CN115567218A - Data processing method and device of security certificate based on block chain and server - Google Patents
Data processing method and device of security certificate based on block chain and server Download PDFInfo
- Publication number
- CN115567218A CN115567218A CN202211151688.4A CN202211151688A CN115567218A CN 115567218 A CN115567218 A CN 115567218A CN 202211151688 A CN202211151688 A CN 202211151688A CN 115567218 A CN115567218 A CN 115567218A
- Authority
- CN
- China
- Prior art keywords
- target
- security certificate
- certificate
- application
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Abstract
The specification provides a data processing method, a data processing device and a data processing server of a safety certificate based on a block chain, and the data processing method, the data processing device and the data processing server are applied to the technical field of the block chain. Based on the method, a block chain-based certificate management system can be introduced to save and manage the security certificate of each application by utilizing the characteristics of the block chain, such as security, non-tamper property and the like. When detecting that a target user triggers a target application deployed in target terminal equipment, the target terminal may generate and initiate a target loading request carrying at least an application identifier of the target application. After receiving the target recording request, the server of the certificate management system can acquire a target security certificate corresponding to the application identifier of the target application through the query block chain according to the target loading request; then, according to a preset transmission rule, providing the target security certificate for the target terminal equipment; and writes a load record about the target security certificate in the blockchain. Therefore, data processing related to the security certificate of the application can be safely and efficiently completed.
Description
Technical Field
The present specification belongs to the field of blockchain technology, and in particular, to a data processing method, apparatus, and server for a security certificate based on a blockchain.
Background
Based on the existing method, the security certificate of the application is usually pre-embedded in the installation package of the application. When a user uses the terminal equipment to start the application and needs to use the security certificate, the locally pre-embedded security certificate can be called to complete specific service data processing.
However, the existing method is often complicated and complicated when maintaining and managing the security certificate. For example, when an application needs to update the security certificate, the user must additionally download and install a new installation package using the terminal device to enable the update of the security certificate. In addition, service providers for most applications are limited in their technical capabilities, and security risks are likely to occur when security certificates are locally stored in terminal devices.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The present specification provides a data processing method, an apparatus, and a server for a security certificate based on a block chain, which are capable of specifically storing and managing security certificates of different applications by introducing a block chain based certificate management system using characteristics such as security and non-tamper property of the block chain, thereby effectively simplifying maintenance and management processes of the security certificate, avoiding security risks when the security certificate is stored locally in a terminal device, and safely and efficiently completing data processing related to the security certificate.
The present specification provides a data processing method for a security certificate based on a block chain, which is applied to a server, where the server is a server of a certificate management system based on a block chain, and the method includes:
receiving a target loading request initiated by target terminal equipment; the target loading request at least carries an application identifier of a target application; the target loading request is generated by target terminal equipment under the condition that a target user triggers a target application;
acquiring a target security certificate corresponding to the application identifier of the target application through a query blockchain according to the target loading request;
providing the target security certificate to target terminal equipment according to a preset transmission rule; writing a loading record related to the target security certificate in the block chain; and the target application performs corresponding service data processing according to the target security certificate.
In one embodiment, the method further comprises:
receiving a target certificate creation request sent by a management terminal; the target certificate creating request at least carries an authority certificate of a management terminal and associated data of a target security certificate;
performing authority verification on the target certificate creation request according to the authority certificate;
under the condition that the authority verification is determined to pass, creating a corresponding target security certificate according to the associated data of the target security certificate;
storing the target security certificate into a block chain; and writes a creation record for the target security certificate in the blockchain.
In one embodiment, the association data includes at least one of: application identification, application type, certificate type, enterprise information, and validity period information.
In one embodiment, creating a corresponding target security certificate according to the association data of the target security certificate includes:
performing data modeling in an object-oriented mode according to the associated data of the target security certificate to create and obtain a corresponding target security certificate; the target security certificate also carries an application rule corresponding to the target security certificate.
In one embodiment, storing the target security certificate in a block chain includes:
storing the target security certificate into a preset database table in a block chain; wherein the preset database table comprises a database table based on a BC paradigm.
In one embodiment, after storing the target security certificate in a preset database table in a block chain, the method further comprises:
and associating the target security certificate with the corresponding application identifier of the target application in a foreign key mode according to the association data of the target security certificate.
In one embodiment, after storing the target security certificate in a block chain, the method further comprises:
receiving a target certificate updating request sent by a management terminal; the target certificate updating request at least carries an authority certificate of a management terminal and updating data of a target security certificate;
performing authority verification on the target certificate updating request according to the authority certificate;
under the condition that the authority verification is determined to pass, updating the corresponding target security certificate in the block chain according to the updating data of the target security certificate; and write an update record regarding the target security certificate in the blockchain.
In one embodiment, after storing the target security certificate in a block chain, the method further comprises:
detecting whether the target security certificate is adjacently invalid or not at each preset time interval;
generating first prompt information about the proximity failure of the target security certificate under the condition that the proximity failure of the target security certificate is determined;
and sending the first prompt message to a management terminal corresponding to the target security certificate.
In one embodiment, providing the target security certificate to the target terminal device according to a preset transmission rule includes:
encrypting a target security certificate by using a target public key corresponding to target terminal equipment according to a preset transmission rule to obtain ciphertext data of the target security certificate;
sending the ciphertext data of the target security certificate to target terminal equipment; the target terminal equipment holds a target private key; and the target terminal equipment decrypts the ciphertext data of the target security certificate by using the target private key to obtain the target security certificate.
The present specification further provides a data processing method for a block chain-based security certificate, which is applied to a target terminal device, where the target terminal device is provided with a target application, and the method includes:
receiving and responding to a trigger operation of a target user for a target application, and generating a corresponding target loading request; the target loading request at least carries an application identifier of a target application;
sending the target loading request to a server of a certificate management system based on a blockchain; the server acquires a target security certificate corresponding to an application identifier of a target application through a query block chain according to the target loading request; providing the target security certificate to target terminal equipment according to a preset transmission rule; writing a loading record about the target security certificate in the block chain;
and performing corresponding service data processing according to the target security certificate through the target application.
In one embodiment, sending the target load request to a server of a blockchain-based certificate management system includes:
and sending the target loading request to a server according to a preset API (application program interface) calling protocol.
The present specification also provides a data processing apparatus for a security certificate based on a block chain, which is applied to a server, where the server is a server of a certificate management system based on a block chain, and includes:
the receiving module is used for receiving a target loading request initiated by target terminal equipment; the target loading request at least carries an application identifier of a target application; the target loading request is generated by target terminal equipment under the condition that a target user triggers a target application;
the query module is used for acquiring a target security certificate corresponding to the application identifier of the target application through a query block chain according to the target loading request;
the processing module is used for providing the target security certificate for the target terminal equipment according to a preset transmission rule; writing a loading record related to the target security certificate in the block chain; and the target application performs corresponding service data processing according to the target security certificate.
The present specification also provides a server comprising a processor and a memory for storing processor-executable instructions, the instructions when executed by the processor implementing the steps of: receiving a target loading request initiated by target terminal equipment; the target loading request at least carries an application identifier of a target application; the target loading request is generated by target terminal equipment under the condition that a target user triggers a target application; acquiring a target security certificate corresponding to the application identifier of the target application through a query blockchain according to the target loading request; providing the target security certificate to target terminal equipment according to a preset transmission rule; writing a loading record related to the target security certificate in the block chain; and the target application performs corresponding service data processing according to the target security certificate.
The present specification also provides a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the relevant steps of the data processing method for block chain based security certificates.
The present specification also provides a computer program product comprising a computer program which, when executed by a processor, performs the steps associated with the data processing method for blockchain-based security certificates.
Before specific implementation, the data processing method, the data processing apparatus, and the server based on the block chain security certificate provided in this specification may introduce a block chain based certificate management system to store and manage security certificates of respective applications by using characteristics of block chain security, non-tamper resistance, and the like. In specific implementation, when detecting that a target user triggers a target application deployed in a target terminal device, a target terminal may generate and initiate a target loading request carrying at least an application identifier of the target application, so as to dynamically load a required target security certificate in real time. After receiving the target recording request, the server of the certificate management system can acquire a target security certificate corresponding to the application identifier of the target application through the query block chain according to the target loading request; then, according to a preset transmission rule, providing the target security certificate for the target terminal equipment; and writes a load record about the target security certificate in the blockchain. Therefore, the maintenance and management processes of the security certificate can be effectively simplified, the security risk existing when the security certificate is stored in the local terminal equipment is avoided, and the data processing related to the security certificate can be safely and efficiently completed.
Drawings
In order to more clearly illustrate the embodiments of the present specification, the drawings needed to be used in the embodiments will be briefly described below, and the drawings in the following description are only some of the embodiments described in the specification, and it is obvious to those skilled in the art that other drawings can be obtained based on the drawings without any inventive work.
Fig. 1 is a flowchart illustrating a data processing method for a block chain-based security certificate according to an embodiment of the present specification;
fig. 2 is a schematic diagram of an embodiment of a data processing method for applying a block chain based security certificate provided by an embodiment of the present specification in an exemplary scenario;
fig. 3 is a schematic diagram of an embodiment of a data processing method for applying a block chain based security certificate provided by an embodiment of the present specification in an exemplary scenario;
fig. 4 is a schematic diagram of an embodiment of a data processing method for applying a block chain based security certificate provided by an embodiment of the present specification in an exemplary scenario;
FIG. 5 is a schematic diagram of a server according to an embodiment of the present disclosure;
fig. 6 is a schematic structural component diagram of a data processing apparatus based on a security certificate of a block chain according to an embodiment of the present specification;
fig. 7 is a schematic structural component diagram of a data processing apparatus for a security certificate based on a block chain according to another embodiment of the present specification.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
Referring to fig. 1, an embodiment of the present specification provides a data processing method for a security certificate based on a blockchain, where the method is specifically applied to a server side, and the server may specifically be a server of a certificate management system based on a blockchain. In specific implementation, the method may include the following:
s101: receiving a target loading request initiated by target terminal equipment; the target loading request at least carries an application identifier of a target application; the target loading request is generated by target terminal equipment under the condition that a target user triggers a target application;
s102: acquiring a target security certificate corresponding to the application identifier of the target application through a query blockchain according to the target loading request;
s103: providing the target security certificate to target terminal equipment according to a preset transmission rule; writing a loading record about the target security certificate in the block chain; and the target application performs corresponding service data processing according to the target security certificate.
In some embodiments, the above data processing method based on the block chain security certificate may be specifically applied to the server side.
As shown in fig. 2, the server may specifically include a background server, which is deployed on one side of the certificate management system based on the block chain and is capable of implementing functions such as data transmission and data processing. Specifically, the server may be, for example, an electronic device having data operation, storage function and network interaction function. Alternatively, the server may be a software program running in the electronic device and providing support for data processing, storage and network interaction. In the present embodiment, the number of servers is not particularly limited. The server may specifically be one server, or may also be several servers, or a server cluster formed by several servers.
The certificate management system may be specifically connected to the block chain, and is in butt joint with management terminals of different applications based on the block chain, and is responsible for maintaining and managing security certificates of applications (e.g., XX e-bank app or YY shopping app) provided by different application service providers.
Specifically, the server may store the security certificate of each application in the block chain, and also store the loading record, the creation record, and the update record of the security certificate in the block chain, which is convenient for subsequent backtracking query.
When a user uses a related application installed in a terminal device to process service data and needs to use a security certificate, the terminal device may initiate a loading request for the security certificate to a server of the block chain-based certificate management system according to a preset API interface calling protocol, so as to obtain a latest security certificate through downloading by the certificate management system. Then, the terminal device may perform encryption verification on the acquired security certificate to perform specific service data processing.
The terminal device may specifically include a front-end device that is applied to a user side and can implement functions such as data acquisition and data transmission. Specifically, the terminal device may be, for example, a desktop computer, a tablet computer, a notebook computer, a smart phone, a smart watch, or the like.
In some embodiments, the target application may be specifically understood as an application that is installed on a target terminal device held by a target user and is triggered by the target user to use a corresponding target security certificate.
Specifically, for example, when detecting that the user starts an XX e-bank app that needs to log in a security certificate using online banking, the target terminal device may generate a target loading request for the security certificate; and sending the target loading request to a server of the certificate management system according to a preset API interface calling protocol. Correspondingly, the server may receive a target loading request initiated by the target terminal device through a related API interface.
The target loading request at least carries an application identifier of a target application. The application identifier of the target application may be specifically understood as identification information capable of indicating the target application. In addition, the target loading request may also carry a service identifier of a target service in the triggered target application.
Further, the target loading request may also carry a user identifier of the target user. The user identifier of the target user may be specifically understood as identification information capable of indicating the target user. Such as the target user's name, username, registered mobile number, etc.
It should be noted that, in this specification, the information data related to the user is obtained and used on the premise that the user knows and agrees. And the acquisition, storage, use, processing and the like of the information data all conform to relevant regulations of national laws and regulations.
In specific implementation, after receiving a target loading request initiated by a target terminal device, the server may also perform user authentication according to a user identifier of a target user. Specifically, the server may query a preset user database according to the user identifier of the target user to determine whether the target user is a registered user. In the case where the target user is determined to be a registered user, the subsequent data processing may be continued. Conversely, in the case where it is determined that the target user is not a registered user, an error notification may be generated and transmitted to the target terminal device.
The preset user database may be a database based on a block chain. The block chain can be a shared database, and the data or information stored in the shared database has the characteristics of 'unforgeability', 'full-course trace', 'traceability', 'public transparency', 'collective maintenance', and the like.
In some embodiments, referring to fig. 3, when the method is implemented, the following may be further included:
s1: receiving a target certificate creation request sent by a management terminal; the target certificate creating request at least carries an authority certificate of a management terminal and associated data of a target security certificate;
s2: performing authority verification on the target certificate creation request according to the authority certificate;
s3: under the condition that the authority verification is confirmed to pass, a corresponding target security certificate is created according to the associated data of the target security certificate;
s4: storing the target security certificate into a block chain; and writes a creation record for the target security certificate in the blockchain.
The management terminal may be specifically understood as a terminal device held by a service provider of the target application and used for creating and maintaining a corresponding security certificate.
In some embodiments, the association data may specifically include at least one of: application identification, application type, certificate type, enterprise information, expiration information, and the like.
Of course, it should be noted that the above listed associated data is only an exemplary illustration. In specific implementation, other types of associated data may also be included according to specific application scenarios and processing requirements. Such as the security level of the certificate, the encryption of the certificate, etc. The present specification is not limited to these.
In some embodiments, in specific implementation, after receiving the target certificate creation request, the server may verify, according to the authority credential, whether the management terminal that initiated the target certificate creation request has authority to initiate a creation request for the target security certificate, and when determining that the management terminal has the authority, determine that the authority verification passes.
In some embodiments, the creating a corresponding target security certificate according to the association data of the target security certificate may include, in specific implementation: performing data modeling in an Object Oriented (OO) mode according to the associated data of the target security certificate to create and obtain a corresponding target security certificate, and applying rules; the target security certificate also carries an application rule corresponding to the target security certificate.
The object-oriented concrete method may refer to a programming idea of aggregating each information of an entity into a tightly-connected abstract data set. The application rule may specifically include: the service condition of the target security certificate, the applicable service range of the target security certificate, the corresponding relation of the target security certificate and other information data.
In some embodiments, the storing the target security certificate in the block chain may be implemented by: storing the target security certificate into a preset database table in a block chain; wherein the preset database table comprises a database table based on a BC paradigm.
The normal form can specifically refer to a standard required to be met by database design, and the database meeting the standard has the characteristics of simplicity, clear structure and the like, so that subsequent data query is facilitated; meanwhile, exceptions such as insert (insert), delete (delete), and update (update) operations are not easily generated, with higher reliability.
The BC paradigm may specifically be a baeys-coden paradigm (BCNF), which is based on the third paradigm, and eliminates partial dependence of the main attribute on the code or transfer function dependence, thereby having a wider applicability.
In some embodiments, after storing the target security certificate in a preset database table in a block chain, when the method is implemented, the method may further include: and associating the target security certificate with the corresponding application identifier of the target application in a foreign key mode according to the association data of the target security certificate.
The Foreign Key (Foreign Key) can be specifically used for representing a correlation relationship between two relationships. Specifically, a table having a foreign key in another relationship as a primary key may be referred to as a primary table, and a table having such a foreign key may be referred to as a secondary table of the primary table. Foreign keys may also be referred to as foreign keys.
In some embodiments, after storing the target security certificate in the block chain, when the method is implemented, the following may be further included:
s1: receiving a target certificate updating request sent by a management terminal; the target certificate updating request at least carries an authority certificate of a management terminal and updating data of a target security certificate;
s2: performing authority verification on the target certificate updating request according to the authority certificate;
s3: under the condition that the authority verification is determined to pass, updating the corresponding target security certificate in the block chain according to the updating data of the target security certificate; and write an update record regarding the target security certificate in the blockchain.
The updating of the corresponding target security certificate in the block chain may specifically include one or more of the following: upgrading the security level of the target security certificate, modifying the certificate parameters of the target security certificate, adjusting the application rules of the target security certificate, and the like.
In some embodiments, the validity period information of the target security certificate may also be reset after updating the corresponding target security certificate in the blockchain. In addition, the status label of the previous target security certificate in the block chain may also be set as an invalidation label.
In some embodiments, when writing the creation record, the update record, and the download record related to the target security certificate into the blockchain, sensitive information in the creation record, the update record, and the download record, such as associated data in the creation record, update data in the update record, and a user identifier in the download record, may be encrypted by using the supervision public key to obtain a processed creation record, a processed update record, and a processed download record; and writing the processed creation record, the processed update record and the processed download record into the block chain for evidence storage. The supervision private key corresponding to the supervision public key is only held by a supervision server of a supervision organization and is not disclosed to the outside. Therefore, sensitive information in related records on the block chain can be effectively protected from being leaked, and data privacy of an application service provider and a user side is protected.
In some embodiments, after storing the target security certificate in the block chain, when the method is implemented, the following may be further included:
s1: detecting whether the target security certificate is adjacently invalid or not at each preset time interval;
s2: generating first prompt information about the proximity failure of the target security certificate under the condition that the proximity failure of the target security certificate is determined;
s3: and sending the first prompt message to a management terminal corresponding to the target security certificate.
In some embodiments, the detecting whether the target security certificate is proximity-failed may include the following steps: detecting whether the time interval between the current time and the expiration date of the target security certificate is smaller than a preset time interval threshold value or not according to the expiration date information of the target security certificate; and under the condition that the time interval between the current time and the expiration date of the target security certificate is determined to be less than a preset time interval threshold value, determining that the proximity is invalid.
In specific implementation, the management terminal receives and displays corresponding first prompt information to a service provider of the target application, and reminds the service provider of the target application to update the target security certificate stored in the certificate management system in time before the target security certificate is invalid, so that data security of business data processing in the target application is protected.
In some embodiments, when the method is implemented in the case that it is determined that the target security certificate fails, the following may be further included: generating second prompt information about that the target security certificate has failed; and sending the second prompt message to a corresponding management terminal to prompt a service provider of the target application to update the target security certificate as soon as possible.
Under the condition that the target security certificate is determined to be invalid, setting the state label of the target security certificate as an invalid label; and the security level of the target security certificate is adjusted down.
In some embodiments, the target certificate creation request may also include data associated with the alternate certificate. Correspondingly, the target security certificate corresponding to the application identifier of the target application can be created and stored according to the target certificate creation request, and meanwhile, the standby certificate corresponding to the application identifier of the target application can be created and stored.
Correspondingly, under the condition that the target security certificate is determined to be invalid, the standby certificate corresponding to the application identifier of the target application can be temporarily called to replace the target security certificate for use until the target security certificate is updated.
In some embodiments, the target loading request further carries data such as a service identifier and a user identifier;
correspondingly, the obtaining of the target security certificate corresponding to the application identifier of the target application by querying the blockchain according to the target loading request may include the following steps in specific implementation:
s1: acquiring a pending certificate corresponding to an application identifier of a target application through a query block chain according to the target loading request;
s2: and screening out a matched target security certificate from the multiple pending certificates according to the service identifier and the user identifier and by combining with the application rule of the pending certificate.
In some embodiments, the providing the target security certificate to the target terminal device according to the preset transmission rule may include, in specific implementation, the following:
s1: encrypting the target security certificate by using a target public key corresponding to the target terminal equipment according to a preset transmission rule to obtain ciphertext data of the target security certificate;
s2: sending the ciphertext data of the target security certificate to target terminal equipment; the target terminal equipment holds a target private key; and the target terminal equipment decrypts the ciphertext data of the target security certificate by using the target private key to obtain the target security certificate.
The preset transmission rule may specifically include: a preset encryption rule and/or a preset API interface calling protocol and the like.
Correspondingly, in specific implementation, the target security certificate or the ciphertext data of the target security certificate may be sent to the target terminal device according to a preset API interface call protocol.
In some embodiments, the method, when implemented, may further include:
s1: receiving a query request sent by a supervision terminal; wherein, the query request at least carries a supervision certificate of a supervision terminal;
s2: detecting whether the supervision voucher meets the requirement;
s3: under the condition that the supervision voucher meets the requirement, inquiring the loading record, creating the record and updating the record of the security certificate on the block chain to obtain a corresponding inquiry result;
s4: encrypting the query result to obtain a corresponding encrypted query result; and sending the encrypted query result to the supervision terminal.
Specifically, the server may encrypt the query result using the supervision public key to obtain the encrypted query result. In addition, the query result may also contain sensitive information encrypted in advance using the supervision public key. The terminal can decrypt through the held supervision private key to obtain the complete plaintext data of the query result.
In some embodiments, the target security certificate sent to the target terminal device may also carry a temporary token. After the target terminal equipment receives the target security certificate carrying the temporary mark, timing can be started from the receiving time, and when the accumulated time exceeds the appointed time threshold, the received target security certificate is automatically deleted, so that the security certificate stored in the local part of the target terminal equipment is prevented from being leaked.
As can be seen from the above, before the data processing method for a security certificate based on a block chain provided in the embodiments of the present specification is specifically implemented, a block chain based certificate management system may be introduced to store and manage security certificates of each application by using characteristics of security, non-tamper property, and the like of the block chain. In specific implementation, when detecting that a target user triggers a target application deployed in a target terminal device, a target terminal may generate and initiate a target loading request carrying at least an application identifier of the target application. When receiving a target recording request, a server of the certificate management system can acquire a target security certificate corresponding to an application identifier of a target application through a query blockchain according to a target loading request; then, according to a preset transmission rule, providing the target security certificate for the target terminal equipment; and writes a load record about the target security certificate in the blockchain. Therefore, the maintenance and management processes of the security certificate can be effectively simplified, the security risk existing when the security certificate is stored in the local terminal equipment is avoided, and the data processing related to the security certificate can be safely and efficiently completed.
Referring to fig. 4, an embodiment of the present specification further provides another data processing method for a security certificate based on a block chain, which is applied to a target terminal device, where the target terminal device is provided with a target application. When the method is implemented, the following contents can be included:
s401: receiving and responding to a trigger operation of a target user for a target application, and generating a corresponding target loading request; the target loading request at least carries an application identifier of a target application;
s402: sending the target loading request to a server of a certificate management system based on a blockchain; the server acquires a target security certificate corresponding to an application identifier of a target application through a query block chain according to the target loading request; providing the target security certificate to target terminal equipment according to a preset transmission rule; writing a loading record related to the target security certificate in the block chain;
s403: and performing corresponding service data processing according to the target security certificate through the target application.
In some embodiments, the sending the target loading request to the server of the certificate management system based on the blockchain may be implemented specifically by: and sending the target loading request to a server according to a preset API (application program interface) calling protocol.
In some embodiments, the performing, by the target application, corresponding service data processing according to the target security certificate may include, when implemented specifically: and the target application performs corresponding service data processing by encryption verification according to the target security certificate, so that the data security of the service data processing process in the target application can be effectively protected.
Embodiments of the present specification further provide a server, including a processor and a memory for storing processor-executable instructions, where the processor, when implemented, may perform the following steps according to the instructions: receiving a target loading request initiated by target terminal equipment; the target loading request at least carries an application identifier of a target application; the target loading request is generated by target terminal equipment under the condition that a target user triggers a target application; acquiring a target security certificate corresponding to the application identifier of the target application through a query blockchain according to the target loading request; providing the target security certificate to target terminal equipment according to a preset transmission rule; writing a loading record related to the target security certificate in the block chain; and the target application performs corresponding service data processing according to the target security certificate.
In order to more accurately complete the above instructions, referring to fig. 5, another specific server is provided in the embodiments of the present specification, wherein the server includes a network communication port 501, a processor 502 and a memory 503, and the above structures are connected by an internal cable, so that the structures can perform specific data interaction.
The network communication port 501 may be specifically configured to receive a target loading request initiated by a target terminal device; the target loading request at least carries an application identifier of a target application; the target loading request is generated by the target terminal equipment under the condition that the target application is detected to be triggered by the target user.
The processor 502 may be specifically configured to obtain, according to the target loading request, a target security certificate corresponding to an application identifier of a target application by querying a block chain; providing the target security certificate to target terminal equipment according to a preset transmission rule; writing a loading record related to the target security certificate in the block chain; and the target application performs corresponding service data processing according to the target security certificate.
The memory 503 may be specifically configured to store a corresponding instruction program.
In this embodiment, the network communication port 501 may be a virtual port that is bound to different communication protocols, so that different data can be sent or received. For example, the network communication port may be a port responsible for web data communication, a port responsible for FTP data communication, or a port responsible for mail data communication. In addition, the network communication port can also be a communication interface or a communication chip of an entity. For example, it may be a wireless mobile network communication chip, such as GSM, CDMA, etc.; it can also be a Wifi chip; it may also be a bluetooth chip.
In this embodiment, the processor 502 may be implemented in any suitable manner. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller and embedded microcontroller, and so forth. The description is not intended to be limiting.
In this embodiment, the memory 503 may include multiple layers, and in a digital system, the memory may be any memory as long as binary data can be stored; in an integrated circuit, a circuit without a physical form and with a storage function is also called a memory, such as a RAM, a FIFO and the like; in the system, the storage device in physical form is also called a memory, such as a memory bank, a TF card and the like.
An embodiment of the present specification further provides a terminal device, including a processor and a memory for storing processor-executable instructions, where the processor, when implemented specifically, may perform the following steps according to the instructions: receiving and responding to a trigger operation of a target user for a target application, and generating a corresponding target loading request; the target loading request at least carries an application identifier of a target application; sending the target loading request to a server of a certificate management system based on a blockchain; the server acquires a target security certificate corresponding to an application identifier of a target application through a query block chain according to the target loading request; providing the target security certificate to target terminal equipment according to a preset transmission rule; writing a loading record about the target security certificate in the block chain; and performing corresponding service data processing according to the target security certificate through the target application.
The present specification further provides a computer-readable storage medium based on the above data processing method of a block chain based security certificate, where the computer-readable storage medium stores computer program instructions, and when the computer program instructions are executed, the computer program instructions implement: receiving a target loading request initiated by target terminal equipment; the target loading request at least carries an application identifier of a target application; the target loading request is generated by target terminal equipment under the condition that a target user triggers a target application; acquiring a target security certificate corresponding to the application identifier of the target application through a query blockchain according to the target loading request; providing the target security certificate to target terminal equipment according to a preset transmission rule; writing a loading record related to the target security certificate in the block chain; and the target application performs corresponding service data processing according to the target security certificate.
The present specification further provides another computer-readable storage medium based on the above data processing method of a block chain based security certificate, where the computer-readable storage medium stores computer program instructions, and when the computer program instructions are executed, the computer program instructions implement: receiving and responding to a trigger operation of a target user for a target application, and generating a corresponding target loading request; the target loading request at least carries an application identifier of a target application; sending the target loading request to a server of a certificate management system based on a blockchain; the server acquires a target security certificate corresponding to an application identifier of a target application through a query block chain according to the target loading request; providing the target security certificate to target terminal equipment according to a preset transmission rule; writing a loading record about the target security certificate in the block chain; and performing corresponding service data processing according to the target security certificate through the target application.
In this embodiment, the storage medium includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), a Cache (Cache), a Hard Disk (HDD), or a Memory Card (Memory Card). The memory may be used to store computer program instructions. The network communication unit may be an interface for performing network connection communication, which is set in accordance with a standard prescribed by a communication protocol.
In this embodiment, functions and effects specifically realized by the program instructions stored in the computer-readable storage medium may be explained in comparison with other embodiments, and are not described herein again.
Embodiments of the present specification further provide a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program implements the following steps: receiving a target loading request initiated by target terminal equipment; the target loading request at least carries an application identifier of a target application; the target loading request is generated by target terminal equipment under the condition that a target user triggers a target application; acquiring a target security certificate corresponding to the application identifier of the target application through a query blockchain according to the target loading request; providing the target security certificate to target terminal equipment according to a preset transmission rule; writing a loading record related to the target security certificate in the block chain; and the target application performs corresponding service data processing according to the target security certificate.
Referring to fig. 6, in a software level, an embodiment of the present specification further provides a data processing apparatus for a security certificate based on a block chain, where the apparatus may specifically include the following structural modules:
a receiving module 601, which may be specifically configured to receive a target loading request initiated by a target terminal device; the target loading request at least carries an application identifier of a target application; the target loading request is generated by target terminal equipment under the condition that a target user triggers a target application;
the query module 602 may be specifically configured to obtain, according to the target loading request, a target security certificate corresponding to an application identifier of a target application through a query blockchain;
the processing module 603 may be specifically configured to provide the target security certificate to the target terminal device according to a preset transmission rule; writing a loading record related to the target security certificate in the block chain; and the target application performs corresponding service data processing according to the target security certificate.
In some embodiments, the apparatus may further include a creation module, which, when implemented in detail, may be configured to receive a target certificate creation request sent by the management terminal; the target certificate creating request at least carries an authority certificate of a management terminal and associated data of a target security certificate; performing authority verification on the target certificate creation request according to the authority certificate; under the condition that the authority verification is determined to pass, creating a corresponding target security certificate according to the associated data of the target security certificate; storing the target security certificate into a block chain; and writes a creation record for the target security certificate in the blockchain.
In some embodiments, the association data may specifically include at least one of: application identification, application type, certificate type, enterprise information, expiration information, and the like.
In some embodiments, when the creating module is implemented, the creating module may create the corresponding target security certificate according to the association data of the target security certificate in the following manner: performing data modeling in an object-oriented mode according to the associated data of the target security certificate to create and obtain a corresponding target security certificate; the target security certificate also carries an application rule corresponding to the target security certificate.
In some embodiments, the creating module, when implemented, may store the target security certificate in a block chain in the following manner: storing the target security certificate into a preset database table in a block chain; wherein the preset database table comprises a database table based on a BC paradigm.
In some embodiments, after storing the target security certificate in a preset database table in the block chain, the creating module may be further configured to associate the target security certificate with the application identifier of the corresponding target application in a foreign key manner according to the association data of the target security certificate.
In some embodiments, the apparatus may further include an update module, which may be specifically configured to receive a target certificate update request sent by the management terminal; the target certificate updating request at least carries an authority certificate of a management terminal and updating data of a target security certificate; performing authority verification on the target certificate updating request according to the authority certificate; under the condition that the authority verification is determined to pass, updating the corresponding target security certificate in the block chain according to the updating data of the target security certificate; and writes an update record regarding the target security certificate in the blockchain.
In some embodiments, after storing the target security certificate in the block chain, the update module may be further configured to detect whether the target security certificate is proximity-failed at preset time intervals; generating first prompt information about the proximity failure of the target security certificate under the condition that the proximity failure of the target security certificate is determined; and sending the first prompt message to a management terminal corresponding to the target security certificate.
In some embodiments, when the processing module 603 is implemented, the target security certificate may be provided to the target terminal device according to a preset transmission rule in the following manner: encrypting the target security certificate by using a target public key corresponding to the target terminal equipment according to a preset transmission rule to obtain ciphertext data of the target security certificate; sending the ciphertext data of the target security certificate to target terminal equipment; the target terminal equipment holds a target private key; and the target terminal equipment decrypts the ciphertext data of the target security certificate by using the target private key to obtain the target security certificate.
As shown in fig. 7, in a software layer, an embodiment of the present specification further provides another data processing apparatus for a security certificate based on a block chain, where the apparatus may specifically include the following structural modules:
the generating module 701 may be specifically configured to receive and respond to a trigger operation of a target user for a target application, and generate a corresponding target loading request; the target loading request at least carries an application identifier of a target application;
a sending module 702, which may be specifically configured to send the target loading request to a server of a certificate management system based on a blockchain; the server acquires a target security certificate corresponding to an application identifier of a target application through a query block chain according to the target loading request; providing the target security certificate to target terminal equipment according to a preset transmission rule; writing a loading record related to the target security certificate in the block chain;
the processing module 703 may be specifically configured to perform corresponding service data processing according to the target security certificate through the target application.
In some embodiments, when the sending module 702 is implemented, the target loading request may be sent to a server of a certificate management system based on a blockchain in the following manner: and sending the target loading request to a server according to a preset API (application program interface) calling protocol.
It should be noted that, the units, devices, modules, etc. illustrated in the above embodiments may be implemented by a computer chip or an entity, or implemented by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. It is to be understood that, in implementing the present specification, functions of each module may be implemented in one or more pieces of software and/or hardware, or a module that implements the same function may be implemented by a combination of a plurality of sub-modules or sub-units, or the like. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
As can be seen from the above, according to the data processing apparatus for a security certificate based on a block chain provided in the embodiment of the present disclosure, by introducing the block chain based certificate management system, security certificates of different applications are specially stored and managed by using characteristics of security, non-tamper-resistance, and the like of the block chain, so that the maintenance and management processes of the security certificate can be effectively simplified, a security risk existing when the security certificate is stored locally in a terminal device is avoided, and data processing related to the security certificate can be safely and efficiently completed.
Although the present specification provides method steps as described in the examples or flowcharts, additional or fewer steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an apparatus or client product in practice executes, it may execute sequentially or in parallel (e.g., in a parallel processor or multithreaded processing environment, or even in a distributed data processing environment) according to the embodiments or methods shown in the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. The terms first, second, etc. are used to denote names, but not to denote any particular order.
Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, classes, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer-readable storage media including memory storage devices.
From the above description of the embodiments, it is clear to those skilled in the art that the present specification can be implemented by software plus necessary general hardware platform. With this understanding, the technical solutions in the present specification may be essentially embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a mobile terminal, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments in the present specification.
The embodiments in the present specification are described in a progressive manner, and the same or similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. The description is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
While the specification has been described with examples, those skilled in the art will appreciate that there are numerous variations and permutations of the specification without departing from the spirit of the specification, and it is intended that the appended claims encompass such variations and modifications without departing from the spirit of the specification.
Claims (15)
1. A data processing method of a security certificate based on a block chain is applied to a server, wherein the server is a server of a certificate management system based on the block chain, and the method comprises the following steps:
receiving a target loading request initiated by target terminal equipment; the target loading request at least carries an application identifier of a target application; the target loading request is generated by target terminal equipment under the condition that a target user triggers a target application;
acquiring a target security certificate corresponding to an application identifier of a target application through a query block chain according to the target loading request;
providing the target security certificate to target terminal equipment according to a preset transmission rule; writing a loading record related to the target security certificate in the block chain; and the target application performs corresponding service data processing according to the target security certificate.
2. The method of claim 1, further comprising:
receiving a target certificate creation request sent by a management terminal; the target certificate creating request at least carries an authority certificate of a management terminal and associated data of a target security certificate;
performing authority verification on the target certificate creation request according to the authority certificate;
under the condition that the authority verification is determined to pass, creating a corresponding target security certificate according to the associated data of the target security certificate;
storing the target security certificate into a block chain; and writes a creation record for the target security certificate in the blockchain.
3. The method of claim 2, wherein the association data comprises at least one of: application identification, application type, certificate type, enterprise information, and validity period information.
4. The method according to claim 3, wherein creating the corresponding target security certificate according to the association data of the target security certificate comprises:
performing data modeling in an object-oriented mode according to the associated data of the target security certificate to create and obtain a corresponding target security certificate; the target security certificate also carries an application rule corresponding to the target security certificate.
5. The method of claim 2, wherein storing the target security certificate in a block chain comprises:
storing the target security certificate into a preset database table in a block chain; wherein the preset database table comprises a database table based on a BC paradigm.
6. The method according to claim 5, wherein after storing the target security certificate in a preset database table in a block chain, the method further comprises:
and associating the target security certificate with the corresponding application identifier of the target application in a foreign key mode according to the association data of the target security certificate.
7. The method of claim 2, wherein after storing the target security certificate in a block chain, the method further comprises:
receiving a target certificate updating request sent by a management terminal; the target certificate updating request at least carries an authority certificate of a management terminal and updating data of a target security certificate;
performing authority verification on the target certificate updating request according to the authority certificate;
under the condition that the authority verification is determined to pass, updating the corresponding target security certificate in the block chain according to the updating data of the target security certificate; and write an update record regarding the target security certificate in the blockchain.
8. The method of claim 2, wherein after storing the target security certificate in a block chain, the method further comprises:
detecting whether a target security certificate is adjacent to fail or not at each preset time interval;
under the condition that the target security certificate is determined to be adjacent to the failure, generating first prompt information about the adjacent failure of the target security certificate;
and sending the first prompt message to a management terminal corresponding to the target security certificate.
9. The method according to claim 1, wherein providing the target security certificate to a target terminal device according to a preset transmission rule comprises:
encrypting the target security certificate by using a target public key corresponding to the target terminal equipment according to a preset transmission rule to obtain ciphertext data of the target security certificate;
sending the ciphertext data of the target security certificate to target terminal equipment; the target terminal equipment holds a target private key; and the target terminal equipment decrypts the ciphertext data of the target security certificate by using the target private key to obtain the target security certificate.
10. A data processing method of a safety certificate based on a block chain is characterized in that the method is applied to a target terminal device, the target terminal device is provided with a target application, and the method comprises the following steps:
receiving and responding to a trigger operation of a target user for a target application, and generating a corresponding target loading request; the target loading request at least carries an application identifier of a target application;
sending the target loading request to a server of a certificate management system based on a blockchain; the server acquires a target security certificate corresponding to an application identifier of a target application through a query block chain according to the target loading request; providing the target security certificate to target terminal equipment according to a preset transmission rule; writing a loading record related to the target security certificate in the block chain;
and performing corresponding service data processing according to the target security certificate through the target application.
11. The method of claim 10, wherein sending the target load request to a server of a blockchain-based certificate management system comprises:
and sending the target loading request to a server according to a preset API interface calling protocol.
12. A data processing apparatus for a security certificate based on a block chain, the apparatus being applied to a server, the server being a server of a block chain based certificate management system, the apparatus comprising:
the receiving module is used for receiving a target loading request initiated by target terminal equipment; the target loading request at least carries an application identifier of a target application; the target loading request is generated by target terminal equipment under the condition that a target user triggers a target application;
the query module is used for acquiring a target security certificate corresponding to the application identifier of the target application through a query block chain according to the target loading request;
the processing module is used for providing the target security certificate for the target terminal equipment according to a preset transmission rule; writing a loading record related to the target security certificate in the block chain; and the target application performs corresponding service data processing according to the target security certificate.
13. A server comprising a processor and a memory for storing processor-executable instructions which, when executed by the processor, implement the steps of the method of any one of claims 1 to 9.
14. A computer-readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method of any of claims 1 to 9, or 10 to 11.
15. A computer program product comprising a computer program which, when executed by a processor, performs the steps of the method of any one of claims 1 to 9, or 10 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211151688.4A CN115567218A (en) | 2022-09-21 | 2022-09-21 | Data processing method and device of security certificate based on block chain and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211151688.4A CN115567218A (en) | 2022-09-21 | 2022-09-21 | Data processing method and device of security certificate based on block chain and server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115567218A true CN115567218A (en) | 2023-01-03 |
Family
ID=84741093
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211151688.4A Pending CN115567218A (en) | 2022-09-21 | 2022-09-21 | Data processing method and device of security certificate based on block chain and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115567218A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116722989A (en) * | 2023-06-20 | 2023-09-08 | 上海蚂蚁创将信息技术有限公司 | Block chain certificate management method and device, electronic equipment and storage medium |
-
2022
- 2022-09-21 CN CN202211151688.4A patent/CN115567218A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116722989A (en) * | 2023-06-20 | 2023-09-08 | 上海蚂蚁创将信息技术有限公司 | Block chain certificate management method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110826111B (en) | Test supervision method, device, equipment and storage medium | |
| JP6882474B2 (en) | Systems and methods for detecting replay attacks | |
| CN112217835B (en) | Message data processing method and device, server and terminal equipment | |
| CN110266872B (en) | Address book data management and control method and device, cloud address book system, computer equipment and computer readable storage medium | |
| CN110944046B (en) | Control method of consensus mechanism and related equipment | |
| JP2019524016A (en) | Methods for managing the status of connected devices | |
| CN104199654A (en) | Open platform calling method and device | |
| CN111079091A (en) | Software security management method and device, terminal and server | |
| US10749867B1 (en) | Systems and methods for device detection and registration | |
| CN111488372A (en) | Data processing method, device and storage medium | |
| CN112150113A (en) | Method, device and system for borrowing file data and method for borrowing data | |
| CN112738138A (en) | Cloud security hosting method, device, equipment and storage medium | |
| CN115130075A (en) | Digital signature method and device, electronic equipment and storage medium | |
| CN115567218A (en) | Data processing method and device of security certificate based on block chain and server | |
| CN112069529B (en) | Block chain-based volume management method and device, computer and storage medium | |
| CN111260475A (en) | Data processing method, block chain node point equipment and storage medium | |
| CN115514470B (en) | Storage method and system for community correction data security | |
| CN111177171A (en) | Service data authentication and management method and system based on block chain | |
| CN110908801A (en) | Data processing method and device based on block chain, computer equipment and storage medium | |
| CN115482132A (en) | Data processing method and device for electronic contract based on block chain and server | |
| CN111698227B (en) | Information synchronization management method, device, computer system and readable storage medium | |
| CN114625756A (en) | Data query method and device and server | |
| CN113449269A (en) | Core module activation method and device and storage medium | |
| CN113379577A (en) | Transaction auditing method, device and equipment | |
| CN117040930B (en) | Resource processing method, device, product, equipment and medium of block chain network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |