CN111783157B - Trusted two-dimensional code electronic certificate processing method and system - Google Patents
Trusted two-dimensional code electronic certificate processing method and system Download PDFInfo
- Publication number
- CN111783157B CN111783157B CN202010637268.1A CN202010637268A CN111783157B CN 111783157 B CN111783157 B CN 111783157B CN 202010637268 A CN202010637268 A CN 202010637268A CN 111783157 B CN111783157 B CN 111783157B
- Authority
- CN
- China
- Prior art keywords
- electronic certificate
- packet data
- fragment packet
- index information
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/06009—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
- G06K19/06037—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking multi-dimensional coding
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method and a system for processing a trusted two-dimensional code electronic certificate, wherein the method comprises the following steps: the processing center node stores an electronic certificate generation rule, the electronic certificate is a two-dimensional code picture, and the processing center node is used for generating the electronic certificate; the service nodes are multiple, and the service nodes are stored with identification codes of the processing center nodes and are used for receiving and verifying the electronic certificates; the service node shoots a user photo, acquires the identity number and the password information input by the user and sends the identity number and the password information to the processing center node; the processing center node generates a user photo identification code according to the user photo, and generates an electronic certificate according to the user photo identification code, the identity number and the effective time length and the two-dimensional code rule; and the processing center node generates electronic certificate index information according to the electronic certificate, and encrypts the identity number, the user photo and the user password into a photo data packet. The invention realizes the decentralization of the use and verification of the electronic certificate and realizes the use record of the electronic certificate.
Description
Technical Field
The invention relates to the technical field of electronic certificate processing, in particular to a method and a system for processing a trusted two-dimensional code electronic certificate.
Background
In the prior art, physical certificates are used to indicate the identity information of a user. When a user goes to transact a matter related to himself, a certificate needs to be presented in order to verify the user identity and record the user information. However, at present, the credentials of the user are easy to lose, the credentials are falsified after the credentials are lost, and the credentials have no history record in use, namely, the credentials of the user are falsified by other people.
Disclosure of Invention
Therefore, a method and a system for processing the trusted two-dimensional code electronic certificate are needed to solve the problems of easy loss, fraudulent use and the like of the physical certificate.
In order to achieve the above purpose, the inventor provides a trusted two-dimensional code electronic certificate processing method, which comprises the following steps:
the processing center node stores an electronic certificate generation rule, the electronic certificate is a two-dimensional code picture, and the processing center node is used for generating the electronic certificate; the service nodes are multiple, and the service nodes are stored with identification codes of the processing center nodes and are used for receiving and verifying the electronic certificates;
the service node shoots a user photo, acquires the identity number and the password information input by the user and sends the identity number and the password information to the processing center node;
the processing center node generates a user photo identification code according to the user photo, and generates an electronic certificate according to the user photo identification code, the identity number and the effective time length and the two-dimensional code rule;
the processing center node generates electronic certificate index information according to the electronic certificates, and encrypts the identity number, the user photo and the user password into a photo data packet;
the processing center node divides the electronic certificate into a preset number of electronic certificate fragments, the sizes of the divided electronic certificate fragments are the same, sequence numbers are generated according to the sequence of the electronic certificate fragments, and the electronic certificate index information, each sequence number, the corresponding electronic certificate fragments and the photo data packet are packed into fragment packet data to form the preset number of fragment packet data;
transmitting all the fragment packet data to different nodes, wherein each node receives one fragment packet data;
after each node receives fragment packet data, the fragment packet data is cached in a memory, electronic certificate index information is obtained according to the fragment packet data, the node judges whether a validity notification of the electronic certificate index information is contained in the received notification message, and if the validity notification exists, whether the fragment packet data is stored is determined according to the result of the validity notification;
if the validity notification is not provided, the electronic certificate index information is sent to the processing center node for verification, if the verification passing information is received, the verification result is considered to be legal, otherwise, the verification result is considered to be illegal;
if the checking result is legal, storing the fragment packet data into a memory, and if the checking result is illegal, deleting the fragment packet data; broadcasting the electronic certificate index information and the verification result as validity notification of the electronic certificate index information to other nodes, and simultaneously recording the validity notification into a data chain;
the service node acquires the electronic certificate through code scanning, generates electronic certificate index information according to the electronic certificate, acquires stored fragment packet data according to the electronic certificate index information, segments the electronic certificate according to the size of the fragment packet data, and acquires fragment packet data and corresponding sequence numbers after segmentation; the service node broadcasts the index information of the electronic certificate to other nodes, and the other nodes reply sequence numbers; the service node sends corresponding segmented electronic certificate data according to the received sequence numbers, other nodes compare the received electronic certificate data with electronic certificate fragments in the fragment packet data to generate and reply comparison results, and the comparison results comprise electronic certificate index information and electronic certificate sequence numbers; after comparison, recording a comparison result into a data chain;
the service node receives the comparison result of all electronic certificate serial numbers, analyzes the electronic certificates to obtain electronic certificate data after the legitimacy requirement is met, decrypts photo package data according to an identity number in the electronic certificate data and a password input by a user to obtain a user photo, checks whether the user photo is consistent with the current person and inputs a check result and a service handling item, the check result and the service handling item comprise electronic certificate index information, the service node updates the check result and the service handling item to a data chain, broadcasts the check result and the service handling item, and other nodes update the check result and the service handling item to the data chain after receiving.
Further, the determining whether to store the fragment packet data according to the result of the validity notification includes the steps of:
judging whether the number of the legal notices is larger than a first preset value, if so, judging whether the number of the same results in the legal notices is larger than a second preset value, if so, taking the same results as the results of verification notices of the electronic certificate index information, and determining whether to store the fragment packet data according to the results;
if the number of the legal notices is smaller than or equal to a first preset value, ignoring the legal notices;
and if the number of the same results indicated in the validity notification is smaller than or equal to a second preset value, ignoring the validity notification.
Further, the processing center node segments the electronic certificate, including the steps of:
the processing center node copies the electronic certificates into a plurality of groups and generates group identification numbers, each group of electronic certificates is divided after being combined with the group identification numbers, and the preset number of the electronic certificate fragments divided in each group is different in size;
said packaging into a fragment packet data comprises the steps of:
packaging the group identification number corresponding to the fragment packet data into the fragment packet data;
the comparison result comprises the electronic certificate index information and the electronic certificate sequence number, and the method comprises the following steps:
the comparison result comprises electronic certificate index information, electronic certificate sequence numbers and group identification numbers.
Further, the step of transmitting all the fragment packet data to different nodes includes the steps of:
dividing the fields of the IP addresses into IP groups with the same number as the preset number according to the preset number, wherein one IP group corresponds to one fragment packet data;
and then the fragment packet data is sent to the node with the IP conforming to the corresponding IP group format.
Further, all nodes comprise a master node; after determining to store the fragment packet data, the master node further comprises the steps of:
the main node caches fragment packet data with preset time length in the memory;
and when the step of generating the electronic certificate index information according to the electronic certificate and acquiring the stored fragment packet data according to the electronic certificate index information comprises the following steps: and the master node acquires the fragment packet data cached in the memory from the memory according to the electronic certificate index information, and if the stored fragment packet data is not acquired from the memory any more.
Further, the service node broadcasts the electronic certificate index information and the cancellation information to other nodes according to the request of reporting loss or cancellation of the user, and all the nodes record the electronic certificate index information and the cancellation information to own data chains;
and when the electronic certificate index information is generated according to the electronic certificate, the method comprises the following steps: and searching whether the electronic certificate index information and the cancellation information exist in the data chain, if so, directly generating a comparison result of the error request, otherwise, performing a subsequent segmentation step.
The invention provides a safe electronic certificate processing system, which comprises a plurality of nodes, wherein the nodes comprise a memory and a processor, and a computer program is stored in the memory, and the computer program realizes the steps of the method according to any one of the embodiments of the invention when being executed by the processor.
Compared with the prior art, the technical scheme is characterized in that the electronic certificate is generated through the processing center node, the uniqueness of certificate generation is realized, then the electronic certificate data can be segmented and distributed to different nodes, at the initial stage, the nodes can be verified with the node for generating the electronic certificate, then the verification result is diffused, and the follow-up nodes can directly store segmented fragment packet data of the electronic certificate according to the verification result. Therefore, the electronic certificate data is partial data for other nodes, all original data cannot be acquired, and safety is guaranteed. And then the user acquires the electronic certificate and stores the electronic certificate. When service authentication is required, the service node can scan the electronic certificate, then acquire the electronic certificate, broadcast the electronic certificate, and the other nodes verify the electronic certificate according to the fragment packet data stored by the other nodes. After a large number of nodes pass the verification, photo data can be obtained according to the data in the electronic certificate, and then whether the certificate is used by the user or not is checked according to the photo. All verification processes and certificate use processes are recorded in a data chain, and a user can know the use history of own certificates at any time. After knowing that someone is faked, the certificate before logging off can be requested to regenerate the certificate, so that the certificate before logging off can be disabled, and the security of the electronic certificate is ensured.
Drawings
FIG. 1 is a flow chart of a method according to an embodiment;
FIG. 2 is a flow chart of a method according to an embodiment;
fig. 3 is a schematic illustration of segmentation according to an embodiment.
Detailed Description
In order to describe the technical content, constructional features, achieved objects and effects of the technical solution in detail, the following description is made in connection with the specific embodiments in conjunction with the accompanying drawings.
Referring to fig. 1 to 3, the present embodiment provides a method for processing a trusted two-dimensional code electronic certificate, wherein the processing is performed between a processing center node and a service node. The processing center node stores an electronic certificate generation rule; so as to generate the two-dimension code picture of the electronic certificate according to the data. The service nodes are used for carrying out service processing, such as departments of a financial center, a business center and the like, and the electronic certificates provided by users need to be checked. The service node does not have the generation authority of the electronic certificate, but only has the verification authority. The service node stores an identification code of the processing center node for receiving and verifying the electronic certificate. Of course, in order to obtain the picture information of the two-dimension code of the electronic certificate, the service node stores an analysis rule for analyzing the picture of the electronic certificate to obtain the information contained in the picture of the electronic certificate.
Step S101, the processing center node generates a user photo identification code according to the user photo, and generates an electronic certificate according to the user photo identification code, the identity number and the effective time length and the two-dimensional code rule. The information is basic information of identity, and the data acquisition can be performed by the service node, or the data acquisition can be performed by the processing center node client and then uploaded. The method comprises the steps of taking a picture of a user, acquiring the identity number and password information input by the user, and sending the information to a processing center node. Wherein: the user photo is the head photo of the user, is used for subsequently consulting whether the current user is consistent with the photo user or not, and the user photo identification code is a unique code generated according to the user photo. The identity number is a number which is convenient for people to memorize, and each person has a unique identity number. The effective time length can be set as a cut-off time, after the electronic certificate is obtained through subsequent code scanning, the electronic certificate is analyzed to obtain the effective time, if the effective time is smaller than the current time, the electronic certificate is invalid, and the data in the electronic certificate is not responded subsequently. The processing center node identification code is used for identifying the processing center node and realizing fixed-point communication between the service node and the processing center node. Of course, the processing center node checks the uploaded photo and the identity number to confirm itself, for example, remote face recognition checking is adopted, and the remote checking modes can refer to the existing checking modes.
Step S102, the processing center node generates electronic certificate index information according to the electronic certificate, where the generated unique code, such as MD5 code, should be generated. And encrypting the identification number, the user photo and the user password into a photo data packet, wherein the user password is a password set by a user, and the password can be input when the user uses the photo data packet. The encryption is similar to the compression of a compressed package, and only if the correct identity number and the user password are obtained, the user photo can be decompressed and obtained, and the user photo can be checked for use later.
Step S103, the processing center node divides the electronic certificate into a preset number of electronic certificate fragments, the sizes of the divided electronic certificate fragments are the same, sequence numbers are generated according to the sequence of the electronic certificate fragments, and the electronic certificate index information, each sequence number, the corresponding electronic certificate fragments and the photo data packet are packed into fragment packet data to form the preset number of fragment packet data. In order to make the sizes of the fragments of the electronic certificates after being segmented the same, the current electronic certificate total data size can be divided by a preset number to see whether the fragments can be divided or not, and if so, the sizes after being segmented are the same. If the electronic certificate fragments cannot be divided completely, subtracting one from the preset number to serve as a divisor, dividing the divisor by the total electronic certificate data size to obtain the sizes of the electronic certificate fragments, wherein the surplus remainder is the last electronic certificate fragment data, and filling blank data to enable the last electronic certificate fragment data to be the same as the previous electronic certificate fragment data in size.
Step S104, transmitting all the fragment packet data to different nodes, wherein each node receives one fragment packet data; as shown in fig. 3, which includes fragments 1 through N, each node receives one fragment packet data, and since there are more nodes than fragments, different nodes may receive the same fragment packet data.
In step S105, after each node receives a fragment packet data, the fragment packet data is buffered in a memory, where the memory is a volatile memory, unlike a nonvolatile memory such as a hard disk. And acquiring the electronic certificate index information from the fragment packet data, judging whether the received notification message contains a validity notification of the electronic certificate index information by the node, and if so, entering S115 to determine whether to store the fragment packet data according to the result of the validity notification. The validity notification is a validity message containing the electronic certificate index information, and is a validity message verified by other nodes. Of course, if the node currently receiving the fragment packet subsequently has verification, the validity notification is also generated, and the other nodes receive the validity notification. Through the validity notification, each node does not need to go to process the verification of the central node, and if the node verification is passed, the node is broadcasted in the whole network, and the subsequent node can directly operate according to the received node message. Wherein, according to the result of the validity notification, whether to store the fragment packet data is determined to generally satisfy that the number of the validity notifications is greater than a preset number, such as 100 node notifications. If a notification is received that is greater than the preset number and the notification indicates legal, the fragment packet is stored. If a notification is received that is greater than the preset number and the notification indicates illegal, the fragment packet is deleted. If the simultaneous presence notification result indicates legal and illegal, the same result is subject to a large number.
If the validity notification is not provided, step S106 sends the index information of the electronic certificate to the processing center node for verification, if the information passing the verification is received, the verification result is considered to be legal, otherwise, the verification result is considered to be illegal. Since the electronic certificate index information is unique and the processing center node identification code is also unique, it needs to be verified by the node that originally generated the data (i.e., the processing center node above) before there is no other node verification notification. If the electronic certificate index information is generated by the previous processing center node, the previous node replies legal information which passes verification, and if the electronic certificate index information is not generated by the own node, the previous node replies illegal information.
If the check result is legal, step S107 stores the fragmented packet data into a memory, where the memory is a nonvolatile memory. To preserve the fragmented packet data, the fragmented packet data may be packed into a check chain. The check chain is different from the data chain, the data chain is used for storing data information, the check chain is used for storing the check information such as fragment packet data, and the performance of different working processes can be improved by separately storing the check information. If the verification result is illegal, step S108 deletes the fragment packet data; and after the execution of the step S107 is completed or the execution of the step S108 is completed, the step S109 is entered to broadcast the electronic certificate index information and the verification result as the validity notification of the electronic certificate index information to other nodes, and the validity notification is recorded in a data chain. The other nodes may then implement a direct check of the fragmented packet data based on the notification, i.e. the received notification message in step S105. In this way, the processing center node can be taken offline for maintenance when no electronic certificate is generated, wherein the fragmented packet data containing the electronic certificate data is received and stored across the network.
At this time, all electronic certificate data cannot be acquired by other nodes, and only part of electronic certificate data is acquired. And then the processing center node can send the generated electronic certificate to the user, such as through a mailbox reserved by the user, or through a client of the processing center node, or if the user photo is uploaded through the service node, the processing center node can send the generated electronic certificate to the service node and then send the generated electronic certificate to the client through the service node. The user stores the electronic certificate, and then when the electronic certificate is used, the user can directly show the two-dimensional code of the electronic certificate, and the service node can scan and acquire the two-dimensional code of the electronic certificate. And then, entering step S201, the service node acquires the electronic certificate through code scanning, generates electronic certificate index information according to the electronic certificate, acquires stored fragment packet data according to the electronic certificate index information, segments the electronic certificate according to the size of the fragment packet data, and acquires the fragment packet data and the corresponding sequence number after segmentation. When the electronic certificate is divided, similar to the case of generating the fragment packet data, the division is performed in a predetermined order, such as converting the electronic certificate into binary data, and then the division is performed on the received electronic certificate according to the size of the electronic certificate data in the fragment packet data. I.e. in a reverse direction in such a way that the segmentation of the nodes of the electronic document was generated before, if it is the same electronic document before, the segmented data should be consistent. Step S202, broadcasting the index information of the electronic certificate to other nodes by the service node, and replying sequence numbers by the other nodes; and the service node sends the corresponding segmented electronic certificate data according to the received sequence numbers. And step S203, comparing the received electronic certificate fragments with the fragment packet data by other nodes to generate and reply a comparison result, wherein the comparison result comprises electronic certificate index information and electronic certificate sequence numbers.
And step S204, the service node receives the comparison result of all the electronic certificate serial numbers, wherein all the electronic certificate serial numbers correspond to all the serial numbers of a complete electronic certificate. If the electronic certificate is divided into 20 shares, the sequential encoding should have 1-20. And after the validity requirement is met, the validity requirement is a set requirement, for example, each number needs to be provided with a notice that verification passes, wherein the number is larger than a preset number (for example, 100). And then analyzing the electronic certificate to obtain electronic certificate data, decrypting photo package data according to an identity number in the electronic certificate data and a password input by a user to obtain a user photo in step S205, checking whether the user photo is consistent with the current person by a node person, inputting a checking result and a business handling item, wherein the checking result and the business handling item comprise electronic certificate index information, updating the checking result and the business handling item to a data chain by a business node, broadcasting the checking result and the business handling item, and updating the checking result and the business handling item to the data chain after other nodes receive the checking result and the business handling item. Thus, the participation of a processing center node is not needed when the electronic certificate is processed. And when the electronic certificate is processed, a processing center node for generating the electronic certificate can be disconnected without a center server, so that the electronic certificate verification and the processing decentralization are completed. Meanwhile, the checksum using process of the electronic certificate can be stored in the data chain, so that a user can review the using condition of the electronic certificate, and the problem that the user is unaware after the existing entity certificate is used is avoided.
In some embodiments, the determining whether to store the fragment packet data according to the result of the validity notification includes the steps of: judging whether the number of the legal notices is larger than a first preset value, if so, judging whether the number of the same results in the legal notices is larger than a second preset value, if so, taking the same results as the results of verification notices of the electronic certificate index information, and determining whether to store the fragment packet data according to the results; if the number of the legal notices is smaller than or equal to a first preset value, ignoring the legal notices; and if the number of the same results indicated in the validity notification is smaller than or equal to a second preset value, ignoring the validity notification. In this way, it can be ensured that the validity notification is relatively reliable.
In order to further improve the security of the electronic document fragment packet data, the processing center node segments the electronic document, including the steps of: the processing center node copies the electronic certificates into a plurality of groups and generates group identification numbers, each group of electronic certificates is divided after being combined with the group identification numbers, and the preset number of the electronic certificate fragments divided in each group is different in size; so that different sets of fragment packet data cannot be combined. Even if the original electronic certificate data is obtained, the original electronic certificate data cannot be combined and restored, and the safety of the electronic certificate is ensured. Said packaging into a fragment packet data comprises the steps of: and packing the group identification number corresponding to the fragment packet data into the fragment packet data. The comparison result comprises the electronic certificate index information and the electronic certificate sequence number, and the method comprises the following steps: the comparison result comprises electronic certificate index information, electronic certificate sequence numbers and group identification numbers. And then the group identification number is required to be carried when packaging, transmitting and subsequent checking. Thus, after the verification of all the fragment packets of different groups is completed, the verification of the electronic certificate can be completed once. And other users can obtain all data of the electronic certificate corresponding to the original node more difficult, so that the security of the electronic certificate is ensured.
To increase the speed at the time of verification, different fragmented packet data may be classified into specific IP groups, i.e., IP classification optimization. At the time of distribution, said transmitting all the fragmented packet data to the different nodes comprises the steps of: dividing the fields of the IP addresses into IP groups with the same number as the preset number according to the preset number, wherein one IP group corresponds to one fragment packet data; and then the fragment packet data is sent to the node with the IP conforming to the corresponding IP group format. If the IP6 address, the last field, and the preset number of fragments are 16 groups, the last field is a group of every 4096 IPs. The first fragmented packet data is then assigned to the IP address of the first group 4096 in sequence, the second fragmented packet data is assigned to the IP address of the second group 4096, and so on. Therefore, when the subsequent code scanning verification is performed, part of IP addresses of each group can be preferentially distributed to perform verification, verification of all numbers of the electronic certificate can be rapidly completed, and the verification speed is improved. When the electronic certificates are copied and randomly segmented, the field of the IP address can be divided into IP groups with the same number as the group identification number according to the number of the group identification numbers on the other field of the IP address, and then other fields in the IP corresponding to each group identification number are divided into IP groups with the same preset number as the segmented IP groups, so that the follow-up verification speed can be further improved, and the safety is also improved through verification of different groups.
In order to ensure the rapid operation of the nodes, all the nodes comprise a main node, and the system processing performance of the main node is larger than that of other nodes, and the main node is generally composed of a server host. After determining to store the fragment packet data, the master node further comprises the steps of: the main node caches fragment packet data with preset time length in the memory; and when the step of generating the electronic certificate index information according to the electronic certificate and acquiring the stored fragment packet data according to the electronic certificate index information comprises the following steps: and the master node acquires the fragment packet data cached in the memory from the memory according to the electronic certificate index information, and if the stored fragment packet data is not acquired from the memory any more. Therefore, the master node can cache the latest fragment packet data, and can quickly take out the data for verification in the follow-up verification process without going to a hard disk for data acquisition, so that the verification speed of the electronic certificate is improved.
In order to cancel the previous electronic certificate after the user finds that the electronic certificate is falsified or lost, the security is ensured. The method also comprises the step of logging off: and the service node broadcasts the electronic certificate index information and the cancellation information to other nodes according to the request of reporting loss or cancellation of the user, and all the nodes record the electronic certificate index information and the cancellation information into own data chains. And when the electronic certificate index information is generated according to the electronic certificate, the method comprises the following steps: and searching whether the electronic certificate index information and the cancellation information exist in the data chain, if so, directly generating a comparison result of the error request, otherwise, performing a subsequent segmentation step. Wherein the cancellation information indicates that the electronic certificate index information is in a cancellation state. If the electronic certificate index information is received again later, the electronic certificate index information can be directly prompted to be logged off, and no check sum check operation is performed.
The invention can also comprise an active loss reporting step, wherein the service node stores the loss reporting information and the electronic certificate index information into a data chain after finding that the current user cannot pass the check of the user photo, and broadcasts the loss reporting information and the electronic certificate index information so that the electronic certificate is in a loss reporting state. The user can then process the central node to regenerate the electronic certificate, and the electronic certificate which was previously lost or logged off cannot be used continuously. When the user needs to perform business operation of consulting the use history of the electronic certificate, the business node reads and displays the business transaction item from the current data chain after checking the user identity, so that the user can know the prior business transaction item.
The invention provides a safe electronic certificate processing system, which comprises a plurality of nodes, wherein the nodes comprise a memory and a processor, and a computer program is stored in the memory, and the computer program realizes the steps of the method according to any one of the embodiments of the invention when being executed by the processor. The system can realize the safe processing process of the electronic certificate.
It should be noted that, although the foregoing embodiments have been described herein, the scope of the present invention is not limited thereby. Therefore, based on the innovative concepts of the present invention, alterations and modifications to the embodiments described herein, or equivalent structures or equivalent flow transformations made by the present description and drawings, apply the above technical solution, directly or indirectly, to other relevant technical fields, all of which are included in the scope of the invention.
Claims (7)
1. The method for processing the trusted two-dimensional code electronic certificate is characterized by comprising the following steps of:
the processing center node stores an electronic certificate generation rule, the electronic certificate is a two-dimensional code picture, and the processing center node is used for generating the electronic certificate; the service nodes are multiple, and the service nodes are stored with identification codes of the processing center nodes and are used for receiving and verifying the electronic certificates;
the service node shoots a user photo, acquires the identity number and the password information input by the user and sends the identity number and the password information to the processing center node;
the processing center node generates a user photo identification code according to the user photo, and generates an electronic certificate according to the user photo identification code, the identity number and the effective time length and the two-dimensional code rule;
the processing center node generates electronic certificate index information according to the electronic certificates, and encrypts the identity number, the user photo and the user password into a photo data packet;
the processing center node divides the electronic certificate into a preset number of electronic certificate fragments, the sizes of the divided electronic certificate fragments are the same, sequence numbers are generated according to the sequence of the electronic certificate fragments, and the electronic certificate index information, each sequence number, the corresponding electronic certificate fragments and the photo data packet are packed into fragment packet data to form the preset number of fragment packet data;
transmitting all the fragment packet data to different nodes, wherein each node receives one fragment packet data;
after each node receives fragment packet data, the fragment packet data is cached in a memory, electronic certificate index information is obtained according to the fragment packet data, the node judges whether a validity notification of the electronic certificate index information is contained in the received notification message, and if the validity notification exists, whether the fragment packet data is stored is determined according to the result of the validity notification;
if the validity notification is not provided, the electronic certificate index information is sent to the processing center node for verification, if the verification passing information is received, the verification result is considered to be legal, otherwise, the verification result is considered to be illegal;
if the checking result is legal, storing the fragment packet data into a memory, and if the checking result is illegal, deleting the fragment packet data; broadcasting the electronic certificate index information and the verification result as validity notification of the electronic certificate index information to other nodes, and simultaneously recording the validity notification into a data chain;
the service node acquires the electronic certificate through code scanning, generates electronic certificate index information according to the electronic certificate, acquires stored fragment packet data according to the electronic certificate index information, segments the electronic certificate according to the size of the fragment packet data, and acquires fragment packet data and corresponding sequence numbers after segmentation; the service node broadcasts the index information of the electronic certificate to other nodes, and the other nodes reply sequence numbers; the service node sends corresponding segmented electronic certificate data according to the received sequence numbers, other nodes compare the received electronic certificate data with electronic certificate fragments in the fragment packet data to generate and reply comparison results, and the comparison results comprise electronic certificate index information and electronic certificate sequence numbers; after comparison, recording a comparison result into a data chain;
the service node receives the comparison result of all electronic certificate serial numbers, analyzes the electronic certificates to obtain electronic certificate data after the legitimacy requirement is met, decrypts photo package data according to an identity number in the electronic certificate data and a password input by a user to obtain a user photo, checks whether the user photo is consistent with the current person and inputs a check result and a service handling item, the check result and the service handling item comprise electronic certificate index information, the service node updates the check result and the service handling item to a data chain, broadcasts the check result and the service handling item, and other nodes update the check result and the service handling item to the data chain after receiving.
2. The method for processing the trusted two-dimensional code electronic certificate according to claim 1, which is characterized in that: the step of determining whether to store the fragment packet data according to the result of the validity notification includes the steps of:
judging whether the number of the legal notices is larger than a first preset value, if so, judging whether the number of the same results in the legal notices is larger than a second preset value, if so, taking the same results as the results of verification notices of the electronic certificate index information, and determining whether to store the fragment packet data according to the results;
if the number of the legal notices is smaller than or equal to a first preset value, ignoring the legal notices;
and if the number of the same results indicated in the validity notification is smaller than or equal to a second preset value, ignoring the validity notification.
3. The method for processing the trusted two-dimensional code electronic certificate according to claim 1, which is characterized in that:
the processing center node divides the electronic certificate, which comprises the following steps:
the processing center node copies the electronic certificates into a plurality of groups and generates group identification numbers, each group of electronic certificates is divided after being combined with the group identification numbers, and the preset number of the electronic certificate fragments divided in each group is different in size;
said packaging into a fragment packet data comprises the steps of:
packaging the group identification number corresponding to the fragment packet data into the fragment packet data;
the comparison result comprises the electronic certificate index information and the electronic certificate sequence number, and the method comprises the following steps:
the comparison result comprises electronic certificate index information, electronic certificate sequence numbers and group identification numbers.
4. The method for processing the electronic certificate of the trusted two-dimensional code according to claim 1, wherein the step of sending all the fragment packet data to different nodes comprises the steps of:
dividing the fields of the IP addresses into IP groups with the same number as the preset number according to the preset number, wherein one IP group corresponds to one fragment packet data;
and then the fragment packet data is sent to the node with the IP conforming to the corresponding IP group format.
5. The method for processing the electronic certificate of the trusted two-dimensional code according to claim 1, wherein all the nodes comprise a master node; after determining to store the fragment packet data, the master node further comprises the steps of:
the main node caches fragment packet data with preset time length in the memory;
and when the step of generating the electronic certificate index information according to the electronic certificate and acquiring the stored fragment packet data according to the electronic certificate index information comprises the following steps: and the master node acquires the fragment packet data cached in the memory from the memory according to the electronic certificate index information, and if the stored fragment packet data is not acquired from the memory any more.
6. The method for processing the trusted two-dimensional code electronic certificate according to claim 1, which is characterized in that: the method also comprises the steps of: the service node broadcasts the electronic certificate index information and the cancellation information to other nodes according to the request of reporting loss or cancellation of the user, and all the nodes record the electronic certificate index information and the cancellation information into own data chains;
and when the electronic certificate index information is generated according to the electronic certificate, the method comprises the following steps: and searching whether the electronic certificate index information and the cancellation information exist in the data chain, if so, directly generating a comparison result of the error request, otherwise, performing a subsequent segmentation step.
7. The trusted two-dimensional code electronic certificate processing system is characterized in that: comprising a plurality of nodes comprising a memory, a processor, said memory having stored thereon a computer program which, when executed by the processor, implements the steps of the method according to any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010637268.1A CN111783157B (en) | 2020-07-03 | 2020-07-03 | Trusted two-dimensional code electronic certificate processing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010637268.1A CN111783157B (en) | 2020-07-03 | 2020-07-03 | Trusted two-dimensional code electronic certificate processing method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111783157A CN111783157A (en) | 2020-10-16 |
| CN111783157B true CN111783157B (en) | 2023-05-16 |
Family
ID=72759440
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010637268.1A Active CN111783157B (en) | 2020-07-03 | 2020-07-03 | Trusted two-dimensional code electronic certificate processing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111783157B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105426775A (en) * | 2015-11-09 | 2016-03-23 | 北京联合大学 | Method and system for protecting information security of smartphone |
| CN109064120A (en) * | 2018-07-10 | 2018-12-21 | 马上游科技股份有限公司 | Tourism electric contract number deposit system based on region chain and deposit card method |
| CN109783338A (en) * | 2019-01-02 | 2019-05-21 | 深圳壹账通智能科技有限公司 | Recording method, device and computer equipment based on business information |
| CN111126950A (en) * | 2019-12-10 | 2020-05-08 | 支付宝(杭州)信息技术有限公司 | Service processing method, device and equipment based on block chain |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107346315B (en) * | 2016-05-06 | 2020-10-27 | 曲立东 | Object data association index system and construction and application method thereof |
-
2020
- 2020-07-03 CN CN202010637268.1A patent/CN111783157B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105426775A (en) * | 2015-11-09 | 2016-03-23 | 北京联合大学 | Method and system for protecting information security of smartphone |
| CN109064120A (en) * | 2018-07-10 | 2018-12-21 | 马上游科技股份有限公司 | Tourism electric contract number deposit system based on region chain and deposit card method |
| CN109783338A (en) * | 2019-01-02 | 2019-05-21 | 深圳壹账通智能科技有限公司 | Recording method, device and computer equipment based on business information |
| CN111126950A (en) * | 2019-12-10 | 2020-05-08 | 支付宝(杭州)信息技术有限公司 | Service processing method, device and equipment based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111783157A (en) | 2020-10-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11394561B2 (en) | Digital transaction signing for multiple client devices using secured encrypted private keys | |
| CN107342867B (en) | Signature verification method and device | |
| CN112926982B (en) | Transaction data processing method, device, equipment and storage medium | |
| CN107749848B (en) | Internet of things data processing method and device and Internet of things system | |
| EP1401143B1 (en) | Methods and system for providing a public key fingerprint list in a PK system | |
| KR20190031989A (en) | System and method for processing electronic contracts based on blockchain | |
| CN101552669A (en) | Method and system of data transmission | |
| CN105007302B (en) | A kind of mobile terminal data storage method | |
| CN110995446B (en) | Evidence verification method, device, server and storage medium | |
| CN111506632A (en) | Data processing method and device | |
| CN111340483A (en) | Data management method based on block chain and related equipment | |
| CN115208628B (en) | Data integrity verification method based on block chain | |
| CN115225409A (en) | Cloud data safety deduplication method based on multi-backup joint verification | |
| CN111783918B (en) | Safe two-dimensional code distribution method and system | |
| US20210217084A1 (en) | Systems and methods for provably fair atomic swaps of private digital assets | |
| CN111783157B (en) | Trusted two-dimensional code electronic certificate processing method and system | |
| CN109413200B (en) | Resource import method, client, MES and electronic equipment | |
| CN111783154B (en) | Old people electronic license generation method and system | |
| CN112149068A (en) | Access-based authorization verification method, information generation method and device, and server | |
| CN111783155B (en) | Electronic certificate processing method and system | |
| CN111800256B (en) | Old people two-dimensional code electronic license application method and system | |
| Thakur et al. | Data integrity techniques in cloud computing: an analysis | |
| CN115694878A (en) | Data transmission method, equipment and storage medium | |
| CN115643047A (en) | Block chain identity authentication method based on honest rewards | |
| US20220020010A1 (en) | Decentralized electronic contract attestation platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |