CN114884963B - Digital certificate management method and management device - Google Patents

Digital certificate management method and management device Download PDF

Info

Publication number
CN114884963B
CN114884963B CN202210700256.8A CN202210700256A CN114884963B CN 114884963 B CN114884963 B CN 114884963B CN 202210700256 A CN202210700256 A CN 202210700256A CN 114884963 B CN114884963 B CN 114884963B
Authority
CN
China
Prior art keywords
digital certificate
digital
name
user
management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210700256.8A
Other languages
Chinese (zh)
Other versions
CN114884963A (en
Inventor
袁阳
朱选章
李静晨
闫凡茜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202210700256.8A priority Critical patent/CN114884963B/en
Publication of CN114884963A publication Critical patent/CN114884963A/en
Application granted granted Critical
Publication of CN114884963B publication Critical patent/CN114884963B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application provides a digital certificate management method and a digital certificate management device, and relates to the field of finance. The method comprises the following steps: the digital certificate management equipment acquires the requirements of a user on the digital certificate, wherein the requirements comprise the name of the digital certificate, the operation type of the digital certificate and the deployment position of the digital certificate unloading equipment, and the operation type of the digital certificate comprises at least one of an adding operation, a modifying operation or a deleting operation; the digital certificate management equipment generates executable instructions according to the operation types of the digital certificates, wherein the executable instructions are used for indicating the digital certificates corresponding to the names of the digital certificates to be configured; and the digital certificate management equipment sends executable instructions to the digital certificate unloading equipment according to the deployment position of the digital certificate unloading equipment. Correspondingly, the digital certificate unloading device receives the executable instruction from the digital certificate management device, and configures the digital certificate corresponding to the name of the digital certificate according to the executable instruction.

Description

Digital certificate management method and management device
Technical Field
The application relates to the field of finance, in particular to a digital certificate management method and a digital certificate management device.
Background
Currently, in the financial industry, a data center can realize encryption and decryption through a digital certificate so as to achieve the aim of network security. Thus, there is a great need for digital certificates in data centers. In the data center, the digital certificate offloading may be implemented on a dedicated certificate offloading device, on a software/hardware load balancing device, or on a server, i.e., the digital certificate offloading device is spread across different nodes of the data center. The unloading of the digital certificate refers to the process of authenticating the digital certificate, and can comprise the processes of encryption, decryption, signature verification and the like.
Because the deployment of the digital certificate unloading devices is scattered, when operation and maintenance personnel maintain the digital certificates, the digital certificate unloading devices at different positions need to be correspondingly and manually maintained by different operation and maintenance personnel, and the problems of low operation and maintenance efficiency and higher operation and maintenance cost exist.
Therefore, how to improve the operation and maintenance efficiency of the digital certificate is a problem to be solved.
Disclosure of Invention
The application provides a digital certificate management method and a digital certificate management device, which can improve the operation and maintenance efficiency of digital certificates.
In a first aspect, the present application provides a method for managing digital certificates, the method comprising: the digital certificate management equipment acquires the requirements of a user on the digital certificate, wherein the requirements comprise the name of the digital certificate, the operation type of the digital certificate and the deployment position of the digital certificate unloading equipment, and the operation type of the digital certificate comprises at least one of an adding operation, a modifying operation or a deleting operation; the digital certificate management equipment generates executable instructions according to the operation types of the digital certificates, wherein the executable instructions are used for indicating the digital certificates corresponding to the names of the digital certificates to be configured; and the digital certificate management equipment sends executable instructions to the digital certificate unloading equipment according to the deployment position of the digital certificate unloading equipment.
According to the digital certificate management method, the digital certificate management equipment is used for uniformly managing the configuration of the digital certificates, after the digital certificate management equipment acquires the requirements of users on the digital certificates, executable instructions for configuring the digital certificates can be generated, and the executable instructions are sent to the digital certificate unloading equipment to realize the digital certificate configuration of the digital certificate unloading equipment. In addition, operation and maintenance personnel can realize the digital certificate configuration of each digital certificate unloading device by operating the digital certificate management device, so that the labor is saved, the operation and maintenance cost can be reduced, and the high-efficiency, stable and safe operation of the data center can be ensured.
With reference to the first aspect, in certain implementation manners of the first aspect, the method further includes: the digital certificate management equipment acquires a first digital certificate according to the name of the digital certificate, wherein the first digital certificate is a digital certificate corresponding to the digital certificate name; if the first digital certificate is in the validity period, the digital certificate management device sends the first digital certificate to the digital certificate unloading device.
According to the digital certificate management method provided by the application, if the first digital certificate is in the validity period, the digital certificate management equipment sends the first digital certificate to the digital certificate unloading equipment, so that the smoothness of subsequent processing is facilitated, and the probability of failure of subsequent processing is reduced.
With reference to the first aspect, in certain implementation manners of the first aspect, the method further includes: if the first digital certificate is not in the validity period, the digital certificate management equipment sends prompt information that the first digital certificate exceeds the validity period to equipment corresponding to the user.
According to the management method of the digital certificate, if the first digital certificate is not in the validity period, the user is informed of the first digital certificate through the prompt information, so that the user uploads the digital certificate in the validity period, the user can know the processing progress, and the problem in the processing process is solved.
With reference to the first aspect, in certain implementation manners of the first aspect, the method further includes: if the first digital certificate is not in the validity period, the digital certificate management equipment acquires a second digital certificate which has the same name as the first digital certificate and is not in the validity period, and the uploading time of the second digital certificate is later than that of the first digital certificate; if the automatic updating requirement exists, the digital certificate management device updates the first digital certificate into the second digital certificate and sends the second digital certificate to the digital certificate unloading device.
According to the management method of the digital certificate, if the second digital certificate exists and the automatic updating requirement exists, the expired first digital certificate is automatically updated, so that the operation and maintenance efficiency of the digital certificate is improved.
With reference to the first aspect, in certain implementation manners of the first aspect, the method further includes: if the automatic updating requirement does not exist, prompt information for updating the first digital certificate is sent to equipment corresponding to the user; detecting an operation of updating the first digital certificate by the user; and in response to a user updating the first digital certificate, sending a second digital certificate to the digital certificate unloading device.
According to the digital certificate management method, if the second digital certificate does not exist, the user can be prompted to update the first digital certificate, and when the user is detected to update the first digital certificate, the first lion sign is changed into the second digital certificate, so that the transmitted digital certificate can be ensured to be effective, and the operation and maintenance efficiency of the digital certificate can be improved.
With reference to the first aspect, in certain implementation manners of the first aspect, the method further includes: detecting an operation of uploading a first digital certificate by a user; responding to the operation of uploading the first digital certificate by the user, and verifying the format and/or naming of the first digital certificate; if the verification is passed, the first digital certificate is stored.
According to the management method of the digital certificate, the first digital certificate is uploaded by the user, and before the first digital certificate is stored, the format and/or the naming of the digital certificate are verified, so that the format of the digital certificate is identical to the preset format and/or naming, and the follow-up management efficiency is improved.
With reference to the first aspect, in certain implementation manners of the first aspect, the method further includes: the digital certificate management device receives a processing result from the digital certificate unloading device, wherein the processing result comprises that the digital certificate corresponding to the digital certificate name is successfully configured, or the digital certificate corresponding to the digital certificate name is failed to be configured.
The method for updating the digital certificate can receive the processing result of the digital certificate unloading equipment, is favorable for determining the processing condition of the digital certificate unloading equipment and is convenient for unified management.
With reference to the first aspect, in certain implementations of the first aspect, the digital certificate offload device includes at least one of: a dedicated certificate offload device, a software/hardware load balancing device, or a server.
In a second aspect, the present application provides a method for managing digital certificates, the method comprising: the digital certificate uninstalling device receives an executable instruction from the digital certificate management device, wherein the executable instruction is sent by the digital certificate management device based on the deployment position of the digital certificate uninstalling device, the executable instruction is generated based on the operation type of the digital certificate, the executable instruction is used for indicating to configure the digital certificate corresponding to the name of the digital certificate, the operation type of the digital certificate and the deployment position of the digital certificate uninstalling device are determined based on the requirement of a user on the digital certificate, and the operation type of the digital certificate comprises at least one of an adding operation, a modifying operation or a deleting operation; and configuring the digital certificate corresponding to the name of the digital certificate according to the executable instruction.
With reference to the second aspect, in certain implementation manners of the second aspect, the method further includes: if the first digital certificate is in the limited period, the digital certificate unloading equipment receives the first digital certificate from the digital certificate management equipment, wherein the first digital certificate is a digital certificate corresponding to the digital certificate name.
With reference to the second aspect, in certain implementation manners of the second aspect, the method further includes: if the first digital certificate is not in the validity period and automatic updating requirement exists, the digital certificate unloading device receives a second digital certificate from the digital certificate management device, the second digital certificate and the first digital certificate have the same name but are not in the validity period, and the uploading time of the second digital certificate is later than the uploading time of the first digital certificate.
With reference to the second aspect, in certain implementation manners of the second aspect, the method further includes: the digital certificate unloading device sends a processing result to the digital certificate management device, wherein the processing result comprises that the digital certificate corresponding to the digital certificate name is successfully configured, or the digital certificate corresponding to the digital certificate name is failed to be configured.
With reference to the second aspect, in certain implementations of the second aspect, the digital certificate offload device includes at least one of: a dedicated certificate offload device, a software/hardware load balancing device, or a server.
In a third aspect, the present application provides a digital certificate management apparatus, the apparatus comprising: the device comprises a processing module and a receiving and transmitting module. Wherein, processing module is used for: acquiring the requirements of a user on the digital certificate, wherein the requirements comprise the name of the digital certificate, the operation type of the digital certificate and the deployment position of the digital certificate unloading equipment, and the operation type of the digital certificate comprises at least one of an adding operation, a modifying operation or a deleting operation; generating an executable instruction according to the operation type of the digital certificate, wherein the executable instruction is used for indicating the digital certificate corresponding to the name of the digital certificate to be configured; the transceiver module is used for: and sending executable instructions to the digital certificate unloading equipment according to the deployment position of the digital certificate unloading equipment.
With reference to the third aspect, in some implementations of the third aspect, the processing module is further configured to: acquiring a first digital certificate according to the name of the digital certificate, wherein the first digital certificate is a digital certificate corresponding to the name of the digital certificate; the transceiver module is also for: and if the first digital certificate is in the validity period, sending the first digital certificate to the digital certificate unloading equipment.
With reference to the third aspect, in some implementations of the third aspect, the transceiver module is further configured to: and if the first digital certificate is not in the validity period, sending prompt information of the first digital certificate exceeding the validity period to equipment corresponding to the user.
With reference to the third aspect, in some implementations of the third aspect, the processing module is further configured to: if the first digital certificate is not in the validity period, acquiring a second digital certificate which has the same name as the first digital certificate but is not in the validity period, wherein the uploading time of the second digital certificate is later than that of the first digital certificate; the transceiver module is also for: if the automatic updating requirement exists, the first digital certificate is updated to be a second digital certificate, and the second digital certificate is sent to the digital certificate unloading equipment.
With reference to the third aspect, in some implementations of the third aspect, the transceiver module is further configured to: if the automatic updating requirement does not exist, prompt information for updating the first digital certificate is sent to equipment corresponding to the user; the processing module is also used for: detecting an operation of updating the first digital certificate by the user; and in response to a user updating the first digital certificate, sending a second digital certificate to the digital certificate unloading device.
With reference to the third aspect, in some implementations of the third aspect, the processing module is further configured to: detecting an operation of uploading a first digital certificate by a user; responding to the operation of uploading the first digital certificate by the user, and verifying the format and/or naming of the first digital certificate; if the verification is passed, the first digital certificate is stored.
With reference to the third aspect, in some implementations of the third aspect, the transceiver module is further configured to: and receiving a processing result from the digital certificate unloading equipment, wherein the processing result comprises that the digital certificate corresponding to the digital certificate name is successfully configured, or the digital certificate corresponding to the digital certificate name is failed to be configured.
With reference to the third aspect, in certain implementations of the third aspect, the digital certificate offload device includes at least one of: a dedicated certificate offload device, a software/hardware load balancing device, or a server.
In a fourth aspect, the present application provides a digital certificate management apparatus, including: a transceiver module and a processing module. Wherein, the transceiver module is used for: receiving an executable instruction from the digital certificate management device, wherein the executable instruction is sent by the digital certificate management device based on a deployment position, the executable instruction is generated based on an operation type of the digital certificate, the executable instruction is used for indicating to configure the digital certificate corresponding to the name of the digital certificate, the operation type of the digital certificate and the deployment position are determined based on the requirement of a user on the digital certificate, and the operation type of the digital certificate comprises at least one of an adding operation, a modifying operation or a deleting operation; the processing module is used for: and configuring the digital certificate corresponding to the name of the digital certificate according to the executable instruction.
With reference to the fourth aspect, in some implementations of the fourth aspect, the transceiver module is configured to: and if the first digital certificate is in the limited period, receiving the first digital certificate from the digital certificate management equipment, wherein the first digital certificate is a digital certificate corresponding to the digital certificate name.
With reference to the fourth aspect, in some implementations of the fourth aspect, the transceiver module is configured to: if the first digital certificate is not in the validity period and automatic updating requirement exists, a second digital certificate from the digital certificate management equipment is received, the second digital certificate and the first digital certificate have the same name but not in the validity period, and the uploading time of the second digital certificate is later than the uploading time of the first digital certificate.
With reference to the fourth aspect, in some implementations of the fourth aspect, the transceiver module is configured to: and sending a processing result to the digital certificate management equipment, wherein the processing result comprises that the digital certificate corresponding to the digital certificate name is successfully configured, or the digital certificate corresponding to the digital certificate name is failed to be configured.
In a fifth aspect, the present application provides a digital certificate management apparatus, including a processor and a memory. The processor is configured to read instructions stored in the memory to perform a method according to any one of the possible implementations of the above aspect.
Optionally, the processor is one or more and the memory is one or more.
Alternatively, the memory may be integrated with the processor or the memory may be separate from the processor.
In a specific implementation process, the memory may be a non-transient (non-transitory) memory, for example, a Read Only Memory (ROM), which may be integrated on the same chip as the processor, or may be separately disposed on different chips.
The apparatus in the fifth aspect may be a chip, and the processor may be implemented by hardware or software, and when implemented by hardware, the processor may be a logic circuit, an integrated circuit, or the like; when implemented in software, the processor may be a general-purpose processor, implemented by reading software code stored in a memory, which may be integrated in the processor, or may reside outside the processor, and exist separately.
In a sixth aspect, the application provides a computer readable storage medium having a computer program (which may also be referred to as code, or instructions) which, when run on a computer, causes the computer to perform the method of any one of the possible implementations of any one of the aspects.
In a seventh aspect, the present application provides a computer program product comprising: a computer program (which may also be referred to as code, or instructions) which, when executed, causes a computer to perform the method of any one of the possible implementations of any one of the aspects.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
FIG. 1 is a schematic diagram of a data center;
FIG. 2 is a schematic flow chart of a method for managing digital certificates according to an embodiment of the present application;
FIG. 3 is a schematic flow chart of a method for uploading digital certificates provided by an embodiment of the present application;
FIG. 4 is a schematic flow chart of a method for updating digital certificates provided by an embodiment of the present application;
FIG. 5 is a schematic block diagram of a digital certificate management apparatus provided in an embodiment of the present application;
fig. 6 is a schematic block diagram of a digital certificate management apparatus according to an embodiment of the present application.
Specific embodiments of the present application have been shown by way of the above drawings and will be described in more detail below. The drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but rather to illustrate the inventive concepts to those skilled in the art by reference to the specific embodiments.
Detailed Description
The technical scheme of the application will be described below with reference to the accompanying drawings. It should be noted that the method and the device for managing digital certificates provided by the application can be used in the financial field and can also be used in any field except the financial field. The method and the device for managing the digital certificate provided by the application do not limit the application field.
In order to facilitate understanding of the embodiments of the present application, related terms in the embodiments of the present application will be described first.
1. Digital certificate
A digital certificate is a file digitally signed by a certificate authority that contains public key owner information and a public key. Typically issued by a national certification authority or enterprise-level certification authority (certification authority, CA) system.
2. Digital certificate offloading
Digital certificate uninstallation refers to a process of authenticating a digital certificate and may include encryption, decryption, signing, verification, etc.
At present, the financial industry is increasingly strict in network security management and control, and a data center can realize encryption and decryption through a digital certificate so as to achieve the aim of network security. For example, the domain name of the guest service, the domain name interconnected with the third party authority, and the domain name of the intranet in the data center can be securely accessed by encrypting the digital certificate. Thus, there is a great need for digital certificates in financial industry data centers. The access mode of the digital certificate encryption can be understood as converting the access mode of the hypertext transfer protocol (hyper text transfer protocol, HTTP) into the access mode of the hypertext transfer security protocol (hyper text transfer protocol over secure socket layer, HTTPs).
In the data center, the digital certificate offloading may be implemented on a dedicated certificate offloading device, on a software/hardware load balancing device, or on a server, i.e., the digital certificate offloading device is spread across different nodes of the data center. Because the deployment positions of the digital certificate unloading devices are distributed, the digital certificate formats required by each digital certificate unloading device are various, and the situation that the same digital certificate is deployed on a plurality of digital certificate unloading devices exists for special situations such as bidirectional authentication, the data certificate management is increasingly complex. It should be understood that the digital certificate uninstalling apparatus is an apparatus that can implement digital certificate uninstalling, and the digital certificate uninstalling apparatus is merely an example of a name, which is not limited by the embodiment of the present application.
Illustratively, FIG. 1 shows a schematic diagram of a data center 100. As shown in fig. 1, the data center 100 includes a device 101, a device 102, a device 103, a device 104, and a device 105. The number of devices included in the data center 100 is merely an example, and embodiments of the present application are not limited in this respect.
The device 102 may be a dedicated certificate offload device, i.e., a device dedicated to digital certificate offload. The device 103 may be a load balancing device or may implement digital certificate offloading. The device 104 may be a server or may implement digital certificate offloading. Device 101 and device 105 may not implement digital certificate offloading, but may carry other roles in data center 100.
Device 102, device 103, and device 104 may all be referred to as digital certificate offload devices. The digital certificate offload device deployment is decentralized and the data certificate management is relatively complex.
In the common practice of the industry, digital certificate management generally carries out manual maintenance on digital certificate unloading devices at different positions by operation and maintenance personnel according to different deployment positions of the digital certificate unloading devices, so that the problems of low operation and maintenance efficiency and high operation and maintenance cost exist, and meanwhile, great risks are brought to efficient, stable and safe operation of the whole data center.
Illustratively, in the data center 100 shown in fig. 1 described above, when an operation and maintenance person manages the digital certificate unloading apparatuses (the apparatus 102, the apparatus 103, and the apparatus 104), it is necessary to configure the digital certificate. Because the digital certificate unloading equipment is distributed, when operation and maintenance personnel maintain the digital certificates, the digital certificate unloading equipment at different positions needs to be correspondingly and manually maintained by different operation and maintenance personnel, namely 3 operation and maintenance personnel are needed to maintain the digital certificates for the equipment 102, the equipment 103 and the equipment 104 respectively, the problems of low operation and maintenance efficiency and high operation and maintenance cost exist, and meanwhile, great risks are brought to the efficient, stable and safe operation of the whole data center. Wherein maintaining the digital certificate may also be understood as configuring the digital certificate.
In view of this, the embodiments of the present application provide a method and an apparatus for managing digital certificates, which can uniformly dock each digital certificate unloading device, uniformly manage digital certificates in various formats, and provide an integrated, automatic and intelligent digital certificate management method, so as to improve the operation and maintenance efficiency of digital certificates and reduce the operation and maintenance cost of digital certificates.
Before describing the method and the device for managing digital certificates provided by the embodiment of the application, the following description is made.
First, the first, second and various numerical numbers in the embodiments shown below are merely for convenience of description and are not intended to limit the scope of the embodiments of the present application. For example, to distinguish between different digital certificates, etc.
Second, "at least one" means one or more, and "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a alone, a and B together, and B alone, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, and c may represent: a, b, or c, or a and b, or a and c, or b and c, or a, b and c, wherein a, b and c can be single or multiple.
Fig. 2 is a schematic flowchart of a method 200 for managing digital certificates according to an embodiment of the present application, where the method 200 may be applied to the data center 100 shown in fig. 1, but the embodiment of the present application is not limited thereto. The method 200 may be performed by a digital certificate management device, such as the device 101 or the device 105 described above, but embodiments of the application are not limited in this regard. It should be understood that, when the digital certificate manages the device, one device of the data center is used to dock each digital certificate unloading device, so as to uniformly manage the digital certificates in various formats.
As shown in fig. 2, the method 200 may include the steps of:
s201, the digital certificate management device acquires the requirement of a user on the digital certificate, wherein the requirement comprises the name of the digital certificate, the operation type of the digital certificate and the deployment position of the digital certificate unloading device, and the operation type of the digital certificate comprises at least one of an adding operation, a modifying operation or a deleting operation.
The digital certificate management device can provide a man-machine interaction interface for a user, and the user can set the requirement on the digital certificate through the man-machine interaction interface. The digital certificate management apparatus may acquire a user's demand for digital certificates in response to an operation of the user.
It should be noted that, the user may be an operation and maintenance person, and the operation and maintenance person does not need to perform the configuration of the digital certificate on the digital certificate unloading device, but performs the configuration of the digital certificate on the digital certificate unloading device through the digital certificate management device.
The requirements of users on the digital certificates can be different according to the actual application scene, but the general requirements comprise the name of the digital certificate, the operation type of the digital certificate and the deployment position of the digital certificate unloading equipment.
The name of the digital certificate is used to represent the different digital certificates in order to obtain the digital certificate. The name of the digital certificate may also be referred to as an identification of the digital certificate, which is not limited by embodiments of the present application.
The operation type of the digital certificate includes at least one of an add operation, a modify operation, or a delete operation, the add operation being used to represent an addition of the digital certificate. The modification operation is used to represent modification of the digital certificate, e.g., replacement of the digital certificate. The delete operation is used to indicate that the digital certificate is deleted.
The deployment location of the digital certificate offload device is used to represent the location of the device that receives the digital certificate configuration. The deployment location of the digital certificate offload device may be determined based on a plurality of constraints, which may include whether it is an internet device, whether it is a cloud-in device, or whether it is a third party device, etc. These constraints may be displayed on a human-machine interface provided by the digital certificate management device for the user, and the digital certificate management device determines a deployment location of the digital certificate uninstalling device in response to a user operation on the human-machine interface. The digital certificate unloading device is used for decrypting the data packet through the digital certificate to obtain a decrypted data packet.
Optionally, the user's requirements for digital certificates may also include a port number, a server address, and the name of the application. The application program is an application program which uses the digital certificate to encrypt and decrypt, the application program is installed in the digital certificate unloading device, the port number is a port for the application program to serve, and the server is a device for receiving the decrypted data packet.
The digital certificate uninstallation device is provided with an application program of a mobile phone bank, the mobile phone bank needs to encrypt and decrypt the digital certificate, an operation and maintenance personnel can set requirements on the digital certificate management device, the digital certificate management device responds to the operation of the operation and maintenance personnel and can acquire the requirements of a user on the digital certificate, and the requirements can comprise the name of the digital certificate, the operation type of the digital certificate, the deployment position of the digital certificate uninstallation device, the port number, the server address and the name of the application program.
In the prior art, the digital certificate management device can display the digital certificate through the man-machine interaction interface, the digital certificate management device can respond to the operation of the operation and maintenance device to acquire the requirement of the operation and maintenance device on the digital certificate, so that the requirement of the operation and maintenance device on the digital certificate does not only comprise the related requirement, but also the embodiment of the application is not listed here one by one.
S202, the digital certificate management equipment generates executable instructions according to the operation types of the digital certificates, wherein the executable instructions are used for indicating the digital certificates corresponding to the names of the digital certificates to be configured.
The executable instructions may also be referred to as configuration instructions, which are not limiting on the embodiments of the application.
If the operation type of the digital certificate includes a new operation, the digital certificate management device may generate an executable instruction as a create instruction according to the new operation, where a parameter in the create instruction may be used to indicate a name of the digital certificate. If the user's requirements for a digital certificate may also include a port number, a server address, and a name of an application, the parameters in the create instruction may also be used to indicate the port number, the server address, and the name of the application. The create instruction is used for indicating to perform new configuration on the digital certificate corresponding to the name of the digital certificate.
If the operation type of the digital certificate includes a delete operation, the digital certificate management device may generate an executable instruction as a delete instruction according to the delete operation, where a parameter in the delete instruction may be used to indicate a name of the digital certificate. If the user's requirements for a digital certificate may also include a port number, a server address, and the name of the application, the parameters in the delete instruction may also be used to indicate the port number, the server address, and the name of the application. The delete instruction is used for indicating deletion configuration of the digital certificate corresponding to the name of the digital certificate.
If the operation type of the digital certificate includes a modification operation, the digital certificate management device may generate an executable instruction as a change instruction according to the modification operation, where a parameter in the change instruction may be used to indicate a name of the digital certificate. If the user's requirements for the digital certificate may also include a port number, a server address, and a name of the application, the parameters in the change instruction may also be used to indicate the port number, the server address, and the name of the application. The change instruction is used for indicating to modify and configure the digital certificate corresponding to the name of the digital certificate.
Optionally, S202, the digital certificate management device generates executable instructions according to the operation type of the digital certificate, and may include: the digital certificate management equipment classifies the requirements according to the operation type of the digital certificate to obtain classified requirements; the digital certificate management device generates executable instructions for each of the classified requirements.
If the operation types of the digital certificate include an add operation, a modify operation and a delete operation, the digital certificate management device may divide the requirements of the user for the digital certificate into three types, namely a first type of requirement, a second type of requirement and a third type of requirement. The first type of requirements may be requirements for a new operation, the second type of requirements may be requirements for a modified operation, and the third type of requirements may be requirements for a delete operation. The digital certificate management device generates executable instructions for the first type of requirements as create instructions, generates executable instructions for the second type of requirements as delete instructions, and generates executable instructions for the third type of requirements as change instructions.
In this way, when the digital certificate management device receives a large number of demands, the digital certificate management device can firstly classify and then generate executable instructions, and for the instructions with the same kind of demands, only parameters need to be changed, so that the time for generating the instructions can be saved, and the efficiency of generating the instructions can be improved.
S203, the digital certificate management equipment sends executable instructions to the digital certificate unloading equipment according to the deployment position of the digital certificate unloading equipment, and correspondingly, the digital certificate unloading equipment receives the executable instructions.
The number of the digital certificate unloading devices may be one or more, which is not limited in the embodiment of the present application.
When the number of the digital certificate unloading devices is plural, the digital certificate management device may send corresponding executable instructions to each digital certificate unloading device according to the deployment location of each digital certificate unloading device.
Alternatively, before S203, the digital certificate management apparatus may verify the executable instruction, and if the verification is successful, S203 is performed.
The digital certificate management device can verify whether the digital certificate unloading device supports the generated executable instructions before sending the executable instructions to the digital certificate unloading device, if so, the digital certificate unloading device passes the verification, if not, the verification fails, and prompt information can be displayed, or an operation and maintenance person or related personnel is notified through a mail, a short message or an Instant Messaging (IM) interface unit of an enterprise. The operation and maintenance personnel and related personnel may also be referred to as a dry person, and the embodiments of the present application are not limited in this regard.
Optionally, in order to enable the operation and maintenance personnel or related personnel to check the reason of failure, the prompt message, the mail or the short message may include the specific reason of failure of the check, so as to generate the correctly executable instruction later.
S204, configuring the digital certificate corresponding to the name of the digital certificate according to the executable instruction.
After receiving the executable instruction from the digital certificate management device, the digital certificate unloading device can configure the digital certificate corresponding to the name of the digital certificate according to the information indicated by the parameter in the executable instruction. The digital certificate corresponding to the name of the digital certificate may be preset by the digital certificate uninstalling device or may be sent by the digital certificate managing device, which is not limited in the embodiment of the present application.
According to the digital certificate management method provided by the embodiment of the application, the digital certificate management equipment is used for uniformly managing the configuration of the digital certificates, after the digital certificate management equipment acquires the demands of users on the digital certificates, executable instructions for configuring the digital certificates can be generated, and the executable instructions are sent to the digital certificate unloading equipment to realize the digital certificate configuration of the digital certificate unloading equipment. In addition, operation and maintenance personnel can realize the digital certificate configuration of each digital certificate unloading device by operating the digital certificate management device, so that the labor is saved, the operation and maintenance cost can be reduced, and the high-efficiency, stable and safe operation of the data center can be ensured.
As an alternative embodiment, the method 200 may further include: the digital certificate management equipment acquires a first digital certificate according to the name of the digital certificate, wherein the first digital certificate is a digital certificate corresponding to the digital certificate name; if the first digital certificate is within the validity period, the digital certificate management device sends the first digital certificate to the digital certificate unloading device, and correspondingly, the digital certificate management device receives the first digital certificate.
The digital certificate management equipment can obtain a first digital certificate through the name of the digital certificate, acquire the validity period information of the certificate from the first digital certificate, judge whether the first digital certificate is in the validity period, and if the first digital certificate is in the validity period, the digital certificate management equipment sends the first digital certificate to the digital certificate unloading equipment. After the digital certificate offload device receives the first digital certificate, it may be configured according to the executable instructions.
The first digital certificate may be preset in the digital certificate management device, or may be uploaded by a manager of the digital certificate through a man-machine interaction interface, which is not limited in the embodiment of the present application.
If the first digital certificate is uploaded by the manager of the digital certificate through the man-machine interaction interface, when the digital certificate management equipment detects the operation of uploading the first digital certificate, the format and/or the name of the first digital certificate can be verified, if the verification is passed, the first digital certificate is stored, and if the verification is not passed, the manager of the digital certificate is prompted to upload the digital certificate meeting the condition.
According to the digital certificate management method provided by the embodiment of the application, if the first digital certificate is in the validity period, the digital certificate management equipment sends the first digital certificate to the digital certificate unloading equipment, so that the smoothness of subsequent processing is facilitated, and the probability of failure of the subsequent processing is reduced.
Illustratively, FIG. 3 shows a schematic flow chart of a method 300 of uploading digital certificates. As shown in fig. 3, the method 300 may include the steps of:
s301, detecting an operation of uploading the digital certificate by the user.
The digital certificate management apparatus may provide a man-machine interaction interface for the user, the man-machine interaction interface may display a control for adding the digital certificate, and when the user (may be a manager of the digital certificate) clicks the control for adding the digital certificate, the digital certificate management apparatus may detect an operation of uploading the digital certificate by the user.
S302, verifying the format and/or naming of the uploaded digital certificate, and judging whether the verification is passed or not.
The digital certificate management device can store a preset format and/or a preset naming specification, and can verify the format of the uploaded digital certificate through the preset format to judge whether the verification is passed or not. The digital certificate management equipment can verify the name of the uploaded digital certificate through a preset naming specification, and judges whether the verification is passed or not.
Illustratively, if the preset format is not the same as the format of the uploaded digital certificate, the verification is not passed. If the preset format is the same as the format of the uploaded digital certificate, the verification is passed. If the name of the uploaded digital certificate does not meet the preset naming specification, the verification is not passed. If the name of the uploaded digital certificate meets the preset naming standard, the verification is passed.
And S303, if the verification is passed, storing the uploaded digital certificate.
If the verification is passed, the digital certificate management device may store the uploaded digital certificate for subsequent use.
And S304, if the verification is not passed, sending prompt information to equipment corresponding to the user.
The hint information may include results of verification failed and/or reasons for verification failed. For example, the reason for the failed verification may be that the format of the uploaded digital certificate is not a preset format, or that the naming of the uploaded digital certificate does not meet a preset naming convention.
There are a number of possible implementations of the hint information.
In one possible implementation, the hint information may be displayed directly on the interface to facilitate the user to re-upload the digital authentication ticket.
In another possible implementation, the prompt may inform the user to re-upload the digital certificate via mail, text message, or enterprise IM interface unit.
The method for uploading the digital certificate provided by the embodiment of the application verifies the format and/or the name of the uploaded digital certificate, so that a user can upload the correct digital certificate conveniently, the smoothness of subsequent processing is facilitated, and the probability of failure of the subsequent processing is reduced.
As an alternative embodiment, the digital certificate management device may process if the first digital certificate is not within the validity period using a number of possible implementations.
In one possible implementation, if the first digital certificate is not within the validity period, the digital certificate management device sends a prompt message that the first digital certificate exceeds the validity period to the device corresponding to the user.
The user may be an operation and maintenance person or a staff member responsible for managing and uploading the digital certificate, which is not limited in the embodiment of the present application. The device corresponding to the user may be a digital certificate management device, or may be a device such as a mobile phone or a computer of the user, which is not limited in the embodiment of the present application.
The prompting message of the first digital certificate exceeding the limited period may be sent through a mail, a short message, or an IM interface unit of an enterprise, but the embodiment of the application is not limited thereto.
Optionally, the digital certificate management device may further acquire information such as a name of the digital certificate, an associated domain name or a name of an application program, a type of the digital certificate, and the like from the first digital certificate, and add the information to the prompt information of the first digital certificate exceeding a limited period, so as to facilitate the user to determine information of the re-uploaded digital certificate.
In the implementation manner, if the first digital certificate is not in the validity period, the user is notified through the prompt information, so that the user uploads the digital certificate in the validity period, the user can know the processing progress, and the problem in the processing process is solved.
In another possible implementation manner, if the first digital certificate is not within the validity period, the digital certificate management device acquires a second digital certificate having the same name as the first digital certificate but not exceeding the validity period, and the uploading time of the second digital certificate is later than the uploading time of the first digital certificate; if the automatic updating requirement exists, the first digital certificate is updated to be the second digital certificate, and the second digital certificate is sent to the digital certificate unloading equipment.
The second digital certificate may be uploaded after the user receives the prompt message that the first digital certificate exceeds the finite period, or may be actively uploaded after the user finds that the first digital certificate is about to expire, which is not limited in the embodiment of the present application.
The second digital certificate and the first digital certificate have the same name, or the second digital certificate and the first digital certificate have the same domain name, which is not limited in the embodiment of the present application.
After the digital certificate management device acquires the second digital certificate, the digital certificate management device can judge whether the user sets an automatic update requirement, and if the automatic update requirement exists, the digital certificate management device updates the first digital certificate into the second digital certificate. If the automatic updating requirement does not exist, the digital certificate management equipment can send prompt information for updating the digital certificate to equipment corresponding to the user.
Optionally, if the first digital certificate is not within the validity period and there is no second digital certificate having the same name as the first digital certificate but not exceeding the validity period, the digital certificate management device may send a prompt message to the device corresponding to the user that the new digital certificate needs to be uploaded.
Illustratively, FIG. 4 shows a schematic flow chart of a method 400 of updating a digital certificate. As shown in fig. 4, the method 400 includes the steps of:
s401, if the first digital certificate is not in the validity period, judging whether a second digital certificate which has the same name as the first digital certificate but is not in the validity period exists.
If a second digital certificate exists, the digital certificate management apparatus may perform S402. If the second digital certificate does not exist, the digital certificate management apparatus may perform S403.
S402, if the second digital certificate exists, whether the digital certificate is authorized to expire or not is judged to be automatically updated.
And judging whether the digital certificate is authorized to expire and automatically update, namely judging whether the automatic update requirement exists.
If the authorized digital certificate expires with automatic updating, the digital certificate management apparatus may perform S405. If the unauthorized digital certificate expires automatically, the digital certificate management apparatus may perform S406.
S403, if the second digital certificate does not exist, prompt information of the new digital certificate to be uploaded is sent to equipment corresponding to the user.
If the second digital certificate does not exist and the first digital certificate is expired, the user needs to be informed of uploading the new digital certificate. It should be appreciated that the new digital certificate is unexpired and has the same name as the first digital certificate.
S404, if the operation of uploading the second digital certificate by the user is received, storing the second digital certificate.
If the user uploads the second digital certificate, the digital certificate management device stores the second digital certificate.
Alternatively, if the operation of uploading the second digital certificate by the user is received, the digital certificate management apparatus may verify the second digital certificate using S302 described above, and if the verification is passed, store the second digital certificate.
Optionally, the digital certificate management apparatus holds the second digital certificate, and S402 may also be executed, so as to implement updating of the digital certificate.
S405, if the authorized digital certificate is expired and automatically updated, the first digital certificate is updated into a second digital certificate.
If the authorized digital certificate expires, the digital certificate management device may automatically update the first digital certificate, i.e., update the first digital certificate to a second digital certificate.
And S406, if the unauthorized digital certificate is out of date and automatically updated, the prompt information for updating the first digital certificate is sent to the equipment corresponding to the user.
If the unauthorized digital certificate expires, the digital certificate management apparatus may prompt the user to update the first digital certificate.
S407, judging whether the operation of updating the first digital certificate by the user is received or not.
If an operation of updating the first digital certificate by the user is received, the digital certificate management apparatus may perform S405, i.e., update the first digital certificate to the second digital certificate.
If the operation of updating the first digital certificate by the user is not received, ending the flow.
According to the method for updating the digital certificate, provided by the embodiment of the application, if the second digital certificate exists and the automatic updating requirement exists, the expired first digital certificate is automatically updated, if the second digital certificate exists and the automatic updating requirement does not exist, the user is informed to update the expired first digital certificate, and if the second digital certificate does not exist, the user is informed to upload the unexpired digital certificate, so that the expired digital certificate can be updated, and the operation and maintenance efficiency of the digital certificate is improved.
As an alternative embodiment, the method 200 may further include: the digital certificate unloading device sends a processing result to the digital certificate management device, wherein the processing result comprises that the digital certificate corresponding to the digital certificate name is successfully configured, or the digital certificate corresponding to the digital certificate name is failed to be configured. Correspondingly, the digital certificate management apparatus receives the processing result.
The digital certificate unloading device sends the processing result to the digital certificate management device, and the digital certificate management device can receive the processing result so as to determine the processing condition of the digital certificate unloading device and realize unified management.
Alternatively, the digital certificate management apparatus may also transmit the processing result to an apparatus corresponding to the user or the responsible person of the digital certificate unloading apparatus. The person in charge of the digital certificate unloading device can be input by a user or preset, and the embodiment of the application is not limited to the input method.
The digital certificate management device may obtain the contact information of the responsible person from a database, where the database includes each digital certificate unloading device and the information of the responsible person corresponding to each digital certificate unloading device, and the digital certificate management device may determine, according to the digital certificate unloading device, the information of the responsible person corresponding to the digital certificate unloading device from the database, so as to send the processing result to the device corresponding to the responsible person. The database may also be referred to as a service application ledger, which is not limited in the embodiment of the present application.
The method for updating the digital certificate provided by the embodiment of the application can receive the processing result of the digital certificate unloading equipment, is beneficial to determining the processing condition of the digital certificate unloading equipment and is convenient for unified management.
The method provided by the embodiment of the application is described in detail above, and the embodiment of the application also provides a digital certificate management device, which can execute the method.
Fig. 5 shows a schematic block diagram of a digital certificate management apparatus 500. As shown in fig. 5, the digital certificate management apparatus 500 includes a digital certificate storage module 510, a digital certificate processing module 520, a digital certificate offload node management module 530, and a notification module 540.
1) The digital certificate storage module 510 is configured to store a digital certificate uploaded by a user, so that the digital certificate processing module 520 calls the digital certificate.
The digital certificate storage module 510 may include a digital certificate transmission module 511, a digital certificate verification module 512, a digital certificate information acquisition module 513, and a digital certificate validity period management module 514.
The digital certificate transmission module 511 may be configured to receive a digital certificate uploaded by a user, and may be configured to send the digital certificate to the digital certificate verification module 512 and the digital certificate information acquisition module 513, and may also be configured to send the digital certificate to the digital certificate processing module 520.
The digital certificate verification module 512 may be configured to receive the digital certificate from the digital certificate transmission module 511 and verify the digital certificate through S302 described above.
The digital certificate information obtaining module 513 may be configured to receive the first digital certificate from the digital certificate transmission module 511, and obtain basic information of the first digital certificate, for example, information such as a name of the first digital certificate, an associated domain name or a name of an application program, a type of the first digital certificate, a validity period of the first digital certificate, and the like, and add the basic information of the first digital certificate to the database, where the first digital certificate, the basic information of the first digital certificate, and a contact manner of its associated responsible person may be stored. The digital certificate information acquisition module 513 may also send the validity period of the first digital certificate to the digital certificate validity period management module 514.
The digital certificate validity period management module 514 may be configured to receive the validity period of the first digital certificate from the digital certificate information acquisition module 513 and verify whether the first digital certificate exceeds the validity period, and at the same time, count the digital certificates that have expired and the digital certificates that are about to expire. If the first digital certificate exceeds the expiration date, the digital certificate expiration date management module 514 sends indication information to the notification module 540, for indicating the notification module 540 to send prompt information to the responsible party associated with the first digital certificate.
If the first digital certificate exceeds the expiration date, the digital certificate expiration date management module 514 may further execute the method 400, and the specific implementation manner may refer to the above description, which is not repeated herein.
2) The digital certificate processing module 520 is configured to process the digital certificate according to the requirement of the user.
The digital certificate processing module 520 may include a digital certificate acquisition module 521, a user demand acquisition module 522, and a digital certificate instruction generation module 523.
Wherein the digital certificate acquisition module 521 is configured to acquire a digital certificate from the digital certificate transmission module 511. The user requirement acquisition module 522 may be configured to acquire a user's requirement for a digital certificate and send the digital certificate requirement to the digital certificate instruction generation module 523. The digital certificate command generating module 523 is configured to receive a requirement of a digital certificate, generate an executable command according to the requirement, and send the executable command to the digital certificate unloading node management module 530.
3) The digital certificate offload node management module 530 may be configured to receive the executable instructions from the digital certificate processing module 520 and send the executable instructions to a digital certificate offload device corresponding to the executable instructions.
The digital certificate offload node management module 530 may include a digital certificate instruction receipt verification module 531 and a digital certificate offload node interface module 532. The digital certificate command receiving and checking module 531 may be configured to receive the executable command from the digital certificate command generating module 523, check the executable command, and if the check is successful, send the executable command to the digital certificate unloading node interface module 532. If the verification is unsuccessful, an indication is sent to the notification module 540, and the notification module 540 is instructed to send a prompt message to the relevant responsible person.
The digital certificate offload node interface module 532 may be configured to receive the executable instructions from the digital certificate instruction receipt verification module 531 and send the executable instructions to the digital certificate offload device. The digital certificate offload device may be one or more dedicated certificate offload devices, one or more hard/software load balancing devices, one or more servers, or one or more other certificate offload devices.
4) The notification module 540 may be configured to receive the indication information and send a prompt to the user according to the indication information.
The notification module 540 may include a mail system interface module 541, a short message system interface module 542, and an enterprise IM interface module 543.
The mail system interface module 541 may send, in a mail manner, a prompt message to a device corresponding to the user. The sms system interface module 542 may send a prompt message to a device corresponding to the user in the form of a sms. The enterprise IM interface module 543 may send prompt information in the form of enterprise information to the device corresponding to the user.
In addition, the embodiment of the application also provides a digital certificate management device.
Fig. 6 shows a schematic block diagram of a digital certificate management apparatus 600 provided in an embodiment of the present application. The apparatus 600 includes: a processor 610, a transceiver 620, and a memory 630. Wherein the processor 610, the transceiver 620 and the memory 630 communicate with each other through an internal connection path, the memory 630 is used for storing instructions, and the processor 610 is used for executing the instructions stored in the memory 630 to control the transceiver 620 to transmit signals and/or receive signals.
It should be appreciated that the apparatus 600 may be used to perform the various steps and/or flows described above in connection with the digital certificate management device or digital certificate offload device in the method embodiments. The memory 630 may optionally include read-only memory and random access memory, and provide instructions and data to the processor 610. A portion of memory 630 may also include nonvolatile random access memory. For example, the memory 630 may also store information of the device type. The processor 610 may be configured to execute instructions stored in the memory 630 and when the processor 610 executes instructions stored in the memory 630, the processor 610 is configured to perform the steps and/or flow of the method embodiments described above that correspond to a digital certificate management device or a digital certificate offload device.
It should be appreciated that in embodiments of the present application, the processor 610 of the apparatus 600 may be a central processing unit (central processing unit, CPU), and the processor 610 may also be other general purpose processors, digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The steps of the method disclosed in connection with the embodiments of the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software elements in the processor for execution. The software elements may be located in a random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor executes instructions in the memory to perform the steps of the method described above in conjunction with its hardware. To avoid repetition, a detailed description is not provided herein.
The present application provides a readable computer storage medium for storing a computer program for implementing the method corresponding to the digital certificate management apparatus or the digital certificate uninstalling apparatus in the above-described embodiment.
The present application provides a computer program product comprising a computer program (which may also be referred to as code, or instructions) which, when run on a computer, is capable of performing the method corresponding to the digital certificate management device or the digital certificate offload device in the above-described embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (11)

1. A digital certificate management method applied to a digital certificate management device, wherein the digital certificate management device is uniformly connected with each distributed digital certificate unloading device, and the method is characterized by comprising the following steps:
acquiring the requirements of a user on a digital certificate, wherein the requirements comprise the name of the digital certificate, the operation type of the digital certificate and the deployment position of the digital certificate unloading equipment, and the operation type of the digital certificate comprises at least one of an adding operation, a modifying operation or a deleting operation;
generating an executable instruction according to the operation type of the digital certificate, wherein the executable instruction is used for indicating the configuration of the digital certificate corresponding to the name of the digital certificate;
and sending the executable instruction to the digital certificate unloading equipment according to the deployment position of the digital certificate unloading equipment.
2. The method according to claim 1, wherein the method further comprises:
acquiring a first digital certificate according to the name of the digital certificate, wherein the first digital certificate is a digital certificate corresponding to the name of the digital certificate;
and if the first digital certificate is in the validity period, sending the first digital certificate to the digital certificate unloading equipment.
3. The method according to claim 2, wherein the method further comprises:
and if the first digital certificate is not in the validity period, sending prompt information that the first digital certificate exceeds the validity period to equipment corresponding to the user.
4. The method according to claim 2, wherein the method further comprises:
if the first digital certificate is not in the validity period, a second digital certificate which has the same name as the first digital certificate but is not in the validity period is obtained, and the uploading time of the second digital certificate is later than that of the first digital certificate;
if the automatic updating requirement exists, the first digital certificate is updated to the second digital certificate, and the second digital certificate is sent to the digital certificate unloading equipment.
5. The method according to claim 4, wherein the method further comprises:
if the automatic updating requirement does not exist, prompt information for updating the first digital certificate is sent to equipment corresponding to the user;
detecting an operation of the user to update the first digital certificate;
and in response to the operation of updating the first digital certificate by the user, updating the first digital certificate to the second digital certificate.
6. The method according to claim 2, wherein the method further comprises:
detecting an operation of uploading the first digital certificate by the user;
responding to the operation of uploading the first digital certificate by the user, and verifying the format and/or naming of the first digital certificate;
and if the verification is passed, storing the first digital certificate.
7. The method according to claim 1, wherein the method further comprises:
and receiving a processing result from the digital certificate unloading equipment, wherein the processing result comprises that the digital certificate corresponding to the name of the digital certificate is successfully configured, or the digital certificate corresponding to the name of the digital certificate is failed to be configured.
8. The method according to any one of claims 1 to 7, wherein the digital certificate offload device comprises at least one of:
a dedicated certificate offload device, a software/hardware load balancing device, or a server.
9. A digital certificate management method applied to a digital certificate uninstalling device, comprising:
receiving an executable instruction from a digital certificate management device, the executable instruction being sent by the digital certificate management device based on a deployment location of the digital certificate offload device, the executable instruction being generated based on an operation type of a digital certificate, the executable instruction being for instructing configuring a digital certificate corresponding to a name of the digital certificate, the operation type of the digital certificate, and the deployment location of the digital certificate offload device being determined based on a user's need for the digital certificate, the operation type of the digital certificate including at least one of an add operation, a modify operation, or a delete operation; the digital certificate management equipment is uniformly connected with the digital certificate unloading equipment in a butt joint mode;
And configuring the digital certificate corresponding to the name of the digital certificate according to the executable instruction.
10. A digital certificate management apparatus, comprising: a processor coupled to a memory for storing a computer program which, when invoked by the processor, causes the apparatus to perform the method of any one of claims 1 to 8 or to perform the method of claim 9.
11. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when run on a computer, causes the computer to perform the method according to any of claims 1 to 8 or to perform the method according to claim 9.
CN202210700256.8A 2022-06-20 2022-06-20 Digital certificate management method and management device Active CN114884963B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210700256.8A CN114884963B (en) 2022-06-20 2022-06-20 Digital certificate management method and management device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210700256.8A CN114884963B (en) 2022-06-20 2022-06-20 Digital certificate management method and management device

Publications (2)

Publication Number Publication Date
CN114884963A CN114884963A (en) 2022-08-09
CN114884963B true CN114884963B (en) 2023-11-03

Family

ID=82682035

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210700256.8A Active CN114884963B (en) 2022-06-20 2022-06-20 Digital certificate management method and management device

Country Status (1)

Country Link
CN (1) CN114884963B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105553671A (en) * 2015-12-23 2016-05-04 北京奇虎科技有限公司 Digital certificate managing method, device and system
CN108667781A (en) * 2017-04-01 2018-10-16 西安西电捷通无线网络通信股份有限公司 A kind of digital certificate management method and equipment
CN109962781A (en) * 2017-12-26 2019-07-02 浙江宇视科技有限公司 A kind of digital certificate diostribution device
CN112187453A (en) * 2020-09-10 2021-01-05 中信银行股份有限公司 Digital certificate updating method and system, electronic equipment and readable storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067543B (en) * 2018-07-24 2020-04-14 腾讯科技(深圳)有限公司 Digital certificate management method, device, computer equipment and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105553671A (en) * 2015-12-23 2016-05-04 北京奇虎科技有限公司 Digital certificate managing method, device and system
CN108667781A (en) * 2017-04-01 2018-10-16 西安西电捷通无线网络通信股份有限公司 A kind of digital certificate management method and equipment
CN109962781A (en) * 2017-12-26 2019-07-02 浙江宇视科技有限公司 A kind of digital certificate diostribution device
CN112187453A (en) * 2020-09-10 2021-01-05 中信银行股份有限公司 Digital certificate updating method and system, electronic equipment and readable storage medium

Also Published As

Publication number Publication date
CN114884963A (en) 2022-08-09

Similar Documents

Publication Publication Date Title
US10021113B2 (en) System and method for an integrity focused authentication service
US11695735B2 (en) Security management for net worked client devices using a distributed ledger service
US11076295B2 (en) Remote management method, and device
CN101258505B (en) Secure software updates
CN110719203B (en) Operation control method, device and equipment of intelligent household equipment and storage medium
CN110971656B (en) Secure storage of data in a blockchain
CN107241339B (en) Identity authentication method, identity authentication device and storage medium
CN104125565A (en) Method for realizing terminal authentication based on OMA DM, terminal and server
GB2609872A (en) Security management for networked client devices using a distributed ledger service
CN112514328B (en) Communication system, provider node, communication node and method for providing virtual network functions to customer nodes
EP2405376A1 (en) Utilization of a microcode interpreter built in to a processor
CN102143492B (en) Method for establishing virtual private network (VPN) connection, mobile terminal and server
CN114760112B (en) Wireless local area network-oriented intelligent home equipment networking method, system, equipment and storage medium
CN109391473B (en) Electronic signature method, device and storage medium
WO2009071735A1 (en) Management of mobile station
KR102292007B1 (en) Network node security using short range communication
US20150220726A1 (en) Authentication Method, Authentication Apparatus and Authentication Device
CN105516136A (en) Authority management method, device and system
CN112073961B (en) SIM card state updating method and device, terminal and readable storage medium
CN114362981A (en) Upgrading method of terminal equipment of Internet of things and related equipment
CN114884963B (en) Digital certificate management method and management device
CN112219416A (en) Techniques for authenticating data transmitted over a cellular network
CN105471920A (en) Identifying code processing method and device
CN104980332A (en) System and method for remote data management
CN113051539B (en) Method and device for calling digital certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant