CN114238912A - Digital certificate processing method and device, computer equipment and storage medium - Google Patents

Digital certificate processing method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN114238912A
CN114238912A CN202111333535.7A CN202111333535A CN114238912A CN 114238912 A CN114238912 A CN 114238912A CN 202111333535 A CN202111333535 A CN 202111333535A CN 114238912 A CN114238912 A CN 114238912A
Authority
CN
China
Prior art keywords
digital certificate
information
request
certificate
management system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111333535.7A
Other languages
Chinese (zh)
Inventor
杨俊权
吴金宇
陶文伟
仇伟杰
肖健
吴任博
邓建锋
张丽娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Southern Power Grid Digital Platform Technology Guangdong Co ltd
Original Assignee
China Southern Power Grid Co Ltd
Southern Power Grid Digital Grid Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Southern Power Grid Co Ltd, Southern Power Grid Digital Grid Research Institute Co Ltd filed Critical China Southern Power Grid Co Ltd
Priority to CN202111333535.7A priority Critical patent/CN114238912A/en
Publication of CN114238912A publication Critical patent/CN114238912A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application relates to a digital certificate processing method, a digital certificate processing device, computer equipment and a storage medium. The method comprises the following steps: responding to the received certificate request information, and sending a request instruction corresponding to the certificate request information to a CA service platform; the certificate request information is information which is generated through a front-end page and is based on the digital certificate processing requirement; receiving digital certificate information returned by the CA service platform, and encrypting the digital certificate information to obtain encrypted digital certificate information; the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement; and sending the encrypted digital certificate information to the client for displaying through the front-end page. By adopting the method, the digital certificate can be automatically managed based on the safety data channel, the safety of the digital certificate in the storage and transmission processes is enhanced, a complete digital certificate processing chain can be achieved based on a tighter guarantee system, and the maintenance efficiency is improved.

Description

Digital certificate processing method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method and an apparatus for processing a digital certificate, a computer device, and a storage medium.
Background
At present, digital certificates are generally managed by an issuing organization based on the digital certificates, and the management of the digital certificates mainly comprises the generation, storage and issuance of the digital certificates and the acquisition of the digital certificates by the small base stations.
However, after the digital certificate is generated by an e-commerce Certification Authority (CA), the digital certificate is usually sent to a manager by mail, and the manager needs to manually import the received digital certificate and then import the digital certificate into the small cell to manage the digital certificate; and the digital certificate is sent by adopting the mail mode, so that the digital certificate has a leakage risk.
Therefore, the related art has a problem of low management efficiency due to manual introduction of the digital certificate.
Disclosure of Invention
In view of the above, it is necessary to provide a method, an apparatus, a computer device and a storage medium for processing a digital certificate, which can solve the above problems.
A processing method of a digital certificate is applied to a digital certificate management system, the digital certificate management system is connected with a CA service platform through a secure data channel, the digital certificate management system is provided with a client, and a front-end page is loaded in the client, the method comprises the following steps:
responding to the received certificate request information, and sending a request instruction corresponding to the certificate request information to the CA service platform; the certificate request information is information based on digital certificate processing requirements generated through the front-end page;
receiving digital certificate information returned by the CA service platform, and encrypting the digital certificate information to obtain encrypted digital certificate information; the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement;
and sending the encrypted digital certificate information to the client side for displaying through the front-end page.
In one embodiment, before the step of sending a request instruction corresponding to the certificate request information to the CA service platform in response to the received certificate request information, the method further includes:
receiving registration application information, and registering a user according to user identity information in the registration application information;
and sending a user registration result to the CA service platform, receiving an authorization code returned aiming at the user registration result, and establishing a safety data channel based on the authorization code.
In one embodiment, the sending a request instruction corresponding to the certificate request information to the CA service platform includes:
determining a request instruction corresponding to the certificate request information, and sending the request instruction to the CA service platform; the certificate request information comprises any one of a digital certificate application request, a digital certificate update request, a digital certificate loss report request and a digital certificate revocation request;
the receiving of the digital certificate information returned by the CA service platform includes:
if the certificate request information is a digital certificate application request and the digital certificate application request meets a preset condition, receiving digital certificate information returned by the CA service platform; the preset condition comprises that the current digital certificate application request is a first digital certificate application request; the digital certificate information includes an electronic key.
A processing method of a digital certificate is applied to a CA service platform, the CA service platform is connected with a digital certificate management system through a secure data channel, and the method comprises the following steps:
responding to a request instruction sent by the digital certificate management system, and generating digital certificate information; the request instruction is determined according to certificate request information, and the certificate request information is information based on digital certificate processing requirements;
sending the digital certificate information to the digital certificate management system to feed back to a user based on the digital certificate management system; and the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement.
In one embodiment, before the step of generating digital certificate information in response to a request instruction sent by the digital certificate management system, the method further comprises:
receiving a user registration result; the user registration result is obtained by performing user registration according to the user identity information in the registration application information;
and generating an authorization code according to the user registration result, and sending the authorization code to the digital certificate management system so as to establish a secure data channel based on the authorization code.
In one embodiment, the certificate request information includes a digital certificate application request, and the generating digital certificate information in response to a request instruction sent by the digital certificate management system includes:
if the certificate request information is a digital certificate application request and the digital certificate application request meets a preset condition, generating an electronic key according to the request instruction; the preset condition comprises that the current digital certificate application request is a first digital certificate application request;
digital certificate information is obtained based on the electronic key.
A processing device of a digital certificate is applied to a digital certificate management system, the digital certificate management system is connected with a CA service platform through a secure data channel, the digital certificate management system is provided with a client, a front-end page is loaded in the client, and the device comprises:
a request instruction sending module, configured to send, in response to the received certificate request information, a request instruction corresponding to the certificate request information to the CA service platform; the certificate request information is information based on digital certificate processing requirements generated through the front-end page;
the digital certificate information encryption module is used for receiving the digital certificate information returned by the CA service platform, and encrypting the digital certificate information to obtain encrypted digital certificate information; the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement;
and the information feedback module is used for sending the encrypted digital certificate information to the client so as to display the encrypted digital certificate information through the front-end page.
A processing device of a digital certificate is applied to a CA service platform, wherein the CA service platform is connected with a digital certificate management system through a secure data channel, and the device comprises:
a request instruction receiving module, configured to generate digital certificate information in response to a request instruction sent by the digital certificate management system; the request instruction is determined according to certificate request information, and the certificate request information is information based on digital certificate processing requirements;
the digital certificate information sending module is used for sending the digital certificate information to the digital certificate management system so as to feed back to a user based on the digital certificate management system; and the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the method of processing digital certificates as described above when the processor executes the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of processing digital certificates as described above.
The digital certificate processing method, the digital certificate processing device, the computer equipment and the storage medium are applied to a digital certificate management system, the digital certificate management system is connected with a CA service platform through a secure data channel, the digital certificate management system is provided with a client, a front end page is loaded in the client, a request instruction corresponding to certificate request information is sent to the CA service platform by responding to the received certificate request information, the certificate request information is information which is generated through the front end page and is based on the digital certificate processing requirement, then the digital certificate information returned by the CA service platform is received and encrypted to obtain the encrypted digital certificate information, the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement, and then the encrypted digital certificate information is sent to the client, the digital certificate management system receives the certificate request information, sends a corresponding request instruction to the CA service platform, and encrypts the received digital certificate information for transmission and storage, so that the safety of the digital certificate in the storage and transmission processes is enhanced, the maintenance efficiency of the digital certificate information is improved, and a complete digital certificate processing chain can be achieved based on a tighter guarantee system.
Drawings
FIG. 1 is a diagram of an application environment of a method for processing digital certificates, according to an embodiment;
FIG. 2 is a flowchart illustrating a method for processing a digital certificate according to an embodiment;
FIG. 3a is a diagram of a digital certificate management system architecture in one embodiment;
FIG. 3b is a diagram illustrating a digital certificate management process, in accordance with one embodiment;
FIG. 4 is a flowchart of another digital certificate processing method in one embodiment;
FIG. 5 is a block diagram of an apparatus for processing digital certificates, according to an embodiment;
FIG. 6 is a block diagram of an alternative digital certificate processing apparatus according to one embodiment;
FIG. 7 is a diagram of the internal structure of a computer device in one embodiment;
FIG. 8 is a diagram of an internal structure of another computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The identity authentication method based on the digital certificate can be applied to the application environment shown in fig. 1. The digital certificate management system 102 may establish a connection with the CA service platform 103 through a secure data channel, and the digital certificate management system 102 may have a client 101, in which a front-end page may be loaded. The client 101 may be a terminal, the terminal may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, the CA service platform 103 may be a server, and the digital certificate management system 102 may be implemented by an independent server or a server cluster formed by a plurality of servers.
In one embodiment, as shown in fig. 2, a method for processing a digital certificate is provided, which is exemplified by applying the method to the digital certificate management system 102 in fig. 1, the digital certificate management system can be connected with a CA service platform through a secure data channel, the digital certificate management system has a client, and a front-end page can be loaded in the client, and the method includes the following steps:
step 201, in response to the received certificate request information, sending a request instruction corresponding to the certificate request information to the CA service platform; the certificate request information is information based on digital certificate processing requirements generated through the front-end page;
the digital certificate management system may have a preset correspondence between certificate request information and request instructions, and may include request information required for processing a plurality of digital certificates and request instructions corresponding to different request information.
In practical application, the digital certificate management system may receive the certificate request information sent by the client, and then, based on the correspondence between the preset certificate request information and the request instruction, may obtain the corresponding request instruction according to the certificate request information, and may further send the request instruction to the CA service platform, so as to process the digital certificate processing requirement corresponding to the request instruction based on the CA service platform.
Specifically, based on the operation of the user on the front-end page in the client, certificate request information for the digital certificate processing requirement can be generated and sent to the digital certificate management system, and then the digital certificate management system can determine a corresponding request instruction according to the certificate request information and send the request instruction to the CA service platform.
Step 202, receiving digital certificate information returned by the CA service platform, and encrypting the digital certificate information to obtain encrypted digital certificate information; the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement;
as an example, the digital certificate information may include a first-applied digital certificate, an updated digital certificate, a loss-reported digital certificate processing feedback information, and a revocation digital certificate processing feedback information.
In a specific implementation, the digital certificate management system may receive digital certificate information returned by the CA service platform, where the digital certificate information may be feedback information based on a digital certificate processing requirement generated according to a request instruction, and further may encrypt the digital certificate information to obtain the encrypted digital certificate information.
In an example, the digital certificate management system may include a sending module, the digital certificate information returned by the processing of the CA service platform may be transmitted to the sending module, and the sending module may encrypt the processing result (i.e., the digital certificate information) by using the secure key in response to the processed signal, and may store and transmit the encrypted digital certificate information.
The digital certificate management system encrypts and stores the received digital certificate information, so that the safety of the digital certificate information in the storage and transmission processes can be improved, the efficiency of maintaining the digital certificate information is also improved, and a digital certificate processing chain which is more beneficial to mutual assistance can be established for both a user and a CA service platform based on the standardization principle, the timeliness principle, the validity principle and the efficient processing principle of the digital certificate management system.
And 203, sending the encrypted digital certificate information to the client for displaying through the front-end page.
After encrypting the digital certificate information, the digital certificate management system may send the encrypted digital certificate information to the client for presentation to the user via the front-end page.
In an optional embodiment, the sending module may transmit the digital certificate information encrypted by the security key back to the user, and the user may receive the transmitted information (i.e., the encrypted digital certificate information) through the client, and may generate a digital certificate management confirmation message and return the message to the digital certificate management system.
In the embodiment of the application, a request instruction corresponding to certificate request information is sent to a CA service platform in response to the received certificate request information, the certificate request information is information based on digital certificate processing requirements generated through a front-end page, then the digital certificate information returned by the CA service platform is received and encrypted to obtain encrypted digital certificate information, the digital certificate information is feedback information based on the digital certificate processing requirements generated according to the request instruction, the encrypted digital certificate information is further sent to a client to be displayed through the front-end page, automatic management of a digital certificate based on a secure data channel is realized, the digital certificate request information is received through a digital certificate management system, a corresponding request instruction is sent to the CA service platform, and the received digital certificate information is encrypted for transmission and storage, the security of the digital certificate in the storage and transmission processes is enhanced, the maintenance efficiency of the digital certificate information is improved, and a complete digital certificate processing chain can be achieved based on a tighter guarantee system.
In one embodiment, before the step of sending a request instruction corresponding to the certificate request information to the CA service platform in response to the received certificate request information, the following steps may be included:
receiving registration application information, and registering a user according to user identity information in the registration application information; and sending a user registration result to the CA service platform, receiving an authorization code returned aiming at the user registration result, and establishing a safety data channel based on the authorization code.
In practical application, the digital certificate management system may receive registration application information sent by a client, obtain user identity information from the registration application information, perform user registration according to the user identity information to obtain a user registration result, send the user registration result to the CA service platform, further receive an authorization code returned for the user registration result, and establish a secure data channel based on the authorization code.
Specifically, as shown in fig. 3a, the digital certificate management system may include a user login module, where a user may apply for registration login by sending registration application information, and the digital certificate management system may further include a management module, where the management module may have a secure channel establishment module, the user registration module may register for a user who first enters the CA service platform through the secure channel establishment module, and may obtain a user registration result according to user identity information in the registration application information, and receive an authorization code returned by the CA service platform, so that a secure data channel with the CA service platform may be established, and the user may enter the CA service platform through the user login module.
In an example, the CA service platform may be provided with a communication interface, and may send certificate request information based on digital certificate processing requirements to the CA service platform through the secure data channel, and the CA service platform may receive the certificate request information through the communication interface, so that the problem of information leakage caused in the transmission process of the certificate request information and the digital certificate information may be solved.
By receiving the registration application information and registering the user according to the user identity information in the registration application information, the embodiment sends the user registration result to the CA service platform, receives the authorization code returned according to the user registration result, and establishes the secure data channel based on the authorization code, so that information leakage caused by the certificate request information and the digital certificate information in the transmission process can be avoided, and the security in the digital certificate processing chain is improved.
In an embodiment, the sending the request instruction corresponding to the certificate request information to the CA service platform may include the following steps:
determining a request instruction corresponding to the certificate request information, and sending the request instruction to the CA service platform; the certificate request information includes any one of a digital certificate application request, a digital certificate update request, a digital certificate loss report request, and a digital certificate revocation request.
In a specific implementation, the digital certificate management system may determine, according to the received certificate request information, a corresponding request instruction based on a correspondence between the preset certificate request information and the request instruction, and may further send the request instruction to the CA service platform.
In an example, the correspondence between the certificate request information and the request instruction may include a request instruction corresponding to a digital certificate application request, a request instruction corresponding to a digital certificate update request, a request instruction corresponding to a digital certificate loss report request, and a request instruction corresponding to a digital certificate revocation request.
The receiving of the digital certificate information returned by the CA service platform includes:
if the certificate request information is a digital certificate application request and the digital certificate application request meets a preset condition, receiving digital certificate information returned by the CA service platform; the preset condition comprises that the current digital certificate application request is a first digital certificate application request; the digital certificate information includes an electronic key.
In an optional embodiment, as shown in fig. 3a, for first applying for a digital certificate, the secure channel establishing module may further include a user authentication module, where a user may send a digital certificate application request through the user login module, where the digital certificate application request may carry related user identity information, and the user authentication module may check according to the received digital certificate application request to perform identity authentication on the user identity, that is, verify a legal identity of a logged-in user.
The digital certificate management system can send a corresponding request instruction to the CA service platform according to the digital certificate application request after the identity authentication is passed, then the CA service platform can issue the digital certificate and a corresponding electronic key after verifying the user qualification aiming at the user, and then the digital certificate management system can receive the electronic key and send the electronic key to the client so that the user is in charge of keeping the electronic key.
In an example, the secure channel establishing module may further include a key distribution module, by which a secure key, which may be a data communication key, may be distributed to a user who issued a digital certificate for the first time.
In yet another example, as shown in fig. 3b, after the user applies for login, the digital certificate management system may check the identity of the user according to the digital certificate application request for identity authentication, and the CA service platform may issue a digital certificate and a corresponding electronic key after verifying the user's qualification for the user; the digital certificate management system can also submit different request instructions to the CA service platform according to different digital certificate processing requirements of the user, so that the CA service platform can return corresponding digital certificate information according to the different request instructions, the digital certificate management system can encrypt and store the digital certificate information, and the user can receive the encrypted digital certificate information through the client and then leave the system.
The digital certificate management system can integrate the digital certificate processing requirements of different users, reasonably distribute different requirements, use a legal and effective digital certificate management system to distribute and process digital certificates by standardizing digital certificate use programs, have a tighter guarantee system for the digital certificates, and independently work among all processing task modules without mutual influence, thereby achieving a complete digital certificate processing chain.
According to the embodiment, the request instruction corresponding to the certificate request information is determined according to the certificate request information, and the request instruction is sent to the CA service platform, wherein the certificate request information comprises any one of a digital certificate application request, a digital certificate update request, a digital certificate loss report request and a digital certificate revocation request, if the certificate request information is the digital certificate application request and the digital certificate application request meets the preset conditions, the digital certificate information returned by the CA service platform is received, the preset conditions comprise that the current digital certificate application request is the first digital certificate application request and the digital certificate information comprises the electronic key, different request instructions can be submitted to the CA service platform according to different digital certificate processing requirements of users, and the maintenance efficiency of the digital certificate information is improved.
In one embodiment, as shown in fig. 4, another digital certificate processing method is provided, which is exemplified by the application of the method to the CA service platform 103 in fig. 1, and the CA service platform can be connected to a digital certificate management system through a secure data channel, and includes the following steps:
step 401, responding to a request instruction sent by the digital certificate management system, and generating digital certificate information; the request instruction is determined according to certificate request information, and the certificate request information is information based on digital certificate processing requirements;
in practical application, the CA service platform may receive a request instruction sent by the digital certificate management system, and generate digital certificate information according to the request instruction, so as to respond to different digital certificate processing requirements of a user.
Step 402, sending the digital certificate information to the digital certificate management system for feedback to a user based on the digital certificate management system; and the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement.
In generating the digital certificate information, the digital certificate information may be sent to a digital certificate management system to feed back to the user the processing results of the digital certificate processing requirements based on the digital certificate management system.
In an example, as shown in fig. 3a, the processing module in the CA service platform may process the request instruction to obtain a processing result (i.e., digital certificate information) corresponding to the request instruction, and further may transmit the processing result (i.e., digital certificate information) to the sending module, where the sending module may encrypt the processing result (i.e., digital certificate information) by using a security key in response to the processed signal, and may transmit the encrypted digital certificate information to the client, so as to feed back the encrypted digital certificate information to the user.
In the embodiment of the application, digital certificate information is generated by responding to a request instruction sent by a digital certificate management system, the request instruction is determined according to the certificate request information, the certificate request information is information based on the digital certificate processing requirement, the digital certificate information is sent to the digital certificate management system to be fed back to a user based on the digital certificate management system, the digital certificate information is feedback information based on the digital certificate processing requirement generated according to the request instruction, the automatic management of the digital certificate based on a secure data channel is realized, the digital certificate information is generated and fed back to the user by receiving the request instruction sent by the digital certificate management system, the relevant information of the digital certificate is prevented from being leaked, the safety of the digital certificate in the transmission process is enhanced, and the maintenance efficiency of the digital certificate information is improved.
In one embodiment, before the step of generating digital certificate information in response to a request instruction sent by the digital certificate management system, the method may include the steps of:
receiving a user registration result; the user registration result is obtained by performing user registration according to the user identity information in the registration application information; and generating an authorization code according to the user registration result, and sending the authorization code to the digital certificate management system so as to establish a secure data channel based on the authorization code.
In practical application, the CA service platform may receive a user registration result obtained by performing user registration according to the registration application information, further generate an authorization code, and may send the authorization code to the digital certificate management system to establish the secure data channel based on the authorization code.
By receiving the user registration result according to the embodiment, the user registration result is obtained by performing user registration according to the user identity information in the registration application information, and then generating the authorization code according to the user registration result, and sending the authorization code to the digital certificate management system to establish the secure data channel based on the authorization code, information leakage caused by the certificate request information and the digital certificate information in the transmission process can be avoided, and the security in the digital certificate processing chain is improved.
In one embodiment, the certificate request information may include a request for applying a digital certificate, and the generating of the digital certificate information in response to a request instruction sent by the digital certificate management system may include the following steps:
if the certificate request information is a digital certificate application request and the digital certificate application request meets a preset condition, generating an electronic key according to the request instruction; the preset condition comprises that the current digital certificate application request is a first digital certificate application request; digital certificate information is obtained based on the electronic key.
In practical application, for the first application of a digital certificate, the CA service platform may receive a request instruction corresponding to the first digital certificate application request, and may issue the digital certificate and a corresponding electronic key after verifying the user qualification for the user, and may send the electronic key to the client through the digital certificate management system, so that the user is personally responsible for keeping the electronic key.
Specifically, as shown in fig. 3a, the processing module may include an application module, an update module, a loss report module, and a revocation module, where the application module may be configured to apply for the digital certificate according to a request instruction corresponding to the digital certificate application request; the updating module can be used for updating the digital certificate according to a request instruction corresponding to the digital certificate updating request; the loss reporting module can be used for reporting loss according to a request instruction corresponding to the digital certificate loss reporting request when the electronic key of the user is lost, and can cancel the loss reporting after the electronic key is retrieved; the revocation module can be used for revoking the digital certificate according to a request instruction corresponding to the digital certificate revocation request when the electronic key of the user is confirmed to be lost or damaged, and can be used for remaking a new digital certificate according to the relevant flow regulation of the digital certificate.
In one example, the content of the digital certificate update may include a rename of a unit, an in-house agency adjustment, and an expiration of a digital certificate validity period, such that the user may handle the digital certificate update by making a digital certificate update request and attaching documentation regarding the situation.
In another example, the electronic key has uniqueness and reliability, and the digital certificate may adopt a public key system, that is, a pair of matched keys is used for encryption and decryption, each user may set a specific private key (private key) owned by oneself only, and perform decryption and signature through the private key, and may set a public key (public key) and be published by oneself, and be shared by a group of users for encryption and signature verification.
When a secret document is sent, the sender uses the public key of the receiver to encrypt data, and the receiver uses the private key to decrypt, so that the information can be sent to the destination safely and infallibly.
The digital certificate authentication technology which takes the electronic key digital encryption technology as the core is adopted, various information transmitted on the Internet is encrypted, decrypted, digitally signed, signed and authenticated through the digital certificate, and meanwhile, the digital certificate authentication method can also ensure that the digital certificate is not invaded by lawbreakers in the transmission process or the content in the digital certificate cannot be checked even if the digital certificate is invaded.
According to the embodiment, if the certificate request information is a digital certificate application request and the digital certificate application request meets the preset conditions, the electronic key is generated according to the request instruction, the preset conditions comprise that the current digital certificate application request is a first digital certificate application request, and then the digital certificate information is obtained based on the electronic key, so that the leakage of the related information of the digital certificate can be avoided, and the safety of the digital certificate in the transmission process is enhanced.
It should be understood that although the various steps in the flow charts of fig. 1-4 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 1-4 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps.
In one embodiment, as shown in fig. 5, there is provided a digital certificate processing apparatus applied to a digital certificate management system, where the digital certificate management system may be connected to a CA service platform through a secure data channel, the digital certificate management system has a client, and a front-end page may be loaded in the client, including:
a request instruction sending module 501, configured to send, in response to the received certificate request information, a request instruction corresponding to the certificate request information to the CA service platform; the certificate request information is information based on digital certificate processing requirements generated through the front-end page;
a digital certificate information encryption module 502, configured to receive digital certificate information returned by the CA service platform, and encrypt the digital certificate information to obtain encrypted digital certificate information; the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement;
the information feedback module 503 sends the encrypted digital certificate information to the client for displaying through the front-end page.
In one embodiment, the apparatus further comprises:
the user registration module is used for receiving registration application information and registering a user according to the user identity information in the registration application information;
and the secure data channel establishing module is used for sending a user registration result to the CA service platform, receiving an authorization code returned aiming at the user registration result, and establishing a secure data channel based on the authorization code.
In one embodiment, the request instruction sending module 501 includes:
a request instruction determining submodule, configured to determine a request instruction corresponding to the certificate request information, and send the request instruction to the CA service platform; the certificate request information comprises any one of a digital certificate application request, a digital certificate update request, a digital certificate loss report request and a digital certificate revocation request;
the digital certificate information encryption module 502 includes:
the digital certificate information receiving submodule is used for receiving the digital certificate information returned by the CA service platform if the certificate request information is a digital certificate application request and the digital certificate application request meets the preset condition; the preset condition comprises that the current digital certificate application request is a first digital certificate application request; the digital certificate information includes an electronic key.
In the embodiment of the application, a request instruction corresponding to certificate request information is sent to a CA service platform in response to the received certificate request information, the certificate request information is information based on digital certificate processing requirements generated through a front-end page, then the digital certificate information returned by the CA service platform is received and encrypted to obtain encrypted digital certificate information, the digital certificate information is feedback information based on the digital certificate processing requirements generated according to the request instruction, the encrypted digital certificate information is further sent to a client to be displayed through the front-end page, automatic management of a digital certificate based on a secure data channel is realized, the digital certificate request information is received through a digital certificate management system, a corresponding request instruction is sent to the CA service platform, and the received digital certificate information is encrypted for transmission and storage, the security of the digital certificate in the storage and transmission processes is enhanced, the maintenance efficiency of the digital certificate information is improved, and a complete digital certificate processing chain can be achieved based on a tighter guarantee system.
In one embodiment, as shown in fig. 6, another digital certificate processing apparatus is provided, which is applied to a CA service platform, where the CA service platform can be connected to a digital certificate management system through a secure data channel, and includes:
a request instruction receiving module 601, configured to generate digital certificate information in response to a request instruction sent by the digital certificate management system; the request instruction is determined according to certificate request information, and the certificate request information is information based on digital certificate processing requirements;
a digital certificate information sending module 602, configured to send the digital certificate information to the digital certificate management system, so as to perform feedback to a user based on the digital certificate management system; and the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement.
In one embodiment, the apparatus further comprises:
the user registration result receiving module is used for receiving a user registration result; the user registration result is obtained by performing user registration according to the user identity information in the registration application information;
and the authorization code generating module is used for generating an authorization code according to the user registration result, and sending the authorization code to the digital certificate management system so as to establish a secure data channel based on the authorization code.
In one embodiment, the certificate request information includes a digital certificate application request, and the request instruction receiving module 601 includes:
the electronic key generation submodule is used for generating an electronic key according to the request instruction if the certificate request information is a digital certificate application request and the digital certificate application request meets a preset condition; the preset condition comprises that the current digital certificate application request is a first digital certificate application request;
and the digital certificate information obtaining submodule is used for obtaining digital certificate information based on the electronic key.
In the embodiment of the application, digital certificate information is generated by responding to a request instruction sent by a digital certificate management system, the request instruction is determined according to the certificate request information, the certificate request information is information based on the digital certificate processing requirement, the digital certificate information is sent to the digital certificate management system to be fed back to a user based on the digital certificate management system, the digital certificate information is feedback information based on the digital certificate processing requirement generated according to the request instruction, the automatic management of the digital certificate based on a secure data channel is realized, the digital certificate information is generated and fed back to the user by receiving the request instruction sent by the digital certificate management system, the relevant information of the digital certificate is prevented from being leaked, the safety of the digital certificate in the transmission process is enhanced, and the maintenance efficiency of the digital certificate information is improved.
For specific limitations of a digital certificate processing apparatus, reference may be made to the above limitations of a digital certificate processing method, which is not described herein again. The modules in the digital certificate processing device can be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 7. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing the processing data of the digital certificate. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of processing a digital certificate.
In one embodiment, another computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 8. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing the processing data of the digital certificate. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of processing a digital certificate.
It will be appreciated by those skilled in the art that the configurations shown in fig. 7 or fig. 8 are only block diagrams of some configurations relevant to the present solution, and do not constitute a limitation on the computer apparatus to which the present solution is applied, and a particular computer apparatus may include more or less components than those shown in the drawings, or may combine some components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
responding to the received certificate request information, and sending a request instruction corresponding to the certificate request information to the CA service platform; the certificate request information is information based on digital certificate processing requirements generated through the front-end page;
receiving digital certificate information returned by the CA service platform, and encrypting the digital certificate information to obtain encrypted digital certificate information; the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement;
and sending the encrypted digital certificate information to the client side for displaying through the front-end page.
In one embodiment, the processor, when executing the computer program, also implements the steps of the method for processing a digital certificate in the other embodiments described above.
In one embodiment, another computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
responding to a request instruction sent by the digital certificate management system, and generating digital certificate information; the request instruction is determined according to certificate request information, and the certificate request information is information based on digital certificate processing requirements;
sending the digital certificate information to the digital certificate management system to feed back to a user based on the digital certificate management system; and the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement.
In one embodiment, the processor, when executing the computer program, also implements the steps of the method for processing a digital certificate in the other embodiments described above.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
responding to the received certificate request information, and sending a request instruction corresponding to the certificate request information to the CA service platform; the certificate request information is information based on digital certificate processing requirements generated through the front-end page;
receiving digital certificate information returned by the CA service platform, and encrypting the digital certificate information to obtain encrypted digital certificate information; the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement;
and sending the encrypted digital certificate information to the client side for displaying through the front-end page.
In one embodiment, the computer program when executed by the processor further implements the steps of the method for processing digital certificates in the other embodiments described above.
In one embodiment, another computer-readable storage medium is provided, having a computer program stored thereon, the computer program, when executed by a processor, implementing the steps of:
responding to a request instruction sent by the digital certificate management system, and generating digital certificate information; the request instruction is determined according to certificate request information, and the certificate request information is information based on digital certificate processing requirements;
sending the digital certificate information to the digital certificate management system to feed back to a user based on the digital certificate management system; and the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement.
In one embodiment, the computer program when executed by the processor further implements the steps of the method for processing digital certificates in the other embodiments described above.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A method for processing a digital certificate is applied to a digital certificate management system, the digital certificate management system is connected with a CA service platform through a secure data channel, the digital certificate management system is provided with a client, and a front-end page is loaded in the client, the method comprises the following steps:
responding to the received certificate request information, and sending a request instruction corresponding to the certificate request information to the CA service platform; the certificate request information is information based on digital certificate processing requirements generated through the front-end page;
receiving digital certificate information returned by the CA service platform, and encrypting the digital certificate information to obtain encrypted digital certificate information; the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement;
and sending the encrypted digital certificate information to the client side for displaying through the front-end page.
2. The method according to claim 1, further comprising, before the step of sending a request instruction corresponding to the certificate request information to the CA service platform in response to the received certificate request information, a step of:
receiving registration application information, and registering a user according to user identity information in the registration application information;
and sending a user registration result to the CA service platform, receiving an authorization code returned aiming at the user registration result, and establishing a safety data channel based on the authorization code.
3. The method according to claim 1 or 2, wherein the sending a request instruction corresponding to the certificate request information to the CA service platform includes:
determining a request instruction corresponding to the certificate request information, and sending the request instruction to the CA service platform; the certificate request information comprises any one of a digital certificate application request, a digital certificate update request, a digital certificate loss report request and a digital certificate revocation request;
the receiving of the digital certificate information returned by the CA service platform includes:
if the certificate request information is a digital certificate application request and the digital certificate application request meets a preset condition, receiving digital certificate information returned by the CA service platform; the preset condition comprises that the current digital certificate application request is a first digital certificate application request; the digital certificate information includes an electronic key.
4. A method for processing a digital certificate is applied to a CA service platform, wherein the CA service platform is connected with a digital certificate management system through a secure data channel, and the method comprises the following steps:
responding to a request instruction sent by the digital certificate management system, and generating digital certificate information; the request instruction is determined according to certificate request information, and the certificate request information is information based on digital certificate processing requirements;
sending the digital certificate information to the digital certificate management system to feed back to a user based on the digital certificate management system; and the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement.
5. The method of claim 4, further comprising, prior to the step of generating digital certificate information in response to a request instruction sent by the digital certificate management system:
receiving a user registration result; the user registration result is obtained by performing user registration according to the user identity information in the registration application information;
and generating an authorization code according to the user registration result, and sending the authorization code to the digital certificate management system so as to establish a secure data channel based on the authorization code.
6. The method according to claim 4 or 5, wherein the certificate request information comprises a digital certificate application request, and the generating digital certificate information in response to a request instruction sent by the digital certificate management system comprises:
if the certificate request information is a digital certificate application request and the digital certificate application request meets a preset condition, generating an electronic key according to the request instruction; the preset condition comprises that the current digital certificate application request is a first digital certificate application request;
digital certificate information is obtained based on the electronic key.
7. A device for processing a digital certificate, applied to a digital certificate management system, wherein the digital certificate management system is connected to a CA service platform through a secure data channel, the digital certificate management system has a client, and a front-end page is loaded in the client, the device comprising:
a request instruction sending module, configured to send, in response to the received certificate request information, a request instruction corresponding to the certificate request information to the CA service platform; the certificate request information is information based on digital certificate processing requirements generated through the front-end page;
the digital certificate information encryption module is used for receiving the digital certificate information returned by the CA service platform, and encrypting the digital certificate information to obtain encrypted digital certificate information; the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement;
and the information feedback module is used for sending the encrypted digital certificate information to the client so as to display the encrypted digital certificate information through the front-end page.
8. A digital certificate processing apparatus, applied to a CA service platform, wherein the CA service platform is connected to a digital certificate management system through a secure data channel, the apparatus comprising:
a request instruction receiving module, configured to generate digital certificate information in response to a request instruction sent by the digital certificate management system; the request instruction is determined according to certificate request information, and the certificate request information is information based on digital certificate processing requirements;
the digital certificate information sending module is used for sending the digital certificate information to the digital certificate management system so as to feed back to a user based on the digital certificate management system; and the digital certificate information is feedback information which is generated according to the request instruction and is based on the digital certificate processing requirement.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of processing a digital certificate according to any one of claims 1 to 6.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of processing a digital certificate according to any one of claims 1 to 6.
CN202111333535.7A 2021-11-11 2021-11-11 Digital certificate processing method and device, computer equipment and storage medium Pending CN114238912A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111333535.7A CN114238912A (en) 2021-11-11 2021-11-11 Digital certificate processing method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111333535.7A CN114238912A (en) 2021-11-11 2021-11-11 Digital certificate processing method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114238912A true CN114238912A (en) 2022-03-25

Family

ID=80749166

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111333535.7A Pending CN114238912A (en) 2021-11-11 2021-11-11 Digital certificate processing method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114238912A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115801910A (en) * 2023-02-10 2023-03-14 中汽智联技术有限公司 Method and system for unifying interface protocols of different CA systems

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115801910A (en) * 2023-02-10 2023-03-14 中汽智联技术有限公司 Method and system for unifying interface protocols of different CA systems
CN115801910B (en) * 2023-02-10 2023-05-05 中汽智联技术有限公司 Method and system for unifying different CA system interface protocols

Similar Documents

Publication Publication Date Title
CN109862041B (en) Digital identity authentication method, equipment, device, system and storage medium
US6834112B1 (en) Secure distribution of private keys to multiple clients
US9350536B2 (en) Cloud key management system
US8788811B2 (en) Server-side key generation for non-token clients
US9137017B2 (en) Key recovery mechanism
CN100454274C (en) Safty printing using secrete key after being checked
US20210119781A1 (en) Systems and methods for re-using cold storage keys
US11818120B2 (en) Non-custodial tool for building decentralized computer applications
US20110296171A1 (en) Key recovery mechanism
US11050745B2 (en) Information processing apparatus, authentication method, and recording medium for recording computer program
CN113067699B (en) Data sharing method and device based on quantum key and computer equipment
JP2002501218A (en) Client-side public key authentication method and device using short-lived certificate
CN110189184B (en) Electronic invoice storage method and device
CN110932850B (en) Communication encryption method and system
CN104683107B (en) Digital certificate keeping method and device, digital signature method and device
CN111355591A (en) Block chain account safety management method based on real-name authentication technology
US20230038949A1 (en) Electronic signature system and tamper-resistant device
CN107248997B (en) Authentication method based on intelligent card under multi-server environment
CN114154181A (en) Privacy calculation method based on distributed storage
CN111917711B (en) Data access method and device, computer equipment and storage medium
CN114238912A (en) Digital certificate processing method and device, computer equipment and storage medium
KR102056612B1 (en) Method for Generating Temporary Anonymous Certificate
CN115442037A (en) Account management method, device, equipment and storage medium
CN109598114B (en) Cross-platform unified user account management method and system
CN109639409B (en) Key initialization method, key initialization device, electronic equipment and computer-readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20240322

Address after: 518101, 3rd Floor, Building 40, Baotian Industrial Zone, Chentian Community, Xixiang Street, Bao'an District, Shenzhen City, Guangdong Province

Applicant after: China Southern Power Grid Digital Platform Technology (Guangdong) Co.,Ltd.

Country or region after: China

Address before: 510000 No. 11 Kexiang Road, Science City, Luogang District, Guangzhou City, Guangdong Province

Applicant before: CHINA SOUTHERN POWER GRID Co.,Ltd.

Country or region before: China

Applicant before: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

TA01 Transfer of patent application right