CN106330945B - Digital certificate synchronization method, digital signature server and digital certificate synchronization system - Google Patents
Digital certificate synchronization method, digital signature server and digital certificate synchronization system Download PDFInfo
- Publication number
- CN106330945B CN106330945B CN201610798642.XA CN201610798642A CN106330945B CN 106330945 B CN106330945 B CN 106330945B CN 201610798642 A CN201610798642 A CN 201610798642A CN 106330945 B CN106330945 B CN 106330945B
- Authority
- CN
- China
- Prior art keywords
- digital
- digital signature
- server
- digital certificate
- signature server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Hardware Redundancy (AREA)
Abstract
The embodiment of the invention provides a digital certificate synchronization method, a digital signature server and a digital certificate synchronization system, relates to the technical field of network security, and can solve the problem that the digital certificate is repeatedly synchronized when the existing digital signature server is restarted and the digital certificate is synchronized, wherein the method is applied to the digital certificate synchronization system comprising at least two digital signature servers and comprises the following steps: when the digital signature server is restarted and the restarted digital signature server is configured as a central server, the restarted digital signature server and any other digital signature server configured as the central server in the digital certificate synchronization system perform digital certificate increment synchronization; when the digital signature server is restarted and the restarted digital signature server is configured as a non-central server, the restarted digital signature server performs full digital certificate synchronization with any digital signature server configured as a central server in the digital certificate synchronization system. The invention is used for synchronizing digital certificates.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a digital certificate synchronization method, a digital signature server and a digital certificate synchronization system.
Background
With the progress of electronic commerce technology in recent years, users can interact information with other users through a network, for example, a customer who conducts financial transaction can conveniently and easily conduct business transaction with a financial institution through the network and achieve transaction, but the risk that part of data is stolen or abused is objectively increased by interacting some sensitive or valuable data through the network. In order to ensure the security and reliability of sensitive or high-value data interacted by a user through a network, a trust mechanism needs to be established for network information interaction, namely, both parties participating in the information interaction are required to have legal identities which can be verified effectively and infallibly. The information for identifying the identity of each communicating party is called a digital Certificate, the digital Certificate can be a string of numbers or an electronic document, and is generally issued by a Certificate Authority (CA), and the communicating parties can use the digital Certificate to identify the identity of each other during internet communication.
In general, a digital certificate is stored in a digital signature server, and when a user performs data interaction, the identity of the other party in the data interaction needs to be verified by using the digital certificate stored in the digital signature server. In practical use, the identity of the user in the data interaction may be common to a plurality of different entities or institutions, for example, the validity of the user identity may be mutually acknowledged among a plurality of financial institutions in financial transactions, so that the same digital certificate is stored on a plurality of different digital signature servers in general, and the digital certificates stored on the plurality of different digital signature servers need to be consistent all the time.
In the prior art, digital certificates in different digital signature servers can be kept consistent through High availability cluster (HA) synchronization configuration or disaster backup synchronization configuration, but when a digital signature server is restarted, the existing digital certificate synchronization method can only manually control the restarted digital signature server to perform full synchronization with other digital signature servers through an operator, and because the difference existing between the restarted digital signature server and other digital signature servers is not considered in the above process and the digital certificates are directly subjected to full synchronization, unnecessary synchronization of a part of digital certificates can be caused, so that the problem of repeated synchronization of the digital certificates occurs when the digital signature server is restarted and the digital certificates are synchronized, thereby increasing the complexity of digital certificate synchronization, resources and cost consumed by digital certificate synchronization are improved, and user experience is damaged.
Disclosure of Invention
The application provides a digital certificate synchronization method, a digital signature server and a digital certificate synchronization system, which can solve the problem that the digital certificate is repeatedly synchronized when the digital signature server is restarted and digital certificate synchronization is carried out in the conventional digital certificate synchronization method.
In a first aspect, an embodiment of the present invention provides a digital certificate synchronization method, which is applied to a digital certificate synchronization system including at least two digital signature servers, and includes: when the digital signature server is restarted and the restarted digital signature server is configured as a central server, the restarted digital signature server and any other digital signature server configured as the central server in the digital certificate synchronization system perform digital certificate increment synchronization; when the digital signature server is restarted and the restarted digital signature server is configured as a non-central server, the restarted digital signature server performs full digital certificate synchronization with any digital signature server configured as a central server in the digital certificate synchronization system.
In a second aspect, an embodiment of the present invention provides a digital signature server configured as a central server, including: the restarting module is configured to perform digital certificate increment synchronization with any digital signature server which is configured as a central server in the digital certificate synchronization system when the digital signature server is restarted;
in a third aspect, an embodiment of the present invention provides a digital signature server configured as a non-central server, including: a restart module configured to perform full digital certificate synchronization with any one of the digital signature servers configured as a central server in the digital certificate synchronization system when the digital signature server is restarted
In a fourth aspect, an embodiment of the present invention provides a digital certificate synchronization system, including at least the digital signature server configured as a central server provided in the second aspect embodiment described above and the digital signature server configured as a non-central server provided in the third aspect embodiment described above.
The embodiment of the invention provides a digital certificate synchronization method, a digital signature server and a digital certificate synchronization system, which are applied to a digital certificate synchronization system comprising at least two digital signature servers, when the digital signature server is restarted, the configured type of the restarted digital signature server is obtained, and when the digital signature server is configured as a central server, the restarted digital signature server and any one digital signature server which is configured as the central server in the digital certificate synchronization system are subjected to digital certificate increment synchronization when the restarted digital signature server is restarted, so that the digital signature server and the digital signature server which has higher reliability and higher digital certificate synchronization efficiency are subjected to digital certificate increment synchronization, and the digital signature server and the digital certificate on the central server are kept consistent, the resources consumed by digital certificate synchronization are reduced as much as possible, the efficiency of digital certificate synchronization is improved; when the digital signature server is configured as a non-central server, the restarted digital signature server is enabled to perform full digital certificate synchronization with any digital signature server configured as a central server in the digital certificate synchronization system when being restarted, so that the digital signature server and the digital signature server with higher digital certificate correctness and higher digital certificate synchronization efficiency perform full digital certificate synchronization, resources consumed by digital certificate synchronization are reduced as much as possible on the premise that the restarted digital signature server is consistent with the digital certificate on the central server, and the digital certificate synchronization efficiency is improved. Therefore, the digital certificate synchronization method provided by the invention can control the restarted digital signature server and the digital signature server with better network condition and performance and higher reliability to carry out digital certificate synchronization according to the configured type of the digital signature server and the corresponding strategy, thereby reducing the resource and cost consumed by digital certificate synchronization, improving the efficiency of digital certificate synchronization and improving the user experience on the premise that the restarted digital signature server is consistent with the digital certificates on other digital signature servers in the digital certificate synchronization system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of an architecture for performing authentication using a digital signature server according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a digital certificate synchronization method provided by an embodiment of the present invention;
fig. 3 is a schematic flow chart of a digital certificate synchronization method according to another embodiment of the present invention;
fig. 4 is a schematic structural diagram of a digital signature server provided by an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a digital signature server according to another embodiment of the present invention;
FIG. 6 is a schematic block diagram of a digital certificate synchronization system according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a digital signature server according to another embodiment of the present invention;
fig. 8 is a schematic structural diagram of a digital signature server according to another embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For the convenience of clearly describing the technical solutions of the embodiments of the present invention, in the embodiments of the present invention, the words "first", "second", and the like are used for distinguishing the same items or similar items with basically the same functions and actions, and those skilled in the art can understand that the words "first", "second", and the like are not limited in number or execution order.
The digital Certificate is information for marking the identity of each communication party in network communication, can be a string of numbers or an electronic document, and is generally issued by a Certificate Authority (CA for short), and the communication parties can use the digital Certificate to identify the identity of the other party during internet communication. The current types of digital certificates mainly include: personal digital certificates, unit employee digital certificates, server certificates, VPN certificates, WAP certificates, code signing certificates, and form signing certificates. With the development of technology, digital certificates are beginning to be widely applied in various fields, and at present, mainly include: sending secure e-mail, accessing secure sites, bidding on the internet, signing on the internet, ordering on the internet, secure transfer of official documents on the internet, paying taxes on the internet, investing stocks on the internet, shopping on the internet, declaring customs on the internet, and the like.
Typically, the digital certificate is stored on a digital signature server, and when a user performs data interaction, the digital signature server is required to verify the identity of the other party in the data interaction. As shown in fig. 1, an embodiment of the present invention provides an architecture for performing identity authentication using a digital signature server, including a user device 101, a network 102 and a digital signature server 103, where a user needs to verify an identity of the user when using the user device 101 to perform data interaction, so that the user device 101 sends digital signature information of the user and a digital certificate identifier corresponding to the digital signature information to the digital signature server 103 through the network 102, where the digital certificate identifier can uniquely identify a corresponding digital certificate, the digital signature server 103 performs an inquiry according to the digital certificate identifier, obtains the corresponding digital certificate, and verifies whether the digital signature information of the user is correct according to the corresponding digital certificate, if the verification is successful, determines that the identity of the user is legal, and can continue to perform corresponding data interaction with the user, and if the verification fails, returning verification failure information.
In practical use, the identity of the user in the data interaction may be common to a plurality of different units or institutions, for example, in a financial transaction, the validity of the user identity may be mutually acknowledged among a plurality of financial institutions, such as chinese Union of unions Pay or other cross-bank transaction clearing systems, and the validity of the user identity of other banks may be mutually acknowledged among a plurality of banks when performing financial transactions, at this time, in the cross-bank transaction clearing system, digital certificates located in digital signature servers of a plurality of different banks need to be issued by a unified CA institution, such as chinese people's bank, and the digital certificates stored in the plurality of different digital signature servers need to be constantly consistent.
In the prior art, in order to keep digital certificates stored in a plurality of different digital signature servers consistent, the digital certificates in the different digital signature servers may be kept consistent through a High availability cluster (HA) synchronization configuration or a disaster backup synchronization configuration. Specifically, the HA synchronization configuration generally includes two or more digital signature servers, which are divided into a main digital signature server and a standby digital signature server, wherein when a digital certificate on the main digital signature server changes, the main digital signature server sends digital certificate synchronization information to the standby digital signature server within a predetermined time range, so that the standby digital signature server performs synchronization according to the digital certificate synchronization information; the disaster backup synchronization configuration generally comprises two digital signature servers, which are divided into a main digital signature server and a standby digital signature server, and the purpose of synchronizing the digital certificate on the standby digital signature server is achieved by sending the operation information of the digital certificate on the main digital signature server to the standby digital signature server in real time.
Although the above two schemes can keep the digital certificates stored in different digital signature servers consistent, when the digital signature server is restarted, the HA synchronization configuration does not include content for immediately synchronizing the restarted digital signature server, so that the digital certificate stored in the restarted digital signature server may not be consistent with the digital certificates stored in other digital signature servers; in disaster backup synchronous configuration, after the backup digital signature server is restarted, the primary digital signature server only sends the operation information of the digital certificate on the primary digital signature server after the backup digital signature server is restarted, and the backup digital signature server cannot obtain the operation information of the digital certificate on the primary digital signature server in the restarting process of the backup digital signature server, so that the digital certificate on the backup digital signature server is possibly inconsistent with the digital certificate stored in the primary digital signature server.
Therefore, when the digital signature server is restarted, the existing digital certificate synchronization method needs to control the restarted digital signature server to perform full synchronization with other digital signature servers in the system through an operator, so as to ensure that digital certificates stored in different digital signature servers are kept consistent. However, the above steps are executed by the operator, which not only increases the consumption of human resources when the digital certificate is synchronized, but also reduces the efficiency of digital certificate synchronization and increases the cost of digital certificate synchronization when restarting the digital signature server to perform full synchronization with the digital signature server with poor network status and performance in the system because the network status and performance of different digital signature servers often have great difference, so the existing digital certificate synchronization method increases the complexity of digital certificate synchronization, increases the resources and cost consumed by digital certificate synchronization, and damages the user experience.
In order to solve the above problem, as shown in fig. 2, an embodiment of the present invention provides a digital certificate synchronization method applied to a digital certificate synchronization system including at least two digital signature servers, where the method includes:
201. when the digital signature server is restarted, the type of the restarted digital signature server is determined.
Specifically, the digital signature server is located in a digital certificate synchronization system, the digital certificate synchronization system includes at least two digital signature servers, and the digital certificates issued by a unified CA authority are stored in the at least two digital signature servers.
The types of the digital signature servers include a central server and a non-central server, the digital signature server may be configured as the central server or the non-central server, and specifically, the digital signature server configured as the central server may be a digital signature server with better network status or performance in the digital certificate synchronization system, the downtime probability of the digital signature server configured as the central server is very small, the CA organization may preferentially update the digital certificate on the digital signature server configured as the central server when updating the digital certificate, and when the other digital signature servers perform digital certificate synchronization with the website signature server configured as the central server, the synchronization efficiency is higher and the consumed resources are less.
It should be noted that the digital certificate synchronization system may include at least two or more digital signature servers configured as the central server, so as to ensure that when one of the digital signature servers configured as the central server fails, the digital certificate synchronization system does not fail to synchronize the digital certificate due to the absence of the digital signature server configured as the central server that is capable of working normally.
Preferably, the digital certificate synchronization system comprises two digital signature servers configured as a central server. The complexity of the digital certificate synchronization system at this time may be 2NN! 8, the digital signature server configured as a central server is guaranteed not to be excessive.
Step 102 is performed when the restarted digital signature server is configured as a central server.
When the restarted digital signature server is configured as a non-central server, step 103 is performed.
202. And the restarted digital signature server performs digital certificate increment synchronization with any other digital signature server configured as a central server in the digital certificate synchronization system.
Specifically, when the restarted digital signature server is configured as a central server, when the restarted digital signature server is restarted, performing digital certificate increment synchronization with any digital signature server configured as the central server in the digital certificate synchronization system, where the digital certificate increment synchronization refers to comparing different portions of the digital certificate on the restarted digital signature server and any digital signature server configured as the central server in the digital certificate synchronization system, and synchronizing only the different portions of the digital certificate to the restarted digital signature server, where a digital certificate on the restarted digital signature server after the digital certificate increment synchronization is completed is identical to a digital certificate on any digital signature server configured as the central server in the digital certificate synchronization system.
Because the restarted digital signature server is in a state of being down or otherwise unable to synchronize the digital certificate within a period of time before the restart is successful, the digital certificate which is changed within the period of time may not be updated on the restarted digital signature server correspondingly. The restarted digital signature server is a central server, so that the network condition and performance of the restarted digital signature server are better, the reliability is higher, the time of being in a state of being down or being incapable of synchronizing a digital certificate is possibly shorter, and the quantity of the digital certificate which cannot be updated correspondingly is possibly smaller, therefore, the restarted digital signature server and any one digital signature server which is configured as the central server in the digital certificate synchronization system are controlled, namely the digital signature server with higher reliability and higher digital certificate synchronization efficiency carries out digital certificate increment synchronization, so that the resources consumed by digital certificate synchronization are reduced as much as possible on the premise that the restarted digital signature server is consistent with the digital certificate on the central server, and the digital certificate synchronization efficiency is improved.
203. And the restarted digital signature server performs digital certificate full synchronization with any digital signature server configured as a central server in the digital certificate synchronization system.
Specifically, when the restarted digital signature server is configured as a non-central server, the restarted digital signature server performs full digital certificate synchronization with any digital signature server configured as a central server in the digital certificate synchronization system when being restarted, wherein the full digital certificate synchronization means that the restarted digital signature server synchronizes a digital certificate on any digital signature server configured as a central server in the digital certificate synchronization system to the restarted digital signature server at one time, and the digital certificate on the restarted digital signature server after the incremental digital certificate synchronization is completed is consistent with the digital certificate on any digital signature server configured as a central server in the digital certificate synchronization system.
Because the restarted digital signature server is in a state of being down or otherwise unable to synchronize the digital certificate within a period of time before the restart is successful, the digital certificate which is changed within the period of time may not be updated on the digital signature server correspondingly. Because the restarted digital signature server is a non-central server, the restarted digital signature server has poorer network condition and performance and lower reliability compared with the digital signature server configured as the central server, the time of being in a state of being down or other states which can not synchronize the digital certificate can be longer, the number of the digital certificates which can not be updated correspondingly can be more, if the restarted digital signature server and any digital signature server configured as the central server in the digital certificate synchronization system are subjected to increment synchronization, more resources are consumed for comparing the digital certificate in the increment synchronization process, the efficiency of digital certificate synchronization is objectively reduced, and therefore the restarted digital signature server and any digital signature server configured as the central server in the digital certificate synchronization system are controlled, namely, the digital signature server with higher digital certificate correctness and higher digital certificate synchronization efficiency performs the full digital certificate synchronization, so that the resource consumed by the digital certificate synchronization is reduced as much as possible on the premise that the restarted digital signature server is consistent with the digital certificate on the central server, and the digital certificate synchronization efficiency is improved.
The embodiment of the invention provides a digital certificate synchronization method, which is applied to a digital certificate synchronization system comprising at least two digital signature servers, when the digital signature server is restarted, acquiring the configured type of the restarted digital signature server, and when the digital signature server is configured as a central server, the restarted digital signature server is subjected to digital certificate increment synchronization with any other digital signature server configured as the central server in the digital certificate synchronization system when being restarted, therefore, the digital signature server and the digital signature server with higher reliability and higher digital certificate synchronization efficiency carry out digital certificate increment synchronization, so that the resources consumed by digital certificate synchronization are reduced as much as possible on the premise that the digital signature server is consistent with the digital certificate on the central server, and the digital certificate synchronization efficiency is improved; when the digital signature server is configured as a non-central server, the restarted digital signature server is enabled to perform full digital certificate synchronization with any digital signature server configured as a central server in the digital certificate synchronization system when being restarted, so that the digital signature server and the digital signature server with higher digital certificate correctness and higher digital certificate synchronization efficiency perform full digital certificate synchronization, resources consumed by digital certificate synchronization are reduced as much as possible on the premise that the restarted digital signature server is consistent with the digital certificate on the central server, and the digital certificate synchronization efficiency is improved. Therefore, the digital certificate synchronization method provided by the invention can control the restarted digital signature server and the digital signature server with better network condition and performance and higher reliability to carry out digital certificate synchronization according to the configured type of the digital signature server and the corresponding strategy, thereby reducing the resource and cost consumed by digital certificate synchronization, improving the efficiency of digital certificate synchronization and improving the user experience on the premise that the restarted digital signature server is consistent with the digital certificates on other digital signature servers in the digital certificate synchronization system.
Further, as shown in fig. 3, an embodiment of the present invention provides a digital certificate synchronization method, which is applied to a digital certificate synchronization system including at least two digital signature servers, and the method includes:
301. when the digital signature server is restarted, the type of the restarted digital signature server is determined.
Specifically, step 201 of the above embodiment is referred to, and is not described herein again.
Step 302 is performed when the restarted digital signature server is configured as a central server.
Step 303 is performed when the restarted digital signature server is configured as a non-central server.
302. And judging whether the other digital signature servers configured as the central server in the digital certificate synchronization system are in a downtime state.
Specifically, the digital signature server may be in three states, including a normal service state, a synchronization state, and a downtime state, wherein as shown in the following table, when the digital signature server is in the normal service state, the digital signature server may perform signature verification, certificate uploading, certificate deletion, and certificate synchronization actions; when the digital signature server is in a normal synchronous state, the digital signature server can perform actions of signature verification, certificate uploading and certificate deletion, but cannot perform certificate synchronous action; when the digital signature server is in a down state, the digital signature server cannot perform any action of signature verification, certificate uploading, certificate deletion and certificate synchronization.
| Signature verification label | Uploading certificates | Deleting certificates | Certificate synchronization | |
| Normal service | √ | √ | √ | √ |
| Is synchronizing | √ | √ | √ | × |
| Downtime | × | × | × | × |
Step 304 is performed when the other digital signature servers in the digital certificate synchronization system that are configured as the central server are not all in a down state, i.e., the other digital signature servers in the digital certificate synchronization system that are configured as the central server include a digital signature server in a normal service state or include a digital signature server in a synchronization state.
When all the other digital signature servers configured as the central server in the digital certificate synchronization system are in the down state, that is, the digital signature servers and all the other digital signature servers configured as the central server in the digital certificate synchronization system fail to synchronize, step 307 is executed.
303. And judging whether the digital signature servers configured as the central server in the digital certificate synchronization system are all in a downtime state.
Step 309 is performed when the digital signature servers configured as the central server in the digital certificate synchronization system are not all in a down state, i.e., the digital signature servers configured as the central server in the digital certificate synchronization system include the digital signature server in a normal service state or include the digital signature server in a synchronization state.
Step 312 is executed when the digital signature servers configured as the central server in the digital certificate synchronization system are all in a down state, that is, the digital signature servers and the digital signature servers configured as the central server in the digital certificate synchronization system fail to synchronize.
304. And judging whether other digital signature servers configured as central servers in the digital certificate synchronization system are in a synchronization state.
When all other digital signature servers configured as central servers in the digital certificate synchronization system are in a synchronization state, step 305 is performed.
Step 308 is performed when not all other digital signature servers configured as central servers in the digital certificate synchronization system are in a synchronization state.
305. And regularly inquiring whether the state of other digital signature servers configured as central servers in the digital certificate synchronization system is a normal service state or not at intervals of a first time threshold.
Specifically, when all the other digital signature servers configured as the central server in the digital certificate synchronization system are in the synchronous state, it is necessary to perform digital certificate synchronization with the restarted digital signature server when any one of the other digital signature servers configured as the central server in the digital certificate synchronization system is in the synchronous state and is in the normal service state. The information that the digital signature server is no longer in the synchronization state but in the normal service state can be timely obtained by regularly inquiring at intervals of the first time threshold, and resources consumed for inquiring the state of other digital signature servers configured as central servers in the digital certificate synchronization system are reduced as much as possible.
When the number of times of querying is excessive, such as exceeding a predetermined query number threshold, or the time of querying is too long, such as exceeding a predetermined query time threshold, it may be considered that it is not possible to determine that any digital signature server configured as a central server in the digital certificate synchronization system is in a normal service state according to the query result.
When it is determined that any other digital signature server configured as a central server in the digital certificate synchronization system is in a normal service state according to the query result, step 306 is executed.
When it cannot be determined that any other digital signature server configured as a central server in the digital certificate synchronization system is in a normal service state according to the query result, step 307 is executed.
306. And the restarted digital signature server performs digital certificate increment synchronization with other digital signature servers which are configured as central servers and are in normal service states in the digital certificate synchronization system.
Specifically, since it is determined in step 305 that the digital certificate synchronization system has the digital signature server configured as the central server and in the normal service state, the restarted digital signature server performs digital certificate increment synchronization with the digital signature server, and the step of specifically performing digital certificate increment synchronization refers to step 202 in the foregoing embodiment, which is not described herein again.
307. And sequentially carrying out digital certificate increment synchronization on the restarted digital signature server and all digital signature servers configured as non-central servers in the digital certificate synchronization system.
Specifically, since it is determined in the previous step that the restarted digital signature server and the other digital signature servers configured as the central servers in the digital certificate synchronization system all fail to synchronize or it cannot be determined according to the query result that any one of the other digital signature servers configured as the central servers in the digital certificate synchronization system is in a normal service state, it can be determined that no other digital signature server configured as the central server in the digital certificate synchronization system can successfully synchronize with the restarted digital signature server, so that the restarted digital signature server and all digital signature servers configured as non-central servers in the digital certificate synchronization system sequentially perform digital certificate increment synchronization, and it is ensured that the restarted digital signature server can include digital certificates on all digital signature servers configured as non-central servers in the digital certificate synchronization system, thereby ensuring the consistency and reliability of the digital certificate on the restarted digital signature server.
308. And the restarted digital signature server performs digital certificate increment synchronization with other digital signature servers which are configured as central servers and are in normal service states in the digital certificate synchronization system.
Specifically, step 202 in the above embodiment is referred to in the step of performing digital certificate increment synchronization between the restarted digital signature server and other digital signature servers in the digital certificate synchronization system, which are configured as central servers and are in a normal service state, and is not described herein again.
309. And judging whether the digital signature servers configured as the central server in the digital certificate synchronization system are in a synchronization state.
When all the digital signature servers configured as the central server in the digital certificate synchronization system are in a synchronization state, step 310 is performed.
When all the other digital signature servers configured as the central server in the digital certificate synchronization system are in the synchronization state, step 313 is executed.
310. Regularly inquiring whether the state of a digital signature server configured as a central server in the digital certificate synchronization system is a normal service state or not at intervals of a second time threshold
Specifically, when all digital signature servers configured as the central server in the digital certificate synchronization system are in a synchronization state, it is necessary to perform digital certificate synchronization with a restarted digital signature server when any digital signature server configured as the central server in the digital certificate synchronization system ends in the synchronization state and is in a normal service state. The timing query with the second time threshold as the interval can timely acquire the information that the digital signature server is no longer in the synchronization state but in the normal service state, and simultaneously reduce the resource consumed for querying the digital signature server state configured as the central server in the digital certificate synchronization system as much as possible.
When the number of times of querying is excessive, such as exceeding a predetermined query number threshold, or the time of querying is too long, such as exceeding a predetermined query time threshold, it may be considered that it is not possible to determine that any digital signature server configured as a central server in the digital certificate synchronization system is in a normal service state according to the query result.
When it is determined that any one of the digital signature servers configured as the central server in the digital certificate synchronization system is in a normal service state according to the query result, step 311 is performed.
When it cannot be determined from the query result that any digital signature server configured as the central server in the digital certificate synchronization system is in a normal service state, step 312 is executed.
311. The restarted digital signature server and the digital signature server which is configured as a central server and is in a normal service state in the digital certificate synchronization system carry out the full synchronization of the digital certificate
Specifically, since it is determined in step 310 that the digital certificate synchronization system includes the digital signature server configured as the central server and in the normal service state, the restarted digital signature server performs the full digital certificate synchronization with the digital signature server, and the step of performing the full digital certificate synchronization specifically refers to step 203 in the foregoing embodiment, which is not described herein again.
312. The restarted digital signature server waits for a synchronization instruction.
Specifically, since it is determined in the previous step that both the restarted digital signature server and the digital signature server configured as the central server in the digital certificate synchronization system fail to synchronize, or it cannot be determined according to the query result that any digital signature server configured as the central server in the digital certificate synchronization system is in a normal service state, it can be determined that there is no digital signature server configured as the central server in the digital certificate synchronization system that can successfully synchronize with the restarted digital signature server, and meanwhile, since the restarted digital signature server is a non-central server, the priority of the restarted digital signature server is not very high when performing digital certificate synchronization, it may not be necessary to perform digital certificate synchronization with other non-central servers at the first time, and thus a specific synchronization instruction is waited.
When the synchronization instruction is a signature verification request, step 314 is performed.
When the synchronization instruction is a synchronization instruction sent by a digital signature server configured as a central server in the digital certificate synchronization system, step 315 is executed.
314. And the restarted digital signature server inquires corresponding digital certificates on other digital signature servers configured as non-central servers in the digital certificate synchronization system according to the digital certificate identification in the signature verification request, and synchronizes the corresponding digital certificates to the digital signature server.
Specifically, the signature verification request may be a signature verification request sent by the user equipment to the restarted digital signature server, where the signature verification request may include a digital certificate identifier, and the digital certificate identifier is used to indicate a uniquely corresponding digital certificate.
When the synchronous instruction received by the restarted digital signature server is a signature verification request, the restarted digital signature server inquires corresponding digital certificates on other digital signature servers configured as non-central servers in the digital certificate synchronization system according to the digital certificate identification in the signature verification request, and synchronizes the corresponding digital certificates to the digital signature server, so that resources consumed by digital certificate synchronization are reduced on the premise that the signature verification request can be responded according to the corresponding digital certificates.
315. And the restarted digital signature server performs digital certificate full synchronization with the digital signature server which sends the synchronization instruction and is configured as the central server.
The embodiment of the invention provides a digital certificate synchronization method, which is applied to a digital certificate synchronization system comprising at least two digital signature servers, when the digital signature server is restarted, acquiring the configured type of the restarted digital signature server, and when the digital signature server is configured as a central server, the restarted digital signature server is subjected to digital certificate increment synchronization with any other digital signature server configured as the central server in the digital certificate synchronization system when being restarted, therefore, the digital signature server and the digital signature server with higher reliability and higher digital certificate synchronization efficiency carry out digital certificate increment synchronization, so that the resources consumed by digital certificate synchronization are reduced as much as possible on the premise that the digital signature server is consistent with the digital certificate on the central server, and the digital certificate synchronization efficiency is improved; when the digital signature server is configured as a non-central server, the restarted digital signature server is enabled to perform digital certificate full synchronization with any digital signature server configured as a central server in the digital certificate synchronization system when being restarted, so that the digital signature server and the digital signature server with higher digital certificate correctness and higher digital certificate synchronization efficiency perform digital certificate full synchronization, resources consumed by digital certificate synchronization are reduced as much as possible on the premise that the restarted digital signature server is consistent with a digital certificate on the central server, and the digital certificate synchronization efficiency is improved. And when the digital signature server with better network condition and performance and higher reliability is in the synchronous state in the digital certificate synchronization system, the digital signature server is regularly inquired by taking the first time threshold value as an interval so as to timely acquire the information that the digital signature server is not in the synchronous state any more but in the normal service state, and resources consumed for inquiring the state of other digital signature servers configured as the central server in the digital certificate synchronization system are reduced as much as possible. When it is determined that a digital signature server with better network condition and performance and higher reliability in the digital certificate synchronization system cannot perform digital certificate synchronization with a restarted digital signature server, when the restarted digital signature server is a central server, the restarted digital signature server is controlled to sequentially perform digital certificate increment synchronization with all digital signature servers configured as non-central servers in the digital certificate synchronization system, and when the restarted digital signature server is a non-central server, corresponding synchronization is performed according to a synchronization instruction, so that resources consumed by digital certificate synchronization are reduced as much as possible on the premise that the consistency of digital certificates on the restarted digital signature server is guaranteed as much as possible, and the efficiency of digital certificate synchronization is improved. Therefore, the digital certificate synchronization method provided by the invention can control the restarted digital signature server and the digital signature server with better network condition and performance and higher reliability to carry out digital certificate synchronization according to the configured type of the digital signature server and the corresponding strategy, thereby reducing the resource and cost consumed by digital certificate synchronization, improving the efficiency of digital certificate synchronization and improving the user experience on the premise that the restarted digital signature server is consistent with the digital certificates on other digital signature servers in the digital certificate synchronization system.
As shown in fig. 4, an embodiment of the present invention provides a digital signature server 401, where the digital signature server 401 is configured as a central server, and includes:
a restart module 402 configured to perform digital certificate increment synchronization with any digital signature server configured as a central server in the digital certificate synchronization system when the digital signature server is restarted;
specifically, the digital signature server is located in a digital certificate synchronization system, the digital certificate synchronization system includes at least two digital signature servers, and the digital certificates issued by a unified CA authority are stored in the at least two digital signature servers.
The types of the digital signature servers include a central server and a non-central server, the digital signature server may be configured as the central server or the non-central server, and specifically, the digital signature server configured as the central server may be a digital signature server with better network status or performance in the digital certificate synchronization system, the downtime probability of the digital signature server configured as the central server is very small, the CA organization may preferentially update the digital certificate on the digital signature server configured as the central server when updating the digital certificate, and when the other digital signature servers perform digital certificate synchronization with the website signature server configured as the central server, the synchronization efficiency is higher and the consumed resources are less.
It should be noted that the digital certificate synchronization system should at least include two or more digital signature servers configured as the central server, so as to ensure that when one of the digital signature servers configured as the central server fails, the digital certificate synchronization system will not fail to synchronize the digital certificate due to the absence of the digital signature server configured as the central server that can normally operate.
Preferably, the digital certificate synchronization system comprises two digital signature servers configured as a central server. The complexity of the digital certificate synchronization system at this time may be 2NN! 8, the digital signature server configured as a central server is guaranteed not to be excessive.
When the restarted digital signature server is configured as a central server, performing digital certificate increment synchronization with any other digital signature server configured as the central server in the digital certificate synchronization system when the restarted digital signature server is restarted, wherein the digital certificate increment synchronization refers to comparing different parts of the digital certificate on the restarted digital signature server and any other digital signature server configured as the central server in the digital certificate synchronization system, and only synchronizing the different parts of the digital certificate to the restarted digital signature server, wherein the digital certificate on the restarted digital signature server is consistent with the digital certificate on any other digital signature server configured as the central server in the digital certificate synchronization system after the digital certificate increment synchronization is completed.
Because the restarted digital signature server is in a state of being down or otherwise unable to synchronize the digital certificate within a period of time before the restart is successful, the digital certificate which is changed within the period of time may not be updated on the restarted digital signature server correspondingly. The restarted digital signature server is a central server, so that the network condition and performance of the restarted digital signature server are better, the reliability is higher, the time of being in a state of being down or being incapable of synchronizing a digital certificate is possibly shorter, and the quantity of the digital certificate which cannot be updated correspondingly is possibly smaller, therefore, the restarted digital signature server and any one digital signature server which is configured as the central server in the digital certificate synchronization system are controlled, namely the digital signature server with higher reliability and higher digital certificate synchronization efficiency carries out digital certificate increment synchronization, so that the resources consumed by digital certificate synchronization are reduced as much as possible on the premise that the restarted digital signature server is consistent with the digital certificate on the central server, and the digital certificate synchronization efficiency is improved.
The embodiment of the invention provides a digital signature server which is configured as a central server and is applied to a digital certificate synchronization system comprising at least two digital signature servers, when the digital signature server is restarted, the restarted digital signature server is enabled to carry out digital certificate increment synchronization with any digital signature server configured as the central server in the digital certificate synchronization system when being restarted, so that the digital signature server is enabled to carry out digital certificate increment synchronization with the digital signature server with higher reliability and higher digital certificate synchronization efficiency, resources consumed by digital certificate synchronization are reduced as much as possible on the premise that the digital signature server is kept consistent with a digital certificate on the central server, and the digital certificate synchronization efficiency is improved; therefore, the digital signature server provided by the invention can synchronize the digital certificate with the digital signature server with better network condition and performance and higher reliability in the digital certificate synchronization system during restarting, so that the resource and cost consumed by digital certificate synchronization are reduced, the efficiency of digital certificate synchronization is improved and the user experience is improved on the premise that the restarted digital signature server is consistent with the digital certificates on other digital signature servers in the digital certificate synchronization system.
In particular, the restart module 402 is specifically configured to
When other digital signature servers configured as central servers in the digital certificate synchronization system are all in a synchronous state, regularly inquiring the states of the other digital signature servers configured as the central servers in the digital certificate synchronization system at intervals of a first time threshold;
and when any one digital signature server which is configured as the central server in the digital certificate synchronization system is determined to be in a normal service state according to the query result, performing digital certificate increment synchronization with other digital signature servers which are configured as the central server and are in the normal service state in the digital certificate synchronization system.
Specifically, the digital signature server may be in three states, including a normal service state, a synchronization state, and a downtime state, wherein as shown in the following table, when the digital signature server is in the normal service state, the digital signature server may perform signature verification, certificate uploading, certificate deletion, and certificate synchronization actions; when the digital signature server is in a normal synchronous state, the digital signature server can perform actions of signature verification, certificate uploading and certificate deletion, but cannot perform certificate synchronous action; when the digital signature server is in a down state, the digital signature server cannot perform any action of signature verification, certificate uploading, certificate deletion and certificate synchronization.
| Signature verification label | Uploading certificates | Deleting certificates | Certificate synchronization | |
| Normal service | √ | √ | √ | √ |
| Is synchronizing | √ | √ | √ | × |
| Downtime | × | × | × | × |
Specifically, when all the other digital signature servers configured as the central server in the digital certificate synchronization system are in the synchronous state, it is necessary to perform digital certificate synchronization with the restarted digital signature server when any one of the other digital signature servers configured as the central server in the digital certificate synchronization system is in the synchronous state and is in the normal service state. The information that the digital signature server is no longer in the synchronization state but in the normal service state can be timely obtained by regularly inquiring at intervals of the first time threshold, and resources consumed for inquiring the state of other digital signature servers configured as central servers in the digital certificate synchronization system are reduced as much as possible.
When the number of times of querying is excessive, such as exceeding a predetermined query number threshold, or the time of querying is too long, such as exceeding a predetermined query time threshold, it may be considered that it is not possible to determine that any digital signature server configured as a central server in the digital certificate synchronization system is in a normal service state according to the query result.
For the specific step of performing digital certificate increment synchronization, reference is made to the above embodiments, which are not described herein again.
In particular, the restart module 402 is further configured to:
when the digital signature server is restarted and the restarted digital signature server fails to synchronize with other digital signature servers configured as central servers in the digital certificate synchronization system, the digital signature servers and all digital signature servers configured as non-central servers in the digital certificate synchronization system sequentially perform digital certificate increment synchronization.
Specifically, since it is determined that the restarted digital signature server and the other digital signature servers configured as the central servers in the digital certificate synchronization system both fail to synchronize or it cannot be determined according to the query result that any one of the other digital signature servers configured as the central servers in the digital certificate synchronization system is in a normal service state, it can be determined that the digital signature server which is not configured as the central server in the digital certificate synchronization system can not successfully synchronize with the restarted digital signature server, so that the restarted digital signature server and all the digital signature servers configured as the non-central servers in the digital certificate synchronization system sequentially perform digital certificate increment synchronization, and it is ensured that the restarted digital signature server can include the digital certificates on all the digital signature servers configured as the non-central servers in the digital certificate synchronization system, thereby ensuring the consistency and reliability of the digital certificate on the restarted digital signature server.
The embodiment of the invention provides a digital signature server, which is configured as a central server and is positioned in a digital certificate synchronization system comprising at least two digital signature servers, when the digital signature server is restarted, the digital signature server and any other digital signature server configured as the central server in the digital certificate synchronization system carry out digital certificate increment synchronization, so that the digital signature server and the digital signature server with higher reliability and higher digital certificate synchronization efficiency carry out digital certificate increment synchronization, the digital signature server reduces resources consumed by digital certificate synchronization as much as possible on the premise of keeping the digital certificate on the central server consistent with the digital signature server, and the digital certificate synchronization efficiency is improved; and when the digital signature server with better network condition and performance and higher reliability is in the synchronous state in the digital certificate synchronization system, the digital signature server is regularly inquired by taking the first time threshold value as an interval so as to timely acquire the information that the digital signature server is not in the synchronous state any more but in the normal service state, and resources consumed for inquiring the state of other digital signature servers configured as the central server in the digital certificate synchronization system are reduced as much as possible. When it is determined that the digital signature server with better network condition and performance and higher reliability in the digital certificate synchronization system cannot perform digital certificate synchronization with the restarted digital signature server, the restarted digital signature server and all the digital signature servers configured as non-central servers in the digital certificate synchronization system are controlled to sequentially perform digital certificate increment synchronization, so that resources consumed by digital certificate synchronization are reduced as much as possible on the premise that the consistency of the digital certificates on the restarted digital signature servers is guaranteed as much as possible, and the efficiency of digital certificate synchronization is improved. Therefore, the digital signature server provided by the invention can synchronize the digital certificate with the digital signature server with better network condition and performance and higher reliability in the digital certificate synchronization system during restarting, so that the resource and cost consumed by digital certificate synchronization are reduced, the efficiency of digital certificate synchronization is improved and the user experience is improved on the premise that the restarted digital signature server is consistent with the digital certificates on other digital signature servers in the digital certificate synchronization system.
As shown in fig. 5, an embodiment of the present invention provides a digital signature server 501, where the digital signature server 501 is configured as a non-central server, and includes:
and the restarting module 502 is configured to perform full digital certificate synchronization with any digital signature server configured as a central server in the digital certificate synchronization system when the digital signature server 501 is restarted.
Specifically, the digital signature server is located in a digital certificate synchronization system, the digital certificate synchronization system includes at least two digital signature servers, and the digital certificates issued by a unified CA authority are stored in the at least two digital signature servers.
The types of the digital signature servers include a central server and a non-central server, the digital signature server may be configured as the central server or the non-central server, and specifically, the digital signature server configured as the central server may be a digital signature server with better network status or performance in the digital certificate synchronization system, the downtime probability of the digital signature server configured as the central server is very small, the CA organization may preferentially update the digital certificate on the digital signature server configured as the central server when updating the digital certificate, and when the other digital signature servers perform digital certificate synchronization with the website signature server configured as the central server, the synchronization efficiency is higher and the consumed resources are less.
It should be noted that the digital certificate synchronization system should at least include two or more digital signature servers configured as the central server, so as to ensure that when one of the digital signature servers configured as the central server fails, the digital certificate synchronization system will not fail to synchronize the digital certificate due to the absence of the digital signature server configured as the central server that can normally operate.
Preferably, the digital certificate synchronization system comprises two digital signature servers configured as a central server. The complexity of the digital certificate synchronization system at this time may be 2NN! 8, the digital signature server configured as a central server is guaranteed not to be excessive.
When the restarted digital signature server is configured as a non-central server, the restarted digital signature server performs digital certificate full synchronization with any digital signature server configured as a central server in the digital certificate synchronization system when being restarted, wherein the digital certificate full synchronization means that the restarted digital signature server synchronizes a digital certificate on any digital signature server configured as the central server in the digital certificate synchronization system to the restarted digital signature server at one time, and the digital certificate on the restarted digital signature server after the digital certificate increment synchronization is completed is consistent with the digital certificate on any digital signature server configured as the central server in the digital certificate synchronization system.
Because the restarted digital signature server is in a state of being down or otherwise unable to synchronize the digital certificate within a period of time before the restart is successful, the digital certificate which is changed within the period of time may not be updated on the digital signature server correspondingly. Because the restarted digital signature server is a non-central server, the restarted digital signature server has poorer network condition and performance and lower reliability compared with the digital signature server configured as the central server, the time of being in a state of being down or other states which can not synchronize the digital certificate can be longer, the number of the digital certificates which can not be updated correspondingly can be more, if the restarted digital signature server and any digital signature server configured as the central server in the digital certificate synchronization system are subjected to increment synchronization, more resources are consumed for comparing the digital certificate in the increment synchronization process, the efficiency of digital certificate synchronization is objectively reduced, and therefore the restarted digital signature server and any digital signature server configured as the central server in the digital certificate synchronization system are controlled, namely, the digital signature server with higher digital certificate correctness and higher digital certificate synchronization efficiency performs the full digital certificate synchronization, so that the resource consumed by the digital certificate synchronization is reduced as much as possible on the premise that the restarted digital signature server is consistent with the digital certificate on the central server, and the digital certificate synchronization efficiency is improved.
The embodiment of the invention provides a digital signature server, which is applied to a digital certificate synchronization system comprising at least two digital signature servers, wherein the digital signature server is configured as a non-central server, when the digital signature server is restarted, the restarted digital signature server and any digital signature server configured as the central server in the digital certificate synchronization system are enabled to carry out digital certificate full-quantity synchronization, so that the digital signature server and the digital signature server with higher digital certificate correctness and higher digital certificate synchronization efficiency are enabled to carry out digital certificate full-quantity synchronization, resources consumed by digital certificate synchronization are reduced as much as possible on the premise that the restarted digital signature server is consistent with a digital certificate on the central server, and the digital certificate synchronization efficiency is improved. Therefore, the digital signature server provided by the invention can synchronize the digital certificate with the digital signature server with better network condition and performance and higher reliability in the digital certificate synchronization system, so that the resource and cost consumed by digital certificate synchronization are reduced, the efficiency of digital certificate synchronization is improved and the user experience is improved on the premise that the restarted digital signature server is consistent with the digital certificates on other digital signature servers in the digital certificate synchronization system.
Specifically, the restart module 502 is specifically configured to:
when the digital signature servers configured as the central server in the digital certificate synchronization system are all in a synchronous state, regularly inquiring the state of the digital signature servers configured as the central server in the digital certificate synchronization system at intervals of a second time threshold;
and when any digital signature server configured as the central server in the digital certificate synchronization system is determined to be in a normal service state according to the query result, carrying out full digital certificate synchronization with the digital signature server configured as the central server in the digital certificate synchronization system and in the normal service state.
Specifically, the digital signature server may be in three states, including a normal service state, a synchronization state, and a downtime state, wherein as shown in the following table, when the digital signature server is in the normal service state, the digital signature server may perform signature verification, certificate uploading, certificate deletion, and certificate synchronization actions; when the digital signature server is in a normal synchronous state, the digital signature server can perform actions of signature verification, certificate uploading and certificate deletion, but cannot perform certificate synchronous action; when the digital signature server is in a down state, the digital signature server cannot perform any action of signature verification, certificate uploading, certificate deletion and certificate synchronization.
| Signature verification label | Uploading certificates | Deleting certificates | Certificate synchronization | |
| Normal service | √ | √ | √ | √ |
| Is synchronizing | √ | √ | √ | × |
| Downtime | × | × | × | × |
When the digital signature servers configured as the central server in the digital certificate synchronization system are all in the synchronization state, any digital signature server configured as the central server in the digital certificate synchronization system needs to perform digital certificate synchronization with the restarted digital signature server when the synchronization state is finished and the digital signature server is in the normal service state. The timing query with the second time threshold as the interval can timely acquire the information that the digital signature server is no longer in the synchronization state but in the normal service state, and simultaneously reduce the resource consumed for querying the digital signature server state configured as the central server in the digital certificate synchronization system as much as possible.
When the number of times of querying is excessive, such as exceeding a predetermined query number threshold, or the time of querying is too long, such as exceeding a predetermined query time threshold, it may be considered that it is not possible to determine that any digital signature server configured as a central server in the digital certificate synchronization system is in a normal service state according to the query result.
Since it is determined that the digital certificate synchronization system has the digital signature server configured as the central server and in the normal service state, the restarted digital signature server performs the full digital certificate synchronization with the digital signature server, and the step of performing the full digital certificate synchronization specifically refers to the above embodiments and is not described herein again.
In particular, the restart module 502 is further configured to:
when the digital signature server 501 is restarted and the digital signature server 501 fails to synchronize with a digital signature server configured as a central server in the digital certificate synchronization system, waiting for a synchronization instruction;
when the synchronization instruction is a signature verification request, inquiring corresponding digital certificates on other digital signature servers configured as non-central servers in the digital certificate synchronization system according to the digital certificate identification in the signature verification request, and synchronizing the corresponding digital certificates to the restarted digital signature servers;
when the synchronization instruction is a synchronization instruction sent by a digital signature server configured as a central server in the digital certificate synchronization system, carrying out digital certificate full synchronization with the digital signature server configured as the central server sending the synchronization instruction.
Specifically, since it is determined that both the restarted digital signature server and the digital signature server configured as the central server in the digital certificate synchronization system fail to synchronize, or it cannot be determined according to the query result that any one of the digital signature servers configured as the central server in the digital certificate synchronization system is in a normal service state, it can be determined that the digital signature server configured as the central server does not exist in the digital certificate synchronization system and can successfully synchronize with the restarted digital signature server, and meanwhile, since the restarted digital signature server 501 is a non-central server, the priority of the digital certificate synchronization is not high, and the digital certificate synchronization with other non-central servers at the first time may not be performed, so that a specific synchronization instruction is waited.
Specifically, the signature verification request may be a signature verification request sent by the user equipment to the restarted digital signature server, where the signature verification request may include a digital certificate identifier, and the digital certificate identifier is used to indicate a uniquely corresponding digital certificate.
When the synchronous instruction received by the restarted digital signature server is a signature verification request, the restarted digital signature server inquires corresponding digital certificates on other digital signature servers configured as non-central servers in the digital certificate synchronization system according to the digital certificate identification in the signature verification request, and synchronizes the corresponding digital certificates to the digital signature server, so that resources consumed by digital certificate synchronization are reduced on the premise that the signature verification request can be responded according to the corresponding digital certificates.
The embodiment of the invention provides a digital signature server, which is positioned in a digital certificate synchronization system comprising at least two digital signature servers, is configured as a non-central server, and when the digital signature server is restarted, the digital signature server and any digital signature server configured as the central server in the digital certificate synchronization system carry out digital certificate full-quantity synchronization, so that the digital signature server and the digital certificate server with higher correctness and higher digital certificate synchronization efficiency carry out digital certificate full-quantity synchronization, the restarted digital signature server reduces resources consumed by digital certificate synchronization as much as possible on the premise of keeping consistent with a digital certificate on the central server of the restarted digital signature server, and the digital certificate synchronization efficiency is improved. And when the digital signature server with better network condition and performance and higher reliability is in the synchronous state in the digital certificate synchronization system, the digital signature server is regularly inquired by taking the first time threshold value as an interval so as to timely acquire the information that the digital signature server is not in the synchronous state any more but in the normal service state, and resources consumed for inquiring the state of other digital signature servers configured as the central server in the digital certificate synchronization system are reduced as much as possible. When it is determined that the digital signature server with better network condition and performance and higher reliability in the digital certificate synchronization system cannot perform digital certificate synchronization with the restarted digital signature server, corresponding synchronization is performed according to the synchronization instruction, so that resources consumed by digital certificate synchronization are reduced as much as possible on the premise that the consistency of the digital certificate on the restarted digital signature server is guaranteed as much as possible, and the efficiency of digital certificate synchronization is improved. Therefore, the digital signature server provided by the invention can synchronize the digital certificate with the digital signature server with better network condition and performance and higher reliability in the digital certificate synchronization system during restarting, so that the resource and cost consumed by digital certificate synchronization are reduced, the efficiency of digital certificate synchronization is improved and the user experience is improved on the premise that the restarted digital signature server is consistent with the digital certificates on other digital signature servers in the digital certificate synchronization system.
As shown in fig. 6, an embodiment of the present invention provides a digital certificate synchronization system 601, which includes at least two digital signature servers, where the at least two digital signature servers include at least a digital signature server 602 configured as a central server provided in the above-mentioned embodiment and a digital signature server 603 configured as a non-central server provided in the above-mentioned embodiment.
Specifically, the digital certificate synchronization system includes at least two digital signature servers, and the digital certificates issued by the unified CA organization are stored in the at least two digital signature servers.
The types of the digital signature servers include a central server and a non-central server, the digital signature server may be configured as the central server or the non-central server, and specifically, the digital signature server configured as the central server may be a digital signature server with better network status or performance in the digital certificate synchronization system, the downtime probability of the digital signature server configured as the central server is very small, the CA organization may preferentially update the digital certificate on the digital signature server configured as the central server when updating the digital certificate, and when the other digital signature servers perform digital certificate synchronization with the website signature server configured as the central server, the synchronization efficiency is higher and the consumed resources are less.
It should be noted that the digital certificate synchronization system may include two or more digital signature servers configured as a central server, so as to ensure that when one of the digital signature servers configured as the central server fails, the digital certificate synchronization system does not fail to synchronize the digital certificate due to the absence of the digital signature server configured as the central server that is capable of working normally.
Preferably, the digital certificate synchronization system comprises two digital signature servers configured as a central server. The complexity of the digital certificate synchronization system at this time may be 2NN! 8, the digital signature server configured as a central server is guaranteed not to be excessive.
As shown in fig. 6, the digital certificate synchronization system 601 may be connected to a user device 605 through a network 604, the user may use the user device 605 to connect to the digital signature server 602 or the digital signature server 603 through the network 604, and send digital signature information of the user and a digital certificate identifier corresponding to the digital signature information to the digital signature server 602 or the digital signature server 603, where the digital certificate identifier may uniquely identify a corresponding digital certificate, the digital signature server 602 or the digital signature server 603 may query according to the digital certificate identifier to determine the corresponding digital certificate on the digital signature server 602 or the digital signature server 603, and verify whether the digital signature information of the user is correct according to the corresponding digital certificate, if the verification is successful, determine that the identity of the user is legal, and return corresponding confirmation information to the user device 605 through the network 604, if the authentication fails, corresponding authentication failure information is returned to the user equipment 605 through the network 604.
The embodiment of the invention provides a digital certificate synchronization system, which comprises at least two digital signature servers configured as a central server and a digital signature server configured as a non-central server, wherein when the digital signature server is restarted, the configured type of the restarted digital signature server is obtained, and when the digital signature server is configured as the central server, the restarted digital signature server and any one digital signature server configured as the central server in the digital certificate synchronization system are subjected to digital certificate increment synchronization when the restarted digital signature server is restarted, so that the digital signature server and the digital signature server with higher reliability and higher digital certificate synchronization efficiency are subjected to digital certificate increment synchronization, and the digital signature server is enabled to reduce the resources consumed by digital certificate synchronization as much as possible on the premise of keeping the digital certificate on the central server consistent with the digital certificate on the central server, the efficiency of digital certificate synchronization is improved; when the digital signature server is configured as a non-central server, the restarted digital signature server is enabled to perform full digital certificate synchronization with any digital signature server configured as a central server in the digital certificate synchronization system when being restarted, so that the digital signature server and the digital signature server with higher digital certificate correctness and higher digital certificate synchronization efficiency perform full digital certificate synchronization, resources consumed by digital certificate synchronization are reduced as much as possible on the premise that the restarted digital signature server is consistent with the digital certificate on the central server, and the digital certificate synchronization efficiency is improved. Therefore, the digital certificate synchronization system provided by the invention can control the restarted digital signature server and the digital signature server with better network condition and performance and higher reliability to carry out digital certificate synchronization according to the configured type of the digital signature server and the corresponding strategy, thereby reducing the resource and cost consumed by digital certificate synchronization, improving the efficiency of digital certificate synchronization and improving the user experience on the premise that the restarted digital signature server is consistent with the digital certificates on other digital signature servers in the digital certificate synchronization system.
It should be noted that, since the digital certificate synchronization information received by the digital signature server configured as the central server or the digital signature server configured as the non-central server provided in the embodiment of the present invention generally includes the local digital certificate synchronization information and the broadcast digital certificate synchronization information, in order to increase the digital certificate synchronization speed, different processors in the digital signature server configured as the central server or the digital signature server configured as the non-central server may perform corresponding processing according to different digital certificate synchronization information, respectively.
In the digital signature server configured as a central server provided in the embodiment of the present invention, the restart module 402 may be a processor, which may also be integrated into a certain processor of the first device for implementation, or may also be stored in a memory of the first device in the form of program code, and the certain processor of the first device calls and executes the above function of the restart module 402. The processor described herein may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement embodiments of the present invention.
Referring to fig. 7, an embodiment of the present invention provides a digital signature server 700, where the digital signature server 700 is configured as a central server in a digital certificate synchronization system and the digital signature server 700 is configured to implement the digital certificate synchronization method provided in the above embodiment, and the digital signature server 700 includes: a first processor 701, a second processor 702, a transceiver 703, a memory 704, and a bus 705; the first processor 701, the second processor 702, the transceiver 703 and the memory 704 are connected through the bus 705 to complete mutual communication;
the transceiver 703 is configured to receive the local digital certificate synchronization information and the broadcast digital certificate synchronization information, provide the local digital certificate synchronization information to the first processor 701, and provide the broadcast digital certificate synchronization information to the second processor 702.
The first processor 701 is configured to process local digital certificate synchronization information, where the local digital certificate synchronization information is used to indicate that a digital certificate on the digital signature server is synchronized, and the local digital certificate synchronization information does not need to be forwarded by the digital signature server to another digital signature server;
the second processor 702 is configured to process broadcast digital certificate synchronization information, which is used to instruct digital certificates on the digital signature server to be synchronized, and also to control the transceiver 703 to forward the broadcast digital certificate synchronization information in a broadcast manner, and the broadcast digital certificate synchronization information can also be used to instruct digital certificates on other digital signature servers in the digital certificate synchronization system to be synchronized.
Preferably, the local digital certificate synchronization information is sent for an application on the user equipment.
Here, the first processor 701 and the second processor 702 may be processors or may be a general term for a plurality of processing elements. For example, the processor may be a central processing unit CPU, or may be a specific integrated circuit ASIC, or one or more integrated circuits configured to implement embodiments of the present invention, such as: one or more microprocessors (digital signal processors, DSP for short), or one or more field programmable gate arrays (FPGA for short).
The memory 704 may be a storage device or a combination of storage elements, and is used for storing executable program codes or parameters, data, etc. required by the operation of the access network management device. The memory 704 may include a random-access memory (RAM), or may include a non-volatile memory (NVRAM), such as a disk memory or a Flash memory.
The bus 705 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an extended EISA (EISA) bus, or the like. The bus 705 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 7, but this is not intended to represent only one bus or type of bus.
In the digital signature server configured as a non-central server provided in the embodiment of the present invention, the restart module 502 may be a processor, which may also be integrated into a certain processor of the first device for implementation, or may also be stored in a memory of the first device in the form of program code, and the certain processor of the first device calls and executes the above function of the restart module 502. The processor described herein may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement embodiments of the present invention.
Referring to fig. 8, an embodiment of the present invention provides a digital signature server 800 and the digital signature server 800 is configured as a non-central server in a digital certificate synchronization system and the digital signature server 800 is configured to implement the digital certificate synchronization method provided in the above embodiment, and the digital signature server 800 may include: a processor 801, a transceiver 802, a memory 803, and a bus 804; the processor 801, the transceiver 802 and the memory 803 are connected through the bus 804 to complete mutual communication;
the transceiver 802 is configured to receive local digital certificate synchronization information and broadcast digital certificate synchronization information, and provide both the local digital certificate synchronization information and the broadcast digital certificate synchronization information to the processor 801.
The processor 801 is configured to process local digital certificate synchronization information and broadcast digital certificate synchronization information, where the local digital certificate synchronization information and the broadcast digital certificate synchronization information are both used to indicate that a digital certificate on the digital signature server is synchronized, and neither the local digital certificate synchronization information nor the broadcast digital certificate synchronization information needs to be forwarded by the digital signature server to another digital signature server;
the processor 801 may be a processor or a general term for a plurality of processing elements. For example, the processor may be a central processing unit CPU, or may be a specific integrated circuit ASIC, or one or more integrated circuits configured to implement embodiments of the present invention, such as: one or more microprocessors (digital signal processors, DSP for short), or one or more field programmable gate arrays (FPGA for short).
The memory 803 may be a storage device or a combination of storage elements, and is used for storing executable program codes or parameters, data, etc. required by the operation of the access network management device. The memory 803 may include a random-access memory (RAM), or may include a non-volatile memory (NVRAM), such as a disk memory or a Flash memory.
The bus 804 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an extended EISA (EISA) bus, or the like. The bus 805 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 8, but this is not intended to represent only one bus or type of bus.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the units is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (9)
1. A digital certificate synchronization method, which is applied to a digital certificate synchronization system including at least two digital signature servers, the method comprising:
when the digital signature server is restarted and the restarted digital signature server is configured as a central server, the restarted digital signature server performs digital certificate increment synchronization with any other digital signature server configured as the central server in the digital certificate synchronization system;
when the digital signature server is restarted and the restarted digital signature server is configured as a non-central server, the restarted digital signature server performs digital certificate full synchronization with any digital signature server configured as a central server in the digital certificate synchronization system; the central server is a digital signature server with good network condition or performance in the digital certificate synchronization system, and the non-central server is a digital signature server with poor network condition or performance in the digital certificate synchronization system;
when the digital signature server restarts, the digital signature server is configured as a non-central server, and the digital signature server fails to synchronize with the digital signature server configured as a central server in the digital certificate synchronization system, the restarted digital signature server waits for a synchronization instruction;
when the synchronous instruction is a signature verification request, the restarted digital signature server inquires corresponding digital certificates on other digital signature servers which are configured as non-central servers in the digital certificate synchronous system according to the digital certificate identification in the signature verification request, and synchronizes the corresponding digital certificates to the restarted digital signature server; the signature verification request is a signature verification request sent by the user equipment to the restarted digital signature server;
when the synchronization instruction is a synchronization instruction sent by a digital signature server configured as a central server in the digital certificate synchronization system, the restarted digital signature server performs digital certificate full synchronization with the digital signature server configured as the central server sending the synchronization instruction.
2. The digital certificate synchronization method of claim 1, wherein the restarting digital signature server performs digital certificate delta synchronization with other digital signature servers in the digital certificate synchronization system configured as a central server, comprising:
when other digital signature servers configured as central servers in the digital certificate synchronization system are determined to be in a synchronous state, the restarted digital signature server regularly inquires the states of the other digital signature servers configured as the central servers in the digital certificate synchronization system at intervals of a first time threshold;
and when any one digital signature server which is configured as a central server in the digital certificate synchronization system is determined to be in a normal service state according to the query result, performing digital certificate increment synchronization on the restarted digital signature server and other digital signature servers which are configured as central servers and are in the normal service state in the digital certificate synchronization system.
3. The digital certificate synchronization method of claim 1, further comprising:
when the digital signature server is restarted, the digital signature server is configured as a central server, and the restarted digital signature server and other digital signature servers configured as the central servers in the digital certificate synchronization system fail to synchronize, the digital signature server and all digital signature servers configured as non-central servers in the digital certificate synchronization system sequentially perform digital certificate increment synchronization.
4. The digital certificate synchronization method of claim 1, wherein the restarting digital signature server performs full digital certificate synchronization with a digital signature server configured as a central server in the digital certificate synchronization system, and comprises:
when the digital signature servers configured as the central servers in the digital certificate synchronization system are all in a synchronous state, the restarted digital signature servers regularly inquire the state of the digital signature servers configured as the central servers in the digital certificate synchronization system at intervals of a second time threshold;
and when any digital signature server configured as a central server in the digital certificate synchronization system is determined to be in a normal service state according to the query result, the restarted digital signature server and the digital signature server configured as the central server in the digital certificate synchronization system and in the normal service state perform digital certificate full-quantity synchronization.
5. A digital signature server, wherein the digital signature server is configured as a central server, the digital signature server comprising:
the restarting module is configured to perform digital certificate increment synchronization with any other digital signature server configured as a central server in the digital certificate synchronization system when the digital signature server is restarted;
when the digital signature server is restarted and the restarted digital signature server and other digital signature servers configured as central servers in the digital certificate synchronization system fail to synchronize, sequentially performing digital certificate increment synchronization with all digital signature servers configured as non-central servers in the digital certificate synchronization system; the central server is a digital signature server with good network condition or performance in the digital certificate synchronization system, and the non-central server is a digital signature server with poor network condition or performance in the digital certificate synchronization system.
6. The digital signature server of claim 5, wherein the restart module is specifically configured to
When other digital signature servers configured as central servers in the digital certificate synchronization system are determined to be in a synchronous state, regularly inquiring the states of the other digital signature servers configured as the central servers in the digital certificate synchronization system at intervals of a first time threshold;
and when any one digital signature server which is configured as a central server in the digital certificate synchronization system is determined to be in a normal service state according to the query result, performing digital certificate increment synchronization with other digital signature servers which are configured as central servers and are in a normal service state in the digital certificate synchronization system.
7. A digital signature server, wherein the digital signature server is configured as a non-central server, the digital signature server comprising:
the restarting module is configured to perform digital certificate full-scale synchronization with any digital signature server configured as a central server in a digital certificate synchronization system when the digital signature server is restarted;
when the digital signature server is restarted and the digital signature server fails to synchronize with a digital signature server configured as a central server in the digital certificate synchronization system, waiting for a synchronization instruction;
when the synchronization instruction is a signature verification request, inquiring corresponding digital certificates on other digital signature servers configured as non-central servers in the digital certificate synchronization system according to the digital certificate identification in the signature verification request, and synchronizing the corresponding digital certificates to a restarted digital signature server; the signature verification request is a signature verification request sent by the user equipment to the restarted digital signature server; the central server is a digital signature server with good network condition or performance in the digital certificate synchronization system, and the non-central server is a digital signature server with poor network condition or performance in the digital certificate synchronization system;
when the synchronization instruction is a synchronization instruction sent by a digital signature server configured as a central server in the digital certificate synchronization system, performing digital certificate full synchronization with the digital signature server configured as the central server sending the synchronization instruction.
8. The digital signature server as claimed in claim 7, wherein the restart module is specifically configured to:
when the digital signature servers configured as the central servers in the digital certificate synchronization system are all in a synchronous state, regularly inquiring the state of the digital signature servers configured as the central servers in the digital certificate synchronization system at intervals of a second time threshold;
and when determining that any digital signature server configured as a central server in the digital certificate synchronization system is in a normal service state according to the query result, performing full digital certificate synchronization with the digital signature server configured as the central server in the digital certificate synchronization system and in the normal service state.
9. A digital certificate synchronization system comprising at least two digital signature servers including at least a digital signature server configured as a central server as claimed in any one of claims 5 to 6 and a digital signature server configured as a non-central server as claimed in any one of claims 7 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610798642.XA CN106330945B (en) | 2016-08-31 | 2016-08-31 | Digital certificate synchronization method, digital signature server and digital certificate synchronization system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610798642.XA CN106330945B (en) | 2016-08-31 | 2016-08-31 | Digital certificate synchronization method, digital signature server and digital certificate synchronization system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106330945A CN106330945A (en) | 2017-01-11 |
| CN106330945B true CN106330945B (en) | 2020-04-24 |
Family
ID=57787411
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610798642.XA Active CN106330945B (en) | 2016-08-31 | 2016-08-31 | Digital certificate synchronization method, digital signature server and digital certificate synchronization system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106330945B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102662793A (en) * | 2012-03-07 | 2012-09-12 | 江苏引跑网络科技有限公司 | Hot backup and recovery method of distributed database with guarantee of data consistency |
| CN102831038A (en) * | 2011-06-17 | 2012-12-19 | 中兴通讯股份有限公司 | Disaster tolerance method for ENUM-DNS (Telephone Number Mapping-Domain Name System) and ENUM-DNS |
| CN103853630A (en) * | 2012-11-30 | 2014-06-11 | 大连宏宇科技有限公司 | Backing-up and restoring system |
| CN105354108A (en) * | 2014-08-22 | 2016-02-24 | 中兴通讯股份有限公司 | Data backup method and node |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110078332A1 (en) * | 2009-09-25 | 2011-03-31 | Poon Roger J | Method of synchronizing information across multiple computing devices |
| US20150019871A1 (en) * | 2013-07-10 | 2015-01-15 | Transcend Information, Inc. | Certification method and electronic device |
| US9390281B2 (en) * | 2013-12-30 | 2016-07-12 | Open Invention Network, Llc | Protecting data in insecure cloud storage |
-
2016
- 2016-08-31 CN CN201610798642.XA patent/CN106330945B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102831038A (en) * | 2011-06-17 | 2012-12-19 | 中兴通讯股份有限公司 | Disaster tolerance method for ENUM-DNS (Telephone Number Mapping-Domain Name System) and ENUM-DNS |
| CN102662793A (en) * | 2012-03-07 | 2012-09-12 | 江苏引跑网络科技有限公司 | Hot backup and recovery method of distributed database with guarantee of data consistency |
| CN103853630A (en) * | 2012-11-30 | 2014-06-11 | 大连宏宇科技有限公司 | Backing-up and restoring system |
| CN105354108A (en) * | 2014-08-22 | 2016-02-24 | 中兴通讯股份有限公司 | Data backup method and node |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106330945A (en) | 2017-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6882474B2 (en) | Systems and methods for detecting replay attacks | |
| JP3617997B2 (en) | Data update method | |
| US20160321745A1 (en) | Account binding processing method, apparatus and system | |
| CN109981646B (en) | Resource transfer method and device based on block chain and electronic equipment | |
| JP2022504353A (en) | Blockchain Timestamp Agreement | |
| CN107766080B (en) | Transaction message processing method, device, equipment and system | |
| WO2011082995A1 (en) | Automatically synchronizing new contacts across multiple social networking sites | |
| US20140089156A1 (en) | Addresses in financial systems | |
| CN111698315B (en) | Data processing method and device for block and computer equipment | |
| US9264414B2 (en) | Retry and snapshot enabled cross-platform synchronized communication queue | |
| CN112437936A (en) | Point-to-point transfer of accounts | |
| CN110912893B (en) | Account number merging method | |
| US20210092111A1 (en) | Network traffic distribution using certificate scanning in agent-based architecture | |
| CN111125778A (en) | Copyright transaction information processing method and device | |
| CN112291372A (en) | Asynchronous posting method, device, medium and electronic equipment for block chain | |
| CN110941840B (en) | Data processing method, system and terminal | |
| CN113179282A (en) | Method and device for merging account numbers and server | |
| CN113506112A (en) | Receivable account right confirming method and device and electronic equipment | |
| CN113205340A (en) | Data processing method and related device for bank-enterprise direct connection platform | |
| CN110262892B (en) | Ticket issuing method and device based on distributed storage data chain and data chain node | |
| CN112287311A (en) | Service implementation method and device based on block chain | |
| CN106330945B (en) | Digital certificate synchronization method, digital signature server and digital certificate synchronization system | |
| CN107730380B (en) | Method, system and server for processing joint account | |
| US20220350815A1 (en) | Systems and methods for data format conversion | |
| CN106130740B (en) | Digital certificate synchronous method, digital signature server and digital certificate synchronization system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100093 Haidian District, Haidian District, Beijing, No. 23, No. 2, No. 1001 Applicant after: Beijing Xin'an century Polytron Technologies Inc Address before: 100052 Beijing city Xicheng District Xuanwu Gate Street No. 1 C block 4 layer center global wealth Applicant before: Beijing Infosec Technologies Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |