CN106330945A - Digital certificate synchronization method, digital signature server and digital certificate synchronization system - Google Patents
Digital certificate synchronization method, digital signature server and digital certificate synchronization system Download PDFInfo
- Publication number
- CN106330945A CN106330945A CN201610798642.XA CN201610798642A CN106330945A CN 106330945 A CN106330945 A CN 106330945A CN 201610798642 A CN201610798642 A CN 201610798642A CN 106330945 A CN106330945 A CN 106330945A
- Authority
- CN
- China
- Prior art keywords
- digital signature
- server
- digital
- signature server
- digital certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Hardware Redundancy (AREA)
Abstract
The embodiment of the invention provides a digital certificate synchronization method, a digital signature server and a digital certificate synchronization system, and relates to the technical field of network security and can solve a problem of repeated digital certificate synchronization when an existing digital signature server is restarted and performs digital certificate synchronization. The digital certificate synchronization method is applied to a digital certificate synchronization system which comprises at least two digital signature servers, and comprises the steps that when a digital signature server is restarted and the restarted digital signature server is configured to be a central server, the restarted digital signature server performs digital certificate increment synchronization with any digital signature server which is configured to be a central server in the digital certificate synchronization system; and when a digital signature server is restarted and the restarted digital signature server is configured to be a non central server, the restarted digital signature server performs digital certificate total content synchronization with any digital signature server which is configured to be a central server in the digital certificate synchronization system. The digital certificate synchronization method, the digital signature server and the digital certificate synchronization system are used for synchronizing digital certificates.
Description
Technical field
The present invention relates to technical field of network security, particularly relate to a kind of digital certificate synchronous method, digital signature service
Device and digital certificate synchronize system.
Background technology
Recently as the progress of e-commerce technology, user can carry out information alternately by network with other users,
Such as carry out the client of financial transaction can conveniently easily pass network and carry out business contact with financial institution and conclude the transaction,
But objectively too increase, by some sensitive or valuable data of network interaction, the wind that these part data are stolen or abuse
Danger.In order to ensure that user passes through network interaction sensitivity or the safety and reliability of high value data, need to hand over for the network information
Setting up mutually a kind of faith mechanism, it is legal and can be the most errorless that the both sides i.e. requiring participation information mutual must have
The identity being carried out verifying.This information for identifying communication each side identity is referred to as digital certificate, and digital certificate can be
String number can also be a electronic document, typically by certificate granting (English full name: Certificate Authority, English
Literary composition is called for short: CA) distribution, when carrying out internet communication, communication each side can identify the identity of the other side with digital certificate.
Under normal circumstances, digital certificate is stored in digital signature server, when user carries out data interaction, needs to make
By the identity of the opposing party in the digital certificate authentication data interaction being stored in digital signature server.In actual use, number
Identity according to mutual middle user can be general for multiple different units or mechanism, such as multiple finance machines in financial transaction
The effectiveness of user identity can be recognized mutually between structure, store up in multiple different digital signature server the most under normal circumstances
There is the digital certificate stored on identical digital certificate, and the plurality of different digital signature server and takes holding one at quarter
Cause.
In prior art, high availability clusters (English full name: High Available, English abbreviation: HA) can be passed through
Synchronize configuration or disaster recovery synchronizes configuration and makes the digital certificate in different digital signature server keep consistent, but when numeral is signed
During name Server Restart, the digital signature that existing digital certificate synchronous method is only capable of by operator's Non-follow control is restarted takes
It is synchronization, owing to the most not considering the digital signature restarted that business device carries out full dose with other digital signature server
It is synchronization that the difference existed between server with other digital signature server the most directly carries out full dose to digital certificate, wherein may
Causing a part of digital certificate unnecessarily to synchronize, the most existing digital certificate synchronous method is in digital signature server
Restart the problem that there will be repetition synchronous digital certificate when going forward side by side row number Cert sync, thus add what digital certificate synchronized
Complexity, improves resource and cost that digital certificate synchronizes to be consumed, compromises Consumer's Experience.
Summary of the invention
The application provides a kind of digital certificate synchronous method, digital signature server and digital certificate to synchronize system, it is possible to
Solve existing digital certificate synchronous method and repeat same step number when digital signature server is restarted and gone forward side by side row number Cert sync
The problem of word certificate.
First aspect, The embodiment provides a kind of digital certificate synchronous method, is applied to include at least two
The digital certificate of digital signature server synchronizes system, including: the digital signature clothes restarted when digital signature server and restart
When business device is configured to central server, in the digital signature server restarted system synchronization with digital certificate, other are configured to
Arbitrary digital signature server of central server carries out digital certificate increment synchronization;When digital signature server is restarted and restarted
Digital signature server when being configured to non-central server, the digital signature server restarted system Tong Bu with digital certificate
In be configured to arbitrary digital signature server of central server and carry out digital certificate full dose synchronization.
Second aspect, The embodiment provides a kind of digital signature server, and this digital signature server is joined
It is set to central server, including: restart module, be configured as digital signature server when restarting, system Tong Bu with digital certificate
In system, other arbitrary digital signature server being configured to central server carry out digital certificate increment synchronization;
The third aspect, The embodiment provides a kind of digital signature server, and this digital signature server is joined
It is set to non-central server, including: restart module, be configured as digital signature server when restarting, Tong Bu with digital certificate
The arbitrary digital signature server being configured to central server in system carries out digital certificate full dose synchronization
Fourth aspect, The embodiment provides a kind of digital certificate and synchronizes system, including at least the above second party
In the digital signature server being configured to central server provided in the embodiment of face and above-mentioned third aspect embodiment
The digital signature server being configured to non-central server provided.
The embodiment provides a kind of digital certificate synchronous method, digital signature server and digital certificate to synchronize
System, is applied to include that the digital certificate of at least two digital signature server synchronizes system, when digital signature server is restarted
Time, obtain the type that this digital signature server restarted is configured, and be configured to center service in digital signature server
During device, when making the digital signature server restarted restart, in system synchronization with digital certificate, other are configured to central server
Arbitrary digital signature server carries out digital certificate increment synchronization, so that digital signature server is higher with reliability and digital
The digital signature server that Cert sync efficiency is higher carries out digital certificate increment synchronization, make digital signature server with center
On the premise of digital certificate keeps unanimously on server, reduce the resource that digital certificate synchronizes to be consumed as far as possible, improve digital card
The efficiency that book synchronizes;When digital signature server is configured to non-central server, make the digital signature server weight restarted
Being configured to arbitrary digital signature server of central server when opening in system synchronization with digital certificate, to carry out digital certificate complete
Amount synchronizes, so that the numeral label that digital signature server is higher with digital certificate correctness and digital certificate synchronous efficiency is higher
Name server carries out digital certificate full dose synchronization, so that the digital signature server restarted is digital with on its central server
On the premise of certificate keeps unanimously, reduce the resource that digital certificate synchronizes to be consumed as far as possible, improve the efficiency of digital certificate synchronization.
Therefore the type that the digital certificate synchronous method of the offer of the present invention can be configured according to digital signature server is according to accordingly
Policy control this digital signature server restarted system synchronization with digital certificate in network condition and better performances, reliability
Higher digital signature server carries out digital certificate synchronization, so that the digital signature server restarted is same with digital certificate
On the premise of digital certificate keeps unanimously in other digital signature server in step system, reduce what digital certificate synchronization was consumed
Resource and cost, improve the efficiency that digital certificate synchronizes, improve Consumer's Experience.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, embodiment will be described below
The accompanying drawing used required in is briefly described, it should be apparent that, the accompanying drawing in describing below is only some of the present invention
Embodiment, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to attached according to these
Figure obtains other accompanying drawing.
Showing of a kind of framework using digital signature server to carry out authentication that Fig. 1 provides for embodiments of the invention
Meaning property structure chart;
The indicative flowchart of a kind of digital certificate synchronous method that Fig. 2 provides for embodiments of the invention;
The indicative flowchart of a kind of digital certificate synchronous method that Fig. 3 provides for another embodiment of the present invention;
The schematic diagram of a kind of digital signature server that Fig. 4 provides for embodiments of the invention;
The schematic diagram of a kind of digital signature server that Fig. 5 provides for another embodiment of the present invention;
Fig. 6 synchronizes the schematic diagram of system for a kind of digital certificate that embodiments of the invention provide;
The schematic diagram of a kind of digital signature server that Fig. 7 provides for another embodiment of the present invention;
The schematic diagram of a kind of digital signature server that Fig. 8 provides for another embodiment of the present invention.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Describe, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments wholely.Based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under not making creative work premise
Embodiment, broadly falls into the scope of protection of the invention.
For the ease of clearly describing the technical scheme of the embodiment of the present invention, in an embodiment of the present invention, have employed " the
One ", the printed words such as " second " to function with act on essentially identical identical entry or similar item makes a distinction, those skilled in the art can
It is not that quantity and execution order are being defined to understand the printed words such as " first ", " second ".
Digital certificate is a kind of information indicating communication each side identity in network communication, and digital certificate can be a string number
Word can also be a electronic document, typically by certificate granting (English full name: Certificate Authority, English letter
Claim: CA) authority releases, when carrying out internet communication, communication each side can identify the identity of the other side with digital certificate.At present
Digital certificate type specifically include that personal digital certificate, unit digital certificate, unit personnel's digital certificate, server certificate,
VPN certificate, WAP certificate, code signature certificate and Form-signing certificate.Along with the development of technology, digital certificate starts widely
It is applied to, among every field, currently mainly include: send safety E-mail, access secure site, Internet-based tendering bid, net
Upper signing, shopping on net, safe Document-Intranet, Online Payment, pay taxes on the net, online stock trading, shopping online and report on the net
Close.
Under normal circumstances, digital certificate is stored in digital signature server, when user carries out data interaction, needs to make
By the identity of the opposing party in digital signature server checking data interaction.As shown in Figure 1, The embodiment provides one
Plant the framework using digital signature server to carry out authentication, including subscriber equipment 101, network 102 and digital signature clothes
Business device 103, wherein user needs to verify the identity of this user, therefore user when using subscriber equipment 101 to carry out data interaction
Equipment 101 passes through network 102 and sends the digital signature information of this user to digital signature server 103 and believe with digital signature
The digital certificate mark that breath is corresponding, wherein digital certificate mark can uniquely identify the digital certificate of correspondence, digital signature service
Device 103 is inquired about according to digital certificate mark, obtains corresponding digital certificate, and uses according to the digital certificate authentication of this correspondence
Whether the digital signature information at family correct, if being proved to be successful, determines that the identity of this user is legal, can with this user continue into
The corresponding data interaction of row, if authentication failed, returns authentication failed information.
Owing in actual use, in data interaction, the identity of user can be led to for multiple different units or mechanism
With, in financial transaction, the effectiveness of user identity such as between multiple financial institutions, can be recognized mutually, as China Unionpay is (English
Full name: China Union Pay) or other inter-bank trade clearing systems in, multiple interbanks are permissible when carrying out financial business
Recognize mutually the effectiveness of other bank-user identity, now in this inter-bank trade clearing system, be positioned at multiple different bank
Digital signature server in digital certificate need to be by the distribution of unified such as People's Bank of China of CA mechanism, and the plurality of difference
Digital signature server in the digital certificate that stores take and keep consistent quarter.
In prior art, in order to make the digital certificate stored in multiple different digital signature server keep consistent, can
To synchronize configuration or disaster recovery synchronization by high availability clusters (English full name: High Available, English abbreviation: HA)
Configuration makes the digital certificate in different digital signature server keep consistent.Concrete, HA synchronizes to generally include two in configuration
Or two numbers above signature servers, it is divided into main digital signature server and standby digital signature server, wherein when main numeral
When there is variation in digital certificate on signature server, main digital signature server within the scheduled time to standby digital signature
Server sends digital certificate synchronizing information, makes standby digital signature server synchronize according to digital certificate synchronizing information;And
Disaster recovery synchronizes configuration and generally includes two digital signature server, is divided into main digital signature server to take with standby digital signature
Business device, by the operation information of digital certificate in main digital signature server being sent in real time to standby digital signature server,
Thus reach the purpose that digital certificate in standby digital signature server is synchronized.
Although above two scheme can make the digital certificate stored in different digital signature server keep consistent, but
When digital signature server is restarted, HA synchronizes not include that the digital signature server to restarting synchronizes immediately in configuration
Content, cause in the digital signature server restarted store digital certificate may with other digital signature server in store
Digital certificate inconsistent;And in disaster recovery synchronizes configuration, after standby digital signature server is restarted, main digital signature takes
Business device only can count in main digital signature server after standby digital signature server sends time standby digital signature server is restarted
The operation information of word certificate, standby digital signature server cannot obtain main digital signature in standby digital signature server restarting process
The operation information of digital certificate on server, consequently, it is possible to cause digital certificate and main digital signature in standby digital signature server
The digital certificate stored in server is inconsistent.
Therefore, when digital signature server is restarted, existing digital certificate synchronous method need to control weight by operator
Opening digital signature server, to carry out full dose with other digital signature server in system synchronization, to ensure different digital signature
The digital certificate stored in server keeps consistent.But perform above-mentioned steps by operator and not only carry out digital certificate together
The consumption of human resources is added during step, and owing to the network condition of different digital signature server often exists with performance
Larger difference, therefore when the digital signature server of the network condition restarted in digital signature server and system Yu poor-performing
When carrying out full dose synchronization, also can reduce the efficiency that digital certificate synchronizes, increase the cost that digital certificate synchronizes, the most existing number
Word Cert sync method adds the complexity that digital certificate synchronizes, and improves digital certificate and synchronizes the resource that consumed and become
This, compromise Consumer's Experience.
In order to solve the problems referred to above, as shown in Figure 2, The embodiment provides a kind of digital certificate synchronization side
Method, is applied to include that the digital certificate of at least two digital signature server synchronizes system, and the method includes:
201, when digital signature server is restarted, the type of the digital signature server restarted is determined.
Concrete, digital signature server is positioned in digital certificate synchronization system, and digital certificate synchronizes system and includes at least
Two digital signature server, these at least two digital signature server store the numeral card issued by unified CA mechanism
Book.
The type of digital signature server includes central server and non-central server, and digital signature server can be by
It is configured to central server and can also be configured to non-central server, concrete, it is configured to the numeral label of central server
Name server can be network condition or the digital signature server of better performances in digital certificate synchronization system, in being configured to
The digital signature server of central server machine probability of delaying is minimum, and CA mechanism can preferentially update quilt when carrying out updating digital certificate
The digital certificate being configured in the digital signature server of central server, when other digital signature server be configured to
When the network address signature server of central server carries out digital certificate synchronization, synchronous efficiency resource that is higher and that consumed is less.
Can at least include two or more being configured to center it should be noted that digital certificate synchronizes system
The digital signature server of server, thus ensure that wherein a digital signature server being configured to central server occurs
During fault, digital certificate synchronizes system will not be because not existing the digital signature being configured to central server that can normally work
Server and cause digital certificate synchronization failure.
Preferably, digital certificate synchronization system includes two digital signature server being configured to central server.This
Time digital certificate synchronize system complexity can be 2N*N!=8, it is ensured that be configured to the digital signature service of central server
Device is unlikely to too much.
When the digital signature server restarted is configured to central server, perform step 102.
When the digital signature server restarted is configured to non-central server, perform step 103.
202, in the digital signature server restarted system synchronization with digital certificate, other are configured to central server
Arbitrary digital signature server carries out digital certificate increment synchronization.
Concrete, when the digital signature server restarted is configured to central server, the digital signature service restarted
Think highly of when opening that in system synchronization with digital certificate, other are configured to arbitrary digital signature server number of central server
Word certificate increment synchronization, wherein to refer to contrast the digital signature server restarted Tong Bu with digital certificate for digital certificate increment synchronization
In system, other are configured to the part that in arbitrary digital signature server of central server, digital certificate is different, only by this number
The different Partial synchronization of word certificate is in the digital signature server restarted, and wherein digital certificate increment synchronization is restarted after completing
In digital certificate in digital signature server system synchronization with digital certificate, other are configured to arbitrary number of central server
Digital certificate on word signature server is consistent.
Digital signature server owing to restarting is in the machine of delaying in restarting the most for the previous period or other cannot synchronize
The state of digital certificate, therefore occurs within this period of time that the digital certificate of variation may be in this digital signature restarted
Update accordingly on server.Due to server centered by the digital signature server self restarted, therefore this is restarted
Digital signature server network condition and better performances, reliability be higher, is in the machine of delaying or other cannot synchronous digital certificate
The time of state may be shorter, and the quantity of digital certificate failing to update accordingly may be less, therefore controls the number restarted
In word signature server system synchronization with digital certificate, other are configured to arbitrary digital signature server of central server, i.e.
The digital signature server that reliability is higher and digital certificate synchronous efficiency is higher carries out digital certificate increment synchronization, so that weight
The digital signature server opened with on its central server digital certificate keep consistent on the premise of, reduce digital certificate as far as possible
Synchronize the resource consumed, improve the efficiency that digital certificate synchronizes.
203, the digital signature server restarted system synchronization with digital certificate is configured to the arbitrary of central server
Digital signature server carries out digital certificate full dose synchronization.
Concrete, when the digital signature server restarted is configured to non-central server, the digital signature clothes restarted
Business is thought highly of and is configured to arbitrary digital signature server of central server when opening in system synchronization with digital certificate and carries out numeral
Certificate full dose synchronizes, and wherein digital certificate full dose synchronizes to refer to that digital certificate is disposably synchronized by the digital signature server restarted
System is configured to digital certificate in arbitrary digital signature server of central server and is synchronized to this digital signature restarted
Server, the digital certificate in the digital signature server restarted after wherein digital certificate increment synchronization completes and digital certificate
The digital certificate being configured in arbitrary digital signature server of central server in synchronization system is consistent.
Digital signature server owing to restarting is in the machine of delaying in restarting the most for the previous period or other cannot synchronize
The state of digital certificate, therefore occurs within this period of time that the digital certificate of variation may be in this digital signature server
On update accordingly.Owing to the digital signature server restarted is certainly as non-central server, therefore this numeral restarted
Network condition and poor-performing, reliability be relatively compared with the digital signature server being configured to central server for signature server
Low, be in the machine of delaying or other cannot time of state of synchronous digital certificate may be longer, fail the numeral updated accordingly
The quantity of certificate may be more, if other are configured in the digital signature server this restarted system synchronization with digital certificate
Arbitrary digital signature server of central server carries out increment synchronization, then carry out digital certificate contrast during increment synchronization
The resource consumed may be more, objectively reduces the efficiency that digital certificate synchronizes, and therefore controls the digital signature clothes restarted
In business device system synchronization with digital certificate, other are configured to arbitrary digital signature server of central server, i.e. digital certificate
The digital signature server that correctness is higher and digital certificate synchronous efficiency is higher carries out digital certificate full dose synchronization, so that weight
The digital signature server opened with on its central server digital certificate keep consistent on the premise of, reduce digital certificate as far as possible
Synchronize the resource consumed, improve the efficiency that digital certificate synchronizes.
The embodiment provides a kind of digital certificate synchronous method, be applied to include at least two digital signature clothes
The digital certificate of business device synchronizes system, when digital signature server is restarted, obtains this digital signature server restarted and is joined
The type put, and when digital signature server is configured to central server, when making the digital signature server restarted restart
In system synchronization with digital certificate, other arbitrary digital signature server being configured to central server carry out digital certificate increasing
Amount synchronizes, so that digital signature server and the digital signature server that reliability is higher and digital certificate synchronous efficiency is higher
Carry out digital certificate increment synchronization, make digital signature server in the premise consistent with digital certificate holding on central server
Under, reduce the resource that digital certificate synchronizes to be consumed as far as possible, improve the efficiency that digital certificate synchronizes;At digital signature server quilt
When being configured to non-central server, when making the digital signature server restarted restart, system synchronization with digital certificate is configured to
Arbitrary digital signature server of central server carries out digital certificate full dose synchronization, so that digital signature server and numeral
The digital signature server that certificate correctness is higher and digital certificate synchronous efficiency is higher carries out digital certificate full dose synchronization, thus
Make the digital signature server restarted with on its central server digital certificate keep consistent on the premise of, reduce numeral as far as possible
The resource that Cert sync is consumed, improves the efficiency that digital certificate synchronizes.Therefore the digital certificate synchronization side of the offer of the present invention
Method can be according to the type that digital signature server is configured according to this digital signature server restarted of corresponding policy control
Network condition and better performances in system synchronization with digital certificate, the digital signature server that reliability is higher carry out digital certificate
Synchronize, so that the digital signature server restarted is digital in other digital signature server in system synchronization with digital certificate
On the premise of certificate keeps unanimously, reduce resource and cost that digital certificate synchronizes to be consumed, improve the effect that digital certificate synchronizes
Rate, improves Consumer's Experience.
Further, as shown in Figure 3, The embodiment provides a kind of digital certificate synchronous method, be applied to
Digital certificate including at least two digital signature server synchronizes system, and the method includes:
301, when digital signature server is restarted, the type of the digital signature server restarted is determined.
Referring in particular to above-described embodiment step 201, do not repeat them here.
When the digital signature server restarted is configured to central server, perform step 302.
When the digital signature server restarted is configured to non-central server, perform step 303.
302, judge in digital certificate synchronization system whether other are configured to the digital signature server of central server
It is in machine state of delaying.
Concrete, digital signature server can sentence three kinds of states, including normal service state, just synchronous regime with
And machine state of delaying, the most as shown in the table, when digital signature server is in normal service state, digital signature server can
To carry out signature sign test, to upload certificate, deletion certificate and Cert sync action;When digital signature server is in normal synchronized shape
During state, digital signature server can carry out signature sign test, upload certificate, deletion certificate action, but cannot be carried out Cert sync
Action;When digital signature server is in and delays machine state, digital signature server cannot be carried out sign sign test, upload certificate,
Delete any one action in certificate and Cert sync.
| Signature sign test | Upload certificate | Delete certificate | Cert sync | |
| Normal service | √ | √ | √ | √ |
| Synchronize | √ | √ | √ | × |
| Delay machine | × | × | × | × |
When in digital certificate synchronization system, other digital signature server being configured to central server are not in
In the machine state, i.e. digital certificate synchronization system of delaying, other digital signature server being configured to central server include just being in
The often digital signature server of service state or include being in just when the digital signature server of synchronous regime, performs step
304。
When in digital certificate synchronization system, other digital signature server being configured to central server are in the machine of delaying
In state, i.e. digital signature server system synchronization with digital certificate, other are configured to the digital signature service of central server
During the equal synchronization failure of device, perform step 307.
303, judge that the digital signature server being configured to central server in digital certificate synchronization system is the most all located
In machine state of delaying.
When the digital signature server being configured to central server in digital certificate synchronization system is not in the machine of delaying
The digital signature server being configured to central server in state, i.e. digital certificate synchronization system includes being in normal service shape
The digital signature server of state or include being in just when the digital signature server of synchronous regime, performs step 309.
When the digital signature server being configured to central server in digital certificate synchronization system is in machine state of delaying,
The digital signature server being i.e. configured to central server in digital signature server system synchronization with digital certificate all synchronizes
During failure, perform step 312.
304, judge in digital certificate synchronization system whether other are configured to the digital signature server of central server
It is just in synchronous regime.
When in digital certificate synchronization system, other digital signature server being configured to central server are same
Step state, performs step 305.
When in digital certificate synchronization system, other digital signature server being configured to central server are just not being
In synchronous regime, perform step 308.
305, in very first time threshold value for interval timing enquiring digital Cert sync system, other are genuinely convinced in being configured to
Whether the state of the digital signature server of business device is normal service state.
Concrete, when in digital certificate synchronization system, other digital signature server being configured to central server are
Just when synchronous regime, other arbitrary digital signature being configured to central server in digital certificate synchronization system are needed to take
Business device terminates just in synchronous regime and when being in normal service state, with the digital signature server restarted carry out digital certificate with
Step.Can know that this digital signature server has been no longer on in time with very first time threshold value for interval timing inquiry
Synchronous regime and be in the information of normal service state, and reduce in enquiring digital Cert sync system that other are joined as far as possible
It is set to the resource that the digital signature server state of central server is consumed.
When the number of times carrying out inquiring about the most such as exceedes predetermined queries frequency threshold value, or the overlong time carrying out inquiring about such as exceedes
During predetermined queries time threshold, it is believed that cannot determine that in digital certificate synchronization system, other are configured to according to Query Result
Arbitrary digital signature server of central server is normal service state.
When determining according to Query Result in digital certificate synchronization system that other are configured to arbitrary numeral of central server
When signature server is normal service state, perform step 306.
When determining according to Query Result that in digital certificate synchronization system, other are configured to the arbitrary of central server
When digital signature server is normal service state, perform step 307.
306, in the digital signature server restarted system synchronization with digital certificate other be configured to central server and
Digital signature server for normal service state carries out digital certificate increment synchronization.
Concrete, due to determine in step 305 digital certificate synchronization system exists be configured to central server and
For the digital signature server of normal service state, the digital signature server therefore restarted is carried out with this digital signature server
Digital certificate increment synchronization, specifically carries out step 202 in step reference above-described embodiment of digital certificate increment synchronization, at this not
Repeat again.
307, all in the digital signature server restarted system synchronization with digital certificate it is configured to non-central server
Digital signature server carry out digital certificate increment synchronization successively.
Concrete, owing to having determined that the digital signature server restarted system Tong Bu with digital certificate in step before
In other are configured to the equal synchronization failure of digital signature server of central server, or numeral cannot be determined according to Query Result
In Cert sync system, other arbitrary digital signature server being configured to central server are normal service state, therefore may be used
With determine digital certificate synchronization system does not exist other digital signature server being configured to central server can with weight
The digital signature server successful synchronization opened, thus all in the digital signature server system synchronization with digital certificate that will restart
The digital signature server being configured to non-central server carries out digital certificate increment synchronization successively, it is ensured that this numeral restarted
Signature server can include all digital signature service being configured to non-central server in digital certificate synchronization system
Digital certificate on device, so that it is guaranteed that the concordance of digital certificate and reliability in this digital signature server restarted.
308, in the digital signature server restarted system synchronization with digital certificate other be configured to central server and
Digital signature server for normal service state carries out digital certificate increment synchronization.
Concrete, in the digital signature server system synchronization with digital certificate restarted, other are configured to central server
And the digital signature server for normal service state carries out the step of digital certificate increment synchronization with reference to step in above-described embodiment
Rapid 202, do not repeat them here.
309, judge whether the digital signature server being configured to central server in digital certificate synchronization system is
Just in synchronous regime.
Shape is synchronized when the digital signature server being configured to central server in digital certificate synchronization system is
State, performs step 310.
When in digital certificate synchronization system, other digital signature server being configured to central server are just not being
In synchronous regime, perform step 313.
310, in interval timing enquiring digital Cert sync system, it is configured to central server with the second time threshold
The state of digital signature server whether be normal service state
Concrete, when the digital signature server being configured to central server in digital certificate synchronization system is
During synchronous regime, the arbitrary digital signature server being configured to central server in digital certificate synchronization system is needed to terminate
Just in synchronous regime and when being in normal service state, carry out digital certificate with the digital signature server restarted synchronization.With
Two time thresholds can synchronize shape knowing this digital signature server to be no longer in time for interval timing inquiry
State and be in the information of normal service state, reduce during enquiring digital Cert sync system is configured to genuinely convinced simultaneously as far as possible
The resource that the digital signature server state of business device is consumed.
When the number of times carrying out inquiring about the most such as exceedes predetermined queries frequency threshold value, or the overlong time carrying out inquiring about such as exceedes
During predetermined queries time threshold, it is believed that cannot determine that in digital certificate synchronization system, other are configured to according to Query Result
Arbitrary digital signature server of central server is normal service state.
When determining the arbitrary digital signature being configured to central server in digital certificate synchronization system according to Query Result
When server is normal service state, perform step 311.
When cannot determine the arbitrary numeral being configured to central server in digital certificate synchronization system according to Query Result
When signature server is normal service state, perform step 312.
311, the digital signature server restarted system synchronization with digital certificate is configured to central server and for just
Often the digital signature server of service state carries out digital certificate full dose synchronization
Concrete, due to determine in the step 310 digital certificate synchronization system exists be configured to central server and
For the digital signature server of normal service state, the digital signature server therefore restarted is carried out with this digital signature server
Digital certificate full dose synchronizes, and specifically carries out step 203 in step reference above-described embodiment of digital certificate full dose synchronization, at this not
Repeat again.
312, the digital signature server restarted waits synchronic command.
Concrete, owing to having determined that the digital signature server restarted system Tong Bu with digital certificate in step before
In be configured to the equal synchronization failure of digital signature server of central server, or digital certificate cannot be determined according to Query Result
The arbitrary digital signature server being configured to central server in synchronization system is normal service state, thus may determine that number
Word Cert sync system does not exist be configured to the digital signature server of central server can be with the digital signature restarted
Server successful synchronization, simultaneously because the digital signature server restarted is non-central server, is carrying out digital certificate synchronization
Time its priority be not the highest, can noting be used in the very first time, carry out digital certificate with other non-central servers synchronization, because of
This waits concrete synchronic command.
When synchronic command is signature verification request, perform step 314.
The digital signature server being configured to central server in synchronic command is digital certificate synchronization system sends
Synchronic command time, perform step 315.
314, the digital signature server restarted identifies at digital certificate same according to the digital certificate in signature verification request
Other digital certificates being configured in the digital signature server of non-central server inquire about correspondence in step system, and by correspondence
Digital certificate be synchronized to digital signature server.
Concrete, signature verification request can be the signature verification that subscriber equipment sends to the digital signature server restarted
Request, wherein signature verification request can include that digital certificate identifies, and digital certificate indicates for indicating unique corresponding numeral
Certificate.
When the synchronic command that the digital signature server restarted receives is signature verification request, the digital signature clothes restarted
According to the digital certificate mark in signature verification request, in digital certificate synchronization system, other are configured to non-central clothes to business device
Inquire about the digital certificate of correspondence in the digital signature server of business device, and corresponding digital certificate is synchronized to digital signature service
Device, thus on the premise of ensureing that signature verification request can be responded according to corresponding digital certificate, reduce digital certificate
Synchronize the resource consumed.
315, the digital signature server restarted and the digital signature being configured to central server sending synchronic command
Server carries out digital certificate full dose synchronization.
The embodiment provides a kind of digital certificate synchronous method, be applied to include at least two digital signature clothes
The digital certificate of business device synchronizes system, when digital signature server is restarted, obtains this digital signature server restarted and is joined
The type put, and when digital signature server is configured to central server, when making the digital signature server restarted restart
In system synchronization with digital certificate, other arbitrary digital signature server being configured to central server carry out digital certificate increasing
Amount synchronizes, so that digital signature server and the digital signature server that reliability is higher and digital certificate synchronous efficiency is higher
Carry out digital certificate increment synchronization, make digital signature server in the premise consistent with digital certificate holding on central server
Under, reduce the resource that digital certificate synchronizes to be consumed as far as possible, improve the efficiency that digital certificate synchronizes;At digital signature server quilt
When being configured to non-central server, when making the digital signature server restarted restart, system synchronization with digital certificate is configured to
Arbitrary digital signature server of central server carries out digital certificate full dose synchronization, so that digital signature server and numeral
The digital signature server that certificate correctness is higher and digital certificate synchronous efficiency is higher carries out digital certificate full dose synchronization, makes weight
The digital signature server opened with on its central server digital certificate keep consistent on the premise of, reduce digital certificate as far as possible
Synchronize the resource consumed, improve the efficiency that digital certificate synchronizes.And network condition and property in digital certificate synchronization system
Can digital signature server preferable, that reliability is higher be in just when synchronous regime, with very first time threshold value for interval timing
Inquire about this digital signature server with know in time this digital signature server be no longer on just synchronous regime but place
In the information of normal service state, and in minimizing enquiring digital Cert sync system of trying one's best, other are configured to central server
The resource that consumed of digital signature server state.In determining digital certificate synchronization system network condition and better performances,
The digital signature server that reliability is higher cannot carry out with the digital signature server restarted digital certificate Tong Bu time, when restarting
Digital signature server centered by server time control all in its system synchronization with digital certificate to be configured to non-central clothes
The digital signature server of business device carries out digital certificate increment synchronization, successively when the digital signature server restarted is non-central clothes
Synchronize accordingly according to synchronic command during business device, thus ensureing digital certificate in the digital signature server restarted as far as possible
Reduce the resource that digital certificate synchronizes to be consumed on the premise of concordance as far as possible, improve the efficiency that digital certificate synchronizes.Therefore originally
The type that the digital certificate synchronous method of the offer of invention can be configured according to digital signature server is according to corresponding strategy
Control network condition and better performances in this digital signature server restarted system synchronization with digital certificate, reliability higher
Digital signature server carries out digital certificate synchronization, so that the digital signature server restarted is in system Tong Bu with digital certificate
In in other digital signature server digital certificate keep consistent on the premise of, reduce resource that digital certificate synchronizes to be consumed with
Cost, improves the efficiency that digital certificate synchronizes, improves Consumer's Experience.
As shown in Figure 4, The embodiment provides a kind of digital signature server 401, this digital signature service
Device 401 is configured to central server, including:
Restart module 402, be configured as digital signature server when restarting, other quilts in system synchronization with digital certificate
The arbitrary digital signature server being configured to central server carries out digital certificate increment synchronization;
Concrete, digital signature server is positioned in digital certificate synchronization system, and digital certificate synchronizes system and includes at least
Two digital signature server, these at least two digital signature server store the numeral card issued by unified CA mechanism
Book.
The type of digital signature server includes central server and non-central server, and digital signature server can be by
It is configured to central server and can also be configured to non-central server, concrete, it is configured to the numeral label of central server
Name server can be network condition or the digital signature server of better performances in digital certificate synchronization system, in being configured to
The digital signature server of central server machine probability of delaying is minimum, and CA mechanism can preferentially update quilt when carrying out updating digital certificate
The digital certificate being configured in the digital signature server of central server, when other digital signature server be configured to
When the network address signature server of central server carries out digital certificate synchronization, synchronous efficiency resource that is higher and that consumed is less.
Should at least include in two or more being configured to genuinely convinced it should be noted that digital certificate synchronizes system
The digital signature server of business device, thus ensure that wherein event occurs in a digital signature server being configured to central server
During barrier, digital certificate synchronizes system will not be because not existing the digital signature clothes being configured to central server that can normally work
Business device and cause digital certificate synchronization failure.
Preferably, digital certificate synchronization system includes two digital signature server being configured to central server.This
Time digital certificate synchronize system complexity can be 2N*N!=8, it is ensured that be configured to the digital signature service of central server
Device is unlikely to too much.
When the digital signature server restarted is configured to central server, when the digital signature server restarted is restarted
In system synchronization with digital certificate, other arbitrary digital signature server being configured to central server carry out digital certificate increasing
Amount synchronizes, and wherein digital certificate increment synchronization refers to contrast in the digital signature server restarted system synchronization with digital certificate it
He is configured to the part that in arbitrary digital signature server of central server, digital certificate is different, only by this digital certificate not
With Partial synchronization in the digital signature server restarted, the digital signature that wherein digital certificate increment synchronization is restarted after completing
In digital certificate on server system synchronization with digital certificate, other are configured to arbitrary digital signature clothes of central server
Digital certificate on business device is consistent.
Digital signature server owing to restarting is in the machine of delaying in restarting the most for the previous period or other cannot synchronize
The state of digital certificate, therefore occurs within this period of time that the digital certificate of variation may be in this digital signature restarted
Update accordingly on server.Due to server centered by the digital signature server self restarted, therefore this is restarted
Digital signature server network condition and better performances, reliability be higher, is in the machine of delaying or other cannot synchronous digital certificate
The time of state may be shorter, and the quantity of digital certificate failing to update accordingly may be less, therefore controls the number restarted
In word signature server system synchronization with digital certificate, other are configured to arbitrary digital signature server of central server, i.e.
The digital signature server that reliability is higher and digital certificate synchronous efficiency is higher carries out digital certificate increment synchronization, so that weight
The digital signature server opened with on its central server digital certificate keep consistent on the premise of, reduce digital certificate as far as possible
Synchronize the resource consumed, improve the efficiency that digital certificate synchronizes.
The embodiment provides a kind of digital signature server, this digital signature server is genuinely convinced in being configured to
Business device and being applied to includes that the digital certificate of at least two digital signature server synchronizes system, when digital signature server weight
Qi Shi, when making the digital signature server restarted restart, in system synchronization with digital certificate, other are configured to central server
Arbitrary digital signature server carries out digital certificate increment synchronization, so that digital signature server is higher with reliability and digital
The digital signature server that Cert sync efficiency is higher carries out digital certificate increment synchronization, make digital signature server with center
On the premise of digital certificate keeps unanimously on server, reduce the resource that digital certificate synchronizes to be consumed as far as possible, improve digital card
The efficiency that book synchronizes;Therefore the digital signature server of the offer of the present invention can be when restarting in system synchronization with digital certificate
Network condition and better performances, the digital signature server that reliability is higher carry out digital certificate synchronization, so that the number restarted
Word signature server is in the premise consistent with digital certificate holding in other digital signature server in digital certificate synchronization system
Under, reduce resource and cost that digital certificate synchronizes to be consumed, improve the efficiency that digital certificate synchronizes, improve Consumer's Experience.
Concrete, restart module 402 and be specifically configured to
When determining that in digital certificate synchronization system, other digital signature server being configured to central server are just
When synchronous regime, with very first time threshold value for interval timing enquiring digital Cert sync system in other be configured in genuinely convinced
The state of the digital signature server of business device;
When determining according to Query Result in digital certificate synchronization system that other are configured to arbitrary numeral of central server
When signature server is normal service state, in system synchronization with digital certificate, other are configured to central server and are normal
The digital signature server of service state carries out digital certificate increment synchronization.
Concrete, digital signature server can sentence three kinds of states, including normal service state, just synchronous regime with
And machine state of delaying, the most as shown in the table, when digital signature server is in normal service state, digital signature server can
To carry out signature sign test, to upload certificate, deletion certificate and Cert sync action;When digital signature server is in normal synchronized shape
During state, digital signature server can carry out signature sign test, upload certificate, deletion certificate action, but cannot be carried out Cert sync
Action;When digital signature server is in and delays machine state, digital signature server cannot be carried out sign sign test, upload certificate,
Delete any one action in certificate and Cert sync.
| Signature sign test | Upload certificate | Delete certificate | Cert sync | |
| Normal service | √ | √ | √ | √ |
| Synchronize | √ | √ | √ | × |
| Delay machine | × | × | × | × |
Concrete, when in digital certificate synchronization system, other digital signature server being configured to central server are
Just when synchronous regime, other arbitrary digital signature being configured to central server in digital certificate synchronization system are needed to take
Business device terminates just in synchronous regime and when being in normal service state, with the digital signature server restarted carry out digital certificate with
Step.Can know that this digital signature server has been no longer on in time with very first time threshold value for interval timing inquiry
Synchronous regime and be in the information of normal service state, and reduce in enquiring digital Cert sync system that other are joined as far as possible
It is set to the resource that the digital signature server state of central server is consumed.
When the number of times carrying out inquiring about the most such as exceedes predetermined queries frequency threshold value, or the overlong time carrying out inquiring about such as exceedes
During predetermined queries time threshold, it is believed that cannot determine that in digital certificate synchronization system, other are configured to according to Query Result
Arbitrary digital signature server of central server is normal service state.
Specifically carry out step reference above-described embodiment of digital certificate increment synchronization, do not repeat them here.
Concrete, restart module 402 and be also configured to
When other quilts in the digital signature server system synchronization with digital certificate that digital signature server is restarted and restarted
When being configured to the equal synchronization failure of digital signature server of central server, all in system synchronization with digital certificate it is configured to
The digital signature server of non-central server carries out digital certificate increment synchronization successively.
Concrete, owing to having determined that in the digital signature server restarted system synchronization with digital certificate, other are configured to
The equal synchronization failure of digital signature server of central server, or cannot determine in digital certificate synchronization system according to Query Result
Other arbitrary digital signature server being configured to central server are normal service state, thus may determine that digital certificate
There are not other digital signature server being configured to central server in synchronization system can be with the digital signature clothes restarted
Business device successful synchronization, so by synchronization with digital certificate for the digital signature server restarted system all be configured to non-central
The digital signature server of server carries out digital certificate increment synchronization successively, it is ensured that energy in this digital signature server restarted
Enough include the digital certificate in all digital signature server being configured to non-central server in digital certificate synchronization system,
So that it is guaranteed that the concordance of digital certificate and reliability in this digital signature server restarted.
The embodiment provides a kind of digital signature server, this digital signature server is genuinely convinced in being configured to
Business device and being positioned at includes that the digital certificate of at least two digital signature server synchronizes system, when digital signature server is restarted
Time, in system synchronization with digital certificate, other arbitrary digital signature server being configured to central server carry out digital certificate
Increment synchronization, so that digital signature server and the digital signature service that reliability is higher and digital certificate synchronous efficiency is higher
Device carries out digital certificate increment synchronization, makes digital signature server in the premise consistent with digital certificate holding on central server
Under, reduce the resource that digital certificate synchronizes to be consumed as far as possible, improve the efficiency that digital certificate synchronizes;And synchronize at digital certificate
Network condition and better performances in system, the digital signature server that reliability is higher are in just when synchronous regime, with first
Time threshold inquires about this digital signature server to know that this digital signature server has been no longer in time for interval timing
Other just it are being in the information of normal service state, and minimizing enquiring digital Cert sync system of trying one's best in synchronous regime
It is configured to the resource that the digital signature server state of central server is consumed.Net in determining digital certificate synchronization system
Network situation and better performances, the digital signature server that reliability is higher cannot carry out numeral with the digital signature server restarted
During Cert sync, control all in the digital signature server system synchronization with digital certificate restarted to be configured to non-central service
The digital signature server of device carries out digital certificate increment synchronization successively, thus is ensureing the digital signature server restarted as far as possible
Reduce the resource that digital certificate synchronizes to be consumed on the premise of upper digital certificate concordance as far as possible, improve the effect that digital certificate synchronizes
Rate.Therefore the digital signature server of the offer of the present invention can when restarting in system synchronization with digital certificate network condition and
The digital signature server that better performances, reliability are higher carries out digital certificate synchronization, so that the digital signature service restarted
Device keep with digital certificate in other digital signature server in digital certificate synchronization system consistent on the premise of, reduce digital
Resource that Cert sync is consumed and cost, improve the efficiency that digital certificate synchronizes, improve Consumer's Experience.
As shown in Figure 5, The embodiment provides a kind of digital signature server 501, this digital signature service
Device 501 is configured to non-central server, including:
Restart module 502, be configured as digital signature server 501 when restarting, quilt in system synchronization with digital certificate
The arbitrary digital signature server being configured to central server carries out digital certificate full dose synchronization.
Concrete, digital signature server is positioned in digital certificate synchronization system, and digital certificate synchronizes system and includes at least
Two digital signature server, these at least two digital signature server store the numeral card issued by unified CA mechanism
Book.
The type of digital signature server includes central server and non-central server, and digital signature server can be by
It is configured to central server and can also be configured to non-central server, concrete, it is configured to the numeral label of central server
Name server can be network condition or the digital signature server of better performances in digital certificate synchronization system, in being configured to
The digital signature server of central server machine probability of delaying is minimum, and CA mechanism can preferentially update quilt when carrying out updating digital certificate
The digital certificate being configured in the digital signature server of central server, when other digital signature server be configured to
When the network address signature server of central server carries out digital certificate synchronization, synchronous efficiency resource that is higher and that consumed is less.
Should at least include in two or more being configured to genuinely convinced it should be noted that digital certificate synchronizes system
The digital signature server of business device, thus ensure that wherein event occurs in a digital signature server being configured to central server
During barrier, digital certificate synchronizes system will not be because not existing the digital signature clothes being configured to central server that can normally work
Business device and cause digital certificate synchronization failure.
Preferably, digital certificate synchronization system includes two digital signature server being configured to central server.This
Time digital certificate synchronize system complexity can be 2N*N!=8, it is ensured that be configured to the digital signature service of central server
Device is unlikely to too much.
When the digital signature server restarted is configured to non-central server, the digital signature server restarted is restarted
Time system synchronization with digital certificate in be configured to arbitrary digital signature server of central server and carry out digital certificate full dose
Synchronizing, wherein digital certificate full dose synchronizes to refer to that the digital signature server restarted is disposably by quilt in digital certificate synchronization system
It is configured to digital certificate in arbitrary digital signature server of central server and is synchronized to this digital signature server restarted, its
Middle digital certificate increment synchronization complete after the digital signature server restarted on digital certificate system Tong Bu with digital certificate
In be configured in arbitrary digital signature server of central server digital certificate consistent.
Digital signature server owing to restarting is in the machine of delaying in restarting the most for the previous period or other cannot synchronize
The state of digital certificate, therefore occurs within this period of time that the digital certificate of variation may be in this digital signature server
On update accordingly.Owing to the digital signature server restarted is certainly as non-central server, therefore this numeral restarted
Network condition and poor-performing, reliability be relatively compared with the digital signature server being configured to central server for signature server
Low, be in the machine of delaying or other cannot time of state of synchronous digital certificate may be longer, fail the numeral updated accordingly
The quantity of certificate may be more, if other are configured in the digital signature server this restarted system synchronization with digital certificate
Arbitrary digital signature server of central server carries out increment synchronization, then carry out digital certificate contrast during increment synchronization
The resource consumed may be more, objectively reduces the efficiency that digital certificate synchronizes, and therefore controls the digital signature clothes restarted
In business device system synchronization with digital certificate, other are configured to arbitrary digital signature server of central server, i.e. digital certificate
The digital signature server that correctness is higher and digital certificate synchronous efficiency is higher carries out digital certificate full dose synchronization, so that weight
The digital signature server opened with on its central server digital certificate keep consistent on the premise of, reduce digital certificate as far as possible
Synchronize the resource consumed, improve the efficiency that digital certificate synchronizes.
The embodiment provides a kind of digital signature server, be applied to include at least two digital signature service
The digital certificate of device synchronizes system, and this digital signature server is configured to non-central server, when this digital signature server
When restarting, make the digital signature server restarted system synchronization with digital certificate is configured to arbitrary numeral of central server
Signature server carries out digital certificate full dose synchronization, so that digital signature server is higher with digital certificate correctness and digital
The digital signature server that Cert sync efficiency is higher carries out digital certificate full dose synchronization, so that the digital signature service restarted
Device keep with digital certificate on its central server consistent on the premise of, reduce the money that digital certificate synchronization is consumed as far as possible
Source, improves the efficiency that digital certificate synchronizes.Therefore the digital signature server of the offer of the present invention can be Tong Bu with digital certificate
Network condition and better performances in system, the digital signature server that reliability is higher carry out digital certificate synchronization, so that weight
The digital signature server opened is keeping consistent with digital certificate in other digital signature server in digital certificate synchronization system
On the premise of, reduce resource and cost that digital certificate synchronizes to be consumed, improve the efficiency that digital certificate synchronizes, improve user's body
Test.
Concrete, restart module 502 and be specifically configured to:
Same when determining that the digital signature server being configured to central server in digital certificate synchronization system is
During step state, with the second time threshold for being spaced the number being configured to central server in timing enquiring digital Cert sync system
The state of word signature server;
When determining the arbitrary digital signature being configured to central server in digital certificate synchronization system according to Query Result
When server is normal service state, system synchronization with digital certificate is configured to central server and for normal service state
Digital signature server carry out digital certificate full dose synchronization.
Concrete, digital signature server can sentence three kinds of states, including normal service state, just synchronous regime with
And machine state of delaying, the most as shown in the table, when digital signature server is in normal service state, digital signature server can
To carry out signature sign test, to upload certificate, deletion certificate and Cert sync action;When digital signature server is in normal synchronized shape
During state, digital signature server can carry out signature sign test, upload certificate, deletion certificate action, but cannot be carried out Cert sync
Action;When digital signature server is in and delays machine state, digital signature server cannot be carried out sign sign test, upload certificate,
Delete any one action in certificate and Cert sync.
| Signature sign test | Upload certificate | Delete certificate | Cert sync | |
| Normal service | √ | √ | √ | √ |
| Synchronize | √ | √ | √ | × |
| Delay machine | × | × | × | × |
Shape is synchronized when the digital signature server being configured to central server in digital certificate synchronization system is
During state, the arbitrary digital signature server being configured to central server in digital certificate synchronization system is needed to terminate same
Step state when being in normal service state, carries out digital certificate with the digital signature server restarted synchronization.With the second time
Threshold value for interval timing inquiry can know in time this digital signature server be no longer on just in synchronous regime but
It is in the information of normal service state, reduces in enquiring digital Cert sync system simultaneously as far as possible and be configured to central server
The resource that digital signature server state is consumed.
When the number of times carrying out inquiring about the most such as exceedes predetermined queries frequency threshold value, or the overlong time carrying out inquiring about such as exceedes
During predetermined queries time threshold, it is believed that cannot determine that in digital certificate synchronization system, other are configured to according to Query Result
Arbitrary digital signature server of central server is normal service state.
It is configured to central server and for normal service state owing to having determined that in digital certificate synchronization system to exist
Digital signature server, it is same that the digital signature server therefore restarted and this digital signature server carry out digital certificate full dose
Step, specifically carries out step reference above-described embodiment of digital certificate full dose synchronization, does not repeats them here.
Concrete, restart module 502 and be also configured to
When digital signature server 501 is restarted and is configured in digital signature server 501 system synchronization with digital certificate
Centered by the digital signature server synchronization failure of server time, wait synchronic command;
When synchronic command is signature verification request, identify at digital certificate according to the digital certificate in signature verification request
Other digital certificates being configured in the digital signature server of non-central server inquire about correspondence in synchronization system, and by right
The digital certificate answered is synchronized to the digital signature server restarted;
The digital signature server being configured to central server in synchronic command is digital certificate synchronization system sends
Synchronic command time, to carry out digital certificate complete with the digital signature server being configured to central server sending synchronic command
Amount synchronizes.
Concrete, it is configured to center owing to having determined that in the digital signature server restarted system synchronization with digital certificate
The equal synchronization failure of digital signature server of server, or cannot determine in digital certificate synchronization system according to Query Result and joined
The arbitrary digital signature server being set to central server is normal service state, thus may determine that digital certificate synchronizes system
In do not exist be configured to central server digital signature server can with the digital signature server successful synchronization restarted,
Simultaneously because the digital signature server 501 restarted is non-central server, when carrying out digital certificate and synchronizing, its priority is also
Not being the highest, can noting be used in the very first time, carry out digital certificate with other non-central servers synchronization, therefore waits concrete
Synchronic command.
Concrete, signature verification request can be the signature verification that subscriber equipment sends to the digital signature server restarted
Request, wherein signature verification request can include that digital certificate identifies, and digital certificate indicates for indicating unique corresponding numeral
Certificate.
When the synchronic command that the digital signature server restarted receives is signature verification request, the digital signature clothes restarted
According to the digital certificate mark in signature verification request, in digital certificate synchronization system, other are configured to non-central clothes to business device
Inquire about the digital certificate of correspondence in the digital signature server of business device, and corresponding digital certificate is synchronized to digital signature service
Device, thus on the premise of ensureing that signature verification request can be responded according to corresponding digital certificate, reduce digital certificate
Synchronize the resource consumed.
The embodiment provides a kind of digital signature server, this digital signature server is positioned at and includes at least two
The digital certificate of platform digital signature server synchronizes system and this digital signature server is configured to non-central server, when this
When digital signature server is restarted, system synchronization with digital certificate is configured to arbitrary digital signature service of central server
Device carries out digital certificate full dose synchronization, so that digital signature server is higher with digital certificate correctness and digital certificate is Tong Bu
The digital signature server that efficiency is higher carries out digital certificate full dose synchronization, make the digital signature server restarted with its center
On the premise of digital certificate keeps unanimously on server, reduce the resource that digital certificate synchronizes to be consumed as far as possible, improve digital card
The efficiency that book synchronizes.And network condition and better performances, digital signature that reliability is higher in digital certificate synchronization system
Server is in just when synchronous regime, inquires about this digital signature server to obtain in time with very first time threshold value for interval timing
Know that this digital signature server has been no longer on just being in synchronous regime the information of normal service state, and try one's best
Reduce what other digital signature server states being configured to central server in enquiring digital Cert sync system were consumed
Resource.The digital signature server that network condition and better performances, reliability are higher in determining digital certificate synchronization system without
Method carry out with the digital signature server restarted digital certificate Tong Bu time, synchronize accordingly according to synchronic command, thus
Ensure that reduce digital certificate in the digital signature server restarted on the premise of digital certificate concordance synchronizes to be disappeared as far as possible as far as possible
The resource of consumption, improves the efficiency that digital certificate synchronizes.Therefore the digital signature server of the offer of the present invention can be when restarting
Network condition and better performances in system synchronization with digital certificate, the digital signature server that reliability is higher carry out digital certificate
Synchronize, so that the digital signature server restarted is digital in other digital signature server in system synchronization with digital certificate
On the premise of certificate keeps unanimously, reduce resource and cost that digital certificate synchronizes to be consumed, improve the effect that digital certificate synchronizes
Rate, improves Consumer's Experience.
As shown in Figure 6, The embodiment provides a kind of digital certificate and synchronize system 601, including at least two
Digital signature server, at least a part of which two digital signature server at least include that provide in above-described embodiment is configured to
The numeral label being configured to non-central server provided in the digital signature server 602 of central server and above-described embodiment
Name server 603.
Concrete, digital certificate synchronizes system and includes at least two digital signature server, these at least two digital signature
The digital certificate issued by unified CA mechanism is stored on server.
The type of digital signature server includes central server and non-central server, and digital signature server can be by
It is configured to central server and can also be configured to non-central server, concrete, it is configured to the numeral label of central server
Name server can be network condition or the digital signature server of better performances in digital certificate synchronization system, in being configured to
The digital signature server of central server machine probability of delaying is minimum, and CA mechanism can preferentially update quilt when carrying out updating digital certificate
The digital certificate being configured in the digital signature server of central server, when other digital signature server be configured to
When the network address signature server of central server carries out digital certificate synchronization, synchronous efficiency resource that is higher and that consumed is less.
Can include two or more being configured to center service it should be noted that digital certificate synchronizes system
The digital signature server of device, thus ensure that wherein a digital signature server being configured to central server breaks down
Time, digital certificate synchronizes system will not be because not existing the digital signature service being configured to central server that can normally work
Device and cause digital certificate synchronization failure.
Preferably, digital certificate synchronization system includes two digital signature server being configured to central server.This
Time digital certificate synchronize system complexity can be 2N*N!=8, it is ensured that be configured to the digital signature service of central server
Device is unlikely to too much.
As shown in Figure 6, digital certificate is synchronized system 601 and can be connected with subscriber equipment 605 by network 604, user
Subscriber equipment 605 can be used to be connected with digital signature server 602 or digital signature server 603 by network 604, and to
Digital signature server 602 or digital signature server 603 send the digital signature information of this user and believe with digital signature
The digital certificate mark that breath is corresponding, wherein digital certificate mark can uniquely identify the digital certificate of correspondence, digital signature service
Device 602 or digital signature server 603 can be inquired about according to digital certificate mark, with in digital signature server 602 or
The digital certificate of correspondence, and the numeral label of the digital certificate authentication user according to this correspondence are determined in digital signature server 603
Whether name information is correct, if being proved to be successful, determines that the identity of this user is legal and is returned to subscriber equipment 605 by network 604
Corresponding confirmation, if authentication failed, returns corresponding authentication failed information by network 604 to subscriber equipment 605.
The embodiment provides a kind of digital certificate and synchronize system, be configured to center service including at least two
The digital signature server of device and be configured to the digital signature server of non-central server, when digital signature server weight
Qi Shi, obtains the type that this digital signature server restarted is configured, and genuinely convinced in digital signature server is configured to
During business device, when making the digital signature server restarted restart, in system synchronization with digital certificate, other are configured to central server
Arbitrary digital signature server carry out digital certificate increment synchronization, so that digital signature server and reliability are higher and number
The digital signature server that word Cert sync efficiency is higher carries out digital certificate increment synchronization, make digital signature server with in
On the premise of digital certificate keeps unanimously on central server, reduce the resource that digital certificate synchronizes to be consumed as far as possible, improve digital
The efficiency of Cert sync;When digital signature server is configured to non-central server, make the digital signature server restarted
The arbitrary digital signature server being configured to central server when restarting in system synchronization with digital certificate carries out digital certificate
Full dose synchronizes, so that digital signature server and the numeral that digital certificate correctness is higher and digital certificate synchronous efficiency is higher
Signature server carries out digital certificate full dose synchronization, so that the digital signature server restarted is counting on its central server
On the premise of word certificate keeps unanimously, reduce the resource that digital certificate synchronizes to be consumed as far as possible, improve the effect of digital certificate synchronization
Rate.Therefore the digital certificate of the offer of the present invention synchronizes type that system can be configured according to digital signature server according to phase
Network condition and better performances in this digital signature server restarted of the policy control answered system synchronization with digital certificate, reliable
The digital signature server that property is higher carries out digital certificate synchronization so that the digital signature server restarted with digital certificate
On the premise of digital certificate keeps unanimously in other digital signature server in synchronization system, reduce digital certificate and synchronize to be consumed
Resource and cost, improve digital certificate synchronize efficiency, improve Consumer's Experience.
It should be noted that due to the digital signature clothes being configured to central server provided in embodiments of the invention
Business device or be configured to digital signature server the received digital certificate synchronizing information of non-central server and generally include this locality
Digital certificate synchronizing information and broadcast figure Cert sync information, therefore to accelerate digital certificate synchronizing speed, can be by quilt
In the digital signature server being configured to central server or the digital signature server being configured to non-central server not
Same processor processes accordingly according to different digital certificate synchronizing informations respectively.
In the digital signature server being configured to central server provided in embodiments of the invention, restart module
402 can be processor, and this processor can also be integrated in some processor of the first equipment realization, in addition it is also possible to
Be stored in the memorizer of the first equipment with the form of program code, some processor of the first equipment call and perform with
On restart the function of module 402.Processor described here can be a central processing unit (English full name: central
Processing unit, English abbreviation: CPU), or specific integrated circuit (English full name: application
Specific integrated circuit, English abbreviation: ASIC), or be configured to implement the one of the embodiment of the present invention
Individual or multiple integrated circuits.
Referring to the drawings shown in 7, embodiments of the invention provide a kind of digital signature server 700, this digital signature service
It is above-mentioned for implementing that device 700 is configured to central server and this digital signature server 700 in digital certificate synchronization system
Digital certificate synchronous method provided in embodiment, digital signature server 700 includes: first processor 701, second processes
Device 702, transceiver 703, memorizer 704 and bus 705;First processor the 701, second processor 702, transceiver 703, storage
Device 704 is connected by described bus 705 and completes mutual communication;
Wherein, transceiver 703 is used for receiving local digital Cert sync information and broadcast figure Cert sync information, and
Local digital Cert sync information is supplied to first processor 701, broadcast figure Cert sync information is supplied at second
Reason device 702.
First processor 701 is used for processing local digital Cert sync information, and this local digital Cert sync information is used for
Digital certificate in this digital signature server is synchronized by instruction, and this local digital Cert sync information need not this number
Word signature server forwards to other digital signature server;
Second processor 702 is used for processing broadcast figure Cert sync information, and also is used for controlling transceiver 703 with extensively
The mode broadcast forwards this broadcast figure Cert sync information, and this broadcast figure Cert sync information is for indicating this digital signature
Digital certificate on server synchronizes, and this broadcast figure Cert sync information may be used to indicate that digital certificate simultaneously
In synchronization system, the digital certificate in other digital signature server synchronizes.
Preferably, local digital Cert sync information is that the application on subscriber equipment sends.
It should be noted that first processor the 701, second processor 702 here can be processor, it is also possible to be many
The general designation of individual treatment element.Such as, this processor can be central processor CPU, it is also possible to be specific integrated circuit ASIC, or
Person is arranged to implement one or more integrated circuits of the embodiment of the present invention, such as: one or more microprocessors are (English
Full name: digital singnal processor, English abbreviation: DSP), or, one or more field programmable gate array
(English full name: field programmable aate array, English abbreviation: FPGA).
Memorizer 704 can be a storage device, it is also possible to is the general designation of multiple memory element, and is used for storing and can hold
Line program code or access network management equipment run required parameter, data etc..And memorizer 704 can include random access memory
(English full name: random-access memory, English abbreviation: RAM), it is also possible to include that nonvolatile memory is (English complete
Claim: non-volatile memory, English abbreviation: NVRAM), such as disk memory, flash memory (Flash) etc..
Bus 705 can be industry standard architecture (English full name: industry standard
Architecture, English abbreviation: ISA) bus, external equipment interconnection (English full name: peripheral component, English
Literary composition is called for short: PCI) bus or extended industry-standard architecture (English full name: extended industry standard
Architecture, English abbreviation: EISA) bus etc..This bus 705 can be divided into address bus, data/address bus, control bus
Deng.For ease of representing, Fig. 7 only represents with a thick line, it is not intended that an only bus or a type of bus.
In the digital signature server being configured to non-central server provided in embodiments of the invention, restart module
502 can be processor, and this processor can also be integrated in some processor of the first equipment realization, in addition it is also possible to
Be stored in the memorizer of the first equipment with the form of program code, some processor of the first equipment call and perform with
On restart the function of module 502.Processor described here can be a central processing unit (English full name: central
Processing unit, English abbreviation: CPU), or specific integrated circuit (English full name: application
Specific integrated circuit, English abbreviation: ASIC), or be configured to implement the one of the embodiment of the present invention
Individual or multiple integrated circuits.
Referring to the drawings shown in 8, embodiments of the invention provide a kind of digital signature server 800 and this digital signature service
Device 800 is configured to non-central server and this digital signature server 800 for implementing in digital certificate synchronization system
Stating the digital certificate synchronous method provided in embodiment, digital signature server 800 may include that processor 801, transceiver
802, memorizer 803 and bus 804;Processor 801, transceiver 802, memorizer 803 are connected by described bus 804 and are completed
Mutual communication;
Wherein, transceiver 802 is used for receiving local digital Cert sync information and broadcast figure Cert sync information, and
Local digital Cert sync information and broadcast figure Cert sync information are both provided to processor 801.
Processor 801 is used for processing local digital Cert sync information and broadcast figure Cert sync information, local number
Word Cert sync information and broadcast figure Cert sync information are used to indicate the numeral card in this digital signature server
Book synchronizes, and local digital Cert sync information and broadcast figure Cert sync information all need not this digital signature clothes
Business device forwards to other digital signature server;
It should be noted that processor 801 here can be processor, it is also possible to be the general designation of multiple treatment element.
Such as, this processor can be central processor CPU, it is also possible to be specific integrated circuit ASIC, or is configured to implement
One or more integrated circuits of the embodiment of the present invention, such as: one or more microprocessors (English full name: digital
Singnal processor, English abbreviation: DSP), or, one or more field programmable gate array (English full name:
Field programmable aate array, English abbreviation: FPGA).
Memorizer 803 can be a storage device, it is also possible to is the general designation of multiple memory element, and is used for storing and can hold
Line program code or access network management equipment run required parameter, data etc..And memorizer 803 can include random access memory
(English full name: random-access memory, English abbreviation: RAM), it is also possible to include that nonvolatile memory is (English complete
Claim: non-volatile memory, English abbreviation: NVRAM), such as disk memory, flash memory (Flash) etc..
Bus 804 can be industry standard architecture (English full name: industry standard
Architecture, English abbreviation: ISA) bus, external equipment interconnection (English full name: peripheral component, English
Literary composition is called for short: PCI) bus or extended industry-standard architecture (English full name: extended industry standard
Architecture, English abbreviation: EISA) bus etc..This bus 805 can be divided into address bus, data/address bus, control bus
Deng.For ease of representing, Fig. 8 only represents with a thick line, it is not intended that an only bus or a type of bus.
Those of ordinary skill in the art are it is to be appreciated that combine the list of each example that the embodiments described herein describes
Unit and algorithm steps, it is possible to being implemented in combination in of electronic hardware or computer software and electronic hardware.These functions are actually
Perform with hardware or software mode, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel
Each specifically should being used for can be used different methods to realize described function, but this realization is it is not considered that exceed
The scope of the present invention.
Those skilled in the art is it can be understood that arrive, for convenience and simplicity of description, the system of foregoing description,
The specific works process of device and unit, is referred to the corresponding process in preceding method embodiment, does not repeats them here.
In several embodiments provided herein, it should be understood that disclosed system, equipment and method, permissible
Realize by another way.Such as, apparatus embodiments described above is only schematically, such as, and described unit
Dividing, be only a kind of logic function and divide, actual can have other dividing mode, the most multiple unit or assembly when realizing
Can in conjunction with or be desirably integrated into another system, or some features can be ignored, or does not performs.Another point, shown or
The coupling each other discussed or direct-coupling or communication connection can be the indirect couplings by some interfaces, equipment or unit
Close or communication connection, can be electrical, machinery or other form.
The described unit illustrated as separating component can be or may not be physically separate, shows as unit
The parts shown can be or may not be physical location, i.e. may be located at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected according to the actual needs to realize the mesh of the present embodiment scheme
's.
It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it is also possible to
It is that unit is individually physically present, it is also possible to two or more unit are integrated in a unit.
If described function is using the form realization of SFU software functional unit and as independent production marketing or use, permissible
It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is the most in other words
The part contributing prior art or the part of this technical scheme can embody with the form of software product, this meter
Calculation machine software product is stored in a storage medium, including some instructions with so that a computer equipment (can be individual
People's computer, server, or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.
And aforesaid storage medium includes: USB flash disk, portable hard drive, read only memory (English abbreviation: ROM, English full name: Read-Only
Memory), random access memory (English abbreviation: RAM, English full name: Random Access Memory), magnetic disc or light
The various medium that can store program code such as dish.
The above, the only detailed description of the invention of the present invention, but protection scope of the present invention is not limited thereto, and any
Those familiar with the art, in the technical scope that the invention discloses, can readily occur in change or replace, should contain
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should described be as the criterion with scope of the claims.
Claims (12)
1. a digital certificate synchronous method, it is characterised in that be applied to include the numeral of at least two digital signature server
Cert sync system, described method includes:
When described digital signature server restart and described in the digital signature server restarted be configured to central server time, institute
State in the digital signature server restarted system synchronization with described digital certificate other arbitrary numbers being configured to central server
Word signature server carries out digital certificate increment synchronization;
When described digital signature server restart and described in the digital signature server restarted be configured to non-central server time,
The described digital signature server restarted system synchronization with described digital certificate is configured to arbitrary numeral of central server
Signature server carries out digital certificate full dose synchronization.
Digital certificate synchronous method the most according to claim 1, it is characterised in that described in the digital signature server restarted
In system synchronization with described digital certificate, other digital signature server being configured to central server carry out digital certificate increasing
Amount synchronizes, including:
When determining that in described digital certificate synchronization system, other digital signature server being configured to central server are just
When synchronous regime, described in the digital signature server restarted inquire about described digital certificate with very first time threshold value for interval timing
In synchronization system, other are configured to the state of digital signature server of central server;
When determining according to Query Result in described digital certificate synchronization system that other are configured to arbitrary numeral of central server
When signature server is normal service state, described in the digital signature server system synchronization with described digital certificate restarted its
He is configured to central server and the digital signature server for normal service state carries out digital certificate increment synchronization.
Digital certificate synchronous method the most according to claim 1, it is characterised in that described method also includes:
When described digital signature server restart, described digital signature server is configured to central server and described in restart
Digital signature server system synchronization with described digital certificate in other are configured to the digital signature service of central server
During the equal synchronization failure of device, all in described digital signature server system synchronization with described digital certificate it is configured to non-central clothes
The digital signature server of business device carries out digital certificate increment synchronization successively.
Digital certificate synchronous method the most according to claim 1, it is characterised in that described in the digital signature server restarted
The digital signature server being configured to central server in system synchronization with described digital certificate carries out digital certificate full dose together
Step, including:
Same when determining that the digital signature server being configured to central server in described digital certificate synchronization system is
During step state, described in the digital signature server restarted inquire about described digital certificate with the second time threshold for interval timing and synchronize
System is configured to the state of the digital signature server of central server;
When determining the arbitrary digital signature being configured to central server in described digital certificate synchronization system according to Query Result
When server is normal service state, described in the digital signature server system synchronization with described digital certificate restarted is configured
Centered by server and carry out digital certificate full dose synchronization for the digital signature server of normal service state.
Digital certificate synchronous method the most according to claim 1, it is characterised in that described method also includes:
When described digital signature server restart, described digital signature server is configured to non-central server and described number
The digital signature server being configured to central server in word signature server system synchronization with described digital certificate all synchronizes
During failure, described in the digital signature server restarted wait synchronic command;
When described synchronic command is signature verification request, described in the digital signature server restarted please according to described signature verification
In described digital certificate synchronization system, other are configured to the digital signature of non-central server to the digital certificate mark asked
The digital certificate of correspondence, and the digital signature service restarted described in being synchronized to by the digital certificate of described correspondence is inquired about on server
Device;
The digital signature server of central server it is configured in described synchronic command is described digital certificate synchronization system
During the synchronic command sent, described in the digital signature server restarted with send described synchronic command be configured to center service
The digital signature server of device carries out digital certificate full dose synchronization.
6. a digital signature server, it is characterised in that described digital signature server is configured to central server, described
Digital signature server includes:
Restart module, be configured as described digital signature server when restarting, in system synchronization with described digital certificate other
The arbitrary digital signature server being configured to central server carries out digital certificate increment synchronization.
Digital signature server the most according to claim 6, it is characterised in that described in restart module and be specifically configured to
When determining that in described digital certificate synchronization system, other digital signature server being configured to central server are just
When synchronous regime, inquire about during in described digital certificate synchronization system, other are configured to very first time threshold value for interval timing
The state of the digital signature server of central server;
When determining according to Query Result in described digital certificate synchronization system that other are configured to arbitrary numeral of central server
When signature server is normal service state, in system synchronization with described digital certificate, other are configured to central server and are
The digital signature server of normal service state carries out digital certificate increment synchronization.
Digital signature server the most according to claim 6, it is characterised in that described in restart module and be also configured to
When described digital signature server restart and described in the digital signature server system Tong Bu with described digital certificate restarted
In other when being configured to the equal synchronization failure of digital signature server of central server, in system synchronization with described digital certificate
All digital signature server being configured to non-central server carry out digital certificate increment synchronization successively.
9. a digital signature server, it is characterised in that described digital signature server is configured to non-central server, institute
State digital signature server to include:
Restart module, be configured as described digital signature server when restarting, system synchronization with described digital certificate is joined
The arbitrary digital signature server being set to central server carries out digital certificate full dose synchronization.
Digital signature server the most according to claim 9, it is characterised in that described in restart module and be specifically configured to:
Same when determining that the digital signature server being configured to central server in described digital certificate synchronization system is
During step state, inquire about in described digital certificate synchronization system with the second time threshold for interval timing and be configured to central server
The state of digital signature server;
When determining the arbitrary digital signature being configured to central server in described digital certificate synchronization system according to Query Result
When server is normal service state, system synchronization with described digital certificate is configured to central server and for normal service
The digital signature server of state carries out digital certificate full dose synchronization.
11. digital signature server according to claim 9, it is characterised in that described in restart module and be also configured to
When described digital signature server is restarted and is joined in described digital signature server system synchronization with described digital certificate
When being set to the digital signature server synchronization failure of central server, wait synchronic command;
When described synchronic command is signature verification request, identify described according to the digital certificate in described signature verification request
In digital certificate synchronization system, other are configured in the digital signature server of non-central server the numeral card that inquiry is corresponding
Book, and the digital certificate of described correspondence is synchronized to the digital signature server restarted;
The digital signature server of central server it is configured in described synchronic command is described digital certificate synchronization system
During the synchronic command sent, with the digital signature server number being configured to central server sending described synchronic command
Word certificate full dose synchronizes.
12. 1 kinds of digital certificates synchronize systems, it is characterised in that include at least two digital signature server, and described at least two
Platform digital signature server at least includes the digital signature being configured to central server as described in arbitrary in claim 6-8
Server and the digital signature server being configured to non-central server as described in arbitrary in claim 9-11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610798642.XA CN106330945B (en) | 2016-08-31 | 2016-08-31 | Digital certificate synchronization method, digital signature server and digital certificate synchronization system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610798642.XA CN106330945B (en) | 2016-08-31 | 2016-08-31 | Digital certificate synchronization method, digital signature server and digital certificate synchronization system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106330945A true CN106330945A (en) | 2017-01-11 |
| CN106330945B CN106330945B (en) | 2020-04-24 |
Family
ID=57787411
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610798642.XA Active CN106330945B (en) | 2016-08-31 | 2016-08-31 | Digital certificate synchronization method, digital signature server and digital certificate synchronization system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106330945B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2306347A1 (en) * | 2009-09-25 | 2011-04-06 | . Poon Roger J | Method of synchronizing information across multiple computing devices |
| CN102662793A (en) * | 2012-03-07 | 2012-09-12 | 江苏引跑网络科技有限公司 | Hot backup and recovery method of distributed database with guarantee of data consistency |
| CN102831038A (en) * | 2011-06-17 | 2012-12-19 | 中兴通讯股份有限公司 | Disaster tolerance method for ENUM-DNS (Telephone Number Mapping-Domain Name System) and ENUM-DNS |
| CN103853630A (en) * | 2012-11-30 | 2014-06-11 | 大连宏宇科技有限公司 | Backing-up and restoring system |
| US20150019871A1 (en) * | 2013-07-10 | 2015-01-15 | Transcend Information, Inc. | Certification method and electronic device |
| US20150186668A1 (en) * | 2013-12-30 | 2015-07-02 | Moka5, Inc. | Protecting data in insecure cloud storage |
| CN105354108A (en) * | 2014-08-22 | 2016-02-24 | 中兴通讯股份有限公司 | Data backup method and node |
-
2016
- 2016-08-31 CN CN201610798642.XA patent/CN106330945B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2306347A1 (en) * | 2009-09-25 | 2011-04-06 | . Poon Roger J | Method of synchronizing information across multiple computing devices |
| CN102831038A (en) * | 2011-06-17 | 2012-12-19 | 中兴通讯股份有限公司 | Disaster tolerance method for ENUM-DNS (Telephone Number Mapping-Domain Name System) and ENUM-DNS |
| CN102662793A (en) * | 2012-03-07 | 2012-09-12 | 江苏引跑网络科技有限公司 | Hot backup and recovery method of distributed database with guarantee of data consistency |
| CN103853630A (en) * | 2012-11-30 | 2014-06-11 | 大连宏宇科技有限公司 | Backing-up and restoring system |
| US20150019871A1 (en) * | 2013-07-10 | 2015-01-15 | Transcend Information, Inc. | Certification method and electronic device |
| US20150186668A1 (en) * | 2013-12-30 | 2015-07-02 | Moka5, Inc. | Protecting data in insecure cloud storage |
| CN105354108A (en) * | 2014-08-22 | 2016-02-24 | 中兴通讯股份有限公司 | Data backup method and node |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106330945B (en) | 2020-04-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110046896B (en) | Block processing method, node and system | |
| CN107392608B (en) | Block chain system-based digital asset transaction method and block chain system | |
| CN112073269B (en) | Block chain network testing method, device, server and storage medium | |
| US11616649B2 (en) | Computer-implemented systems and methods relating to a binary blockchain comprising a pair of coupled blockchains | |
| CN112650764B (en) | Cross-chain data processing method, device, equipment and storage medium | |
| CN110430087A (en) | The architecture design and realization of block chain heat upgrading | |
| TW202016787A (en) | Block chain-based transaction processing method and device based on block chain and electronic equipment | |
| EP3779760B1 (en) | Blockchain-based data processing method and apparatus, and electronic device | |
| CN110009338B (en) | Accounting method and device based on block chain and electronic equipment | |
| CN115859343A (en) | Transaction data processing method and device and readable storage medium | |
| CN111698315B (en) | Data processing method and device for block and computer equipment | |
| US8554727B2 (en) | Method and system of tiered quiescing | |
| CN111770112B (en) | Information sharing method, device and equipment | |
| CN109726249B (en) | Decentralized chip research and development transaction data storage method and system | |
| CN111125778A (en) | Copyright transaction information processing method and device | |
| CN112150113A (en) | Method, device and system for borrowing file data and method for borrowing data | |
| CN110659993A (en) | Resource management method and device based on block chain network | |
| CN111311254A (en) | Service processing method, device and system based on block chain | |
| CN107038025B (en) | SOA architecture-based system calling method and device | |
| CN113254169B (en) | Operation method, device, equipment and storage medium of block chain system | |
| CN106254373A (en) | Digital certificate synchronous method, digital signature server and digital certificate synchronize system | |
| CN111209542B (en) | Authority management method and device, storage medium and electronic equipment | |
| CN114445073A (en) | Computer-implemented method, information processing apparatus, and storage medium | |
| CN106330945A (en) | Digital certificate synchronization method, digital signature server and digital certificate synchronization system | |
| CN106130740B (en) | Digital certificate synchronous method, digital signature server and digital certificate synchronization system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100093 Haidian District, Haidian District, Beijing, No. 23, No. 2, No. 1001 Applicant after: Beijing Xin'an century Polytron Technologies Inc Address before: 100052 Beijing city Xicheng District Xuanwu Gate Street No. 1 C block 4 layer center global wealth Applicant before: Beijing Infosec Technologies Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |