CN113676332A - Two-dimensional code authentication method, communication device and storage medium - Google Patents

Two-dimensional code authentication method, communication device and storage medium Download PDF

Info

Publication number
CN113676332A
CN113676332A CN202110961100.0A CN202110961100A CN113676332A CN 113676332 A CN113676332 A CN 113676332A CN 202110961100 A CN202110961100 A CN 202110961100A CN 113676332 A CN113676332 A CN 113676332A
Authority
CN
China
Prior art keywords
digital certificate
server
dimensional code
public key
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110961100.0A
Other languages
Chinese (zh)
Other versions
CN113676332B (en
Inventor
尹嘉峻
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN202110961100.0A priority Critical patent/CN113676332B/en
Publication of CN113676332A publication Critical patent/CN113676332A/en
Application granted granted Critical
Publication of CN113676332B publication Critical patent/CN113676332B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The application is applicable to the technical field of information security, and provides a two-dimensional code authentication method, communication equipment and a storage medium, wherein the two-dimensional code authentication method applied to a user terminal sends a public key query instruction to a server to obtain a server public key after confirming that data of a two-dimensional code contains a digital certificate; the server public key can verify the validity of the certificate signature information, when the server public key confirms that the certificate signature information is legal, the digital certificate is legal, and at the moment, the validity of the two-dimensional code is further confirmed according to the certificate public key in the digital certificate and the two-dimensional code signature information of the two-dimensional code. The embodiment of the application can improve the use safety of the two-dimensional code. In a digital medical scene, the two-dimensional code authentication method can ensure the safety and reliability of the acquired medical data.

Description

Two-dimensional code authentication method, communication device and storage medium
Technical Field
The present application relates to the field of information security technologies, and in particular, to a two-dimensional code authentication method, a communication device, and a storage medium.
Background
Two-dimensional codes are a popular encoding method for mobile devices in recent years, and are widely used because of their advantages of large information capacity, high storage density, capability of representing more data types, low manufacturing cost, convenience in transmission, and the like. For example, in the field of digital medical treatment, medical data or access address information of the medical data and the like can be encoded into corresponding two-dimensional codes, so that a patient or a doctor can efficiently acquire relevant medical data only by scanning the two-dimensional codes.
However, with the widespread use of two-dimensional codes, some two-dimensional codes that are illegally copied and unreliable have appeared. The illegal two-dimensional codes can carry some error information, so that certain safety problems exist in the using process of the two-dimensional codes, and certain loss is brought to users.
Disclosure of Invention
In view of this, embodiments of the present application provide a two-dimensional code authentication method, a communication device, and a storage medium, so as to solve the problem of how to improve the security of using a two-dimensional code in the prior art.
A first aspect of the embodiments of the present application provides a first two-dimensional code authentication method, which is applied to a user terminal, and includes:
acquiring a two-dimensional code;
if the data of the two-dimensional code contains a digital certificate, sending a public key query instruction to a server; wherein the digital certificate comprises an encoding public key and certificate signature information;
acquiring a server public key returned by the server according to the public key inquiry instruction, and verifying the legality of the certificate signature information according to the server public key;
and if the certificate signature information is determined to be legal according to the server public key, verifying the validity of the two-dimensional code according to the coding public key and the two-dimensional code signature information of the two-dimensional code.
Optionally, the digital certificate further includes validity information, and correspondingly, if the data of the two-dimensional code includes a digital certificate, the sending a public key query instruction to a server includes:
and if the data of the two-dimensional code contains a digital certificate and the digital certificate is determined to be within the valid period according to the valid period information, sending a public key inquiry instruction to a server.
Optionally, if the data of the two-dimensional code includes a digital certificate, sending a public key query instruction to a server, where the public key query instruction includes:
if the data of the two-dimensional code contains a digital certificate, sending a digital certificate inquiry instruction to a service;
acquiring certificate inquiry result information returned by the server according to the digital certificate inquiry instruction;
and if the certificate inquiry result information is information indicating that the digital certificate is not revoked, sending a public key inquiry instruction to a server.
Optionally, before the acquiring the two-dimensional code, the method further includes:
acquiring a digital certificate, wherein the digital certificate comprises an encoding public key and certificate signature information;
according to a coding private key corresponding to the coding public key, performing digital signature processing on effective content data to be coded to obtain two-dimensional code signature information;
and coding according to the effective content data, the two-dimension code signature information and the digital certificate to generate a two-dimension code.
Optionally, the obtaining the digital certificate includes:
sending a digital certificate application instruction to the server, wherein the digital certificate application instruction comprises a coding public key in a coding key pair generated by the user terminal;
and receiving a digital certificate returned by the server, wherein the digital certificate comprises the encoding public key and certificate signature information, and the certificate signature information is obtained by the server through signature processing of the digital certificate by a server private key.
Optionally, after the acquiring the digital certificate, further comprising:
if the digital certificate is confirmed to be expired according to the validity information contained in the digital certificate, sending a digital certificate modification instruction to the server;
and receiving the digital certificate updated by the server according to the digital certificate modification instruction.
Optionally, after the acquiring the digital certificate, further comprising:
and sending a digital certificate revocation instruction to the server to revoke the digital certificate.
A second aspect of the embodiments of the present application provides a second two-dimensional code authentication method, which is applied to a server, and includes:
receiving a public key query instruction sent by a user terminal;
and obtaining a server public key prestored by the server according to the public key query instruction, and returning the server public key to the user terminal so as to indicate the user terminal to verify the validity of the two-dimensional code.
Optionally, before the receiving the public key query instruction sent by the user terminal, the method further includes:
receiving a digital certificate application instruction sent by the user terminal; the digital certificate application instruction comprises information of a coding public key;
verifying the information of the user terminal according to the digital certificate application instruction;
if the information of the user terminal passes the verification, generating a corresponding digital certificate for the user terminal; wherein the digital certificate contains the encoding public key and certificate signature information; the certificate signature information is signature information obtained by performing digital signature processing on data of the digital certificate according to a server private key corresponding to the server public key;
and sending the digital certificate to the user terminal.
A third aspect of the embodiments of the present application provides a communication device, which includes a memory, a processor, and a computer program stored in the memory and executable on the communication device, where the processor implements the steps of the two-dimensional code authentication method provided in the first aspect or the second aspect when executing the computer program.
A fourth aspect of embodiments of the present application provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program implements the steps of the two-dimensional code authentication method provided in the first aspect or the second aspect.
The two-dimensional code authentication method provided by the embodiment of the application has the following beneficial effects: in the embodiment of the application, after the data of the two-dimensional code is confirmed to contain the digital certificate, a public key query instruction is sent to the server, and a server public key is obtained; the server public key can verify the validity of the certificate signature information, when the server public key confirms that the certificate signature information is legal, the digital certificate is legal, and at the moment, the validity of the two-dimensional code is further confirmed according to the certificate public key in the digital certificate and the two-dimensional code signature information of the two-dimensional code. Since the validity confirmation steps of the embodiment of the application are all executed at the user terminal, compared with a mode of performing two-dimensional code validity verification at a server, the method can avoid excessive operation burden on the server needing to interact with a plurality of user terminals. And before the validity of the two-dimensional code is verified according to the certificate public key, the server public key can be obtained from the server to verify the validity of the digital certificate, so that the two-dimensional code can be authenticated more safely and effectively by simple data interaction with the server and two times of validity verification (certificate signature information validity verification and two-dimensional code signature information validity verification) compared with a mode of directly verifying the validity of the two-dimensional code according to the digital certificate without the server, and the use safety of the two-dimensional code is further improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a flowchart illustrating an implementation of a first two-dimensional code authentication method according to an embodiment of the present application;
fig. 2 is a flowchart illustrating an implementation of a second two-dimensional code authentication method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a two-dimensional code authentication system according to an embodiment of the present application;
fig. 4 is a flowchart illustrating steps performed by a first application layer according to an embodiment of the present disclosure;
FIG. 5 is a flowchart illustrating steps performed by a key pair management module according to an embodiment of the present disclosure;
FIG. 6 is a flowchart illustrating steps performed by a certificate management module according to an embodiment of the present application;
FIG. 7 is a flowchart illustrating an interaction between an encoding module and a server according to an embodiment of the present disclosure;
FIG. 8 is a flowchart illustrating an interaction between a code scanning module and a server according to an embodiment of the present disclosure;
fig. 9 is a flowchart of an interaction between a certificate revocation module and a server according to an embodiment of the present application;
fig. 10 is a schematic diagram of a first two-dimensional code authentication device according to an embodiment of the present application;
fig. 11 is a schematic diagram of a second two-dimensional code authentication device according to an embodiment of the present application;
fig. 12 is a block diagram of a communication device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
At present, along with the wide application of two-dimensional codes in various scenes such as mobile payment, anti-counterfeiting traceability, electronic certificates, plane magazines and the like, some two-dimensional codes which are illegally imitated and are not trusted appear. The illegal two-dimensional codes can carry some error information or even virus information, so that certain safety problems exist in the using process of the two-dimensional codes, and certain loss is brought to users.
In order to solve the technical problem, an embodiment of the present application provides a two-dimensional code authentication method, a communication device, and a storage medium, where after it is confirmed that data of a two-dimensional code includes a digital certificate, a public key query instruction is sent to a server to obtain a server public key; the server public key can verify the validity of the certificate signature information, when the server public key confirms that the certificate signature information is legal, the digital certificate is legal, and at the moment, the validity of the two-dimensional code is further confirmed according to the certificate public key in the digital certificate and the two-dimensional code signature information of the two-dimensional code. Since the validity confirmation steps of the embodiment of the application are all executed at the user terminal, compared with a mode of performing two-dimensional code validity verification at a server, the method can avoid excessive operation burden on the server needing to interact with a plurality of user terminals. And before the validity of the two-dimensional code is verified according to the certificate public key, the server public key can be obtained from the server to verify the validity of the digital certificate, so that the two-dimensional code can be authenticated more safely and effectively by simple data interaction with the server and two times of validity verification (certificate signature information validity verification and two-dimensional code signature information validity verification) compared with a mode of directly verifying the validity of the two-dimensional code according to the digital certificate without the server, and the use safety of the two-dimensional code is further improved.
In an embodiment, the two-dimension code authentication method in the embodiment of the application can be applied to a scene of "finance + technology", for example, a scene of mobile payment realized through a two-dimension code, so that the security of mobile payment is improved.
In another embodiment, the two-dimensional code authentication method of the embodiment of the present application may be applied to a medical application scenario. For example, access address information of medical data such as a personal health profile of a patient, an examination report, and a prescription made by a doctor for the patient may be encoded into a two-dimensional code based on a digital certificate. Then, a patient or a doctor can scan the two-dimensional code through the user terminal, so that the user terminal executes the two-dimensional code authentication method of the embodiment of the application, the validity of the two-dimensional code is accurately verified, the reliability of the access address information carried by the two-dimensional code is ensured, safe and reliable medical data can be accurately accessed, and the intelligence and the safety of medical diagnosis are improved.
The first embodiment is as follows:
referring to fig. 1, fig. 1 is a flowchart illustrating an implementation of a first two-dimensional code authentication method provided in an embodiment of the present application, where an execution subject of the method is a user terminal, and the user terminal includes but is not limited to a smart phone, a tablet computer, a notebook, a desktop computer, and the like. The two-dimensional code authentication method shown in fig. 1 is detailed as follows:
in S101, a two-dimensional code is acquired.
In the embodiment of the application, the user terminal reads the data of the two-dimensional code by scanning the two-dimensional code. The two-dimensional code can be a two-dimensional code displayed on a display screen of the communication equipment, can also be a two-dimensional code printed on paper or other object planes, and can also be a two-dimensional code contained in a picture received by the user terminal.
The two-dimensional code includes, but is not limited to, a stacked two-dimensional code and a matrix two-dimensional code. Illustratively, the two-dimensional Code may be a Quick Response Code (QR Code).
The data of the two-dimensional code at least comprises effective data content of the two-dimensional code, namely text information (such as payment certificates, electronic invoice certificates, patient identity information, doctor identity information and the like) or link address information (such as picture links, application program entry links, access address information of medical data and the like) which is actually required to be represented by the two-dimensional code.
In an embodiment, the two-dimensional code is a two-dimensional code generated in advance by a coding terminal. The coding terminal can be the user terminal, namely the user terminal can code in advance according to the coding module of the user terminal, generate and store the two-dimensional code, and then scan the two-dimensional code through the code scanning module of the user terminal when the user terminal needs to acquire the data of the two-dimensional code. In another embodiment, the encoding terminal is another terminal having an encoding module, and the two-dimensional code is generated by encoding by the encoding terminal.
In the embodiment of the application, for a legal two-dimensional code, the data of the two-dimensional code comprises a digital certificate and two-dimensional code signature information besides the valid data content of the two-dimensional code. In one embodiment, if the read data of the two-dimensional code does not contain the digital certificate, the two-dimensional code is directly judged to be an illegal two-dimensional code, and corresponding abnormal feedback information is sent to prompt a user.
In S102, if the data of the two-dimensional code includes a digital certificate, sending a public key query instruction to a server; wherein the digital certificate includes an encoding public key and certificate signature information.
If the read data of the two-dimensional code contains the digital certificate, the two-dimensional code can be further verified. Specifically, a subsequent verification step is initiated by sending a public key query instruction to the server.
In the embodiment of the application, the digital certificate at least comprises an encoding public key and certificate signature information. The encoding public key is a public key submitted to a server when an encoding terminal for encoding the two-dimensional code applies for a digital certificate. The certificate signature information is obtained by performing digital signature processing on the information of the digital certificate through a server private key when the server generates the digital certificate.
In some embodiments, the digital certificate may further include a serial number of the digital certificate (i.e., unique identification information of the digital certificate) and holder identification information corresponding to the certificate holder (the certificate holder is an encoding terminal for encoding the two-dimensional code). The public key query instruction can carry the digital certificate serial number and/or the holder identification information, so that the server can directly return abnormal feedback information to the user terminal when the server cannot query the digital certificate serial number and/or the holder identification information, and the two-dimensional code is prompted to be an illegal two-dimensional code.
In S103, a server public key returned by the server according to the public key query instruction is acquired, and the validity of the certificate signature information is verified according to the server public key.
And receiving a server public key returned by the server, wherein the server public key is a public key corresponding to the server private key mentioned above.
Specifically, the server generates a pair of server key pairs including a server public key and a server secret key in advance through an asymmetric encryption algorithm. Since the certificate signature information in the digital certificate is signature information obtained by digitally signing the information of the digital certificate according to the server private key, the validity of the certificate signature information can be verified by the server public key.
Illustratively, the validity verification process of the certificate signing information is as follows: acquiring first information of the digital certificate (namely all other information except the certificate signature information in the digital certificate, including an encoding public key); performing digest calculation on the first information through a preset digest algorithm (such as a hash algorithm) which is contracted in advance with the server to obtain first digest information; decrypting the certificate signature information through a server public key to obtain second digest information; if the first abstract information is consistent with the second abstract information, judging that the certificate signature information is legal; otherwise, judging that the certificate signature information is illegal, and sending abnormal feedback information.
In S104, if the certificate signature information is determined to be valid according to the server public key, the validity of the two-dimensional code is verified according to the encoding public key and the two-dimensional code signature information of the two-dimensional code.
In the embodiment of the application, if the result of the validity verification of the certificate signature information is legal, the two-dimensional code signature information of the two-dimensional code is verified further according to the coded public key in the digital certificate, so that the validity of the two-dimensional code is verified.
Specifically, before the two-dimensional code is encoded, the encoding terminal generates an encoding key pair in advance through an asymmetric encryption algorithm, wherein the encoding key pair comprises an encoding private key and an encoding public key. When the coding terminal applies for the digital certificate, the coding public key is submitted to the server to become the coding public key in the digital certificate. The two-dimensional code signature information of the embodiment of the application is signature information obtained by a coding terminal performing digital signature processing on valid data content of a two-dimensional code through a coding private key, so that the validity of the two-dimensional code signature information can be verified through a coding public key corresponding to the coding private key.
Specifically, the process of verifying the validity of the two-dimensional code signature information is as follows: obtaining effective content data in the data of the two-dimensional code; performing abstract calculation on the effective data content through a preset abstract algorithm which is contracted in advance with a server to obtain third abstract information; decrypting the two-dimensional code signature information through the coding public key to obtain fourth abstract information; if the third abstract information is consistent with the fourth abstract information, judging that the two-dimension code signature information is legal; otherwise, judging that the two-dimensional code signature information is illegal, and sending abnormal feedback information.
When the two-dimension code signature information is verified to be legal, the current two-dimension code can be confirmed to be a legal two-dimension code, and valid data content contained in the two-dimension code is legal content.
In some embodiments, after the two-dimensional code is confirmed to be a legal two-dimensional code, operations such as payment, picture access, website access and the like can be safely and effectively executed according to the valid data content of the two-dimensional code.
Since the validity confirmation steps of the embodiment of the application are all executed at the user terminal, compared with a mode of performing two-dimensional code validity verification at a server, the method can avoid excessive operation burden on the server needing to interact with a plurality of user terminals. And before the validity of the two-dimensional code is verified according to the certificate public key, the server public key can be obtained from the server to verify the validity of the digital certificate, so that the two-dimensional code can be authenticated more safely and effectively by simple data interaction with the server and two times of validity verification (certificate signature information validity verification and two-dimensional code signature information validity verification) compared with a mode of directly verifying the validity of the two-dimensional code according to the digital certificate without the server, and the use safety of the two-dimensional code is further improved.
Optionally, the digital certificate further includes validity period information, and correspondingly, if the data of the two-dimensional code includes a digital certificate, the sending a public key query instruction to a server includes:
and if the data of the two-dimensional code contains a digital certificate and the digital certificate is determined to be within the valid period according to the valid period information, sending a public key inquiry instruction to a server.
In the embodiment of the present application, the digital certificate includes an expiration date information in addition to the encoding public key and the certificate signature information. The user terminal can read the validity period information from the digital certificate and compare the validity period information with the current time information. If the current time information is determined to be within the range of the valid period information, the digital certificate is determined to be within the valid period, namely the digital certificate is valid, and a public key inquiry instruction can be sent to the server to continue to execute the subsequent authentication steps. On the contrary, if the current time information exceeds the range of the validity period information, it is determined that the digital certificate currently exceeds the validity period, for example, the validity period information of the two-dimensional code is 2021 year 6 month 10 day, and the current time information is 2021 year 6 month 12 day, it is determined that the digital certificate has expired, and the two-dimensional code is determined to be an illegal two-dimensional code.
In the embodiment of the application, the digital certificate further includes the validity period information, that is, a valid service life is further constrained for the digital certificate, so that the digital certificate cannot be used for a long time but needs to be applied or updated in time, and thus, the security of two-dimensional code authentication can be further improved.
Optionally, if the data of the two-dimensional code includes a digital certificate, sending a public key query instruction to a server, where the public key query instruction includes:
if the data of the two-dimensional code contains a digital certificate, sending a digital certificate inquiry instruction to a service;
acquiring certificate inquiry result information returned by the server according to the digital certificate inquiry instruction;
and if the certificate inquiry result information is information indicating that the digital certificate is not revoked, sending a public key inquiry instruction to a server.
In the embodiment of the application, the digital certificate generated by the server can be revoked according to the requirement of the encoding terminal, so that the two-dimensional code generated by the encoding terminal according to the digital certificate is invalid. The revoked digital certificate may be stored in a certificate revocation list of the server.
Correspondingly, in the embodiment of the application, after the data of the two-dimensional code is confirmed to contain the digital certificate and the digital certificate is within the validity period, a digital certificate inquiry instruction may be further sent to the server to inquire whether the digital certificate is revoked. Wherein, the digital certificate inquiry instruction can carry the digital certificate serial number.
Then, the user terminal may receive the certificate query result information returned by the server, where the certificate query structure information is result information obtained by the server querying from the certificate revocation list according to the digital certificate query instruction.
If the received certificate query result information is information indicating that the digital certificate is not revoked, a public key query instruction can be sent to the server at this time to continue the subsequent authentication step. On the contrary, if the received certificate query result information is information indicating that the digital certificate is revoked, it indicates that the digital certificate included in the two-dimensional code is invalid, and the two-dimensional code is an illegal two-dimensional code.
In the embodiment of the application, after the two-dimensional code of the included digital certificate is acquired, whether the digital certificate is revoked or not can be further inquired, and the two-dimensional code can be further authenticated only when the digital certificate is not revoked, so that the two-dimensional code authentication can be safely and effectively realized according to the validity of the digital certificate.
Optionally, before the acquiring the two-dimensional code, the method further includes:
acquiring a digital certificate, wherein the digital certificate comprises an encoding public key and certificate signature information;
according to a coding private key corresponding to the coding public key, performing digital signature processing on effective content data to be coded to obtain two-dimensional code signature information;
and coding according to the effective content data, the two-dimension code signature information and the digital certificate to generate a two-dimension code.
In the embodiment of the application, the user terminal is a code scanning terminal with a code scanning module and is also a coding terminal with a coding module. The two-dimensional code acquired by the user terminal may be a two-dimensional code obtained by encoding the user terminal in advance.
Specifically, the user terminal first obtains a digital certificate that has been applied to the server in advance from a local storage unit. The encoding public key contained in the digital certificate is a public key in an encoding key pair generated by the user terminal in advance, and the certificate signature information contained in the digital certificate is signature information obtained by performing digital signature processing on first information of the digital certificate when the server generates the digital certificate for the user terminal.
And after the digital certificate is obtained, obtaining a coding private key corresponding to the coding public key from a storage unit of the user terminal, wherein the coding private key is the private key in the coding private key pair. And then, carrying out digital signature processing on the effective content data to be coded according to the coding private key to obtain two-dimensional code signature information. Specifically, the user terminal performs summary calculation on the effective content data according to a preset summary algorithm to obtain the fourth summary information; and encrypting the fourth summary information through the encoding private key to obtain the two-dimensional code signature information.
After the digital certificate and the two-dimension code signature information are obtained, the effective content data to be coded, the digital certificate and the two-dimension code signature information are combined into target data, and the target data are coded through a preset coding algorithm (such as a QR coding algorithm), so that the corresponding two-dimension code is generated.
In the embodiment of the application, the user terminal can acquire the digital certificate, calculate the two-dimension code signature information, and encode the digital certificate, the two-dimension code signature information and the effective content data to be encoded to generate the corresponding two-dimension code, so that the user terminal not only has the two-dimension code authentication function, but also can generate the corresponding two-dimension code which is high in safety and can be safely authenticated by the user terminal or other user terminals.
Optionally, the acquiring a digital certificate includes:
sending a digital certificate application instruction to the server, wherein the digital certificate application instruction comprises a coding public key in a coding key pair generated by the user terminal;
and receiving a digital certificate returned by the server, wherein the digital certificate comprises the encoding public key and certificate signature information, and the certificate signature information is obtained by the server through signature processing of the digital certificate by a server private key.
In the embodiment of the application, when the user terminal cannot acquire the digital certificate from the local storage unit, that is, the user terminal does not apply for the corresponding digital certificate yet, a digital certificate application instruction may be sent to the server. The digital certificate application instruction comprises an encoding public key in an encoding key pair generated by the user terminal.
In one embodiment, the digital certificate application instruction includes identification information (e.g., a user number) of the user terminal in addition to the encoded public key, and encrypted data obtained by encrypting the identification information of the user terminal by an encoded private key. The coded public key, the identification information of the user terminal and the encrypted data jointly form certification data of the user terminal, and the server can generate a corresponding digital certificate for the user terminal after verifying that the user terminal is legal according to the certification data and send the digital certificate to the user terminal.
After receiving the digital certificate returned by the server, the user terminal can store the digital certificate into a certificate data table of the user terminal, and perform subsequent two-dimensional code encoding according to the digital certificate.
In the embodiment of the application, the user terminal can apply for the digital certificate according to the self requirement, so that the safe and effective two-dimensional code can be encoded according to the digital certificate subsequently, and the safety of the subsequent two-dimensional code authentication is improved.
Optionally, after the acquiring the digital certificate, further comprising:
if the digital certificate is confirmed to be expired according to the validity information contained in the digital certificate, sending a digital certificate modification instruction to the server;
and receiving the digital certificate updated by the server according to the digital certificate modification instruction.
In the embodiment of the present application, the digital certificate includes validity information. If the user terminal can acquire the digital certificate from the local storage unit, it indicates that the user terminal has previously applied for the digital certificate from the server. At this time, it is necessary to further confirm whether the digital certificate can be used continuously or not, based on the validity period information included in the digital certificate.
If the digital certificate is confirmed to be expired according to the valid period information contained in the digital certificate, sending a digital certificate modification instruction to a server so as to update the digital certificate by updating the valid period information of the digital certificate. In some embodiments, the digital certificate modification instructions may contain deadline information specified by the user terminal. In other embodiments, the digital certificate modification instruction further includes a digital certificate serial number and the above-mentioned certification data of the user terminal, so that the server modifies the corresponding digital certificate after confirming the identity of the user terminal.
After the server obtains the digital certificate modification instruction, the server can modify the validity period information contained in the digital certificate, and re-sign the digital certificate to generate an updated digital certificate. The updated digital certificate contains new expiration information and new certificate signature information. And the user terminal acquires the updated digital certificate and performs subsequent two-dimensional code encoding according to the updated digital certificate.
In the embodiment of the application, when the digital certificate is expired, the updated digital certificate can be obtained only by sending the digital certificate modification instruction to the server, and the validity of the digital certificate is ensured without reapplication, so that the safe and effective two-dimensional code can be generated according to the digital certificate subsequently.
Optionally, after the acquiring the digital certificate, further comprising:
and sending a digital certificate revocation instruction to the server to revoke the digital certificate.
In the embodiment of the application, the user terminal can also revoke the digital certificate after applying for the digital certificate.
In one embodiment, after obtaining a revocation instruction of a user operation, a user terminal queries a certificate data table locally stored in the user terminal, and if a digital certificate cannot be queried, it indicates that the user terminal has not applied for the digital certificate, and sends a notification message prompting that the digital certificate does not exist to the user. If the digital certificate is inquired, deleting the digital certificate from a certificate data table stored locally, and sending a digital certificate revocation instruction to the server. The digital certificate revocation instruction may include a digital certificate serial number and the above-mentioned certification data of the user terminal, so that the server revokes the corresponding digital certificate after confirming the identity of the user terminal.
In one embodiment, after the user terminal issues the digital certificate revocation instruction, the user terminal may receive revocation result information returned by the server, and feed back the revocation result information to the user.
In the embodiment of the application, the digital certificate can be revoked according to the needs of the user, and the revocation of the digital certificate can disable the two-dimensional code generated according to the digital certificate code, so that the two-dimensional code which possibly has error information can be timely disabled according to the needs of the user, and the security of subsequent two-dimensional code authentication can be improved.
Example two:
referring to fig. 2, fig. 2 is a flowchart illustrating an implementation of a second two-dimensional code authentication method according to an embodiment of the present application, where an execution subject of the method is a server. The two-dimensional code authentication method shown in fig. 2 is detailed as follows:
in S201, a public key inquiry command transmitted from the user terminal is received.
Corresponding to step S102 in the first embodiment, the server may receive a public key query instruction sent by the user terminal, where the public key query instruction is sent after the user terminal confirms that the data of the two-dimensional code includes the digital certificate.
In S202, a server public key pre-stored by the server is obtained according to the public key query instruction, and the server public key is returned to the user terminal to indicate the user terminal to verify the validity of the two-dimensional code.
After receiving the public key query instruction, the server acquires the server public key of the server from the key pair table of the server, and sends the server public key to the user terminal, so that the user terminal can verify the certificate signature information of the digital certificate of the two-dimensional code according to the server public key, verify the validity of the digital certificate, and further verify the validity of the two-dimensional code.
In the embodiment of the application, the server can receive the public key query instruction sent by the user terminal and return the server public key to the user terminal, so that the server only needs to perform simple data interaction with the user terminal, namely, the two-dimensional code authentication can be realized through the indication of the user terminal on the premise of not needing to bear excessive verification operation, and the use safety of the two-dimensional code is improved.
Optionally, before the receiving the public key query instruction sent by the user at the terminal, the method further includes:
receiving a digital certificate application instruction sent by the user terminal; the digital certificate application instruction comprises information of a coding public key;
verifying the information of the user terminal according to the digital certificate application instruction;
if the information of the user terminal passes the verification, generating a corresponding digital certificate for the user terminal; wherein the digital certificate contains the encoding public key and certificate signature information; the certificate signature information is signature information obtained by performing digital signature processing on data of the digital certificate according to a server private key corresponding to the server public key;
and sending the digital certificate to the user terminal.
Corresponding to the previous embodiment, in the embodiment of the present application, the server may receive a digital certificate application instruction sent by the user terminal, and issue a corresponding digital certificate for the user terminal. The digital certificate application instruction includes information encoding a public key. Further, the digital certificate application instruction specifically includes certification data composed of a public key, identification information of the user terminal, and encrypted data, where the encrypted data is data obtained by the user terminal encrypting the identification information of the user terminal through the public key.
And after receiving the digital certificate application instruction, the server performs identity authentication on the user terminal. In one embodiment, the information of the user terminal may be a network address of the user terminal; the server stores a preset user address list, and if the network address of the user terminal can be found in the user address list, the information of the user terminal is determined to be validated and the user terminal is legal. In another embodiment, the information of the ue is the above-mentioned certification data. Specifically, the user terminal decrypts the encrypted data according to the encoding public key to obtain decrypted data; and if the decrypted data is consistent with the identification information of the user terminal, determining that the information of the user terminal passes the verification and the user terminal is legal.
And after the information of the user terminal passes the verification, the server generates a corresponding digital certificate for the user terminal according to the coding public key of the user terminal. The digital certificate contains at least an encoded public key and certificate signature information. The digital certificate may also include a digital certificate serial number, identification information of the user terminal (i.e., holder identification information of the digital certificate), and validity period information. In one embodiment, a server firstly combines a coding public key, a digital certificate serial number, identification information of a user terminal and validity period information into first information, and performs summary calculation on the first information through a preset summary algorithm to obtain summary information corresponding to the first information; and obtaining a server private key to encrypt the summary information corresponding to the first information to obtain the certificate signature information. And then generating a digital certificate carrying the first information and the certificate signature information.
After the digital certificate is generated, the digital certificate may be stored in a certificate data table of the server and transmitted to the user terminal.
In the embodiment of the application, the server can receive the digital certificate application instruction of the user terminal and generate the corresponding digital certificate for the user terminal, so that the user terminal can encode and generate the two-dimensional code carrying the digital certificate subsequently, and the use safety of the two-dimensional code is improved.
In one embodiment, the server is further capable of receiving a digital certificate modification instruction sent by the user terminal, obtaining a corresponding digital certificate from the certificate data table according to a digital certificate serial number included in the digital certificate modification instruction, modifying validity information of the corresponding digital certificate, performing digital signature on the information of the digital certificate again according to a server private key, generating an updated digital certificate, and returning the updated digital certificate to the user terminal. By the method of the embodiment, the service life of the digital certificate can be prolonged according to the needs of the user, and the flexibility of the use of the digital certificate is improved.
In another embodiment, the server is further capable of receiving a digital certificate revocation instruction sent by the user terminal, storing the digital certificate serial number in a certificate revocation list according to the digital certificate serial number of the digital certificate revocation instruction, and deleting the digital certificate corresponding to the digital certificate serial number from the certificate database. By the method of the embodiment, the digital certificate can be flexibly revoked, and the use safety of the two-dimensional code is improved.
In yet another embodiment, the server may further receive a digital certificate query instruction sent by the user terminal, query, from the certificate revocation list, whether a digital certificate consistent with a digital certificate serial number carried in the digital certificate query instruction exists, if so, take information indicating that the digital certificate has been revoked as certificate query result information, and return the certificate query result to the user terminal. By the method of the embodiment, whether the digital certificate is revoked can be fed back to the user terminal in time, so that the user terminal can determine whether the digital certificate carried by the two-dimensional code is a valid certificate, and the use safety of the two-dimensional code is further improved.
By way of example and not limitation, fig. 3 illustrates a schematic diagram of a two-dimensional code authentication system provided in an embodiment of the present application, where the two-dimensional code authentication system includes a server and a user terminal. Specifically, the server comprises a first storage layer, a calculation processing layer and a first application layer:
the first storage layer is used for storing a first key pair table, a certificate data table and a certificate revocation table. The first key pair table stores a pair of asymmetric key pairs of a server public key and a server private key; the certificate data table is used for storing each corresponding digital certificate which is generated by the server for the user terminal applying for the digital certificate; the certificate revocation list is used for storing the revoked digital certificate.
The computation processing layer is able to access the above-mentioned first storage layer by means of database operations. Specifically, the computation processing layer includes a key pair management module and a certificate management module. The certificate management module comprises a certificate generation unit, a certificate inquiry unit, a certificate revocation unit and a certificate modification unit.
The first application layer comprises an instruction analysis module and an instruction processing module, and is used for monitoring information of a request instruction sent by the user terminal and returning a corresponding response result to the user terminal.
In one embodiment, the flow chart of the execution steps of the first application layer is shown in fig. 4. The first application layer is in a state of monitoring a request instruction of the user terminal at the beginning. And after a request instruction sent by the user terminal is monitored, judging the request type of the request instruction. If the request type is the operation request of the key pair, the request instruction is transmitted to a key pair management module of a computer processing layer. If the request type is a certificate operation request, transmitting a request instruction to a certificate management module of the calculation processing layer.
In one embodiment, a flowchart of the steps performed by the key pair management module in the computation processing layer is shown in FIG. 5. In the starting state after the server is started, a key inquiry unit is used for inquiring whether a first key pair exists in a first key pair table or not; if the first key pair table is empty, a server key pair (including a server public key and a server private key) is generated by the key generation unit and stored in the first key pair table. After receiving a key pair operation request (specifically, a public key query instruction) sent by the first application layer, the key pair management module queries the first key pair table through the key query unit, and returns the queried server public key to the user terminal through the first application layer.
A flowchart illustrating the steps performed by the certificate management module of the computer processing layer in one embodiment is shown in fig. 6. After the certificate operation request is acquired, it is first determined whether the certificate operation request is legal (e.g., whether the certificate data of the user terminal passes verification), and if not, the process is directly ended. If yes, the request type is further judged. If the request type is a digital certificate application type, correspondingly forwarding the request type to a certificate application unit for processing; if the request type is a digital certificate revocation type, correspondingly forwarding the request type to a certificate revocation unit for processing; if the request type is a digital certificate modification type, correspondingly forwarding the request type to a certificate modification unit for processing; and if the request type is the digital certificate inquiry type, correspondingly forwarding the request type to a certificate inquiry unit for processing.
Specifically, the user terminal includes a second storage layer and a second application layer:
the second storage tier includes a second key pair table and a local certificate table. The second key pair table is used for storing an encoding key pair generated by the user terminal, and the encoding key pair comprises an encoding public key and an encoding private key. The local certificate table is used for storing the digital certificate which is obtained by the user terminal applying to the server.
The second application layer comprises an encoding module, a code scanning module and a certificate revocation module. The code scanning module comprises a certificate verification unit and a data decoding unit.
In one embodiment, the flow chart of the interaction of the encoding module with the server is shown in FIG. 7. The method comprises the following steps: when the user terminal needs to encode the two-dimensional code, the local certificate table is inquired, and whether the digital certificate is included is judged. If the digital certificate is not included, then: sending a digital certificate application instruction to a server; then, the server carries out a server verification step, wherein the server verification specifically is to verify the certification data of the user terminal contained in the digital certificate application instruction; when the server passes the verification, receiving a digital certificate, adding the digital certificate to a local certificate table, and directly coding the two-dimensional code according to the digital certificate; and if the server fails to verify, directly ending the process. If the digital certificate is included, then: verifying the digital certificate validity information; if the digital certificate is judged to be valid, encoding the two-dimensional code directly according to the digital certificate; if the digital certificate is judged to be invalid, sending a digital certificate modification instruction to the server so as to enable the server to execute a server verification step, receiving an updated digital certificate returned by the server when the verification is passed, modifying a local certificate table according to the updated digital certificate, and encoding the two-dimensional code according to the updated digital certificate; and directly ending when the server fails to verify.
In one embodiment, the interaction flow chart of the code scanning module and the server is shown in fig. 8, and includes: after entering a scanning interface, the user terminal scans the two-dimensional code; judging whether the data of the two-dimensional code contains a digital certificate; and if the digital certificate is not included, directly judging that the two-dimensional code is illegal and ending. If the digital certificate is contained, continuously judging whether the digital certificate is expired, if so, directly judging that the two-dimensional code is illegal and ending; if not, inquiring the server whether the digital certificate is revoked. If the digital certificate is revoked, directly judging that the two-dimensional code is illegal and finishing; if the public key is not revoked, a public key inquiry instruction is sent to the server; and receiving a server public key returned by the server. If the certificate signature information of the digital certificate passes the verification according to the server public key, further verifying the two-dimensional code signature information of the two-dimensional code according to the coding public key contained in the digital certificate; otherwise, directly judging that the two-dimensional code is illegal and finishing. And if the two-dimension code signature information passes verification, judging that the two-dimension code is a legal two-dimension code, and if not, directly judging that the two-dimension code is illegal and ending.
In one embodiment, the interaction flow diagram of the certificate revocation module with the server is shown in fig. 9, and includes: after detecting the digital certificate revocation operation (for example, receiving a user clicking a revocation button), inquiring a local certificate table, and judging whether a digital certificate exists; if the digital certificate does not exist, sending a notification message (specifically, a notification message prompting that the digital certificate does not exist) to the user; if the digital certificate exists, deleting the digital certificate in the local certificate table, sending a digital certificate revocation instruction to the server, receiving a response result returned by the server, and sending a notification message (specifically, a notification message prompting success or failure of digital certificate revocation) to the user.
As a possible implementation manner, the server may be a server in an intelligent medical system, and the user terminal may be a terminal that is held by a doctor or a patient and that is installed with an intelligent inquiry application program. For example, access address information of medical data or the like may be encoded into a corresponding two-dimensional code; the user terminal can scan the two-dimensional code and send a public key query instruction to a server in the intelligent medical system when determining that the data of the two-dimensional code contains a digital certificate; then, the user terminal acquires the returned server public key and verifies the validity of the certificate signature information in the digital certificate of the two-dimensional code according to the server public key; and after the certificate signature information is confirmed to be legal, verifying the validity of the two-dimensional code according to the coded public key contained in the digital certificate and the two-dimensional code signature information of the two-dimensional code. After the two-dimension code is verified to be legal, the two-dimension code can be analyzed to determine the access address information of the medical data; and then, according to the safe and accurate access address information, the corresponding medical data can be accurately accessed and obtained, and the safety and reliability of the accessed medical data are ensured.
Example three:
fig. 10 is a schematic structural diagram of a first two-dimensional code authentication device provided in an embodiment of the present application, where the first two-dimensional code authentication device is applied to a user terminal, and for convenience of description, only a part related to the embodiment of the present application is shown:
this first two-dimensional code authentication device includes: the two-dimensional code verifying method comprises a two-dimensional code obtaining module 101, a public key inquiring module 102, a public key obtaining module 103 and a two-dimensional code validity verifying module 104. Wherein:
and the two-dimensional code acquisition module 101 is used for acquiring a two-dimensional code.
The public key query module 102 is configured to send a public key query instruction to a server if the data of the two-dimensional code includes a digital certificate; wherein the digital certificate includes an encoding public key and certificate signature information.
And the public key acquisition module 103 is configured to acquire a server public key returned by the server according to the public key query instruction, and verify the validity of the certificate signature information according to the server public key.
And the two-dimension code validity verifying module 104 is configured to verify the validity of the two-dimension code according to the encoding public key and the two-dimension code signature information of the two-dimension code if the certificate signature information is determined to be valid according to the server public key.
Optionally, the digital certificate further includes validity period information, and correspondingly, the public key query module is specifically configured to send a public key query instruction to a server if the data of the two-dimensional code includes the digital certificate and it is determined that the digital certificate is within the validity period according to the validity period information. .
Optionally, the public key query module is specifically configured to send a digital certificate query instruction to a service if the data of the two-dimensional code includes a digital certificate; acquiring certificate inquiry result information returned by the server according to the digital certificate inquiry instruction; and if the certificate inquiry result information is information indicating that the digital certificate is not revoked, sending a public key inquiry instruction to a server.
Optionally, the first two-dimensional code authentication apparatus further includes:
the two-dimensional code generation module is used for acquiring a digital certificate, and the digital certificate comprises a coding public key and certificate signature information; according to a coding private key corresponding to the coding public key, performing digital signature processing on effective content data to be coded to obtain two-dimensional code signature information; and coding according to the effective content data, the two-dimension code signature information and the digital certificate to generate a two-dimension code.
Optionally, in the two-dimensional code generating module, the obtaining a digital certificate includes: sending a digital certificate application instruction to the server, wherein the digital certificate application instruction comprises a coding public key in a coding key pair generated by the user terminal; and receiving a digital certificate returned by the server, wherein the digital certificate comprises the encoding public key and certificate signature information, and the certificate signature information is obtained by the server through signature processing of the digital certificate by a server private key.
Optionally, the first two-dimensional code authentication apparatus further includes:
the digital certificate modification module is used for sending a digital certificate modification instruction to the server if the digital certificate is confirmed to be expired according to the validity period information contained in the digital certificate; and receiving the digital certificate updated by the server according to the digital certificate modification instruction.
Optionally, the first two-dimensional code authentication apparatus further includes:
and the digital certificate revocation module is used for sending a digital certificate revocation instruction to the server so as to revoke the digital certificate.
Fig. 11 is a schematic structural diagram of a second two-dimensional code authentication device provided in an embodiment of the present application, where the second two-dimensional code authentication device is applied to a server, and for convenience of description, only a part related to the embodiment of the present application is shown:
the second two-dimensional code authentication device includes: a query instruction receiving module 111 and a server public key sending module 112. Wherein:
a query instruction receiving module 111, configured to receive a public key query instruction sent by a user terminal;
and a server public key sending module 112, configured to obtain a server public key pre-stored by the server according to the public key query instruction, and return the server public key to the user terminal, so as to indicate the user terminal to verify the validity of the two-dimensional code.
Optionally, the second two-dimensional code authentication apparatus further includes:
the digital certificate generating module is used for receiving a digital certificate application instruction sent by the user terminal; the digital certificate application instruction comprises information of a coding public key; verifying the information of the user terminal according to the digital certificate application instruction; if the information of the user terminal passes the verification, generating a corresponding digital certificate for the user terminal; wherein the digital certificate contains the encoding public key and certificate signature information; the certificate signature information is signature information obtained by performing digital signature processing on data of the digital certificate according to a server private key corresponding to the server public key; and sending the digital certificate to the user terminal.
It should be noted that, for the information interaction, execution process, and other contents between the above-mentioned devices/units, the specific functions and technical effects thereof are based on the same concept as those of the embodiment of the method of the present application, and specific reference may be made to the part of the embodiment of the method, which is not described herein again.
Example four:
fig. 12 is a block diagram of a communication device according to another embodiment of the present application. As shown in fig. 12, the communication device 120 of this embodiment includes: a processor 121, a memory 122 and a computer program 123, such as a program of a two-dimensional code authentication method, stored in said memory 122 and executable on said processor 121. The processor 121 executes the computer program 123 to implement the steps in each embodiment of the two-dimensional code authentication method, such as S101 to S104 shown in fig. 1 or S201 to S202 shown in fig. 2. Alternatively, when the processor 121 executes the computer program 123, the functions of the modules in the embodiments corresponding to fig. 10 or fig. 11 are implemented, for example, the functions of the two-dimensional code obtaining module 101 to the two-dimensional code validity verifying module 104 shown in fig. 10, or the functions of the query instruction receiving module 111 to the server public key sending module 112 shown in fig. 11.
Illustratively, the computer program 123 may be divided into one or more units, which are stored in the memory 122 and executed by the processor 121 to accomplish the present application. The one or more units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 123 in the communication device 120.
The communication device 12 may be a computing device such as a mobile phone, a desktop computer, a notebook, a palm computer, and a server. The communication device may include, but is not limited to, a processor 120, a memory 121. Those skilled in the art will appreciate that fig. 12 is merely an example of a communication device 12 and does not constitute a limitation of communication device 12 and may include more or fewer components than shown, or some components may be combined, or different components, e.g., the communication device may also include input output devices, network access devices, buses, etc.
The Processor 120 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 121 may be an internal storage unit of the communication device 12, such as a hard disk or a memory of the communication device 12. The memory 121 may also be an external storage device of the communication device 12, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the communication device 12. Further, the memory 121 may also include both an internal storage unit and an external storage device of the communication device 12. The memory 121 is used for storing the computer programs and other programs and data required by the communication device. The memory 121 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.

Claims (11)

1. A two-dimension code authentication method is applied to a user terminal and comprises the following steps:
acquiring a two-dimensional code;
if the data of the two-dimensional code contains a digital certificate, sending a public key query instruction to a server; wherein the digital certificate comprises an encoding public key and certificate signature information;
acquiring a server public key returned by the server according to the public key inquiry instruction, and verifying the legality of the certificate signature information according to the server public key;
and if the certificate signature information is determined to be legal according to the server public key, verifying the validity of the two-dimensional code according to the coding public key and the two-dimensional code signature information of the two-dimensional code.
2. The two-dimensional code authentication method according to claim 1, wherein the digital certificate further includes expiration information, and correspondingly, if the data of the two-dimensional code includes a digital certificate, the sending of the public key query instruction to the server includes:
and if the data of the two-dimensional code contains a digital certificate and the digital certificate is determined to be within the valid period according to the valid period information, sending a public key inquiry instruction to a server.
3. The two-dimensional code authentication method according to claim 1, wherein if the data of the two-dimensional code includes a digital certificate, sending a public key query instruction to a server, includes:
if the data of the two-dimensional code contains a digital certificate, sending a digital certificate inquiry instruction to a service;
acquiring certificate inquiry result information returned by the server according to the digital certificate inquiry instruction;
and if the certificate inquiry result information is information indicating that the digital certificate is not revoked, sending a public key inquiry instruction to a server.
4. The two-dimensional code authentication method according to any one of claims 1 to 3, further comprising, before the acquiring the two-dimensional code:
acquiring a digital certificate, wherein the digital certificate comprises an encoding public key and certificate signature information;
according to a coding private key corresponding to the coding public key, performing digital signature processing on effective content data to be coded to obtain two-dimensional code signature information;
and coding according to the effective content data, the two-dimension code signature information and the digital certificate to generate a two-dimension code.
5. The two-dimensional code authentication method of claim 4, wherein the obtaining a digital certificate comprises:
sending a digital certificate application instruction to the server, wherein the digital certificate application instruction comprises a coding public key in a coding key pair generated by the user terminal;
and receiving a digital certificate returned by the server, wherein the digital certificate comprises the encoding public key and certificate signature information, and the certificate signature information is obtained by the server through signature processing of the digital certificate by a server private key.
6. The two-dimensional code authentication method according to claim 5, further comprising, after the acquiring the digital certificate:
if the digital certificate is confirmed to be expired according to the validity information contained in the digital certificate, sending a digital certificate modification instruction to the server;
and receiving the digital certificate updated by the server according to the digital certificate modification instruction.
7. The two-dimensional code authentication method according to claim 5, further comprising, after the acquiring the digital certificate:
and sending a digital certificate revocation instruction to the server to revoke the digital certificate.
8. A two-dimension code authentication method is applied to a server and comprises the following steps:
receiving a public key query instruction sent by a user terminal;
and obtaining a server public key prestored by the server according to the public key query instruction, and returning the server public key to the user terminal so as to indicate the user terminal to verify the validity of the two-dimensional code.
9. The two-dimensional code authentication method according to claim 8, before the receiving the public key query instruction sent by the user terminal, further comprising:
receiving a digital certificate application instruction sent by the user terminal; the digital certificate application instruction comprises information of a coding public key;
verifying the information of the user terminal according to the digital certificate application instruction;
if the information of the user terminal passes the verification, generating a corresponding digital certificate for the user terminal; wherein the digital certificate contains the encoding public key and certificate signature information; the certificate signature information is signature information obtained by performing digital signature processing on data of the digital certificate according to a server private key corresponding to the server public key;
and sending the digital certificate to the user terminal.
10. A communication device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 7 when executing the computer program or implements the steps of the method according to any of claims 8 to 9 when executing the computer program.
11. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7, or which, when being executed by a processor, carries out the steps of the method according to any one of claims 8 to 9.
CN202110961100.0A 2021-08-20 2021-08-20 Two-dimensional code authentication method, communication device and storage medium Active CN113676332B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110961100.0A CN113676332B (en) 2021-08-20 2021-08-20 Two-dimensional code authentication method, communication device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110961100.0A CN113676332B (en) 2021-08-20 2021-08-20 Two-dimensional code authentication method, communication device and storage medium

Publications (2)

Publication Number Publication Date
CN113676332A true CN113676332A (en) 2021-11-19
CN113676332B CN113676332B (en) 2022-11-04

Family

ID=78544564

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110961100.0A Active CN113676332B (en) 2021-08-20 2021-08-20 Two-dimensional code authentication method, communication device and storage medium

Country Status (1)

Country Link
CN (1) CN113676332B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114567444A (en) * 2022-02-24 2022-05-31 广东电网有限责任公司 Digital signature verification method and device, computer equipment and storage medium
CN114679276A (en) * 2022-02-18 2022-06-28 支付宝(杭州)信息技术有限公司 Identity authentication method and device based on time one-time password algorithm
WO2024082866A1 (en) * 2022-10-17 2024-04-25 华为云计算技术有限公司 Two-dimensional code anti-counterfeiting system and method, and related device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109379181A (en) * 2018-08-10 2019-02-22 航天信息股份有限公司 It generates, the method and apparatus of verifying two dimensional code, storage medium and electronic equipment
CN109495268A (en) * 2017-09-12 2019-03-19 中国移动通信集团公司 A kind of two dimension code authentication method, device and computer readable storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109495268A (en) * 2017-09-12 2019-03-19 中国移动通信集团公司 A kind of two dimension code authentication method, device and computer readable storage medium
CN109379181A (en) * 2018-08-10 2019-02-22 航天信息股份有限公司 It generates, the method and apparatus of verifying two dimensional code, storage medium and electronic equipment

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114679276A (en) * 2022-02-18 2022-06-28 支付宝(杭州)信息技术有限公司 Identity authentication method and device based on time one-time password algorithm
CN114679276B (en) * 2022-02-18 2024-04-23 支付宝(杭州)信息技术有限公司 Identity authentication method and device of time-based one-time password algorithm
CN114567444A (en) * 2022-02-24 2022-05-31 广东电网有限责任公司 Digital signature verification method and device, computer equipment and storage medium
CN114567444B (en) * 2022-02-24 2023-09-05 广东电网有限责任公司 Digital signature verification method, device, computer equipment and storage medium
WO2024082866A1 (en) * 2022-10-17 2024-04-25 华为云计算技术有限公司 Two-dimensional code anti-counterfeiting system and method, and related device

Also Published As

Publication number Publication date
CN113676332B (en) 2022-11-04

Similar Documents

Publication Publication Date Title
CN109862041B (en) Digital identity authentication method, equipment, device, system and storage medium
JP7297360B2 (en) Key management method, device, system, computer equipment and computer program
US20200177580A1 (en) Digital certificate with software enabling indication
CN109274652B (en) Identity information verification system, method and device and computer storage medium
US11258792B2 (en) Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium
CN113676332B (en) Two-dimensional code authentication method, communication device and storage medium
CN111783075B (en) Authority management method, device and medium based on secret key and electronic equipment
CN111506901B (en) Block chain-based data processing method, terminal and storage medium
US10992481B2 (en) Two-dimensional code generation method, apparatus, data processing method, apparatus, and server
WO2020186827A1 (en) User authentication method and apparatus, computer device and computer-readable storage medium
CN108933667B (en) Management method and management system of public key certificate based on block chain
WO2019094611A1 (en) Identity-linked authentication through a user certificate system
CN112671720B (en) Token construction method, device and equipment for cloud platform resource access control
WO2009158086A2 (en) Techniques for ensuring authentication and integrity of communications
JP2018038068A (en) Method for confirming identification information of user of communication terminal and related system
CN109495268B (en) Two-dimensional code authentication method and device and computer readable storage medium
CN112165382B (en) Software authorization method and device, authorization server side and terminal equipment
CN111538784A (en) Block chain-based digital asset transaction method and device and storage medium
CN111630544A (en) Method and system for controlling distribution of products in computer network
WO2020173019A1 (en) Access certificate verification method and device, computer equipment and storage medium
CN111340483A (en) Data management method based on block chain and related equipment
JP2017152880A (en) Authentication system, key processing coordination method, and key processing coordination program
CN108471403B (en) Account migration method and device, terminal equipment and storage medium
JP2004213265A (en) Electronic document management device, document producer device, document viewer device, and electronic document management method and system
KR102053993B1 (en) Method for Authenticating by using Certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant