CN108494557A - Social security digital certificate management method, computer readable storage medium and terminal device - Google Patents
Social security digital certificate management method, computer readable storage medium and terminal device Download PDFInfo
- Publication number
- CN108494557A CN108494557A CN201810121919.4A CN201810121919A CN108494557A CN 108494557 A CN108494557 A CN 108494557A CN 201810121919 A CN201810121919 A CN 201810121919A CN 108494557 A CN108494557 A CN 108494557A
- Authority
- CN
- China
- Prior art keywords
- social security
- digital certificate
- security digital
- central server
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/08—Insurance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
- G06Q20/102—Bill distribution or payments
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention belongs to a kind of field of computer technology more particularly to social security digital certificate management method, computer readable storage medium and terminal devices.The method sends the certificate request to create for carrying user's social security information to preset social security digital certificate central server;Receive the social security digital certificate that the social security digital certificate central server is sent;It is signed to the social security digital certificate by preset first private key, obtains user's signature information, and the user's signature information is sent to the social security digital certificate central server;Receive the center check information that the social security digital certificate central server is sent;If the center check information is verification successful information, it is determined that the social security digital certificate creates successfully.The reliability of social security digital certificate is substantially increased to the signature and checking procedure of the social security digital certificate by the interactive process between social security digital certificate central server and the terminal device of user, especially the two.
Description
Technical field
The invention belongs to field of computer technology more particularly to a kind of social security digital certificate management methods, computer-readable
Storage medium and terminal device.
Background technology
It is disability that social security, also known as social insurance, which are a kind of, is temporarily lost with labour post or through poor health
The population to cause damages provides income or a kind of social and economic system of compensation.The main project of social security include endowment insurance,
Medical insurance, unemployment insurance, work-related injury insurance, birth insurance etc..
With the development of Internet technology, user can have been handled various using terminal devices such as mobile phone, tablet computers
Social security business for security reasons at present generally can be by the way of digital certificate come to the terminal for handling social security business
Equipment is verified.But the entire management process of the digital certificate of current each terminal device is by social security digital certificate center service
Device is individually completed, and the reliability of data is relatively low.
Invention content
In view of this, an embodiment of the present invention provides a kind of social security digital certificate management method, computer-readable storage mediums
Matter and terminal device, with solve current terminal device digital certificate entire management process by genuinely convinced in social security digital certificate
Business device is individually completed, the relatively low problem of the reliabilities of data.
The first aspect of the embodiment of the present invention provides a kind of social security digital certificate management method, may include:
The certificate request to create for carrying user's social security information is sent to preset social security digital certificate central server;
The social security digital certificate that the social security digital certificate central server is sent is received, the social security digital certificate is by institute
Social security digital certificate central server is stated to be formed according to user's social security information creating;
It is signed to the social security digital certificate by preset first private key, obtains user's signature information, and by institute
It states user's signature information and is sent to the social security digital certificate central server;
The center check information that the social security digital certificate central server is sent is received, the center check information is institute
State social security digital certificate central server the user's signature information verify by preset first public key it is obtained
As a result, first public key and first private key belong to same key pair;
If the center check information is verification successful information, it is determined that the social security digital certificate creates successfully.
The second aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage
Media storage has computer-readable instruction, the computer-readable instruction to realize following steps when being executed by processor:
The certificate request to create for carrying user's social security information is sent to preset social security digital certificate central server;
The social security digital certificate that the social security digital certificate central server is sent is received, the social security digital certificate is by institute
Social security digital certificate central server is stated to be formed according to user's social security information creating;
It is signed to the social security digital certificate by preset first private key, obtains user's signature information, and by institute
It states user's signature information and is sent to the social security digital certificate central server;
The center check information that the social security digital certificate central server is sent is received, the center check information is institute
State social security digital certificate central server the user's signature information verify by preset first public key it is obtained
As a result, first public key and first private key belong to same key pair;
If the center check information is verification successful information, it is determined that the social security digital certificate creates successfully.
The third aspect of the embodiment of the present invention provides a kind of social security digital certificate management terminal device, including memory,
Processor and it is stored in the computer-readable instruction that can be run in the memory and on the processor, the processor
Following steps are realized when executing the computer-readable instruction:
The certificate request to create for carrying user's social security information is sent to preset social security digital certificate central server;
The social security digital certificate that the social security digital certificate central server is sent is received, the social security digital certificate is by institute
Social security digital certificate central server is stated to be formed according to user's social security information creating;
It is signed to the social security digital certificate by preset first private key, obtains user's signature information, and by institute
It states user's signature information and is sent to the social security digital certificate central server;
The center check information that the social security digital certificate central server is sent is received, the center check information is institute
State social security digital certificate central server the user's signature information verify by preset first public key it is obtained
As a result, first public key and first private key belong to same key pair;
If the center check information is verification successful information, it is determined that the social security digital certificate creates successfully.
Existing advantageous effect is the embodiment of the present invention compared with prior art:The embodiment of the present invention is to preset social security number
Word certificate center server sends the certificate request to create for carrying user's social security information;Receive social security digital certificate center
The social security digital certificate that server is sent;It is signed, is used to the social security digital certificate by preset first private key
Family signing messages, and the user's signature information is sent to the social security digital certificate central server;Receive the social security
The center check information that digital certificate central server is sent;If the center check information is verification successful information, it is determined that
The social security digital certificate creates successfully.It is digital by social security compared to the entire management process of the digital certificate of each terminal device
The prior art that certificate center server is individually completed, the embodiment of the present invention pass through social security digital certificate central server and use
Interactive process between the terminal device at family, both especially to the signature and checking procedure of the social security digital certificate, significantly
Improve the reliability of social security digital certificate.
Description of the drawings
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description be only the present invention some
Embodiment for those of ordinary skill in the art without having to pay creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is a kind of schematic diagram of implementation environment of the embodiment of the present invention;
Fig. 2 is a kind of one embodiment flow chart of social security digital certificate management method in the embodiment of the present invention;
Fig. 3 is the exemplary flow verified to the data stored in social security digital certificate block chain in the embodiment of the present invention
Figure;
Fig. 4 is a kind of one embodiment structure chart of social security digital certificate management device in the embodiment of the present invention;
Fig. 5 is a kind of schematic block diagram of social security digital certificate management terminal device in the embodiment of the present invention.
Specific implementation mode
In order to make the invention's purpose, features and advantages of the invention more obvious and easy to understand, below in conjunction with the present invention
Attached drawing in embodiment, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that disclosed below
Embodiment be only a part of the embodiment of the present invention, and not all embodiment.Based on the embodiments of the present invention, this field
All other embodiment that those of ordinary skill is obtained without making creative work, belongs to protection of the present invention
Range.
A kind of implementation environment of the embodiment of the present invention is as shown in Figure 1, include the terminal device of user in the implementation environment
And preset social security digital certificate central server, it is preferable that can also include the social security being made of multiple node servers
Digital certificate block chain.Wherein, the terminal device of user is the executive agent of the present embodiment.
As shown in Fig. 2, a kind of one embodiment of social security digital certificate management method may include in the embodiment of the present invention:
Step S201, the certificate wound for carrying user's social security information is sent to preset social security digital certificate central server
Build request.
The terminal device of user, can be by the use installed in the terminal device of user before being communicated with other equipment
The client that is communicated in implementation environment shown in Fig. 1 generates key pair, the key pair may include the first public key and
First private key.
In addition, the terminal device of user can also generate the signature of oneself in plain text.The terminal device of user can be to described
Social security digital certificate central server sends certificate request to create, to create oneself certificate in block chain.Certificate establishment is asked
User's social security information can be carried in asking, wherein user's social security information includes public information and private information, public information packet
Include certificates identified, the first public key that the terminal device of user generates and signature in plain text etc. can to other users terminal device it is public
The information opened, private information include user certificate type input by user, passport NO., subscriber phone, subscriber mailbox etc. not to
The content item that information disclosed in the terminal device of other users, public information and private information are included can be by the social security number
Word certificate center server is configured.
Step S202, the social security digital certificate that the social security digital certificate central server is sent is received.
The social security digital certificate is by the social security digital certificate central server according to user's social security information creating
It forms.
After the terminal device of user sends certificate request to create to the social security digital certificate central server, the social security
Digital certificate central server can receive the certificate request to create, then can be parsed to the certificate request to create,
The first public key therein is obtained, preset hash algorithm is may then pass through, calculates the cryptographic Hash of first public key, by the Hash
It is worth mark of the terminal device in block chain as the user.The social security digital certificate central server can will be added with
The social security digital certificate of the mark is sent to the terminal device of user, so that user checks.
Step S203, it is signed to the social security digital certificate by preset first private key, obtains user's signature letter
Breath, and the user's signature information is sent to the social security digital certificate central server.
