CN111694591A - Certificate updating method, device, system, server and computer storage medium - Google Patents

Certificate updating method, device, system, server and computer storage medium Download PDF

Info

Publication number
CN111694591A
CN111694591A CN202010552078.XA CN202010552078A CN111694591A CN 111694591 A CN111694591 A CN 111694591A CN 202010552078 A CN202010552078 A CN 202010552078A CN 111694591 A CN111694591 A CN 111694591A
Authority
CN
China
Prior art keywords
certificate
information
updating
target
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010552078.XA
Other languages
Chinese (zh)
Inventor
李�杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN202010552078.XA priority Critical patent/CN111694591A/en
Publication of CN111694591A publication Critical patent/CN111694591A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to the technical field of financial science and technology, and discloses a certificate updating method, device, system, server and computer storage medium. The certificate updating method is applied to a certificate updating system comprising a server and a client, and comprises the following steps: when receiving a certificate updating request, a server side acquires current certificate information according to the certificate updating request; then, acquiring target certificate data from a preset database; and encrypting the target information in the target certificate data through a preset signature algorithm to obtain signature information, obtaining encrypted target certificate data according to the target information and the signature information, and returning the encrypted target certificate data to the client corresponding to the certificate updating request so that the client updates the certificate after verifying the encrypted target certificate data. The invention can realize the automatic updating of the application program certificate based on the established certificate updating system, and simultaneously, encrypts the certificate data to verify the safety of the certificate data, thereby realizing the safety updating of the certificate.

