the certificate issued by the certificate authority, the certificate needs to be encrypted with the encryption public key of the terminal. Therefore, the terminal needs to carry the encryption public key in the certificate application request, so that the certification authority can obtain the encryption public key and use the encryption public key to encrypt the certificate issued for the terminal. However, if the encrypted public key in the form of plaintext is leaked during the transmission of the certificate application request, it may pose a security threat to the certificate encrypted with the encrypted public key. Therefore, the embodiment of the application needs to ensure the security of the encrypted public key. Safety.
[0073] In an implementation manner, the terminal encrypts the certificate application request carrying the encrypted public key by using the public key of the anonymous certificate issuing system PCA to obtain the encrypted certificate application request. Since the encrypted certificate application request obtained by using the PCA's public key encryption can only be decrypted by the PCA's private key, the encrypted public key of the terminal carried by it will not be disclosed during the transmission of the encrypted certificate application request , To ensure the information security of the encrypted public key.
[0074] In another implementation manner, in order to further ensure the information security of the encrypted public key, before encrypting the certificate application request, the embodiment of the application first uses the public key of the PCA to encrypt the public key of the terminal once to obtain the public key. The ciphertext, secondly, the certificate application request carrying the public key ciphertext is encrypted twice to obtain the encrypted certificate application request. The embodiment of the present application can further ensure the information security of the encrypted public key through the secondary encryption processing method.
[0075] It is worth noting that the terminal usually completes the writing of the PCA's public key during the production process. Therefore, in this embodiment of the application, the terminal can directly use the written PCA's public key for encryption.
[0076] In an optional implementation manner, the terminal includes a secure chip and a secure terminal. Specifically, the secure chip is used to generate an encrypted public key of the terminal, and the secure terminal is used to generate a certificate application request. Take the Internet of Vehicles terminal as an example. The Internet of Vehicles terminal includes a security chip and a V2X security terminal. After the security chip of the Internet of Vehicles terminal generates an encrypted public key, it can use the PCA public key to encrypt the encrypted public key to obtain the public key ciphertext, and Export the public key ciphertext to the V2X secure terminal of the car networking terminal, and then the V2X secure terminal generates a certificate application request carrying the public key ciphertext, and re-encrypts the certificate application request with the PCA public key, and finally obtains the encrypted certificate application request .
[0077] In actual applications, after receiving the encryption certificate application request, the terminal sends the encryption certificate application request to the RA, and then the RA forwards the encryption certificate application request to the PCA to complete the certificate application. Generally, before sending the encryption certificate application request to the RA, the terminal needs to use its own signature private key to sign the encryption certificate application request, and send the signed encryption certificate application request to the RA.
[0078] RA102 is used to forward the encryption certificate application request to the PCA103 after verifying the encryption certificate application request.
[0079] In practical applications, after receiving the signed encryption certificate application request, the RA first needs to verify the correctness of the signature of the encryption certificate application request, and if the verification is passed, it determines the terminal corresponding to the encryption certificate application request. Then, the RA re-uses its private key to sign the encrypted certificate application request and forwards it to the PCA; if the verification fails, it can record the encrypted certificate application request that has not passed the verification, and return the failed certificate to the terminal information.
[0080] In order to further ensure information security and prevent the PCA from knowing the exact source of the encryption certificate application request forwarded by the RA, in this embodiment of the application, the RA receives a preset number of encryption certificate application requests, Set the number of encryption certificate application requests for obfuscation, and then send the obfuscated encryption certificate application requests to the PCA.
[0081] In an optional implementation manner, a random scramble function may be used for obfuscation processing. For example, suppose the RA receives a preset number of 100 encryption certificate application requests, it can use the random scramble function to randomly scramble the 100 encryption certificate application requests to obtain the confused encryption certificate application request. It is worth noting that, in order to facilitate subsequent corresponding de-obfuscation processing, in this embodiment of the present application, the RA needs to pre-record the correspondence between the encryption certificate application request before the obfuscation processing and the terminal.
[0082] Specifically, in one embodiment, after verifying the signature of the encryption certificate application request, the RA may determine the terminal corresponding to the encryption certificate application request, and record the correspondence between the encryption certificate application request and the terminal. In another implementation manner, when the RA receives the encryption certificate application request, it also receives the access certificate of the terminal. After verifying the access certificate, the RA can determine the terminal corresponding to the access certificate, which is understandable If yes, the terminal is the terminal that sends the encryption certificate application request. Therefore, the RA can record the correspondence between the encryption certificate application request and the terminal.
[0083] PCA103, used to decrypt the encrypted certificate application request, obtain the encrypted public key, and use the encrypted public key to encrypt the anonymous certificate generated for the terminal, then send the anonymous certificate to RA102, and then The RA102 forwards the anonymous certificate to the terminal 101.
[0084] In this embodiment of the application, after the PCA receives the encrypted certificate application request, it uses its own private key to decrypt it, and obtains the information carried in the encrypted certificate application request, which usually includes the encrypted public key, the type of certificate applied for, and the validity period. The PCA generates an anonymous certificate for the terminal based on the above information carried in the encrypted certificate application request. Among them, the anonymous certificate is credible and is used to hide terminal information.
[0085] In actual applications, in order to ensure the information security of the anonymous certificate, the anonymous certificate needs to be encrypted during the process of issuing the anonymous certificate to the corresponding terminal. Generally, after the PCA obtains the encryption public key from the encryption certificate application request, it uses the encryption public key to encrypt the anonymous certificate so that the corresponding terminal can decrypt it, and finally obtain the anonymous certificate.
[0086] Since the embodiment of this application transmits it based on the ciphertext of the encrypted public key, the information security of the encrypted public key is ensured during the transmission process. Therefore, the PCA uses the encrypted public key to encrypt the generated anonymous certificate, which can Ensure the security of the anonymous certificate, and ultimately ensure the information security of the terminal communicating based on the anonymous certificate.
[0087] In actual applications, PCA sends the anonymous certificate encrypted with the encrypted public key to RA, and RA forwards it to the corresponding terminal, so as to avoid the PCA side from knowing the terminal corresponding to the anonymous certificate, and ultimately avoid the disclosure of anonymity on the PCA side The terminal information corresponding to the certificate ensures the information security of the terminal.
[0088] In an optional embodiment, if the RA performs obfuscation processing on the received encryption certificate application request, correspondingly, the RA needs to perform de-obfuscation processing when receiving the anonymous certificate from the PCA. Specifically, when the RA receives any anonymous certificate, it first determines the encryption certificate application request corresponding to the anonymous certificate, and then determines the terminal corresponding to the anonymous certificate according to the pre-recorded correspondence between the encryption certificate application request and the terminal, and finally The anonymous certificate is forwarded to the corresponding terminal to complete the certificate application.
[0089] In order to further improve the information security of the anonymous certificate, the certificate application system provided by the embodiment of this application also includes a time management system, refer to figure 2 ,in figure 1 On the basis of, it can also include a time management system 201, where the time management system 201 can be integrated on the CA side where PCA and RA are located, or can exist separately, and the specific existence form is not limited in this application.
[0090] Specifically, the PCA 103 is also used to send an application request for aging of the anonymous certificate to the time management system 201 after the anonymous certificate is generated for the terminal.
[0091] Wherein, the aging application request may carry the parameter of the validity period included in the encryption certificate application request of the terminal, and the time management system generates a aging authorization response for the terminal according to the parameter.
[0092] The time management system 201 is configured to, after receiving the aging application request of the anonymous certificate sent by the PCA, return to the PCA a aging authorization response carrying its own public key.
[0093] The PCA 103 is also used to send the anonymous certificate to the terminal after encrypting the anonymous certificate with the public key of the time management system 201.
[0094] The time management system 201 is further configured to send a private key to the terminal when the initial time point of the limitation period is reached, so that the terminal uses the private key to decrypt the anonymous certificate.
[0095] In this embodiment of the application, the PCA not only uses the terminal's public encryption key to encrypt the anonymous certificate for the first time, but also uses the public key of the time management system to perform the second encryption for the anonymous certificate, and finally obtains the double-encrypted anonymous certificate.
[0096] The time management system only sends its own private key to the corresponding terminal when it reaches the starting time point of the validity period corresponding to the anonymous certificate, so that the terminal can use the private key to decrypt the anonymous certificate first, and then Only then can it use its own public encryption key to perform a second decryption on the anonymous certificate, and finally obtain the anonymous certificate, which can be used for subsequent terminal secure communication.
[0097] Since the time management system sends the private key to the terminal when the start time point of the limitation period is reached, the time when the terminal actually obtains the anonymous certificate is controlled, and the information security risk caused by the premature acquisition of the anonymous certificate by the terminal is avoided.
[0098] Corresponding to the above-mentioned certificate application system, this application embodiment also provides a certificate application method, refer to image 3 , A flow chart of a certificate application method provided in this embodiment of the application, the method includes:
[0099] S301: The terminal uses the public key of the anonymous certificate issuance system PCA to encrypt the certificate application request carrying the encrypted public key to obtain the encrypted certificate application request.
[0100] S302: The terminal sends the encryption certificate application request to the admission verification system RA, and sends it to the PCA via the RA.
[0101] S303: The PCA decrypts the encrypted certificate application request, obtains the encrypted public key, and uses the encrypted public key to encrypt the anonymous certificate generated for the terminal, and then sends the anonymous certificate to the RA.
[0102] S304: The terminal receives the anonymous certificate sent via the RA.
[0103] In this embodiment of the application, the PCA implements the authorization of the device by issuing a certificate containing authorization information to the legal device, so that the device can perform secure communication based on the authorized certificate. Specifically, the terminal initiates a certificate application request, which is forwarded to the PCA after being verified by RA, and the PCA issues a corresponding certificate to the device, and finally sends the certificate to the terminal to complete the certificate application. In the certificate application method provided in this application embodiment, before the terminal sends the certificate application request to the PCA, the PCA’s public key is first used to encrypt the certificate application request carrying the encrypted public key to ensure that the certificate application process and the The encryption public key of the terminal on the side of the certification authority is not leaked, thereby ensuring the information security of the certificate encrypted by the encryption public key, and ultimately ensuring the information security of the terminal communicating using the certificate.
[0104] In addition, in the certificate application method provided by the embodiments of this application, the PCA not only uses the terminal’s encryption public key to perform the first re-encryption of the anonymous certificate, but also uses the time management system’s public key to perform the second re-encryption of the anonymous certificate. Obtain a double-encrypted anonymous certificate. The time management system controls the time when the terminal actually obtains the anonymous certificate by sending the private key to the terminal when the start time point of the limitation period is reached, and avoids the information security risk caused by the premature acquisition of the anonymous certificate by the terminal.
[0105] For the understanding of the method embodiment, reference may be made to the description in the foregoing system embodiment, which will not be repeated here.
[0106] With the continuous development of social economy, the transportation field is facing various challenges, such as safety, travel, environment and so on. The V2X technology of intelligent vehicle networking provides effective solutions to various problems faced in intelligent transportation. LTE-V2X (Vehicle-To-Everything) is vehicle-to-everything (V2V), vehicle-to-pedestrian (V2P), vehicle and infrastructure The communication system between (V2I), vehicle and network (V2N), etc., is used to improve road safety, improve traffic efficiency, and make traffic smarter. According to statistics, the application of V2X technology can effectively avoid about 81% of traffic accidents and increase road traffic efficiency by more than 30%. With the determination and promulgation of various national policies and standards, my country's intelligent networked vehicles are expected to gradually realize industrialization, and the market size is expected to reach 100 billion yuan by 2020.
[0107] As vehicle-mounted devices become standard equipment in many cars, real-time communication between vehicles and cloud servers and other mobile devices becomes possible. Vehicle information, including vehicle operating conditions and geographic location information, can be uploaded to the cloud or other mobile devices through network technology. Many of these data are important information related to public privacy and national security. At the same time, some vehicle terminals can also receive instructions issued by the cloud, making it possible to remotely control the behavior of the vehicle. In this case, if the transmitted data is obtained or used maliciously, or the vehicle receives and executes illegal instructions, it is likely to cause an incident that endangers personal safety, and even rise to a social security and national security issue. It can be seen that information security is one of the key and urgent issues that must be considered and resolved in the development of intelligent networked vehicles in my country, and challenges and opportunities coexist.
[0108] To this end, this application provides a certificate application method, which can be applied to the LTE-V2X Internet of Vehicles information security field. Specifically, when the Internet of Vehicles terminal applies for a certificate from the PCA, through the certificate application request carrying the encrypted public key Encrypted transmission ensures that the encrypted public key is not leaked, thereby ensuring the information security of the certificate encrypted with the encrypted public key, and ultimately ensuring the information security of the car networking terminal based on certificate communication.
[0109] reference Figure 4 , An information interaction diagram of a certificate application method applied to the field of Internet of Vehicles provided by this embodiment of the application, wherein the Internet of Vehicles terminal is also called a V2X device, and the method includes:
[0110] S401: The security chip in the V2X device encrypts the pre-generated encryption public key with the public key of the PCA to obtain the public key ciphertext.
[0111] S402: The secure terminal in the V2X device generates a certificate application request carrying the public key ciphertext, and encrypts the certificate application request with the public key of the PCA to obtain the encrypted certificate application request.
[0112] Among them, the certificate application request may also include the type of the application certificate, the validity period, the value of the signature public key, the value of the signature, and so on.
[0113] S403: After the V2X device signs the encryption certificate application request, it sends it to the RA.
[0114] S404: The RA verifies the correctness of the signature of the encryption certificate application request, and after the verification is passed, performs obfuscation processing on the preset number of encryption certificate application requests to obtain the encrypted certificate application request after confusion.
[0115] It is worth noting that after the RA passes the signature verification, it determines the V2X device corresponding to the encryption certificate application request, and records the correspondence between the encryption certificate application request and the V2X device. In addition, when the V2X device sends the encryption certificate application request to the RA, it also sends its own admission certificate to the RA, and the RA verifies the admission certificate to determine that the V2X device has the authority to apply for an anonymous certificate. In addition, because the admission certificate carries the identifier of the V2X device, the RA can also determine the V2X device corresponding to the encryption certificate application request through the admission certificate, and record the correspondence between the encryption certificate application request and the V2X device.
[0116] It is worth noting that the correspondence between the encrypted certificate application request recorded by the RA and the V2X device can be used for subsequent de-obfuscation of the anonymous certificate.
[0117] S405: After the RA signs the obfuscated encryption certificate application request, it sends it to the PCA.
[0118] S406: PCA verifies the correctness of the signature of the obfuscated encrypted certificate application request, and after passing the verification, uses its own private key to decrypt the obfuscated encrypted certificate application request, and obtains the encrypted public key in each obfuscated encrypted certificate application request .
[0119] S407: The PCA generates an anonymous certificate according to the information in the encryption certificate application request, and encrypts the anonymous certificate with the corresponding encryption public key.
[0120] S408: The PCA sends a aging application request for each anonymous certificate to the time management system; wherein the aging application request carries the validity period parameter in the certificate application request.
[0121] S409: The time management system returns a aging authorization response carrying its own public key to the PCA.
[0122] S410: The PCA uses the public key of the time management system to perform the second encryption on the anonymous certificate, signs the anonymous certificate, and sends it to the RA.
[0123] S411: RA verifies the correctness of the signature of the anonymous certificate, and after the verification is passed, the anonymous certificate is de-obfuscated; after the de-obfuscated anonymous certificate is signed, the encrypted certificate application request recorded before the obfuscation and the V2X device Correspondence, send it to the corresponding V2X device.
[0124] S412: The V2X device verifies the correctness of the signature of the anonymous certificate.
[0125] S413: The time management system issues a certificate with a private key to the V2X device when the validity period is reached, so that the V2X device uses the private key in the certificate to decrypt the anonymous certificate.
[0126] In practical applications, the time management system issues a certificate to the V2X device when the validity period is reached. The certificate contains the private key used for the first decryption of the anonymous certificate. In addition, the issued certificate also contains the certificate for verification. Public key, etc., after the V2X device receives the certificate issued by the time management system, it first verifies the anonymous certificate with the public key carried by the certificate to confirm that the anonymous certificate is issued by the time management system, and then The anonymous certificate is decrypted for the first time by using the private key carried in the certificate.
[0127] Since the time management system only issues a certificate with a private key to the V2X device when the validity period is reached, that is, only when the validity period is reached, the V2X device can use the private key from the time management system to decrypt the anonymous certificate . It is understandable that, before the validity period is reached, the anonymous certificate on the V2X device side is in cipher text, so the information security of the anonymous certificate can be guaranteed during this period.
[0128] S414: The V2X device uses the private key of the time management system to perform the first decryption on the anonymous certificate, and then uses its own encryption public key to perform the second decryption on the anonymous certificate to obtain the anonymous certificate.
[0129] After the V2X device obtains the decrypted anonymous certificate, it can perform secure communication based on the anonymous certificate to ensure communication security.
[0130] It is worth noting that the method of signing and verifying the accuracy of the signature in the embodiment of the present application is a method commonly used in the art, and will not be repeated here.
[0131] The certificate application method provided in the embodiment of the application can ensure that the encrypted public key is not leaked, and therefore, the information security of the anonymous certificate encrypted by the encrypted public key is ensured. In the process of V2X device communication, illegal users cannot determine which information belongs to the same V2X device by decrypting the anonymous certificate, and cannot obtain the complete path information of the same vehicle, which avoids information security issues in the Internet of Vehicles.
[0132] Corresponding to the above-mentioned embodiment, the embodiment of this application also provides a certificate application device, refer to Figure 5 , Is a schematic structural diagram of a certificate application device provided in an embodiment of this application, the device is applied to a terminal, and the device 500 includes:
[0133] The first encryption module 501 is configured to use the public key of the anonymous certificate issuance system PCA to encrypt the certificate application request carrying the encrypted public key to obtain the encrypted certificate application request; wherein the encrypted public key is generated by the terminal;
[0134] The first sending module 502 is configured to send the encryption certificate application request to the admission verification system RA, and send it to the PCA via the RA, so that the PCA can decrypt the encryption certificate application request to obtain The encrypted public key, and after encrypting the anonymous certificate generated for the terminal by using the encrypted public key, send the anonymous certificate to the RA;
[0135] The first receiving module 503 is configured to receive the anonymous certificate sent via the RA.
[0136] In addition, reference Image 6 , This embodiment of the application also provides a schematic structural diagram of a certificate application device, the device is applied to the anonymous certificate issuance system PCA, and the device 600 includes:
[0137] The second receiving module 601 is configured to receive an encryption certificate application request from the terminal forwarded via the admission verification system RA; wherein the encryption certificate application request carries the encryption public key of the terminal and is encrypted using the public key of the PCA get;
[0138] The decryption module 602 is configured to obtain the encrypted public key after decrypting the encrypted certificate application request;
[0139] The second encryption module 603 is configured to use the encryption public key to encrypt the anonymous certificate generated for the terminal, and then send the anonymous certificate to the RA, so that the RA can forward the anonymous certificate to the terminal.
[0140] In addition, reference Figure 7 , This embodiment of the application also provides a schematic structural diagram of a certificate application device, the device is applied to the admission verification system RA, and the device 700 includes:
[0141] The obfuscation module 701 is configured to obfuscate the preset number of encryption certificate application requests after receiving a preset number of encryption certificate application requests, and send the obfuscated encryption certificate application requests to the anonymous certificate issuance System PCA;
[0142] The de-obfuscation module 702 is configured to perform de-obfuscation processing on the anonymous certificate after receiving the anonymous certificate from the PCA, and send the de-obfuscated anonymous certificates to corresponding terminals respectively.
[0143] In addition, reference Figure 8 , This embodiment of the application also provides a schematic structural diagram of a certificate application device, the device is applied to a time management system, and the device 800 includes:
[0144] The third receiving module 801 is configured to receive the aging application request of the anonymous certificate from the anonymous certificate issuing system PCA, and return to the PCA a aging authorization response carrying its own public key, so that the PCA can use the time management system After the public key encrypts the anonymous certificate, sending the anonymous certificate to the terminal;
[0145] The second sending module 802 is configured to send a private key to the terminal when the initial time point of the limitation period is reached, so that the terminal uses the private key to decrypt the anonymous certificate.
[0146] This application embodiment provides a certificate application device. Before sending the certificate application request to the PCA, first use the PCA’s public key to encrypt the certificate application request carrying the encrypted public key to ensure that the certificate application process and the certificate The encryption public key of the terminal on the side of the issuing authority is not leaked, thereby ensuring the information security of the certificate encrypted by the encryption public key, and ultimately ensuring the information security of the terminal communicating using the certificate.
[0147] In addition, the embodiment of the application also provides a certificate application device, see Picture 9 As shown, it can include:
[0148] A processor 901, a memory 902, an input device 903, and an output device 904. The number of processors 901 in the certificate application device can be one or more, Picture 9 Take a processor as an example. In some embodiments of the present invention, the processor 901, the memory 902, the input device 903, and the output device 904 may be connected by a bus or other means, where: Picture 9 Take the bus connection as an example.
[0149] The memory 902 may be used to store software programs and modules. The processor 901 executes various functional applications and data processing of the certificate application device by running the software programs and modules stored in the memory 902. The memory 902 may mainly include a program storage area and a data storage area, where the program storage area may store an operating system, an application program required by at least one function, and the like. In addition, the memory 902 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, a flash memory device, or other volatile solid-state storage devices. The input device 903 can be used to receive input digital or character information, and to generate signal input related to user settings and function control of the certificate application device.
[0150] Specifically, in this embodiment, the processor 901 will load the executable file corresponding to the process of one or more applications into the memory 902 according to the following instructions, and the processor 901 will run the executable files stored in the memory 902 Application program, so as to achieve various functions in the above certificate application method.
[0151] In addition, the present application also provides a computer-readable storage medium that stores instructions in the computer-readable storage medium, and when the instructions run on a terminal device, the terminal device executes the above-mentioned certificate application method.
[0152] It can be understood that, for the device embodiment, since it basically corresponds to the method embodiment, the relevant part can refer to the part of the description of the method embodiment. The device embodiments described above are merely illustrative. The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in One place, or it can be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the objectives of the solutions of the embodiments. Those of ordinary skill in the art can understand and implement it without creative work.
[0153] It should be noted that in this article, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply one of these entities or operations. There is any such actual relationship or order between. Moreover, the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements not only includes those elements, but also includes those that are not explicitly listed Other elements of, or also include elements inherent to this process, method, article or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other same elements in the process, method, article, or equipment including the element.
[0154] The above provides a detailed introduction to a certificate application method, device and equipment provided by the embodiments of this application. Specific examples are used in this article to explain the principles and implementation of this application. The description of the above embodiments is only to help understanding The method of this application and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of this application, there will be changes in the specific implementation and the scope of application. In summary, the content of this specification should not It is understood as a limitation of this application.
PUM


Description & Claims & Application Information
We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.