It, can after the terminal device of user receives the social security digital certificate that the social security digital certificate central server is sent
To be shown to the social security digital certificate received, so that user can check the social security digital certificate received,
Judge whether the information in the social security digital certificate that certificate center server is sent is consistent with the user's social security information of oneself, or
Person, in the social security digital certificate that the terminal device of user can also automatically send the social security digital certificate central server
Information and user's social security information of local cache compare, and judge whether the two is consistent.If it is judged that being consistent, then use
The terminal device at family can sign to social security digital certificate by the first private key of generation, obtain user's signature information, so
After the user's signature information can be sent to the social security digital certificate central server.
Step S204, the center check information that the social security digital certificate central server is sent is received.
The center check information is for the social security digital certificate central server by preset first public key to described
User's signature information carries out verifying obtained as a result, first public key and first private key belong to same key pair.
After certificate center server receives the user's signature information of the certificate, user's signature can be believed with the first public key
Breath carries out solution label, obtains solution label as a result, the solution label result can be a characteristic value.The social security digital certificate central server
According to preset feature value-based algorithm, such as hash algorithm, the user social security information of the terminal device transmission of user can be calculated
Whether characteristic value, it is identical as calculated characteristic value then to compare the characteristic value that solution checks out, if identical, can be determined that solution label
As a result with the terminal device of user send user's social security information match, to the terminal device returned content of user be verification at
The center check information of work(information.If it is not the same, then can be determined that the user that the terminal device of solution label result and user are sent
Social security information does not match that it is to verify the center verification letter of failure information that content can be then sent to the terminal device of the user
Breath.
Step S205, judge whether the center check information is verification successful information.
If the center check information is verification failure information, S206 and step S207 are thened follow the steps, if the center
Check information is verification successful information, thens follow the steps S208.
Step S206, determine that the social security digital certificate creates failure.
Step S207, complaint request is sent to the social security digital certificate central server, so that the social security number is demonstrate,proved
Book central server carries out data recovery process to the social security digital certificate.
After the social security digital certificate central server receives complaint request, can to the certificate information of the certificate into
Row data recovery process.There are many kinds of the modes for carrying out data recovery process.For example, the social security digital certificate central server
Can obtain can carry the terminal device of user in the certificate information stored in the terminal device of user, such as complaint request
The certificate information of middle storage, alternatively, can the certificate information of the user be obtained by way of manually inquiring, if got
Certificate information and differing in the social security digital certificate central server, then illustrate genuinely convinced in the social security digital certificate
For the certificate of business device storage there may be problem, the social security digital certificate central server can inquire the daily record of local record,
And then determine the problem of occurring, for example be that the certificate information of certificate is tampered, or mistake occurs for local program in machine code, then
Data recovery is carried out by journal recovery technology, to solve the problems, such as this.
Step S208, determine that the social security digital certificate creates successfully.
The social security digital certificate central server, can also be by preset after creating the social security digital certificate
Second private key is signed to obtain center signing messages to the social security digital certificate.And the center signing messages is sent to
A certain node server in the social security digital certificate block chain, then the node server finger print information is transmitted to institute
Other node servers in addition to the node server in social security digital certificate block chain are stated, so that all sections in block chain
The center signing messages of the certificate is all stored in point server.
Preferably, can also include process as shown in Figure 3 after determining that the social security digital certificate creates successfully:
Step S301, multiple node servers into preset social security digital certificate block chain send certificate query and ask
It asks.
The node server passes through preset second private key pair for storing the social security digital certificate central server
The center signing messages that the social security digital certificate is signed.
In the present embodiment, certificate can be sent to all node servers in the social security digital certificate block chain
Inquiry request, part of nodes server that can also be thereto send certificate query request, it is preferable that the certificate query request
The selection process of sending object may include:Block chain history run note is sent to the social security digital certificate central server
Record inquiry request;Receive the block chain history log that the social security digital certificate central server is sent;According to the area
There are abnormal conditions in each node server that block chain history log is counted respectively in the social security digital certificate block chain
Number;Determine that the Query priority of each node server, the Query priority occur abnormal with node server
The number positive correlation of situation;The highest node server of the Query priority of preset number is chosen as the certificate query
The sending object of request.
By above method, the node server chosen is the number for occurring in history log abnormal conditions
Most node servers, the also as minimum node server of reliability, which reduces higher to a large amount of reliability
Node server devote a tremendous amount of time and verified, the limited time is focused on to the lower node server of reliability
It is verified, to greatly improve verification efficiency.
Step S302, the center signing messages that the node server is sent is received.
The center signing messages being locally stored is sent to the end of user by each selected node server got
End equipment, therefore, the node server that number and the selection of the center signing messages that the terminal device of user receives are arrived
Number it is identical.
Step S303, the center signing messages is verified by preset second public key, obtains user and verifies letter
Breath.
Second public key and second private key belong to same key pair.The terminal device of user receives the center
After signing messages, solution label can be carried out to the center signing messages with the second public key, obtain solution label as a result, the solution label result can
Think a characteristic value.The terminal device of user can calculate user's according to preset feature value-based algorithm, such as hash algorithm
The characteristic value of the user's social security information stored in terminal device, then compare characteristic value that solution checks out whether with calculated feature
It is worth identical, if identical, can be determined that user's social security information match for storing in the terminal device of solution label result and user,
At this point, user's check information is verification successful information, if it is not the same, then can be determined that the terminal device of solution label result and user
User's social security information of middle storage does not match that, at this point, user's check information is verification failure information.
Step S304, determine the social security digital certificate whether in social security number according to user's check information
It is correctly stored in certificate block chain.
Specifically, statistics verifies first number and verification failure that successful information occurs in user's check information
Second number that information occurs;Calculate the ratio of first number and second number;If first number with it is described
The ratio of second number is greater than or equal to preset threshold value, it is determined that the social security digital certificate is in the social security digital certificate
It is correctly stored in block chain;If the ratio of first number and second number is less than the threshold value, it is determined that the society
It protects digital certificate not store correctly in the social security digital certificate block chain, illustrates the social security digital certificate block chain at this time
Middle may have a large amount of abnormal or fraud a node server, the terminal device of user can to preset operating agency, such as
The mistake is reported by management of social insurance administrative department.
Wherein, the threshold value can be configured by technical staff according to the requirement to Information Security, if to data
Security requirement it is higher, then the threshold value can be arranged somewhat higher, for example, could be provided as 80% or 90%;If logarithm
According to security requirement it is relatively low, then the threshold value can be arranged more lower.
In conclusion the embodiment of the present invention carries user's social security to the transmission of preset social security digital certificate central server
The certificate request to create of information;Receive the social security digital certificate that the social security digital certificate central server is sent;By default
The first private key sign to the social security digital certificate, obtain user's signature information, and the user's signature information is sent out
It send to the social security digital certificate central server;Receive the center verification letter that the social security digital certificate central server is sent
Breath;If the center check information is verification successful information, it is determined that the social security digital certificate creates successfully.Compared to each end
The entire management process of the digital certificate of end equipment by social security digital certificate central server individually come the prior art completed,
The embodiment of the present invention passes through the interactive process between social security digital certificate central server and the terminal device of user, especially two
Person substantially increases the reliability of social security digital certificate to the signature and checking procedure of the social security digital certificate.On it should be understood that
The size for stating the serial number of each step in embodiment is not meant that the order of the execution order, and the execution sequence of each process should be with its work(
It can determine that the implementation process of the embodiments of the invention shall not be constituted with any limitation with internal logic.
Corresponding to a kind of social security digital certificate management method described in foregoing embodiments, Fig. 4 shows the embodiment of the present invention
A kind of one embodiment structure chart of the social security digital certificate management device provided.
In the present embodiment, a kind of social security digital certificate management device may include:
Certificate request to create sending module 401, for being carried to the transmission of preset social security digital certificate central server
The certificate request to create of user's social security information;
Social security digital certificate receiving module 402, the social security sent for receiving the social security digital certificate central server
Digital certificate, the social security digital certificate is by the social security digital certificate central server according to user's social security information creating
It forms;
First signature blocks 403 are obtained for being signed to the social security digital certificate by preset first private key
User's signature information, and the user's signature information is sent to the social security digital certificate central server;
Center verifies information receiving module 404, the center sent for receiving the social security digital certificate central server
Check information, the center check information is for the social security digital certificate central server by preset first public key to described
User's signature information carries out verifying obtained as a result, first public key and first private key belong to same key pair;
First determining module 405, if being verification successful information for the center check information, it is determined that the social security number
Word certificate creates successfully.
Further, the social security digital certificate management device can also include:
Certificate query request sending module, for multiple node servers into preset social security digital certificate block chain
Certificate query request is sent, the node server is for storing the social security digital certificate central server by preset the
The center signing messages that two private keys sign to the social security digital certificate;
Center signing messages receiving module, the center signing messages sent for receiving the node server;
User's correction verification module verifies the center signing messages for passing through preset second public key, is used
Family check information, second public key and second private key belong to same key pair;
Storage state determining module, for determining whether the social security digital certificate has existed according to user's check information
It is correctly stored in the social security digital certificate block chain.
Further, the storage state determining module can also include:
Information Statistics unit, for count in user's check information verify successful information appearance first number with
And second number that verification failure information occurs;
Ratio calculation unit, the ratio for calculating first number and second number;
First storage state determination unit, if the ratio for first number and second number is greater than or equal to
Preset threshold value, it is determined that the social security digital certificate correctly stores in the social security digital certificate block chain;
Second storage state determination unit, if the ratio for first number and second number is less than the threshold
Value, it is determined that the social security digital certificate does not store correctly in the social security digital certificate block chain.
Further, the social security digital certificate management device can also include:
Record queries request sending module, for sending block chain history fortune to the social security digital certificate central server
Row record queries are asked;
History log receiving module is gone through for receiving the block chain that the social security digital certificate central server is sent
History log;
Abnormal conditions statistical module is demonstrate,proved for counting the social security number respectively according to the block chain history log
There is the number of abnormal conditions in each node server in book block chain;
Query priority determining module, the Query priority for determining each node server, the inquiry are excellent
There is the number positive correlation of abnormal conditions with node server in first grade;
Sending object chooses module, the highest node server conduct of the Query priority for choosing preset number
The sending object of the certificate query request.
Further, the social security digital certificate management device can also include:
Second determining module, if being verification failure information for the center check information, it is determined that the social security number
Certificate creates failure;
Request sending module is appealed, for sending complaint request to the social security digital certificate central server, so that institute
It states social security digital certificate central server and data recovery process is carried out to the social security digital certificate.
It is apparent to those skilled in the art that for convenience and simplicity of description, the device of foregoing description,
The specific work process of module and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment
The part of load may refer to the associated description of other embodiments.
Fig. 5 shows a kind of schematic block diagram of social security digital certificate management terminal device provided in an embodiment of the present invention, is
Convenient for explanation, illustrate only and the relevant part of the embodiment of the present invention.
In the present embodiment, the social security digital certificate management terminal device 5 can be mobile phone, tablet computer, desktop
The computing devices such as computer, notebook, palm PC.The social security digital certificate management terminal device 5 may include:Processor 50,
Memory 51 and it is stored in the computer-readable instruction 52 that can be run in the memory 51 and on the processor 50, example
Such as execute the computer-readable instruction of above-mentioned social security digital certificate management method.The processor 50 executes the computer can
The step in above-mentioned each social security digital certificate management method embodiment, such as step shown in Fig. 2 are realized when reading instruction 52
S201 to S208.Alternatively, the processor 50 is realized when executing the computer-readable instruction 52 in above-mentioned each device embodiment
The function of each module/unit, for example, module 401 to 405 shown in Fig. 4 function.
Illustratively, the computer-readable instruction 52 can be divided into one or more module/units, one
Or multiple module/units are stored in the memory 51, and executed by the processor 50, to complete the present invention.Institute
It can be the series of computation machine readable instruction section that can complete specific function, the instruction segment to state one or more module/units
For describing implementation procedure of the computer-readable instruction 52 in the social security digital certificate management terminal device 5.
The processor 50 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit
(Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor
Deng.
The memory 51 can be the internal storage unit of the social security digital certificate management terminal device 5, such as society
Protect the hard disk or memory of digital certificate management terminal device 5.The memory 51 can also be the social security digital certificate management
The plug-in type hard disk being equipped on the External memory equipment of terminal device 5, such as the social security digital certificate management terminal device 5,
Intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash
Card) etc..Further, the memory 51 can also both include the inside of the social security digital certificate management terminal device 5
Storage unit also includes External memory equipment.The memory 51 is for storing the computer-readable instruction and the social security
Other instruction and datas needed for digital certificate management terminal device 5.The memory 51 can be also used for temporarily storing
Data through exporting or will export.
Each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also be each
Unit physically exists alone, can also be during two or more units are integrated in one unit.Above-mentioned integrated unit both may be used
It realizes, can also be realized in the form of SFU software functional unit in the form of using hardware.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can be stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
Embody, which is stored in a storage medium, including several computer-readable instructions use so that
One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the present invention
State all or part of step of method.And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-
OnlyMemory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various to deposit
Store up the medium of computer-readable instruction.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to aforementioned reality
Applying example, invention is explained in detail, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned each
Technical solution recorded in embodiment is modified or equivalent replacement of some of the technical features;And these are changed
Or it replaces, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution.
Claims (10)
1. a kind of social security digital certificate management method, which is characterized in that including:
The certificate request to create for carrying user's social security information is sent to preset social security digital certificate central server;
The social security digital certificate that the social security digital certificate central server is sent is received, the social security digital certificate is by the society
Digital certificate central server is protected to be formed according to user's social security information creating;
It is signed to the social security digital certificate by preset first private key, obtains user's signature information, and by the use
Family signing messages is sent to the social security digital certificate central server;
The center check information that the social security digital certificate central server is sent is received, the center check information is the society
Protect digital certificate central server by preset first public key to the user's signature information verify it is obtained as a result,
First public key and first private key belong to same key pair;
If the center check information is verification successful information, it is determined that the social security digital certificate creates successfully.
2. social security digital certificate management method according to claim 1, which is characterized in that determining the social security number card
After book creates successfully, further include:
Multiple node servers into preset social security digital certificate block chain send certificate query request, the node serve
Device carries out the social security digital certificate by preset second private key for storing the social security digital certificate central server
The center signing messages that signature obtains;
Receive the center signing messages that the node server is sent;
The center signing messages is verified by preset second public key, obtains user's check information, described second is public
Key and second private key belong to same key pair;
Determine the social security digital certificate whether in the social security digital certificate block chain according to user's check information
Correct storage.
3. social security digital certificate management method according to claim 2, which is characterized in that described to be verified according to the user
Information determines whether correctly storage includes the social security digital certificate in the social security digital certificate block chain:
Count first number and verify what failure information occurred for verifying that successful information occurs in user's check information
Second number;
Calculate the ratio of first number and second number;
If the ratio of first number and second number is greater than or equal to preset threshold value, it is determined that the social security number
Certificate correctly stores in the social security digital certificate block chain;
If the ratio of first number and second number is less than the threshold value, it is determined that the social security digital certificate does not exist
It is correctly stored in the social security digital certificate block chain.
4. social security digital certificate management method according to claim 2, which is characterized in that demonstrate,proved to preset social security number
Before multiple node servers in book block chain send certificate query request, further include:
Block chain history log inquiry request is sent to the social security digital certificate central server;
Receive the block chain history log that the social security digital certificate central server is sent;
Each node serve in the social security digital certificate block chain is counted respectively according to the block chain history log
There is the number of abnormal conditions in device;
Determine that the Query priority of each node server, the Query priority abnormal conditions occur with node server
Number positive correlation;
Choose the transmission pair that the highest node server of the Query priority of preset number is asked as the certificate query
As.
5. social security digital certificate management method according to any one of claim 1 to 4, which is characterized in that further include:
If the center check information is verification failure information, it is determined that the social security digital certificate creates failure;
Complaint request is sent to the social security digital certificate central server, so that the social security digital certificate central server pair
The social security digital certificate carries out data recovery process.
6. a kind of computer readable storage medium, the computer-readable recording medium storage has computer-readable instruction, special
Sign is, the social security number as described in any one of claim 1 to 5 is realized when the computer-readable instruction is executed by processor
The step of word certificate management method.
7. a kind of social security digital certificate management terminal device, including memory, processor and it is stored in the memory simultaneously
The computer-readable instruction that can be run on the processor, which is characterized in that the processor executes described computer-readable
Following steps are realized when instruction:
The certificate request to create for carrying user's social security information is sent to preset social security digital certificate central server;
The social security digital certificate that the social security digital certificate central server is sent is received, the social security digital certificate is by the society
Digital certificate central server is protected to be formed according to user's social security information creating;
It is signed to the social security digital certificate by preset first private key, obtains user's signature information, and by the use
Family signing messages is sent to the social security digital certificate central server;
The center check information that the social security digital certificate central server is sent is received, the center check information is the society
Protect digital certificate central server by preset first public key to the user's signature information verify it is obtained as a result,
First public key and first private key belong to same key pair;
If the center check information is verification successful information, it is determined that the social security digital certificate creates successfully.
8. social security digital certificate management terminal device according to claim 7, which is characterized in that determining the social security number
After word certificate creates successfully, further include:
Multiple node servers into preset social security digital certificate block chain send certificate query request, the node serve
Device carries out the social security digital certificate by preset second private key for storing the social security digital certificate central server
The center signing messages that signature obtains;
Receive the center signing messages that the node server is sent;
The center signing messages is verified by preset second public key, obtains user's check information, described second is public
Key and second private key belong to same key pair;
Determine the social security digital certificate whether in the social security digital certificate block chain according to user's check information
Correct storage.
9. social security digital certificate management terminal device according to claim 8, described true according to user's check information
Whether correctly storage includes the fixed social security digital certificate in the social security digital certificate block chain:
Count first number and verify what failure information occurred for verifying that successful information occurs in user's check information
Second number;
Calculate the ratio of first number and second number;
If the ratio of first number and second number is greater than or equal to preset threshold value, it is determined that the social security number
Certificate correctly stores in the social security digital certificate block chain;
If the ratio of first number and second number is less than the threshold value, it is determined that the social security digital certificate does not exist
It is correctly stored in the social security digital certificate block chain.
10. social security digital certificate management terminal device according to claim 8, which is characterized in that preset social security
Before multiple node servers in digital certificate block chain send certificate query request, further include:
Block chain history log inquiry request is sent to the social security digital certificate central server;
Receive the block chain history log that the social security digital certificate central server is sent;
Each node serve in the social security digital certificate block chain is counted respectively according to the block chain history log
There is the number of abnormal conditions in device;
Determine that the Query priority of each node server, the Query priority abnormal conditions occur with node server
Number positive correlation;
Choose the transmission pair that the highest node server of the Query priority of preset number is asked as the certificate query
As.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810121919.4A CN108494557B (en) | 2018-02-07 | 2018-02-07 | Social security digital certificate management method, computer readable storage medium and terminal device |
PCT/CN2018/083295 WO2019153507A1 (en) | 2018-02-07 | 2018-04-17 | Social security digital certificate management method, readable storage medium, terminal device and apparatus |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810121919.4A CN108494557B (en) | 2018-02-07 | 2018-02-07 | Social security digital certificate management method, computer readable storage medium and terminal device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108494557A true CN108494557A (en) | 2018-09-04 |
CN108494557B CN108494557B (en) | 2020-03-20 |
Family
ID=63344641
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810121919.4A Active CN108494557B (en) | 2018-02-07 | 2018-02-07 | Social security digital certificate management method, computer readable storage medium and terminal device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108494557B (en) |
WO (1) | WO2019153507A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110222085A (en) * | 2019-05-07 | 2019-09-10 | 北京奇艺世纪科技有限公司 | A kind of processing method, device and storage medium for depositing card data |
CN110545190A (en) * | 2019-09-06 | 2019-12-06 | 腾讯科技(深圳)有限公司 | signature processing method, related device and equipment |
CN112861106A (en) * | 2021-02-26 | 2021-05-28 | 卓尔智联(武汉)研究院有限公司 | Digital certificate processing method and system, electronic device and storage medium |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112132592A (en) * | 2020-09-07 | 2020-12-25 | 绿瘦健康产业集团有限公司 | Complaint processing method, complaint processing device, complaint processing medium and terminal equipment |
CN112734581A (en) * | 2021-01-12 | 2021-04-30 | 广州市讯奇数码科技有限公司 | 5G block chain social security data application system |
CN113064896B (en) * | 2021-03-08 | 2023-05-23 | 山东英信计算机技术有限公司 | Fastener fool-proofing system, method and medium |
CN113114625B (en) * | 2021-03-16 | 2023-07-18 | 上海源庐加佳信息科技有限公司 | User identity verification method, system, medium and terminal based on block chain |
CN114401096B (en) * | 2022-01-19 | 2024-02-09 | 深圳市电子商务安全证书管理有限公司 | Block chain data uplink control method, device, equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100217975A1 (en) * | 2009-02-25 | 2010-08-26 | Garret Grajek | Method and system for secure online transactions with message-level validation |
CN101944997A (en) * | 2010-08-25 | 2011-01-12 | 北京市劳动信息中心 | IC (Integrated Circuit) card attesting method and system based on double-key and digital certificate system |
CN103167491A (en) * | 2011-12-15 | 2013-06-19 | 上海格尔软件股份有限公司 | Authentication method of mobile terminal uniqueness based on software digital certificate |
CN106453330A (en) * | 2016-10-18 | 2017-02-22 | 深圳市金立通信设备有限公司 | Identity authentication method and system |
US20170324561A1 (en) * | 2016-05-04 | 2017-11-09 | Avaya Inc. | Secure application attachment |
CN107425981A (en) * | 2017-06-12 | 2017-12-01 | 清华大学 | A kind of digital certificate management method and system based on block chain |
-
2018
- 2018-02-07 CN CN201810121919.4A patent/CN108494557B/en active Active
- 2018-04-17 WO PCT/CN2018/083295 patent/WO2019153507A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100217975A1 (en) * | 2009-02-25 | 2010-08-26 | Garret Grajek | Method and system for secure online transactions with message-level validation |
CN101944997A (en) * | 2010-08-25 | 2011-01-12 | 北京市劳动信息中心 | IC (Integrated Circuit) card attesting method and system based on double-key and digital certificate system |
CN103167491A (en) * | 2011-12-15 | 2013-06-19 | 上海格尔软件股份有限公司 | Authentication method of mobile terminal uniqueness based on software digital certificate |
US20170324561A1 (en) * | 2016-05-04 | 2017-11-09 | Avaya Inc. | Secure application attachment |
CN106453330A (en) * | 2016-10-18 | 2017-02-22 | 深圳市金立通信设备有限公司 | Identity authentication method and system |
CN107425981A (en) * | 2017-06-12 | 2017-12-01 | 清华大学 | A kind of digital certificate management method and system based on block chain |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110222085A (en) * | 2019-05-07 | 2019-09-10 | 北京奇艺世纪科技有限公司 | A kind of processing method, device and storage medium for depositing card data |
CN110222085B (en) * | 2019-05-07 | 2021-06-22 | 北京奇艺世纪科技有限公司 | Processing method and device for certificate storage data and storage medium |
CN110545190A (en) * | 2019-09-06 | 2019-12-06 | 腾讯科技(深圳)有限公司 | signature processing method, related device and equipment |
CN112861106A (en) * | 2021-02-26 | 2021-05-28 | 卓尔智联(武汉)研究院有限公司 | Digital certificate processing method and system, electronic device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
WO2019153507A1 (en) | 2019-08-15 |
CN108494557B (en) | 2020-03-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108494557A (en) | Social security digital certificate management method, computer readable storage medium and terminal device | |
CN109493204B (en) | Service accounting method based on block chain and terminal equipment | |
Abbasi et al. | Detecting fake websites: The contribution of statistical learning theory | |
CN108009445B (en) | Semi-centralized trusted data management system | |
CN105227317B (en) | A kind of cloud data integrity detection method and system for supporting authenticator privacy | |
US11563727B2 (en) | Multi-factor authentication for non-internet applications | |
CN112287379B (en) | Service data using method, device, equipment, storage medium and program product | |
CN111523890A (en) | Data processing method and device based on block chain, storage medium and equipment | |
CN107273514A (en) | A kind of inspection method and application its inspect subsystem and data deposit signed certificate administration chain-circuit system | |
CN105978855A (en) | System and method for protecting personal information security in real-name system | |
CN113822675A (en) | Block chain based message processing method, device, equipment and storage medium | |
CN116910816B (en) | Multiparty asset collaborative management method and device for improving privacy protection | |
CN110224985A (en) | The method and relevant apparatus of data processing | |
US20240031156A1 (en) | Using Signed Tokens to Verify Short Message Service (SMS) Message Bodies | |
CN111833062B (en) | Credibility verification system for digital asset data packet | |
US8117220B2 (en) | Artificial record added to a database | |
CN111131218A (en) | Blacklist management method, device, computer system and readable storage medium | |
CN113360575B (en) | Method, device, equipment and storage medium for supervising transaction data in alliance chain | |
CN110059081A (en) | Data output method, device and the computer equipment shown based on data | |
CN113129017B (en) | Information sharing method, device and equipment | |
CN111444270B (en) | Method and system for controlling harmful information based on block chain | |
CN109687967A (en) | Electric endorsement method and equipment | |
Zhu et al. | A proposal for account recovery in decentralized applications | |
KR102522981B1 (en) | Blockchain-based Smishing Prevention method and apparatus thereof | |
CN112926924B (en) | Information processing method, device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |