CN108494557A - Social security digital certificate management method, computer readable storage medium and terminal device - Google Patents

Social security digital certificate management method, computer readable storage medium and terminal device Download PDF

Info

Publication number
CN108494557A
CN108494557A CN201810121919.4A CN201810121919A CN108494557A CN 108494557 A CN108494557 A CN 108494557A CN 201810121919 A CN201810121919 A CN 201810121919A CN 108494557 A CN108494557 A CN 108494557A
Authority
CN
China
Prior art keywords
social security
digital certificate
security digital
central server
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810121919.4A
Other languages
Chinese (zh)
Other versions
CN108494557B (en
Inventor
李毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201810121919.4A priority Critical patent/CN108494557B/en
Priority to PCT/CN2018/083295 priority patent/WO2019153507A1/en
Publication of CN108494557A publication Critical patent/CN108494557A/en
Application granted granted Critical
Publication of CN108494557B publication Critical patent/CN108494557B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/08Insurance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/102Bill distribution or payments
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The invention belongs to a kind of field of computer technology more particularly to social security digital certificate management method, computer readable storage medium and terminal devices.The method sends the certificate request to create for carrying user's social security information to preset social security digital certificate central server;Receive the social security digital certificate that the social security digital certificate central server is sent;It is signed to the social security digital certificate by preset first private key, obtains user's signature information, and the user's signature information is sent to the social security digital certificate central server;Receive the center check information that the social security digital certificate central server is sent;If the center check information is verification successful information, it is determined that the social security digital certificate creates successfully.The reliability of social security digital certificate is substantially increased to the signature and checking procedure of the social security digital certificate by the interactive process between social security digital certificate central server and the terminal device of user, especially the two.

Description

Social security digital certificate management method, computer readable storage medium and terminal device
Technical field
The invention belongs to field of computer technology more particularly to a kind of social security digital certificate management methods, computer-readable Storage medium and terminal device.
Background technology
It is disability that social security, also known as social insurance, which are a kind of, is temporarily lost with labour post or through poor health The population to cause damages provides income or a kind of social and economic system of compensation.The main project of social security include endowment insurance, Medical insurance, unemployment insurance, work-related injury insurance, birth insurance etc..
With the development of Internet technology, user can have been handled various using terminal devices such as mobile phone, tablet computers Social security business for security reasons at present generally can be by the way of digital certificate come to the terminal for handling social security business Equipment is verified.But the entire management process of the digital certificate of current each terminal device is by social security digital certificate center service Device is individually completed, and the reliability of data is relatively low.
Invention content
In view of this, an embodiment of the present invention provides a kind of social security digital certificate management method, computer-readable storage mediums Matter and terminal device, with solve current terminal device digital certificate entire management process by genuinely convinced in social security digital certificate Business device is individually completed, the relatively low problem of the reliabilities of data.
The first aspect of the embodiment of the present invention provides a kind of social security digital certificate management method, may include:
The certificate request to create for carrying user's social security information is sent to preset social security digital certificate central server;
The social security digital certificate that the social security digital certificate central server is sent is received, the social security digital certificate is by institute Social security digital certificate central server is stated to be formed according to user's social security information creating;
It is signed to the social security digital certificate by preset first private key, obtains user's signature information, and by institute It states user's signature information and is sent to the social security digital certificate central server;
The center check information that the social security digital certificate central server is sent is received, the center check information is institute State social security digital certificate central server the user's signature information verify by preset first public key it is obtained As a result, first public key and first private key belong to same key pair;
If the center check information is verification successful information, it is determined that the social security digital certificate creates successfully.
The second aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage Media storage has computer-readable instruction, the computer-readable instruction to realize following steps when being executed by processor:
The certificate request to create for carrying user's social security information is sent to preset social security digital certificate central server;
The social security digital certificate that the social security digital certificate central server is sent is received, the social security digital certificate is by institute Social security digital certificate central server is stated to be formed according to user's social security information creating;
It is signed to the social security digital certificate by preset first private key, obtains user's signature information, and by institute It states user's signature information and is sent to the social security digital certificate central server;
The center check information that the social security digital certificate central server is sent is received, the center check information is institute State social security digital certificate central server the user's signature information verify by preset first public key it is obtained As a result, first public key and first private key belong to same key pair;
If the center check information is verification successful information, it is determined that the social security digital certificate creates successfully.
The third aspect of the embodiment of the present invention provides a kind of social security digital certificate management terminal device, including memory, Processor and it is stored in the computer-readable instruction that can be run in the memory and on the processor, the processor Following steps are realized when executing the computer-readable instruction:
The certificate request to create for carrying user's social security information is sent to preset social security digital certificate central server;
The social security digital certificate that the social security digital certificate central server is sent is received, the social security digital certificate is by institute Social security digital certificate central server is stated to be formed according to user's social security information creating;
It is signed to the social security digital certificate by preset first private key, obtains user's signature information, and by institute It states user's signature information and is sent to the social security digital certificate central server;
The center check information that the social security digital certificate central server is sent is received, the center check information is institute State social security digital certificate central server the user's signature information verify by preset first public key it is obtained As a result, first public key and first private key belong to same key pair;
If the center check information is verification successful information, it is determined that the social security digital certificate creates successfully.
Existing advantageous effect is the embodiment of the present invention compared with prior art:The embodiment of the present invention is to preset social security number Word certificate center server sends the certificate request to create for carrying user's social security information;Receive social security digital certificate center The social security digital certificate that server is sent;It is signed, is used to the social security digital certificate by preset first private key Family signing messages, and the user's signature information is sent to the social security digital certificate central server;Receive the social security The center check information that digital certificate central server is sent;If the center check information is verification successful information, it is determined that The social security digital certificate creates successfully.It is digital by social security compared to the entire management process of the digital certificate of each terminal device The prior art that certificate center server is individually completed, the embodiment of the present invention pass through social security digital certificate central server and use Interactive process between the terminal device at family, both especially to the signature and checking procedure of the social security digital certificate, significantly Improve the reliability of social security digital certificate.
Description of the drawings
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description be only the present invention some Embodiment for those of ordinary skill in the art without having to pay creative labor, can also be according to these Attached drawing obtains other attached drawings.
Fig. 1 is a kind of schematic diagram of implementation environment of the embodiment of the present invention;
Fig. 2 is a kind of one embodiment flow chart of social security digital certificate management method in the embodiment of the present invention;
Fig. 3 is the exemplary flow verified to the data stored in social security digital certificate block chain in the embodiment of the present invention Figure;
Fig. 4 is a kind of one embodiment structure chart of social security digital certificate management device in the embodiment of the present invention;
Fig. 5 is a kind of schematic block diagram of social security digital certificate management terminal device in the embodiment of the present invention.
Specific implementation mode
In order to make the invention's purpose, features and advantages of the invention more obvious and easy to understand, below in conjunction with the present invention Attached drawing in embodiment, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that disclosed below Embodiment be only a part of the embodiment of the present invention, and not all embodiment.Based on the embodiments of the present invention, this field All other embodiment that those of ordinary skill is obtained without making creative work, belongs to protection of the present invention Range.
A kind of implementation environment of the embodiment of the present invention is as shown in Figure 1, include the terminal device of user in the implementation environment And preset social security digital certificate central server, it is preferable that can also include the social security being made of multiple node servers Digital certificate block chain.Wherein, the terminal device of user is the executive agent of the present embodiment.
As shown in Fig. 2, a kind of one embodiment of social security digital certificate management method may include in the embodiment of the present invention:
Step S201, the certificate wound for carrying user's social security information is sent to preset social security digital certificate central server Build request.
The terminal device of user, can be by the use installed in the terminal device of user before being communicated with other equipment The client that is communicated in implementation environment shown in Fig. 1 generates key pair, the key pair may include the first public key and First private key.
In addition, the terminal device of user can also generate the signature of oneself in plain text.The terminal device of user can be to described Social security digital certificate central server sends certificate request to create, to create oneself certificate in block chain.Certificate establishment is asked User's social security information can be carried in asking, wherein user's social security information includes public information and private information, public information packet Include certificates identified, the first public key that the terminal device of user generates and signature in plain text etc. can to other users terminal device it is public The information opened, private information include user certificate type input by user, passport NO., subscriber phone, subscriber mailbox etc. not to The content item that information disclosed in the terminal device of other users, public information and private information are included can be by the social security number Word certificate center server is configured.
Step S202, the social security digital certificate that the social security digital certificate central server is sent is received.
The social security digital certificate is by the social security digital certificate central server according to user's social security information creating It forms.
After the terminal device of user sends certificate request to create to the social security digital certificate central server, the social security Digital certificate central server can receive the certificate request to create, then can be parsed to the certificate request to create, The first public key therein is obtained, preset hash algorithm is may then pass through, calculates the cryptographic Hash of first public key, by the Hash It is worth mark of the terminal device in block chain as the user.The social security digital certificate central server can will be added with The social security digital certificate of the mark is sent to the terminal device of user, so that user checks.
Step S203, it is signed to the social security digital certificate by preset first private key, obtains user's signature letter Breath, and the user's signature information is sent to the social security digital certificate central server.
It, can after the terminal device of user receives the social security digital certificate that the social security digital certificate central server is sent To be shown to the social security digital certificate received, so that user can check the social security digital certificate received, Judge whether the information in the social security digital certificate that certificate center server is sent is consistent with the user's social security information of oneself, or Person, in the social security digital certificate that the terminal device of user can also automatically send the social security digital certificate central server Information and user's social security information of local cache compare, and judge whether the two is consistent.If it is judged that being consistent, then use The terminal device at family can sign to social security digital certificate by the first private key of generation, obtain user's signature information, so After the user's signature information can be sent to the social security digital certificate central server.
Step S204, the center check information that the social security digital certificate central server is sent is received.
The center check information is for the social security digital certificate central server by preset first public key to described User's signature information carries out verifying obtained as a result, first public key and first private key belong to same key pair.
After certificate center server receives the user's signature information of the certificate, user's signature can be believed with the first public key Breath carries out solution label, obtains solution label as a result, the solution label result can be a characteristic value.The social security digital certificate central server According to preset feature value-based algorithm, such as hash algorithm, the user social security information of the terminal device transmission of user can be calculated Whether characteristic value, it is identical as calculated characteristic value then to compare the characteristic value that solution checks out, if identical, can be determined that solution label As a result with the terminal device of user send user's social security information match, to the terminal device returned content of user be verification at The center check information of work(information.If it is not the same, then can be determined that the user that the terminal device of solution label result and user are sent Social security information does not match that it is to verify the center verification letter of failure information that content can be then sent to the terminal device of the user Breath.
Step S205, judge whether the center check information is verification successful information.
If the center check information is verification failure information, S206 and step S207 are thened follow the steps, if the center Check information is verification successful information, thens follow the steps S208.
Step S206, determine that the social security digital certificate creates failure.
Step S207, complaint request is sent to the social security digital certificate central server, so that the social security number is demonstrate,proved Book central server carries out data recovery process to the social security digital certificate.
After the social security digital certificate central server receives complaint request, can to the certificate information of the certificate into Row data recovery process.There are many kinds of the modes for carrying out data recovery process.For example, the social security digital certificate central server Can obtain can carry the terminal device of user in the certificate information stored in the terminal device of user, such as complaint request The certificate information of middle storage, alternatively, can the certificate information of the user be obtained by way of manually inquiring, if got Certificate information and differing in the social security digital certificate central server, then illustrate genuinely convinced in the social security digital certificate For the certificate of business device storage there may be problem, the social security digital certificate central server can inquire the daily record of local record, And then determine the problem of occurring, for example be that the certificate information of certificate is tampered, or mistake occurs for local program in machine code, then Data recovery is carried out by journal recovery technology, to solve the problems, such as this.
Step S208, determine that the social security digital certificate creates successfully.
The social security digital certificate central server, can also be by preset after creating the social security digital certificate Second private key is signed to obtain center signing messages to the social security digital certificate.And the center signing messages is sent to A certain node server in the social security digital certificate block chain, then the node server finger print information is transmitted to institute Other node servers in addition to the node server in social security digital certificate block chain are stated, so that all sections in block chain The center signing messages of the certificate is all stored in point server.
Preferably, can also include process as shown in Figure 3 after determining that the social security digital certificate creates successfully:
Step S301, multiple node servers into preset social security digital certificate block chain send certificate query and ask It asks.
The node server passes through preset second private key pair for storing the social security digital certificate central server The center signing messages that the social security digital certificate is signed.
In the present embodiment, certificate can be sent to all node servers in the social security digital certificate block chain Inquiry request, part of nodes server that can also be thereto send certificate query request, it is preferable that the certificate query request The selection process of sending object may include:Block chain history run note is sent to the social security digital certificate central server Record inquiry request;Receive the block chain history log that the social security digital certificate central server is sent;According to the area There are abnormal conditions in each node server that block chain history log is counted respectively in the social security digital certificate block chain Number;Determine that the Query priority of each node server, the Query priority occur abnormal with node server The number positive correlation of situation;The highest node server of the Query priority of preset number is chosen as the certificate query The sending object of request.
By above method, the node server chosen is the number for occurring in history log abnormal conditions Most node servers, the also as minimum node server of reliability, which reduces higher to a large amount of reliability Node server devote a tremendous amount of time and verified, the limited time is focused on to the lower node server of reliability It is verified, to greatly improve verification efficiency.
Step S302, the center signing messages that the node server is sent is received.
The center signing messages being locally stored is sent to the end of user by each selected node server got End equipment, therefore, the node server that number and the selection of the center signing messages that the terminal device of user receives are arrived Number it is identical.
Step S303, the center signing messages is verified by preset second public key, obtains user and verifies letter Breath.
Second public key and second private key belong to same key pair.The terminal device of user receives the center After signing messages, solution label can be carried out to the center signing messages with the second public key, obtain solution label as a result, the solution label result can Think a characteristic value.The terminal device of user can calculate user's according to preset feature value-based algorithm, such as hash algorithm The characteristic value of the user's social security information stored in terminal device, then compare characteristic value that solution checks out whether with calculated feature It is worth identical, if identical, can be determined that user's social security information match for storing in the terminal device of solution label result and user, At this point, user's check information is verification successful information, if it is not the same, then can be determined that the terminal device of solution label result and user User's social security information of middle storage does not match that, at this point, user's check information is verification failure information.
Step S304, determine the social security digital certificate whether in social security number according to user's check information It is correctly stored in certificate block chain.
Specifically, statistics verifies first number and verification failure that successful information occurs in user's check information Second number that information occurs;Calculate the ratio of first number and second number;If first number with it is described The ratio of second number is greater than or equal to preset threshold value, it is determined that the social security digital certificate is in the social security digital certificate It is correctly stored in block chain;If the ratio of first number and second number is less than the threshold value, it is determined that the society It protects digital certificate not store correctly in the social security digital certificate block chain, illustrates the social security digital certificate block chain at this time Middle may have a large amount of abnormal or fraud a node server, the terminal device of user can to preset operating agency, such as The mistake is reported by management of social insurance administrative department.
Wherein, the threshold value can be configured by technical staff according to the requirement to Information Security, if to data Security requirement it is higher, then the threshold value can be arranged somewhat higher, for example, could be provided as 80% or 90%;If logarithm According to security requirement it is relatively low, then the threshold value can be arranged more lower.
In conclusion the embodiment of the present invention carries user's social security to the transmission of preset social security digital certificate central server The certificate request to create of information;Receive the social security digital certificate that the social security digital certificate central server is sent;By default The first private key sign to the social security digital certificate, obtain user's signature information, and the user's signature information is sent out It send to the social security digital certificate central server;Receive the center verification letter that the social security digital certificate central server is sent Breath;If the center check information is verification successful information, it is determined that the social security digital certificate creates successfully.Compared to each end The entire management process of the digital certificate of end equipment by social security digital certificate central server individually come the prior art completed, The embodiment of the present invention passes through the interactive process between social security digital certificate central server and the terminal device of user, especially two Person substantially increases the reliability of social security digital certificate to the signature and checking procedure of the social security digital certificate.On it should be understood that The size for stating the serial number of each step in embodiment is not meant that the order of the execution order, and the execution sequence of each process should be with its work( It can determine that the implementation process of the embodiments of the invention shall not be constituted with any limitation with internal logic.
Corresponding to a kind of social security digital certificate management method described in foregoing embodiments, Fig. 4 shows the embodiment of the present invention A kind of one embodiment structure chart of the social security digital certificate management device provided.
In the present embodiment, a kind of social security digital certificate management device may include:
Certificate request to create sending module 401, for being carried to the transmission of preset social security digital certificate central server The certificate request to create of user's social security information;
Social security digital certificate receiving module 402, the social security sent for receiving the social security digital certificate central server Digital certificate, the social security digital certificate is by the social security digital certificate central server according to user's social security information creating It forms;
First signature blocks 403 are obtained for being signed to the social security digital certificate by preset first private key User's signature information, and the user's signature information is sent to the social security digital certificate central server;
Center verifies information receiving module 404, the center sent for receiving the social security digital certificate central server Check information, the center check information is for the social security digital certificate central server by preset first public key to described User's signature information carries out verifying obtained as a result, first public key and first private key belong to same key pair;
First determining module 405, if being verification successful information for the center check information, it is determined that the social security number Word certificate creates successfully.
Further, the social security digital certificate management device can also include:
Certificate query request sending module, for multiple node servers into preset social security digital certificate block chain Certificate query request is sent, the node server is for storing the social security digital certificate central server by preset the The center signing messages that two private keys sign to the social security digital certificate;
Center signing messages receiving module, the center signing messages sent for receiving the node server;
User's correction verification module verifies the center signing messages for passing through preset second public key, is used Family check information, second public key and second private key belong to same key pair;
Storage state determining module, for determining whether the social security digital certificate has existed according to user's check information It is correctly stored in the social security digital certificate block chain.
Further, the storage state determining module can also include:
Information Statistics unit, for count in user's check information verify successful information appearance first number with And second number that verification failure information occurs;
Ratio calculation unit, the ratio for calculating first number and second number;
First storage state determination unit, if the ratio for first number and second number is greater than or equal to Preset threshold value, it is determined that the social security digital certificate correctly stores in the social security digital certificate block chain;
Second storage state determination unit, if the ratio for first number and second number is less than the threshold Value, it is determined that the social security digital certificate does not store correctly in the social security digital certificate block chain.
Further, the social security digital certificate management device can also include:
Record queries request sending module, for sending block chain history fortune to the social security digital certificate central server Row record queries are asked;
History log receiving module is gone through for receiving the block chain that the social security digital certificate central server is sent History log;
Abnormal conditions statistical module is demonstrate,proved for counting the social security number respectively according to the block chain history log There is the number of abnormal conditions in each node server in book block chain;
Query priority determining module, the Query priority for determining each node server, the inquiry are excellent There is the number positive correlation of abnormal conditions with node server in first grade;
Sending object chooses module, the highest node server conduct of the Query priority for choosing preset number The sending object of the certificate query request.
Further, the social security digital certificate management device can also include:
Second determining module, if being verification failure information for the center check information, it is determined that the social security number Certificate creates failure;
Request sending module is appealed, for sending complaint request to the social security digital certificate central server, so that institute It states social security digital certificate central server and data recovery process is carried out to the social security digital certificate.
It is apparent to those skilled in the art that for convenience and simplicity of description, the device of foregoing description, The specific work process of module and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment The part of load may refer to the associated description of other embodiments.
Fig. 5 shows a kind of schematic block diagram of social security digital certificate management terminal device provided in an embodiment of the present invention, is Convenient for explanation, illustrate only and the relevant part of the embodiment of the present invention.
In the present embodiment, the social security digital certificate management terminal device 5 can be mobile phone, tablet computer, desktop The computing devices such as computer, notebook, palm PC.The social security digital certificate management terminal device 5 may include:Processor 50, Memory 51 and it is stored in the computer-readable instruction 52 that can be run in the memory 51 and on the processor 50, example Such as execute the computer-readable instruction of above-mentioned social security digital certificate management method.The processor 50 executes the computer can The step in above-mentioned each social security digital certificate management method embodiment, such as step shown in Fig. 2 are realized when reading instruction 52 S201 to S208.Alternatively, the processor 50 is realized when executing the computer-readable instruction 52 in above-mentioned each device embodiment The function of each module/unit, for example, module 401 to 405 shown in Fig. 4 function.
Illustratively, the computer-readable instruction 52 can be divided into one or more module/units, one Or multiple module/units are stored in the memory 51, and executed by the processor 50, to complete the present invention.Institute It can be the series of computation machine readable instruction section that can complete specific function, the instruction segment to state one or more module/units For describing implementation procedure of the computer-readable instruction 52 in the social security digital certificate management terminal device 5.
The processor 50 can be central processing unit (Central Processing Unit, CPU), can also be Other general processors, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor Deng.
The memory 51 can be the internal storage unit of the social security digital certificate management terminal device 5, such as society Protect the hard disk or memory of digital certificate management terminal device 5.The memory 51 can also be the social security digital certificate management The plug-in type hard disk being equipped on the External memory equipment of terminal device 5, such as the social security digital certificate management terminal device 5, Intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card) etc..Further, the memory 51 can also both include the inside of the social security digital certificate management terminal device 5 Storage unit also includes External memory equipment.The memory 51 is for storing the computer-readable instruction and the social security Other instruction and datas needed for digital certificate management terminal device 5.The memory 51 can be also used for temporarily storing Data through exporting or will export.
Each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also be each Unit physically exists alone, can also be during two or more units are integrated in one unit.Above-mentioned integrated unit both may be used It realizes, can also be realized in the form of SFU software functional unit in the form of using hardware.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can be stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words Embody, which is stored in a storage medium, including several computer-readable instructions use so that One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the present invention State all or part of step of method.And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read- OnlyMemory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various to deposit Store up the medium of computer-readable instruction.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to aforementioned reality Applying example, invention is explained in detail, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned each Technical solution recorded in embodiment is modified or equivalent replacement of some of the technical features;And these are changed Or it replaces, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution.

Claims (10)

1. a kind of social security digital certificate management method, which is characterized in that including:
The certificate request to create for carrying user's social security information is sent to preset social security digital certificate central server;
The social security digital certificate that the social security digital certificate central server is sent is received, the social security digital certificate is by the society Digital certificate central server is protected to be formed according to user's social security information creating;
It is signed to the social security digital certificate by preset first private key, obtains user's signature information, and by the use Family signing messages is sent to the social security digital certificate central server;
The center check information that the social security digital certificate central server is sent is received, the center check information is the society Protect digital certificate central server by preset first public key to the user's signature information verify it is obtained as a result, First public key and first private key belong to same key pair;
If the center check information is verification successful information, it is determined that the social security digital certificate creates successfully.
2. social security digital certificate management method according to claim 1, which is characterized in that determining the social security number card After book creates successfully, further include:
Multiple node servers into preset social security digital certificate block chain send certificate query request, the node serve Device carries out the social security digital certificate by preset second private key for storing the social security digital certificate central server The center signing messages that signature obtains;
Receive the center signing messages that the node server is sent;
The center signing messages is verified by preset second public key, obtains user's check information, described second is public Key and second private key belong to same key pair;
Determine the social security digital certificate whether in the social security digital certificate block chain according to user's check information Correct storage.
3. social security digital certificate management method according to claim 2, which is characterized in that described to be verified according to the user Information determines whether correctly storage includes the social security digital certificate in the social security digital certificate block chain:
Count first number and verify what failure information occurred for verifying that successful information occurs in user's check information Second number;
Calculate the ratio of first number and second number;
If the ratio of first number and second number is greater than or equal to preset threshold value, it is determined that the social security number Certificate correctly stores in the social security digital certificate block chain;
If the ratio of first number and second number is less than the threshold value, it is determined that the social security digital certificate does not exist It is correctly stored in the social security digital certificate block chain.
4. social security digital certificate management method according to claim 2, which is characterized in that demonstrate,proved to preset social security number Before multiple node servers in book block chain send certificate query request, further include:
Block chain history log inquiry request is sent to the social security digital certificate central server;
Receive the block chain history log that the social security digital certificate central server is sent;
Each node serve in the social security digital certificate block chain is counted respectively according to the block chain history log There is the number of abnormal conditions in device;
Determine that the Query priority of each node server, the Query priority abnormal conditions occur with node server Number positive correlation;
Choose the transmission pair that the highest node server of the Query priority of preset number is asked as the certificate query As.
5. social security digital certificate management method according to any one of claim 1 to 4, which is characterized in that further include:
If the center check information is verification failure information, it is determined that the social security digital certificate creates failure;
Complaint request is sent to the social security digital certificate central server, so that the social security digital certificate central server pair The social security digital certificate carries out data recovery process.
6. a kind of computer readable storage medium, the computer-readable recording medium storage has computer-readable instruction, special Sign is, the social security number as described in any one of claim 1 to 5 is realized when the computer-readable instruction is executed by processor The step of word certificate management method.
7. a kind of social security digital certificate management terminal device, including memory, processor and it is stored in the memory simultaneously The computer-readable instruction that can be run on the processor, which is characterized in that the processor executes described computer-readable Following steps are realized when instruction:
The certificate request to create for carrying user's social security information is sent to preset social security digital certificate central server;
The social security digital certificate that the social security digital certificate central server is sent is received, the social security digital certificate is by the society Digital certificate central server is protected to be formed according to user's social security information creating;
It is signed to the social security digital certificate by preset first private key, obtains user's signature information, and by the use Family signing messages is sent to the social security digital certificate central server;
The center check information that the social security digital certificate central server is sent is received, the center check information is the society Protect digital certificate central server by preset first public key to the user's signature information verify it is obtained as a result, First public key and first private key belong to same key pair;
If the center check information is verification successful information, it is determined that the social security digital certificate creates successfully.
8. social security digital certificate management terminal device according to claim 7, which is characterized in that determining the social security number After word certificate creates successfully, further include:
Multiple node servers into preset social security digital certificate block chain send certificate query request, the node serve Device carries out the social security digital certificate by preset second private key for storing the social security digital certificate central server The center signing messages that signature obtains;
Receive the center signing messages that the node server is sent;
The center signing messages is verified by preset second public key, obtains user's check information, described second is public Key and second private key belong to same key pair;
Determine the social security digital certificate whether in the social security digital certificate block chain according to user's check information Correct storage.
9. social security digital certificate management terminal device according to claim 8, described true according to user's check information Whether correctly storage includes the fixed social security digital certificate in the social security digital certificate block chain:
Count first number and verify what failure information occurred for verifying that successful information occurs in user's check information Second number;
Calculate the ratio of first number and second number;
If the ratio of first number and second number is greater than or equal to preset threshold value, it is determined that the social security number Certificate correctly stores in the social security digital certificate block chain;
If the ratio of first number and second number is less than the threshold value, it is determined that the social security digital certificate does not exist It is correctly stored in the social security digital certificate block chain.
10. social security digital certificate management terminal device according to claim 8, which is characterized in that preset social security Before multiple node servers in digital certificate block chain send certificate query request, further include:
Block chain history log inquiry request is sent to the social security digital certificate central server;
Receive the block chain history log that the social security digital certificate central server is sent;
Each node serve in the social security digital certificate block chain is counted respectively according to the block chain history log There is the number of abnormal conditions in device;
Determine that the Query priority of each node server, the Query priority abnormal conditions occur with node server Number positive correlation;
Choose the transmission pair that the highest node server of the Query priority of preset number is asked as the certificate query As.
CN201810121919.4A 2018-02-07 2018-02-07 Social security digital certificate management method, computer readable storage medium and terminal device Active CN108494557B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810121919.4A CN108494557B (en) 2018-02-07 2018-02-07 Social security digital certificate management method, computer readable storage medium and terminal device
PCT/CN2018/083295 WO2019153507A1 (en) 2018-02-07 2018-04-17 Social security digital certificate management method, readable storage medium, terminal device and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810121919.4A CN108494557B (en) 2018-02-07 2018-02-07 Social security digital certificate management method, computer readable storage medium and terminal device

Publications (2)

Publication Number Publication Date
CN108494557A true CN108494557A (en) 2018-09-04
CN108494557B CN108494557B (en) 2020-03-20

Family

ID=63344641

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810121919.4A Active CN108494557B (en) 2018-02-07 2018-02-07 Social security digital certificate management method, computer readable storage medium and terminal device

Country Status (2)

Country Link
CN (1) CN108494557B (en)
WO (1) WO2019153507A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110222085A (en) * 2019-05-07 2019-09-10 北京奇艺世纪科技有限公司 A kind of processing method, device and storage medium for depositing card data
CN110545190A (en) * 2019-09-06 2019-12-06 腾讯科技(深圳)有限公司 signature processing method, related device and equipment
CN112861106A (en) * 2021-02-26 2021-05-28 卓尔智联(武汉)研究院有限公司 Digital certificate processing method and system, electronic device and storage medium

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112132592A (en) * 2020-09-07 2020-12-25 绿瘦健康产业集团有限公司 Complaint processing method, complaint processing device, complaint processing medium and terminal equipment
CN112734581A (en) * 2021-01-12 2021-04-30 广州市讯奇数码科技有限公司 5G block chain social security data application system
CN113064896B (en) * 2021-03-08 2023-05-23 山东英信计算机技术有限公司 Fastener fool-proofing system, method and medium
CN113114625B (en) * 2021-03-16 2023-07-18 上海源庐加佳信息科技有限公司 User identity verification method, system, medium and terminal based on block chain
CN114401096B (en) * 2022-01-19 2024-02-09 深圳市电子商务安全证书管理有限公司 Block chain data uplink control method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100217975A1 (en) * 2009-02-25 2010-08-26 Garret Grajek Method and system for secure online transactions with message-level validation
CN101944997A (en) * 2010-08-25 2011-01-12 北京市劳动信息中心 IC (Integrated Circuit) card attesting method and system based on double-key and digital certificate system
CN103167491A (en) * 2011-12-15 2013-06-19 上海格尔软件股份有限公司 Authentication method of mobile terminal uniqueness based on software digital certificate
CN106453330A (en) * 2016-10-18 2017-02-22 深圳市金立通信设备有限公司 Identity authentication method and system
US20170324561A1 (en) * 2016-05-04 2017-11-09 Avaya Inc. Secure application attachment
CN107425981A (en) * 2017-06-12 2017-12-01 清华大学 A kind of digital certificate management method and system based on block chain

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100217975A1 (en) * 2009-02-25 2010-08-26 Garret Grajek Method and system for secure online transactions with message-level validation
CN101944997A (en) * 2010-08-25 2011-01-12 北京市劳动信息中心 IC (Integrated Circuit) card attesting method and system based on double-key and digital certificate system
CN103167491A (en) * 2011-12-15 2013-06-19 上海格尔软件股份有限公司 Authentication method of mobile terminal uniqueness based on software digital certificate
US20170324561A1 (en) * 2016-05-04 2017-11-09 Avaya Inc. Secure application attachment
CN106453330A (en) * 2016-10-18 2017-02-22 深圳市金立通信设备有限公司 Identity authentication method and system
CN107425981A (en) * 2017-06-12 2017-12-01 清华大学 A kind of digital certificate management method and system based on block chain

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110222085A (en) * 2019-05-07 2019-09-10 北京奇艺世纪科技有限公司 A kind of processing method, device and storage medium for depositing card data
CN110222085B (en) * 2019-05-07 2021-06-22 北京奇艺世纪科技有限公司 Processing method and device for certificate storage data and storage medium
CN110545190A (en) * 2019-09-06 2019-12-06 腾讯科技(深圳)有限公司 signature processing method, related device and equipment
CN112861106A (en) * 2021-02-26 2021-05-28 卓尔智联(武汉)研究院有限公司 Digital certificate processing method and system, electronic device and storage medium

Also Published As

Publication number Publication date
WO2019153507A1 (en) 2019-08-15
CN108494557B (en) 2020-03-20

Similar Documents

Publication Publication Date Title
CN108494557A (en) Social security digital certificate management method, computer readable storage medium and terminal device
CN109493204B (en) Service accounting method based on block chain and terminal equipment
Abbasi et al. Detecting fake websites: The contribution of statistical learning theory
CN108009445B (en) Semi-centralized trusted data management system
CN105227317B (en) A kind of cloud data integrity detection method and system for supporting authenticator privacy
US11563727B2 (en) Multi-factor authentication for non-internet applications
CN112287379B (en) Service data using method, device, equipment, storage medium and program product
CN111523890A (en) Data processing method and device based on block chain, storage medium and equipment
CN107273514A (en) A kind of inspection method and application its inspect subsystem and data deposit signed certificate administration chain-circuit system
CN105978855A (en) System and method for protecting personal information security in real-name system
CN113822675A (en) Block chain based message processing method, device, equipment and storage medium
CN116910816B (en) Multiparty asset collaborative management method and device for improving privacy protection
CN110224985A (en) The method and relevant apparatus of data processing
US20240031156A1 (en) Using Signed Tokens to Verify Short Message Service (SMS) Message Bodies
CN111833062B (en) Credibility verification system for digital asset data packet
US8117220B2 (en) Artificial record added to a database
CN111131218A (en) Blacklist management method, device, computer system and readable storage medium
CN113360575B (en) Method, device, equipment and storage medium for supervising transaction data in alliance chain
CN110059081A (en) Data output method, device and the computer equipment shown based on data
CN113129017B (en) Information sharing method, device and equipment
CN111444270B (en) Method and system for controlling harmful information based on block chain
CN109687967A (en) Electric endorsement method and equipment
Zhu et al. A proposal for account recovery in decentralized applications
KR102522981B1 (en) Blockchain-based Smishing Prevention method and apparatus thereof
CN112926924B (en) Information processing method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant