CN117318959B - Expiration early warning method, device, system, equipment and medium for digital certificate - Google Patents

Expiration early warning method, device, system, equipment and medium for digital certificate Download PDF

Info

Publication number
CN117318959B
CN117318959B CN202311597615.2A CN202311597615A CN117318959B CN 117318959 B CN117318959 B CN 117318959B CN 202311597615 A CN202311597615 A CN 202311597615A CN 117318959 B CN117318959 B CN 117318959B
Authority
CN
China
Prior art keywords
certificate
digital certificate
expiration
information
early warning
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311597615.2A
Other languages
Chinese (zh)
Other versions
CN117318959A (en
Inventor
唐建亮
董雪英
陈鹏
芦飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Metabrain Intelligent Technology Co Ltd
Original Assignee
Suzhou Metabrain Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Metabrain Intelligent Technology Co Ltd filed Critical Suzhou Metabrain Intelligent Technology Co Ltd
Priority to CN202311597615.2A priority Critical patent/CN117318959B/en
Publication of CN117318959A publication Critical patent/CN117318959A/en
Application granted granted Critical
Publication of CN117318959B publication Critical patent/CN117318959B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the application provides an expiration early warning method, device, system, equipment and medium for a digital certificate. The method comprises the following steps: acquiring a certificate expiration time of a digital certificate stored in the BIOS; determining whether the digital certificate expires based on a current system time of the BMC and the certificate expiration time; determining an expiration remaining duration of the digital certificate based on the current system time and the certificate expiration time under the condition that the digital certificate is not expired; and under the condition that the expiration residual duration is determined to be smaller than a pre-configured early warning prompt duration, generating first early warning information for indicating the expiration duration of the digital certificate based on the expiration residual duration. According to the method and the device for the operation and maintenance of the mobile terminal, operation and maintenance personnel can avoid the problem caused by expiration of the certificate in advance, intelligent operation and maintenance are achieved, smooth operation of the service is guaranteed, and human resources are saved.

Description

Expiration early warning method, device, system, equipment and medium for digital certificate
Technical Field
The present disclosure relates to the field of digital certificate management technologies, and in particular, to a method, an apparatus, a system, a device, and a medium for early warning of expiration of a digital certificate.
Background
BIOS (Basic Input and Output System, basic input output system) is a set of programs solidified on a ROM (Read Only Memory image, read only memory mirror image) chip on the motherboard in the computer, which holds the most important power-on self-test, hardware initialization programs and service programs of the bottom layer of the system, etc.
When the mainboard leaves the factory, a plurality of digital certificates, namely DB certificates, can be built in, and the DB certificates are provided with public keys for verifying the signature of the starting item. Then, any operating system or hardware driver that wants to load on this motherboard needs authentication by public key. I.e. the software must be signed with the corresponding private key, otherwise the motherboard refuses to load. When the computer boots up, the Secure Boot (i.e., secure Boot for the purpose of preventing malware intrusion) will use the public key in the DB (Database, collection of digital certificates) certificate to verify the signature of the Boot item. If the signature is valid, the initiator is considered trusted and may be loaded. If the signature is invalid or there is no corresponding certificate, the Secure Boot will refuse to load the Boot item, thereby protecting the system from malware.
At present, when the private key of the loaded corresponding operating system starting item fails to be verified by the public key in the corresponding digital certificate, the digital certificate is known to be outdated, and the operating system can be successfully started only by replacement, so that starting delay of the operating system is caused, and smooth operation of a service cannot be guaranteed. Meanwhile, the digital certificate expiration checking mode needs to be checked manually, has low checking efficiency and causes waste of human resources.
Disclosure of Invention
The embodiment of the application provides an expiration early warning method, device, system, equipment and medium for a digital certificate, which are used for solving the problems that an expiration checking mode for the digital certificate can cause starting delay of an operating system, smooth operation of a service cannot be ensured, checking efficiency is low and human resources are wasted in the prior art.
In order to solve the above technical problems, embodiments of the present application are implemented as follows:
in a first aspect, an embodiment of the present application provides an expiration pre-warning method of a digital certificate, applied to a BMC, where the method includes:
acquiring a certificate expiration time of a digital certificate stored in the BIOS;
determining whether the digital certificate expires based on a current system time of the BMC and the certificate expiration time;
Determining an expiration remaining duration of the digital certificate based on the current system time and the certificate expiration time under the condition that the digital certificate is not expired;
and under the condition that the expiration residual duration is determined to be smaller than a pre-configured early warning prompt duration, generating first early warning information for indicating the expiration duration of the digital certificate based on the expiration residual duration.
Optionally, the generating, based on the expiration remaining duration, first early warning information for indicating the expiration duration of the digital certificate includes:
determining whether the digital certificate is preconfigured with a whitelist mechanism;
determining whether the digital certificate is in a preset digital certificate white list or not under the condition that the digital certificate is configured with the white list mechanism;
and generating the first early warning information based on the expiration residual duration under the condition that the digital certificate is determined to be in the digital certificate white list.
Optionally, the generating, based on the expiration remaining duration, first early warning information for indicating the expiration duration of the digital certificate includes:
determining whether the digital certificate is preconfigured with a whitelist mechanism;
And generating the first early warning information based on the expiration residual duration under the condition that the digital certificate is not configured with the white list mechanism.
Optionally, after the generating the first early warning information based on the expiration remaining duration, the method further includes:
acquiring the latest version of the digital certificate;
and storing the latest version of certificate information in a shared memory, updating the certificate updating mark position of the digital certificate into an un-updated mark in the shared memory, so that the BIOS acquires the latest version of certificate information from the shared memory, and updating the digital certificate according to the latest version of certificate information.
Optionally, after the storing the latest version of the certificate information in the shared memory, the method further includes:
acquiring first updating success information of the digital certificate sent by the BIOS;
generating and outputting first early warning release information of the digital certificate based on the first updating success information;
and updating the certificate updating mark position of the digital certificate into an updated mark in the shared memory.
Optionally, after the determining whether the digital certificate is in a preset digital certificate white list, the method further includes:
And under the condition that the digital certificate is not in the digital certificate white list, generating no early warning information of the digital certificate, and ending the early warning process of the digital certificate.
Optionally, the acquiring the certificate information of the latest version of the digital certificate includes:
acquiring a certificate name of the digital certificate;
inquiring the latest version of certificate information corresponding to the certificate name from a certificate maintenance library.
Optionally, after determining whether the digital certificate expires based on the current system time of the BMC and the certificate expiration time, the method further comprises:
generating second early warning information indicating that the digital certificate has expired based on a certificate name of the digital certificate and the certificate expiration time in response to the digital certificate having expired;
and outputting the second early warning information.
Optionally, the generating, based on the certificate name of the digital certificate and the certificate expiration time, second early warning information for indicating that the digital certificate has expired includes:
determining whether the digital certificate is preconfigured with a whitelist mechanism;
determining whether the digital certificate is in a preset digital certificate white list or not in response to the digital certificate being configured with the white list mechanism;
And generating the second early warning information based on the certificate name of the digital certificate and the certificate expiration time in response to the digital certificate being in the digital certificate white list.
Optionally, the generating, based on the certificate name of the digital certificate and the certificate expiration time, second early warning information for indicating that the digital certificate has expired includes:
determining whether the digital certificate is preconfigured with a whitelist mechanism;
and generating the second early warning information based on the certificate name of the digital certificate and the certificate expiration time in response to the digital certificate not being configured with the whitelist mechanism.
Optionally, after the generating the second early warning information based on the certificate name of the digital certificate and the certificate expiration time, the method further includes:
acquiring the latest version of the digital certificate;
and storing the latest version of certificate information in a shared memory, updating the certificate updating mark position of the digital certificate into an un-updated mark in the shared memory, so that the BIOS acquires the latest version of certificate information from the shared memory, and updating the digital certificate according to the latest version of certificate information.
Optionally, after the storing the latest version of the certificate information in the shared memory and updating the certificate update flag location of the digital certificate to an un-updated flag in the shared memory, the method further includes:
acquiring second updating success information of the digital certificate sent by the BIOS;
generating and outputting second early warning release information of the digital certificate based on the second updating success information;
and updating the certificate updating mark position of the digital certificate into an updated mark in the shared memory.
In a second aspect, an embodiment of the present application provides an expiration pre-warning device for a digital certificate, which is applied to a BMC, and the device includes:
a certificate expiration time acquisition module for acquiring the certificate expiration time of the digital certificate stored in the BIOS;
a digital certificate determining module, configured to determine whether the digital certificate expires based on a current system time of a BMC and the certificate expiration time;
an expiration remaining time determining module, configured to determine an expiration remaining time of the digital certificate based on the current system time and the certificate expiration time, if it is determined that the digital certificate is not expired;
The first early warning information generation module is used for generating first early warning information for indicating the expiration time of the digital certificate based on the expiration residual time under the condition that the expiration residual time is smaller than the pre-configured early warning prompt time.
Optionally, the first early warning information generating module includes:
a first mechanism determining unit configured to determine whether the digital certificate is preconfigured with a whitelist mechanism;
a white list determining unit, configured to determine whether the digital certificate is in a preset digital certificate white list, if it is determined that the digital certificate is configured with the white list mechanism;
and the first early warning information generation unit is used for generating the first early warning information based on the expiration residual duration under the condition that the digital certificate is determined to be in the digital certificate white list.
Optionally, the generating, based on the expiration remaining duration, early warning information for indicating the expiration duration of the digital certificate includes:
a second mechanism determining unit configured to determine whether the digital certificate is preconfigured with a whitelist mechanism;
and the second early warning information generation unit is used for generating the first early warning information based on the expiration residual duration under the condition that the digital certificate is not configured with the white list mechanism.
Optionally, the apparatus further comprises:
the certificate information acquisition module is used for acquiring the certificate information of the latest version of the digital certificate;
and the certificate information storage module is used for storing the latest version of certificate information in a shared memory, updating the certificate update mark position of the digital certificate into an un-updated mark in the shared memory, acquiring the latest version of certificate information from the shared memory by the BIOS, and updating the digital certificate according to the latest version of certificate information.
Optionally, the apparatus further comprises:
the first updating information acquisition module is used for acquiring first updating success information of the digital certificate sent by the BIOS;
the first release information generation module is used for generating and outputting first early warning release information of the digital certificate based on the first updating success information;
and the certificate mark updating module is used for updating the certificate updating mark position of the digital certificate into an updated mark in the shared memory.
Optionally, the apparatus further comprises:
and the early warning process ending module is used for not generating early warning information of the digital certificate under the condition that the digital certificate is not in the digital certificate white list, and ending the early warning process of the digital certificate.
Optionally, the certificate information acquisition module includes:
a certificate name acquisition unit configured to acquire a certificate name of the digital certificate;
and the certificate information acquisition unit is used for inquiring the latest version of certificate information corresponding to the certificate name from a certificate maintenance library.
Optionally, the apparatus further comprises:
a second early warning information generation module for generating second early warning information indicating that the digital certificate has expired based on a certificate name of the digital certificate and the certificate expiration time in response to the digital certificate having expired;
and the second early warning information output module is used for outputting the second early warning information.
Optionally, the second early warning information generating module includes:
a third mechanism determining unit configured to determine whether the digital certificate is preconfigured with a whitelist mechanism;
a certificate white list determining unit, configured to determine whether the digital certificate is in a preset digital certificate white list in response to the digital certificate being configured with the white list mechanism;
and the third early warning information generation unit is used for generating the second early warning information based on the certificate name of the digital certificate and the certificate expiration time in response to the digital certificate being in the digital certificate white list.
Optionally, the second early warning information generating module includes:
a fourth mechanism determining unit configured to determine whether the digital certificate is preconfigured with a whitelist mechanism;
and a fourth early warning information generating unit configured to generate the second early warning information based on a certificate name of the digital certificate and the certificate expiration time in response to the digital certificate not being configured with the whitelist mechanism.
Optionally, the apparatus further comprises:
the latest version information acquisition module is used for acquiring the latest version certificate information of the digital certificate;
the latest version information storage module is used for storing the latest version of certificate information in a shared memory, updating the position of a certificate update mark of the digital certificate into an un-updated mark in the shared memory, acquiring the latest version of certificate information from the shared memory by the BIOS, and updating the digital certificate according to the latest version of certificate information.
Optionally, the apparatus further comprises:
the second updating information acquisition module is used for acquiring second updating success information of the digital certificate sent by the BIOS;
the second release information generation module is used for generating and outputting second early warning release information of the digital certificate based on the second updating success information;
And the certificate mark position updating module is used for updating the certificate updating mark position of the digital certificate into an updated mark in the shared memory.
In a third aspect, an embodiment of the present application provides an expiration pre-warning system for a digital certificate, where the system includes: a BIOS and a BMC, the BIOS being communicatively coupled to the BMC, wherein,
the BIOS is used for sending the expiration time of the digital certificate to the BMC;
the BMC is configured to determine whether the digital certificate is expired based on a current system time and the certificate expiration time, determine an expiration remaining time of the digital certificate based on the current system time and the certificate expiration time when the digital certificate is determined not to be expired, and generate first early warning information indicating the expiration time of the digital certificate based on the expiration remaining time when the expiration remaining time is determined to be less than a pre-configured early warning prompt time.
Optionally, the system further comprises: the CPU and the OS operating system are provided,
the BMC is further used for acquiring the latest version of the certificate information of the digital certificate from a certificate maintenance library, storing the latest version of the certificate information in a shared memory, and updating the certificate update mark position of the digital certificate into an un-updated mark in the shared memory;
The CPU is used for capturing the latest version of certificate information from the shared memory;
the OS operating system is used for checking the validity of the certificate information of the latest version;
the BIOS is further used for reading the latest version of certificate information which is successfully checked by validity from the CPU, and updating the digital certificate according to the latest version of certificate information.
In a fourth aspect, an embodiment of the present application provides an electronic device, including:
a memory, a processor, and a computer program stored on the memory and executable on the processor, the computer program when executed by the processor implementing the method of pre-warning of expiration of a digital certificate as described in any one of the preceding claims.
In a fifth aspect, embodiments of the present application provide a readable storage medium, which when executed by a processor of an electronic device, enables the electronic device to perform the method for pre-warning of expiration of a digital certificate as described in any one of the preceding claims.
In an embodiment of the present application, the certificate expiration time of the digital certificate stored in the BIOS is obtained. Based on the current system time of the BMC and the certificate expiration time, it is determined whether the digital certificate has expired. In the event that it is determined that the digital certificate has not expired, an expiration remaining period of the digital certificate is determined based on the current system time and the certificate expiration time. And under the condition that the expiration residual time length is determined to be smaller than the pre-configured early warning prompt time length, generating first early warning information for indicating the expiration time length of the digital certificate based on the expiration residual time length. According to the embodiment of the application, whether the digital certificate is expired or not is checked by the BMC according to the current system time and the certificate expiration time, and the digital certificate is early warned for more than a few days, meanwhile, when the early warning prompt time is up, the expiration early warning of the digital certificate is generated, so that operation and maintenance personnel can avoid the problem caused by the expiration of the certificate in advance, the intelligent operation and maintenance are realized, and the smooth operation of the service is ensured. And whether the digital certificate is out of date does not need to be checked manually, so that manpower resources are saved.
The foregoing description is only an overview of the technical solutions of the present application, and may be implemented according to the content of the specification in order to make the technical means of the present application more clearly understood, and in order to make the above-mentioned and other objects, features and advantages of the present application more clearly understood, the following detailed description of the present application will be given.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments of the present application will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person of ordinary skill in the art.
Fig. 1 is a step flowchart of an expiration pre-warning method for a digital certificate according to an embodiment of the present application;
fig. 2 is a flowchart of steps of a method for generating early warning information according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating steps of another method for generating early warning information according to an embodiment of the present disclosure;
FIG. 4 is a flowchart illustrating steps of a method for storing latest version certificate information according to an embodiment of the present application;
FIG. 5 is a flowchart illustrating steps of a method for outputting early warning release information according to an embodiment of the present disclosure;
FIG. 6 is a flowchart illustrating steps of a method for obtaining latest version certificate information according to an embodiment of the present application;
fig. 7 is a flowchart of steps of a method for outputting early warning information according to an embodiment of the present application;
FIG. 8 is a flowchart illustrating steps of another method for generating early warning information according to an embodiment of the present disclosure;
FIG. 9 is a flowchart illustrating steps of another method for generating early warning information according to an embodiment of the present disclosure;
FIG. 10 is a flowchart illustrating steps of another method for storing latest version certificate information according to an embodiment of the present application;
FIG. 11 is a flowchart illustrating steps of a method for updating a certificate update flag location according to an embodiment of the present application;
FIG. 12 is a schematic diagram of an alarm and update procedure for checking expiration time of a digital certificate provided in an embodiment of the present application;
FIG. 13 is a schematic diagram of a hardware system framework according to an embodiment of the present disclosure;
fig. 14 is a schematic structural diagram of an expiration pre-warning device for a digital certificate according to an embodiment of the present application;
fig. 15 is a schematic structural diagram of an expiration pre-warning system for digital certificates according to an embodiment of the present application;
Fig. 16 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
Referring to fig. 1, a step flowchart of an expiration pre-warning method for a digital certificate provided in an embodiment of the present application is shown, and as shown in fig. 1, the expiration pre-warning method for a digital certificate may include: step 101, step 102, step 103 and step 104.
Step 101: a certificate expiration time for a digital certificate stored in the BIOS is obtained.
The embodiment of the invention can be applied to a scene that the BMC and the BIOS cooperate to detect whether all the digital certificates or the digital certificates in the white list packed by the BIOS are expired, and early warn the digital certificates in advance for how many days are expired.
The embodiment of the application can be applied to BMC (Baseboard Management Controller ), namely, the execution subject is BMC.
In a specific implementation, on the BIOS side, the duration of the expiration early warning and the digital certificate white list may be preset. Specifically, taking a general server with an OS (Operating System) installed as an example, logging in the web, opening a remote switch, clicking a power-on button, and powering up the server. Meanwhile, the certificate maintenance library is a server which is specially used for maintaining various certificates in the data center server, all the certificates can be updated on time every month, the maintained digital certificates are ensured to be up to date, and the server of ftp (File Transfer Protocol ) protocol is started to monitor the client request. After entering the setup option, the Secure boot option needs to be changed to Enable and save the restart.
Meanwhile, a user can set how much time to alarm is from the expiration time of the digital certificate in an IPMI command mode, can set 0-365 days, and can set whether to set a specific digital certificate as a white list mechanism. The usage commands are as follows:
command 1: IPMI-I lanplus-H IP-U user name-P password DB setTime days 0-365.
Command 2: IPMI-I lanplus-H IP-U user name-P password DB whiteList enabled/disabled.
Command 3: IPMI-I lanplus-H IP-U user name-P password DB whiteList Add corresponds to a digital certificate name.
Command 4: IPMI-I lanplus-H IP-U user name-P password DB whiteList Del corresponds to a digital certificate name.
The command 1 refers to the number of days for setting the expiration reminder, that is, 0 to 365 can be selected by the user. The command 2 refers to whether a specific digital certificate is set as a whitelist mechanism, if yes, an enabling field is input, and if no, a closing field is input. The command 3 refers to a command for adding a digital certificate in the white list, that is, adding a corresponding digital certificate name. The command 4 refers to a command to delete a digital certificate from the white list.
When set, the BIOS will synchronize BMC set time during startup with specific IPMI commands to maintain time consistency. Then go through and read the detailed information (public key, identity information of the certificate owner and certificate expiration time) of the digital certificate, get digital certificate expiration time and certificate name among them and send BMC using the specific IPMI order.
A BMC receiving module can be arranged in the BMC, and can receive related information sent by the BIOS and record the information into a digital certificate log according to certificate names, certificate expiration time and whether the information is in a white list format. As shown in fig. 13, a receiving module is provided in the BMC.
After acquiring the certificate expiration time of the digital certificate stored in the BIOS, step 102 is performed.
Step 102: determining whether the digital certificate expires based on the current system time of the BMC and the certificate expiration time.
After acquiring the certificate expiration time of the digital certificate stored in the BIOS, it may be determined whether the digital certificate has expired based on the current system time of the BMC and the certificate expiration time of the digital certificate. Specifically, when the certificate expiration time is earlier than the current system time, it indicates that the digital certificate has expired. And when the expiration time of the digital certificate is later than the current system time, the digital certificate is not expired.
Specifically, a BMC processing module is arranged in the BMC, and can acquire the digital certificate log sent by the BMC receiving module, traverse the digital certificate log and determine whether the digital certificate is expired according to comparison between the obtained digital certificate expiration time and the BMC current system time. As shown in fig. 13, a processing module is disposed in the BMC and may be used to check whether the digital certificate is expired.
After determining that the digital certificate has not expired, step 103 is performed.
Step 103: and determining the expiration residual duration of the digital certificate based on the current system time and the certificate expiration time under the condition that the digital certificate is not expired.
The expiration remaining time period may be used to indicate how long the digital certificate remains to expire.
After determining that the digital certificate has not expired, an expiration remaining period of the digital certificate may be determined based on the current system time and the certificate expiration time. For example, the current system time is 2023, 11, 12:00, and the expiration time of the digital certificate is 2023, 11, 13, 12:00, then the expiration remaining time of the digital certificate is 24 hours, etc.
It will be appreciated that the above examples are only examples listed for better understanding of the technical solutions of the embodiments of the present application, and are not to be construed as the only limitation of the present embodiments.
After determining the expiration remaining period of the digital certificate based on the current system time and the certificate expiration time, step 104 is performed.
Step 104: and under the condition that the expiration residual duration is determined to be smaller than a pre-configured early warning prompt duration, generating first early warning information for indicating the expiration duration of the digital certificate based on the expiration residual duration.
The early warning prompt duration may be a preset duration for prompting how long the digital certificate expires, in this example, the early warning prompt duration may be 24 hours, 30 hours, 7 days, etc., and specifically, the specific value of the early warning prompt duration may be determined according to the service requirement, which is not limited in this embodiment.
In some examples, the early warning cue duration may be a cue duration previously set by a business person on the BIOS side. Specifically, the service personnel can set early warning prompt time of the digital certificate on the BIOS side in advance, and send the set early warning prompt time of the digital certificate to the BMC and the like in an IPMI command mode.
In some examples, the early warning cue duration may be a cue duration set by a business person in advance on the BMC side. Specifically, the service personnel can set early warning prompt time of the digital certificate on the BMC side in advance, for example, the certificate names of different digital certificates can be set corresponding early warning prompt time in advance, and the early warning prompt time is stored in forms such as a table.
It will be appreciated that the above examples are only examples listed for better understanding of the technical solutions of the embodiments of the present application, and are not to be construed as the only limitation of the present embodiments.
In a specific implementation, the duration of the early warning prompt of different digital certificates may be the same or different, specifically, may be determined according to the service requirement, which is not limited in this embodiment.
After determining the expiration remaining time of the digital certificate based on the current system time and the certificate expiration time, a magnitude relationship between the expiration remaining time and the early warning prompt time may be compared.
And under the condition that the expiration residual time is smaller than the early warning prompt time, generating first early warning information for indicating the expiration time of the digital certificate based on the expiration residual time. When the expiration early warning condition of the digital certificate is reached, early warning information is generated, so that operation and maintenance personnel can know the expiration residual time of the digital certificate in time. As shown in fig. 13, an alarm module is preset in the BMC, and the alarm module may generate early warning information indicating an expiration duration of the digital certificate when the expiration residual duration of the digital certificate is less than the early warning prompt duration.
According to the embodiment of the application, whether the digital certificate is expired or not is checked by the BMC according to the current system time and the certificate expiration time, and the digital certificate is early warned for more than a few days, meanwhile, when the early warning prompt time is up, the expiration early warning of the digital certificate is generated, so that operation and maintenance personnel can avoid the problem caused by the expiration of the certificate in advance, the intelligent operation and maintenance are realized, and the smooth operation of the service is ensured.
In a specific implementation, after determining that the expiration remaining time period is less than the pre-configured early warning prompt time period, it may also be determined whether the digital certificate is pre-configured with a whitelist mechanism. If the white list mechanism is configured, judging whether the digital certificate is in the white list, and if so, generating expiration early warning information. This implementation may be described in detail below in conjunction with fig. 2.
Referring to fig. 2, a flowchart of steps of a method for generating early warning information according to an embodiment of the present application is shown. As shown in fig. 2, the early warning information generation method may include: step 201, step 202 and step 203.
Step 201: it is determined whether the digital certificate is preconfigured with a whitelist mechanism.
In the embodiment of the application, after determining that the expiration remaining time is less than the pre-configured early warning prompt time, it may be determined whether the digital certificate is pre-configured with a whitelist mechanism.
After determining that the digital certificate is preconfigured with the whitelist mechanism, step 202 is performed.
Step 202: and determining whether the digital certificate is in a preset digital certificate white list or not under the condition that the digital certificate is configured with the white list mechanism.
After determining that the digital certificate is preconfigured with the whitelist mechanism, it may be determined whether the digital certificate is within a preset whitelist of digital certificates. Specifically, the certificate name of the digital certificate can be obtained, and whether the certificate name of the digital certificate exists or not can be searched in the digital certificate white list.
In some examples, the digital certificate may be added in advance by the operation and maintenance personnel within the digital certificate whitelist, i.e., the operation and maintenance personnel may obtain the digital certificate for which expiration pre-warning is required and add the digital certificate to the digital certificate whitelist.
In some examples, it may also be determined whether the digital certificate is a digital certificate within the digital certificate whitelist by calculating a scoring value for the digital certificate. Specifically, the scoring item may be preset, and the digital certificate may be scored in combination with the scoring item. In this example, the scoring items may include: at least one of scoring items such as position item, time item, frequency item, keyword matching item, and the like. The location item may be used to indicate a location where the BIOS is located when the digital certificate is scored, that is, a location where the BIOS belongs to a server. The time item may be used to indicate how much time remaining for the digital certificate expires. The frequency term refers to the frequency of use of the digital certificate over a historical time. The keyword matching term refers to the matching degree of the keyword of the index certificate and the keyword preset by the operation and maintenance personnel. When the digital certificate is scored, if the scoring item is only one item, the scoring value of the digital certificate under the scoring item can be directly calculated. When the scoring items are multiple, weights corresponding to the scoring items can be preset, scoring values of the digital certificate under the multiple scoring items are obtained through calculation, and weighting summation is carried out by combining the weights, so that the scoring values of the digital certificate are obtained. In a specific implementation, a scoring threshold may be further set, and if the scoring value of the digital certificate is greater than the scoring threshold, it is determined that the digital certificate is in the digital certificate whitelist. Otherwise, determining that the digital certificate is not in the digital certificate white list.
If the digital certificate is not in the digital certificate white list, the digital certificate is not in the maintenance management range, the processing flow of updating the certificate version in the follow-up early warning is not performed, namely the early warning information of the digital certificate is not generated, and the early warning flow of the digital certificate is ended.
Of course, a digital certificate blacklist may be preset in the BMC, and if it is determined that the digital certificate is not in the digital certificate whitelist, it may be determined whether the digital certificate is in the digital certificate blacklist, specifically, the certificate name of the digital certificate may be obtained and matched with the certificate name in the digital certificate blacklist one by one. If the matching is successful, the digital certificate is determined to be in the digital certificate blacklist.
If the digital certificate is determined to be in the digital certificate blacklist, an early warning can be sent out to prompt the operation and maintenance personnel that the digital certificate in the digital certificate blacklist exists in the BIOS, so that the operation and maintenance personnel can timely carry out subsequent processing, and if the digital certificate is cleaned, and the like.
After determining that the digital certificate is within the preset digital certificate white list, step 203 is performed.
Step 203: and generating the first early warning information based on the expiration residual duration under the condition that the digital certificate is determined to be in the digital certificate white list.
After determining that the digital certificate is in the preset digital certificate white list, first early warning information for indicating how long the digital certificate is expired can be generated based on the expiration remaining time of the digital certificate.
According to the embodiment of the application, due early warning can be carried out on part of important digital certificates by setting the white list mechanism, so that full early warning of the digital certificates is avoided, and the efficiency of the due early warning of the certificates can be improved.
In a specific implementation, after determining that the expiration residual duration is smaller than the pre-configured early warning prompt duration, if the digital certificate is not configured with the white list mechanism, the expiration early warning information can be directly generated. This implementation may be described in detail below in conjunction with fig. 3.
Referring to fig. 3, a flowchart of steps of another method for generating early warning information according to an embodiment of the present application is shown. As shown in fig. 3, the early warning information generation method may include: step 301 and step 302.
Step 301: it is determined whether the digital certificate is preconfigured with a whitelist mechanism.
In the embodiment of the application, after determining that the expiration remaining time is less than the pre-configured early warning prompt time, it may be determined whether the digital certificate is pre-configured with a whitelist mechanism.
After determining that the digital certificate is not configured with the whitelist mechanism, step 202 is performed.
Step 302: and generating the first early warning information based on the expiration residual duration under the condition that the digital certificate is not configured with the white list mechanism.
After determining that the digital certificate is not configured with the whitelist mechanism, first early warning information for indicating how long the digital certificate remains to expire can be generated directly based on the expiration remaining duration of the digital certificate.
According to the embodiment of the application, the expiration early warning information is generated, so that operation and maintenance personnel can be prompted to know the digital certificate about to expire in time, and maintenance can be performed in time.
In a specific implementation, after the first early warning information of the digital certificate is generated, the certificate information of the latest version of the digital certificate can be obtained, so that the latest version of the digital certificate can be stored in the shared memory, and the BIOS can update the digital certificate in time. This implementation may be described in detail below in conjunction with fig. 4.
Referring to fig. 4, a flowchart illustrating steps of a method for storing latest version certificate information according to an embodiment of the present application is shown. As shown in fig. 4, the latest version certificate information storage method may include: step 401 and step 402.
Step 401: and acquiring the certificate information of the latest version of the digital certificate.
In the embodiment of the application, after determining that the expiration residual duration of the digital certificate is smaller than the pre-configured early warning prompt duration, the certificate information of the latest version of the digital certificate can be obtained. Specifically, the latest version of the certificate information corresponding to the digital certificate may be searched from the certificate maintenance library. This implementation may be described in detail below in conjunction with fig. 6.
Referring to fig. 6, a flowchart illustrating steps of a method for acquiring latest version certificate information according to an embodiment of the present application is shown. As shown in fig. 6, the latest version certificate information acquisition method may include: step 601 and step 602.
Step 601: and acquiring the certificate name of the digital certificate.
In the embodiment of the present application, the certificate name of the digital certificate may be obtained, and in this example, the certificate name may be sent to the BMC by the BIOS through an IPMI command manner.
After the certificate name of the digital certificate is obtained, step 602 is performed.
Step 602: inquiring the latest version of certificate information corresponding to the certificate name from a certificate maintenance library.
After the certificate name of the digital certificate is acquired, the latest version of the certificate information corresponding to the certificate name can be queried from the certificate maintenance library.
After the latest version of the digital certificate is obtained, step 402 is performed.
Step 402: and storing the latest version of certificate information in a shared memory, updating the certificate updating mark position of the digital certificate into an un-updated mark in the shared memory, so that the BIOS acquires the latest version of certificate information from the shared memory, and updating the digital certificate according to the latest version of certificate information.
The shared memory refers to a memory that the BIOS and the BMC can share.
After the latest version of the certificate information of the digital certificate is obtained, the latest version of the certificate information of the digital certificate can be stored in the shared memory, and the certificate update flag position of the digital certificate is updated to be an un-updated flag in the shared memory. The not updated flag may be used to alert the BIOS that there is not updated digital certificate information. Furthermore, the BISO may obtain the latest version of the certificate information from the shared memory, and update the digital certificate according to the latest version of the certificate information. As shown in fig. 13, the BMC may find the certificate information of the latest version of the digital certificate from the certificate maintenance library, and send the certificate information to the shared memory for storage, and update the certificate update flag bit. The BIOS chip may execute BIOS code to capture the digital certificate to be updated (i.e., the latest version of the certificate information) from the shared memory through a capture module in the CPU, so as to complete the certificate version update. Meanwhile, the OS startup item may verify the digital certificate to verify the validity of the digital certificate that is fetched from the shared memory.
According to the embodiment of the invention, when the BMC determines that the expiration residual time of the digital certificate is less than the early warning prompt time, the latest version of the digital certificate is timely obtained and stored in the shared memory, and the corresponding non-updated mark is added to indicate the BIOS to update the digital certificate, so that the automatic update of the digital certificate version can be realized, the manual participation is not needed, and the problem of expiration of the digital certificate can be avoided.
In a specific implementation, after the BIOS completes version update of the digital certificate, update information may also be sent to the BMC, so that early warning release information may be generated, and the certificate update flag location may be updated. This implementation may be described in detail below in conjunction with fig. 5.
Referring to fig. 5, a step flowchart of an early warning release information output method provided in an embodiment of the present application is shown. As shown in fig. 5, the early warning release information output method may include: step 501, step 502 and step 503.
Step 501: and acquiring first updating success information of the digital certificate sent by the BIOS.
In this embodiment of the present application, after the BIOS completes the version update of the digital certificate, the first update success information of the digital certificate may be sent to the BMC to indicate that the digital certificate has been successfully updated. Specifically, the BIOS may send the first update success information to the BMC through an IPMI command.
After obtaining the first update success information of the digital certificate sent by the BIOS, step 502 is performed.
Step 502: and generating and outputting first early warning release information of the digital certificate based on the first updating success information.
After the first update success information of the digital certificate sent by the BIOS is obtained, the first early warning release information of the digital certificate may be generated and output based on the first update success information. To indicate that the digital certificate has completed certificate version updating, and to update the digital certificate from the expiration time without pre-warning.
After generating and outputting the first early warning release information of the digital certificate based on the first update success information, step 503 is performed.
Step 503: and updating the certificate updating mark position of the digital certificate into an updated mark in the shared memory.
After the first early warning release information of the digital certificate is generated and output based on the first update success information, the certificate update flag location of the digital certificate may be updated to an updated flag in the shared memory to indicate that the digital certificate has completed version update.
According to the embodiment of the invention, the BIOS sends the update success information, the early warning release information can be timely generated, and the certificate update mark position of the shared memory digital certificate is updated, so that the certificate version can be timely prompted to finish updating, and meanwhile, the updating operation of the digital certificate with the updated version can be avoided from being frequently updated by the BIOS.
The above implementation may be described in conjunction with the following two cases:
1. if the digital certificate is not expired, the BMC judges how much days are left after expiration, if the set days are reached and the white list mechanism is effective, the corresponding certificate is judged whether to be in the white list, if yes, the alarm module generates an alarm report log containing the name of the certificate and how much time is left after expiration, meanwhile, the BMC uses an Ftp protocol to go to a certificate maintenance library to capture the latest certificate according to the name of the certificate and put the latest certificate into a shared memory, when the next BIOS is started, when the update mark position 1 (representing that the information of the non-updated certificate exists) of the shared memory certificate is found, the latest certificate is read through the BIOS, the latest certificate is automatically obtained from the corresponding position of the shared memory, the corresponding certificate is updated, updated success information is sent to the BMC, and the BMC generates an alarm release log. While the shared memory certificate update flag location 0 (indicating that there is no non-updated certificate information).
2. If the digital certificate is not expired, the BMC judges how much day is left after expiration, if the set days are reached and the white list mechanism is not effective, if the white list mechanism is not effective, the alarm module directly generates a pre-alarm log which comprises the name of the certificate and how much time is left after expiration, meanwhile, the BMC uses an Ftp protocol to fetch the latest certificate according to the certificate name to a certificate maintenance library and puts the latest certificate into a shared memory, when the next BIOS is started, when the update mark position 1 of the shared memory certificate is found, the latest certificate information is read through the BIOS, the shared memory address is transmitted, the corresponding certificate information is automatically obtained from the corresponding position of the shared memory, the updated successful information is transmitted to the BMC, and the BMC generates an alarm release log. While the shared memory certificate update flag location 0.
According to the embodiment of the application, the BMC is matched with the BIOS, so that whether all digital certificates contained in the BIOS or digital certificates in a white list are out of date can be detected, and the digital certificates can be early warned for more than a few days. The digital certificate can be automatically and timely upgraded by the aid of the digital certificate upgrading method, safety is improved, operation and maintenance personnel can avoid the problem caused by expiration of the digital certificate in advance, operation and maintenance are better, smooth operation of business is guaranteed, and human resources are saved. Meanwhile, the code portability is strong, and the code portability can be widely applied to different platforms.
In a specific implementation, after determining that the digital certificate is expired based on the current system time of the BMC and the certificate expiration time, pre-warning information for indicating that the digital certificate has expired may be generated. This implementation may be described in detail below in conjunction with fig. 7.
Referring to fig. 7, a flowchart of steps of a method for outputting early warning information according to an embodiment of the present application is shown. As shown in fig. 7, the early warning information output method may include: step 701 and step 702.
Step 701: in response to the digital certificate having expired, second pre-warning information indicating that the digital certificate has expired is generated based on a certificate name of the digital certificate and the certificate expiration time.
In this embodiment, after determining that the digital certificate is expired based on the current system time of the BMC and the certificate expiration time, the second early warning information indicating that the digital certificate is expired may be generated in response to the digital certificate being expired, based on the certificate name and the certificate expiration time of the digital certificate.
After generating the second pre-warning information indicating that the digital certificate has expired based on the certificate name and the certificate expiration time of the digital certificate, step 702 is performed.
Step 702: and outputting the second early warning information.
After generating the second early warning information indicating that the digital certificate has expired based on the certificate name and the certificate expiration time of the digital certificate, the second early warning information may be output. Specifically, the second warning information may be output by at least one of output modes such as sound, vibration, short message, mail, and the like.
By generating and outputting the second early warning information for indicating that the digital certificate is expired, the embodiment of the invention can enable operation and maintenance personnel to timely find out the expired digital certificate in the BIOS so as to timely maintain the digital certificate.
In a specific implementation, after determining that the digital certificate has expired, when generating the second early warning information, it is further required to determine whether the digital certificate is configured with a whitelist mechanism. If a white list mechanism is configured and the digital certificate is in the digital certificate white list, second early warning information is generated. This implementation may be described in detail below in conjunction with fig. 8.
Referring to fig. 8, a flowchart of steps of another method for generating early warning information according to an embodiment of the present application is shown. As shown in fig. 8, the early warning information generation method may include: step 801, step 802 and step 803.
Step 801: it is determined whether the digital certificate is preconfigured with a whitelist mechanism.
In the embodiment of the application, after determining that the digital certificate has expired, it may be determined whether the digital certificate is preconfigured with a whitelist mechanism.
After determining that the digital certificate is preconfigured with the whitelist mechanism, step 802 is performed.
Step 802: and in response to the digital certificate being configured with the whitelist mechanism, determining whether the digital certificate is within a preset digital certificate whitelist.
After determining that the digital certificate is preconfigured with the whitelist mechanism, then the method may be performed in response to the digital certificate being preconfigured with the whitelist mechanism and determining whether the digital certificate is within a preset whitelist of digital certificates.
In some examples, the digital certificate may be added in advance by the operation and maintenance personnel within the digital certificate whitelist, i.e., the operation and maintenance personnel may obtain the digital certificate for which expiration pre-warning is required and add the digital certificate to the digital certificate whitelist.
In some examples, it may also be determined whether the digital certificate is a digital certificate within the digital certificate whitelist by calculating a scoring value for the digital certificate. Specifically, the scoring item may be preset, and the digital certificate may be scored in combination with the scoring item. In this example, the scoring items may include: at least one of scoring items such as position item, time item, frequency item, keyword matching item, and the like. The location item may be used to indicate a location where the BIOS is located when the digital certificate is scored, that is, a location where the BIOS belongs to a server. The time item may be used to indicate how long the digital certificate has expired. The frequency term refers to the frequency of use of the digital certificate over a historical time. The keyword matching term refers to the matching degree of the keyword of the index certificate and the keyword preset by the operation and maintenance personnel. When the digital certificate is scored, if the scoring item is only one item, the scoring value of the digital certificate under the scoring item can be directly calculated. When the scoring items are multiple, weights corresponding to the scoring items can be preset, scoring values of the digital certificate under the multiple scoring items are obtained through calculation, and weighting summation is carried out by combining the weights, so that the scoring values of the digital certificate are obtained. In a specific implementation, a scoring threshold may be further set, and if the scoring value of the digital certificate is greater than the scoring threshold, it is determined that the digital certificate is in the digital certificate whitelist. Otherwise, determining that the digital certificate is not in the digital certificate white list.
If the digital certificate is not in the digital certificate white list, the digital certificate is not in the maintenance management range, the processing flow of updating the certificate version in the follow-up early warning is not performed, namely the early warning information of the digital certificate is not generated, and the early warning flow of the digital certificate is ended.
Of course, a digital certificate blacklist may be preset in the BMC, and if it is determined that the digital certificate is not in the digital certificate whitelist, it may be determined whether the digital certificate is in the digital certificate blacklist, specifically, the certificate name of the digital certificate may be obtained and matched with the certificate name in the digital certificate blacklist one by one. If the matching is successful, the digital certificate is determined to be in the digital certificate blacklist.
If the digital certificate is determined to be in the digital certificate blacklist, an early warning can be sent out to prompt the operation and maintenance personnel that the digital certificate in the digital certificate blacklist exists in the BIOS, so that the operation and maintenance personnel can timely carry out subsequent processing, and if the digital certificate is cleaned, and the like.
Step 803: and generating the second early warning information based on the certificate name of the digital certificate and the certificate expiration time in response to the digital certificate being in the digital certificate white list.
If the digital certificate is not in the digital certificate white list, early warning processing is not needed, and the early warning process of the digital certificate is ended.
If the digital certificate is in the digital certificate white list, second early warning information for indicating that the digital certificate has expired can be generated based on the certificate name and the certificate expiration time of the digital certificate in response to the digital certificate being in the digital certificate white list.
According to the embodiment of the application, due to the fact that the white list mechanism is arranged, the expiration early warning can be carried out on the digital certificate needing early warning only, full quantity early warning is not needed, and therefore the expiration early warning efficiency of the digital certificate can be improved.
In a specific implementation, if the digital certificate is not configured with the whitelist mechanism, second early warning information for indicating that the digital certificate has expired may be directly generated. This implementation may be described in detail below in conjunction with fig. 9.
Referring to fig. 9, a flowchart of steps of still another method for generating early warning information according to an embodiment of the present application is shown. As shown in fig. 9, the early warning information generation method may include: step 901 and step 902.
Step 901: it is determined whether the digital certificate is preconfigured with a whitelist mechanism.
In the embodiment of the application, after determining that the digital certificate has expired, it may be determined whether the digital certificate is preconfigured with a whitelist mechanism.
After determining that the digital certificate is not configured with a whitelist mechanism, step 902 is performed.
Step 902: and generating the second early warning information based on the certificate name of the digital certificate and the certificate expiration time in response to the digital certificate not being configured with the whitelist mechanism.
After determining that the digital certificate is not configured with the whitelist mechanism, second pre-warning information indicating that the digital certificate has expired may be generated based on the certificate name and the certificate expiration time of the digital certificate in response to the digital certificate not being configured with the whitelist mechanism.
According to the embodiment of the invention, when the digital certificate is not configured with the white list mechanism, the early warning information for indicating the expiration of the digital certificate is directly generated, so that an operation and maintenance person can timely find the expired digital certificate, and subsequent certificate updating and maintenance are facilitated.
In a specific implementation, after determining that the digital certificate has expired, the latest version of the digital certificate may be obtained and stored in the shared memory, so that the BIOS may update the version of the digital certificate in time. This implementation may be described in detail below in conjunction with fig. 10.
Referring to fig. 10, a flowchart of steps of another method for storing latest version certificate information according to an embodiment of the present application is shown. As shown in fig. 10, the latest version certificate information storage method may include: step 1001 and step 1002.
Step 1001: and acquiring the certificate information of the latest version of the digital certificate.
In the embodiment of the application, after determining that the digital certificate has expired, the certificate information of the latest version of the digital certificate may be acquired. Specifically, according to the certificate name of the digital certificate, the latest version of certificate information corresponding to the certificate name can be queried from the certificate maintenance library.
After the latest version of the digital certificate is obtained, step 1002 is performed.
Step 1002: and storing the latest version of certificate information in a shared memory, updating the certificate updating mark position of the digital certificate into an un-updated mark in the shared memory, so that the BIOS acquires the latest version of certificate information from the shared memory, and updating the digital certificate according to the latest version of certificate information.
After the latest version of the certificate information of the digital certificate is obtained, the latest version of the certificate information can be stored in the shared memory, and the position of the certificate update mark of the digital certificate is updated into an un-updated mark in the shared memory, so that the latest version of the certificate information is obtained from the shared memory by the BIOS, and the digital certificate is updated according to the latest version of the certificate information.
According to the embodiment of the application, the latest version of the certificate information of the expired digital certificate is acquired and stored in the shared memory, and meanwhile, the position of the certificate update mark of the updated digital certificate is the un-updated mark so as to prompt the BIOS to have the un-updated digital certificate, so that the BIOS can acquire the latest version of the certificate information in time from the shared memory, and version update of the digital certificate is completed.
In a specific implementation, after the BIOS completes version update of the digital certificate, update success information may also be sent to the BMC to generate early warning release information, and update the certificate update flag location in the shared memory. This implementation may be described in detail below in conjunction with fig. 11.
Referring to fig. 11, a flowchart of steps of a certificate update flag location update method provided in an embodiment of the present application is shown. As shown in fig. 11, the certificate update flag location update method may include: step 1101, step 1102 and step 1103.
Step 1101: and acquiring second updating success information of the digital certificate sent by the BIOS.
In this embodiment, after the BIOS completes the version update of the digital certificate, the second update success information of the digital certificate may be sent to the BMC to indicate that the digital certificate is successfully updated. Specifically, the BIOS may send the second update success information to the BMC through an IPMI command.
After obtaining the second update success information of the digital certificate sent by the BIOS, step 1102 is performed.
Step 1102: and generating and outputting second early warning release information of the digital certificate based on the second updating success information.
After the second update success information of the digital certificate sent by the BIOS is obtained, the second early warning release information of the digital certificate can be generated and output based on the second update success information to indicate that the digital certificate has completed the certificate version update without continuing early warning.
After generating and outputting the second early warning release information of the digital certificate based on the second update success information, step 1103 is performed.
Step 1103: and updating the certificate updating mark position of the digital certificate into an updated mark in the shared memory.
After the second early warning release information of the digital certificate is generated and output based on the second update success information, the certificate update flag location of the digital certificate may be updated to an updated flag in the shared memory to indicate that the digital certificate has completed the version update.
According to the embodiment of the invention, the BIOS sends the update success information, the early warning release information can be timely generated, and the certificate update mark position of the shared memory digital certificate is updated, so that the certificate version can be timely prompted to finish updating, and meanwhile, the updating operation of the digital certificate with the updated version can be avoided from being frequently updated by the BIOS.
Specifically, for early warning after expiration of the certificate, the certificate information reading and updating process may include the following two implementations:
1. if the corresponding certificate is out of date and the white list mechanism is effective, judging whether the corresponding certificate is in the white list, if so, generating an alarm log by the alarm module, including the name and the expiration time of the certificate, meanwhile, using an Ftp protocol to go to a certificate maintenance library according to the name of the certificate by the BMC to capture the latest certificate and put the latest certificate into a shared memory, reading a memory function by the BIOS when the update mark position 1 of the shared memory certificate is found when the BIOS is started next time, inputting the address of the shared memory, automatically obtaining the information of the latest certificate from the corresponding position of the shared memory, calling a certificate update function to update the corresponding certificate, sending update success information to the BMC, and generating an alarm release log by the BMC. While the shared memory certificate update flag location 0.
2. If the expiration and white list mechanism is not effective, the alarm module directly generates an alarm log, the alarm log comprises the name and expiration time of the certificate, meanwhile, the BMC uses an Ftp protocol to go a certificate maintenance library according to the name of the certificate to capture the latest certificate and put the latest certificate into a shared memory, when the next BIOS is started, when the update mark position 1 of the shared memory certificate is found, the latest certificate information is automatically obtained from the corresponding position of the shared memory through the BIOS reading of a memory function and the shared memory address, the corresponding certificate is updated, and then update success information is sent to the BMC, and the BMC generates an alarm release log. While the shared memory certificate update flag location 0.
Next, the implementation procedure of the embodiment of the present application is described in the following integrity with reference to fig. 12.
As shown in fig. 12, first, it may be determined whether to turn on the Secure Boot (i.e., secure Boot) enable, if not, the device is turned on normally, and no subsequent processing is performed. If the Secure Boot is started, the alarm setting of how many days in advance is obtained, namely the expiration alarm remaining time of the digital certificate is set by operation and maintenance personnel. Furthermore, the expiration time inside the read digital certificate may be traversed and sent to the BMC. If the certificate expiration time fails to read and/or the BMC fails to send, the method continues to try to read, loops for 3 times, and exits when the reading is successful. If the expiration time in the digital certificate is successfully read and successfully sent to the BMC, the BMC determines whether the digital certificate is expired according to the obtained expiration time of the digital certificate and the current time. If not, judging whether the set time of the advance warning is reached. If the advanced alarm setting time is reached or the digital certificate is expired, judging whether the digital certificate is provided with a white list mechanism. If yes, judging whether the digital certificate is in the white list. If yes, the BMC generates an alarm log, the alarm log comprises the name and expiration time of the digital certificate, and meanwhile, the BMC goes to a certificate maintenance library according to the name of the certificate to capture the latest certificate and puts the latest certificate into a shared memory, and the flag bit is placed. I.e. the shared memory certificate update flag is set to 1 to indicate that a certificate update is required. And the BIOS automatically obtains the information of the latest certificate from the shared memory when being started next time, and updates the corresponding digital certificate. If the update is successful, the BIOS can send the update success information to the BMC, and the BMC outputs the prompt information of fault release, and meanwhile, the shared memory certificate updates the flag position 0.
According to the expiration early warning method for the digital certificate, the certificate expiration time of the digital certificate stored in the BIOS is obtained. Based on the current system time of the BMC and the certificate expiration time, it is determined whether the digital certificate has expired. In the event that it is determined that the digital certificate has not expired, an expiration remaining period of the digital certificate is determined based on the current system time and the certificate expiration time. And under the condition that the expiration residual time length is determined to be smaller than the pre-configured early warning prompt time length, generating first early warning information for indicating the expiration time length of the digital certificate based on the expiration residual time length. According to the embodiment of the application, whether the digital certificate is expired or not is checked by the BMC according to the current system time and the certificate expiration time, and the digital certificate is early warned for more than a few days, meanwhile, when the early warning prompt time is up, the expiration early warning of the digital certificate is generated, so that operation and maintenance personnel can avoid the problem caused by the expiration of the certificate in advance, the intelligent operation and maintenance are realized, and the smooth operation of the service is ensured. And whether the digital certificate is out of date does not need to be checked manually, so that manpower resources are saved.
Referring to fig. 14, a schematic structural diagram of an expiration pre-warning device for a digital certificate provided in an embodiment of the present application is shown, where the device may be applied to a BMC. As shown in fig. 14, the expiration pre-alarm 1400 of the digital certificate may include the following modules:
A certificate expiration time acquisition module 1410 for acquiring a certificate expiration time of a digital certificate stored in the BIOS;
a digital certificate determination module 1420 for determining whether the digital certificate expires based on a current system time of the BMC and the certificate expiration time;
an expiration remaining duration determining module 1430 configured to determine an expiration remaining duration of the digital certificate based on the current system time and the certificate expiration time, if it is determined that the digital certificate has not expired;
the first early warning information generating module 1440 is configured to generate, based on the expiration remaining duration, first early warning information for indicating the expiration duration of the digital certificate, if it is determined that the expiration remaining duration is less than a preconfigured early warning prompt duration.
Optionally, the first early warning information generating module includes:
a first mechanism determining unit configured to determine whether the digital certificate is preconfigured with a whitelist mechanism;
a white list determining unit, configured to determine whether the digital certificate is in a preset digital certificate white list, if it is determined that the digital certificate is configured with the white list mechanism;
and the first early warning information generation unit is used for generating the first early warning information based on the expiration residual duration under the condition that the digital certificate is determined to be in the digital certificate white list.
Optionally, the generating, based on the expiration remaining duration, early warning information for indicating the expiration duration of the digital certificate includes:
a second mechanism determining unit configured to determine whether the digital certificate is preconfigured with a whitelist mechanism;
and the second early warning information generation unit is used for generating the first early warning information based on the expiration residual duration under the condition that the digital certificate is not configured with the white list mechanism.
Optionally, the apparatus further comprises:
the certificate information acquisition module is used for acquiring the certificate information of the latest version of the digital certificate;
and the certificate information storage module is used for storing the latest version of certificate information in a shared memory, updating the certificate update mark position of the digital certificate into an un-updated mark in the shared memory, acquiring the latest version of certificate information from the shared memory by the BIOS, and updating the digital certificate according to the latest version of certificate information.
Optionally, the apparatus further comprises:
the first updating information acquisition module is used for acquiring first updating success information of the digital certificate sent by the BIOS;
The first release information generation module is used for generating and outputting first early warning release information of the digital certificate based on the first updating success information;
and the certificate mark updating module is used for updating the certificate updating mark position of the digital certificate into an updated mark in the shared memory.
Optionally, the apparatus further comprises:
and the early warning process ending module is used for not generating early warning information of the digital certificate under the condition that the digital certificate is not in the digital certificate white list, and ending the early warning process of the digital certificate.
Optionally, the certificate information acquisition module includes:
a certificate name acquisition unit configured to acquire a certificate name of the digital certificate;
and the certificate information acquisition unit is used for inquiring the latest version of certificate information corresponding to the certificate name from a certificate maintenance library.
Optionally, the apparatus further comprises:
a second early warning information generation module for generating second early warning information indicating that the digital certificate has expired based on a certificate name of the digital certificate and the certificate expiration time in response to the digital certificate having expired;
and the second early warning information output module is used for outputting the second early warning information.
Optionally, the second early warning information generating module includes:
a third mechanism determining unit configured to determine whether the digital certificate is preconfigured with a whitelist mechanism;
a certificate white list determining unit, configured to determine whether the digital certificate is in a preset digital certificate white list in response to the digital certificate being configured with the white list mechanism;
and the third early warning information generation unit is used for generating the second early warning information based on the certificate name of the digital certificate and the certificate expiration time in response to the digital certificate being in the digital certificate white list.
Optionally, the second early warning information generating module includes:
a fourth mechanism determining unit configured to determine whether the digital certificate is preconfigured with a whitelist mechanism;
and a fourth early warning information generating unit configured to generate the second early warning information based on a certificate name of the digital certificate and the certificate expiration time in response to the digital certificate not being configured with the whitelist mechanism.
Optionally, the apparatus further comprises:
the latest version information acquisition module is used for acquiring the latest version certificate information of the digital certificate;
The latest version information storage module is used for storing the latest version of certificate information in a shared memory, updating the position of a certificate update mark of the digital certificate into an un-updated mark in the shared memory, acquiring the latest version of certificate information from the shared memory by the BIOS, and updating the digital certificate according to the latest version of certificate information.
Optionally, the apparatus further comprises:
the second updating information acquisition module is used for acquiring second updating success information of the digital certificate sent by the BIOS;
the second release information generation module is used for generating and outputting second early warning release information of the digital certificate based on the second updating success information;
and the certificate mark position updating module is used for updating the certificate updating mark position of the digital certificate into an updated mark in the shared memory.
According to the expiration early warning device for the digital certificate, the certificate expiration time of the digital certificate stored in the BIOS is obtained. Based on the current system time of the BMC and the certificate expiration time, it is determined whether the digital certificate has expired. In the event that it is determined that the digital certificate has not expired, an expiration remaining period of the digital certificate is determined based on the current system time and the certificate expiration time. And under the condition that the expiration residual time length is determined to be smaller than the pre-configured early warning prompt time length, generating first early warning information for indicating the expiration time length of the digital certificate based on the expiration residual time length. According to the embodiment of the application, whether the digital certificate is expired or not is checked by the BMC according to the current system time and the certificate expiration time, and the digital certificate is early warned for more than a few days, meanwhile, when the early warning prompt time is up, the expiration early warning of the digital certificate is generated, so that operation and maintenance personnel can avoid the problem caused by the expiration of the certificate in advance, the intelligent operation and maintenance are realized, and the smooth operation of the service is ensured. And whether the digital certificate is out of date does not need to be checked manually, so that manpower resources are saved.
Referring to fig. 15, an expiration pre-warning system for a digital certificate according to an embodiment of the present application is shown. As shown in fig. 14, the expiration pre-warning system 1500 of the digital certificate may include: BIOS1520, and BMC1510, BIOS1520 may be communicatively coupled to BMC1510, wherein,
BIOS1520 may be used to send the certificate expiration time for the digital certificate to BMC1510.
BMC1510 may be configured to determine whether the digital certificate is expired based on the current system time and the certificate expiration time, determine an expiration remaining time of the digital certificate based on the current system time and the certificate expiration time if it is determined that the digital certificate is not expired, and generate first alert information indicating the expiration time of the digital certificate based on the expiration remaining time if it is determined that the expiration remaining time is less than a pre-configured alert notification time.
Optionally, the expiration pre-warning system 1500 of digital certificates may further include: CPU1530 and OS operating system 1540, OS operating system 1540 and BIOS1520 may each be communicatively coupled to CPU1530, wherein,
BMC1510 is further configured to obtain, from a certificate maintenance library, the latest version of certificate information of the digital certificate, store the latest version of certificate information in a shared memory, and update a certificate update location of the digital certificate in the shared memory as an unexplored flag;
CPU1530 may be used to retrieve the latest version of credential information from shared memory;
the OS operating system 1540 may be used to verify the validity of the latest version of the credential information;
the BIOS1520 may also be configured to read the latest version of the certificate information that has been successfully validated from within the CPU1530 and update the digital certificate based on the latest version of the certificate information.
According to the expiration early warning system for the digital certificate, whether the digital certificate is expired or not is checked by the BMC according to the current system time and the certificate expiration time, the expiration of the digital certificate is early warned in advance, meanwhile, when the early warning prompt time is up, the expiration early warning of the digital certificate is generated, so that operation and maintenance personnel can avoid the problem caused by the expiration of the certificate in advance, intelligent operation and maintenance is realized, and smooth operation of a service is guaranteed. And whether the digital certificate is out of date does not need to be checked manually, so that manpower resources are saved.
Additionally, the embodiment of the application also provides electronic equipment, which comprises: the system comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the computer program realizes the expiration early warning method of the digital certificate when being executed by the processor.
Fig. 16 shows a schematic structural diagram of an electronic device 1600 according to an embodiment of the present invention. As shown in fig. 16, the electronic device 1600 includes a Central Processing Unit (CPU) 1601 that may perform various suitable actions and processes in accordance with computer program instructions stored in a Read Only Memory (ROM) 1602 or loaded from a storage unit 1608 into a Random Access Memory (RAM) 1603. In the RAM1603, various programs and data required for the operation of the electronic device 1600 may also be stored. The CPU1601, ROM1602, and RAM1603 are connected to each other by a bus 1604. An input/output (I/O) interface 1605 is also connected to the bus 1604.
Various components in electronic device 1600 are connected to I/O interface 1605, including: an input unit 1606 such as a keyboard, mouse, microphone, etc.; an output unit 1607 such as various types of displays, speakers, and the like; a storage unit 1608, such as a magnetic disk, an optical disk, or the like; and a communication unit 1609, such as a network card, modem, wireless communication transceiver, or the like. The communication unit 1609 allows the electronic device 1600 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunications networks.
The respective procedures and processes described above may be executed by the processing unit 1601. For example, the method of any of the embodiments described above may be implemented as a computer software program tangibly embodied on a computer-readable medium, such as the storage unit 1608. In some embodiments, some or all of the computer programs may be loaded and/or installed onto electronic device 1600 via ROM1602 and/or communication unit 1609. When the computer program is loaded into RAM1603 and executed by CPU1601, one or more acts of the methods described above may be performed.
The embodiment of the application also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements each process of the above-mentioned expiration pre-warning method embodiment of the digital certificate, and can achieve the same technical effect, so that repetition is avoided, and no further description is provided here. Wherein the computer readable storage medium is selected from Read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), magnetic disk or optical disk.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (14)

1. An expiration early warning method of a digital certificate, applied to a BMC, is characterized by comprising the following steps:
acquiring a certificate expiration time of a digital certificate stored in the BIOS;
determining whether the digital certificate expires based on a current system time of the BMC and the certificate expiration time;
determining an expiration remaining duration of the digital certificate based on the current system time and the certificate expiration time under the condition that the digital certificate is not expired;
generating first early warning information for indicating the expiration duration of the digital certificate based on the expiration residual duration under the condition that the expiration residual duration is determined to be smaller than a pre-configured early warning prompt duration;
acquiring the latest version of the digital certificate;
storing the latest version of certificate information in a shared memory, updating a certificate update mark position of the digital certificate into an un-updated mark in the shared memory, so that the BIOS obtains the latest version of certificate information from the shared memory, and updates the digital certificate according to the latest version of certificate information;
acquiring first updating success information of the digital certificate sent by the BIOS;
Generating and outputting first early warning release information of the digital certificate based on the first updating success information;
and updating the certificate updating mark position of the digital certificate into an updated mark in the shared memory.
2. The method of claim 1, wherein the generating first pre-warning information indicating the expiration duration of the digital certificate based on the expiration remaining duration comprises:
determining whether the digital certificate is preconfigured with a whitelist mechanism;
determining whether the digital certificate is in a preset digital certificate white list or not under the condition that the digital certificate is configured with the white list mechanism;
and generating the first early warning information based on the expiration residual duration under the condition that the digital certificate is determined to be in the digital certificate white list.
3. The method of claim 1, wherein the generating first pre-warning information indicating the expiration duration of the digital certificate based on the expiration remaining duration comprises:
determining whether the digital certificate is preconfigured with a whitelist mechanism;
and generating the first early warning information based on the expiration residual duration under the condition that the digital certificate is not configured with the white list mechanism.
4. The method of claim 2, further comprising, after said determining whether said digital certificate is within a pre-set digital certificate whitelist:
and under the condition that the digital certificate is not in the digital certificate white list, generating no early warning information of the digital certificate, and ending the early warning process of the digital certificate.
5. The method of claim 1, wherein the obtaining the certificate information of the most recent version of the digital certificate comprises:
acquiring a certificate name of the digital certificate;
inquiring the latest version of certificate information corresponding to the certificate name from a certificate maintenance library.
6. The method of claim 1, wherein after determining whether the digital certificate has expired based on the current system time of the BMC and the certificate expiration time, further comprising:
generating second early warning information indicating that the digital certificate has expired based on a certificate name of the digital certificate and the certificate expiration time in response to the digital certificate having expired;
and outputting the second early warning information.
7. The method of claim 6, wherein the generating second pre-warning information indicating that the digital certificate has expired based on the certificate name of the digital certificate and the certificate expiration time comprises:
Determining whether the digital certificate is preconfigured with a whitelist mechanism;
determining whether the digital certificate is in a preset digital certificate white list or not in response to the digital certificate being configured with the white list mechanism;
and generating the second early warning information based on the certificate name of the digital certificate and the certificate expiration time in response to the digital certificate being in the digital certificate white list.
8. The method of claim 6, wherein the generating second pre-warning information indicating that the digital certificate has expired based on the certificate name of the digital certificate and the certificate expiration time comprises:
determining whether the digital certificate is preconfigured with a whitelist mechanism;
and generating the second early warning information based on the certificate name of the digital certificate and the certificate expiration time in response to the digital certificate not being configured with the whitelist mechanism.
9. The method according to claim 7 or 8, further comprising, after the generating the second pre-warning information based on the certificate name of the digital certificate and the certificate expiration time:
acquiring the latest version of the digital certificate;
And storing the latest version of certificate information in a shared memory, updating the certificate updating mark position of the digital certificate into an un-updated mark in the shared memory, so that the BIOS acquires the latest version of certificate information from the shared memory, and updating the digital certificate according to the latest version of certificate information.
10. The method of claim 9, further comprising, after storing the latest version of the certificate information in a shared memory and updating the certificate update location of the digital certificate to an unexplored flag in the shared memory:
acquiring second updating success information of the digital certificate sent by the BIOS;
generating and outputting second early warning release information of the digital certificate based on the second updating success information;
and updating the certificate updating mark position of the digital certificate into an updated mark in the shared memory.
11. An expiration pre-warning device for a digital certificate, applied to a BMC, the device comprising:
a certificate expiration time acquisition module for acquiring the certificate expiration time of the digital certificate stored in the BIOS;
A digital certificate determining module, configured to determine whether the digital certificate expires based on a current system time of a BMC and the certificate expiration time;
an expiration remaining time determining module, configured to determine an expiration remaining time of the digital certificate based on the current system time and the certificate expiration time, if it is determined that the digital certificate is not expired;
the first early warning information generation module is used for generating first early warning information for indicating the expiration time of the digital certificate based on the expiration residual time under the condition that the expiration residual time is smaller than the pre-configured early warning prompt time;
the certificate information acquisition module is used for acquiring the certificate information of the latest version of the digital certificate;
the certificate information storage module is used for storing the latest version of certificate information in a shared memory, updating the certificate update mark position of the digital certificate into an un-updated mark in the shared memory, acquiring the latest version of certificate information from the shared memory by the BIOS, and updating the digital certificate according to the latest version of certificate information;
the first updating information acquisition module is used for acquiring first updating success information of the digital certificate sent by the BIOS;
The first release information generation module is used for generating and outputting first early warning release information of the digital certificate based on the first updating success information;
and the certificate mark updating module is used for updating the certificate updating mark position of the digital certificate into an updated mark in the shared memory.
12. An expiration pre-warning system for digital certificates, the system comprising: a BIOS and a BMC, the BIOS being communicatively coupled to the BMC, wherein,
the BIOS is used for sending the expiration time of the digital certificate to the BMC;
the BMC is used for determining whether the digital certificate is expired based on the current system time and the certificate expiration time, determining the expiration residual duration of the digital certificate based on the current system time and the certificate expiration time when the digital certificate is not expired, and generating first early warning information for indicating the expiration duration of the digital certificate based on the expiration residual duration when the expiration residual duration is smaller than the pre-configured early warning prompt duration when the expiration residual duration is determined;
the system further comprises: a CPU and an OS operating system, both of which are communicatively connected with the CPU,
The BMC is further used for acquiring the latest version of the certificate information of the digital certificate from a certificate maintenance library, storing the latest version of the certificate information in a shared memory, and updating the certificate update mark position of the digital certificate into an un-updated mark in the shared memory;
the CPU is used for capturing the latest version of certificate information from the shared memory;
the OS operating system is used for checking the validity of the certificate information of the latest version;
the BIOS is further used for reading the latest version of certificate information after the validity check is successful from the CPU, and updating the digital certificate according to the latest version of certificate information.
13. An electronic device, comprising:
memory, a processor and a computer program stored on the memory and executable on the processor, which when executed by the processor implements the expiration pre-warning method of a digital certificate as claimed in any one of claims 1 to 10.
14. A readable storage medium, characterized in that instructions in the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the expiration pre-warning method of a digital certificate according to any one of claims 1 to 10.
CN202311597615.2A 2023-11-28 2023-11-28 Expiration early warning method, device, system, equipment and medium for digital certificate Active CN117318959B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311597615.2A CN117318959B (en) 2023-11-28 2023-11-28 Expiration early warning method, device, system, equipment and medium for digital certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311597615.2A CN117318959B (en) 2023-11-28 2023-11-28 Expiration early warning method, device, system, equipment and medium for digital certificate

Publications (2)

Publication Number Publication Date
CN117318959A CN117318959A (en) 2023-12-29
CN117318959B true CN117318959B (en) 2024-03-01

Family

ID=89286880

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311597615.2A Active CN117318959B (en) 2023-11-28 2023-11-28 Expiration early warning method, device, system, equipment and medium for digital certificate

Country Status (1)

Country Link
CN (1) CN117318959B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103001965A (en) * 2012-12-10 2013-03-27 北京星网锐捷网络技术有限公司 Method for updating server certificates and servers
CN113868080A (en) * 2021-09-18 2021-12-31 苏州浪潮智能科技有限公司 Expiration alarm method, device and medium for security certificate

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230224169A1 (en) * 2022-01-13 2023-07-13 Micron Technology, Inc. Verifying secure software images using digital certificates

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103001965A (en) * 2012-12-10 2013-03-27 北京星网锐捷网络技术有限公司 Method for updating server certificates and servers
CN113868080A (en) * 2021-09-18 2021-12-31 苏州浪潮智能科技有限公司 Expiration alarm method, device and medium for security certificate

Also Published As

Publication number Publication date
CN117318959A (en) 2023-12-29

Similar Documents

Publication Publication Date Title
CN110213356B (en) Login processing method based on data processing and related equipment
JP5747981B2 (en) System and method for remote maintenance of multiple clients in an electronic network using virtual machines
CN111343208B (en) Block chain-based data detection method and device and computer-readable storage medium
CN110597918B (en) Account management method, account management device and computer readable storage medium
US20040128376A1 (en) Identification information creating method, information processing apparatus, computer program product, recording device monitoring method, terminal apparatus management method, and communication network system
CN113595788B (en) API gateway management method and device based on plug-in
CN111464353A (en) Block link point management method, device, computer and readable storage medium
US8949599B2 (en) Device management apparatus, method for device management, and computer program product
CN114127814A (en) Scene detection method and device, electronic equipment and computer storage medium
US20120246311A1 (en) Session management system, session management device, session management method and session management program
CN112068854B (en) Intelligent device algorithm updating system, intelligent device and platform server
CN110865774B (en) Information security detection method and device for printing equipment
CN111953633A (en) Access control method and access control device based on terminal environment
CN117318959B (en) Expiration early warning method, device, system, equipment and medium for digital certificate
CN111310242B (en) Method and device for generating device fingerprint, storage medium and electronic device
CN110351719B (en) Wireless network management method, system, electronic equipment and storage medium
CN111538566A (en) Mirror image file processing method, device and system, electronic equipment and storage medium
CN109348472B (en) OTA (over the air) upgrading method and system based on single-point pushing
CN115412920A (en) Internet of things equipment binding system, method and device and electronic equipment
CN114490135A (en) Task processing method and device, electronic equipment and storage medium
CN114039779A (en) Method and device for safely accessing network, electronic equipment and storage medium
CN114968276A (en) Application program deployment method and device, computer equipment and storage medium
CN106055940A (en) Application freezing management method and apparatus, and terminal
CN110597557A (en) System information acquisition method, terminal and medium
CN113742697B (en) Equipment ownership change method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant