Summary of the invention
In view of the above technical problems, this specification embodiment provides a kind of key message maintaining method and system, technical side
Case is as follows:
A kind of key message maintaining method is applied to key message maintenance system, and the system comprises the offers of multiple information
Client, an information management service end and the Information application end for being subordinated to the information management service end, any letter
Breath provides client and pre-generates public key and private key, and by own public key notification management server end, information management service end is pre-
Public key and private key are first generated, provides own public key informing any information to client, this method comprises:
Information provides information editing's request that client receives user's input, using information management service end public key to described
Information editing's request encrypts, and is digitally signed using own private key to information editing request;
Information provides client will be by encryption and the request of the information editing Jing Guo digital signature and the information
The corresponding information of the key message to be edited that edit requests are directed to provides client identification and is sent to information management service end;
Information management service end, which is searched, provides the information offer client public key that client identification matches with the information,
Utilize found information provide client public key to by encryption and the information editing Jing Guo digital signature request into
Row digital signature authentication is solved using own private key to by encryption and the request of the information editing Jing Guo digital signature
It is close;
If the digital label of progress are requested to by encryption and the information editing Jing Guo digital signature in information management service end
Name is proved to be successful and successful decryption, will pass through the information decrypted and pass through digital signature authentication according to preset transformation rule
Edit requests are converted to Semantic Actions and execute instruction, and the Semantic Actions are executed instruction and are distributed to Information application end;
Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions, according to the semanteme
Movement, which executes instruction, safeguards key message to be edited.
A kind of key message maintaining method is applied to information and provides client, this method comprises:
Receive information editing's request of user's input;
Information editing request is encrypted using information management service end public key, using own private key to the letter
Breath edit requests are digitally signed;
By what is be directed to by encryption and the request of the information editing Jing Guo digital signature and information editing request
The corresponding information of key message to be edited provides client identification and is sent to information management service end, so that information management service end
It searches and provides the information offer client public key that client identification matches with the information, found information is utilized to provide
Client public key is digitally signed verifying to by encryption and the request of the information editing Jing Guo digital signature, utilizes itself
Private key is decrypted to by encryption and the request of the information editing Jing Guo digital signature, if to by encrypting and by number
The information editing request of signature, which is digitally signed, to be proved to be successful and successful decryption, will be passed through according to preset transformation rule
Decryption and the information editing request for passing through digital signature authentication are converted to Semantic Actions and execute instruction, by the Semantic Actions
It executes instruction and is distributed to Information application end.
A kind of key message maintaining method is applied to information management service end, this method comprises:
It receives information and the information editing's request and information by encrypting and Jing Guo digital signature that client is sent is provided
The corresponding information of the key message to be edited that edit requests are directed to provides client identification;
It searches and provides the information offer client public key that client identification matches with the information;
It utilizes found information to provide client public key to compile to by encryption and the information Jing Guo digital signature
It collects request and is digitally signed verifying;
It is decrypted using own private key to by encryption and the request of the information editing Jing Guo digital signature;
If being digitally signed to by encryption and the request of the information editing Jing Guo digital signature and being proved to be successful and solve
Close success, will be by decrypting and being converted to by the information editing of digital signature authentication request according to preset transformation rule
Semantic Actions execute instruction;
The Semantic Actions are executed instruction and are distributed to Information application end, so that Information application end is determining dynamic with the semanteme
Corresponding key message to be edited is executed instruction, is executed instruction according to the Semantic Actions and key message to be edited is tieed up
Shield.
A kind of key message maintaining method is applied to Information application end, this method comprises:
The Semantic Actions that information management service end issues are received to execute instruction;
It determines and executes instruction corresponding key message to be edited with the Semantic Actions;
It is executed instruction according to the Semantic Actions and key message to be edited is safeguarded.
A kind of key message maintenance system, the system comprises:
Multiple information provide client, an information management service end and the letter for being subordinated to the information management service end
Application end is ceased, any information provides client and pre-generates public key and private key, by own public key notification management service
End, information management service end pre-generate public key and private key, provide own public key informing any information to client;
Information provides information editing's request that client receives user's input, using information management service end public key to described
Information editing's request encrypts, and is digitally signed using own private key to information editing request;
Information provides client will be by encryption and the request of the information editing Jing Guo digital signature and the information
The corresponding information of the key message to be edited that edit requests are directed to provides client identification and is sent to information management service end;
Information management service end, which is searched, provides the information offer client public key that client identification matches with the information,
Utilize found information provide client public key to by encryption and the information editing Jing Guo digital signature request into
Row digital signature authentication is solved using own private key to by encryption and the request of the information editing Jing Guo digital signature
It is close;
If the digital label of progress are requested to by encryption and the information editing Jing Guo digital signature in information management service end
Name is proved to be successful and successful decryption, will pass through the information decrypted and pass through digital signature authentication according to preset transformation rule
Edit requests are converted to Semantic Actions and execute instruction, and the Semantic Actions are executed instruction and are distributed to Information application end;
Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions, according to the semanteme
Movement, which executes instruction, safeguards key message to be edited.
A kind of key message maintenance device is applied to information and provides client, which includes:
Request receiving module, for receiving information editing's request of user's input;
It endorses module, for being encrypted using information management service end public key to information editing request, benefit
Information editing request is digitally signed with own private key;
Sending module, information editing request and the information for encryption will to be passed through and Jing Guo digital signature
The corresponding information of the key message to be edited that edit requests are directed to provides client identification and is sent to information management service end, so that
Information management service end, which is searched, to be provided the information that matches of client identification with the information and provides client public key, using being looked into
The information found, which provides client public key, requests the digital label of progress to by encryption and the information editing Jing Guo digital signature
Name verifying is decrypted, if to warp to by encryption and the request of the information editing Jing Guo digital signature using own private key
It crosses encryption and the information editing request Jing Guo digital signature is digitally signed and is proved to be successful and successful decryption, according to presetting
Transformation rule by decryption and Semantic Actions execution will be converted to by the information editing of digital signature authentication request refer to
It enables, the Semantic Actions is executed instruction and are distributed to Information application end.
A kind of key message maintenance device, is applied to information management service end, which includes:
Receiving module provides the information editing by encrypting and Jing Guo digital signature that client is sent for receiving information
The corresponding information of key message to be edited that request and information editing's request are directed to provides client identification;
Public key lookup module provides the information offer client public affairs that client identification matches with the information for searching
Key;
Sign test module, for utilizing found information to provide client public key to by encrypting and by digital signature
The information editing request be digitally signed verifying;
Deciphering module, for using own private key to by encryption and the information editing Jing Guo digital signature request into
Row decryption;
Conversion module, if for being digitally signed to by encryption and the request of the information editing Jing Guo digital signature
It is proved to be successful and successful decryption, it will be by decrypting and being compiled by the information of digital signature authentication according to preset transformation rule
Volume request is converted to Semantic Actions and executes instruction;
Distribution module is instructed, Information application end is distributed to for executing instruction the Semantic Actions, so that Information application
End, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions, is executed instruction and is treated according to the Semantic Actions
Editor's key message is safeguarded.
A kind of key message maintenance device, is applied to Information application end, which includes:
Command reception module is executed instruction for receiving the Semantic Actions that information management service end issues;
Information determination module executes instruction corresponding key message to be edited with the Semantic Actions for determining;
Maintenance of information module safeguards key message to be edited for being executed instruction according to the Semantic Actions.
Technical solution provided by this specification embodiment by using the encryption and decryption based on Asymmetric encryption and adds
The identification authentication mechanism of sign test is signed, concurrent maintenance and can only safeguard oneself exclusive key message with determining multiple role securities.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
This specification embodiment can be limited.
In addition, any embodiment in this specification embodiment does not need to reach above-mentioned whole effects.
Specific embodiment
Currently in some mechanisms, it will usually there are some key messages to be responsible for management by the mechanism, and by with the mechanism
Multiple cooperative institutions of cooperation safeguard that each cooperative institution exists simultaneously the need edited to oneself exclusive key message jointly
It asks.By taking key message is user's white list as an example, some payment mechanisms (subsequent for convenience, claims clothes where payment mechanism
Business end be information management service end) it needs (subsequent for convenience, to claim cooperative institution's place client for each cooperative institution
Client is provided for information) configuration user information white list, user information white list is safeguarded jointly by each cooperative institution, unified
It is managed by the payment mechanism, the Information application end of information management service end subordinate is uniformly stored in, so as to subsequent in information
The direction splitter of the channels such as each cooperative institution of application end contracted, paid, reimbursement, inquiry.Since each cooperative institution deposits
In the demand edited to oneself exclusive key message, the payment mechanism by the editing authority of user information white list transfer to
There are the user of editing authority, users can carry out to the user information white list of oneself affiliated cooperative institution for each cooperative institution
Editor, while the payment mechanism needs that user is avoided to edit the user information white list of other cooperative institutions.Based on this,
It is badly in need of a kind of for multiple role securities concurrent maintenance and can only safeguards the technical solution of oneself exclusive key message.
In view of the above-mentioned problems, this specification embodiment provides a kind of technical solution, by using based on unsymmetrical key body
The encryption and decryption of system and the identification authentication mechanism of sign test of endorsing concurrent maintenance and can only safeguard oneself specially with determining multiple role securities
Belong to key message.
Specifically, this illustrates that the technical solution that embodiment provides is as follows:
Information provides information editing's request that client receives user's input, using information management service end public key to described
Information editing's request encrypts, and is digitally signed using own private key to information editing request;Information provides client
End will be directed to be edited by encryption and the request of the information editing Jing Guo digital signature and information editing request
The corresponding information of key message provides client identification and is sent to information management service end;Information management service end search with it is described
Information provides the information that client identification matches and provides client public key, and found information is utilized to provide client public key
It is digitally signed verifying to by encryption and the request of the information editing Jing Guo digital signature, using own private key to process
It encrypts and the information editing request Jing Guo digital signature is decrypted;If information management service end is to by encrypting and passing through
The information editing request of digital signature, which is digitally signed, to be proved to be successful and successful decryption, will according to preset transformation rule
It is executed instruction by decrypting and being converted to Semantic Actions by the information editing of digital signature authentication request, by the semanteme
Movement, which executes instruction, is distributed to Information application end;The determination of Information application end executes instruction corresponding to be edited with the Semantic Actions
Key message is executed instruction according to the Semantic Actions and is safeguarded to key message to be edited.
In the present specification, including multiple information provide client, an information management service end and are subordinated to the letter
Cease management server end Information application end, wherein information provide client, Information application end, information management service end three company
Relation schematic diagram is connect as shown in Figure 1, the Information application end for being subordinated to the information management service end can in this specification embodiment
Think one or more.Any information provides client and is based on the pre-generated public key of Asymmetric encryption and private key, appoints
One information provides client and own public key notification management server end will record this in this side of information management service end
The corresponding information of public key provides client identification, and information management service end is equally based on Asymmetric encryption and pre-generates public key
And private key, provide own public key informing any information to client.In this way, which any information, which provides client, can learn letter
Management server end public key is ceased, information management service end can learn that any information provides client public key.
In order to make those skilled in the art more fully understand the technical solution in this specification embodiment, below in conjunction with this
Attached drawing in specification embodiment is described in detail the technical solution in this specification embodiment, it is clear that described
Embodiment is only a part of the embodiment of this specification, instead of all the embodiments.The embodiment of base in this manual,
Those of ordinary skill in the art's every other embodiment obtained, all should belong to the range of protection.
As shown in Fig. 2, being the interaction flow schematic diagram of this specification embodiment key message maintaining method, this method is specific
It may comprise steps of:
S201, information provide information editing's request that client receives user's input;
Information provides client and veritifies to user identity, and specific implementation, which can be, veritifies account password, face
Identification etc., this specification embodiment is not construed as limiting this.
After user identity veritification passes through, user can provide client with logon information, can then provide information to visitor
Family end inputs information editing's request, and information provides information editing's request that client receives user's input, information editing request
In can carry pending edit instruction, such as increase, modification, edit instructions and the pending information editing such as delete
Instruct the object being directed to, i.e., key message to be edited, such as a data A1.1 in user information white list in list item A1.Separately
When the outer pending edit instruction is modification instruction, can also additionally it be carried and key message to be edited in information editing's request
Corresponding edited key message, such as A1.1a.
S202, information are provided client and are encrypted using information management service end public key to information editing request,
Information editing request is digitally signed using own private key;
There is provided client institute received information editing's request for information in S201, information provides client and utilizes message tube
Reason server-side public key encrypts information editing request, and it is non-that the Encryption Algorithm specifically used can be RSA, Elgamal etc.
Symmetric encipherment algorithm can also be other rivest, shamir, adelmans, rivest, shamir, adelman of this specification embodiment to use
It is not construed as limiting, can be any one current rivest, shamir, adelman.
In addition to this, information is provided client and also needs to be requested using own private key the information editing to carry out digital label
Name, that is, endorse.
It is worth noting that, above-mentioned encryption, the execution sequencing this specification endorsed are not limited thereto.In this explanation
In one embodiment of book, information is provided client and is encrypted using information management service end public key to information editing request, together
Shi Liyong own private key is digitally signed information editing request, and such information editing requests by encryption, can be true
Breath edit requests information-preserving will not be maliciously tampered, and information editing requests by endorsing, it can be ensured that user only edits oneself specially
Belong to key message.
S203, information provide client and will request by encryption and the information editing Jing Guo digital signature, Yi Jisuo
The corresponding information offer client identification of key message to be edited that information editing's request is directed to is provided and is sent to information management service
End;
Information editing is requested after encryption and endorsing above-mentioned, will be asked by encryption, the information editing to endorse
It asks and is sent to information management service end.
In addition to this, information provides client and also needs information editing requesting the corresponding letter of key message to be edited being directed to
Breath provides client identification and is sent to information management service end.
For example, user is the operator a under mechanism A, operator a modifies the key message under mechanism A, then information editing asks
Asking the corresponding information of the key message to be edited being directed to provide client identification is A, information editing's request is directed to be edited
The corresponding information of key message provides client identification A and is sent to information management service end.
In another example user is the operator a under mechanism A, operator a modifies the key message under mechanism B, then information editing
Requesting the corresponding information of the key message to be edited that is directed to provide client identification is B, information editing's request be directed to wait compile
The corresponding information offer client identification B of key message is provided and is sent to information management service end.
It can be seen from the above, information, which provides client, requests information editing the corresponding information of key message to be edited being directed to
Client identification is provided and is sent to information management service end, information provide the information that client is sent client identification is provided can be with
It is consistent or inconsistent that client self identification is provided with information.
The corresponding information of key message to be edited that wherein information editing request is directed to, which provides client identification, can be
The mark that user is actively entered is also possible to information and provides the crucial letter to be edited that client is directed to according to information editing request
Breath, the mark corresponding with key message to be edited obtained to information management service end, this specification embodiment do not limit this
It is fixed.
S204, information management service end, which is searched, provides the information offer client that client identification matches with the information
Public key utilizes found information to provide client public key and asks to by encryption and the information editing Jing Guo digital signature
It asks and is digitally signed verifying, request to carry out to by encryption and the information editing Jing Guo digital signature using own private key
Decryption;
Information management service termination collection of letters breath provides the information by encrypting and Jing Guo digital signature that client is sent and compiles
It collects the key message to be edited corresponding information that request and information editing request are directed to and client identification, message tube is provided
The operation such as sign test is decrypted to by encryption and the request of the information editing Jing Guo digital signature in reason server-side, specific as follows:
Information management service end, which is searched, provides the information offer client public key that client identification matches with information, utilizes
The information found provides client public key, requests the digital label of progress to by encryption and the information editing Jing Guo digital signature
Name verifying, i.e. sign test are decrypted using own private key to by encryption and the request of the information editing Jing Guo digital signature.
Here, it searches and provides the information that matches of client identification with information client public key is provided, using being found
Information client public key is provided, request to be digitally signed verifying to by encryption and information editing Jing Guo digital signature,
It is in order to ensure user safeguards oneself exclusive key message.For example, user is the operator a, operator a under mechanism A
The key message under mechanism A is modified, then it is A that information, which provides client identification, and providing client identification A according to the information can look into
It finds the information to match and client public key is provided, provide client public key to by encrypting and by number label using the information
Name information editing request be digitally signed verifying, can with sign test successfully, it is subsequent can be to the exclusive key message under mechanism A
It is safeguarded.In another example user is the operator a under mechanism A, operator a modifies the key message under mechanism B, then information provides
Client identification is B, and the information offer client public key to match can be found by providing client identification B according to the information,
Client public key is provided using the information to be digitally signed and test to by encryption and the request of the information editing Jing Guo digital signature
Card, sign test failure, prevents operator a from safeguarding the key message under mechanism B.
Wherein, in this specification embodiment, the execution sequence of above-mentioned decryption, sign test operation is not construed as limiting.In this theory
In bright one embodiment of book, information management service end, which is searched, provides the public key that matches of client identification with information, using being searched
The information arrived provides client public key, encrypts to the process and information editing's request Jing Guo digital signature is digitally signed and tests
Card is proved to be successful, information management clothes if information editing's request to process encryption and Jing Guo digital signature is digitally signed
Business end encrypts process using own private key and information editing Jing Guo digital signature requests to be decrypted, otherwise without using
Own private key encrypts the process and information editing's request Jing Guo digital signature is decrypted.
In addition, if information editing's request to process encryption and Jing Guo digital signature is digitally signed authentication failed,
Or decryption failure is requested by encryption and the information editing Jing Guo digital signature to this, information management service end provides information to
Client sends key message and safeguards failure notification, and failure cause is back to information and provides client.
S205, if information management service end is counted to by encryption and the request of the information editing Jing Guo digital signature
Word signature verification success and successful decryption, will be by decrypting and by described in digital signature authentication according to preset transformation rule
Information editing's request is converted to Semantic Actions and executes instruction;
It is above-mentioned to be decrypted by encryption and the request of the information editing Jing Guo digital signature, sign test whole successes
Afterwards, information management service end can will be converted to Semantic Actions by decrypting and requesting by the information editing of digital signature authentication
It executes instruction, it is a kind of interactive mode of this specification based on semantical definition that Semantic Actions, which execute instruction, i.e., will be believed based on semantic
Breath edit requests are converted to several movements and execute instruction.For example, an information editing requests the information such as the following table 1 institute carried
Show:
Operator |
Institutional affiliation |
Edit instruction |
Object |
Edited object |
a |
A |
Modification |
A1.1 |
A1.1a |
Table 1
It is executed instruction as follows by the Semantic Actions that above- mentioned information edit requests are converted:
1, the operator a for being subordinated to mechanism A executes operation in 10:00;
2, the data A1.1 in key message list item A is deleted in part;
3, the data A1.1a in the newly-increased key message list item A in part.
Form Semantic Actions by above-mentioned three parts and execute instruction (modification be divided into deletion and newly-increased two parts), by it is above-mentioned can be with
Find out that by information editing's request be that several movements execute instruction based on semantic conversion.
The Semantic Actions are executed instruction and are distributed to Information application end by S206, information management service end.
It is executed instruction for Semantic Actions obtained in S205, in this specification embodiment, information management service end can
To be distributed to Information application end at once.
User frequently edits the problems such as network blockage caused by oneself exclusive key message in order to prevent, in information management
This side of server-side can periodically summarize Semantic Actions instruction and be distributed to Information application end, specifically: it information management service end will
The Semantic Actions, which execute instruction, to be stored, and recording the state that the Semantic Actions execute instruction is to be not carried out, information management clothes
End be engaged according to preset release cycle, obtains the Semantic Actions being not carried out stored and executes instruction, information management service end will
The Semantic Actions being not carried out stored obtained, which execute instruction, is distributed to Information application end.
Wherein information management service end, which executes instruction the Semantic Actions, stores into key message maintenance log, and records
The state that the Semantic Actions execute instruction is to be not carried out, and key message maintenance log is for checking key message maintenance record.
It is executed instruction in addition to preventing from frequently sending Semantic Actions, log can be safeguarded based on key message, send and close
Key information safeguards log, and Information application end can parse the Semantic Actions being wherein not carried out and execute instruction, specific as follows: message tube
Server-side is managed according to preset release cycle, obtains the key message maintenance day that the Semantic Actions that storage is not carried out execute instruction
Will, the maintenance log of key message that information management service end will acquire are distributed to Information application end, and follow-up application end is from pass
The Semantic Actions being not carried out are parsed in key information maintenance log to execute instruction.
S207, Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions, according to institute
It states Semantic Actions and executes instruction and key message to be edited is safeguarded.
In this side of Information application end, it can determine and execute instruction corresponding key message to be edited with the Semantic Actions,
It is executed instruction according to the Semantic Actions and key message to be edited is safeguarded.
Such as above-mentioned described Semantic Actions execute instruction:
1, the operator a for being subordinated to mechanism A executes operation in 10:00;
2, the data A1.1 in key message list item A is deleted in part;
3, the data A1.1a in the newly-increased key message list item A in part.
It can determine that executing instruction corresponding key message to be edited with the Semantic Actions is the number in key message list item A
It according to A1.1, is executed instruction according to the Semantic Actions and key message to be edited is safeguarded: executed instruction according to the Semantic Actions
Delete the data A1.1 in key message list item A, the data A1.1a in the newly-increased key message list item A in part in part.
Wherein, information management service end timing summarize Semantic Actions instruction be distributed to Information application end, information management service
It holds the Semantic Actions being not carried out stored that will acquire to execute instruction and is distributed to Information application end, Information application end determines and should
The Semantic Actions being not carried out execute instruction corresponding key message to be edited, are executed instruction pair according to the Semantic Actions that this is not carried out
Key message to be edited is safeguarded that the Semantic Actions being not carried out are executed instruction to be executed instruction including several Semantic Actions, letter
Breath application end, which can be executed instruction disposably according to the Semantic Actions that this is not carried out, safeguards key message to be edited.
In addition, information management service end group safeguards log in key message, the key message maintenance log distribution that will acquire
To Information application end, Information application end parses the Semantic Actions being not carried out from key message maintenance log and executes instruction,
Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions that this is not carried out, the semanteme being not carried out
Movement is executed instruction to be executed instruction including several Semantic Actions, and Information application end can be disposably dynamic according to the semanteme being not carried out
It executes instruction and key message to be edited is safeguarded.
By the description of the above-mentioned technical solution provided this specification embodiment, this side of client is provided in information,
The information editing's request for receiving user's input encrypts information editing request using information management service end public key, benefit
Information editing request is digitally signed with own private key, will be asked by encryption and the information editing Jing Guo digital signature
It asks and the information editing requests the corresponding information offer client identification of the key message to be edited being directed to be sent to message tube
Server-side is managed, in this side of information management service end, searches and provides the information offer visitor that client identification matches with the information
Family end public key utilizes found information to provide client public key to by encryption and the information editing Jing Guo digital signature
Request is digitally signed verifying, requests to carry out to by encryption and the information editing Jing Guo digital signature using own private key
Decryption, if being digitally signed to by encryption and the request of the information editing Jing Guo digital signature and being proved to be successful and be decrypted into
Function will be converted to semantic dynamic according to preset transformation rule by decrypting and by the information editing of digital signature authentication request
It executes instruction, which is executed instruction and is distributed to Information application end, in this side of Information application end, the determining and language
Justice movement executes instruction corresponding key message to be edited, is executed instruction according to the Semantic Actions and is carried out to key message to be edited
Maintenance.So by using the identification authentication mechanism of the encryption and decryption based on Asymmetric encryption and sign test of endorsing, determine multiple
Concurrent maintenance and it can only safeguard oneself exclusive key message to role security.
In order to illustrate more clearly of the technical solution of this specification embodiment, separately below again from unilateral angle, to holding
Capable method is illustrated:
Client is provided for information, needing to be implemented for task is mainly as follows:
A, information editing's request of user's input is received;
B, information editing request is encrypted using information management service end public key, using own private key to the information
Edit requests are digitally signed;
C, by by encryption and Jing Guo digital signature the information editing request and the information editing request be directed to
The corresponding information of editor's key message provides client identification and is sent to information management service end;
For information management service end, needing to be implemented for task is mainly as follows:
A, it searches and provides the information that matches of client identification with the information client public key is provided, utilize and found
Information provides client public key and is digitally signed verifying to by encryption and the request of the information editing Jing Guo digital signature, benefit
It is decrypted with own private key to by encryption and the request of the information editing Jing Guo digital signature;
If b, being digitally signed to by encryption and the request of the information editing Jing Guo digital signature and being proved to be successful and solve
Close success, will be by decrypting and being converted to language by the information editing of digital signature authentication request according to preset transformation rule
Justice movement executes instruction, which is executed instruction and is distributed to Information application end;
For Information application end, needing to be implemented for task is mainly as follows:
It determines and with the Semantic Actions executes instruction corresponding key message to be edited, executed instruction pair according to the Semantic Actions
Key message to be edited is safeguarded.
Corresponding with above method embodiment, this specification embodiment also provides a kind of key message maintenance device, application
Client is provided in information, as shown in figure 3, the apparatus may include: request receiving module 310, module of endorsing 320, hair
Send module 330.
Request receiving module 310, for receiving information editing's request of user's input;
Module of endorsing 320, for being encrypted using information management service end public key to information editing request,
Information editing request is digitally signed using own private key;
Sending module 330, information editing request and the letter for encryption will to be passed through and Jing Guo digital signature
The corresponding information of key message to be edited that breath edit requests are directed to provides client identification and is sent to information management service end, with
It searches information management service end and provides the information offer client public key that client identification matches with the information, utilize institute
The information found provides client public key and requests to carry out number to by encryption and the information editing Jing Guo digital signature
Signature verification is decrypted, if right to by encryption and the request of the information editing Jing Guo digital signature using own private key
Information editing request by encrypting and Jing Guo digital signature, which is digitally signed, to be proved to be successful and successful decryption, according to pre-
If transformation rule will be converted to Semantic Actions execution by decryption and by the information editing of digital signature authentication request
Instruction, the Semantic Actions are executed instruction and are distributed to Information application end.
This specification embodiment also provides a kind of key message maintenance device, is applied to information management service end, such as Fig. 4 institute
Show, the apparatus may include: receiving module 410, public key lookup module 420, sign test module 430, deciphering module 440, modulus of conversion
Block 450, instruction distribution module 460.
Receiving module 410 provides the information by encrypting and Jing Guo digital signature that client is sent for receiving information
The corresponding information of key message to be edited that edit requests and information editing's request are directed to provides client identification;
Public key lookup module 420 provides the information offer client that client identification matches with the information for searching
Hold public key;
Sign test module 430, for utilizing found information to provide client public key to by encrypting and by number
The information editing request of signature is digitally signed verifying;
Deciphering module 440, for being asked using own private key to by encryption and the information editing Jing Guo digital signature
It asks and is decrypted;
Conversion module 450, if for requesting to carry out number to by encryption and the information editing Jing Guo digital signature
Signature verification success and successful decryption will pass through the letter decrypted and pass through digital signature authentication according to preset transformation rule
Breath edit requests are converted to Semantic Actions and execute instruction;
Distribution module 460 is instructed, Information application end is distributed to for executing instruction the Semantic Actions, so that information is answered
It is determined with end and with the Semantic Actions executes instruction corresponding key message to be edited, executed instruction pair according to the Semantic Actions
Key message to be edited is safeguarded.
This specification embodiment also provides a kind of key message maintenance device, is applied to Information application end, as shown in figure 5,
The apparatus may include: command reception module 510, information determination module 520, maintenance of information module 530.
Command reception module 510 is executed instruction for receiving the Semantic Actions that information management service end issues;
Information determination module 520 executes instruction corresponding key message to be edited with the Semantic Actions for determining;
Maintenance of information module 530 safeguards key message to be edited for being executed instruction according to the Semantic Actions.
This specification embodiment also provides a kind of key message maintenance system, the system comprises:
Multiple information provide client, an information management service end and the letter for being subordinated to the information management service end
Application end is ceased, any information provides client and pre-generates public key and private key, by own public key notification management service
End, information management service end pre-generate public key and private key, provide own public key informing any information to client;
Information provides information editing's request that client receives user's input, using information management service end public key to described
Information editing's request encrypts, and is digitally signed using own private key to information editing request;
Information provides client will be by encryption and the request of the information editing Jing Guo digital signature and the information
The corresponding information of the key message to be edited that edit requests are directed to provides client identification and is sent to information management service end;
Information management service end, which is searched, provides the information offer client public key that client identification matches with the information,
Utilize found information provide client public key to by encryption and the information editing Jing Guo digital signature request into
Row digital signature authentication is solved using own private key to by encryption and the request of the information editing Jing Guo digital signature
It is close;
If the digital label of progress are requested to by encryption and the information editing Jing Guo digital signature in information management service end
Name is proved to be successful and successful decryption, will pass through the information decrypted and pass through digital signature authentication according to preset transformation rule
Edit requests are converted to Semantic Actions and execute instruction, and the Semantic Actions are executed instruction and are distributed to Information application end;
Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions, according to the semanteme
Movement, which executes instruction, safeguards key message to be edited.
The function of modules and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus
Realization process, details are not described herein.
By the description of the above-mentioned technical solution provided this specification embodiment, this side of client is provided in information,
The information editing's request for receiving user's input encrypts information editing request using information management service end public key, benefit
Information editing request is digitally signed with own private key, will be asked by encryption and the information editing Jing Guo digital signature
It asks and the information editing requests the corresponding information offer client identification of the key message to be edited being directed to be sent to message tube
Server-side is managed, in this side of information management service end, searches and provides the information offer visitor that client identification matches with the information
Family end public key utilizes found information to provide client public key to by encryption and the information editing Jing Guo digital signature
Request is digitally signed verifying, requests to carry out to by encryption and the information editing Jing Guo digital signature using own private key
Decryption, if being digitally signed to by encryption and the request of the information editing Jing Guo digital signature and being proved to be successful and be decrypted into
Function will be converted to semantic dynamic according to preset transformation rule by decrypting and by the information editing of digital signature authentication request
It executes instruction, which is executed instruction and is distributed to Information application end, in this side of Information application end, the determining and language
Justice movement executes instruction corresponding key message to be edited, is executed instruction according to the Semantic Actions and is carried out to key message to be edited
Maintenance.So by using the identification authentication mechanism of the encryption and decryption based on Asymmetric encryption and sign test of endorsing, determine multiple
Concurrent maintenance and it can only safeguard oneself exclusive key message to role security.
This specification embodiment also provides a kind of computer equipment, includes at least memory, processor and is stored in
On reservoir and the computer program that can run on a processor, wherein processor realizes key above-mentioned when executing described program
Information maintenance method, this method include at least:
Receive information editing's request of user's input;
Information editing request is encrypted using information management service end public key, using own private key to the letter
Breath edit requests are digitally signed;
By what is be directed to by encryption and the request of the information editing Jing Guo digital signature and information editing request
The corresponding information of key message to be edited provides client identification and is sent to information management service end.
This specification embodiment also provides a kind of computer equipment, includes at least memory, processor and is stored in
On reservoir and the computer program that can run on a processor, wherein processor realizes key above-mentioned when executing described program
Information maintenance method, this method include at least:
It receives information and the information editing's request and information by encrypting and Jing Guo digital signature that client is sent is provided
The corresponding information of the key message to be edited that edit requests are directed to provides client identification;
It searches and provides the information offer client public key that client identification matches with the information;
It utilizes found information to provide client public key to compile to by encryption and the information Jing Guo digital signature
It collects request and is digitally signed verifying;
It is decrypted using own private key to by encryption and the request of the information editing Jing Guo digital signature;
If being digitally signed to by encryption and the request of the information editing Jing Guo digital signature and being proved to be successful and solve
Close success, will be by decrypting and being converted to by the information editing of digital signature authentication request according to preset transformation rule
Semantic Actions execute instruction;
The Semantic Actions are executed instruction and are distributed to Information application end.
This specification embodiment also provides a kind of computer equipment, includes at least memory, processor and is stored in
On reservoir and the computer program that can run on a processor, wherein processor realizes key above-mentioned when executing described program
Information maintenance method, this method include at least:
The Semantic Actions that information management service end issues are received to execute instruction;
It determines and executes instruction corresponding key message to be edited with the Semantic Actions;
It is executed instruction according to the Semantic Actions and key message to be edited is safeguarded.
This specification embodiment also provides a kind of computer equipment, as shown in fig. 6, the equipment may include: processor
610, memory 620, input/output interface 630, communication interface 640 and bus 650.Wherein processor 610, memory 620,
Input/output interface 630 and communication interface 640 pass through the communication connection between the realization of bus 650 inside equipment.
Processor 610 can use general CPU (Central Processing Unit, central processing unit), micro process
Device, application specific integrated circuit (Application Specific Integrated Circuit, ASIC) or one or
The modes such as multiple integrated circuits are realized, for executing relative program, to realize technical solution provided by this specification embodiment.
Memory 620 can use ROM (Read Only Memory, read-only memory), RAM (Random Access
Memory, random access memory), static storage device, the forms such as dynamic memory realize.Memory 620 can store
Operating system and other applications are realizing technical solution provided by this specification embodiment by software or firmware
When, relevant program code is stored in memory 620, and execution is called by processor 610.
Input/output interface 630 is for connecting input/output module, to realize information input and output.Input and output/
Module can be used as component Configuration (not shown) in a device, can also be external in equipment to provide corresponding function.Wherein
Input equipment may include keyboard, mouse, touch screen, microphone, various kinds of sensors etc., output equipment may include display,
Loudspeaker, vibrator, indicator light etc..
Communication interface 640 is used for connection communication module (not shown), to realize the communication of this equipment and other equipment
Interaction.Wherein communication module can be realized by wired mode (such as USB, cable etc.) and be communicated, can also be wirelessly
(such as mobile network, WIFI, bluetooth etc.) realizes communication.
Bus 650 includes an access, in various components (such as the processor 610, memory 620, input/output of equipment
Interface 630 and communication interface 640) between transmit information.
It should be noted that although above equipment illustrates only processor 610, memory 620, input/output interface
630, communication interface 640 and bus 650, but in the specific implementation process, which can also include realizing to operate normally
Necessary other assemblies.In addition, it will be appreciated by those skilled in the art that, it can also be only comprising realizing in above equipment
Component necessary to this specification example scheme, without including all components shown in figure.
This specification embodiment also provides a kind of computer readable storage medium, is stored thereon with computer program, the journey
Key message maintaining method above-mentioned is realized when sequence is executed by processor, this method includes at least:
Receive information editing's request of user's input;
Information editing request is encrypted using information management service end public key, using own private key to the letter
Breath edit requests are digitally signed;
By what is be directed to by encryption and the request of the information editing Jing Guo digital signature and information editing request
The corresponding information of key message to be edited provides client identification and is sent to information management service end.
This specification embodiment also provides a kind of computer readable storage medium, is stored thereon with computer program, the journey
Key message maintaining method above-mentioned is realized when sequence is executed by processor, this method includes at least:
It receives information and the information editing's request and information by encrypting and Jing Guo digital signature that client is sent is provided
The corresponding information of the key message to be edited that edit requests are directed to provides client identification;
It searches and provides the information offer client public key that client identification matches with the information;
It utilizes found information to provide client public key to compile to by encryption and the information Jing Guo digital signature
It collects request and is digitally signed verifying;
It is decrypted using own private key to by encryption and the request of the information editing Jing Guo digital signature;
If being digitally signed to by encryption and the request of the information editing Jing Guo digital signature and being proved to be successful and solve
Close success, will be by decrypting and being converted to by the information editing of digital signature authentication request according to preset transformation rule
Semantic Actions execute instruction;
The Semantic Actions are executed instruction and are distributed to Information application end.
This specification embodiment also provides a kind of computer readable storage medium, is stored thereon with computer program, the journey
Key message maintaining method above-mentioned is realized when sequence is executed by processor, this method includes at least:
The Semantic Actions that information management service end issues are received to execute instruction;
It determines and executes instruction corresponding key message to be edited with the Semantic Actions;
It is executed instruction according to the Semantic Actions and key message to be edited is safeguarded.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media, can be by any side
Method or technology realize that information stores.Information can be computer readable instructions, data structure, the module of program or other numbers
According to.The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory
(SRAM), dynamic random access memory (DRAM), other kinds of random access memory (RAM), read-only memory
(ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory techniques, CD-ROM are read-only
Memory (CD-ROM), digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or
Other magnetic storage devices or any other non-transmission medium, can be used for storage can be accessed by a computing device information.According to
Herein defines, and computer-readable medium does not include temporary computer readable media (transitory media), such as modulation
Data-signal and carrier wave.
As seen through the above description of the embodiments, those skilled in the art can be understood that this specification
Embodiment can be realized by means of software and necessary general hardware platform.Based on this understanding, this specification is implemented
Substantially the part that contributes to existing technology can be embodied in the form of software products the technical solution of example in other words,
The computer software product can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are to make
It is each to obtain computer equipment (can be personal computer, server or the network equipment etc.) execution this specification embodiment
Method described in certain parts of a embodiment or embodiment.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can
To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment
The combination of any several equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for device reality
For applying example, since it is substantially similar to the method embodiment, so describing fairly simple, related place is referring to embodiment of the method
Part explanation.The apparatus embodiments described above are merely exemplary, wherein described be used as separate part description
Module may or may not be physically separated, can be each module when implementing this specification example scheme
Function realize in the same or multiple software and or hardware.Can also select according to the actual needs part therein or
Person's whole module achieves the purpose of the solution of this embodiment.Those of ordinary skill in the art are not the case where making the creative labor
Under, it can it understands and implements.
The above is only the specific embodiment of this specification embodiment, it is noted that for the general of the art
For logical technical staff, under the premise of not departing from this specification embodiment principle, several improvements and modifications can also be made, this
A little improvements and modifications also should be regarded as the protection scope of this specification embodiment.