CN108494557B - Social security digital certificate management method, computer readable storage medium and terminal device - Google Patents

Social security digital certificate management method, computer readable storage medium and terminal device Download PDF

Info

Publication number
CN108494557B
CN108494557B CN201810121919.4A CN201810121919A CN108494557B CN 108494557 B CN108494557 B CN 108494557B CN 201810121919 A CN201810121919 A CN 201810121919A CN 108494557 B CN108494557 B CN 108494557B
Authority
CN
China
Prior art keywords
social security
digital certificate
security digital
information
center server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810121919.4A
Other languages
Chinese (zh)
Other versions
CN108494557A (en
Inventor
李毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201810121919.4A priority Critical patent/CN108494557B/en
Priority to PCT/CN2018/083295 priority patent/WO2019153507A1/en
Publication of CN108494557A publication Critical patent/CN108494557A/en
Application granted granted Critical
Publication of CN108494557B publication Critical patent/CN108494557B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/102Bill distribution or payments
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/08Insurance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention belongs to the technical field of computers, and particularly relates to a social security digital certificate management method, a computer readable storage medium and terminal equipment. The method comprises the steps that a certificate creation request carrying user social security information is sent to a preset social security digital certificate center server; receiving a social security digital certificate sent by the social security digital certificate center server; signing the social security digital certificate through a preset first private key to obtain user signature information, and sending the user signature information to the social security digital certificate center server; receiving center verification information sent by the social security digital certificate center server; and if the central verification information is verification success information, determining that the social security digital certificate is successfully established. Through the interaction process between the social security digital certificate center server and the terminal equipment of the user, especially the signature and verification process of the social security digital certificate center server and the terminal equipment of the user, the reliability of the social security digital certificate is greatly improved.

Description

Social security digital certificate management method, computer readable storage medium and terminal device
Technical Field
The invention belongs to the technical field of computers, and particularly relates to a social security digital certificate management method, a computer readable storage medium and terminal equipment.
Background
Social security, also known as social insurance, is a social and economic system that provides income or compensates for people who lose labor capacity, temporarily lose work or lose health. Main items of social security include endowment insurance, medical insurance, unemployment insurance, industrial injury insurance, fertility insurance, and the like.
With the development of internet technology, users can use terminal devices such as mobile phones and tablet computers to handle various social security services, and for security, the terminal devices handling the social security services are generally authenticated by using digital certificates. However, at present, the whole management process of the digital certificate of each terminal device is completed by the social security digital certificate center server, and the reliability of the data is low.
Disclosure of Invention
In view of this, embodiments of the present invention provide a social security digital certificate management method, a computer-readable storage medium, and a terminal device, so as to solve the problem that the entire management process of a digital certificate of a terminal device is separately completed by a social security digital certificate center server, and the reliability of data is low.
A first aspect of an embodiment of the present invention provides a social security digital certificate management method, which may include:
sending a certificate creation request carrying user social security information to a preset social security digital certificate center server;
receiving a social security digital certificate sent by the social security digital certificate center server, wherein the social security digital certificate is created by the social security digital certificate center server according to the user social security information;
signing the social security digital certificate through a preset first private key to obtain user signature information, and sending the user signature information to the social security digital certificate center server;
receiving center verification information sent by the social security digital certificate center server, wherein the center verification information is a result obtained by verifying the user signature information through a preset first public key by the social security digital certificate center server, and the first public key and the first private key belong to the same key pair;
and if the central verification information is verification success information, determining that the social security digital certificate is successfully established.
A second aspect of embodiments of the present invention provides a computer-readable storage medium storing computer-readable instructions, which when executed by a processor implement the steps of:
sending a certificate creation request carrying user social security information to a preset social security digital certificate center server;
receiving a social security digital certificate sent by the social security digital certificate center server, wherein the social security digital certificate is created by the social security digital certificate center server according to the user social security information;
signing the social security digital certificate through a preset first private key to obtain user signature information, and sending the user signature information to the social security digital certificate center server;
receiving center verification information sent by the social security digital certificate center server, wherein the center verification information is a result obtained by verifying the user signature information through a preset first public key by the social security digital certificate center server, and the first public key and the first private key belong to the same key pair;
and if the central verification information is verification success information, determining that the social security digital certificate is successfully established.
A third aspect of the embodiments of the present invention provides a social security digital certificate management terminal device, including a memory, a processor, and computer-readable instructions stored in the memory and executable on the processor, where the processor implements the following steps when executing the computer-readable instructions:
sending a certificate creation request carrying user social security information to a preset social security digital certificate center server;
receiving a social security digital certificate sent by the social security digital certificate center server, wherein the social security digital certificate is created by the social security digital certificate center server according to the user social security information;
signing the social security digital certificate through a preset first private key to obtain user signature information, and sending the user signature information to the social security digital certificate center server;
receiving center verification information sent by the social security digital certificate center server, wherein the center verification information is a result obtained by verifying the user signature information through a preset first public key by the social security digital certificate center server, and the first public key and the first private key belong to the same key pair;
and if the central verification information is verification success information, determining that the social security digital certificate is successfully established.
Compared with the prior art, the embodiment of the invention has the following beneficial effects: the embodiment of the invention sends a certificate establishment request carrying user social security information to a preset social security digital certificate center server; receiving a social security digital certificate sent by the social security digital certificate center server; signing the social security digital certificate through a preset first private key to obtain user signature information, and sending the user signature information to the social security digital certificate center server; receiving center verification information sent by the social security digital certificate center server; and if the central verification information is verification success information, determining that the social security digital certificate is successfully established. Compared with the prior art that the whole management process of the digital certificate of each terminal device is completed by the social security digital certificate center server independently, the embodiment of the invention greatly improves the reliability of the social security digital certificate through the interaction process between the social security digital certificate center server and the terminal device of the user, especially the signature and verification process of the social security digital certificate by the social security digital certificate center server and the terminal device of the user.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a schematic illustration of an environment in which embodiments of the invention may be practiced;
FIG. 2 is a flowchart illustrating an embodiment of a social security digital certificate management method according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart illustrating verification of data stored in a social security digital certificate block chain according to an embodiment of the present invention;
FIG. 4 is a block diagram of an embodiment of a social security digital certificate management apparatus according to an embodiment of the present invention;
fig. 5 is a schematic block diagram of a social security digital certificate management terminal device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the embodiments described below are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An implementation environment of the embodiment of the present invention is shown in fig. 1, and includes a terminal device of a user and a preset social security digital certificate center server, and preferably, may further include a social security digital certificate block chain formed by a plurality of node servers. The terminal device of the user is the execution subject of this embodiment.
As shown in fig. 2, an embodiment of a social security digital certificate management method according to an embodiment of the present invention may include:
step S201, sending a certificate creation request carrying user social security information to a preset social security digital certificate center server.
The terminal device of the user may generate a key pair, which may include a first public key and a first private key, by a client installed in the terminal device of the user for communicating in the implementation environment shown in fig. 1 before communicating with other devices.
In addition, the terminal equipment of the user can also generate own signature plaintext. The terminal device of the user may send a certificate creation request to the social security digital certificate authority server to create its own certificate in the blockchain. The certificate creation request may carry user social security information, where the user social security information includes public information and private information, the public information includes a certificate identifier, a first public key generated by a terminal device of a user, a signature plaintext, and other information that may be disclosed to terminal devices of other users, the private information includes information that is not disclosed to terminal devices of other users, such as a user certificate type, a certificate number, a user phone, a user mailbox, and the like, input by the user, and content items included in the public information and the private information may be configured by the social security digital certificate center server.
Step S202, receiving the social security digital certificate sent by the social security digital certificate center server.
The social security digital certificate is created by the social security digital certificate center server according to the user social security information.
After the terminal device of the user sends a certificate creation request to the social security digital certificate center server, the social security digital certificate center server may receive the certificate creation request, may then parse the certificate creation request to obtain a first public key therein, may then calculate a hash value of the first public key through a preset hash algorithm, and uses the hash value as an identifier of the terminal device of the user in a block chain. The social security digital certificate center server may send the social security digital certificate added with the identifier to the terminal device of the user, so that the user can check the social security digital certificate.
Step S203, signing the social security digital certificate through a preset first private key to obtain user signature information, and sending the user signature information to the social security digital certificate center server.
After receiving the social security digital certificate sent by the social security digital certificate center server, the terminal device of the user may display the received social security digital certificate, so that the user may check the received social security digital certificate, and determine whether the information in the social security digital certificate sent by the certificate center server is consistent with the social security information of the user, or the terminal device of the user may automatically compare the information in the social security digital certificate sent by the social security digital certificate center server with the user social security information cached locally, and determine whether the information and the social security digital certificate are consistent. If the judgment result is consistent, the terminal device of the user can sign the social security digital certificate through the generated first private key to obtain user signature information, and then the user signature information can be sent to the social security digital certificate center server.
And step S204, receiving center verification information sent by the social security digital certificate center server.
The central verification information is a result obtained by verifying the user signature information through a preset first public key by the social security digital certificate central server, and the first public key and the first private key belong to the same key pair.
After receiving the user signature information of the certificate, the certificate center server may perform a signature removal on the user signature information by using the first public key to obtain a signature removal result, where the signature removal result may be a feature value. The social security digital certificate center server may calculate a feature value of the user social security information sent by the terminal device of the user according to a preset feature value algorithm, such as a hash algorithm, and then compare whether the feature value that is checked out is the same as the calculated feature value, if so, it may be determined that the result of the check out matches the user social security information sent by the terminal device of the user, and center verification information whose content is successful verification information is returned to the terminal device of the user. If the result of the disparking is not the same as the social security information of the user sent by the terminal equipment of the user, the central verification information with the content of verification failure information can be sent to the terminal equipment of the user.
Step S205, determining whether the central verification information is verification success information.
If the central verification information is verification failure information, step S206 and step S207 are executed, and if the central verification information is verification success information, step S208 is executed.
And step S206, determining that the social security digital certificate is failed to be created.
Step S207, sending a complaint request to the social security digital certificate center server, so that the social security digital certificate center server performs data recovery processing on the social security digital certificate.
After receiving the complaint request, the social security digital certificate center server may perform data recovery processing on the certificate information of the certificate. There are many ways to perform data recovery processing. For example, the social security digital certificate center server may obtain certificate information stored in the terminal device of the user, for example, the complaint request may carry the certificate information stored in the terminal device of the user, or may obtain the certificate information of the user by way of manual inquiry, if the obtained certificate information is different from that in the social security digital certificate center server, it is indicated that the certificate stored in the social security digital certificate center server may have a problem, the social security digital certificate center server may query a locally recorded log, and then determine a problem, for example, the certificate information of the certificate is tampered, or a local code program has an error, and then perform data recovery by a log recovery technique, thereby solving the problem.
And step S208, determining that the social security digital certificate is successfully created.
After the social security digital certificate center server creates the social security digital certificate, the social security digital certificate center server can also sign the social security digital certificate through a preset second private key to obtain center signature information. And the center signature information is sent to a certain node server in the social security digital certificate block chain, and then the node server forwards the fingerprint information to other node servers except the node server in the social security digital certificate block chain, so that the center signature information of the certificate is stored in all the node servers in the block chain.
Preferably, after determining that the social security digital certificate is successfully created, a process shown in fig. 3 may be further included:
step S301, sending a certificate inquiry request to a plurality of node servers in a preset social security digital certificate block chain.
The node server is used for storing center signature information obtained by the social security digital certificate center server through signing the social security digital certificate through a preset second private key.
In this embodiment, the certificate query request may be sent to all node servers in the social security digital certificate block chain, or may also be sent to some of the node servers, and preferably, the selection process of the sending object of the certificate query request may include: sending a block chain historical operation record query request to the social security digital certificate center server; receiving a block chain historical operation record sent by the social security digital certificate center server; respectively counting the times of abnormal conditions of each node server in the social security digital certificate blockchain according to the historical operating records of the blockchain; determining the query priority of each node server, wherein the query priority is positively correlated with the frequency of abnormal conditions of the node servers; and selecting a preset number of node servers with the highest query priority as sending objects of the certificate query request.
By the method, the selected node servers are all the node servers with the most abnormal times in the historical operating records, namely the node servers with the lowest reliability, so that the time spent on verifying a large number of node servers with higher reliability is reduced, the limited time is concentrated on verifying the node servers with lower reliability, and the verification efficiency is greatly improved.
Step S302, receiving the center signature information sent by the node server.
And each selected node server sends the locally stored central signature information to the terminal equipment of the user, so that the number of the central signature information received by the terminal equipment of the user is the same as that of the selected node servers.
Step S303, verifying the central signature information through a preset second public key to obtain user verification information.
The second public key and the second private key belong to the same key pair. After receiving the central signature information, the terminal device of the user may perform a signature removal on the central signature information by using the second public key to obtain a signature removal result, where the signature removal result may be a feature value. The terminal device of the user may calculate a feature value of the user social security information stored in the terminal device of the user according to a preset feature value algorithm, such as a hash algorithm, and then compare whether the feature value that is checked out is the same as the calculated feature value, if so, it may be determined that the result of the check out matches the user social security information stored in the terminal device of the user, at this time, the user verification information is verification success information, and if not, it may be determined that the result of the check out does not match the user social security information stored in the terminal device of the user, at this time, the user verification information is verification failure information.
Step S304, determining whether the social security digital certificate is correctly stored in the social security digital certificate block chain according to the user verification information.
Specifically, counting a first number of occurrences of verification success information and a second number of occurrences of verification failure information in the user verification information; calculating the ratio of the first times to the second times; if the ratio of the first number of times to the second number of times is greater than or equal to a preset threshold value, determining that the social security digital certificate is correctly stored in the social security digital certificate block chain; if the ratio of the first number to the second number is smaller than the threshold, it is determined that the social security digital certificate is not correctly stored in the social security digital certificate block chain, which indicates that there may be a large number of abnormal or fraudulent node servers in the social security digital certificate block chain, and the terminal device of the user may report the error to a preset operation institution, for example, a social security management administration.
The threshold value can be set by a technician according to the requirement on data security, and if the requirement on data security is higher, the threshold value can be set to be higher, for example, the threshold value can be set to be 80% or 90%; the threshold may be set lower if the security requirements on the data are lower.
In summary, the embodiment of the present invention sends a certificate creation request carrying social security information of a user to a preset social security digital certificate center server; receiving a social security digital certificate sent by the social security digital certificate center server; signing the social security digital certificate through a preset first private key to obtain user signature information, and sending the user signature information to the social security digital certificate center server; receiving center verification information sent by the social security digital certificate center server; and if the central verification information is verification success information, determining that the social security digital certificate is successfully established. Compared with the prior art that the whole management process of the digital certificate of each terminal device is completed by the social security digital certificate center server independently, the embodiment of the invention greatly improves the reliability of the social security digital certificate through the interaction process between the social security digital certificate center server and the terminal device of the user, especially the signature and verification process of the social security digital certificate by the social security digital certificate center server and the terminal device of the user. It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Fig. 4 is a block diagram illustrating an embodiment of a social security digital certificate management apparatus according to an embodiment of the present invention, which corresponds to the social security digital certificate management method described in the foregoing embodiment.
In this embodiment, a social security digital certificate management apparatus may include:
a certificate creation request sending module 401, configured to send a certificate creation request carrying user social security information to a preset social security digital certificate center server;
a social security digital certificate receiving module 402, configured to receive a social security digital certificate sent by the social security digital certificate center server, where the social security digital certificate is created by the social security digital certificate center server according to the user social security information;
a first signature module 403, configured to sign the social security digital certificate through a preset first private key to obtain user signature information, and send the user signature information to the social security digital certificate center server;
a center verification information receiving module 404, configured to receive center verification information sent by the social security digital certificate center server, where the center verification information is a result obtained by the social security digital certificate center server verifying the user signature information through a preset first public key, and the first public key and the first private key belong to the same key pair;
a first determining module 405, configured to determine that the social security digital certificate is successfully created if the center verification information is verification success information.
Further, the social security digital certificate management apparatus may further include:
the system comprises a certificate query request sending module, a certificate query request sending module and a social security digital certificate center server, wherein the certificate query request sending module is used for sending a certificate query request to a plurality of node servers in a preset social security digital certificate block chain, and the node servers are used for storing center signature information obtained by the social security digital certificate center server signing the social security digital certificate through a preset second private key;
the central signature information receiving module is used for receiving the central signature information sent by the node server;
the user verification module is used for verifying the central signature information through a preset second public key to obtain user verification information, and the second public key and the second private key belong to the same key pair;
and the storage state determining module is used for determining whether the social security digital certificate is correctly stored in the social security digital certificate block chain according to the user verification information.
Further, the storage status determination module may further include:
the information counting unit is used for counting the first number of times of the verification success information and the second number of times of the verification failure information in the user verification information;
a ratio calculation unit for calculating a ratio of the first frequency to the second frequency;
a first storage status determining unit, configured to determine that the social security digital certificate is correctly stored in the social security digital certificate block chain if a ratio of the first number of times to the second number of times is greater than or equal to a preset threshold;
a second storage status determining unit, configured to determine that the social security digital certificate is not correctly stored in the social security digital certificate block chain if a ratio of the first number of times to the second number of times is smaller than the threshold.
Further, the social security digital certificate management apparatus may further include:
the record query request sending module is used for sending a block chain historical operation record query request to the social security digital certificate center server;
the historical operation record receiving module is used for receiving the block chain historical operation record sent by the social security digital certificate center server;
the abnormal condition counting module is used for respectively counting the times of abnormal conditions of each node server in the social security digital certificate block chain according to the historical operation records of the block chain;
the query priority determining module is used for determining the query priority of each node server, and the query priority is positively correlated with the frequency of abnormal conditions of the node servers;
and the sending object selection module is used for selecting a preset number of node servers with the highest inquiry priority as sending objects of the certificate inquiry requests.
Further, the social security digital certificate management apparatus may further include:
the second determining module is used for determining that the social security digital certificate is failed to establish if the central verification information is verification failure information;
and the complaint request sending module is used for sending a complaint request to the social security digital certificate center server so that the social security digital certificate center server performs data recovery processing on the social security digital certificate.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses, modules and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Fig. 5 is a schematic block diagram of a social security digital certificate management terminal device according to an embodiment of the present invention, and for convenience of description, only the portions related to the embodiment of the present invention are shown.
In this embodiment, the social security digital certificate management terminal device 5 may be a computing device such as a mobile phone, a tablet computer, a desktop computer, a notebook computer, and a palm computer. The social security digital certificate management terminal device 5 may include: a processor 50, a memory 51, and computer readable instructions 52 stored in the memory 51 and executable on the processor 50, such as computer readable instructions to perform the social security digital certificate management method described above. The processor 50, when executing the computer readable instructions 52, implements the steps in the above-mentioned embodiments of the social security digital certificate management method, such as the steps S201 to S208 shown in fig. 2. Alternatively, the processor 50, when executing the computer readable instructions 52, implements the functions of the modules/units in the above-mentioned device embodiments, such as the functions of the modules 401 to 405 shown in fig. 4.
Illustratively, the computer readable instructions 52 may be partitioned into one or more modules/units that are stored in the memory 51 and executed by the processor 50 to implement the present invention. The one or more modules/units may be a series of computer-readable instruction segments capable of performing specific functions, which are used for describing the execution process of the computer-readable instructions 52 in the social security digital certificate management terminal device 5.
The Processor 50 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 51 may be an internal storage unit of the social security digital certificate management terminal device 5, such as a hard disk or a memory of the social security digital certificate management terminal device 5. The memory 51 may also be an external storage device of the social security Digital certificate management terminal device 5, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a flash Card (FlashCard), and the like, which are equipped on the social security Digital certificate management terminal device 5. Further, the memory 51 may also include both an internal storage unit and an external storage device of the social security digital certificate management terminal device 5. The memory 51 is used for storing the computer readable instructions and other instructions and data required by the social security digital certificate management terminal device 5. The memory 51 may also be used to temporarily store data that has been output or is to be output.
Each functional unit in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes a plurality of computer readable instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and the like, which can store computer readable instructions.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (8)

1. A social security digital certificate management method is characterized in that an implementation environment of the method comprises a user terminal device, a preset social security digital certificate center server and a social security digital certificate block chain consisting of a plurality of node servers, wherein the user terminal device is an executive subject of the method, and the method comprises the following steps:
sending a certificate creation request carrying user social security information to a preset social security digital certificate center server;
receiving a social security digital certificate sent by the social security digital certificate center server, wherein the social security digital certificate is created by the social security digital certificate center server according to the user social security information;
signing the social security digital certificate through a preset first private key to obtain user signature information, and sending the user signature information to the social security digital certificate center server;
receiving center verification information sent by the social security digital certificate center server, wherein the center verification information is a result obtained by verifying the user signature information through a preset first public key by the social security digital certificate center server, and the first public key and the first private key belong to the same key pair;
if the central verification information is verification success information, determining that the social security digital certificate is successfully established;
after the social security digital certificate is successfully established, sending a certificate query request to a plurality of node servers in a preset social security digital certificate block chain, wherein the node servers are used for storing center signature information obtained by the social security digital certificate center server through signing the social security digital certificate by a preset second private key, and the center signature information is sent to one node server in the social security digital certificate block chain by the social security digital certificate center server and is forwarded to other node servers in the social security digital certificate block chain, so that the center signature information is stored in all the node servers in the social security digital certificate block chain;
receiving the central signature information sent by the node server;
verifying the central signature information through a preset second public key to obtain user verification information, wherein the second public key and the second private key belong to the same key pair;
and determining whether the social security digital certificate is correctly stored in the social security digital certificate block chain according to the user verification information.
2. The social security digital certificate management method of claim 1, wherein the determining whether the social security digital certificate is properly stored in the social security digital certificate block chain based on the user verification information comprises:
counting a first number of times of verification success information and a second number of times of verification failure information in the user verification information;
calculating the ratio of the first times to the second times;
if the ratio of the first number of times to the second number of times is greater than or equal to a preset threshold value, determining that the social security digital certificate is correctly stored in the social security digital certificate block chain;
if the ratio of the first number of times to the second number of times is less than the threshold, determining that the social security digital certificate is not correctly stored in the social security digital certificate block chain.
3. The social security digital certificate management method according to claim 1, before sending a certificate inquiry request to a plurality of node servers in a preset social security digital certificate block chain, further comprising:
sending a block chain historical operation record query request to the social security digital certificate center server;
receiving a block chain historical operation record sent by the social security digital certificate center server;
respectively counting the times of abnormal conditions of each node server in the social security digital certificate blockchain according to the historical operating records of the blockchain;
determining the query priority of each node server, wherein the query priority is positively correlated with the frequency of abnormal conditions of the node servers;
and selecting a preset number of node servers with the highest query priority as sending objects of the certificate query request.
4. The social security digital certificate management method according to any one of claims 1 to 3, further comprising:
if the central verification information is verification failure information, determining that the social security digital certificate is failed to establish;
sending a complaint request to the social security digital certificate center server so that the social security digital certificate center server performs data recovery processing on the social security digital certificate.
5. A computer readable storage medium storing computer readable instructions, which when executed by a processor implement the steps of the social security digital certificate management method of any one of claims 1 to 4.
6. A social security digital certificate management terminal device comprises a memory, a processor and computer readable instructions stored in the memory and executable on the processor, wherein an implementation environment of the terminal device comprises a preset social security digital certificate center server and a social security digital certificate block chain consisting of a plurality of node servers, and the processor executes the computer readable instructions to realize the following steps:
sending a certificate creation request carrying user social security information to a preset social security digital certificate center server;
receiving a social security digital certificate sent by the social security digital certificate center server, wherein the social security digital certificate is created by the social security digital certificate center server according to the user social security information;
signing the social security digital certificate through a preset first private key to obtain user signature information, and sending the user signature information to the social security digital certificate center server;
receiving center verification information sent by the social security digital certificate center server, wherein the center verification information is a result obtained by verifying the user signature information through a preset first public key by the social security digital certificate center server, and the first public key and the first private key belong to the same key pair;
if the central verification information is verification success information, determining that the social security digital certificate is successfully established;
after the social security digital certificate is successfully established, sending a certificate query request to a plurality of node servers in a preset social security digital certificate block chain, wherein the node servers are used for storing center signature information obtained by the social security digital certificate center server through signing the social security digital certificate by a preset second private key, and the center signature information is sent to one node server in the social security digital certificate block chain by the social security digital certificate center server and is forwarded to other node servers in the social security digital certificate block chain, so that the center signature information is stored in all the node servers in the social security digital certificate block chain;
receiving the central signature information sent by the node server;
verifying the central signature information through a preset second public key to obtain user verification information, wherein the second public key and the second private key belong to the same key pair;
and determining whether the social security digital certificate is correctly stored in the social security digital certificate block chain according to the user verification information.
7. The social security digital certificate management terminal device of claim 6, wherein the determining whether the social security digital certificate is properly stored in the social security digital certificate blockchain based on the user verification information comprises:
counting a first number of times of verification success information and a second number of times of verification failure information in the user verification information;
calculating the ratio of the first times to the second times;
if the ratio of the first number of times to the second number of times is greater than or equal to a preset threshold value, determining that the social security digital certificate is correctly stored in the social security digital certificate block chain;
if the ratio of the first number of times to the second number of times is less than the threshold, determining that the social security digital certificate is not correctly stored in the social security digital certificate block chain.
8. The social security digital certificate management terminal device according to claim 6, before sending a certificate inquiry request to a plurality of node servers in a preset social security digital certificate block chain, further comprising:
sending a block chain historical operation record query request to the social security digital certificate center server;
receiving a block chain historical operation record sent by the social security digital certificate center server;
respectively counting the times of abnormal conditions of each node server in the social security digital certificate blockchain according to the historical operating records of the blockchain;
determining the query priority of each node server, wherein the query priority is positively correlated with the frequency of abnormal conditions of the node servers;
and selecting a preset number of node servers with the highest query priority as sending objects of the certificate query request.
CN201810121919.4A 2018-02-07 2018-02-07 Social security digital certificate management method, computer readable storage medium and terminal device Active CN108494557B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810121919.4A CN108494557B (en) 2018-02-07 2018-02-07 Social security digital certificate management method, computer readable storage medium and terminal device
PCT/CN2018/083295 WO2019153507A1 (en) 2018-02-07 2018-04-17 Social security digital certificate management method, readable storage medium, terminal device and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810121919.4A CN108494557B (en) 2018-02-07 2018-02-07 Social security digital certificate management method, computer readable storage medium and terminal device

Publications (2)

Publication Number Publication Date
CN108494557A CN108494557A (en) 2018-09-04
CN108494557B true CN108494557B (en) 2020-03-20

Family

ID=63344641

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810121919.4A Active CN108494557B (en) 2018-02-07 2018-02-07 Social security digital certificate management method, computer readable storage medium and terminal device

Country Status (2)

Country Link
CN (1) CN108494557B (en)
WO (1) WO2019153507A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110222085B (en) * 2019-05-07 2021-06-22 北京奇艺世纪科技有限公司 Processing method and device for certificate storage data and storage medium
CN110545190B (en) * 2019-09-06 2021-08-13 腾讯科技(深圳)有限公司 Signature processing method, related device and equipment
CN112132592A (en) * 2020-09-07 2020-12-25 绿瘦健康产业集团有限公司 Complaint processing method, complaint processing device, complaint processing medium and terminal equipment
CN112734581A (en) * 2021-01-12 2021-04-30 广州市讯奇数码科技有限公司 5G block chain social security data application system
CN112861106B (en) * 2021-02-26 2023-01-10 卓尔智联(武汉)研究院有限公司 Digital certificate processing method and system, electronic device and storage medium
CN113064896B (en) * 2021-03-08 2023-05-23 山东英信计算机技术有限公司 Fastener fool-proofing system, method and medium
CN113114625B (en) * 2021-03-16 2023-07-18 上海源庐加佳信息科技有限公司 User identity verification method, system, medium and terminal based on block chain
CN114401096B (en) * 2022-01-19 2024-02-09 深圳市电子商务安全证书管理有限公司 Block chain data uplink control method, device, equipment and storage medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100217975A1 (en) * 2009-02-25 2010-08-26 Garret Grajek Method and system for secure online transactions with message-level validation
CN101944997A (en) * 2010-08-25 2011-01-12 北京市劳动信息中心 IC (Integrated Circuit) card attesting method and system based on double-key and digital certificate system
CN103167491B (en) * 2011-12-15 2016-03-02 上海格尔软件股份有限公司 A kind of mobile terminal uniqueness authentication method based on software digital certificate
US10601595B2 (en) * 2016-05-04 2020-03-24 Avaya Inc. Secure application attachment
CN106453330B (en) * 2016-10-18 2019-11-12 深圳市金立通信设备有限公司 A kind of identity authentication method and system
CN107425981B (en) * 2017-06-12 2020-11-03 湖南岳麓山数据科学与技术研究院有限公司 Block chain-based digital certificate management method and system

Also Published As

Publication number Publication date
CN108494557A (en) 2018-09-04
WO2019153507A1 (en) 2019-08-15

Similar Documents

Publication Publication Date Title
CN108494557B (en) Social security digital certificate management method, computer readable storage medium and terminal device
CN109831487B (en) Fragmented file verification method and terminal equipment
CN112988764B (en) Data storage method, device, equipment and storage medium
CN111641712B (en) Block chain data updating method, device, equipment, system and readable storage medium
US10878108B1 (en) Delegated private set intersection, and applications thereof
EP2916484A1 (en) User authentication using elliptic curve based OTP
CN111523890A (en) Data processing method and device based on block chain, storage medium and equipment
US20210377048A1 (en) Digital Signature Method, Signature Information Verification Method, Related Apparatus and Electronic Device
JP4740253B2 (en) A secure delegation method for computing bilinear applications
US11411742B2 (en) Private set calculation using private intersection and calculation, and applications thereof
US20210241270A1 (en) System and method of blockchain transaction verification
CN111641496B (en) Block chain data updating method, device, equipment, system and readable storage medium
CN113704357A (en) Smart city data sharing method and system based on block chain
CN113569263A (en) Secure processing method and device for cross-private-domain data and electronic equipment
CN111901321A (en) Authentication method, device, electronic equipment and readable storage medium
US20170054561A1 (en) Double authenitication system for electronically signed documents
CN112685788B (en) Data processing method and device
EP3912304A1 (en) Preventing a transmission of an incorrect copy of a record of data to a distributed ledger system
WO2021174882A1 (en) Data fragment verification method, apparatus, computer device, and readable storage medium
CN113901520A (en) Data processing method, device, equipment and medium based on block chain
CN113067816A (en) Data encryption method and device
CN110618989B (en) Information processing method, information processing device and related products
WO2021052033A1 (en) Data calling method and apparatus, and device and computer readable storage medium
CN113888165A (en) Block chain address reconstruction and identity authentication method, equipment and storage medium
CN109688158B (en) Financial execution chain authentication method, electronic device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant