CN115189876A - Certificate extension method and device and server - Google Patents
Certificate extension method and device and server Download PDFInfo
- Publication number
- CN115189876A CN115189876A CN202210845979.7A CN202210845979A CN115189876A CN 115189876 A CN115189876 A CN 115189876A CN 202210845979 A CN202210845979 A CN 202210845979A CN 115189876 A CN115189876 A CN 115189876A
- Authority
- CN
- China
- Prior art keywords
- target
- request
- information
- certificate
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The specification provides a certificate extension method, a certificate extension device and a certificate extension server. Based on the method, when a target security tool which is held by a target user and stores a target certificate of a to-be-extended period cannot be normally logged in for use due to expiration or invalidation, the target security tool can be connected with a first terminal, and a target self-service extended period request is initiated through the first terminal; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of the environment information. And the first server of the platform side receives and responds to the target self-service exhibition period request, and completes the updating of the target certificate in the target safety tool by performing related data processing and data interaction according to corresponding protocol rules. Therefore, on the premise of protecting the information data security of an enterprise side and a platform side, a target user can conveniently and efficiently complete self-service exhibition service of a target certificate in a target security tool without going to a website counter.
Description
Technical Field
The present specification belongs to the technical field of network security, and in particular, to a certificate expiration method, apparatus, and server.
Background
When an enterprise user completes related business data processing by using a platform such as an electronic bank or an internet bank, in order to protect data security of the enterprise user, the enterprise user usually needs to log in a security tool such as an enterprise U shield provided by a bank platform side and stored with a certificate in advance to perform specific business data processing.
However, the certificates stored in the enterprise U shield are usually valid. When the certificate exceeds the valid period, the enterprise U shield is in an expired state, and the enterprise user cannot normally log in to use the enterprise U shield. In addition, when the enterprise U shield is in a disabled state for some reason, the enterprise user cannot normally log in to use the enterprise U shield.
Based on the existing method, when a user cannot normally log in and use the enterprise U shield, the user must go to the counter site of the off-line bank outlet to complete the extension processing of the certificate stored in the enterprise U shield, so that the user can normally log in and use the enterprise U shield in the following process. However, the above process is relatively complicated and complex, and the user experience is relatively poor.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The specification provides a certificate exhibition method, a certificate exhibition device and a certificate exhibition server, which can conveniently and efficiently complete self-service exhibition service for a target certificate in a target safety tool without a target user going to a network counter on the premise of protecting information data safety of an enterprise side and a platform side.
The present specification provides a method for extending a certificate, which is applied to a first server, and includes:
receiving a target self-service exhibition period request initiated by a first terminal; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool; the first terminal is connected with a target safety tool; the target security tool stores a target certificate to be developed;
according to the ciphertext data of the target medium serial number and the ciphertext data of the environment information of the target safety tool, under the condition that the target self-service exhibition request meets a preset first safety requirement, whether the target self-service exhibition request is a replay request is detected by inquiring the distributed cache;
in the event that the target self-service exhibition request is determined to be a non-replay request, creating a target log file regarding the target certificate; storing the target self-service exhibition period request into a distributed cache;
receiving a target information input request through an information input interface displayed by a first terminal; the target information input request carries ciphertext data of target information input by a target user;
under the condition that the target information entry request is determined to meet a preset second safety requirement, ciphertext data of the target information are stored into the distributed cache; generating a target check link code aiming at a target user according to the ciphertext data of the target information;
sending the target check link code to a first terminal; the first terminal displays a target verification link code to a target user; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing a target verification result and intermediate data in a target verification process in a target log file;
inquiring a target log file, and updating a target certificate in the target security tool by interacting with the first terminal and the second server under the condition that the target verification is determined to be passed; wherein the second server is used for generating and managing certificates.
In one embodiment, the target security tool comprises a U-shield; the target certificate comprises an enterprise certificate of a target enterprise; accordingly, the target information includes business information of the target business.
In one embodiment, after receiving the first terminal-initiated targeted self-service exhibition request, the method further comprises:
acquiring ciphertext data of a target medium serial number and ciphertext data of environment information of a target safety tool according to the target self-service extension request;
decrypting the ciphertext data of the target medium serial number and the ciphertext data of the environment information of the target safety tool to obtain the target medium serial number and the target environment information;
determining whether the target certificate meets a preset extension condition or not according to the target medium serial number;
under the condition that the target certificate is determined to meet the preset extension condition, processing target environment information by using a preset risk detection model to determine whether the first terminal has an environmental risk;
and under the condition that the first terminal is determined not to have environmental risk, determining that the target self-service exhibition request meets a preset first safety requirement.
In one embodiment, determining whether the target certificate meets a preset extension condition according to the target medium serial number comprises:
inquiring a database according to the target medium serial number to acquire preset information of a target enterprise, state information of a target certificate and valid period information of the target certificate, wherein the preset information is associated with the target medium serial number;
determining whether the target certificate is in an expired state or a revoked state at present according to preset information of the target enterprise, state information of the target certificate and validity information of the target certificate;
and under the condition that the target certificate is determined to be in an expired state or a revoked state currently, determining that the target certificate meets a preset extension condition.
In one embodiment, the environmental information of the target security tool includes at least one of: the device identification of the first terminal, the IP address of the first terminal and the MAC address of the first terminal.
In one embodiment, after receiving the target information entry request through the information entry interface presented by the first terminal, the method further comprises:
acquiring ciphertext data of target information input by a target user according to the target information input request;
decrypting the ciphertext data of the target information to obtain enterprise information of the target enterprise;
verifying enterprise information of the target enterprise according to preset information of the target enterprise;
under the condition that the verification is confirmed to pass, whether the target information input request is a replay request is detected by inquiring the distributed cache;
and under the condition that the target information entry request is determined to be a non-replay request, determining that the target information entry request meets a preset second safety requirement.
In one embodiment, the target check link code also carries ciphertext data of target information.
In one embodiment, the updating the target certificate in the target security tool by interacting with the first terminal and the second server comprises:
acquiring an update request of a target certificate through an exhibition confirmation interface displayed by a first terminal; the updating request of the target certificate at least carries a target signature of a target user;
sending an update request of the target certificate to a second server; the second server generates an updated target certificate under the condition that the update request of the target certificate is determined to meet a preset third safety requirement;
acquiring an updated target certificate provided by a second server;
calling an interface of the first terminal to delete a target certificate in the target security tool; and writing the updated target certificate in the target security tool.
In one embodiment, after writing the updated target certificate in the target security tool, the method further comprises: and updating the target log file.
The specification also provides a certificate extension method, which is applied to the first terminal; the first terminal is connected with a target security tool, the target security tool stores a target certificate to be developed, and the method comprises the following steps:
responding to the trigger operation of a target user, and reading the target safety tool to obtain a target medium serial number of the target safety tool and environmental information of the target safety tool;
encrypting the target medium serial number and the environmental information of the target safety tool to obtain ciphertext data of the target medium serial number and ciphertext data of the environmental information of the target safety tool; generating a target self-service exhibition period request; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool;
sending the target self-service exhibition request to a first server; the first server detects whether the target self-service exhibition request meets a preset first safety requirement or not and whether the target self-service exhibition request is a replay request or not;
displaying an information input interface under the condition that the target self-service exhibition period request meets a preset first safety requirement and is a non-replay request; acquiring target information input by a target user through the information input interface;
encrypting the target information to obtain ciphertext data of the target information; generating a target information input request; the target information input request carries ciphertext data of target information input by a target user;
sending the target information entry request to a first server; under the condition that the target information entry request is determined to meet a preset second safety requirement, the first server generates a target check link code aiming at a target user according to ciphertext data of target information;
receiving and displaying a target check link code; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing a target verification result and intermediate data in a target verification process in a target log file;
and in the case that the target passes the verification, the target certificate in the target security tool is updated by interacting with the first server.
In one embodiment, before the target media serial number of the target security tool and the environmental information of the target security tool are acquired by performing a reading operation on the target security tool in response to a triggering operation of a target user, the method further includes:
interacting with a security gateway under the condition that the target security tool is detected to be connected, so as to carry out primary detection on the target security tool;
according to the preliminary detection result, under the condition that the target user cannot normally log in to use the target safety tool, a login-free self-service exhibition interface is displayed for the target user; the self-service exhibition interface is used for triggering generation of a target self-service exhibition request.
This specification also provides a device for the exhibition of a certificate, applied to a first server, including:
the first receiving module is used for receiving a target self-service exhibition period request initiated by a first terminal; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool; the first terminal is connected with a target safety tool; the target security tool stores a target certificate to be developed;
the first processing module is used for detecting whether the target self-service exhibition request is a replay request or not by inquiring the distributed cache under the condition that the target self-service exhibition request meets a preset first safety requirement according to the ciphertext data of the target medium serial number and the ciphertext data of the environment information of the target safety tool;
a creation module for creating a target log file for the target certificate if the target self-service exhibition request is determined to be a non-replay request; storing the target self-service exhibition period request into a distributed cache;
the second receiving module is used for receiving a target information input request through an information input interface displayed by the first terminal; the target information input request carries ciphertext data of target information input by a target user;
the second processing module is used for storing the ciphertext data of the target information into the distributed cache under the condition that the target information entry request is determined to meet a second preset safety requirement; generating a target check link code aiming at a target user according to the ciphertext data of the target information;
the sending module is used for sending the target check link code to a first terminal; the first terminal displays a target verification link code to a target user; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing the target verification result and intermediate data in the target verification process in a target log file;
the third processing module is used for inquiring the target log file, and updating the target certificate in the target safety tool by interacting with the first terminal and the second server under the condition that the target verification is determined to be passed; wherein the second server is used for generating and managing certificates.
The specification also provides a device for the exhibition of the certificate, which is applied to the first terminal; wherein, the first terminal is connected with a target security tool, the target security tool stores a target certificate to be developed, the device comprises:
the acquisition module is used for responding to the trigger operation of a target user and acquiring a target medium serial number of the target safety tool and the environmental information of the target safety tool by reading the target safety tool;
the first encryption module is used for encrypting the target medium serial number and the environmental information of the target safety tool to obtain ciphertext data of the target medium serial number and ciphertext data of the environmental information of the target safety tool; generating a target self-service exhibition period request; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool;
the first sending module is used for sending the target self-service exhibition request to a first server; the first server detects whether the target self-service exhibition request meets a preset first safety requirement or not and whether the target self-service exhibition request is a replay request or not;
the first display module is used for displaying the information input interface under the condition that the target self-service exhibition request meets a preset first safety requirement and is a non-replay request; acquiring target information input by a target user through the information input interface;
the second encryption module is used for encrypting the target information to obtain ciphertext data of the target information; generating a target information input request; the target information input request carries ciphertext data of target information input by a target user;
the second sending module is used for sending the target information entry request to the first server; under the condition that the target information entry request is determined to meet a second preset safety requirement, the first server generates a target check link code for a target user according to ciphertext data of the target information;
the second display module is used for receiving and displaying the target check link code; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing the target verification result and intermediate data in the target verification process in a target log file;
and the processing module is used for updating the target certificate in the target security tool by interacting with the first server under the condition that the target passes the verification.
The present specification also provides a server comprising a processor and a memory storing processor-executable instructions that when executed by the processor implement the steps of the method for promoting the growth of certificates.
The present specification also provides a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, perform the steps of the method of claim exhibition of said certificate.
Based on the certificate expiration method, the certificate expiration device and the certificate server provided by the specification, when a target security tool which is held by a target user and stores a target certificate to be expired cannot be normally logged in for use due to expiration or invalidation, the target security tool can be connected with a first terminal on a user side, and a target self-service exhibition request is initiated through the first terminal; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of the environment information. And the first server of the platform side receives and responds to the target self-service exhibition period request, and completes the updating of the target certificate in the target security tool by performing related data processing and data interaction according to corresponding protocol rules. Specifically, after receiving the target self-service exhibition period request, the first server may detect, by querying the distributed cache, whether the target self-service exhibition period request is a replay request, according to the ciphertext data of the target medium serial number and the ciphertext data of the environment information of the target security tool, under a condition that it is determined that the target self-service exhibition period request meets a preset first security requirement; under the condition that the target self-service exhibition request is determined to be a non-replay request, a target log file about a target certificate is created; storing the target self-service exhibition period request into a distributed cache; then, receiving a target information input request through an information input interface displayed by the first terminal; the target information input request carries ciphertext data of target information input by a target user; under the condition that the target information entry request is determined to meet a preset second safety requirement, ciphertext data (or the target information entry request) of the target information are stored into the distributed cache; generating a target check link code aiming at a target user according to the ciphertext data of the target information; sending the target check link code to a first terminal; correspondingly, the first terminal displays the target check link code to the target user; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; the target verification result and intermediate data in the target verification process are stored in a target log file; the first server inquires the target log file, and under the condition that the target verification is determined to pass, the first server interacts with the first terminal and the second server to update the target certificate in the target security tool; wherein the second server is used for generating and managing certificates. Therefore, on the premise of protecting the information data safety of an enterprise side and a platform side, a target user can complete self-service exhibition service aiming at a target certificate in a target safety tool conveniently and efficiently without going to a website counter site, the operation of the user side is effectively simplified, and the user can obtain better interactive experience.
Drawings
In order to more clearly illustrate the embodiments of the present specification, the drawings needed to be used in the embodiments will be briefly described below, and the drawings in the following description are only some of the embodiments described in the specification, and it is obvious to those skilled in the art that other drawings can be obtained based on the drawings without any inventive work.
FIG. 1 is a flow diagram illustrating a method for the exhibition of certificates according to an embodiment of the present disclosure;
FIG. 2 is a diagram illustrating an embodiment of a method for extending a certificate according to an embodiment of the present disclosure;
FIG. 3 is a diagram illustrating an embodiment of a method for extending a certificate according to an embodiment of the present disclosure;
FIG. 4 is a diagram illustrating an embodiment of a method for extending a certificate according to an embodiment of the present disclosure;
FIG. 5 is a flow diagram illustrating a method for generating a certificate for an extended period as provided in another embodiment of the present description;
FIG. 6 is a schematic structural component diagram of a server provided in an embodiment of the present description;
fig. 7 is a schematic structural component diagram of a certificate exhibition device provided by an embodiment of the present specification;
fig. 8 is a schematic structural component diagram of a certificate exhibition device according to another embodiment of the present specification;
fig. 9 is a schematic diagram of an embodiment of a method for applying a certificate renewal provided by an embodiment of the present specification in a scenario example.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
Referring to fig. 1, an embodiment of the present specification provides a method for extending a certificate, where the method is specifically applied to a first server side. In specific implementation, the method may include the following:
s101: receiving a target self-service exhibition period request initiated by a first terminal; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool; the first terminal is connected with a target safety tool; the target security tool stores a target certificate to be developed;
s102: according to the ciphertext data of the target medium serial number and the ciphertext data of the environment information of the target safety tool, under the condition that the target self-service exhibition request meets a preset first safety requirement, whether the target self-service exhibition request is a replay request is detected by inquiring the distributed cache;
s103: in the event that the target self-service exhibition request is determined to be a non-replay request, creating a target log file regarding the target certificate; storing the target self-service exhibition period request into a distributed cache;
s104: receiving a target information input request through an information input interface displayed by a first terminal; the target information input request carries ciphertext data of target information input by a target user;
s105: under the condition that the target information entry request is determined to meet a second preset safety requirement, ciphertext data of the target information are stored into a distributed cache; generating a target check link code aiming at a target user according to the ciphertext data of the target information;
s106: sending the target check link code to a first terminal; the first terminal displays a target verification link code to a target user; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing the target verification result and intermediate data in the target verification process in a target log file;
s107: inquiring a target log file, and updating a target certificate in the target security tool by interacting with the first terminal and the second server under the condition that the target verification is determined to be passed; wherein the second server is used for generating and managing certificates.
Based on the embodiment, the first server performs related data processing and data interaction with the first terminal, the second terminal and the second server according to the protocol rule, so that a user can conveniently and efficiently realize a self-service exhibition service aiming at a target certificate in a target safety tool without going to a website counter site on the premise of protecting information data safety of an enterprise side and a platform side, and better interaction experience can be obtained.
In some embodiments, referring to fig. 2, the method for the extension of the certificate may be specifically applied to the first server side in the system. The first server may specifically include a background server that is applied to one side of a network service platform (e.g., XX internet banking network service platform) and is capable of implementing functions such as data transmission and data processing.
In addition, a second server is also included in the system. The second server may specifically include a certificate management server, and implement service functions such as certificate application, certificate update, and certificate download. Such as a CA server, etc.
Specifically, the first server and the second server may be, for example, an electronic device having data operation, storage functions and network interaction functions. Alternatively, the first server and the second server may also be software programs running in the electronic device and providing support for data processing, storage and network interaction. In this embodiment, the number of the servers included in the first server and the second server is not specifically limited. The first server and the second server may be specifically one server, or several servers, or a server cluster formed by several servers.
Furthermore, a first terminal and a second terminal are arranged on one side of the target user.
Specifically, referring to fig. 2, the first terminal may specifically include an electronic device connected to the first server in a wired or wireless manner and having relatively high security. Specifically, the first terminal may include a kiosk disposed at a specified location, and may also include a desktop computer, a notebook computer, and the like of the target user.
The second terminal may specifically include a mobile electronic device that is held by the target user and at least has a built-in or external camera connected thereto. Such as a smart phone, smart watch, tablet computer, etc.
In specific implementation, when a target user finds that the held target security tool cannot normally log in to use the target security tool due to expiration or invalidation, the target security tool can be connected with the first terminal, and interacts with the first server through the first terminal. The first server can perform first verification on the target safety tool and the related information of the first terminal in the interaction process. In the case that the first verification passes, the first server may further generate a target link code, and expose the target link code through the first terminal. At this point, the target user may scan the target link code using the second terminal to trigger a second verification involving video interaction. And under the condition that the second verification is passed, the first server performs corresponding interaction with the first terminal and the second server, and updates the target certificate in the target security tool so as to realize the extension of the target certificate in the target security tool. And the target user may continue to log normally into use of the target security tool.
In some embodiments, the target security tool may specifically include a U shield (e.g., an enterprise U shield); the target certificate comprises an enterprise certificate of a target enterprise; accordingly, the target information includes business information of the target business.
Accordingly, the target user may be specifically understood as a user responsible for managing or using the U shield. Such as a corporate target enterprise, or a financial staff member of the target enterprise, etc.
The U shield may also be referred to as a "good shield" as a "U shield," and may be specifically understood as a client certificate USBkey, "which is a high-level security tool provided by a banking platform for transacting online banking services. The enterprise U shield is different from the personal U shield and can be understood as a U shield provided for enterprise clients and is related to enterprise information binding of the enterprise; moreover, compared with the personal U shield, the enterprise U shield has stricter requirements on security. The enterprise certificate of the target enterprise may be understood as a digital certificate associated with the bound target enterprise.
Based on the embodiment, the method provided by the specification can be applied to efficiently and conveniently extend the enterprise certificate of the target enterprise stored in the enterprise U shield, so that the target user can continuously and normally log in to use the enterprise U shield.
In some embodiments, when implemented, the target user may connect the target security tool to the first terminal by inserting the target security tool into a USB interface of the first terminal.
The first terminal may interact with the security gateway first when detecting that the target security tool is connected to the first terminal, so as to perform preliminary detection on the target security tool. The security gateway may specifically include a deep trust server. The above-mentioned deep trust server may be specifically understood as an enterprise-level security authentication server.
The security gateway may be specifically configured with a preset abnormal certificate information set. The preset abnormal certificate information set comprises certificate information of the certificate in an abnormal state. The abnormal state may specifically include: an expired status and/or a voided status. The certificate information may specifically include: certificate number, validity information of the certificate, revocation flag of the certificate, and the like. The preset abnormal certificate information set may be specifically provided by the second server.
Specifically, for example, some certificates may be out of date when their validity period is exceeded. At this point, the user still cannot log in to use the security tool normally.
For another example, during the period of the growth of some certificates, only the old certificate in the security tool may be deleted and the updated certificate may not be completely written due to a sudden network interruption or a sudden terminal downtime. At this time, the certificate in the security tool is in a disabled state, and the user still cannot normally log in to use the security tool. On the second server side, a status flag is set for the certificate to indicate that the certificate is currently in a revoked state.
Specifically, the second server may collect and determine the certificate in the abnormal state periodically (for example, every other day) according to the latest status information of all distributed certificates; acquiring and generating updating data aiming at a preset abnormal certificate information set according to the certificate information of the certificate in the abnormal state; and sends the update data to the security gateway. Correspondingly, the security gateway can update the locally configured preset abnormal certificate information set in time according to the update data.
In specific implementation, the first terminal may generate and send a preliminary detection request to the security gateway when detecting the target security tool. The security gateway can respond to the preliminary detection request and call a USB interface of the first terminal to acquire the certificate information of the target certificate in the target security tool; and then matching the acquired certificate information of the target value certificate with a preset abnormal certificate information set. And under the condition of successful matching, determining that the target certificate in the target safety tool is in an abnormal state, and further determining that the current target user cannot normally log in to use the target safety tool to obtain a corresponding preliminary detection result. On the contrary, under the condition of failed matching, it can be determined that the target certificate in the target security tool is not in an abnormal state, and then it is determined that the current target user can normally log in to use the target security tool, so as to obtain a corresponding preliminary detection result. And feeding back the preliminary detection result to the first terminal.
And the first terminal can show a login-free self-service exhibition interface to the target user according to the preliminary detection result under the condition that the target user cannot normally log in to use the target safety tool currently. In this way, the target user can still initiate a target self-service exhibition request through the login-free self-service exhibition interface to request the first server to perform a self-service exhibition service related to the target security tool under the condition that the target security tool cannot be normally logged in and used.
The target self-service extension request may be specifically understood as a request for extending an expired target certificate in the target security tool, or a request for modifying a target certificate marked as a revocation status in the target security tool into a normal status, so as to continue to normally log in the request data for using the target security tool.
In specific implementation, the target user can initiate the triggering operation by clicking the icon confirming the self-service exhibition in the self-service exhibition interface. The first terminal may perform a reading operation on the target security tool through the USB interface in response to the triggering operation, so as to obtain a target media serial number (e.g., a media serial number of the U-shield, etc.) of the target security tool and environment information of the target security tool.
In some embodiments, the environmental information of the target security tool may specifically include at least one of: a device identification of the first terminal, an IP address of the first terminal, a MAC address of the first terminal, etc.
Of course, it should be noted that the above listed environment information is only an exemplary illustration. In specific implementation, the obtained environment information may further include other types of environment information according to a specific application scenario and a processing requirement. The present specification is not limited to these.
Based on the embodiment, the environment information of the target security tool is also acquired while the target medium serial number of the target security tool is acquired, so that the current safety of the target certificate in the target security tool during the extension period can be judged more finely from the dimension of the current environment of the target security tool based on the environment information of the target security tool in the following process, and the data safety of relevant information can be better protected.
In some embodiments, after obtaining the target medium serial number and the target environment information of the target security tool, the first terminal may encrypt the target medium serial number and the target environment information of the target security tool according to a preset encryption rule to obtain ciphertext data of the target medium serial number and ciphertext data of the target environment information; further, a target self-service extension request carrying the ciphertext data of the target medium serial number of the target safety tool and the ciphertext data of the environment information of the target safety tool can be generated; and then the target self-service exhibition request is sent to the first server. Therefore, the problem that the data security of related information is influenced because the target medium serial number and the target environment information are leaked due to the fact that the target self-service extension request is intercepted by a third party in the transmission process can be effectively avoided.
In some embodiments, the preset encryption rule may specifically include an SM4 encryption algorithm (or SM4 block cipher algorithm).
Specifically, when encryption is performed, the first terminal and the first server may interact according to a preset encryption rule to generate public key data and private key data corresponding to each other. The first terminal holds public key data, and the first server holds private key data. In particular, the first terminal may encrypt the target media serial number and the environment information using public key data. Accordingly, the first server may decrypt the ciphertext data of the target medium serial number and the ciphertext data of the environment information using the private key data.
Further, the first terminal and the first server may interact according to a preset encryption rule to generate a first public key and a first private key corresponding to each other, and a second public key and a second private key corresponding to each other. The first terminal holds a first public key and a second public key; the first server holds a first private key and a second private key. Wherein the first public key and the first private key may be more secure than the second public key and the second private key. In a specific implementation, the first terminal may encrypt the target media serial number using the first public key, and encrypt the environment information using the second public key. Correspondingly, the first server may decrypt the ciphertext data of the target media serial number using the first private key, and decrypt the ciphertext data of the environmental information using the second private key.
In some embodiments, after receiving the target self-service exhibition period request, the first server may detect whether a preset first safety requirement and a preset second safety requirement are met by interacting with the first terminal to perform a first verification.
In some embodiments, when the method is implemented after the first server receives the target self-service exhibition period request initiated by the first terminal, referring to fig. 3, the following may be further included:
s1: acquiring ciphertext data of a target medium serial number and ciphertext data of environment information of a target safety tool according to the target self-service extension request;
s2: decrypting the ciphertext data of the target medium serial number and the ciphertext data of the environment information of the target safety tool to obtain the target medium serial number and the target environment information;
s3: determining whether the target certificate meets a preset extension condition or not according to the target medium serial number;
s4: under the condition that the target certificate is determined to meet the preset extension condition, processing target environment information by using a preset risk detection model to determine whether the first terminal has an environmental risk;
s5: and under the condition that the first terminal is determined not to have environmental risk, determining that the target self-service exhibition request meets a preset first safety requirement.
Based on the embodiment, the first server can synthesize the two-dimensional information of the environmental information of the target medium serial number, and accurately determine whether the target self-service exhibition request meets the preset first safety requirement, so as to determine whether to perform subsequent data processing, and effectively protect the data safety of related information.
In some embodiments, the determining whether the target certificate meets the preset exhibition condition according to the target media serial number may include the following steps:
s1: inquiring a database according to the target medium serial number, and acquiring preset information of a target enterprise, state information of a target certificate and valid period information of the target certificate, which are associated with the target medium serial number;
s2: determining whether the target certificate is in an expired state or a revoked state at present according to preset information of the target enterprise, state information of the target certificate and valid period information of the target certificate;
s3: and under the condition that the target certificate is determined to be in an expired state or a revoked state currently, determining that the target certificate meets a preset extension condition.
The database may specifically store preset information of an enterprise bound to the certificate generated and distributed by the second server, validity information of the certificate, and status information of the certificate. The preset information may specifically include enterprise information provided by an enterprise when applying for an enterprise certificate. The certificate status information may specifically include a status label set by the second server.
In this embodiment, in specific implementation, it may be determined that the target certificate meets the preset expiration condition according to preset information of the target enterprise, state information of the target certificate, and validity information of the target certificate, under the condition that it is determined that the target certificate is currently in an expired state or a revoked state, and further, subsequent data processing may be triggered. On the contrary, under the condition that the target certificate is determined not to be in an expired state or a revoked state, the target certificate can be determined not to meet the preset exhibition condition, and further the subsequent data processing can not be triggered; meanwhile, prompt information used for prompting the target user that the target safety tool does not need to perform the exhibition service can be generated and sent to the first terminal.
Based on the above embodiment, the first server may accurately determine whether the target certificate meets the preset extension condition by querying the database according to the target medium serial number.
In some embodiments, the preset risk detection model may be a model trained in advance by using a large amount of two-sample environment information. The preset risk detection model can predict an environment risk value corresponding to the preset risk detection model based on the input environment information.
In specific implementation, the first server may compare the environmental risk value with a preset risk threshold value; in the case that it is determined that the environmental risk value is greater than the preset risk threshold, it may be determined that the environmental risk currently exists in the first terminal connected to the target security tool. At this time, in order to protect the data security of the related information, subsequent data processing can be refused; and generating and feeding back prompt information for prompting the existence of the environmental risk to the first terminal.
In some embodiments, in implementation, the first server may further query the history record according to the target environment information to determine a behavior characteristic (e.g., the number, frequency, and initiation time of initiating the self-service exhibition request) of the first terminal connected to the target security tool in a preset time period (e.g., the last week); and then whether the first terminal has the environmental risk or not can be determined according to the behavior characteristics.
In addition, the first server can also query a preset risk terminal blacklist according to the target environment information so as to determine whether the first terminal has an environmental risk.
In some embodiments, in the case that it is determined that the target self-service exhibition request meets the preset first safety requirement, whether the target self-service exhibition request is a replay request or not can be detected by querying the distributed cache, so as to perform anti-replay control on the request.
The distributed cache may store historical interaction data (including historical self-service exhibition requests and information entry requests received by the first server, historical information data generated or sent by the first server, and the like) between the first server and other devices such as the first terminal. Specifically, the data stored in the distributed cache may be ciphertext data of the interactive data.
Specifically, the target self-service exhibition request may carry indication information such as a timestamp; the first server can detect whether a self-service exhibition period request carrying the same indication information exists in the distributed cache according to the indication information; when the existence of such a self-service exhibition request is detected, it can be judged that the currently acquired target self-service exhibition request may be a replay request for extracting relevant information generated by a third party intercepting the self-service exhibition request sent by the direct user. At this time, in order to avoid the leakage of the related information and to protect the data security of the user and the platform, the first server may refuse to respond to the target self-service exhibition request for subsequent data processing.
In some embodiments, where the target self-service exhibition request is determined to be a non-replay request, the target self-service exhibition request may be determined to be secure and trustworthy; further, the target self-service exhibition request can be responded, a target log file related to a target certificate is created, and the target log file is initialized; meanwhile, the target self-service exhibition request can be stored in a distributed cache so as to be used for subsequent replay request detection. The target log file may specifically include a log file based on a blockchain technique.
In some embodiments, in the case that the target self-service exhibition request is determined to be a non-replay request, the first server may further generate an information entry interface for inputting the target information in response to the target self-service exhibition request, and transmit the information entry interface to the first terminal. The first terminal may present the information entry interface to the target user. The target user can input related target information according to the guide information in the information input interface, such as legal information of the target enterprise, an enterprise number of the target enterprise, a certificate drawing of the target enterprise and the like.
Correspondingly, the first terminal can receive target information input by a target user through the information input interface; encrypting the target information to obtain ciphertext data of the target information; and generating a target information entry request carrying the ciphertext data of the target information, and sending the target information entry request to the first server.
Correspondingly, the first service receives and obtains the target information entry request through the information entry interface displayed by the first terminal.
It should be noted that, in this specification, the information data related to the user (including the individual user and the enterprise user) is obtained and used under the condition that the user knows and agrees. And the acquisition, storage, use, processing and the like of the information data all conform to relevant regulations of national laws and regulations.
In some embodiments, referring to fig. 4, after receiving the target information entry request through the information entry interface displayed by the first terminal, when the method is implemented, the following may be further included:
s1: acquiring ciphertext data of target information input by a target user according to the target information input request;
s2: decrypting the ciphertext data of the target information to obtain enterprise information of the target enterprise;
s3: verifying enterprise information of the target enterprise according to preset information of the target enterprise;
s4: under the condition that the verification is confirmed to pass, whether the target information entry request is a replay request or not is detected by inquiring the distributed cache;
s5: and under the condition that the target information entry request is determined to be a non-replay request, determining that the target information entry request meets a preset second safety requirement.
Based on the embodiment, the first server can accurately determine whether the target information entry request meets the preset second safety requirement by checking the enterprise information and detecting whether the target information entry request is a replay request, so that the data safety of the related information in the exhibition service is effectively protected.
In some embodiments, when performing the verification specifically, the target information may be matched and checked with the previously acquired preset information of the target enterprise, and when it is determined that the target information is consistent with the preset information of the target enterprise, it is determined that the verification is passed. Specifically, whether the target information entry request is a replay request or not may be detected, and reference may be made to an embodiment of detecting whether the target self-service exhibition request is a replay request, which is not described in detail herein.
In some embodiments, in the case that it is determined that the target information entry request does not meet the preset second security requirement, subsequent data processing may be rejected, and prompt information about the existence of the security risk may be generated and displayed to the target user through the first terminal. On the contrary, under the condition that the target information entry request is determined to meet the preset second safety requirement, the ciphertext data of the target information can be stored in the distributed cache so as to be used for subsequent replay request detection; meanwhile, a target check link code for the target user can be generated according to the ciphertext data of the target information. The target verification link code may be a two-dimensional code, a bar code, or the like.
In some embodiments, the first server may send the target verification linking code to the first terminal. The target user can use the second terminal to scan the target verification link code to trigger the target verification related to the video interaction to complete the second verification.
In some embodiments, the target check link code may further include ciphertext data of target information.
Correspondingly, when the target user uses the second terminal to scan the target check link code, the target user can be shown with the target information by reading and decrypting the ciphertext data of the target information on the second terminal. In this way, the target user can further review the target information to ensure that the information data input by the target user is accurate.
Based on the embodiment, the target check link code of the ciphertext data carrying the target information is utilized, so that the target user can firstly recheck the target information input by the target user before performing the target check related to video interaction, and the overall accuracy of data processing is further improved.
In some embodiments, the second terminal may specifically be a terminal previously bound when applying for a target certificate of a target enterprise. Specifically, the preset information of the target enterprise may further include a terminal identifier of a terminal bound to the target certificate.
In specific implementation, a target user can scan and obtain a target check link code through a second terminal; and then, a safe and reliable information channel between the first server and the target verification link code is constructed by analyzing the target verification link code and according to the related link information, so that a target verification request can be sent to the first server through the information channel, and the subsequent target verification is completed. The first server may perform target verification by interacting with the first terminal and other devices in response to the target verification request.
In some embodiments, the target verification request may further carry a terminal identifier of the second terminal. Correspondingly, after receiving the target verification request, the first server may determine, according to the terminal identifier of the second terminal and the preset information of the target enterprise, whether the second terminal currently initiating the target verification request is a terminal bound to the target certificate, and perform subsequent target verification if it is determined that the second terminal is the terminal bound to the target certificate.
In some embodiments, referring to fig. 9, the target verification specifically may include the following verification processing related to video interaction: live verification, networked verification, remote customer service verification, and the like.
In some embodiments, in particular to perform the live body verification, the first server may acquire, by the second terminal, current face video data (or face image data) of the target user; calling a preset living body detection model to carry out living body detection on the human face video data (or the human face image data); upon determining that the target user belongs to a living body, a further networking check may be performed.
Specifically, when the network connection verification is performed, the first server can acquire the identity information (such as a face image, a name, a mobile phone number, certificate information and the like of the target user) of the target user through the second terminal and generate a target joint verification request carrying the identity information of the target user; sending the target joint verification request to a monitoring system with higher credibility and public credibility for networking verification; and receiving the networking verification result fed back by the supervision system, and further performing remote customer service verification under the condition of determining that the networking verification is passed.
Specifically, when remote customer service verification is carried out, the first server can call remote customer service personnel, and the remote customer service personnel and enterprise legal persons (or target users) communicate and verify relevant information; and simultaneously recording the video data or the audio data in the passing process as intermediate data. And under the condition that the remote customer service personnel confirm that the verification is passed after the call is finished, the remote customer service personnel can be confirmed to pass the verification, so that the whole target can be confirmed to pass the verification, and the second verification is completed.
Meanwhile, the first server may store the target verification result that the target verification passes and the intermediate data in a target log file.
When the target verification process is implemented specifically, the second terminal can also finish the target verification process, and the target verification result and the intermediate data are stored in the target log file by the second terminal.
In some embodiments, the first server may determine whether the target verification passes by querying the target log file, and in a case that the target verification is determined to pass, the first server determines that the target certificate in the target security tool may be subjected to an extension process to update the target certificate in the target security tool. Otherwise, the first server may generate and send a prompt message to the first terminal, wherein the prompt message does not meet the security requirement and cannot be extended.
In some embodiments, the updating of the target certificate in the target security tool through interaction with the first terminal and the second server may include the following steps:
s1: acquiring an update request of a target certificate through an exhibition confirmation interface displayed by a first terminal; wherein, the update request of the target certificate at least carries a target signature of a target user;
s2: sending an update request of the target certificate to a second server; the second server generates an updated target certificate under the condition that the update request of the target certificate is determined to meet a preset third safety requirement;
s3: acquiring an updated target certificate provided by a second server;
s4: calling an interface of the first terminal to delete a target certificate in the target security tool; and writing the updated target certificate in the target security tool.
Based on the above embodiment, the first server performs corresponding interaction with the first terminal and the second server, so that the extension processing of the target certificate in the target security tool can be safely and reliably completed.
In some embodiments, when implemented, the first server may generate an exhibition confirmation interface and send the exhibition confirmation interface to the first terminal.
The first terminal may present the exhibition confirmation interface to the target user. In the exhibition confirmation interface, the target user may input a user password held by the target user according to the guidance in the case of determining the exhibition. The first terminal can receive and generate a user signature of a target user according to the user password; an update request (e.g., P10 packet, etc.) for the target certificate carrying the user signature of the target user may then be generated and sent to the first server.
The first server receives the update request of the target certificate and generates an application code and an authorization code about the update of the target certificate according to the target signature; and sending an update request of the target certificate carrying the application code, the authorization code and the target signature to a second server.
In addition, the first server can also detect whether the update request of the target certificate is a replay request by querying the distributed cache; in the case where it is determined that the update request of the target certificate is a non-replay request, the update request of the target certificate may be stored in the distributed cache.
After receiving the update request, the second server may verify the application code, the authorization code, and the target signature respectively; determining that the application code, the authorization code and the target signature meet a preset third safety requirement under the condition that the application code, the authorization code and the target signature are verified; an updated target certificate (e.g., P7 package) may then be generated; and sending the updated target certificate to the first server.
After receiving the updated target certificate, the first server may first call a USB interface of the first terminal to delete an old target certificate in the target security tool; and writing the updated target certificate into the target security tool, thereby completing the extension processing of the target certificate in the target security tool. Further, the target user may continue to log on normally to use the target security tool.
In some embodiments, after writing the updated target certificate in the target security tool, when the method is implemented, the following may be further included: and updating the target log file.
Specifically, the first server may add a status record for indicating that the development period is successful in the target log file, so as to complete updating of the target log file. Based on the target log file, the first server may determine that the grace period processing for the target certificate in the target security tool is complete.
If the updated target certificate is not successfully written into the target security tool, the first server may add a status record for indicating failure in the growth period to the target log file, so that the updated target certificate may be continuously written into the target security tool based on the target log file.
Based on the above embodiment, the first server may update the target log file in time, so that whether the exhibition process is finished can be accurately determined from the target log file in the following.
As can be seen from the above, according to the certificate expiration method provided in the embodiments of the present specification, when a target security tool, which is held by a target user and stores a target certificate to be expired, cannot be normally logged in for use due to expiration or invalidation, the target security tool may be connected to a first terminal, and a target self-service expiration request is initiated through the first terminal; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of the environment information. And the first server of the platform side receives and responds to the target self-service exhibition period request, and completes the updating of the target certificate in the target safety tool by performing related data processing and data interaction according to corresponding protocol rules. Therefore, on the premise of protecting the information data security of an enterprise side and a platform side, a target user can conveniently and efficiently complete the self-service exhibition service aiming at the target certificate in the target security tool without going to a network counter, the operation of the user side is effectively simplified, and the user can obtain better interactive experience.
Referring to fig. 5, another method for extending a certificate is provided in the embodiments of the present specification. The method can be applied to the first terminal side. In specific implementation, the method may include the following:
s501: responding to the trigger operation of a target user, and reading the target safety tool to obtain a target medium serial number of the target safety tool and environmental information of the target safety tool;
s502: encrypting the target medium serial number and the environmental information of the target safety tool to obtain ciphertext data of the target medium serial number and ciphertext data of the environmental information of the target safety tool; generating a target self-service exhibition period request; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool;
s503: sending the target self-service exhibition request to a first server; the first server detects whether the target self-service exhibition request meets a preset first safety requirement or not and whether the target self-service exhibition request is a replay request or not;
s504: displaying an information input interface under the condition that the target self-service exhibition period request meets a preset first safety requirement and is a non-replay request; acquiring target information input by a target user through the information input interface;
s505: encrypting the target information to obtain ciphertext data of the target information; generating a target information input request; the target information input request carries ciphertext data of target information input by a target user;
s506: sending the target information entry request to a first server; under the condition that the target information entry request is determined to meet a second preset safety requirement, the first server generates a target check link code for a target user according to ciphertext data of the target information;
s507: receiving and displaying a target check link code; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing the target verification result and intermediate data in the target verification process in a target log file;
s508: and in the case that the target passes the verification, the target certificate in the target security tool is updated by interacting with the first server.
Based on the embodiment, the target user can efficiently and conveniently complete the exhibition period processing of the target certificate in the target safety tool by directly using the first terminal and the second terminal which are deployed at one side of the target user without going to a website counter site, thereby effectively simplifying the user side operation and improving the interaction experience of the user.
In some embodiments, before the triggering operation of the target user is responded, and the reading operation is performed on the target security tool to obtain the target media serial number of the target security tool and the environmental information of the target security tool, when the method is implemented, the following may be further included:
s1: interacting with a security gateway under the condition that the target security tool is detected to be connected, so as to carry out primary detection on the target security tool;
s2: according to the preliminary detection result, under the condition that the target user cannot normally log in to use the target safety tool, a login-free self-service exhibition interface is displayed for the target user; the self-service exhibition interface is used for triggering generation of a target self-service exhibition request.
Based on the embodiment, before the first terminal initiates the target self-service exhibition period request, the first terminal can also interact with the security gateway to perform preliminary detection; under the condition that the target user cannot normally log in to use the target safety tool, the login-free self-service exhibition interface is displayed for the target user, so that the user can conveniently initiate a target self-service exhibition request through the first terminal on the premise of not logging in to use the target safety tool, and the interaction experience of the user can be further improved.
In order to more accurately complete the above instructions, referring to fig. 6, an embodiment of the present specification further provides a server, where the server includes a network communication port 601, a processor 602, and a memory 603, and the above structures are connected by an internal cable, so that the structures may perform specific data interaction.
The network communication port 601 may be specifically configured to receive a target self-service exhibition period request initiated by a first terminal; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool; the first terminal is connected with a target safety tool; the target security tool stores a target certificate to be renewed.
The processor 602 may be specifically configured to detect, according to ciphertext data of the target medium serial number and ciphertext data of the environment information of the target security tool, whether the target self-service exhibition request is a replay request by querying the distributed cache when it is determined that the target self-service exhibition request meets a preset first security requirement; in the event that the target self-service exhibition request is determined to be a non-replay request, creating a target log file regarding the target certificate; storing the target self-service exhibition period request into a distributed cache; receiving a target information input request through an information input interface displayed by a first terminal; the target information input request carries ciphertext data of target information input by a target user; under the condition that the target information entry request is determined to meet a preset second safety requirement, ciphertext data of the target information are stored into the distributed cache; generating a target check link code aiming at a target user according to the ciphertext data of the target information; sending the target check link code to a first terminal; the first terminal displays a target verification link code to a target user; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing the target verification result and intermediate data in the target verification process in a target log file; inquiring a target log file, and updating a target certificate in the target security tool by interacting with the first terminal and the second server under the condition that the target verification is determined to be passed; wherein the second server is used for generating and managing certificates.
The memory 603 may be specifically configured to store a corresponding instruction program.
In this embodiment, the network communication port 601 may be a virtual port bound with different communication protocols, so that different data can be sent or received. For example, the network communication port may be a port responsible for web data communication, a port responsible for FTP data communication, or a port responsible for mail data communication. In addition, the network communication port can also be a communication interface or a communication chip of an entity. For example, it may be a wireless mobile network communication chip, such as GSM, CDMA, etc.; it can also be a Wifi chip; it may also be a bluetooth chip.
In this embodiment, the processor 602 may be implemented in any suitable manner. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller and embedded microcontroller, and so forth. The description is not intended to be limiting.
In this embodiment, the memory 603 may include multiple layers, and in a digital system, the memory may be any memory as long as binary data can be stored; in an integrated circuit, a circuit without a real form and with a storage function is also called a memory, such as a RAM, a FIFO and the like; in the system, the storage device in physical form is also called a memory, such as a memory bank, a TF card and the like.
An embodiment of the present specification further provides a terminal, including a processor and a memory for storing processor-executable instructions, where the processor executes the instructions to implement the following steps: responding to the trigger operation of a target user, and reading the target safety tool to obtain a target medium serial number of the target safety tool and environmental information of the target safety tool; encrypting the target medium serial number and the environmental information of the target safety tool to obtain ciphertext data of the target medium serial number and ciphertext data of the environmental information of the target safety tool; generating a target self-service exhibition period request; the target self-service exhibition period request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool; sending the target self-service exhibition request to a first server; the first server detects whether the target self-service exhibition request meets a preset first safety requirement or not and whether the target self-service exhibition request is a replay request or not; displaying an information input interface under the condition that the target self-service exhibition period request meets a preset first safety requirement and is a non-replay request; acquiring target information input by a target user through the information input interface; encrypting the target information to obtain ciphertext data of the target information; generating a target information input request; the target information input request carries ciphertext data of target information input by a target user; sending the target information entry request to a first server; under the condition that the target information entry request is determined to meet a preset second safety requirement, the first server generates a target check link code aiming at a target user according to ciphertext data of target information; receiving and displaying a target check link code; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing the target verification result and intermediate data in the target verification process in a target log file; and in the case that the target passes the verification, the target certificate in the target security tool is updated by interacting with the first server.
The present specification further provides a computer storage medium based on the above-mentioned certificate extension method, where the computer storage medium stores computer program instructions, and when the computer program instructions are executed, the computer storage medium implements: receiving a target self-service exhibition period request initiated by a first terminal; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool; the first terminal is connected with a target safety tool; the target security tool stores a target certificate to be developed; according to the ciphertext data of the target medium serial number and the ciphertext data of the environment information of the target safety tool, under the condition that the target self-service exhibition request meets a preset first safety requirement, whether the target self-service exhibition request is a replay request is detected by inquiring the distributed cache; in the event that the target self-service term exhibition request is determined to be a non-replay request, creating a target log file for the target certificate; storing the target self-service exhibition period request into a distributed cache; receiving a target information input request through an information input interface displayed by a first terminal; the target information input request carries ciphertext data of target information input by a target user; under the condition that the target information entry request is determined to meet a preset second safety requirement, ciphertext data of the target information are stored into the distributed cache; generating a target check link code aiming at a target user according to the ciphertext data of the target information; sending the target check link code to a first terminal; the first terminal displays a target verification link code to a target user; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing the target verification result and intermediate data in the target verification process in a target log file; inquiring a target log file, and updating a target certificate in the target security tool by interacting with the first terminal and the second server under the condition that the target verification is determined to be passed; wherein the second server is used for generating and managing certificates.
The present specification further provides another computer storage medium based on the above-mentioned certificate exhibition method, where the computer storage medium stores computer program instructions, and when the computer program instructions are executed, the computer program instructions implement: responding to the trigger operation of a target user, and reading the target safety tool to obtain a target medium serial number of the target safety tool and environmental information of the target safety tool; encrypting the target medium serial number and the environmental information of the target safety tool to obtain ciphertext data of the target medium serial number and ciphertext data of the environmental information of the target safety tool; generating a target self-service exhibition period request; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool; sending the target self-service exhibition request to a first server; the first server detects whether the target self-service exhibition request meets a preset first safety requirement or not and whether the target self-service exhibition request is a replay request or not; displaying an information input interface under the condition that the target self-service exhibition period request meets a preset first safety requirement and is a non-replay request; acquiring target information input by a target user through the information input interface; encrypting the target information to obtain ciphertext data of the target information; generating a target information input request; the target information input request carries ciphertext data of target information input by a target user; sending the target information entry request to a first server; under the condition that the target information entry request is determined to meet a preset second safety requirement, the first server generates a target check link code aiming at a target user according to ciphertext data of target information; receiving and displaying a target check link code; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing a target verification result and intermediate data in a target verification process in a target log file; and in the case that the target passes the verification, the target certificate in the target security tool is updated by interacting with the first server.
In this embodiment, the storage medium includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), a Cache (Cache), a Hard Disk Drive (HDD), or a Memory Card (Memory Card). The memory may be used to store computer program instructions. The network communication unit may be an interface for performing network connection communication, which is set in accordance with a standard prescribed by a communication protocol.
In this embodiment, the functions and effects specifically realized by the program instructions stored in the computer storage medium can be explained by comparing with other embodiments, and are not described herein again.
Embodiments of the present specification further provide a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program implements the following steps: receiving a target self-service exhibition period request initiated by a first terminal; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool; the first terminal is connected with a target safety tool; the target security tool stores a target certificate to be developed; according to the ciphertext data of the target medium serial number and the ciphertext data of the environment information of the target safety tool, under the condition that the target self-service exhibition request meets a preset first safety requirement, whether the target self-service exhibition request is a replay request is detected by inquiring the distributed cache; in the event that the target self-service exhibition request is determined to be a non-replay request, creating a target log file regarding the target certificate; storing the target self-service exhibition period request into a distributed cache; receiving a target information input request through an information input interface displayed by a first terminal; the target information input request carries ciphertext data of target information input by a target user; under the condition that the target information entry request is determined to meet a preset second safety requirement, ciphertext data of the target information are stored into the distributed cache; generating a target check link code aiming at a target user according to the ciphertext data of the target information; sending the target check link code to a first terminal; the first terminal displays a target verification link code to a target user; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing the target verification result and intermediate data in the target verification process in a target log file; inquiring a target log file, and under the condition that the target verification is determined to pass, updating a target certificate in the target security tool through interaction with the first terminal and the second server; wherein the second server is used for generating and managing certificates.
Referring to fig. 7, in a software level, an embodiment of the present specification further provides a certificate expiration device, which may specifically include the following structural modules:
the first receiving module 701 may specifically be configured to receive a target self-service exhibition period request initiated by a first terminal; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool; the first terminal is connected with a target safety tool; the target security tool stores a target certificate to be developed;
the first processing module 702 may be specifically configured to, according to ciphertext data of the target medium serial number and ciphertext data of the environment information of the target security tool, detect whether the target self-service exhibition request is a replay request by querying the distributed cache when it is determined that the target self-service exhibition request meets a preset first security requirement;
the creating module 703 may be specifically configured to create a target log file about the target certificate when it is determined that the target self-service exhibition period request is a non-replay request; storing the target self-service exhibition period request into a distributed cache;
the second receiving module 704 may be specifically configured to receive a target information entry request through an information entry interface displayed by the first terminal; the target information input request carries ciphertext data of target information input by a target user;
the second processing module 705 is specifically configured to store ciphertext data of the target information into the distributed cache when it is determined that the target information entry request meets a preset second security requirement; generating a target check link code aiming at a target user according to the ciphertext data of the target information;
a sending module 706, specifically configured to send the target verification linking code to a first terminal; the first terminal displays a target verification link code to a target user; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing the target verification result and intermediate data in the target verification process in a target log file;
the third processing module 707 may be specifically configured to query a target log file, and update a target certificate in the target security tool by interacting with the first terminal and the second server when it is determined that the target verification passes; wherein the second server is used for generating and managing certificates.
In some embodiments, the target security tool may specifically include a U-shield; the target certificate may specifically include an enterprise certificate of a target enterprise; accordingly, the target information may specifically include business information of the target business.
In some embodiments, after receiving the target self-service exhibition request initiated by the first terminal, the apparatus may be further configured to obtain ciphertext data of the target medium serial number and ciphertext data of the environment information of the target security tool according to the target self-service exhibition request when being implemented specifically; decrypting the ciphertext data of the target medium serial number and the ciphertext data of the environment information of the target safety tool to obtain the target medium serial number and the target environment information; determining whether the target certificate meets a preset extension condition or not according to the target medium serial number; under the condition that the target certificate is determined to meet the preset extension condition, processing target environment information by using a preset risk detection model to determine whether the first terminal has an environmental risk; and under the condition that the first terminal is determined not to have environmental risk, determining that the target self-service exhibition request meets a preset first safety requirement.
In some embodiments, the apparatus may be embodied to determine whether the target certificate satisfies the preset extension condition according to the target medium serial number in the following manner: inquiring a database according to the target medium serial number to acquire preset information of a target enterprise, state information of a target certificate and valid period information of the target certificate, wherein the preset information is associated with the target medium serial number; determining whether the target certificate is in an expired state or a revoked state at present according to preset information of the target enterprise, state information of the target certificate and validity information of the target certificate; and under the condition that the target certificate is determined to be in an expired state or a revoked state currently, determining that the target certificate meets a preset extension condition.
In some embodiments, the environmental information of the target security tool may specifically include at least one of: a device identification of the first terminal, an IP address of the first terminal, a MAC address of the first terminal, etc.
In some embodiments, after receiving the target information entry request through the information entry interface displayed by the first terminal, the device may be further configured to obtain ciphertext data of the target information input by the target user according to the target information entry request when the device is implemented specifically; decrypting the ciphertext data of the target information to obtain enterprise information of the target enterprise; verifying enterprise information of the target enterprise according to preset information of the target enterprise; under the condition that the verification is confirmed to pass, whether the target information entry request is a replay request or not is detected by inquiring the distributed cache; and under the condition that the target information entry request is determined to be a non-replay request, determining that the target information entry request meets a preset second safety requirement.
In some embodiments, the target check link code may further specifically carry ciphertext data of target information.
In some embodiments, the third processing module 707 may be implemented to update the target certificate in the target security tool by interacting with the first terminal and the second server as follows: acquiring an update request of a target certificate through an exhibition period confirmation interface displayed by a first terminal; the updating request of the target certificate at least carries a target signature of a target user; sending an update request of the target certificate to a second server; the second server generates an updated target certificate under the condition that the update request of the target certificate is determined to meet a preset third safety requirement; acquiring an updated target certificate provided by a second server; calling an interface of the first terminal to delete a target certificate in the target security tool; and writing the updated target certificate in the target security tool.
In some embodiments, after writing the updated target certificate in the target security tool, the apparatus may be further configured to update the target log file when implemented.
As shown in fig. 8, on a software level, an embodiment of the present specification further provides another apparatus for extending a certificate, where the apparatus may specifically include the following structural modules:
the obtaining module 801 may be specifically configured to respond to a trigger operation of a target user, and obtain a target media serial number of a target security tool and environment information of the target security tool by performing a reading operation on the target security tool;
the first encryption module 802 may be specifically configured to encrypt the target media serial number and the environment information of the target security tool to obtain ciphertext data of the target media serial number and ciphertext data of the environment information of the target security tool; generating a target self-service exhibition period request; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool;
a first sending module 803, which may be specifically configured to send the target self-service exhibition period request to a first server; the first server detects whether the target self-service exhibition request meets a preset first safety requirement or not and whether the target self-service exhibition request is a replay request or not;
the first display module 804 is specifically configured to display an information entry interface when the target self-service exhibition period request meets a preset first security requirement and is a non-replay request; acquiring target information input by a target user through the information input interface;
the second encryption module 805 may be specifically configured to encrypt the target information to obtain ciphertext data of the target information; generating a target information input request; the target information input request carries ciphertext data of target information input by a target user;
a second sending module 806, which may be specifically configured to send the target information entry request to the first server; under the condition that the target information entry request is determined to meet a preset second safety requirement, the first server generates a target check link code aiming at a target user according to ciphertext data of target information;
the second display module 807 may be specifically configured to receive and display the target verification link code; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing the target verification result and intermediate data in the target verification process in a target log file;
the processing module 808 may be specifically configured to update the target certificate in the target security tool by interacting with the first server when the target passes the verification.
In some embodiments, before the target security tool is read in response to a trigger operation of a target user to obtain a target media serial number of the target security tool and environment information of the target security tool, when the apparatus is implemented, the apparatus may be further configured to interact with a security gateway to perform preliminary detection on the target security tool when detecting that the target security tool is connected; according to the preliminary detection result, under the condition that the target user cannot normally log in to use the target safety tool, a login-free self-service exhibition interface is displayed for the target user; the self-service exhibition interface is used for triggering generation of a target self-service exhibition request.
It should be noted that, the units, devices, modules, etc. illustrated in the above embodiments may be implemented by a computer chip or an entity, or implemented by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. It is to be understood that, in implementing the present specification, functions of each module may be implemented in one or more pieces of software and/or hardware, or a module that implements the same function may be implemented by a combination of a plurality of sub-modules or sub-units, or the like. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
As can be seen from the above, according to the certificate expiration device provided in the embodiments of the present specification, when a target security tool, which is held by a target user and stores a target certificate to be expired, cannot be normally logged in for use due to expiration or invalidation, the target security tool may be connected to a first terminal, and a target self-service exhibition request is initiated through the first terminal; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of the environment information. And the first server of the platform side receives and responds to the target self-service exhibition request, and completes the updating of the target certificate in the target safety tool by performing related data processing and data interaction according to corresponding protocol rules. Therefore, on the premise of protecting the information data security of an enterprise side and a platform side, a target user can conveniently and efficiently complete the self-service exhibition service aiming at the target certificate in the target security tool without going to a network counter, the operation of the user side is effectively simplified, and the user can obtain better interactive experience.
Although the present specification provides method steps as described in the examples or flowcharts, additional or fewer steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an apparatus or client product in practice executes, it may execute sequentially or in parallel (e.g., in a parallel processor or multithreaded processing environment, or even in a distributed data processing environment) according to the embodiments or methods shown in the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. The terms first, second, etc. are used to denote names, but not any particular order.
The embodiments in the present specification are described in a progressive manner, and the same or similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. The description is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
While the specification has been described with examples, those skilled in the art will appreciate that there are numerous variations and permutations of the specification that do not depart from the spirit of the specification, and it is intended that the appended claims include such variations and modifications that do not depart from the spirit of the specification.
Claims (15)
1. A method for extending a certificate, applied to a first server, comprising:
receiving a target self-service exhibition period request initiated by a first terminal; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool; the first terminal is connected with a target safety tool; the target security tool stores a target certificate to be developed;
according to the ciphertext data of the target medium serial number and the ciphertext data of the environment information of the target safety tool, under the condition that the target self-service exhibition request meets a preset first safety requirement, whether the target self-service exhibition request is a replay request is detected by inquiring the distributed cache;
in the event that the target self-service exhibition request is determined to be a non-replay request, creating a target log file regarding the target certificate; storing the target self-service exhibition period request into a distributed cache;
receiving a target information input request through an information input interface displayed by a first terminal; the target information input request carries ciphertext data of target information input by a target user;
under the condition that the target information entry request is determined to meet a preset second safety requirement, ciphertext data of the target information are stored into the distributed cache; generating a target check link code aiming at a target user according to the ciphertext data of the target information;
sending the target check link code to a first terminal; the first terminal displays a target verification link code to a target user; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing the target verification result and intermediate data in the target verification process in a target log file;
inquiring a target log file, and updating a target certificate in the target security tool by interacting with the first terminal and the second server under the condition that the target verification is determined to be passed; wherein the second server is used for generating and managing certificates.
2. The method of claim 1, wherein the target security tool comprises a U-shield; the target certificate comprises an enterprise certificate of a target enterprise; accordingly, the target information includes business information of the target business.
3. The method of claim 2, wherein after receiving the first terminal initiated targeted self-service exhibition request, the method further comprises:
acquiring ciphertext data of a target medium serial number and ciphertext data of environment information of a target safety tool according to the target self-service extension request;
decrypting the ciphertext data of the target medium serial number and the ciphertext data of the environment information of the target safety tool to obtain the target medium serial number and the target environment information;
determining whether the target certificate meets a preset extension condition or not according to the target medium serial number;
under the condition that the target certificate is determined to meet the preset extension condition, processing target environment information by using a preset risk detection model to determine whether the first terminal has an environmental risk;
and under the condition that the first terminal is determined not to have environmental risk, determining that the target self-service exhibition request meets a preset first safety requirement.
4. The method of claim 3, wherein determining whether the target certificate meets a preset extension condition according to the target medium serial number comprises:
inquiring a database according to the target medium serial number to acquire preset information of a target enterprise, state information of a target certificate and valid period information of the target certificate, wherein the preset information is associated with the target medium serial number;
determining whether the target certificate is in an expired state or a revoked state at present according to preset information of the target enterprise, state information of the target certificate and validity information of the target certificate;
and under the condition that the target certificate is determined to be in an expired state or a revoked state currently, determining that the target certificate meets a preset extension condition.
5. The method of claim 3, wherein the environmental information of the target security tool comprises at least one of: the device identification of the first terminal, the IP address of the first terminal and the MAC address of the first terminal.
6. The method of claim 4, wherein after receiving the target information entry request through the information entry interface presented by the first terminal, the method further comprises:
acquiring ciphertext data of target information input by a target user according to the target information input request;
decrypting the ciphertext data of the target information to obtain enterprise information of the target enterprise;
verifying enterprise information of the target enterprise according to preset information of the target enterprise;
under the condition that the verification is confirmed to pass, whether the target information input request is a replay request is detected by inquiring the distributed cache;
and under the condition that the target information entry request is determined to be a non-replay request, determining that the target information entry request meets a preset second safety requirement.
7. The method of claim 1, wherein the target check chaining code further carries ciphertext data of the target information.
8. The method of claim 1, wherein updating the target certificate in the target security tool by interacting with the first terminal and the second server comprises:
acquiring an update request of a target certificate through an exhibition period confirmation interface displayed by a first terminal; wherein, the update request of the target certificate at least carries a target signature of a target user;
sending an update request of the target certificate to a second server; the second server generates an updated target certificate under the condition that the update request of the target certificate is determined to meet a preset third safety requirement;
acquiring an updated target certificate provided by a second server;
calling an interface of the first terminal to delete a target certificate in the target security tool; and writing the updated target certificate in the target security tool.
9. The method of claim 8, wherein after writing the updated target certificate in the target security tool, the method further comprises: and updating the target log file.
10. A method for extending a certificate is characterized in that the method is applied to a first terminal; the first terminal is connected with a target security tool, the target security tool stores a target certificate to be developed, and the method comprises the following steps:
responding to the trigger operation of a target user, and reading the target safety tool to obtain a target medium serial number of the target safety tool and environmental information of the target safety tool;
encrypting the target medium serial number and the environmental information of the target safety tool to obtain ciphertext data of the target medium serial number and ciphertext data of the environmental information of the target safety tool; generating a target self-service exhibition period request; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool;
sending the target self-service exhibition request to a first server; the first server detects whether the target self-service exhibition request meets a preset first safety requirement or not and whether the target self-service exhibition request is a replay request or not;
displaying an information input interface under the condition that the target self-service exhibition period request meets a preset first safety requirement and is a non-replay request; acquiring target information input by a target user through the information input interface;
encrypting the target information to obtain ciphertext data of the target information; generating a target information input request; the target information input request carries ciphertext data of target information;
sending the target information entry request to a first server; under the condition that the target information entry request is determined to meet a preset second safety requirement, the first server generates a target check link code aiming at a target user according to ciphertext data of target information;
receiving and displaying a target check link code; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing the target verification result and intermediate data in the target verification process in a target log file;
and in the case that the target passes the verification, the target certificate in the target security tool is updated by interacting with the first server.
11. The method according to claim 10, wherein before the target media serial number of the target security tool and the environmental information of the target security tool are obtained by performing a reading operation on the target security tool in response to a triggering operation of a target user, the method further comprises:
interacting with a security gateway under the condition that the target security tool is detected to be connected, so as to carry out primary detection on the target security tool;
according to the preliminary detection result, under the condition that the target user cannot normally log in to use the target safety tool, a login-free self-service exhibition interface is displayed for the target user; the self-service exhibition interface is used for triggering generation of a target self-service exhibition request.
12. An apparatus for extending a certificate, applied to a first server, comprising:
the first receiving module is used for receiving a target self-service exhibition period request initiated by a first terminal; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool; the first terminal is connected with a target safety tool; the target security tool stores a target certificate to be developed;
the first processing module is used for detecting whether the target self-service exhibition request is a replay request or not by inquiring the distributed cache under the condition that the target self-service exhibition request meets a preset first safety requirement according to the ciphertext data of the target medium serial number and the ciphertext data of the environment information of the target safety tool;
a creation module for creating a target log file for the target certificate if the target self-service exhibition request is determined to be a non-replay request; storing the target self-service exhibition period request into a distributed cache;
the second receiving module is used for receiving a target information input request through an information input interface displayed by the first terminal; the target information input request carries ciphertext data of target information input by a target user;
the second processing module is used for storing the ciphertext data of the target information into the distributed cache under the condition that the target information entry request is determined to meet a preset second safety requirement; generating a target check link code aiming at a target user according to the ciphertext data of the target information;
the sending module is used for sending the target check link code to a first terminal; the first terminal displays a target verification link code to a target user; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing the target verification result and intermediate data in the target verification process in a target log file;
the third processing module is used for inquiring the target log file, and updating the target certificate in the target safety tool by interacting with the first terminal and the second server under the condition that the target verification is determined to be passed; wherein the second server is used for generating and managing certificates.
13. A device for the exhibition of a certificate is characterized in that the device is applied to a first terminal; wherein, the first terminal is connected with a target security tool, the target security tool stores a target certificate to be developed, the device comprises:
the acquisition module is used for responding to the trigger operation of a target user and acquiring a target medium serial number of the target safety tool and the environmental information of the target safety tool by reading the target safety tool;
the first encryption module is used for encrypting the target medium serial number and the environmental information of the target safety tool to obtain ciphertext data of the target medium serial number and ciphertext data of the environmental information of the target safety tool; generating a target self-service exhibition period request; the target self-service extension request carries ciphertext data of a target medium serial number of the target safety tool and ciphertext data of environment information of the target safety tool;
the first sending module is used for sending the target self-service exhibition period request to a first server; the first server detects whether the target self-service exhibition request meets a preset first safety requirement or not and whether the target self-service exhibition request is a replay request or not;
the first display module is used for displaying the information input interface under the condition that the target self-service exhibition request meets a preset first safety requirement and is a non-replay request; acquiring target information input by a target user through the information input interface;
the second encryption module is used for encrypting the target information to obtain ciphertext data of the target information; generating a target information input request; the target information input request carries ciphertext data of target information input by a target user;
the second sending module is used for sending the target information entry request to the first server; under the condition that the target information entry request is determined to meet a preset second safety requirement, the first server generates a target check link code aiming at a target user according to ciphertext data of target information;
the second display module is used for receiving and displaying the target check link code; the target user scans the target verification link code by using the second terminal to perform target verification related to video interaction; storing the target verification result and intermediate data in the target verification process in a target log file;
and the processing module is used for updating the target certificate in the target security tool by interacting with the first server under the condition that the target passes the verification.
14. A server comprising a processor and a memory for storing processor-executable instructions which, when executed by the processor, implement the steps of the method of any one of claims 1 to 9.
15. A computer-readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method of any of claims 1 to 9, or 10 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210845979.7A CN115189876A (en) | 2022-07-19 | 2022-07-19 | Certificate extension method and device and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210845979.7A CN115189876A (en) | 2022-07-19 | 2022-07-19 | Certificate extension method and device and server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115189876A true CN115189876A (en) | 2022-10-14 |
Family
ID=83518442
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210845979.7A Pending CN115189876A (en) | 2022-07-19 | 2022-07-19 | Certificate extension method and device and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115189876A (en) |
-
2022
- 2022-07-19 CN CN202210845979.7A patent/CN115189876A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101680525B1 (en) | app forgery detection, 2-channel certification agency system and method thereof | |
| US10021113B2 (en) | System and method for an integrity focused authentication service | |
| EP3343831B1 (en) | Identity authentication method and apparatus | |
| KR101680260B1 (en) | Certificate issuance system and method based on block chain | |
| US9942220B2 (en) | Preventing unauthorized account access using compromised login credentials | |
| CN101272237B (en) | Method and system for automatically generating and filling login information | |
| CA2736582C (en) | Authorization of server operations | |
| CN105262779B (en) | Identity authentication method, device and system | |
| US20060048228A1 (en) | Communication system and security assurance device | |
| US8818906B1 (en) | Systems and methods for performing authentication of a customer interacting with a banking platform | |
| JP4879347B2 (en) | Relay processing device, relay processing method and program | |
| CN112217835A (en) | Message data processing method and device, server and terminal equipment | |
| US20190347440A1 (en) | Individual data unit and methods and systems for enhancing the security of user data | |
| CN111107063B (en) | Login method and device | |
| CN108701308B (en) | System for issuing public certificate based on blockchain, and method for issuing public certificate based on blockchain using same | |
| JP2008269381A (en) | Authentication server and on-line service system | |
| CN109842616B (en) | Account binding method and device and server | |
| KR20190111006A (en) | Authentication server, authentication system and method | |
| CN107888548A (en) | A kind of Information Authentication method and device | |
| KR101681457B1 (en) | 2-channel authentication system and method for a financial transfer | |
| JP5489913B2 (en) | Portable information device and encrypted communication program | |
| CN115189876A (en) | Certificate extension method and device and server | |
| KR20160116660A (en) | Phone number security certification apparatus using qr code and system thereof and metrhod thereof | |
| CN115037549B (en) | Application protection method, device and storage medium | |
| JP4746709B2 (en) | User confirmation apparatus, method and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |