Method and apparatus for managing application identifier

US 10,630,488 B2
Filed: 04/26/2017
Issued: 04/21/2020
Est. Priority Date: 03/31/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by an apparatus, an application access certificate request sent by a user, wherein the application certificate access request comprises;

a user identifier, an application identifier of the user, and a type of the application identifier;

extracting, by the apparatus, the user identifier and the application identifier of the user from the application access certificate request;

acquiring, by the apparatus, a biometric feature identifier of the user according to the user identifier;

generating, by the apparatus, an application access certificate according to the application identifier, the type of the application identifier, and the biometric feature identifier of the user, wherein generating the application access certificate according to the application identifier, the type of the application identifier, and the biometric feature identifier of the user comprises;

combining, by the apparatus, a second randomization factor with the biometric feature identifier of the user to obtain a fourth string;

performing, by the apparatus, hashing on the fourth string according to a preset hash function to obtain a second hash value;

obtaining, by the apparatus, a fifth string according to the type of the application identifier, the application identifier, and the second hash value;

performing, by the apparatus using a private key, digital signing on the fifth string to obtain a sixth string; and

assembling, by the apparatus, the type of the application identifier, the application identifier, and the sixth string into the application access certificate according to a preset sequence; and

sending, by the apparatus, the application access certificate to the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments provide a method and an apparatus for managing an application identifier. The method includes: receiving, by an identifier management apparatus, an application identifier certificate application request sent by a user, and acquiring a user identifier and an application identifier of the user according to the application identifier certificate application request. The method also includes acquiring a feature identifier of the user according to the user identifier, generating an application identifier certificate according to the application identifier and the feature identifier of the user, and sending the application identifier certificate to the user.

Citations

18 Claims

1. A method, comprising:
- receiving, by an apparatus, an application access certificate request sent by a user, wherein the application certificate access request comprises;
  
  a user identifier, an application identifier of the user, and a type of the application identifier;
  
  extracting, by the apparatus, the user identifier and the application identifier of the user from the application access certificate request;
  
  acquiring, by the apparatus, a biometric feature identifier of the user according to the user identifier;
  
  generating, by the apparatus, an application access certificate according to the application identifier, the type of the application identifier, and the biometric feature identifier of the user, wherein generating the application access certificate according to the application identifier, the type of the application identifier, and the biometric feature identifier of the user comprises;
  
  combining, by the apparatus, a second randomization factor with the biometric feature identifier of the user to obtain a fourth string;
  
  performing, by the apparatus, hashing on the fourth string according to a preset hash function to obtain a second hash value;
  
  obtaining, by the apparatus, a fifth string according to the type of the application identifier, the application identifier, and the second hash value;
  
  performing, by the apparatus using a private key, digital signing on the fifth string to obtain a sixth string; and
  
  assembling, by the apparatus, the type of the application identifier, the application identifier, and the sixth string into the application access certificate according to a preset sequence; and
  
  sending, by the apparatus, the application access certificate to the user.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, wherein generating the application access certificate according to the application identifier, the type of the application identifier, and the biometric feature identifier of the user further comprises:
    - combining, by the apparatus, a first randomization factor with the biometric feature identifier of the user to obtain a first string;
      
      performing, by the apparatus, hashing on the first string according to the preset hash function to obtain a first hash value;
      
      obtaining, by the apparatus, a second string according to the application identifier and the first hash value;
      
      performing, by the apparatus using the private key, digital signing on the second string to obtain a third string; and
      
      assembling, by the apparatus, the application identifier and the third string into the application access certificate according to the preset sequence.
  - 3. The method according to claim 1, wherein the application access certificate request further comprises a digital signature of the user;
    - andwherein before generating the application access certificate according to the application identifier, the type of the application identifier, and the biometric feature identifier of the user, the method further comprises;
      
      acquiring, by the apparatus, a public key of the user according to the user identifier;
      
      verifying, by the apparatus, the digital signature of the user according to the public key of the user; and
      
      generating, by the apparatus, the application access certificate according to the application identifier, the type of the application identifier, and the biometric feature identifier of the user when the digital signature of the user is successfully verified.
  - 4. The method according to claim 3, wherein before sending the application access certificate to the user, the method further comprises:
    - encrypting, by the apparatus, the application access certificate according to the public key of the user; and
      
      wherein sending, by the apparatus, the application access certificate to the user comprises;
      
      sending, by the apparatus, the encrypted application access certificate to the user.
  - 5. The method according to claim 1, wherein before acquiring the biometric feature identifier of the user according to the user identifier, the method further comprises:
    - receiving, by the apparatus, the user identifier sent by the user and a biometric feature;
      
      generating, by the apparatus, the biometric feature identifier of the user according to a first preset algorithm and the biometric feature; and
      
      saving, by the apparatus, a correspondence between the user identifier and the biometric feature identifier of the user; and
      
      wherein acquiring the biometric feature identifier of the user according to the user identifier comprises;
      
      acquiring, by the apparatus according to the correspondence, the biometric feature identifier of the user corresponding to the user identifier.
  - 6. The method according to claim 1, wherein acquiring the biometric feature identifier of the user according to the user identifier comprises:
    - acquiring, by the apparatus, a biometric feature of the user from the user identifier; and
      
      generating, by the apparatus, the biometric feature identifier of the user according to a second preset algorithm and the biometric feature of the user.

7. A method, comprising:
- receiving, by a terminal, an application access certificate sent by an apparatus, wherein the application access certificate is in an encrypted state;
  
  decrypting, by the terminal, the application access certificate according to a private key of a user to acquire a first string and a digital signature of the first string from the application access certificate, wherein the first string is generated according to an application identifier and a biometric feature identifier of the user, and the digital signature of the first string is created by the apparatus according to the first string and a private key of the apparatus;
  
  decrypting, by the terminal, the digital signature of the first string according to a public key of the apparatus to obtain a second string;
  
  verifying, by the terminal, validity of the application access certificate according to the first string and the second string;
  
  after it is verified that the application access certificate is valid, determining, by the terminal, a target server according to an application requirement of the user; and
  
  sending, by the terminal, a registration request to the target server, wherein the registration request comprises a user identifier, the application access certificate, and a digital signature of the application access certificate, and wherein sending the registration request to the target server causes the target server to verify the validity of the application access certificate and to complete a registration process for the terminal, wherein the digital signature of the application access certificate is created by the terminal according to the application access certificate and the private key of the user.
- View Dependent Claims (8, 9)
- - 8. The method according to claim 7, wherein the digital signature of the application access certificate comprises one or more of a type of the application identifier, a timestamp, or a randomizer.
  - 9. The method according to claim 7, wherein after verifying the validity of the application access certificate according to the first string and the second string, the method further comprises:
    - sending, by the terminal, a communication request to another terminal, after it is verified that the application access certificate is valid, wherein the communication request comprises the application access certificate and the digital signature of the application access certificate, and wherein sending the communication request to the another terminal causes the another terminal to verify the validity of the application access certificate, wherein the digital signature of the application access certificate is created by the terminal according to the application access certificate and the private key of the user.

10. An apparatus, comprising:
- a receiver, configured to receive an application access certificate request sent by a user, wherein the application certificate access request comprises;
  
  a user identifier, an application identifier of the user, and a type of the application identifier;
  
  a processor; and
  
  a non-transitory computer-readable storage medium storing a program to be executed by the processor, the program including instructions for;
  
  extracting the user identifier and the application identifier of the user from the application access certificate request;
  
  acquiring a biometric feature identifier of the user according to the user identifier; and
  
  generating an application access certificate according to the application identifier, the type of the application identifier, and the biometric feature identifier of the user, wherein generating the application access certificate according to the application identifier, the type of the application identifier, and the biometric feature identifier of the user comprises;
  
  combining a second randomization factor with the biometric feature identifier of the user to obtain a fourth string;
  
  performing hashing on the fourth string according to a preset hash function to obtain a second hash value;
  
  obtaining a fifth string according to the type of the application identifier, the application identifier, and the second hash value;
  
  performing, using a private key, digital signing on the fifth string to obtain a sixth string; and
  
  assembling the type of the application identifier, the application identifier, and the sixth string into the application access certificate according to a preset sequence; and
  
  a transmitter, configured to send the application access certificate to the user.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The apparatus according to claim 10, wherein generating the application access certificate according to the application identifier, the type of the application identifier, and the biometric feature identifier of the user further comprises:
    - combining a first randomization factor with the biometric feature identifier of the user to obtain a first string;
      
      performing hashing on the first string according to the preset hash function to obtain a first hash value;
      
      obtaining a second string according to the application identifier and the first hash value;
      
      performing, using the private key, digital signing on the second string to obtain a third string; and
      
      assembling the application identifier and the third string into the application access certificate according to the preset sequence.
  - 12. The apparatus according to claim 10, wherein the application access certificate request further comprises a digital signature of the user;
    - andwherein the program further includes instructions for;
      
      acquiring a public key of the user according to the user identifier;
      
      verifying the digital signature of the user according to the public key of the user; and
      
      generating the application access certificate according to the application identifier, the type of the application identifier, and the biometric feature identifier of the user when the digital signature of the user is successfully verified.
  - 13. The apparatus according to claim 12, wherein the program further includes instructions for encrypting the application access certificate according to the public key of the user;
    - andwherein the transmitter is configured to send the encrypted application access certificate to the user.
  - 14. The apparatus according to claim 10, wherein the receiver is configured to receive the user identifier sent by the user and a biometric feature;
    - andwherein the program further includes instructions for;
      
      generating the biometric feature identifier of the user according to a first preset algorithm and the biometric feature;
      
      saving a correspondence between the user identifier and the biometric feature identifier of the user; and
      
      acquiring, according to the correspondence, the biometric feature identifier of the user corresponding to the user identifier.
  - 15. The apparatus according to claim 10, wherein acquiring the biometric feature identifier of the user according to the user identifier comprises:
    - acquiring a biometric feature of the user from the user identifier; and
      
      generating the biometric feature identifier of the user according to a second preset algorithm and the biometric feature of the user.

16. A terminal, comprising:
- a receiver, configured to receive an application access certificate sent by apparatus, wherein the application access certificate is in an encrypted state;
  
  a processor;
  
  a non-transitory computer-readable storage medium storing a program to be executed by the processor, the program including instructions for;
  
  decrypting the application access certificate according to a private key of a user to acquire a first string and a digital signature of the first string from the application access certificate, wherein the first string is generated according to an application identifier and a biometric feature identifier of the user, and the digital signature of the first string is created by the apparatus according to the first string and a private key of the apparatus;
  
  decrypting the digital signature of the first string according to a public key of the apparatus to obtain a second string;
  
  verifying validity of the application access certificate according to the first string and the second string; and
  
  after it is verified that the application access certificate is valid, determining a target server according to an application requirement of the user; and
  
  a transmitter, configured to send a registration request to the target server, wherein the registration request comprises a user identifier, the application access certificate, and a digital signature of the application access certificate, and wherein sending the registration request to the target server causes the target server to verify the validity of the application access certificate and to complete a registration process for the terminal, wherein the digital signature of the application access certificate is created by the terminal according to the application access certificate and the private key of the user.
- View Dependent Claims (17, 18)
- - 17. The terminal according to claim 16, wherein the digital signature of the application access certificate comprises one or more of a type of the application identifier, a timestamp, or a randomizer.
  - 18. The terminal according to claim 16, wherein the terminal further comprises a transmitter, configured to:
    - send a communication request to another terminal when the application access certificate is valid, wherein the communication request comprises the application access certificate and the digital signature of the application access certificate, and wherein sending the communication request to the another terminal causes the another terminal to verify the validity of the application access certificate, wherein the digital signature of the application access certificate is created by the terminal according to the application access certificate and the private key of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Li, Yingtao, Wei, He, Ma, Jinbo
Primary Examiner(s)
Pearson, David J
Assistant Examiner(s)
Champakesan, Badri Narayanan

Application Number

US15/498,310
Publication Number

US 20170230187A1
Time in Patent Office

1,091 Days
Field of Search

713156
US Class Current
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

Method and apparatus for managing application identifier

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for managing application identifier

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links