CN112380063A - Digital certificate backup method, device, equipment and storage medium - Google Patents

Digital certificate backup method, device, equipment and storage medium Download PDF

Info

Publication number
CN112380063A
CN112380063A CN202011285644.1A CN202011285644A CN112380063A CN 112380063 A CN112380063 A CN 112380063A CN 202011285644 A CN202011285644 A CN 202011285644A CN 112380063 A CN112380063 A CN 112380063A
Authority
CN
China
Prior art keywords
character set
digital certificate
preset
backup
character
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011285644.1A
Other languages
Chinese (zh)
Inventor
庄华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Consumer Finance Co Ltd
Original Assignee
Ping An Consumer Finance Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Consumer Finance Co Ltd filed Critical Ping An Consumer Finance Co Ltd
Priority to CN202011285644.1A priority Critical patent/CN112380063A/en
Publication of CN112380063A publication Critical patent/CN112380063A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Quality & Reliability (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to an identity authentication technology and provides a digital certificate backup method, a device, equipment and a storage medium. The method comprises the steps of splitting characters corresponding to a digital certificate to be backed up into a first character set and a second character set through a preset splitting rule, performing encryption operation on the first character set by using a preset encryption algorithm and a first secret key, performing encryption operation on the second character set by using the encryption algorithm and a second secret key, transmitting the encrypted first character set to a first storage path for backup, and transmitting the encrypted second character set to a second storage path for backup. The invention also relates to the technical field of block chains, and the first character set and the second character set can be stored in a node of a block chain.

Description

Digital certificate backup method, device, equipment and storage medium
Technical Field
The present invention relates to the field of identity authentication technologies, and in particular, to a method, an apparatus, a device, and a storage medium for digital certificate backup.
Background
At present, because of the insufficiency of the current mobile terminal operating system in the innate design, system bugs and trojan problems threaten the security of the mobile terminal all the time, more and more financial mobile APPs begin to use the digital certificate technology to guarantee communication security and data security, but the APPs on the mobile terminal have the situations of version replacement, active uninstallation and the like, and under the situation, the digital certificate part generally stored on the mobile terminal can be deleted, and when the user reinstalls the APPs, a new digital certificate can be reissued, and the speed of reissuing the new digital certificate is slower, and the cost is higher.
Disclosure of Invention
In view of the above, the present invention provides a digital certificate backup method, apparatus, device and storage medium, and aims to solve the technical problem that a user reissues a new digital certificate when reinstalling an APP in the prior art.
In order to achieve the above object, the present invention provides a digital certificate backup method, which includes:
acquiring a first digital certificate to be backed up from a preset storage path, and splitting characters corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule;
performing encryption operation on the first character set by using a preset encryption algorithm and a first preset key, and performing encryption operation on the second character set by using a preset encryption algorithm and a second preset key;
and transmitting the encrypted first character set to a first storage path for backup, and transmitting the encrypted second character set to a second storage path for backup.
Preferably, before the obtaining the first digital certificate to be backed up from the preset storage path, the method further includes:
and storing the second digital certificate of the initial digital certificate to which the first digital certificate belongs to a preset storage space of a server.
Preferably, the splitting the character corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule includes:
averagely splitting the characters corresponding to the first digital certificate into two character sets, and randomly selecting one character set as the first character set or the second character set.
Preferably, the splitting the character corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule includes:
splitting the characters corresponding to the first digital certificate according to a preset number of character numbers to obtain multiple parts of characters, sequentially adding odd parts of characters to the first character set, and sequentially adding even parts of characters to the second character set.
Preferably, after the transmitting the encrypted second character set to the second storage path backup, the method further includes:
when a request from a user to recover the first digital certificate is received;
acquiring an encrypted first character set from the first storage path, acquiring an encrypted second character set from the second storage path, and performing decryption operation on the encrypted first character set and the encrypted second character set;
and executing merging operation on the decrypted first character set and the decrypted second character set based on a preset merging rule to obtain an initial digital certificate corresponding to the request and feed the initial digital certificate back to the user.
Preferably, the merging the decrypted first character set and the decrypted second character set based on a preset merging rule includes:
and filling the plurality of decrypted character strings of the first character set to odd positions of the initial digital certificate preset template respectively according to the sequence, and filling the plurality of decrypted character strings of the second character set to even positions of the initial digital certificate preset template respectively according to the sequence.