Description

Certificate updating method, device, system, server and computer storage medium
Technical Field
The invention relates to the technical field of financial technology (Fintech), in particular to a certificate updating method, a device, a system, a server and a computer storage medium.
Background
With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually changing to financial technology (Fintech), but higher requirements are also put forward on the technologies due to the requirements of the financial industry on safety and real-time performance.
Users usually install various apps (application programs) in terminal devices such as mobile phones or tablet computers to meet the needs of daily work, life, social contact and the like. Currently, a corresponding App certificate is hard-coded into an App internal code or an App internal configuration file, so that when the App is started, the App is used by reading the certificate information of the App hard-coded to ensure the security of the App.
However, the App certificate has a validity period, and at present, an updated App certificate is usually built in an App with a new version, and when a user upgrades the App version, the user can acquire the updated App certificate carried in the new version of the App and acquire the new version of the App at the same time, so that the normal use of the App is ensured. However, many users do not like to update the App version, so that the certificate cannot be updated, the normal product requirements of the users are affected, and even serious public praise influence is brought to businesses. Therefore, how to realize intelligent updating of the App certificate is a problem which needs to be solved urgently at present.
Disclosure of Invention
The invention mainly aims to provide a certificate updating method, a certificate updating device, a certificate updating system, a server side and a computer storage medium, aiming at realizing automatic and safe updating of application program certificates and avoiding influencing the use of users.
In order to achieve the above object, the present invention provides a certificate updating method, which is applied to a certificate updating system, where the certificate updating system includes a server and a client, and the certificate updating method includes:
when the server side receives a certificate updating request, current certificate information is obtained according to the certificate updating request;
acquiring target certificate data from a preset database according to the current certificate information;
encrypting target information in the target certificate data through a preset signature algorithm to obtain signature information, and obtaining encrypted target certificate data according to the target information and the signature information;
and returning the encrypted target certificate data to the client corresponding to the certificate updating request so that the client can update the certificate after verifying the encrypted target certificate data.
Optionally, the current certificate information includes an application name and a current certificate version number, and the step of obtaining the target certificate data from the preset database according to the current certificate information includes:
inquiring a preset certificate list to obtain a latest certificate version number corresponding to the name of the application program;
judging whether the current certificate version number is consistent with the latest certificate version number;
and if the two certificate versions are not consistent, acquiring target certificate data corresponding to the application program name and the latest certificate version number from a preset database.
Optionally, the certificate updating method further includes:
when a certificate change request is received, obtaining change information according to the certificate change request;
and updating the corresponding certificate data according to the change information, and updating the latest certificate version number of the corresponding application program in the preset certificate list.
Optionally, the step of encrypting the target information in the target certificate data by using a preset signature algorithm to obtain signature information, and obtaining the encrypted target certificate data according to the target information and the signature information includes:
acquiring public key information of the target certificate data, and signing the public key information through a preset signature algorithm and a preset encryption private key to generate certificate signature information;
and obtaining encrypted target certificate data according to the public key information and the certificate signature information.
Optionally, before the step of obtaining the encrypted target certificate data according to the public key information and the certificate signature information, the method further includes:
obtaining the validity identification of the target certificate data, and signing the validity identification through the preset signature algorithm and the preset encryption private key to generate validity signature information;
the step of obtaining encrypted target certificate data according to the public key information and the certificate signature information includes:
and obtaining encrypted target certificate data according to the public key information, the certificate signature information, the validity identification and the validity signature information.
Optionally, the certificate updating method further includes:
periodically acquiring the expiration time of each certificate data in the preset database, and calculating the remaining duration of the validity period according to the expiration time and the current time;
and reminding the service party corresponding to the certificate data to be expired according to the remaining duration of the validity period.
Further, to achieve the above object, the present invention provides a certificate updating apparatus, including:
the first acquisition module is used for acquiring current certificate information according to the certificate updating request when the certificate updating request is received;
the second acquisition module is used for acquiring target certificate data from a preset database according to the current certificate information;
the encryption module is used for encrypting the target information in the target certificate data through a preset signature algorithm to obtain signature information, and obtaining encrypted target certificate data according to the target information and the signature information;
and the first updating module is used for returning the encrypted target certificate data to the client corresponding to the certificate updating request so that the client can update the certificate after verifying the encrypted target certificate data.
In addition, to achieve the above object, the present invention further provides a server, where the server includes: a memory, a processor and a certificate update program stored on the memory and executable on the processor, the certificate update program when executed by the processor implementing the steps of the certificate update method as described above.
In addition, to achieve the above object, the present invention also provides a certificate updating system, including: a server and a client; wherein the content of the first and second substances,
the server is the server as described above;
the client is used for acquiring current certificate information according to the application program starting information when the application program starting information is detected;
generating a certificate updating request according to the current certificate information, and sending the certificate updating request to the server;
the client is also used for receiving the encrypted target certificate data returned by the server;
and verifying the encrypted target certificate data, and updating the certificate when the verification is passed.
Optionally, the client is further configured to:
when encrypted target certificate data returned by the server side are received, analyzing the encrypted target certificate data to obtain public key information and certificate signature information;
verifying the public key information and the certificate signature information through a preset verification algorithm to obtain a first bit value;
and judging whether the first bit value is a preset threshold value or not so as to judge whether the encrypted target certificate data is tampered or not.
Optionally, the client is further configured to:
analyzing the encrypted target certificate data to obtain validity identification and validity signature information;
verifying the validity identification and the validity signature information through the preset verification algorithm to obtain a second bit value;
and judging whether the second bit value is the preset threshold value or not so as to judge the validity of the certificate data.
Further, to achieve the above object, the present invention also provides a computer-readable storage medium having stored thereon a certificate update program that, when executed by a processor, implements the steps of the certificate update method as described above.
The invention provides a certificate updating method, a device, a system, a server and a computer storage medium, wherein the certificate updating method is applied to a certificate updating system, the certificate updating system comprises a server and a client, and the server acquires current certificate information according to a certificate updating request when receiving the certificate updating request; then, acquiring target certificate data from a preset database according to the current certificate information; encrypting target information in the target certificate data through a preset signature algorithm to obtain signature information, and obtaining encrypted target certificate data according to the target information and the signature information; and then returning the encrypted target certificate data to the client corresponding to the certificate updating request, so that the client can update the certificate after verifying the encrypted target certificate data. By constructing the certificate updating system, when a certificate updating request sent when the client starts the application program is received, the corresponding target certificate data can be automatically acquired, and the encrypted target certificate data is returned to the client, so that the client can verify the encrypted certificate data and then update the certificate, thereby realizing the automatic updating of the application program certificate and avoiding the influence on the use of a user due to the fact that the certificate is not updated because the application program is not updated. Meanwhile, the server side encrypts the certificate data to ensure that the client side verifies the safety of the certificate data, and can update the certificate data when the certificate data passes verification, so that the safety updating of the certificate is realized. In addition, the invention does not need a business side to promote the user to update, thereby saving the updating cost. Therefore, the invention can realize the automatic and safe updating of the application program certificate, avoid influencing the use of the user and save the updating cost at the same time.
Drawings
Fig. 1 is a schematic terminal structure diagram of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a certificate update method according to a first embodiment of the present invention;
FIG. 3 is a schematic diagram of a system architecture related to the certificate update method of the present invention;
fig. 4 is a functional block diagram of a certificate updating apparatus according to a first embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic terminal structure diagram of a hardware operating environment according to an embodiment of the present invention.
The terminal in the embodiment of the present invention is a server, and the server may be a server, or may be a terminal device such as a PC (personal computer), a tablet computer, or a portable computer.
As shown in fig. 1, the terminal may include: a processor 1001, such as a CPU, a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., a Wi-Fi interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the terminal structure shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, and a certificate update program.
In the terminal shown in fig. 1, the network interface 1004 is mainly used for connecting to a backend server and performing data communication with the backend server; the user interface 1003 is mainly used for connecting a client and performing data communication with the client; and the processor 1001 may be configured to invoke the certificate update program stored in the memory 1005 and perform the following steps of the certificate update method.
Based on the above hardware structure, embodiments of the certificate updating method of the present invention are provided.
The invention provides a certificate updating method.
Referring to fig. 2, fig. 2 is a flowchart illustrating a certificate updating method according to a first embodiment of the present invention.
In this embodiment, the certificate updating method is applied to a certificate updating system, where the certificate updating system includes a server and a client, and the certificate updating method includes:
step S10, when the server receives the certificate updating request, the server obtains the current certificate information according to the certificate updating request;
the certificate updating method of the embodiment is applied to a certificate updating system, the certificate updating system comprises a server and a client, and a certificate maintenance system and a certificate updating channel system are established at the server, wherein the certificate maintenance system is used for maintaining and updating a large number of certificates in the system, and the certificate updating channel system is an important service for serving the client and is a channel for ensuring certificate data to be updated to the client.
Further, it should be noted that, in specific implementation, the certificate updating system may also be built as a distributed network architecture to satisfy concurrent execution of massive certificate updating requests. Specifically, referring to fig. 3, a plurality of Nginx (proxy server) and a plurality of servers may be set, and the certificate update request may be assigned to a corresponding Nginx according to the domain name of the certificate update request of the client, and then the Nginx may poll the server to obtain corresponding certificate data, and then return to the client. The distributed certificate updating system can immediately perform parallel capacity expansion when the system meets overlarge requests, has expandability and reliability, and the system breakdown of one server does not influence other servers.
The certificate updating method of this embodiment is implemented by a server, and the apparatus is described by taking a server as an example. In this embodiment, when starting an application program (e.g., App, software), a client sends a certificate update request to a server through an update channel, and at this time, when receiving the certificate update request, the server obtains current certificate information according to the certificate update request. Wherein the current certificate information includes an application name and a current certificate version number.
Step S20, acquiring target certificate data from a preset database according to the current certificate information;
and then, acquiring target certificate data from a preset database according to the current certificate information.
Wherein the current certificate information includes an application name and a current certificate version number, and step S20 includes:
step a21, inquiring a preset certificate list to obtain the latest certificate version number corresponding to the application program name;
step a22, judging whether the current certificate version number is consistent with the latest certificate version number;
step a23, if not, obtaining the target certificate data corresponding to the application program name and the latest certificate version number from a preset database.
After the current certificate information is acquired, a preset certificate list is inquired to obtain the latest certificate version number corresponding to the application program name, wherein the preset certificate list at least comprises the application program names and the latest certificate version numbers thereof. Then, judging whether the current certificate version number is consistent with the latest certificate version number; and if the certificate data are inconsistent, acquiring target certificate data corresponding to the application program name and the latest certificate version number from a preset database. If the certificate is consistent with the certificate, the certificate does not need to be updated, and the response is not required. It should be noted that the target certificate data may include one or more certificates, and the maintenance and the update may be performed according to actual situations.
Step S30, encrypting the target information in the target certificate data through a preset signature algorithm to obtain signature information, and obtaining the encrypted target certificate data according to the target information and the signature information.
And then, encrypting the target information in the target certificate data through a preset signature algorithm to obtain signature information, and obtaining the encrypted target certificate data according to the target information and the signature information. The preset signature algorithm is optionally α ← Sign (SK, M) signature algorithm, the target information at least includes public key information and may also include validity identification, and correspondingly, the signature information at least includes certificate signature information and may also include validity signature information.
When encryption is performed, target information and a preset encryption private key (a private key of a server) are used as input, and signature information can be output through a preset signature algorithm. Then, the target information and the signature information may be edited according to a predetermined format to obtain encrypted target certificate data, for example, target information and signature information thereof, which may include a certificate in each line, thereby forming a structure of a plurality of lines. Specific encryption process can be referred to the following third embodiment.
Step S40, returning the encrypted target certificate data to the client corresponding to the certificate update request, so that the client performs certificate update after verifying the encrypted target certificate data.
And after the encrypted target certificate data are obtained, returning the encrypted target certificate data to the client corresponding to the certificate updating request, so that the client can update the certificate after verifying the encrypted target certificate data.
Correspondingly, when receiving the encrypted target certificate data returned by the server, the client can analyze the encrypted target certificate data to obtain target information and signature information, and when the target information only comprises public key information, the signature information only comprises certificate signature information, and at the moment, the public key information and the certificate signature information can be verified through a preset verification algorithm (corresponding to the preset signature algorithm, the preset verification algorithm is beta ← Verify (PK, alpha, M)) to obtain a first bit value; and then, whether the encrypted target certificate data is tampered or not is verified by judging whether the first bit value is a preset threshold value (1). When the target information comprises public key information and validity identification, the signature information comprises certificate signature information and validity signature information, at the moment, whether the encrypted target certificate data is tampered or not is verified, and then, the validity identification and the validity signature information are further verified through a preset verification algorithm to obtain a second bit value. And judging whether the second bit value is a preset threshold value or not so as to judge the validity of the certificate data. When the authentication is passed, the client side updates the certificate.
It can be understood that, if the certificate update system is the distributed certificate update system as shown in fig. 3, the encrypted target certificate data is first returned to the Nginx corresponding to the certificate update request, so that the Nginx returns the encrypted target certificate data to the client, and the client performs certificate update after verifying the encrypted target certificate data.
The embodiment of the invention provides a certificate updating method, which is applied to a certificate updating system, wherein the certificate updating system comprises a server and a client, and the server acquires current certificate information according to a certificate updating request when receiving the certificate updating request; then, acquiring target certificate data from a preset database according to the current certificate information; encrypting target information in the target certificate data through a preset signature algorithm to obtain signature information, and obtaining encrypted target certificate data according to the target information and the signature information; and then returning the encrypted target certificate data to the client corresponding to the certificate updating request, so that the client can update the certificate after verifying the encrypted target certificate data. By constructing the certificate updating system, when a certificate updating request sent when the client starts the application program is received, the corresponding target certificate data can be automatically acquired, and the encrypted target certificate data is returned to the client, so that the client can verify the encrypted certificate data and then update the certificate, thereby realizing the automatic updating of the application program certificate and avoiding the influence on the use of a user due to the fact that the certificate is not updated because the application program is not updated. Meanwhile, the server side encrypts the certificate data to ensure that the client side verifies the safety of the certificate data, and can update the certificate data when the certificate data passes verification, so that the safety updating of the certificate is realized. In addition, the embodiment of the invention does not need a business party to push the user to update, thereby saving the updating cost. Therefore, the embodiment of the invention can realize the automatic and safe updating of the application program certificate, avoid influencing the use of the user and save the updating cost.
Further, based on the above-described first embodiment, a second embodiment of the certificate updating method of the present invention is proposed.
In this embodiment, the certificate updating method further includes:
step A, when a certificate change request is received, obtaining change information according to the certificate change request;
in the present embodiment, when a certificate change request is received, change information is acquired based on the certificate change request. The change information includes the name of the application to be changed and its change content, and the change content may include, but is not limited to, replacement of the certificate and update of the certificate identifier, such as update of the certificate validity identifier (the validity of the certificate is updated when the certificate is abnormal).
And step B, updating the corresponding certificate data according to the change information, and updating the latest certificate version number of the corresponding application program in the preset certificate list.
Then, the corresponding certificate data is updated according to the change information, for example, a certain certificate in the certificate data is replaced, or the validity of the certificate is updated, and meanwhile, in order to determine whether the certificate version number of the application program is the latest certificate version number for the convenience of the subsequent determination, so as to determine whether the certificate version number is updated, the latest certificate version number of the corresponding application program in the preset certificate list needs to be updated. That is, each time there is an update to the certificate data, the latest certificate version number of the corresponding application program needs to be updated.
In this embodiment, the certificate maintenance system implements updating and maintenance of the certificate data, so as to update the certificate data of the client in the following.
Further, based on the above-described first embodiment, a third embodiment of the certificate updating method of the present invention is proposed.
In the present embodiment, step S30 includes:
a31, acquiring public key information of the target certificate data, and signing the public key information through a preset signature algorithm and a preset encryption private key to generate certificate signature information;
in order to ensure that updated certificate data is absolutely correct and prevent malicious hijacking of target certificate data by a man-in-the-middle in the transmission process from causing the certificate update to be utilized maliciously, in this embodiment, the target certificate data is encrypted and then sent to the client, so that the client verifies the encrypted target certificate data and determines that the target certificate data is not used by a tampered party, and therefore the safety of the certificate update can be ensured.
In this embodiment, public key information of target certificate data is obtained first, and the public key information is signed by a preset signature algorithm and a preset encryption private key to generate certificate signature information. The target certificate data may include one or more certificates, and the corresponding public key information may include 1 or more certificates; the preset signature algorithm is optionally α ← Sign (SK, M) signature algorithm, and the preset encryption private key is a private key of the server and is recorded as SK. When the public key information includes 1, it is recorded as M, the corresponding certificate signature information also includes 1, and the private key SK and the public key information M can be used as input, so that the certificate signature information α can be output. When the public key information includes a plurality of public key information, which are respectively marked as M1, M2, … … and Mt, the corresponding certificate signature information also includes a plurality of public key information, and the private key SK and the public key information can be sequentially used as input, so that a plurality of certificate signature information α 1, α 2, … … and α t can be output.
Step a32, obtaining encrypted target certificate data according to the public key information and the certificate signature information.
Then, according to the public key information and the certificate signature information, encrypted target certificate data is obtained, specifically, the public key information and the certificate signature information can be edited according to a preset format to obtain the encrypted target certificate data, for example, each line can include the public key information of a certificate and the certificate signature information thereof, so that a plurality of lines of a structure body are formed.
And then, returning the encrypted target certificate data to the client corresponding to the certificate updating request so that the client can update the certificate. Specifically, when receiving encrypted target certificate data returned by the server, the client can analyze the encrypted target certificate data to obtain public key information and certificate signature information, and then verify the public key information and the certificate signature information by a preset verification algorithm to obtain a first bit value; and then, whether the encrypted target certificate data is tampered is judged by judging whether the first bit value is a preset threshold value. And when the target certificate data is judged not to be tampered, the certificate is updated.
Further, before the step a32, the following steps may be further included:
a33, obtaining validity identification of the target certificate data, and signing the validity identification through the preset signature algorithm and the preset encryption private key to generate validity signature information;
at this time, step a32 includes:
and obtaining encrypted target certificate data according to the public key information, the certificate signature information, the validity identification and the validity signature information.
When the application certificate needs to be replaced urgently (for example, the built-in certificate information for encryption of the application program is leaked due to accidents or hacking, which may cause the encryption logic of a product to be broken and affect the information security of a user), the application program cannot be updated and replaced quickly with the old certificate, so that a large number of users have the risk of being attacked before the replacement is completed, and a serious crisis is caused. Therefore, in this embodiment, validity identifiers are marked in the certificate, for example, valid and invalid (or represented by preset characters), and when the client starts the application program, the client can obtain the certificate data after the update marking, and when the certificate is used, whether the certificate is available or not can be judged according to the validity identifier of the certificate.
In implementation, in order to ensure that the validity identifier is not tampered, the validity identifier may be encrypted, and the specific encryption mode is the same as that of the certificate public key information. Specifically, the method comprises the following steps: the method comprises the steps of firstly obtaining validity identification of target certificate data, signing the validity identification through a preset signature algorithm and a preset encryption private key to generate validity signature information, then obtaining encrypted target certificate data according to public key information, certificate signature information, the validity identification and the validity signature information, and further returning the encrypted target certificate data to a client corresponding to a certificate updating request to update the certificate by the client. The encryption process of the validity flag may refer to the encryption process of the public key information, which is not described herein.
In this embodiment, the public key information and the validity identifier of the target certificate data are encrypted, and the encrypted target certificate data is returned to the client, so that the client can verify the encrypted target certificate data to prevent tampering, thereby ensuring the security of the target certificate data.
In addition, it should be noted that, in order to further ensure the security of the link and prevent the link layer of the certificate update from being attacked by a replacement or the like, in a specific implementation, the target certificate data may be encrypted by the communication link in an https manner.
It should be further noted that, in a specific implementation, in order to avoid a pressure of a large number of certificate update requests on an encryption operation of a server, when it is detected that certificate data of an application program is updated, the server may encrypt the certificate data based on the updated certificate data, and further store the encrypted certificate data in a preset database, and after the server acquires current certificate information according to the certificate update request, the server may directly acquire encrypted target certificate data from the preset database according to the current certificate information, and further return the encrypted target certificate data to a corresponding client. By the mode, the encryption operation behavior of N times of requests can be avoided, the delay caused by frequent disk IO operation is avoided, and million-level simultaneous high-concurrency requests can be met.
Further, based on the above-described embodiments, a fourth embodiment of the certificate updating method of the present invention is proposed.
In this embodiment, the certificate updating method further includes:
step C, periodically acquiring the expiration time of each certificate data in the preset database, and calculating the remaining duration of the validity period according to the expiration time and the current time;
in this embodiment, each certificate has a validity period, so to avoid certificate failure, the expiration time of each certificate data in the preset database may be periodically obtained, and the remaining duration of the validity period is calculated according to the expiration time and the current time.
And D, reminding the service party corresponding to the certificate data to be expired according to the remaining duration of the validity period.
And then, reminding the service party corresponding to the certificate data to be expired according to the remaining duration of the validity period. Specifically, when it is detected that the remaining duration of the validity period is less than a preset threshold (e.g., 30 days), it is determined that the validity period is about to expire, and then the corresponding service party is reminded.
It should be noted that, when detecting that the remaining duration of the validity period is a negative value, it is proved that the certificate is expired, and at this time, the certificate may be directly deleted and the service party may be reminded.
In this embodiment, the certificate maintenance system detects the certificate data that will expire soon, so that the corresponding service party can be timely reminded of updating the certificate.
The invention also provides a certificate updating system.
The invention also provides a certificate updating system which comprises a server side and a client side.
The server is the server described above and is configured to execute the steps in the certificate updating method embodiment, and specific functions and implementation processes may refer to the above embodiment, which is not described herein again.
The client is used for acquiring current certificate information according to the application program starting information when the application program starting information is detected;
generating a certificate updating request according to the current certificate information, and sending the certificate updating request to the server;
the client is also used for receiving the encrypted target certificate data returned by the server;
and verifying the encrypted target certificate data, and updating the certificate when the verification is passed.
In this embodiment, the client is configured to, when detecting the application start information, obtain current certificate information according to the application start information, where the current certificate information includes an application name and a current certificate version number. And then, generating a certificate updating request according to the current certificate information, sending the certificate updating request to the server, receiving the encrypted target certificate data returned by the server, verifying the encrypted target certificate data, and updating the certificate when the verification is passed.
In this embodiment, by constructing the certificate updating system, when the client starts the application program, the client triggers a certificate updating request, and then sends the certificate updating request to the server, and the server returns the corresponding target certificate data to the client after acquiring the corresponding target certificate data from the preset database, so that the client automatically updates the certificate. By the method, the automatic updating of the client application program certificate can be realized, a user does not need to be forced to download the latest version of the software program to realize the certificate updating, and a business side does not need to push the user to update, so that the updating cost can be saved. In addition, the server side encrypts the certificate data so that the client side can verify the safety of the certificate data, and can update the certificate data when the certificate data passes verification, so that the safety updating of the certificate is realized.
Further, the client is further configured to:
when encrypted target certificate data returned by the server side are received, analyzing the encrypted target certificate data to obtain public key information and certificate signature information;
verifying the public key information and the certificate signature information through a preset verification algorithm to obtain a first bit value;
and judging whether the first bit value is a preset threshold value or not so as to judge whether the encrypted target certificate data is tampered or not.
In this embodiment, when receiving encrypted target certificate data returned by a server, a client analyzes the encrypted target certificate data to obtain public key information and certificate signature information; and then, verifying the public key information and the certificate signature information through a preset verification algorithm to obtain a first bit value. The preset verification algorithm is beta ← Verify (PK, alpha, M) verification algorithm, and the public key information and the certificate signature information obtained by analysis and the public key PK of the server are used as input to obtain a first bit value.
And then judging whether the first bit value is a preset threshold value or not so as to judge whether the encrypted target certificate data is tampered or not. The preset threshold is optionally set to 1, and if the first bit value is 1, it is determined that the encrypted target certificate data is not tampered. If the first bit value is 0 instead of 1, it is determined that the encrypted target certificate data has been tampered with.
In this embodiment, the client verifies the certificate signing information to prevent tampering, so that the client can be used under the condition of ensuring the data security of the target certificate, and thus the security can be ensured.
Further, the client is further configured to:
analyzing the encrypted target certificate data to obtain validity identification and validity signature information;
verifying the validity identification and the validity signature information through the preset verification algorithm to obtain a second bit value;
and judging whether the second bit value is the preset threshold value or not so as to judge the validity of the certificate data.
In this embodiment, when receiving the encrypted target certificate data returned by the server, the client may further analyze the encrypted target certificate data to obtain a validity identifier and validity signature information; then, verifying the validity identification and the validity signature information through a preset verification algorithm to obtain a second bit value; that is, the validity flag, the validity signature information, and the public key PK of the server are used as input, and the second bit value is obtained. And then judging whether the second bit value is a preset threshold value or not so as to judge the validity of the certificate data. If the second bit value is 1, the validity of the target certificate data is judged not to be tampered, so that whether the certificate is used or not can be determined according to the validity identification of the target certificate data. If the first bit value is 0 instead of 1, it is determined that the validity of the target certificate data has been tampered with, and the certificate is rejected.
In this embodiment, the client verifies the validity signature information to prevent tampering, so that it can be ensured that, when the validity flag in the target certificate data is not tampered, whether the certificate data is used is determined according to the validity flag, thereby ensuring security.
Further, in specific implementation, the certificate updating system can be built into a distributed network architecture to meet concurrent execution of massive certificate updating requests. Specifically, referring to fig. 3, a plurality of Nginx (proxy server) and a plurality of servers may be set, and the certificate update request may be assigned to a corresponding Nginx according to the domain name of the certificate update request of the client, and then the Nginx may poll the server to obtain corresponding certificate data, and then return to the client. The distributed certificate updating system can immediately perform parallel capacity expansion when the system meets overlarge requests, has expandability and reliability, and the system breakdown of one server does not influence other servers.
The invention also provides a certificate updating device.
Referring to fig. 4, fig. 4 is a functional block diagram of a certificate updating apparatus according to a first embodiment of the present invention.
As shown in fig. 4, the certificate updating apparatus includes:
a first obtaining module 10, configured to, when receiving a certificate update request, obtain current certificate information according to the certificate update request;
a second obtaining module 20, configured to obtain target certificate data from a preset database according to the current certificate information;
the encryption module 30 is configured to encrypt target information in the target certificate data by using a preset signature algorithm to obtain signature information, and obtain encrypted target certificate data according to the target information and the signature information;
the first updating module 40 is configured to return the encrypted target certificate data to the client corresponding to the certificate updating request, so that the client performs certificate updating after verifying the encrypted target certificate data.
Further, the current certificate information includes an application name and a current certificate version number, and the second obtaining module 20 includes:
the inquiry unit is used for inquiring a preset certificate list to obtain the latest certificate version number corresponding to the application program name;
a judging unit, configured to judge whether the current certificate version number is consistent with the latest certificate version number;
and the acquisition unit is used for acquiring target certificate data corresponding to the application program name and the latest certificate version number from a preset database if the application program name and the latest certificate version number are inconsistent.
Further, the certificate updating apparatus further includes:
the third acquisition module is used for acquiring change information according to the certificate change request when the certificate change request is received;
and the second updating module is used for updating the corresponding certificate data according to the change information and updating the latest certificate version number of the corresponding application program in the preset certificate list.
Further, the encryption module 30 includes:
the first signature unit is used for acquiring public key information of the target certificate data, signing the public key information through a preset signature algorithm and a preset encryption private key, and generating certificate signature information;
and the data encryption unit is used for obtaining encrypted target certificate data according to the public key information and the certificate signature information.
Further, the encryption module 30 further includes:
the second signature unit is used for acquiring the validity identification of the target certificate data, signing the validity identification through the preset signature algorithm and the preset encryption private key and generating validity signature information;
the data encryption unit is further configured to: and obtaining encrypted target certificate data according to the public key information, the certificate signature information, the validity identification and the validity signature information.
Further, the certificate updating apparatus further includes:
the fourth acquisition module is used for periodically acquiring the expiration time of each certificate data in the preset database and calculating the residual duration of the validity period according to the expiration time and the current time;
and the reminding module is used for reminding the service party corresponding to the certificate data which is about to expire according to the remaining duration of the validity period.
The function implementation of each module in the certificate updating apparatus corresponds to each step in the certificate updating method embodiment, and the function and implementation process thereof are not described in detail herein.
The present invention also provides a computer readable storage medium having stored thereon a certificate update program which, when executed by a processor, implements the steps of the certificate update method as described in any of the above embodiments.
The specific embodiment of the computer-readable storage medium of the present invention is substantially the same as the embodiments of the certificate updating method described above, and is not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (12)

1. A certificate updating method is applied to a certificate updating system, the certificate updating system comprises a server side and a client side, and the certificate updating method comprises the following steps:
when the server side receives a certificate updating request, current certificate information is obtained according to the certificate updating request;
acquiring target certificate data from a preset database according to the current certificate information;
encrypting target information in the target certificate data through a preset signature algorithm to obtain signature information, and obtaining encrypted target certificate data according to the target information and the signature information;
and returning the encrypted target certificate data to the client corresponding to the certificate updating request so that the client can update the certificate after verifying the encrypted target certificate data.
2. The certificate updating method according to claim 1, wherein the current certificate information includes an application name and a current certificate version number, and the step of obtaining target certificate data from a preset database based on the current certificate information includes:
inquiring a preset certificate list to obtain a latest certificate version number corresponding to the name of the application program;
judging whether the current certificate version number is consistent with the latest certificate version number;
and if the two certificate versions are not consistent, acquiring target certificate data corresponding to the application program name and the latest certificate version number from a preset database.
3. The certificate updating method as claimed in claim 2, wherein the certificate updating method further comprises:
when a certificate change request is received, obtaining change information according to the certificate change request;
and updating the corresponding certificate data according to the change information, and updating the latest certificate version number of the corresponding application program in the preset certificate list.
4. The certificate updating method according to any one of claims 1 to 3, wherein the step of encrypting target information in the target certificate data by a preset signature algorithm to obtain signature information, and obtaining the encrypted target certificate data according to the target information and the signature information comprises:
acquiring public key information of the target certificate data, and signing the public key information through a preset signature algorithm and a preset encryption private key to generate certificate signature information;
and obtaining encrypted target certificate data according to the public key information and the certificate signature information.
5. The certificate updating method according to claim 4, wherein the step of obtaining the encrypted target certificate data based on the public key information and the certificate signature information further comprises, before the step of obtaining the encrypted target certificate data:
obtaining the validity identification of the target certificate data, and signing the validity identification through the preset signature algorithm and the preset encryption private key to generate validity signature information;
the step of obtaining encrypted target certificate data according to the public key information and the certificate signature information includes:
and obtaining encrypted target certificate data according to the public key information, the certificate signature information, the validity identification and the validity signature information.
6. The certificate update method according to any one of claims 1 to 3, characterized in that the certificate update method further comprises:
periodically acquiring the expiration time of each certificate data in the preset database, and calculating the remaining duration of the validity period according to the expiration time and the current time;
and reminding the service party corresponding to the certificate data to be expired according to the remaining duration of the validity period.
7. A certificate updating apparatus, characterized in that the certificate updating apparatus comprises:
the first acquisition module is used for acquiring current certificate information according to the certificate updating request when the certificate updating request is received;
the second acquisition module is used for acquiring target certificate data from a preset database according to the current certificate information;
the encryption module is used for encrypting the target information in the target certificate data through a preset signature algorithm to obtain signature information, and obtaining encrypted target certificate data according to the target information and the signature information;
and the first updating module is used for returning the encrypted target certificate data to the client corresponding to the certificate updating request so that the client can update the certificate after verifying the encrypted target certificate data.
8. A server, characterized in that the server comprises: memory, a processor and a certificate update program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the certificate update method of any of claims 1 to 6.
9. A certificate update system, characterized in that the certificate update system comprises: a server and a client; wherein the content of the first and second substances,
the server is the server according to claim 8;
the client is used for acquiring current certificate information according to the application program starting information when the application program starting information is detected;
generating a certificate updating request according to the current certificate information, and sending the certificate updating request to the server;
the client is also used for receiving the encrypted target certificate data returned by the server;
and verifying the encrypted target certificate data, and updating the certificate when the verification is passed.
10. The certificate update system of claim 9, wherein the client is further configured to:
when encrypted target certificate data returned by the server side are received, analyzing the encrypted target certificate data to obtain public key information and certificate signature information;
verifying the public key information and the certificate signature information through a preset verification algorithm to obtain a first bit value;
and judging whether the first bit value is a preset threshold value or not so as to judge whether the encrypted target certificate data is tampered or not.
11. The certificate update system of claim 10, wherein the client is further configured to:
analyzing the encrypted target certificate data to obtain validity identification and validity signature information;
verifying the validity identification and the validity signature information through the preset verification algorithm to obtain a second bit value;
and judging whether the second bit value is the preset threshold value or not so as to judge the validity of the certificate data.
12. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a certificate update program which, when executed by a processor, implements the steps of the certificate update method according to any one of claims 1 to 6.
CN202010552078.XA 2020-06-16 2020-06-16 Certificate updating method, device, system, server and computer storage medium Pending CN111694591A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010552078.XA CN111694591A (en) 2020-06-16 2020-06-16 Certificate updating method, device, system, server and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010552078.XA CN111694591A (en) 2020-06-16 2020-06-16 Certificate updating method, device, system, server and computer storage medium

Publications (1)

Publication Number Publication Date
CN111694591A true CN111694591A (en) 2020-09-22

Family

ID=72481440

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010552078.XA Pending CN111694591A (en) 2020-06-16 2020-06-16 Certificate updating method, device, system, server and computer storage medium

Country Status (1)

Country Link
CN (1) CN111694591A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112073433A (en) * 2020-09-25 2020-12-11 微医云(杭州)控股有限公司 SSL certificate updating method and device, electronic equipment and storage medium
CN112307442A (en) * 2020-10-29 2021-02-02 山东中创软件商用中间件股份有限公司 Usage permission detection method and device, electronic equipment and readable storage medium
CN112309139A (en) * 2020-10-26 2021-02-02 西安艾润物联网技术服务有限责任公司 Self-service opening implementation method and device for service function in vehicle management scene
CN112367173A (en) * 2020-10-27 2021-02-12 北京数码视讯科技股份有限公司 Information processing method and device, chip, terminal and electronic equipment
CN112422551A (en) * 2020-11-16 2021-02-26 微医云(杭州)控股有限公司 SSL certificate updating method and device, electronic equipment and storage medium
CN112800442A (en) * 2021-01-05 2021-05-14 北京小米松果电子有限公司 Encrypted file detection method, device and medium
CN112910903A (en) * 2021-02-05 2021-06-04 北京百度网讯科技有限公司 SSL certificate deployment-free method, device and system
CN113472790A (en) * 2021-06-30 2021-10-01 中国工商银行股份有限公司 Information transmission method based on HTTPS (hypertext transfer protocol secure protocol), client and server
CN113873027A (en) * 2021-09-24 2021-12-31 深信服科技股份有限公司 Communication method and related device

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112073433A (en) * 2020-09-25 2020-12-11 微医云(杭州)控股有限公司 SSL certificate updating method and device, electronic equipment and storage medium
CN112073433B (en) * 2020-09-25 2022-09-20 微医云(杭州)控股有限公司 SSL certificate updating method and device, electronic equipment and storage medium
CN112309139A (en) * 2020-10-26 2021-02-02 西安艾润物联网技术服务有限责任公司 Self-service opening implementation method and device for service function in vehicle management scene
CN112367173A (en) * 2020-10-27 2021-02-12 北京数码视讯科技股份有限公司 Information processing method and device, chip, terminal and electronic equipment
CN112307442A (en) * 2020-10-29 2021-02-02 山东中创软件商用中间件股份有限公司 Usage permission detection method and device, electronic equipment and readable storage medium
CN112422551A (en) * 2020-11-16 2021-02-26 微医云(杭州)控股有限公司 SSL certificate updating method and device, electronic equipment and storage medium
CN112800442A (en) * 2021-01-05 2021-05-14 北京小米松果电子有限公司 Encrypted file detection method, device and medium
CN112910903A (en) * 2021-02-05 2021-06-04 北京百度网讯科技有限公司 SSL certificate deployment-free method, device and system
CN112910903B (en) * 2021-02-05 2023-04-18 北京百度网讯科技有限公司 SSL certificate deployment-free method, device and system
CN113472790A (en) * 2021-06-30 2021-10-01 中国工商银行股份有限公司 Information transmission method based on HTTPS (hypertext transfer protocol secure protocol), client and server
CN113472790B (en) * 2021-06-30 2023-10-27 中国工商银行股份有限公司 Information transmission method, client and server based on HTTPS protocol
CN113873027A (en) * 2021-09-24 2021-12-31 深信服科技股份有限公司 Communication method and related device
CN113873027B (en) * 2021-09-24 2024-02-27 深信服科技股份有限公司 Communication method and related device

Similar Documents

Publication Publication Date Title
CN111694591A (en) Certificate updating method, device, system, server and computer storage medium
CN109639661B (en) Server certificate updating method, device, equipment and computer readable storage medium
CN109671205B (en) Voting method, device and equipment based on block chain and computer storage medium
WO2015078407A1 (en) Method for sharing application between terminals, and terminals
CN110908683A (en) Software system upgrading method and device of hardware module, storage medium and terminal
CN109634615B (en) Issuing method, verification method and device of application installation package
CN111666564B (en) Application program safe starting method and device, computer equipment and storage medium
CN110516471B (en) Product promotion method based on information security and related equipment
US20080244554A1 (en) Method and system for updating digitally signed active content elements without losing attributes associated with an original signing user
CN112559993A (en) Identity authentication method, device and system and electronic equipment
CN112579125B (en) Firmware upgrading method and device, electronic equipment and storage medium
CN111800426A (en) Method, device, equipment and medium for accessing native code interface in application program
CN111598681A (en) Credit evaluation method, credit evaluation system and readable storage medium
CN111460410A (en) Server login method, device and system and computer readable storage medium
CN110674376A (en) Interface parameter checking method, device, equipment and computer readable storage medium
GB2552069A (en) Method and management server for revoking group server identifiers of compromised group servers
CN111224826B (en) Configuration updating method, device, system and medium based on distributed system
CN107682335B (en) Data transmission method, server and computer readable storage medium
WO2016173174A1 (en) Network locking data upgrading method and device
CN111723410A (en) Hard disk encryption method, hard disk lock system, hard disk encryption device and storage medium
CN111695098A (en) Multi-distributed cluster access method and device
CN115567271A (en) Authentication method and device, page skip method and device, electronic equipment and medium
CN113434824B (en) Software service authorization management method, device, equipment and storage medium
CN115766270A (en) File decryption method, file encryption method, key management method, device and equipment
CN115482132A (en) Data processing method and device for electronic contract based on block chain and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination