Disclosure of Invention
In view of the above technical problems, an embodiment of the present specification provides a method and a system for maintaining key information, and a technical scheme is as follows:
a key information maintenance method is applied to a key information maintenance system, the system comprises a plurality of information providing clients, an information management server and an information application terminal subordinate to the information management server, wherein, any information providing client generates a public key and a private key in advance and informs the information management server of the self public key, the information management server generates the public key and the private key in advance and informs any information providing client of the self public key, the method comprises the following steps:
the information providing client receives an information editing request input by a user, encrypts the information editing request by using a public key of an information management server, and digitally signs the information editing request by using a private key of the information management server;
the information providing client sends the encrypted and digitally signed information editing request and an information providing client identifier corresponding to the key information to be edited, which is aimed at by the information editing request, to an information management server;
the information management server searches an information providing client public key matched with the information providing client identification, performs digital signature verification on the encrypted and digitally signed information editing request by using the searched information providing client public key, and decrypts the encrypted and digitally signed information editing request by using a self private key;
if the information management server side successfully verifies the digital signature of the encrypted and digitally signed information editing request and successfully decrypts the encrypted and digitally signed information editing request, the information management server side converts the decrypted and digitally signed information editing request into a semantic action execution instruction according to a preset conversion rule, and distributes the semantic action execution instruction to an information application side;
and the information application end determines the key information to be edited corresponding to the semantic action execution instruction, and maintains the key information to be edited according to the semantic action execution instruction.
A key information maintenance method is applied to an information providing client, and comprises the following steps:
receiving an information editing request input by a user;
encrypting the information editing request by using a public key of an information management server, and digitally signing the information editing request by using a private key of the information management server;
sending the encrypted and digitally signed information editing request and an information providing client identifier corresponding to key information to be edited, which is aimed at by the information editing request, to an information management server, so that the information management server searches an information providing client public key matched with the information providing client identifier, performs digital signature verification on the encrypted and digitally signed information editing request by using the searched information providing client public key, decrypts the encrypted and digitally signed information editing request by using a self private key, and converts the decrypted and digitally signed information editing request into a semantic action execution instruction according to a preset conversion rule if the digital signature verification and the decryption of the encrypted and digitally signed information editing request are successful, and distributing the semantic action execution instruction to an information application end.
A key information maintenance method is applied to an information management server side and comprises the following steps:
receiving an encrypted and digitally signed information editing request sent by an information providing client and an information providing client identifier corresponding to key information to be edited for the information editing request;
searching an information providing client public key matched with the information providing client identification;
carrying out digital signature verification on the encrypted and digitally signed information editing request by utilizing the searched information providing client public key;
decrypting the encrypted and digitally signed information editing request by using a private key of the information editing device;
if the information editing request which is encrypted and digitally signed is successfully verified in the digital signature and decrypted, converting the information editing request which is decrypted and digitally signed into a semantic action execution instruction according to a preset conversion rule;
and distributing the semantic action execution instruction to an information application end so that the information application end determines key information to be edited corresponding to the semantic action execution instruction, and maintaining the key information to be edited according to the semantic action execution instruction.
A key information maintenance method is applied to an information application end, and comprises the following steps:
receiving a semantic action execution instruction issued by an information management server;
determining key information to be edited corresponding to the semantic action execution instruction;
and maintaining key information to be edited according to the semantic action execution instruction.
A critical information maintenance system, the system comprising:
the system comprises a plurality of information providing clients, an information management server and an information application terminal subordinate to the information management server, wherein any information providing client generates a public key and a private key in advance and informs the information management server of the public key, and the information management server generates the public key and the private key in advance and informs any information providing client of the public key;
the information providing client receives an information editing request input by a user, encrypts the information editing request by using a public key of an information management server, and digitally signs the information editing request by using a private key of the information management server;
the information providing client sends the encrypted and digitally signed information editing request and an information providing client identifier corresponding to the key information to be edited, which is aimed at by the information editing request, to an information management server;
the information management server searches an information providing client public key matched with the information providing client identification, performs digital signature verification on the encrypted and digitally signed information editing request by using the searched information providing client public key, and decrypts the encrypted and digitally signed information editing request by using a self private key;
if the information management server side successfully verifies the digital signature of the encrypted and digitally signed information editing request and successfully decrypts the encrypted and digitally signed information editing request, the information management server side converts the decrypted and digitally signed information editing request into a semantic action execution instruction according to a preset conversion rule, and distributes the semantic action execution instruction to an information application side;
and the information application end determines the key information to be edited corresponding to the semantic action execution instruction, and maintains the key information to be edited according to the semantic action execution instruction.
A key information maintenance device is applied to an information providing client, and comprises:
the request receiving module is used for receiving an information editing request input by a user;
the encryption signing module is used for encrypting the information editing request by using a public key of the information management server and digitally signing the information editing request by using a private key of the encryption signing module;
a sending module, configured to send the encrypted and digitally signed information editing request and an information providing client identifier corresponding to key information to be edited, to an information management server, so that the information management server searches for an information providing client public key matching the information providing client identifier, performs digital signature verification on the encrypted and digitally signed information editing request using the found information providing client public key, decrypts the encrypted and digitally signed information editing request using its own private key, and converts the decrypted and digitally signed information editing request into a semantic action execution instruction according to a preset conversion rule if the encrypted and digitally signed information editing request is successfully verified and decrypted, and distributing the semantic action execution instruction to an information application end.
A key information maintenance device is applied to an information management server side and comprises:
the receiving module is used for receiving an encrypted and digitally signed information editing request sent by an information providing client and an information providing client identifier corresponding to key information to be edited for the information editing request;
the public key searching module is used for searching the public key of the information providing client matched with the information providing client identification;
the signature verification module is used for performing digital signature verification on the encrypted and digitally signed information editing request by utilizing the searched information providing client public key;
the decryption module is used for decrypting the encrypted and digitally signed information editing request by using a private key of the decryption module;
the conversion module is used for converting the information editing request which is decrypted and passes the digital signature verification into a semantic action execution instruction according to a preset conversion rule if the information editing request which is encrypted and passes the digital signature verification is successfully subjected to the digital signature verification and the decryption is successful;
and the instruction distribution module is used for distributing the semantic action execution instruction to an information application end so that the information application end determines the key information to be edited corresponding to the semantic action execution instruction, and maintains the key information to be edited according to the semantic action execution instruction.
A key information maintenance device is applied to an information application end and comprises:
the instruction receiving module is used for receiving a semantic action execution instruction issued by the information management server;
the information determining module is used for determining key information to be edited corresponding to the semantic action executing instruction;
and the information maintenance module is used for maintaining the key information to be edited according to the semantic action execution instruction.
According to the technical scheme provided by the embodiment of the specification, the multiple roles are safely maintained in parallel and only own exclusive key information can be maintained by using an encryption and decryption and signature and verification identity authentication mechanism based on an asymmetric key system.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of embodiments of the invention.
In addition, any one of the embodiments in the present specification is not required to achieve all of the effects described above.
Detailed Description
Currently, in some organizations, there is usually some key information managed by the organization, and the key information is commonly maintained by a plurality of cooperative organizations cooperating with the organization, and each cooperative organization has a need for editing own specific key information at the same time. Taking the key information as the user white list as an example, a certain payment mechanism (for convenience of description, the service end where the payment mechanism is located is called an information management service end) needs to configure a user information white list for each cooperation mechanism (for convenience of description, the client end where the cooperation mechanism is located is called an information providing client end), the user information white list is maintained by each cooperation mechanism together, is managed by the payment mechanism in a unified manner, and is stored in the information application end which belongs to the information management service end in a unified manner, so that the user information white list can be directionally distributed in channels such as signing, payment, refund, query and the like of each cooperation mechanism at the information application end in a subsequent process. Because each cooperation mechanism has the requirement for editing the own exclusive key information, the payment mechanism transfers the editing authority of the user information white list to the user of each cooperation mechanism, the user can edit the user information white list of the own cooperation mechanism, and meanwhile, the payment mechanism needs to avoid the user from editing the user information white lists of other cooperation mechanisms. Based on this, a technical scheme which can be safely maintained by a plurality of roles in parallel and only can maintain own exclusive key information is urgently needed.
In view of the above problems, embodiments of the present specification provide a technical solution to determine that multiple roles are safely maintained in parallel and only own dedicated key information is maintained by using an identity authentication mechanism based on encryption and decryption and signing and checking of an asymmetric key system.
Specifically, the technical solutions provided in the embodiments of the present description are as follows:
the information providing client receives an information editing request input by a user, encrypts the information editing request by using a public key of an information management server, and digitally signs the information editing request by using a private key of the information management server; the information providing client sends the encrypted and digitally signed information editing request and an information providing client identifier corresponding to the key information to be edited, which is aimed at by the information editing request, to an information management server; the information management server searches an information providing client public key matched with the information providing client identification, performs digital signature verification on the encrypted and digitally signed information editing request by using the searched information providing client public key, and decrypts the encrypted and digitally signed information editing request by using a self private key; if the information management server side successfully verifies the digital signature of the encrypted and digitally signed information editing request and successfully decrypts the encrypted and digitally signed information editing request, the information management server side converts the decrypted and digitally signed information editing request into a semantic action execution instruction according to a preset conversion rule, and distributes the semantic action execution instruction to an information application side; and the information application end determines the key information to be edited corresponding to the semantic action execution instruction, and maintains the key information to be edited according to the semantic action execution instruction.
In this specification, the information management system includes a plurality of information providing clients, an information management server and an information application server subordinate to the information management server, where a schematic connection relationship among the information providing clients, the information application server and the information management server is shown in fig. 1. The information management server side also generates a public key and a private key in advance based on the asymmetric key system and informs the public key of the information management server side to any information providing client side. Therefore, any information providing client can know the public key of the information management server, and the information management server can know the public key of any information providing client.
In order to make those skilled in the art better understand the technical solutions in the embodiments of the present specification, the technical solutions in the embodiments of the present specification will be described in detail below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of protection.
As shown in fig. 2, an interaction flow diagram of a key information maintenance method according to an embodiment of the present disclosure is shown, where the method specifically includes the following steps:
s201, an information providing client receives an information editing request input by a user;
the information providing client checks the user identity, and the specific implementation manner may be checking an account password, face recognition, and the like, which is not limited in the embodiment of the present specification.
After the user identity verification is passed, the user may log in the information providing client, and then may input an information editing request to the information providing client, where the information providing client receives the information editing request input by the user, and the information editing request may carry an editing instruction to be executed, such as an editing instruction for addition, modification, deletion, and the like, and an object to which the information editing instruction to be executed is directed, that is, key information to be edited, such as one data a1.1 in the entry A1 in the user information white list. In addition, when the editing instruction to be executed is a modification instruction, the edited key information corresponding to the key information to be edited, for example, a1.1a, may be additionally carried in the information editing request.
S202, the information providing client encrypts the information editing request by using a public key of the information management server and digitally signs the information editing request by using a private key of the information providing client;
for the information editing request received by the information providing client in S201, the information providing client encrypts the information editing request by using the public key of the information management server, and the specifically adopted encryption algorithm may be an asymmetric encryption algorithm such as RSA, Elgamal, or other asymmetric encryption algorithms.
In addition, the information providing client needs to digitally sign, i.e. add a signature, the information editing request by using its own private key.
It should be noted that the sequence of the encryption and the signing is not limited herein. In an embodiment of the present specification, the information providing client encrypts the information editing request by using the public key of the information management server, and performs a digital signature on the information editing request by using the private key of the information providing client, so that the information editing request is encrypted to ensure that the information editing request cannot be maliciously tampered, and the information editing request is signed to ensure that the user only edits own dedicated key information.
S203, the information providing client sends the encrypted and digitally signed information editing request and the information providing client identification corresponding to the key information to be edited, which is aimed at by the information editing request, to the information management server;
after the information editing request is encrypted and signed, the encrypted and signed information editing request is sent to the information management server side.
In addition, the information providing client needs to send an information providing client identifier corresponding to the key information to be edited, which is targeted by the information editing request, to the information management server.
For example, if the user is an operator a under the organization a, and the operator a modifies the key information under the organization a, the information providing client identifier corresponding to the key information to be edited for which the information editing request is directed is a, and the information providing client identifier a corresponding to the key information to be edited for which the information editing request is directed is sent to the information management server.
For another example, if the user is an operator a in the organization a, and the operator a modifies the key information in the organization B, the information providing client identifier corresponding to the key information to be edited for which the information editing request is directed is B, and the information providing client identifier B corresponding to the key information to be edited for which the information editing request is directed is sent to the information management server.
As can be seen from the above, the information providing client sends the information providing client identifier corresponding to the key information to be edited, which is targeted by the information editing request, to the information management server, and the information providing client identifier sent by the information providing client may be identical to or different from the information providing client identifier itself.
The identifier of the information providing client corresponding to the key information to be edited, which is targeted by the information editing request, may be an identifier actively input by the user, or an identifier corresponding to the key information to be edited, which is acquired by the information providing client to the information management server according to the key information to be edited, which is targeted by the information editing request, and is not limited in this embodiment of the specification.
S204, the information management server searches an information providing client public key matched with the information providing client identification, performs digital signature verification on the encrypted and digitally signed information editing request by using the searched information providing client public key, and decrypts the encrypted and digitally signed information editing request by using a self private key;
the information management server receives an encrypted and digitally signed information editing request sent by an information providing client and an information providing client identifier corresponding to key information to be edited, and the information management server performs operations such as decryption, signature verification and the like on the encrypted and digitally signed information editing request, specifically as follows:
the information management server side searches an information providing client side public key matched with the information providing client side identification, utilizes the searched information providing client side public key to carry out digital signature verification on the encrypted and digitally signed information editing request, namely, signature verification, and utilizes a self private key to decrypt the encrypted and digitally signed information editing request.
Here, the step of searching for the information providing client public key matching with the information providing client identifier, and performing digital signature verification on the encrypted and digitally signed information editing request by using the searched information providing client public key is to ensure that the user maintains own dedicated key information. For example, if the user is an operator a under the organization a, and the operator a modifies the key information under the organization a, the information providing client identifier is a, the matched information providing client public key can be found according to the information providing client identifier a, the encrypted and digitally signed information editing request is digitally signed and verified by using the information providing client public key, the signature verification can be successful, and the exclusive key information under the organization a can be maintained subsequently. For example, if the user is an operator a under the organization a, and the operator a modifies key information under the organization B, the information providing client identifier is B, the matched information providing client public key can be found according to the information providing client identifier B, the encrypted and digitally signed information editing request is digitally signed and verified by using the information providing client public key, and the operator a is prevented from maintaining the key information under the organization B due to failure in signature verification.
In the embodiment of the present specification, the execution sequence of the decryption and signature verification operations is not limited. In an embodiment of the present specification, the information management server searches for a public key that matches the identifier of the information providing client, and performs digital signature verification on the encrypted and digitally signed information editing request using the searched public key of the information providing client, and if the digital signature verification is successful on the encrypted and digitally signed information editing request, the information management server decrypts the encrypted and digitally signed information editing request using its own private key, otherwise, the encrypted and digitally signed information editing request does not need to be decrypted using its own private key.
In addition, if the encrypted and digitally signed information editing request fails to be verified in a digital signature mode or the encrypted and digitally signed information editing request fails to be decrypted, the information management server sends a key information maintenance failure notice to the information providing client, and returns the failure reason to the information providing client.
S205, if the information editing request which is encrypted and digitally signed is successfully verified in a digital signature way and successfully decrypted, the information management server converts the information editing request which is decrypted and digitally signed into a semantic action execution instruction according to a preset conversion rule;
after the encrypted and digitally signed information editing request is decrypted and signed successfully, the information management server can convert the decrypted and digitally signed information editing request into a semantic action execution instruction, wherein the semantic action execution instruction is an interactive mode based on semantic definition in the specification, namely, the information editing request is converted into a plurality of action execution instructions based on semantic. For example, the information carried by an information editing request is shown in table 1 below:
operator
|
Belonging mechanism
|
Editing instructions
|
Object
|
Edited objects
|
a
|
A
|
Modifying
|
A1.1
|
A1.1a |
TABLE 1
The semantic action execution instruction converted by the information editing request is as follows:
1. operator a, subordinate to mechanism a, at 10: 00 executing operation;
2. locally deleting data A1.1 in the key information table item A;
3. and data A1.1a in the key information table entry A is locally added.
The three parts form a semantic action execution instruction (modification is divided into deletion and addition), and the information editing request is converted into a plurality of action execution instructions based on semantics.
And S206, the information management server side distributes the semantic action execution instruction to the information application side.
For the semantic action execution instruction obtained in S205, in this embodiment of the present specification, the information management server may immediately distribute the instruction to the information application.
In order to prevent the network congestion and other problems caused by frequent editing of own dedicated key information by a user, a semantic action instruction can be regularly summarized and distributed to an information application end on the side of an information management server end, and the method specifically comprises the following steps: the information management server stores the semantic action execution instruction and records the state of the semantic action execution instruction as unexecuted, the information management server acquires the stored unexecuted semantic action execution instruction according to a preset issuing period, and the information management server distributes the acquired stored unexecuted semantic action execution instruction to the information application terminal.
The information management server stores the semantic action execution instruction into a key information maintenance log, records the state of the semantic action execution instruction as unexecuted, and the key information maintenance log is used for checking key information maintenance records.
In addition, in order to prevent frequently sending semantic action execution instructions, the key information maintenance log may be sent based on the key information maintenance log, and the information application end may analyze the unexecuted semantic action execution instructions therein, which is specifically as follows: the information management server acquires a key information maintenance log storing the unexecuted semantic action execution instruction according to a preset issuing period, the information management server distributes the acquired key information maintenance log to the information application terminal, and the follow-up information application terminal analyzes the unexecuted semantic action execution instruction from the key information maintenance log.
And S207, the information application end determines the key information to be edited corresponding to the semantic action execution instruction, and maintains the key information to be edited according to the semantic action execution instruction.
On the side of the information application end, the key information to be edited corresponding to the semantic action execution instruction can be determined, and the key information to be edited is maintained according to the semantic action execution instruction.
For example, the semantic action execution instruction mentioned above:
1. operator a, subordinate to mechanism a, at 10: 00 executing operation;
2. locally deleting data A1.1 in the key information table item A;
3. and data A1.1a in the key information table entry A is locally added.
The key information to be edited corresponding to the semantic action execution instruction can be determined to be data A1.1 in the key information table entry A, and the key information to be edited is maintained according to the semantic action execution instruction: and according to the semantic action execution instruction, locally deleting the data A1.1 in the key information table entry A and locally adding the data A1.1a in the key information table entry A.
The information management server side collects semantic action instructions at regular time and distributes the semantic action instructions to the information application side, the information management server side distributes the obtained stored unexecuted semantic action execution instructions to the information application side, the information application side determines key information to be edited corresponding to the unexecuted semantic action execution instructions, the key information to be edited is maintained according to the unexecuted semantic action execution instructions, the unexecuted semantic action execution instructions comprise a plurality of semantic action execution instructions, and the information application side can maintain the key information to be edited at one time according to the unexecuted semantic action execution instructions.
In addition, the information management server side distributes the acquired key information maintenance log to the information application side based on the key information maintenance log, the information application side analyzes the unexecuted semantic action execution instruction from the key information maintenance log, the information application side determines the key information to be edited corresponding to the unexecuted semantic action execution instruction, the unexecuted semantic action execution instruction comprises a plurality of semantic action execution instructions, and the information application side can maintain the key information to be edited at one time according to the unexecuted semantic action execution instruction.
Through the above description of the technical solution provided by the embodiment of the present specification, at the side of the information providing client, an information editing request input by a user is received, the information editing request is encrypted by using the public key of the information management server, the information editing request is digitally signed by using the own private key, the information editing request which is encrypted and digitally signed and the identification of the information providing client corresponding to the key information to be edited for the information editing request are sent to the information management server, at the side of the information management server, the public key of the information providing client matching the identification of the information providing client is searched, the encrypted and digitally signed information editing request is digitally signed and verified by using the searched public key of the information providing client, the encrypted and digitally signed information editing request is decrypted by using the own private key, if the encrypted and digitally signed information editing request is successfully verified in digital signature and decrypted, the information editing request which is decrypted and verified in digital signature is converted into a semantic action execution instruction according to a preset conversion rule, the semantic action execution instruction is distributed to an information application end, key information to be edited corresponding to the semantic action execution instruction is determined on the side of the information application end, and the key information to be edited is maintained according to the semantic action execution instruction. Therefore, by using an identity authentication mechanism based on encryption and decryption and signature verification of an asymmetric key system, the multiple roles are ensured to be safely maintained in parallel and only own exclusive key information can be maintained.
In order to more clearly illustrate the technical solution of the embodiments of the present disclosure, the following describes the executed method from a single-side perspective:
for the information providing client, the tasks to be performed are mainly as follows:
A. receiving an information editing request input by a user;
B. encrypting the information editing request by using a public key of the information management server, and digitally signing the information editing request by using a private key of the information management server;
C. sending the encrypted and digitally signed information editing request and an information providing client identifier corresponding to the key information to be edited, which is aimed at by the information editing request, to an information management server;
for the information management server, the tasks to be executed are mainly as follows:
a. searching an information providing client public key matched with the information providing client identification, performing digital signature verification on the encrypted and digitally signed information editing request by using the searched information providing client public key, and decrypting the encrypted and digitally signed information editing request by using a self private key;
b. if the information editing request which is encrypted and digitally signed is successfully verified in the digital signature and decrypted, converting the information editing request which is decrypted and digitally signed into a semantic action execution instruction according to a preset conversion rule, and distributing the semantic action execution instruction to an information application end;
for the information application end, the tasks to be executed are mainly as follows:
and determining key information to be edited corresponding to the semantic action execution instruction, and maintaining the key information to be edited according to the semantic action execution instruction.
Corresponding to the foregoing method embodiment, an embodiment of the present specification further provides a key information maintenance apparatus, which is applied to an information providing client, and as shown in fig. 3, the apparatus may include: a request receiving module 310, an encryption tagging module 320 and a sending module 330.
A request receiving module 310, configured to receive an information editing request input by a user;
the encryption signing module 320 is used for encrypting the information editing request by using a public key of the information management server and digitally signing the information editing request by using a private key of the information management server;
a sending module 330, configured to send the encrypted and digitally signed information editing request and an information providing client identifier corresponding to the key information to be edited, to an information management server, so that the information management server searches for an information providing client public key matching the information providing client identifier, performs digital signature verification on the encrypted and digitally signed information editing request by using the found information providing client public key, decrypts the encrypted and digitally signed information editing request by using its own private key, and converts the decrypted and digitally signed information editing request into a semantic action execution instruction according to a preset conversion rule if the encrypted and digitally signed information editing request is successfully verified and decrypted, and distributing the semantic action execution instruction to an information application end.
An embodiment of the present specification further provides a key information maintenance device, which is applied to an information management server, and as shown in fig. 4, the key information maintenance device may include: the system comprises a receiving module 410, a public key searching module 420, a signature verifying module 430, a decrypting module 440, a converting module 450 and an instruction distributing module 460.
A receiving module 410, configured to receive an encrypted and digitally signed information editing request sent by an information providing client and an information providing client identifier corresponding to key information to be edited for which the information editing request is specific;
a public key searching module 420, configured to search for an information providing client public key that matches the information providing client identifier;
the signature verification module 430 is configured to perform digital signature verification on the encrypted and digitally signed information editing request by using the searched information providing client public key;
the decryption module 440 is configured to decrypt the encrypted and digitally signed information editing request with a private key of the decryption module;
the conversion module 450 is configured to, if the encrypted and digitally signed information editing request is successfully verified in terms of the digital signature and decrypted, convert the decrypted and digitally signed information editing request into a semantic action execution instruction according to a preset conversion rule;
the instruction distribution module 460 is configured to distribute the semantic action execution instruction to an information application end, so that the information application end determines the key information to be edited corresponding to the semantic action execution instruction, and maintains the key information to be edited according to the semantic action execution instruction.
An embodiment of the present specification further provides a key information maintenance device, which is applied to an information application end, and as shown in fig. 5, the key information maintenance device may include: an instruction receiving module 510, an information determining module 520, and an information maintaining module 530.
An instruction receiving module 510, configured to receive a semantic action execution instruction issued by an information management server;
an information determining module 520, configured to determine key information to be edited, where the key information corresponds to the semantic action executing instruction;
and the information maintenance module 530 is configured to maintain the key information to be edited according to the semantic action execution instruction.
An embodiment of the present specification further provides a key information maintenance system, where the system includes:
the system comprises a plurality of information providing clients, an information management server and an information application terminal subordinate to the information management server, wherein any information providing client generates a public key and a private key in advance and informs the information management server of the public key, and the information management server generates the public key and the private key in advance and informs any information providing client of the public key;
the information providing client receives an information editing request input by a user, encrypts the information editing request by using a public key of an information management server, and digitally signs the information editing request by using a private key of the information management server;
the information providing client sends the encrypted and digitally signed information editing request and an information providing client identifier corresponding to the key information to be edited, which is aimed at by the information editing request, to an information management server;
the information management server searches an information providing client public key matched with the information providing client identification, performs digital signature verification on the encrypted and digitally signed information editing request by using the searched information providing client public key, and decrypts the encrypted and digitally signed information editing request by using a self private key;
if the information management server side successfully verifies the digital signature of the encrypted and digitally signed information editing request and successfully decrypts the encrypted and digitally signed information editing request, the information management server side converts the decrypted and digitally signed information editing request into a semantic action execution instruction according to a preset conversion rule, and distributes the semantic action execution instruction to an information application side;
and the information application end determines the key information to be edited corresponding to the semantic action execution instruction, and maintains the key information to be edited according to the semantic action execution instruction.
The implementation process of the functions and actions of each module in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
Through the above description of the technical solution provided by the embodiment of the present specification, at the side of the information providing client, an information editing request input by a user is received, the information editing request is encrypted by using the public key of the information management server, the information editing request is digitally signed by using the own private key, the information editing request which is encrypted and digitally signed and the identification of the information providing client corresponding to the key information to be edited for the information editing request are sent to the information management server, at the side of the information management server, the public key of the information providing client matching the identification of the information providing client is searched, the encrypted and digitally signed information editing request is digitally signed and verified by using the searched public key of the information providing client, the encrypted and digitally signed information editing request is decrypted by using the own private key, if the encrypted and digitally signed information editing request is successfully verified in digital signature and decrypted, the information editing request which is decrypted and verified in digital signature is converted into a semantic action execution instruction according to a preset conversion rule, the semantic action execution instruction is distributed to an information application end, key information to be edited corresponding to the semantic action execution instruction is determined on the side of the information application end, and the key information to be edited is maintained according to the semantic action execution instruction. Therefore, by using an identity authentication mechanism based on encryption and decryption and signature verification of an asymmetric key system, the multiple roles are ensured to be safely maintained in parallel and only own exclusive key information can be maintained.
An embodiment of the present specification further provides a computer device, which at least includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the program to implement the aforementioned critical information maintenance method, and the method at least includes:
receiving an information editing request input by a user;
encrypting the information editing request by using a public key of an information management server, and digitally signing the information editing request by using a private key of the information management server;
and sending the encrypted and digitally signed information editing request and an information providing client identifier corresponding to the key information to be edited, which is aimed at by the information editing request, to an information management server.
An embodiment of the present specification further provides a computer device, which at least includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the program to implement the aforementioned critical information maintenance method, and the method at least includes:
receiving an encrypted and digitally signed information editing request sent by an information providing client and an information providing client identifier corresponding to key information to be edited for the information editing request;
searching an information providing client public key matched with the information providing client identification;
carrying out digital signature verification on the encrypted and digitally signed information editing request by utilizing the searched information providing client public key;
decrypting the encrypted and digitally signed information editing request by using a private key of the information editing device;
if the information editing request which is encrypted and digitally signed is successfully verified in the digital signature and decrypted, converting the information editing request which is decrypted and digitally signed into a semantic action execution instruction according to a preset conversion rule;
and distributing the semantic action execution instruction to an information application end.
An embodiment of the present specification further provides a computer device, which at least includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the program to implement the aforementioned critical information maintenance method, and the method at least includes:
receiving a semantic action execution instruction issued by an information management server;
determining key information to be edited corresponding to the semantic action execution instruction;
and maintaining key information to be edited according to the semantic action execution instruction.
Embodiments of the present specification further provide a computer device, as shown in fig. 6, the computer device may include: a processor 610, a memory 620, an input/output interface 630, a communication interface 640, and a bus 650. Wherein the processor 610, memory 620, input/output interface 630, and communication interface 640 are communicatively coupled to each other within the device via a bus 650.
The processor 610 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present specification.
The Memory 620 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 620 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 620 and called by the processor 610 to be executed.
The input/output interface 630 is used for connecting an input/output module to realize information input and output. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 640 is used for connecting a communication module (not shown in the figure) to realize communication interaction between the device and other devices. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
Bus 650 includes a pathway to transfer information between various components of the device, such as processor 610, memory 620, input/output interface 630, and communication interface 640.
It should be noted that although the above-mentioned devices only show the processor 610, the memory 620, the input/output interface 630, the communication interface 640 and the bus 650, in a specific implementation, the devices may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
Embodiments of the present specification further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the foregoing key information maintenance method, where the method at least includes:
receiving an information editing request input by a user;
encrypting the information editing request by using a public key of an information management server, and digitally signing the information editing request by using a private key of the information management server;
and sending the encrypted and digitally signed information editing request and an information providing client identifier corresponding to the key information to be edited, which is aimed at by the information editing request, to an information management server.
Embodiments of the present specification further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the foregoing key information maintenance method, where the method at least includes:
receiving an encrypted and digitally signed information editing request sent by an information providing client and an information providing client identifier corresponding to key information to be edited for the information editing request;
searching an information providing client public key matched with the information providing client identification;
carrying out digital signature verification on the encrypted and digitally signed information editing request by utilizing the searched information providing client public key;
decrypting the encrypted and digitally signed information editing request by using a private key of the information editing device;
if the information editing request which is encrypted and digitally signed is successfully verified in the digital signature and decrypted, converting the information editing request which is decrypted and digitally signed into a semantic action execution instruction according to a preset conversion rule;
and distributing the semantic action execution instruction to an information application end.
Embodiments of the present specification further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the foregoing key information maintenance method, where the method at least includes:
receiving a semantic action execution instruction issued by an information management server;
determining key information to be edited corresponding to the semantic action execution instruction;
and maintaining key information to be edited according to the semantic action execution instruction.
Computer-readable media, which include both non-transitory and non-transitory, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
From the above description of the embodiments, it is clear to those skilled in the art that the embodiments of the present disclosure can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the embodiments of the present specification may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments of the present specification.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, it is relatively simple to describe, and reference may be made to some descriptions of the method embodiment for relevant points. The above-described apparatus embodiments are merely illustrative, and the modules described as separate components may or may not be physically separate, and the functions of the modules may be implemented in one or more software and/or hardware when implementing the embodiments of the present disclosure. And part or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The foregoing is only a specific embodiment of the embodiments of the present disclosure, and it should be noted that, for those skilled in the art, a plurality of modifications and decorations can be made without departing from the principle of the embodiments of the present disclosure, and these modifications and decorations should also be regarded as the protection scope of the embodiments of the present disclosure.