Preferably, the encryption algorithm comprises an AES encryption algorithm or a DES encryption algorithm.
In order to achieve the above object, the present invention further provides a digital certificate backup apparatus, including:
an acquisition module: the backup method comprises the steps of obtaining a first digital certificate to be backed up from a preset storage path, and splitting characters corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule;
an encryption module: the device is used for executing encryption operation on the first character set by using a preset encryption algorithm and a first preset key and executing encryption operation on the second character set by using a preset encryption algorithm and a second preset key;
a backup module: and the device is used for transmitting the encrypted first character set to a first storage path for backup and transmitting the encrypted second character set to a second storage path for backup.
In order to achieve the above object, the present invention also provides an electronic device, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a program executable by the at least one processor to enable the at least one processor to perform any of the steps of the digital certificate backup method as described above.
To achieve the above object, the present invention further provides a computer-readable storage medium storing a digital certificate backup program, which when executed by a processor, implements any of the steps of the digital certificate backup method as described above.
According to the digital certificate backup method, the digital certificate backup device, the digital certificate backup equipment and the digital certificate backup storage medium, the digital certificate to be backed up is split, encrypted and cooperatively stored, so that even if the digital certificate file of the terminal is illegally copied or leaked, an illegal person cannot restore the digital certificate, the backed-up digital certificate file can be found after the APP on the terminal is unloaded and reinstalled, the cost of newly signing the certificate cannot be increased, the speed of finding the digital certificate is higher than that of newly signing the digital certificate, and the user experience is improved.
Drawings
FIG. 1 is a schematic flow chart diagram illustrating a preferred embodiment of a digital certificate backup method according to the present invention;
FIG. 2 is a block diagram of a digital certificate backup apparatus according to a preferred embodiment of the present invention;
FIG. 3 is a diagram of an electronic device according to a preferred embodiment of the present invention;
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a digital certificate backup method. Fig. 1 is a schematic method flow diagram of an embodiment of a digital certificate backup method according to the present invention. The method may be performed by an electronic device, which may be implemented by software and/or hardware. The digital certificate backup method comprises the following steps:
step S10: the method comprises the steps of obtaining a first digital certificate to be backed up from a preset storage path, and splitting characters corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule.
In this embodiment, the present solution is described by taking an example that a mobile terminal (for example, a mobile phone) needs to backup a digital certificate of a certain financial mobile APP, and it can be understood that a specific application scenario of the present solution is not limited thereto. The method comprises the steps of obtaining a first digital certificate to be backed up from a preset storage path, wherein the preset storage path can be an internal storage path for storing the digital certificate by the mobile terminal, the storage path can be selected by a developer according to actual conditions, splitting the first digital certificate to be backed up into a first character set and a second character set according to a preset splitting rule after the first digital certificate to be backed up is obtained, and further preventing the digital certificate of the backed up mobile terminal from being illegally copied and leaked by splitting the first digital certificate to be backed up in the mobile terminal into the two character sets and separately storing the two character sets.
The digital certificate is a digital certificate for marking identity information of each communication party in internet communication, a user can identify the identity of the other party on the internet by using the digital certificate, the digital certificate is also called as a digital identifier, and the digital certificate ensures the integrity and the safety of information and data of the network user in a computer network traffic flow in an encryption or decryption mode.
In one embodiment, before the obtaining the first digital certificate to be backed up from the preset storage path, the method further includes:
and storing the second digital certificate of the initial digital certificate to which the first digital certificate belongs to a preset storage space of a server.
The first digital certificate is only a partial character string of a complete digital certificate stored by the mobile terminal, and the second digital certificate is a digital certificate of the initial digital certificate except the first digital certificate, for example, the complete digital certificate includes a character string "11223344", the mobile terminal only has a part "1122" and a part "3344" of the digital certificate, and the part is stored at the server side for backup, so as to ensure that the original digital certificate can be retrieved after the APP is uninstalled and reinstalled, and simultaneously, the backup digital certificate of the mobile terminal is prevented from being illegally copied and leaked through a security mechanism cooperatively stored by the mobile terminal and the server.
In one embodiment, the splitting the character corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule includes:
averagely splitting the characters corresponding to the first digital certificate into two character sets, and randomly selecting one character set as the first character set or the second character set.
For example, a character string corresponding to a first digital certificate stored by the mobile terminal includes "1122", and the character string may be split into two character sets, i.e., "11" and "22", and then a character set is randomly selected as the first character set or the second character set.
In one embodiment, the splitting the character corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule includes:
splitting the characters corresponding to the first digital certificate according to a preset number of character numbers to obtain multiple parts of characters, sequentially adding odd parts of characters to the first character set, and sequentially adding even parts of characters to the second character set.
For example, a manner of splitting the characters corresponding to the first digital certificate by turns every 64 characters may be adopted, where the characters corresponding to the first digital certificate include 512 characters, the 1 st to 64 th characters of the characters corresponding to the first digital certificate belong to the 1 st share, the 65 th to 128 th characters belong to the 2 nd share, the 129 th to 192 th characters belong to the 3 rd share, and so on, and then the odd number shares (i.e., the 1 st, 3 rd, 5 th, and 7 th shares) of characters are taken as the first character set, and the even number shares (i.e., the 2 nd, 4 th, 6 th, and 8 th shares) of characters are taken as the second character set. The splitting mode ensures that the sizes of the 2 character sets are basically consistent, and the characters are mixed up to a certain degree, so that the original text of the characters corresponding to the digital certificate cannot be easily identified.
Step S20: and executing encryption operation on the first character set by using a preset encryption algorithm and a first preset key, and executing encryption operation on the second character set by using a preset encryption algorithm and a second preset key.
In this embodiment, after the characters corresponding to the first digital certificate are split into the first character set and the second character set, the preset encryption algorithm and the first preset key are used to perform an encryption operation on the first character set, and the preset encryption algorithm and the second preset key are used to perform an encryption operation on the second character set, where the first preset key and the second preset key may be generated in advance, and the same encryption algorithm and different keys are used for encrypting the first character set and the second character set, so that independence of the first character set and the second character set can be ensured, and security of the character sets is improved.
In one embodiment, the encryption algorithm comprises an AES encryption algorithm or a DES encryption algorithm.
The predetermined encryption algorithm is preferably a symmetric encryption algorithm that uses the same key for encryption and decryption, or two keys that can be easily derived from each other. In a specific example, the symmetric encryption algorithm is an AES encryption algorithm. For example, if the encryption function E is used in the encryption process, the encrypted first character set C1 is E (K, P), where P is the first character set to be encrypted, K1 is the key, and C1 is the encrypted first character set. The symmetric encryption algorithm may also be other encryption algorithms, such as DES encryption algorithm, etc.
Step S30: and transmitting the encrypted first character set to a first storage path for backup, and transmitting the encrypted second character set to a second storage path for backup.
In this embodiment, after the encryption operation is performed on the first character set and the second character set, the encrypted first character set is transmitted to a first storage path for backup, where the first storage path may refer to a storage path of an external storage space of a mobile terminal (e.g., a mobile phone), for example, external storage/app _ name/file/backup/a (11) 20201012. The storage mode of the encrypted digital certificate character set is changed into the external storage of the mobile phone, so that the backup digital certificate can not be deleted even if the APP is unloaded. In terms of security, the authority of the file of the backed-up digital certificate is set to be readable and accessible only by the APP through the authority control.
And transmitting the encrypted second character set to a second storage path for backup, where the second storage path may be a database in communication connection with the server, and may store the encrypted second character set in the database by using a user identification number (e.g., a mobile phone number or an identity card number) on which the APP is installed as an identifier.
By splitting, encrypting and cooperatively storing the digital certificate to be backed up (part of the digital certificate is stored in the terminal, and part of the digital certificate is stored in the server), the certificate can not be restored by illegal personnel even if the certificate file of the mobile phone terminal is illegally copied or leaked, and the digital certificate is not completely stored in the server, so that the supervision requirement is met.
In one embodiment, after the transmitting the encrypted second character set to the second storage path backup, the method further comprises:
when a request for recovering the first digital certificate sent by a user is received, acquiring an encrypted first character set from the first storage path, acquiring an encrypted second character set from the second storage path, performing decryption operation on the encrypted first character set and the encrypted second character set, performing merging operation on the decrypted first character set and the decrypted second character set based on a preset merging rule, obtaining an initial digital certificate corresponding to the request, and feeding the initial digital certificate back to the user.
The request for recovering the first digital certificate sent by the user may specifically be a request triggered by reinstalling the APP after the APP is uninstalled, and the character sets stored in the external storage path of the mobile phone and the storage path of the server end are respectively obtained, and the corresponding character sets may be obtained from a database in communication connection with the server according to the user identification number. And then, decrypting the acquired character set, specifically, performing decryption operation on the character set acquired by the external storage path of the mobile phone by using a first preset key, performing decryption operation on the character set acquired by the storage path of the database by using a second preset key, and recovering data from the decrypted character set by using a preset merging rule.
After the backup file of the mobile terminal is retrieved, the APP can recover with the second digital certificate backed up by the server again, and finally the original digital certificate is retrieved, so that the cost of newly signing and issuing the certificate is not increased. The speed of retrieving the digital certificate is faster than the speed of newly issuing the digital certificate, and the user experience is improved.
Further, the merging the decrypted first character set and the decrypted second character set based on a preset merging rule includes:
and filling the plurality of decrypted character strings of the first character set to odd positions of the initial digital certificate preset template respectively according to the sequence, and filling the plurality of decrypted character strings of the second character set to even positions of the initial digital certificate preset template respectively according to the sequence.
For example, the initial digital certificate is obtained by filling the character strings corresponding to the 1 st, 2 nd, 3 rd and 4 th copies of the first character set in the positions corresponding to the 1 st, 3 rd, 5 th and 7 th copies of the initial digital certificate, and filling the character strings corresponding to the 1 st, 2 nd, 3 th and 4 th copies of the second character set in the positions corresponding to the 2 nd, 4 th, 6 th and 8 th copies of the initial digital certificate.
Referring to fig. 2, a functional block diagram of the digital certificate backup apparatus 100 according to the present invention is shown.
The digital certificate backup apparatus 100 of the present invention may be installed in an electronic device. According to the implemented functions, the digital certificate backup apparatus 100 may include an obtaining module 110, an encrypting module 120, and a backup module 130. A module according to the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the obtaining module 110 is configured to obtain a first digital certificate to be backed up from a preset storage path, and split a character corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule.
In this embodiment, the present solution is described by taking an example that a mobile terminal (for example, a mobile phone) needs to backup a digital certificate of a certain financial mobile APP, and it can be understood that a specific application scenario of the present solution is not limited thereto. The method comprises the steps of obtaining a first digital certificate to be backed up from a preset storage path, wherein the preset storage path can be an internal storage path for storing the digital certificate by the mobile terminal, the storage path can be selected by a developer according to actual conditions, splitting the first digital certificate to be backed up into a first character set and a second character set according to a preset splitting rule after the first digital certificate to be backed up is obtained, and further preventing the digital certificate of the backed up mobile terminal from being illegally copied and leaked by splitting the first digital certificate to be backed up in the mobile terminal into the two character sets and separately storing the two character sets.
The digital certificate is a digital certificate for marking identity information of each communication party in internet communication, a user can identify the identity of the other party on the internet by using the digital certificate, the digital certificate is also called as a digital identifier, and the digital certificate ensures the integrity and the safety of information and data of the network user in a computer network traffic flow in an encryption or decryption mode.
In one embodiment, the obtaining module is further configured to:
and storing the second digital certificate of the initial digital certificate to which the first digital certificate belongs to a preset storage space of a server.
The first digital certificate is only a partial character string of a complete digital certificate stored by the mobile terminal, and the second digital certificate is a digital certificate of the initial digital certificate except the first digital certificate, for example, the complete digital certificate includes a character string "11223344", the mobile terminal only has a part "1122" and a part "3344" of the digital certificate, and the part is stored at the server side for backup, so as to ensure that the original digital certificate can be retrieved after the APP is uninstalled and reinstalled, and simultaneously, the backup digital certificate of the mobile terminal is prevented from being illegally copied and leaked through a security mechanism cooperatively stored by the mobile terminal and the server.
In one embodiment, the splitting the character corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule includes:
averagely splitting the characters corresponding to the first digital certificate into two character sets, and randomly selecting one character set as the first character set or the second character set.
For example, a character string corresponding to a first digital certificate stored by the mobile terminal includes "1122", and the character string may be split into two character sets, i.e., "11" and "22", and then a character set is randomly selected as the first character set or the second character set.
In one embodiment, the splitting the character corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule includes:
splitting the characters corresponding to the first digital certificate according to a preset number of character numbers to obtain multiple parts of characters, sequentially adding odd parts of characters to the first character set, and sequentially adding even parts of characters to the second character set.
For example, a manner of splitting the characters corresponding to the first digital certificate by turns every 64 characters may be adopted, where the characters corresponding to the first digital certificate include 512 characters, the 1 st to 64 th characters of the characters corresponding to the first digital certificate belong to the 1 st share, the 65 th to 128 th characters belong to the 2 nd share, the 129 th to 192 th characters belong to the 3 rd share, and so on, and then the odd number shares (i.e., the 1 st, 3 rd, 5 th, and 7 th shares) of characters are taken as the first character set, and the even number shares (i.e., the 2 nd, 4 th, 6 th, and 8 th shares) of characters are taken as the second character set. The splitting mode ensures that the sizes of the 2 character sets are basically consistent, and the characters are mixed up to a certain degree, so that the original text of the characters corresponding to the digital certificate cannot be easily identified.
The encryption module 120 is configured to perform an encryption operation on the first character set by using a preset encryption algorithm and a first preset key, and perform an encryption operation on the second character set by using a preset encryption algorithm and a second preset key.
In this embodiment, after the characters corresponding to the first digital certificate are split into the first character set and the second character set, the preset encryption algorithm and the first preset key are used to perform an encryption operation on the first character set, and the preset encryption algorithm and the second preset key are used to perform an encryption operation on the second character set, where the first preset key and the second preset key may be generated in advance, and the same encryption algorithm and different keys are used for encrypting the first character set and the second character set, so that independence of the first character set and the second character set can be ensured, and security of the character sets is improved.
In one embodiment, the encryption algorithm comprises an AES encryption algorithm or a DES encryption algorithm.
The predetermined encryption algorithm is preferably a symmetric encryption algorithm that uses the same key for encryption and decryption, or two keys that can be easily derived from each other. In a specific example, the symmetric encryption algorithm is an AES encryption algorithm. For example, if the encryption function E is used in the encryption process, the encrypted first character set C1 is E (K, P), where P is the first character set to be encrypted, K1 is the key, and C1 is the encrypted first character set. The symmetric encryption algorithm may also be other encryption algorithms, such as DES encryption algorithm, etc.
The backup module 130 is configured to transmit the encrypted first character set to a first storage path for backup, and transmit the encrypted second character set to a second storage path for backup.
In this embodiment, after the encryption operation is performed on the first character set and the second character set, the encrypted first character set is transmitted to a first storage path for backup, where the first storage path may refer to a storage path of an external storage space of a mobile terminal (e.g., a mobile phone), for example, external storage/app _ name/file/backup/a (11) 20201012. The storage mode of the encrypted digital certificate character set is changed into the external storage of the mobile phone, so that the backup digital certificate can not be deleted even if the APP is unloaded. In terms of security, the authority of the file of the backed-up digital certificate is set to be readable and accessible only by the APP through the authority control.
And transmitting the encrypted second character set to a second storage path for backup, where the second storage path may be a database in communication connection with the server, and may store the encrypted second character set in the database by using a user identification number (e.g., a mobile phone number or an identity card number) on which the APP is installed as an identifier.
By splitting, encrypting and cooperatively storing the digital certificate to be backed up (part of the digital certificate is stored in the terminal, and part of the digital certificate is stored in the server), the certificate can not be restored by illegal personnel even if the certificate file of the mobile phone terminal is illegally copied or leaked, and the digital certificate is not completely stored in the server, so that the supervision requirement is met.
In one embodiment, the digital certificate backup apparatus further comprises a recovery module configured to:
when a request for recovering the first digital certificate sent by a user is received, acquiring an encrypted first character set from the first storage path, acquiring an encrypted second character set from the second storage path, performing decryption operation on the encrypted first character set and the encrypted second character set, performing merging operation on the decrypted first character set and the decrypted second character set based on a preset merging rule, obtaining an initial digital certificate corresponding to the request, and feeding the initial digital certificate back to the user.
The request for recovering the first digital certificate sent by the user may specifically be a request triggered by reinstalling the APP after the APP is uninstalled, and the character sets stored in the external storage path of the mobile phone and the storage path of the server end are respectively obtained, and the corresponding character sets may be obtained from a database in communication connection with the server according to the user identification number. And then, decrypting the acquired character set, specifically, performing decryption operation on the character set acquired by the external storage path of the mobile phone by using a first preset key, performing decryption operation on the character set acquired by the storage path of the database by using a second preset key, and recovering data from the decrypted character set by using a preset merging rule.
After the backup file of the mobile terminal is retrieved, the APP can recover with the second digital certificate backed up by the server again, and finally the original digital certificate is retrieved, so that the cost of newly signing and issuing the certificate is not increased. The speed of retrieving the digital certificate is faster than the speed of newly issuing the digital certificate, and the user experience is improved.
Further, the merging the decrypted first character set and the decrypted second character set based on a preset merging rule includes:
and filling the plurality of decrypted character strings of the first character set to odd positions of the initial digital certificate preset template respectively according to the sequence, and filling the plurality of decrypted character strings of the second character set to even positions of the initial digital certificate preset template respectively according to the sequence.
For example, the initial digital certificate is obtained by filling the character strings corresponding to the 1 st, 2 nd, 3 rd and 4 th copies of the first character set in the positions corresponding to the 1 st, 3 rd, 5 th and 7 th copies of the initial digital certificate, and filling the character strings corresponding to the 1 st, 2 nd, 3 th and 4 th copies of the second character set in the positions corresponding to the 2 nd, 4 th, 6 th and 8 th copies of the initial digital certificate.
Fig. 3 is a schematic diagram of an electronic device 1 according to a preferred embodiment of the invention.
The electronic device 1 includes but is not limited to: memory 11, processor 12, display 13, and network interface 14. The electronic device 1 is connected to a network through a network interface 14 to obtain raw data. The network may be a wireless or wired network such as an Intranet (Intranet), the Internet (Internet), a Global System for Mobile communications (GSM), Wideband Code Division Multiple Access (WCDMA), a 4G network, a 5G network, Bluetooth (Bluetooth), Wi-Fi, or a communication network.
The memory 11 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage 11 may be an internal storage unit of the electronic device 1, such as a hard disk or a memory of the electronic device 1. In other embodiments, the memory 11 may also be an external storage device of the electronic device 1, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like equipped with the electronic device 1. Of course, the memory 11 may also comprise both an internal memory unit and an external memory device of the electronic device 1. In this embodiment, the memory 11 is generally used for storing an operating system installed in the electronic device 1 and various application software, such as program codes of the digital certificate backup program 10. Further, the memory 11 may also be used to temporarily store various types of data that have been output or are to be output.
Processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 12 is typically used for controlling the overall operation of the electronic device 1, such as performing data interaction or communication related control and processing. In this embodiment, the processor 12 is configured to run the program code stored in the memory 11 or process data, for example, run the program code of the digital certificate backup program 10.
The display 13 may be referred to as a display screen or display unit. In some embodiments, the display 13 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an Organic Light-Emitting Diode (OLED) touch screen, or the like. The display 13 is used for displaying information processed in the electronic device 1 and for displaying a visual work interface, e.g. displaying the results of data statistics.
The network interface 14 may optionally comprise a standard wired interface, a wireless interface (e.g. WI-FI interface), the network interface 14 typically being used for establishing a communication connection between the electronic device 1 and other electronic devices.
Fig. 3 shows only the electronic device 1 with the components 11-14 and the digital certificate backup program 10, but it should be understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead.
Optionally, the electronic device 1 may further comprise a user interface, the user interface may comprise a Display (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface may further comprise a standard wired interface and a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an Organic Light-Emitting Diode (OLED) touch screen, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 1 and for displaying a visualized user interface, among other things.
The electronic device 1 may further include a Radio Frequency (RF) circuit, a sensor, an audio circuit, and the like, which are not described in detail herein.
In the above embodiment, the processor 12, when executing the digital certificate backup program 10 stored in the memory 11, may implement the following steps:
acquiring a first digital certificate to be backed up from a preset storage path, and splitting characters corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule;
performing encryption operation on the first character set by using a preset encryption algorithm and a first preset key, and performing encryption operation on the second character set by using a preset encryption algorithm and a second preset key;
and transmitting the encrypted first character set to a first storage path for backup, and transmitting the encrypted second character set to a second storage path for backup.
The storage device may be the memory 11 of the electronic device 1, or may be another storage device communicatively connected to the electronic device 1.
For detailed description of the above steps, please refer to the above description of fig. 2 regarding a functional block diagram of an embodiment of the digital certificate backup apparatus 100 and fig. 1 regarding a flowchart of an embodiment of a digital certificate backup method.
In addition, an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium may be non-volatile or volatile. The computer readable storage medium may be any one or any combination of hard disks, multimedia cards, SD cards, flash memory cards, SMCs, Read Only Memories (ROMs), Erasable Programmable Read Only Memories (EPROMs), portable compact disc read only memories (CD-ROMs), USB memories, etc. The computer readable storage medium includes a storage data area and a storage program area, the storage data area stores data created according to the use of the blockchain node, the storage program area stores a digital certificate backup program 10, and the digital certificate backup program 10 realizes the following operations when being executed by a processor:
acquiring a first digital certificate to be backed up from a preset storage path, and splitting characters corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule;
performing encryption operation on the first character set by using a preset encryption algorithm and a first preset key, and performing encryption operation on the second character set by using a preset encryption algorithm and a second preset key;
and transmitting the encrypted first character set to a first storage path for backup, and transmitting the encrypted second character set to a second storage path for backup.
The specific implementation of the computer-readable storage medium of the present invention is substantially the same as the specific implementation of the above-mentioned digital certificate backup method, and will not be described herein again.
In another embodiment, in order to further ensure the privacy and security of all the data, all the data may be stored in a node of a block chain. Such as a first character set and a second character set, which may be stored in block link points.
It should be noted that the blockchain in the present invention is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
It should be noted that the above-mentioned numbers of the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments. And the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that includes the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention essentially or contributing to the prior art can be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above and includes several instructions for enabling a terminal device (such as a mobile phone, a computer, an electronic device, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A method for digital certificate backup, the method comprising:
acquiring a first digital certificate to be backed up from a preset storage path, and splitting characters corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule;
performing encryption operation on the first character set by using a preset encryption algorithm and a first preset key, and performing encryption operation on the second character set by using a preset encryption algorithm and a second preset key;
and transmitting the encrypted first character set to a first storage path for backup, and transmitting the encrypted second character set to a second storage path for backup.
2. The method for backing up digital certificates according to claim 1, wherein before the obtaining of the first digital certificate to be backed up from the preset storage path, the method further comprises:
and storing the second digital certificate of the initial digital certificate to which the first digital certificate belongs to a preset storage space of a server.
3. The method for backing up a digital certificate according to claim 1, wherein the splitting the character corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule includes:
averagely splitting the characters corresponding to the first digital certificate into two character sets, and randomly selecting one character set as the first character set or the second character set.
4. The method for backing up a digital certificate according to claim 1, wherein the splitting the character corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule includes:
splitting the characters corresponding to the first digital certificate according to a preset number of character numbers to obtain multiple parts of characters, sequentially adding odd parts of characters to the first character set, and sequentially adding even parts of characters to the second character set.
5. The method of digital certificate backup according to claim 4, wherein after said transferring the encrypted second character set to a second storage path backup, the method further comprises:
when a request from a user to recover the first digital certificate is received;
acquiring an encrypted first character set from the first storage path, acquiring an encrypted second character set from the second storage path, and performing decryption operation on the encrypted first character set and the encrypted second character set;
and executing merging operation on the decrypted first character set and the decrypted second character set based on a preset merging rule to obtain an initial digital certificate corresponding to the request and feed the initial digital certificate back to the user.
6. The method for backing up digital certificates according to claim 5, wherein the merging the decrypted first character set and the decrypted second character set based on the preset merging rule comprises:
and filling the plurality of decrypted character strings of the first character set to odd positions of the initial digital certificate preset template respectively according to the sequence, and filling the plurality of decrypted character strings of the second character set to even positions of the initial digital certificate preset template respectively according to the sequence.
7. The method of digital certificate backup according to any of claims 1 to 6, characterized in that the encryption algorithm comprises an AES encryption algorithm or a DES encryption algorithm.
8. An apparatus for digital certificate backup, the apparatus comprising:
an acquisition module: the backup method comprises the steps of obtaining a first digital certificate to be backed up from a preset storage path, and splitting characters corresponding to the first digital certificate into a first character set and a second character set based on a preset splitting rule;
an encryption module: the device is used for executing encryption operation on the first character set by using a preset encryption algorithm and a first preset key and executing encryption operation on the second character set by using a preset encryption algorithm and a second preset key;
a backup module: and the device is used for transmitting the encrypted first character set to a first storage path for backup and transmitting the encrypted second character set to a second storage path for backup.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a program executable by the at least one processor to enable the at least one processor to perform the digital certificate backup method of any one of claims 1 to 7.
10. A computer-readable storage medium storing a digital certificate backup program which, when executed by a processor, implements the steps of the digital certificate backup method according to any one of claims 1 to 7.
CN202011285644.1A 2020-11-17 2020-11-17 Digital certificate backup method, device, equipment and storage medium Pending CN112380063A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011285644.1A CN112380063A (en) 2020-11-17 2020-11-17 Digital certificate backup method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011285644.1A CN112380063A (en) 2020-11-17 2020-11-17 Digital certificate backup method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN112380063A true CN112380063A (en) 2021-02-19

Family

ID=74585761

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011285644.1A Pending CN112380063A (en) 2020-11-17 2020-11-17 Digital certificate backup method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112380063A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113141353A (en) * 2021-04-08 2021-07-20 深圳云里物里科技股份有限公司 Storage method, reading method and device of digital certificate and gateway
CN113506105A (en) * 2021-05-31 2021-10-15 深圳市合力思科技有限公司 Certificate storage and calling method and system based on online payment
CN114879985A (en) * 2022-07-12 2022-08-09 广州朗国电子科技股份有限公司 Method, device, equipment and storage medium for installing certificate file
CN115481385A (en) * 2022-10-31 2022-12-16 麒麟软件有限公司 Certificate management method
CN117879790A (en) * 2023-02-22 2024-04-12 上海金怪兽科技有限公司 Data encryption and decryption method based on block chain and mobile phone shell

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113141353A (en) * 2021-04-08 2021-07-20 深圳云里物里科技股份有限公司 Storage method, reading method and device of digital certificate and gateway
CN113141353B (en) * 2021-04-08 2023-03-07 深圳云里物里科技股份有限公司 Storage method, reading method and device of digital certificate and gateway
CN113506105A (en) * 2021-05-31 2021-10-15 深圳市合力思科技有限公司 Certificate storage and calling method and system based on online payment
CN114879985A (en) * 2022-07-12 2022-08-09 广州朗国电子科技股份有限公司 Method, device, equipment and storage medium for installing certificate file
CN115481385A (en) * 2022-10-31 2022-12-16 麒麟软件有限公司 Certificate management method
CN117879790A (en) * 2023-02-22 2024-04-12 上海金怪兽科技有限公司 Data encryption and decryption method based on block chain and mobile phone shell

Similar Documents

Publication Publication Date Title
CN112380063A (en) Digital certificate backup method, device, equipment and storage medium
CN111666564B (en) Application program safe starting method and device, computer equipment and storage medium
CN111107066A (en) Sensitive data transmission method and system, electronic equipment and storage medium
CN110891062B (en) Password changing method, server and storage medium
CN108304698B (en) Product authorized use method and device, computer equipment and storage medium
CN112257086B (en) User privacy data protection method and electronic equipment
CN103580852A (en) Initialization of embedded secure elements
CN111385084A (en) Key management method and device for digital assets and computer readable storage medium
CN107466455B (en) POS machine security verification method and device
KR101369251B1 (en) Apparatus, method, terminal and system for recovery protection of system files
CN107124279B (en) Method and device for erasing terminal data
CN111859415A (en) Neural network model encryption system and method
CN104135531B (en) A kind of upgrade method and device of Web softwares
CN111628863B (en) Data signature method and device, electronic equipment and storage medium
CN103403729A (en) Secure management and personalization of unique code signing keys
CN115374405A (en) Software authorization method, license authorization method, device, equipment and storage medium
CN112307503A (en) Signature management method and device and electronic equipment
CN111818087B (en) Block chain node access method, device, equipment and readable storage medium
CN117395030A (en) Data encryption method, data decryption method, electronic device, and storage medium
CN105187410A (en) Application self-upgrading method and system
CN109240723B (en) Application program updating method, system, computer device and storage medium
CN113904832A (en) Data encryption method, device, equipment and storage medium
CN111984989B (en) Method, device, system and medium for self-checking publishing and accessing URL
CN102004873B (en) Method for restoring encrypted information in encryption card
CN114969768A (en) Data processing method and device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination