CN111783155B - Electronic certificate processing method and system - Google Patents
Electronic certificate processing method and system Download PDFInfo
- Publication number
- CN111783155B CN111783155B CN202010635689.0A CN202010635689A CN111783155B CN 111783155 B CN111783155 B CN 111783155B CN 202010635689 A CN202010635689 A CN 202010635689A CN 111783155 B CN111783155 B CN 111783155B
- Authority
- CN
- China
- Prior art keywords
- electronic certificate
- packet data
- index information
- node
- fragment packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/06009—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
- G06K19/06037—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking multi-dimensional coding
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an electronic certificate processing method and a system, wherein the method comprises the following steps: the processing center node stores an electronic certificate generation rule, the electronic certificate is a two-dimensional code picture, and the processing center node is used for generating the electronic certificate; the service nodes are multiple, store the identification code of the processing center node and are used for receiving and checking the electronic certificate; the processing center node generates a user photo identification code according to the user photo, and the user photo identification code, the identity number and the effective time length generate an electronic certificate according to the two-dimensional code rule; the processing center node generates electronic certificate index information according to the electronic certificate and encrypts the identity number, the user photo and the user password into a photo data packet. The invention realizes the decentralization of the use and the verification of the electronic certificate and realizes the use record of the electronic certificate.
Description
Technical Field
The invention relates to the technical field of electronic certificate processing, in particular to an electronic certificate processing method and system.
Background
In the prior art, a physical certificate is used for indicating identity information of a user. When a user goes to do things related to the user, the user needs to show the certificate so as to verify the identity of the user and record user information. However, the existing certificates of users are easy to lose, the certificates are falsely used after the certificates are lost, and the use of the certificates has no history, namely, the certificates of the users are falsely used by others.
Disclosure of Invention
Therefore, it is necessary to provide an electronic certificate processing method and system to solve the problems of easy loss and fraudulent use of the physical certificate.
To achieve the above object, the inventor provides an electronic document processing method, comprising the steps of:
the processing center node stores an electronic certificate generation rule, the electronic certificate is a two-dimensional code picture, and the processing center node is used for generating the electronic certificate; the service nodes are multiple, store the identification code of the processing center node and are used for receiving and checking the electronic certificate;
the processing center node generates a user photo identification code according to the user photo, and generates an electronic certificate according to the two-dimensional code rule by the user photo identification code, the identity number and the effective time length;
the processing center node generates electronic certificate index information according to the electronic certificate and encrypts the identity number, the user photo and the user password into a photo data packet;
the processing center node divides the electronic certificate into a preset number of electronic certificate fragments, the sizes of the divided electronic certificate fragments are the same, sequence numbers are generated according to the sequence of the electronic certificate fragments, and the electronic certificate index information, each sequence number, the corresponding electronic certificate fragments and the corresponding photo data packet are packaged into a fragment packet data to form the preset number of fragment packet data;
sending all fragment packet data to different nodes, wherein each node receives one fragment packet data;
after each node receives one piece of fragment packet data, caching the piece of fragment packet data in a memory, acquiring electronic certificate index information according to the piece of fragment packet data, judging whether a legality notice of the electronic certificate index information is contained in a received notice message by the node, and if the legality notice exists, determining whether the piece of fragment packet data is stored according to the result of the legality notice;
if the validity notice does not exist, sending the electronic certificate index information to a processing center node for verification, if the information passing the verification is received, considering the verification result to be legal, and if not, considering the verification result to be illegal;
if the verification result is legal, storing the fragment packet data into a memory, and if the verification result is illegal, deleting the fragment packet data; broadcasting the electronic certificate index information and the verification result as the legality notice of the electronic certificate index information to other nodes, and simultaneously recording the legality notice into a data chain;
the service node acquires the electronic certificate through code scanning, generates electronic certificate index information according to the electronic certificate, acquires the stored fragment packet data according to the electronic certificate index information, divides the electronic certificate according to the size of the fragment packet data, and acquires the fragment packet data and the corresponding sequence number after division; the service node broadcasts the electronic certificate index information to other nodes, and the other nodes reply the sequence number; the service node sends corresponding segmented electronic certificate data according to the received sequence number, and other nodes compare the electronic certificate data with the electronic certificate fragments in the fragment packet data after receiving the electronic certificate data to generate and reply a comparison result, wherein the comparison result comprises electronic certificate index information and an electronic certificate sequence number; after comparison, recording the comparison result into a data chain;
the service node receives comparison results of all electronic certificate sequence numbers, and after the comparison results meet legitimacy requirements, analyzes the electronic certificates to obtain electronic certificate data, decrypts photo packet data according to identity numbers in the electronic certificate data and passwords input by users to obtain user photos, checks whether the user photos are consistent with current personnel, and inputs checking results and service handling items, wherein the checking results and the service handling items comprise electronic certificate index information, the service node updates the checking results and the service handling items to a data chain, broadcasts the checking results and the service handling items, and other nodes update the data chain after receiving the checking results and the service handling items.
Further, the determining whether to store the fragmented packet data according to the result of the validity notification includes:
judging whether the number of the legality notices is larger than a first preset value or not, if so, judging whether the number of the same results in the legality notices is larger than a second preset value or not, if so, taking the same results as the results of the verification notices of the electronic certificate index information, and determining whether the fragment packet data is stored or not according to the results;
if the number of the legal notices is less than or equal to a first preset value, ignoring the legal notices;
and if the number of the same results in the legality notice is less than or equal to a second preset value, ignoring the legality notice.
Further, the step of segmenting the electronic document by the processing center node comprises the steps of:
the processing center node copies the electronic certificates into a plurality of groups and generates group identification numbers, each group of electronic certificates is combined with the group identification numbers and then is divided, and the preset number of the divided electronic certificate fragments in each group is different in size;
said packetizing into a fragmented packet data comprises the steps of:
packing the group identification number corresponding to the fragment packet data into the fragment packet data;
the step of comparing the result of the electronic certificate with the electronic certificate index information and the electronic certificate serial number comprises the following steps:
the comparison result comprises electronic certificate index information, electronic certificate sequence numbers and group identification numbers.
Further, the transmitting all fragmented packet data to different nodes comprises the steps of:
dividing fields of the IP addresses into IP groups with the same number as the preset number according to the preset number, wherein one IP group corresponds to one fragment packet data;
and then sending the fragment packet data to the node of which the node IP conforms to the corresponding IP group format.
Further, all nodes comprise a master node; after determining the fragmentation packet data, the host node further comprises the following steps:
caching fragment packet data with a preset time length in a memory by a main node;
and when the step "generating electronic certificate index information according to the electronic certificate, and acquiring the fragment packet data which is stored according to the electronic certificate index information" includes: and the main node acquires the fragment packet data cached in the memory from the memory according to the electronic certificate index information, and if the fragment packet data which is stored is not acquired from the memory any more.
Further, the service node broadcasts the electronic certificate index information and the logout information to other nodes according to the loss report or the logout request of the user, and all the nodes record the electronic certificate index information and the logout information to a data chain of the service node;
then when the electronic certificate index information is generated according to the electronic certificate, the method comprises the following steps: and searching whether electronic certificate index information and logout information exist in the data chain, if so, directly generating a comparison result of the error request, and otherwise, performing a subsequent segmentation step.
The invention provides a safe electronic certificate processing system, which comprises a plurality of nodes, wherein each node comprises a memory and a processor, the memory stores a computer program, and the computer program realizes the steps of the method according to any one embodiment of the invention when being executed by the processor.
Different from the prior art, the electronic certificate is generated through the processing center node in the technical scheme, the uniqueness of certificate generation is realized, then the electronic certificate data can be divided and distributed to different nodes, the nodes can be checked with the nodes generating the electronic certificate in the initial stage, then the check result is diffused, and the subsequent nodes can directly store the divided fragment packet data of the electronic certificate according to the check result. Therefore, the electronic certificate data are partial data of other nodes, original whole data cannot be acquired, and safety is guaranteed. And then the user acquires and saves the electronic certificate. When service authentication is needed, the service node can scan the electronic certificate, then the electronic certificate is obtained, the electronic certificate is broadcasted, and other nodes check the electronic certificate according to the fragment packet data stored by the other nodes. After a large number of nodes are verified and pass, photo data can be obtained according to data in the electronic certificate, and then whether the certificate is used by the user or not is checked according to the photo. All verification processes and certificate use processes are recorded in a data chain, and a user can know the use history of the certificate at any time. After people are known to use the electronic certificate falsely, the certificate before logout can be requested to regenerate the certificate, so that the certificate before logout can be invalidated, and the safety of the electronic certificate can be ensured.
Drawings
FIG. 1 is a flow diagram of a method according to an embodiment;
FIG. 2 is a flow diagram of a method according to an embodiment;
FIG. 3 is a schematic illustration of segmentation in accordance with an embodiment.
Detailed Description
To explain technical contents, structural features, and objects and effects of the technical solutions in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
Referring to fig. 1 to 3, the present embodiment provides an electronic certificate processing method, wherein the processing is performed between a processing center node and a service node. The processing center node stores electronic certificate generation rules; so as to generate the two-dimension code picture of the electronic certificate according to the data. There are multiple service nodes, and the service nodes are used for performing service processing, such as departments like a financial center and a work center, and need to check electronic certificates provided by users. The service node does not have the generation authority of the electronic certificate and only has the verification authority. The service node stores an identification code of the processing center node, and is used for receiving and checking the electronic certificate. Certainly, in order to realize the acquisition of the picture information of the two-dimensional code of the electronic certificate, the service node stores an analysis rule for analyzing the picture of the electronic certificate and acquiring the information contained in the picture of the electronic certificate.
And S101, the processing center node generates a user photo identification code according to the user photo, and generates an electronic certificate according to the two-dimensional code rule by the user photo identification code, the identity number and the effective time length. The information is basic identity information, and can be uploaded by a user through a processing center node client or uploaded to a processing center node after the information is acquired by a service node on site. Wherein: the user photo, namely the photo of the head portrait of the user, is used for subsequently consulting whether the current user is consistent with the photo user, the identification code of the user photo is a unique code generated according to the user photo, the identification codes in the invention are all generated unique codes, and can be codes with similar MD5 values. The identity number is a number convenient for people to remember, and each person has a unique identity number. The effective time length can be set as a cut-off time, after the electronic certificate is obtained by scanning the codes subsequently, the electronic certificate is analyzed to obtain the effective time, if the effective time is less than the current time, the electronic certificate is invalid, and the data in the electronic certificate is not responded subsequently. The processing center node identification code is used for identifying the processing center node and realizing the fixed point communication between the service node and the processing center node. Of course, the processing center node verifies the uploaded photos and the uploaded identity numbers to be checked, for example, remote face recognition checking is adopted, and the remote checking modes can refer to the existing checking mode.
Step S102, the processing center node generates electronic certificate index information according to the electronic certificate, wherein the generated electronic certificate index information is a unique code, such as an MD5 code. And the identity number, the user photo and the user password are encrypted into a photo data packet, and the user password is a password set by the user and can be input when the user uses the photo data packet. The encryption is similar to the compression of a compressed packet, and only when the correct identity number and the user password are obtained, the user photo can be obtained through decompression, and the user photo can be checked and used subsequently.
And S103, the processing center node divides the electronic certificate into a preset number of electronic certificate fragments, the divided electronic certificate fragments have the same size, sequence numbers are generated according to the sequence of the electronic certificate fragments, and the electronic certificate index information, each sequence number, the corresponding electronic certificate fragments and the corresponding photo data packet are packaged into a fragment packet data to form the preset number of fragment packet data. In order to enable the fragments of the electronic certificate after being divided to be the same in size, the total data size of the current electronic certificate can be divided by a preset number to see whether the fragments can be divided completely, and if the fragments can be divided, the fragments are the same in size. If the electronic certificate fragment size cannot be divided completely, subtracting one from the preset number to serve as a divisor, dividing the total electronic certificate data size by the divisor to obtain the electronic certificate fragment size, wherein the redundant remainder is the last electronic certificate fragment data, and then filling blank data to enable the last electronic certificate fragment data to be the same as the previous electronic certificate fragment size.
Step S104, all the fragment packet data are sent to different nodes, and each node receives one fragment packet data; as shown in fig. 3, each node receives a fragment packet data, which includes fragments 1 to N, and since there are more nodes than fragments, different nodes may receive the same fragment packet data.
In step S105, after each node receives one fragment packet data, the fragment packet data is cached in a memory, where the memory is a volatile memory, and is different from a non-volatile memory such as a hard disk. Acquiring electronic certificate index information from the fragment packet data, judging whether a legality notice of the electronic certificate index information is contained in the received notice message by the node, and if the legality notice exists, entering S115 to determine whether the fragment packet data is stored according to the result of the legality notice. The validity notice is a validity message containing the electronic certificate index information and is a validity message verified by other nodes. Of course, if the node currently receiving the fragment packet subsequently has the authentication, the node will also generate the validity notification, and other nodes will receive the validity notification. Through the validity notice, each node does not need to process the verification of the central node, and the nodes which are more than the preset number broadcast in the whole network as long as the verification of the nodes passes, and the subsequent nodes can directly operate according to the received node information. And determining whether to store the fragmented packet data according to the result of the validity notification, wherein the number of validity notifications is generally greater than a preset number, such as 100 node notifications. If more than the predetermined number of notifications are received and the notifications indicate legitimacy, the fragment package is stored. If more than the preset number of notifications are received and the notifications indicate an illegal one, the fragment packets are deleted. If the notification result indicates legality and illegally exists at the same time, the condition that the number of the same result is large is taken as the criterion.
If the validity notice does not exist, step S106 sends the electronic certificate index information to the processing center node for verification, if the information passing the verification is received, the verification result is considered to be legal, otherwise, the verification result is considered to be illegal. Since the electronic certificate index information is unique and the processing center node identification code is also unique, the electronic certificate index information needs to be verified by the node which originally generated the data (i.e. the processing center node above) before no other node verifies the notification. If the electronic certificate index information is generated by the previous processing center node, the previous node replies legal information which passes verification, and if the electronic certificate index information is not generated by the node of the previous node, the previous node replies illegal information.
If the verification result is legal, step S107 stores the fragmented packet data to a memory, here a non-volatile memory. To save the fragmented packet data, the fragmented packet data may be packed into a check chain. The check chain is different from the data chain, the data chain is used for storing data information, the check chain is used for storing check information such as fragment packet data, and the performance of different working processes can be improved by separately storing the check information. If the verification result is illegal, the step S108 deletes the fragment packet data; and after the execution of the step S107 is completed or the execution of the step S108 is completed, the step S109 is carried out to broadcast the electronic certificate index information and the verification result as the validity notice of the electronic certificate index information to other nodes, and simultaneously record the validity notice into a data chain. The other nodes may subsequently implement a direct check of the fragmented packet data according to the notification, i.e. the received notification message in step S105. Therefore, the processing center node can be offline for maintenance when the electronic certificate is not generated, and fragment packet data containing electronic certificate data can be received and stored by the whole network.
At this time, other nodes cannot acquire all the electronic certificate data, and only part of the electronic certificate data. And then the processing center node can send the generated electronic certificate to the user, for example, the electronic certificate is sent through a mailbox reserved by the user, or through a processing center node client, or if a user photo is uploaded through a service node, the user photo can be sent to the service node by the processing center node and then sent to the client by the service node. The user stores the electronic certificate, the user can directly show the two-dimension code of the electronic certificate in subsequent use, and the service node can scan and obtain the two-dimension code of the electronic certificate. And then, in the step S201, the service node acquires the electronic certificate through code scanning, generates electronic certificate index information according to the electronic certificate, acquires the stored fragment packet data according to the electronic certificate index information, divides the electronic certificate according to the size of the fragment packet data, and acquires the fragment packet data and the corresponding sequence number after division. The segmenting is performed in a predetermined order, similar to the generating of the fragment packet data, such as converting the electronic certificate into binary data and then segmenting the received electronic certificate according to the size of the electronic certificate data in the fragment packet data. I.e. reverse splitting in the way of splitting the node of the previously generated electronic certificate, if the same electronic certificate is generated before, the split data should be consistent. Then step S202, the business node broadcasts the electronic certificate index information to other nodes, and the other nodes reply the sequence number; and the service node sends the corresponding segmented electronic certificate data according to the received sequence number. And S203, comparing the received data with the electronic certificate fragments in the fragment packet data by other nodes, generating and replying a comparison result, wherein the comparison result comprises electronic certificate index information and electronic certificate sequence numbers.
And entering step S204, the service node receives the comparison result of all the electronic certificate sequence numbers, wherein all the electronic certificate sequence numbers correspond to all the numbers of a complete electronic certificate. If the electronic certificate is divided into 20 parts, the sequential code should have 1-20. And after the validity requirement is met, the validity requirement is a set requirement, for example, each number needs to have a notification that the verification is passed, wherein the number is greater than a preset number (for example, 100). Then, the electronic certificate is analyzed to obtain electronic certificate data, in step S205, photo packet data is decrypted according to an identity number in the electronic certificate data and a password input by a user to obtain a user photo, a node person checks whether the user photo is consistent with a current person and inputs a check result and a service handling item, the check result and the service handling item comprise electronic certificate index information, the service node updates the check result and the service handling item to a data chain and broadcasts the check result and the service handling item, and other nodes update the data chain after receiving the electronic certificate and the service handling item. Therefore, when the electronic certificate is processed, the participation of the processing center node is not needed. And when the electronic certificate is processed, the processing center node for generating the electronic certificate can be off-line, a center server is not needed, and the decentralization of electronic certificate verification and processing is completed. Meanwhile, the verification and the use process of the electronic certificate can be stored in the data chain, the user can look up the use condition of the electronic certificate, and the problem that the user still can not know after the existing entity certificate is used is avoided.
In some embodiments, said determining whether to store the fragmented packet data according to the result of the validity notification comprises the steps of: judging whether the number of the legality notices is larger than a first preset value or not, if so, judging whether the number of the same results in the legality notices is larger than a second preset value or not, if so, taking the same results as the results of the verification notices of the electronic certificate index information, and determining whether the fragment packet data is stored or not according to the results; if the number of the legal notices is less than or equal to a first preset value, ignoring the legal notices; and if the number of the same results indicated in the legality notification is less than or equal to a second preset value, ignoring the legality notification. In this way, it can be ensured that the validity notification is relatively reliable.
In order to further improve the safety of the electronic certificate fragment packet data, the processing center node divides the electronic certificate and comprises the following steps: the processing center node copies the electronic certificates into a plurality of groups and generates group identification numbers, each group of electronic certificates is combined with the group identification numbers and then is divided, and the preset number of the divided electronic certificate fragments in each group is different in size; so that different groups of fragmented packet data cannot be combined. Even if the electronic certificate is acquired, the original electronic certificate data cannot be combined and restored, and the safety of the electronic certificate is guaranteed. Said packetizing into a fragmented packet data comprises the steps of: and packaging the group identification number corresponding to the fragment packet data into the fragment packet data. The step of comparing the result of the electronic certificate with the electronic certificate index information and the electronic certificate serial number comprises the following steps: the comparison result comprises electronic certificate index information, electronic certificate sequence numbers and group identification numbers. Then, the group identification number is required to be brought when the package is sent and the follow-up verification is carried out. Therefore, after all fragment packets of different groups are verified, the verification of the electronic certificate can be completed once. And other users are more difficult to acquire all data of the electronic certificate corresponding to the original node, so that the safety of the electronic certificate is ensured.
In order to improve the speed of verification, different fragment packet data can be divided into specific IP groups, namely, IP classification optimization. Then at the time of distribution, said transmitting all fragmented packet data to different nodes comprises the steps of: dividing fields of the IP addresses into IP groups with the same number as the preset number according to the preset number, wherein one IP group corresponds to one fragment packet data; and then sending the fragment packet data to the node of which the node IP conforms to the corresponding IP group format. E.g., IP6 address, last field, predetermined number of fragmented packets is 16 groups, then last field is grouped every 4096 IPs. The first fragmented packet data is then assigned to the first group 4096 of IP addresses, the second fragmented packet data is assigned to the second group 4096 of IP addresses, and so on in sequence. Therefore, when the subsequent code scanning verification is carried out, the verification can be preferentially distributed to a part of IP addresses of each group for verification, the verification of all serial numbers of the electronic certificate can be quickly completed, and the verification speed is improved. When the plurality of electronic certificates are copied and randomly divided, the fields of the IP address can be divided into the IP groups with the same number as the group identification numbers according to the number of the group identification numbers on the other fields of the IP address, and then the other fields in the IP corresponding to each group identification number are divided into the IP groups with the same preset number as the divided groups in the group, so that the speed of subsequent verification can be further improved, and the safety can be improved through the verification of different groups.
In order to ensure the fast operation of the nodes, all the nodes include a master node, and the system processing performance of the master node is higher than that of other nodes, and the master node is generally composed of a server host. After determining the fragmentation packet data, the host node further comprises the following steps: caching fragment packet data with a preset time length in a memory by a main node; and when the step "generating electronic certificate index information according to the electronic certificate, and acquiring the fragment packet data which is stored according to the electronic certificate index information" includes: and the main node acquires the fragment packet data cached in the memory from the memory according to the electronic certificate index information, and if the fragment packet data which is stored is not acquired from the memory any more. Therefore, the main node can cache the latest fragment packet data, and subsequently can quickly take out the data for verification when the data is verified, the data does not need to be fetched by a hard disk, and the verification speed of the electronic certificate is improved.
In order to log off the previous electronic certificate after a user finds that the electronic certificate is falsely used or lost, the security is ensured. Then also includes the log-off step: the service node broadcasts the electronic certificate index information and the logout information to other nodes according to the loss report or the logout request of the user, and all the nodes record the electronic certificate index information and the logout information to the data chain of the service node. Then when the electronic certificate index information is generated according to the electronic certificate, the method comprises the following steps: and searching whether electronic certificate index information and logout information exist in the data chain, if so, directly generating a comparison result of the error request, and otherwise, performing a subsequent segmentation step. Wherein, the logout information indicates that the electronic certificate index information is in a logout state. If the electronic certificate index information is received later, the electronic certificate index information can be directly prompted to be cancelled without any check and verification operation.
The invention can also comprise an active loss reporting step, after the business node finds that the current user is not checked with the user photo, the loss reporting information and the electronic certificate index information are stored in the data chain, and the loss reporting information and the electronic certificate index information are broadcasted, so that the electronic certificate is in a loss reporting state. The user can then regenerate the electronic certificate to the processing center node, and the electronic certificate which is lost or cancelled before can not be used continuously. When a user needs to perform service operation for looking up the use history of the electronic certificate, the service node reads and displays a service handling item from the current data chain after checking the identity of the user, so that the user can know the previous service handling item.
The invention provides a safe electronic certificate processing system, which comprises a plurality of nodes, wherein each node comprises a memory and a processor, the memory stores a computer program, and the computer program realizes the steps of the method according to any one embodiment of the invention when being executed by the processor. The system of the invention can realize the safe processing process of the electronic certificate.
It should be noted that, although the above embodiments have been described herein, the invention is not limited thereto. Therefore, based on the innovative concepts of the present invention, the technical solutions of the present invention can be directly or indirectly applied to other related technical fields by making changes and modifications to the embodiments described herein, or by using equivalent structures or equivalent processes performed in the content of the present specification and the attached drawings, which are included in the scope of the present invention.
Claims (7)
1. A method of electronic document processing, comprising the steps of:
the processing center node stores an electronic certificate generation rule, the electronic certificate is a two-dimensional code picture, and the processing center node is used for generating the electronic certificate; the service nodes are multiple, store the identification code of the processing center node and are used for receiving and checking the electronic certificate;
the processing center node generates a user photo identification code according to the user photo, and generates an electronic certificate according to the two-dimensional code rule by the user photo identification code, the identity number and the effective time length;
the processing center node generates electronic certificate index information according to the electronic certificate and encrypts the identity number, the user photo and the user password into a photo data packet;
the processing center node divides the electronic certificate into a preset number of electronic certificate fragments, the sizes of the divided electronic certificate fragments are the same, sequence numbers are generated according to the sequence of the electronic certificate fragments, and the electronic certificate index information, each sequence number, the corresponding electronic certificate fragments and the corresponding photo data packet are packaged into a fragment packet data to form the preset number of fragment packet data;
sending all the fragment packet data to different receiving nodes, wherein each receiving node receives one fragment packet data;
after each receiving node receives one piece of fragment packet data, caching the piece of fragment packet data in a memory, acquiring electronic certificate index information according to the piece of fragment packet data, judging whether a legality notice of the electronic certificate index information is contained in a received notice message by the receiving node, and if the legality notice exists, determining whether the piece of fragment packet data is stored according to the result of the legality notice;
if the validity notice does not exist, sending the electronic certificate index information to a processing central node for verification, if the information passing the verification is received, considering the verification result to be legal, and if not, considering the verification result to be illegal;
if the verification result is legal, storing the fragment packet data into a memory, and if the verification result is illegal, deleting the fragment packet data; broadcasting the electronic certificate index information and the verification result as the legality notice of the electronic certificate index information to all other nodes, and simultaneously recording the legality notice into a data chain;
the service node acquires the electronic certificate through code scanning, generates electronic certificate index information according to the electronic certificate, acquires the stored fragment packet data according to the electronic certificate index information, divides the electronic certificate according to the size of the fragment packet data, and acquires the fragment packet data and the corresponding sequence number after division; the service node broadcasts the electronic certificate index information to all other nodes, and all other nodes reply the sequence number; the service node sends corresponding segmented electronic certificate data according to the received sequence number, all other nodes are compared with the electronic certificate fragments in the fragment packet data after receiving the electronic certificate data, a comparison result is generated and replied, and the comparison result comprises electronic certificate index information and an electronic certificate sequence number; after comparison, recording the comparison result into a data chain;
the service node receives comparison results of all electronic certificate sequence numbers, and after the comparison results meet legitimacy requirements, analyzes the electronic certificates to obtain electronic certificate data, decrypts photo packet data according to identity numbers in the electronic certificate data and passwords input by users to obtain user photos, checks whether the user photos are consistent with current personnel, and inputs checking results and service handling items, wherein the checking results and the service handling items comprise electronic certificate index information, the service node updates the checking results and the service handling items to a data chain, broadcasts the checking results and the service handling items, and other nodes update the data chain after receiving the checking results and the service handling items.
2. The method of claim 1, wherein: the step of determining whether to store the fragmented packet data according to the result of the validity notification includes the steps of:
judging whether the number of the legality notices is larger than a first preset value or not, if so, judging whether the number of the same results in the legality notices is larger than a second preset value or not, if so, taking the same results as the results of the verification notices of the electronic certificate index information, and determining whether the fragment packet data is stored or not according to the results;
if the number of the legal notices is less than or equal to a first preset value, ignoring the legal notices;
and if the number of the same results indicated in the legality notification is less than or equal to a second preset value, ignoring the legality notification.
3. The method of claim 1, wherein:
the processing center node segmenting the electronic certificate comprises the following steps:
the processing center node copies the electronic certificates into a plurality of groups and generates group identification numbers, each group of electronic certificates is combined with the group identification numbers and then is divided, and the preset number of the divided electronic certificate fragments in each group is different in size;
said packetizing into a fragmented packet data comprises the steps of:
packing the group identification number corresponding to the fragment packet data into the fragment packet data;
the step of comparing the result of the electronic certificate with the electronic certificate index information and the electronic certificate serial number comprises the following steps:
the comparison result comprises electronic certificate index information, electronic certificate sequence numbers and group identification numbers.
4. The method of claim 1, wherein sending all fragmented packet data to different receiving nodes comprises:
dividing fields of the IP addresses into IP groups with the same number as the preset number according to the preset number, wherein one IP group corresponds to one fragment packet data;
and then the fragment packet data is sent to a receiving node of which the IP conforms to the corresponding IP group format.
5. The method of claim 1, wherein all nodes comprise a master node; after determining the fragmentation packet data, the host node further comprises the following steps:
the main node caches the fragment packet data within a preset time length range in a memory;
and when the step "generating electronic certificate index information according to the electronic certificate, and acquiring the fragment packet data which is stored according to the electronic certificate index information" includes: and the main node acquires the fragment packet data cached in the memory from the memory according to the electronic certificate index information, and if the fragment packet data which is stored is not acquired from the memory any more.
6. The method of claim 1, wherein: further comprising the steps of: the service node broadcasts the electronic certificate index information and the logout information to all other nodes according to the loss report or the logout request of the user, and all the nodes record the electronic certificate index information and the logout information to a data chain of the service node;
then when the electronic certificate index information is generated according to the electronic certificate, the method comprises the following steps: and searching whether electronic certificate index information and logout information exist in the data chain, if so, directly generating a result of an error request, and otherwise, performing a subsequent segmentation step.
7. An electronic document processing system, comprising: comprising a plurality of nodes including a memory, a processor, the memory having stored thereon a computer program which, when executed by the processor, carries out the steps of the method according to any one of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010635689.0A CN111783155B (en) | 2020-07-03 | 2020-07-03 | Electronic certificate processing method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010635689.0A CN111783155B (en) | 2020-07-03 | 2020-07-03 | Electronic certificate processing method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111783155A CN111783155A (en) | 2020-10-16 |
CN111783155B true CN111783155B (en) | 2022-08-02 |
Family
ID=72758696
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010635689.0A Active CN111783155B (en) | 2020-07-03 | 2020-07-03 | Electronic certificate processing method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111783155B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104113416A (en) * | 2014-06-26 | 2014-10-22 | 北京天威诚信电子商务服务有限公司 | Two-dimensional code verification method and system based on electronic signature |
CN108881230A (en) * | 2018-06-21 | 2018-11-23 | 佛山科学技术学院 | A kind of safe transmission method and device of government affairs big data |
CN108989337A (en) * | 2018-08-19 | 2018-12-11 | 北京元链科技有限公司 | A kind of electronics license shared platform design method based on block chain technology |
CN109583166A (en) * | 2018-11-09 | 2019-04-05 | 山西特信环宇信息技术有限公司 | A kind of certificate chain electronic certificate system |
CN109584132A (en) * | 2018-11-09 | 2019-04-05 | 山西特信环宇信息技术有限公司 | A kind of certificate chain electronics residence permit system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9152930B2 (en) * | 2013-03-15 | 2015-10-06 | United Airlines, Inc. | Expedited international flight online check-in |
-
2020
- 2020-07-03 CN CN202010635689.0A patent/CN111783155B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104113416A (en) * | 2014-06-26 | 2014-10-22 | 北京天威诚信电子商务服务有限公司 | Two-dimensional code verification method and system based on electronic signature |
CN108881230A (en) * | 2018-06-21 | 2018-11-23 | 佛山科学技术学院 | A kind of safe transmission method and device of government affairs big data |
CN108989337A (en) * | 2018-08-19 | 2018-12-11 | 北京元链科技有限公司 | A kind of electronics license shared platform design method based on block chain technology |
CN109583166A (en) * | 2018-11-09 | 2019-04-05 | 山西特信环宇信息技术有限公司 | A kind of certificate chain electronic certificate system |
CN109584132A (en) * | 2018-11-09 | 2019-04-05 | 山西特信环宇信息技术有限公司 | A kind of certificate chain electronics residence permit system |
Non-Patent Citations (1)
Title |
---|
基于区块链的电子证件系统的设计与实现;文淑华;《现代计算机》;广州中山大学出版社有限公司;20180925(第27期);第94-100页 * |
Also Published As
Publication number | Publication date |
---|---|
CN111783155A (en) | 2020-10-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107749848B (en) | Internet of things data processing method and device and Internet of things system | |
CN107342867B (en) | Signature verification method and device | |
EP1401143B1 (en) | Methods and system for providing a public key fingerprint list in a PK system | |
CN109344631B (en) | Data modification and block verification method, device, equipment and medium for block chain | |
CN101552669A (en) | Method and system of data transmission | |
CN109714370B (en) | HTTP (hyper text transport protocol) -based cloud security communication implementation method | |
CN109409079B (en) | Weak password checking method and device | |
CN110995446B (en) | Evidence verification method, device, server and storage medium | |
CN110071937B (en) | Login method, system and storage medium based on block chain | |
CN112149068A (en) | Access-based authorization verification method, information generation method and device, and server | |
CN113486309A (en) | Technical document processing method, digital watermark server and processing system | |
CN110213232B (en) | fingerprint feature and key double verification method and device | |
CN111783918B (en) | Safe two-dimensional code distribution method and system | |
US7739500B2 (en) | Method and system for consistent recognition of ongoing digital relationships | |
CN111835711A (en) | Digital encryption cloud service information protection method and cloud service system | |
CN115021913A (en) | Key generation method, system and storage medium for industrial internet identification analysis system | |
CN107770183B (en) | Data transmission method and device | |
CN110890979B (en) | Automatic deployment method, device, equipment and medium for fort machine | |
CN111783155B (en) | Electronic certificate processing method and system | |
WO2021027504A1 (en) | Consensus protocol-based information processing method, and related device | |
CN111783157B (en) | Trusted two-dimensional code electronic certificate processing method and system | |
CN113542187A (en) | File uploading and downloading method and device, computer device and medium | |
CN115118504B (en) | Knowledge base updating method and device, electronic equipment and storage medium | |
CN110807210A (en) | Information processing method, platform, system and computer storage medium | |
CN111783154B (en) | Old people electronic license generation method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |