WO2019153507A1 - 社保数字证书管理方法、可读存储介质、终端设备及装置 - Google Patents

社保数字证书管理方法、可读存储介质、终端设备及装置 Download PDF

Info

Publication number
WO2019153507A1
WO2019153507A1 PCT/CN2018/083295 CN2018083295W WO2019153507A1 WO 2019153507 A1 WO2019153507 A1 WO 2019153507A1 CN 2018083295 W CN2018083295 W CN 2018083295W WO 2019153507 A1 WO2019153507 A1 WO 2019153507A1
Authority
WO
WIPO (PCT)
Prior art keywords
social security
digital certificate
security digital
information
center server
Prior art date
Application number
PCT/CN2018/083295
Other languages
English (en)
French (fr)
Inventor
李毅
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019153507A1 publication Critical patent/WO2019153507A1/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/08Insurance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/102Bill distribution or payments
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present application belongs to the field of computer technology, and in particular, to a social security digital certificate management method, a computer readable storage medium, a terminal device and a device.
  • the embodiment of the present application provides a social security digital certificate management method, a computer readable storage medium, a terminal device, and a device, so as to solve the current management process of the digital certificate of the terminal device by the social security digital certificate center server.
  • the problem is that the reliability of the data is low.
  • the first aspect of the embodiment of the present application provides a social security digital certificate management method, which may include:
  • central verification information sent by the social security digital certificate center server where the central verification information is a result obtained by the social security digital certificate center server verifying the user signature information by using a preset first public key
  • the first public key and the first private key belong to the same key pair
  • the central verification information is verification success information, it is determined that the social security digital certificate is successfully created.
  • a second aspect of the embodiments of the present application provides a computer readable storage medium storing computer readable instructions, the computer readable instructions being executed by a processor to implement the social security digital certificate management method A step of.
  • a third aspect of an embodiment of the present application provides a social security digital certificate management terminal device including a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, the processor The steps of the above social security digital certificate management method are implemented when the computer readable instructions are executed.
  • a fourth aspect of the embodiments of the present application provides a social security digital certificate management apparatus, which may include a module for implementing the steps of the social security digital certificate management method described above.
  • the embodiment of the present application has the beneficial effects that the entire management process of the digital certificate of each terminal device is completed by the social security digital certificate center server alone, and the embodiment of the present application passes the social security.
  • FIG. 1 is a schematic diagram of an implementation environment of an embodiment of the present application.
  • FIG. 2 is a flowchart of an embodiment of a method for managing a social security digital certificate according to an embodiment of the present application
  • FIG. 3 is a schematic flowchart of verifying data stored in a social security digital certificate blockchain in the embodiment of the present application
  • FIG. 4 is a structural diagram of an embodiment of a social security digital certificate management apparatus according to an embodiment of the present application.
  • FIG. 5 is a schematic block diagram of a social security digital certificate management terminal device according to an embodiment of the present application.
  • An implementation environment of the embodiment of the present application is as shown in FIG. 1 , and includes a user terminal device and a preset social security digital certificate center server in the implementation environment, and preferably, a social security number composed of multiple node servers Certificate blockchain.
  • the terminal device of the user is the execution subject of the embodiment.
  • an embodiment of a social security digital certificate management method in the embodiment of the present application may include:
  • Step S201 Send a certificate creation request carrying the user social security information to the preset social security digital certificate center server.
  • the user terminal device may generate a key pair by a client installed in the user terminal device for communicating in the implementation environment shown in FIG. 1 before communicating with other devices, and the key pair may include the first Public key and first private key.
  • the user's terminal device can also generate its own signature plaintext.
  • the user's terminal device can send a certificate creation request to the social security digital certificate authority server to create its own certificate in the blockchain.
  • the certificate creation request may carry the user social security information, where the user social security information includes the public information and the private information, and the public information includes the certificate identifier, the first public key generated by the user terminal device, and the signature plaintext, and the terminal device that can be sent to other users.
  • the public information includes the user ID type entered by the user, the ID number, the user's phone number, the user's mailbox, and the like, which are not disclosed to the terminal devices of other users, and the content items included in the public information and the private information may be represented by the social security number.
  • the certificate center server is configured.
  • Step S202 Receive a social security digital certificate sent by the social security digital certificate center server.
  • the social security digital certificate is created by the social security digital certificate center server according to the user social security information.
  • the social security digital certificate center server may receive the certificate creation request, and then parse the certificate creation request to obtain the first public key. Then, the hash value of the first public key may be calculated by using a preset hash algorithm, and the hash value is used as an identifier of the terminal device of the user in the blockchain. The social security digital certificate center server may send the social security digital certificate added with the identifier to the terminal device of the user for the user to check.
  • Step S203 Sign the social security digital certificate by using a preset first private key, obtain user signature information, and send the user signature information to the social security digital certificate center server.
  • the user terminal device may display the received social security digital certificate, so that the user can check the received social security digital certificate and determine the certificate center server sends the certificate. Whether the information in the social security digital certificate is consistent with the user social security information, or the user terminal device can automatically compare the information in the social security digital certificate sent by the social security digital certificate center server with the locally cached user social security information. Determine whether the two are consistent. If the judgment result is consistent, the user terminal device may sign the social security digital certificate by using the generated first private key to obtain the user signature information, and then the user signature information may be sent to the social security digital certificate center server.
  • Step S204 Receive central verification information sent by the social security digital certificate center server.
  • the central verification information is a result obtained by the social security digital certificate center server verifying the user signature information by using a preset first public key, where the first public key and the first private key belong to The same key pair.
  • the certificate center server may use the first public key to decrypt the user signature information to obtain a solution result, and the result of the solution may be a feature value.
  • the social security digital certificate center server may calculate a feature value of the user social security information sent by the user terminal device according to a preset feature value algorithm, such as a hash algorithm, and then compare whether the feature value checked out and the calculated feature value are compared. If the same, if the same, the result of the settlement can be determined to match the user social security information sent by the terminal device of the user, and the central verification information whose content is the verification success information is returned to the terminal device of the user. If the difference is not the same, the result of the settlement may be determined to be inconsistent with the user social security information sent by the terminal device of the user, and the central verification information whose content is the verification failure information may be sent to the terminal device of the user.
  • a preset feature value algorithm such as a hash algorithm
  • Step S205 Determine whether the central verification information is verification success information.
  • step S206 and step S207 are performed. If the central verification information is the verification success information, step S208 is performed.
  • Step S206 Determine that the social security digital certificate creation fails.
  • Step S207 Send an appeal request to the social security digital certificate center server, so that the social security digital certificate center server performs data recovery processing on the social security digital certificate.
  • the social security digital certificate center server may perform data recovery processing on the certificate information of the certificate.
  • the social security digital certificate center server may obtain the certificate information stored in the terminal device of the user, for example, the appeal request may carry the certificate information stored in the terminal device of the user, or may acquire the user by manual inquiry.
  • Certificate information if the obtained certificate information is different from that in the social security digital certificate center server, it may indicate that there is a problem in the certificate stored by the social security digital certificate center server, and the social security digital certificate center server may query the local record.
  • the log in order to determine the problem, such as the certificate information of the certificate was tampered with, or the local code program error, and then through the log recovery technology for data recovery, to solve the problem.
  • Step S208 Determine that the social security digital certificate is successfully created.
  • the social security digital certificate center server creates the social security digital certificate
  • the social security digital certificate may be signed by the preset second private key to obtain the central signature information. And transmitting the central signature information to a node server in the social security digital certificate blockchain, and then the node server forwards the fingerprint information to the social security digital certificate blockchain except the node server The node server so that the central signature information of the certificate is stored in all node servers in the blockchain.
  • the process shown in FIG. 3 may also be included:
  • Step S301 Send a certificate query request to a plurality of node servers in the preset social security digital certificate blockchain.
  • the node server is configured to store central signature information obtained by the social security digital certificate center server by signing the social security digital certificate by using a preset second private key.
  • a certificate query request may be sent to all node servers in the social security digital certificate blockchain, or a certificate query request may be sent to some of the node servers therein, preferably, the certificate query request is sent.
  • the object selection process may include: sending a blockchain historical operation record query request to the social security digital certificate center server; receiving a blockchain historical operation record sent by the social security digital certificate center server; and running according to the blockchain history Recording, respectively, counting the number of occurrences of abnormal conditions of each node server in the social security digital certificate blockchain; determining the query priority of each of the node servers, and the query priority is positively correlated with the number of abnormalities of the node server; A preset number of node servers with the highest query priority are used as the sending object of the certificate query request.
  • the selected node servers are the node servers with the most abnormalities in the historical running records, that is, the node servers with the lowest reliability, thus reducing the number of highly reliable node servers. It takes a lot of time to verify and concentrates the limited time to verify the node server with lower reliability, which greatly improves the verification efficiency.
  • Step S302 Receive the central signature information sent by the node server.
  • Each of the selected node servers sends the locally stored central signature information to the user's terminal device. Therefore, the number of the central signature information received by the user's terminal device and the selected node server are The number is the same.
  • Step S303 Perform verification on the central signature information by using a preset second public key to obtain user verification information.
  • the second public key and the second private key belong to the same key pair.
  • the terminal device of the user may use the second public key to decrypt the central signature information to obtain a solution result, and the result of the decryption may be a feature value.
  • the terminal device of the user may calculate the feature value of the user social security information stored in the terminal device of the user according to a preset feature value algorithm, such as a hash algorithm, and then compare whether the feature value checked out is the same as the calculated feature value. If the same, the result of the settlement can be determined to match the user social security information stored in the terminal device of the user.
  • the user verification information is the verification success information. If not, the result of the settlement can be determined with the terminal of the user.
  • the user social security information stored in the device does not match. In this case, the user verification information is the verification failure information.
  • Step S304 Determine, according to the user verification information, whether the social security digital certificate is correctly stored in the social security digital certificate blockchain.
  • the threshold may be set by the technician according to the requirements for data security. If the security requirement for the data is high, the threshold may be set higher, for example, may be set to 80% or 90%; If the security requirements for the data are low, the threshold can be set lower.
  • the entire management process of the digital certificate of each terminal device is completed by the social security digital certificate center server alone, and the embodiment of the present application passes between the social security digital certificate center server and the user terminal device.
  • the interaction process, especially the signature and verification process of the social security digital certificate, greatly improves the reliability of the social security digital certificate.
  • FIG. 4 is a structural diagram of an embodiment of a social security digital certificate management apparatus provided by an embodiment of the present application.
  • a social security digital certificate management apparatus may include:
  • the certificate creation request sending module 401 is configured to send a certificate creation request carrying the user social security information to the preset social security digital certificate center server;
  • the social security digital certificate receiving module 402 is configured to receive the social security digital certificate sent by the social security digital certificate center server, where the social security digital certificate is created by the social security digital certificate center server according to the user social security information;
  • the first signature module 403 is configured to sign the social security digital certificate by using a preset first private key, obtain user signature information, and send the user signature information to the social security digital certificate center server;
  • the central verification information receiving module 404 is configured to receive central verification information sent by the social security digital certificate center server, where the central verification information is that the social security digital certificate center server passes the preset first public key pair. As a result of the verification of the user signature information, the first public key and the first private key belong to the same key pair;
  • the first determining module 405 is configured to determine that the social security digital certificate is successfully created if the central verification information is verification success information.
  • the social security digital certificate management apparatus may further include:
  • a certificate query request sending module configured to send a certificate query request to a plurality of node servers in a preset social security digital certificate blockchain, where the node server is configured to store the social security digital certificate center server by using a preset second private The central signature information obtained by the key to sign the social security digital certificate;
  • a central signature information receiving module configured to receive the central signature information sent by the node server
  • a user verification module configured to verify the central signature information by using a preset second public key, to obtain user verification information, where the second public key and the second private key belong to the same key pair;
  • the storage status determining module is configured to determine, according to the user verification information, whether the social security digital certificate has been correctly stored in the social security digital certificate blockchain.
  • the storage status determining module may further include:
  • An information statistics unit configured to collect, in the user verification information, a first number of times that the verification success information appears and a second time that the verification failure information appears;
  • a ratio calculation unit configured to calculate a ratio of the first number of times to the second number of times
  • a first storage state determining unit configured to determine that the social security digital certificate is in the social security digital certificate blockchain if a ratio of the first number of times to the second number of times is greater than or equal to a preset threshold Store correctly;
  • the second storage state determining unit is configured to determine that the social security digital certificate is not correctly stored in the social security digital certificate blockchain, if the ratio of the first number of times to the second number is less than the threshold.
  • the social security digital certificate management apparatus may further include:
  • a record query request sending module configured to send a blockchain historical operation record query request to the social security digital certificate center server
  • a historical operation record receiving module configured to receive a blockchain historical operation record sent by the social security digital certificate center server
  • An abnormal situation statistics module configured to separately count, according to the blockchain historical operation record, the number of abnormalities of each node server in the social security digital certificate blockchain;
  • a query priority determining module configured to determine a query priority of each of the node servers, where the query priority is positively correlated with a number of abnormal times of the node server;
  • the sending object selection module is configured to select a preset number of node servers with the highest query priority as the sending object of the certificate query request.
  • the social security digital certificate management apparatus may further include:
  • a second determining module configured to determine that the social security digital certificate fails to be created if the central verification information is verification failure information
  • the appeal request sending module is configured to send an appeal request to the social security digital certificate center server, so that the social security digital certificate center server performs data recovery processing on the social security digital certificate.
  • FIG. 5 is a schematic block diagram of a social security digital certificate management terminal device provided by an embodiment of the present application. For convenience of description, only parts related to the embodiments of the present application are shown.
  • the social security digital certificate management terminal device 5 may be a computing device such as a mobile phone, a tablet computer, a desktop computer, a notebook, or a palmtop computer.
  • the social security digital certificate management terminal device 5 may include a processor 50, a memory 51, and computer readable instructions 52 stored in the memory 51 and operable on the processor 50, for example, performing the social security digital certificate management described above.
  • Method of computer readable instructions When the processor 50 executes the computer readable instructions 52, the steps in the embodiments of the various social security digital certificate management methods described above are implemented, such as steps S201 to S208 shown in FIG. 2. Alternatively, when the processor 50 executes the computer readable instructions 52, the functions of the modules/units in the various apparatus embodiments described above are implemented, such as the functions of the modules 401 to 405 shown in FIG.
  • the computer readable instructions 52 may be partitioned into one or more modules/units that are stored in the memory 51 and executed by the processor 50, To complete this application.
  • the one or more modules/units may be a series of computer readable instruction segments capable of performing a particular function, the instruction segments being used to describe execution of the computer readable instructions 52 in the social security digital certificate management terminal device 5. process.
  • the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • a computer readable storage medium A number of computer readable instructions are included to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present application.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), and a random access memory (RAM, Random Access).
  • a variety of media that can store computer readable instructions such as a Memory, a disk, or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本申请属于计算机技术领域,尤其涉及一种社保数字证书管理方法、计算机可读存储介质、终端设备及装置。所述方法向预设的社保数字证书中心服务器发送携带有用户社保信息的证书创建请求;接收所述社保数字证书中心服务器发送的社保数字证书;通过预设的第一私钥对所述社保数字证书进行签名,得到用户签名信息,并将所述用户签名信息发送至所述社保数字证书中心服务器;接收所述社保数字证书中心服务器发送的中心校验信息;若所述中心校验信息为校验成功信息,则确定所述社保数字证书创建成功。通过社保数字证书中心服务器与用户的终端设备之间的交互过程,尤其是两者对该社保数字证书的签名以及校验过程,大大提高了社保数字证书的可靠性。

Description

社保数字证书管理方法、可读存储介质、终端设备及装置
本申请要求于2018年2月7日提交中国专利局、申请号为CN201810121919.4、发明名称为“社保数字证书管理方法、计算机可读存储介质及终端设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请属于计算机技术领域,尤其涉及一种社保数字证书管理方法、计算机可读存储介质、终端设备及装置。
背景技术
随着互联网技术的发展,用户已可以利用手机、平板电脑等终端设备来办理各种社保业务,出于安全性的考虑,目前一般会采用数字证书的方式来对办理社保业务的终端设备进行验证。但目前各终端设备的数字证书的整个管理过程均由社保数字证书中心服务器单独来完成,其数据的可靠性较低。
技术问题
有鉴于此,本申请实施例提供了一种社保数字证书管理方法、计算机可读存储介质、终端设备及装置,以解决目前终端设备的数字证书的整个管理过程均由社保数字证书中心服务器单独来完成,数据的可靠性较低的问题。
技术解决方案
本申请实施例的第一方面提供了一种社保数字证书管理方法,可以包括:
向预设的社保数字证书中心服务器发送携带有用户社保信息的证书创建请求;
接收所述社保数字证书中心服务器发送的社保数字证书,所述社保数字证书由所述社保数字证书中心服务器根据所述用户社保信息创建而成;
通过预设的第一私钥对所述社保数字证书进行签名,得到用户签名信息,并将所述用户签名信息发送至所述社保数字证书中心服务器;
接收所述社保数字证书中心服务器发送的中心校验信息,所述中心校验信息为所述社保数字证书中心服务器通过预设的第一公钥对所述用户签名信息进行校验所得到的结果,所述第一公钥和所述第一私钥属于同一密钥对;
若所述中心校验信息为校验成功信息,则确定所述社保数字证书创建成功。
本申请实施例的第二方面提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机可读指令,所述计算机可读指令被处理器执行时实现上述社保数字证书管理方法的步骤。
本申请实施例的第三方面提供了一种社保数字证书管理终端设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现上述社保数字证书管理方法的步骤。
本申请实施例的第四方面提供了一种社保数字证书管理装置,可以包括用于实现上述社保数字证书管理方法的步骤的模块。
有益效果
本申请实施例与现有技术相比存在的有益效果是:相比于各终端设备的数字证书的整个管理过程均由社保数字证书中心服务器单独来完成的现有技术,本申请实施例通过社保数字证书中心服务器与用户的终端设备之间的交互过程,尤其是两者对该社保数字证书的签名以及校验过程,大大提高了社保数字证书的可靠性。
附图说明
图1为本申请实施例的一种实施环境的示意图;
图2为本申请实施例中一种社保数字证书管理方法的一个实施例流程图;
图3为本申请实施例中对社保数字证书区块链中存储的数据进行校验的示意流程图;
图4为本申请实施例中一种社保数字证书管理装置的一个实施例结构图;
图5为本申请实施例中一种社保数字证书管理终端设备的示意框图。
本发明的实施方式
本申请实施例的一种实施环境如图1所示,在该实施环境中包括用户的终端设备以及预设的社保数字证书中心服务器,优选地,还可以包括由多个节点服务器组成的社保数字证书区块链。其中,用户的终端设备为本实施例的执行主体。
如图2所示,本申请实施例中一种社保数字证书管理方法的一个实施例可以包括:
步骤S201、向预设的社保数字证书中心服务器发送携带有用户社保信息的证书创建请求。
用户的终端设备在与其他设备进行通信之前,可以由用户的终端设备中安装的用于在图1所示的实施环境中进行通信的客户端生成密钥对,该密钥对可以包括第一公钥和第一私钥。
另外,用户的终端设备还可以生成自己的签名明文。用户的终端设备可以向所述社保数字证书中心服务器发送证书创建请求,以创建自己在区块链中的证书。证书创建请求中可以携带有用户社保信息,其中,用户社保信息包括公开信息和私密信息,公开信息包括证书标识、用户的终端设备生成的第一公钥和签名明文等可以向其他用户的终端设备公开的信息,私密信息包括用户输入的用户证件类型、证件号码、用户电话、用户邮箱等不向其他用户的终端设备公开的信息,公开信息和私密信息所包含的内容项可以由所述社保数字证书中心服务器进行配置。
步骤S202、接收所述社保数字证书中心服务器发送的社保数字证书。
所述社保数字证书由所述社保数字证书中心服务器根据所述用户社保信息创建而成。
用户的终端设备向所述社保数字证书中心服务器发送证书创建请求后,所述社保数字证书中心服务器可以接收到该证书创建请求,然后可以对该证书创建请求进行解析,获取其中的第一公钥,然后可以通过预设的哈希算法,计算该第一公钥的哈希值,将该哈希值作为该用户的终端设备在区块链中的标识。所述社保数字证书中心服务器可以将添加有该标识的社保数字证书发送给用户的终端设备,以便用户进行核对。
步骤S203、通过预设的第一私钥对所述社保数字证书进行签名,得到用户签名信息,并将所述用户签名信息发送至所述社保数字证书中心服务器。
用户的终端设备接收到所述社保数字证书中心服务器发送的社保数字证书后,可以对接收到的社保数字证书进行显示,以便用户可以对接收到的社保数字证书进行核对,判断证书中心服务器发送的社保数字证书中的信息是否与自己的用户社保信息一致,或者,用户的终端设备也可以自动将所述社保数字证书中心服务器发送的社保数字证书中的信息与本地缓存的用户社保信息进行对比,判断二者是否一致。如果判断结果为一致,则用户的终端设备可以通过生成的第一私钥对社保数字证书进行签名,得到用户签名信息,然后可以将所述用户签名信息发送至所述社保数字证书中心服务器。
步骤S204、接收所述社保数字证书中心服务器发送的中心校验信息。
所述中心校验信息为所述社保数字证书中心服务器通过预设的第一公钥对所述用户签名信息进行校验所得到的结果,所述第一公钥和所述第一私钥属于同一密钥对。
证书中心服务器接收到该证书的用户签名信息后,可以用第一公钥对用户签名信息进行解签,得到解签结果,该解签结果可以为一个特征值。所述社保数字证书中心服务器可以根据预设的特征值算法,比如哈希算法,计算用户的终端设备发送的用户社保信息的特征值,然后比较解签出的特征值是否与计算出的特征值相同,如果相同,则可以判定解签结果与用户的终端设备发送的用户社保信息相匹配,向用户的终端设备返回内容为校验成功信息的中心校验信息。如果不相同,则可以判定解签结果与用户的终端设备发送的用户社保信息不相匹配,则可以向该用户的终端设备发送内容为校验失败信息的中心校验信息。
步骤S205、判断所述中心校验信息是否为校验成功信息。
若所述中心校验信息为校验失败信息,则执行步骤S206和步骤S207,若所述中心校验信息为校验成功信息,则执行步骤S208。
步骤S206、确定所述社保数字证书创建失败。
步骤S207、向所述社保数字证书中心服务器发送申诉请求,以使所述社保数字证书中心服务器对所述社保数字证书进行数据恢复处理。
所述社保数字证书中心服务器接收到该申诉请求后,可以对该证书的证书信息进行数据恢复处理。进行数据恢复处理的方式有很多种。例如,所述社保数字证书中心服务器可以获取用户的终端设备中存储的证书信息,比如申诉请求中可以携带有用户的终端设备中存储的证书信息,或者,可以通过人工询问的方式来获取该用户的证书信息,如果获取到的证书信息与所述社保数字证书中心服务器中的不相同,则说明所述社保数字证书中心服务器存储的证书可能存在问题,所述社保数字证书中心服务器可以查询本地记录的日志,进而确定发生的问题,比如是证书的证书信息被篡改,还是本地的代码程序发生错误,然后通过日志恢复技术进行数据恢复,从而解决该问题。
步骤S208、确定所述社保数字证书创建成功。
所述社保数字证书中心服务器在创建所述社保数字证书之后,还可以通过预设的第二私钥对所述社保数字证书进行签名得到中心签名信息。并将所述中心签名信息发送给所述社保数字证书区块链中的某一节点服务器,然后该节点服务器将该指纹信息转发给所述社保数字证书区块链中除该节点服务器以外的其它节点服务器,以使区块链中的所有节点服务器中都存储有该证书的中心签名信息。
优选地,在确定所述社保数字证书创建成功之后,还可以包括如图3所示的过程:
步骤S301、向预设的社保数字证书区块链中的多个节点服务器发送证书查询请求。
所述节点服务器用于存储所述社保数字证书中心服务器通过预设的第二私钥对所述社保数字证书进行签名得到的中心签名信息。
在本实施例中,可以向所述社保数字证书区块链中的所有节点服务器均发送证书查询请求,也可以向其中的部分节点服务器发送证书查询请求,优选地,所述证书查询请求的发送对象的选取过程可以包括:向所述社保数字证书中心服务器发送区块链历史运行记录查询请求;接收所述社保数字证书中心服务器发送的区块链历史运行记录;根据所述区块链历史运行记录分别统计所述社保数字证书区块链中的各个节点服务器出现异常情况的次数;确定各个所述节点服务器的查询优先级,所述查询优先级与节点服务器出现异常情况的次数正相关;选取预设数目的所述查询优先级最高的节点服务器作为所述证书查询请求的发送对象。
通过以上方法,选取到的节点服务器均为在历史运行记录中出现异常情况的次数最多的节点服务器,也即为可靠性最低的节点服务器,这样就减少了对大量的可靠性较高的节点服务器花费大量的时间进行校验,将有限的时间集中到对可靠性较低的节点服务器进行校验,从而大大提高校验效率。
步骤S302、接收所述节点服务器发送的所述中心签名信息。
每个被选取到的节点服务器均将本地存储的所述中心签名信息发送给用户的终端设备,因此,用户的终端设备接收到的所述中心签名信息的个数与选取到的节点服务器的个数相同。
步骤S303、通过预设的第二公钥对所述中心签名信息进行校验,得到用户校验信息。
所述第二公钥和所述第二私钥属于同一密钥对。用户的终端设备接收到所述中心签名信息后,可以用第二公钥对所述中心签名信息进行解签,得到解签结果,该解签结果可以为一个特征值。用户的终端设备可以根据预设的特征值算法,比如哈希算法,计算用户的终端设备中存储的用户社保信息的特征值,然后比较解签出的特征值是否与计算出的特征值相同,如果相同,则可以判定解签结果与用户的终端设备中存储的用户社保信息相匹配,此时,用户校验信息为校验成功信息,如果不相同,则可以判定解签结果与用户的终端设备中存储的用户社保信息不相匹配,此时,用户校验信息为校验失败信息。
步骤S304、根据所述用户校验信息确定所述社保数字证书是否已在所述社保数字证书区块链中正确存储。
具体地,统计在所述用户校验信息中校验成功信息出现的第一次数以及校验失败信息出现的第二次数;计算所述第一次数与所述第二次数的比值;若所述第一次数与所述第二次数的比值大于或等于预设的阈值,则确定所述社保数字证书已在所述社保数字证书区块链中正确存储;若所述第一次数与所述第二次数的比值小于所述阈值,则确定所述社保数字证书未在所述社保数字证书区块链中正确存储,此时说明所述社保数字证书区块链中可能有大量异常或者欺诈的节点服务器,用户的终端设备可以向预设的运营机构,例如社保管理行政部门报告该错误。
其中,所述阈值可以由技术人员根据对数据安全性的要求进行设置,如果对数据的安全性要求较高,则该阈值可以设置较高一些,例如,可以设置为80%或90%;如果对数据的安全性要求较低,则该阈值可以设置较低一些。
综上所述,相比于各终端设备的数字证书的整个管理过程均由社保数字证书中心服务器单独来完成的现有技术,本申请实施例通过社保数字证书中心服务器与用户的终端设备之间的交互过程,尤其是两者对该社保数字证书的签名以及校验过程,大大提高了社保数字证书的可靠性。
对应于上文实施例所述的一种社保数字证书管理方法,图4示出了本申请实施例提供的一种社保数字证书管理装置的一个实施例结构图。
本实施例中,一种社保数字证书管理装置可以包括:
证书创建请求发送模块401,用于向预设的社保数字证书中心服务器发送携带有用户社保信息的证书创建请求;
社保数字证书接收模块402,用于接收所述社保数字证书中心服务器发送的社保数字证书,所述社保数字证书由所述社保数字证书中心服务器根据所述用户社保信息创建而成;
第一签名模块403,用于通过预设的第一私钥对所述社保数字证书进行签名,得到用户签名信息,并将所述用户签名信息发送至所述社保数字证书中心服务器;
中心校验信息接收模块404,用于接收所述社保数字证书中心服务器发送的中心校验信息,所述中心校验信息为所述社保数字证书中心服务器通过预设的第一公钥对所述用户签名信息进行校验所得到的结果,所述第一公钥和所述第一私钥属于同一密钥对;
第一确定模块405,用于若所述中心校验信息为校验成功信息,则确定所述社保数字证书创建成功。
进一步地,所述社保数字证书管理装置还可以包括:
证书查询请求发送模块,用于向预设的社保数字证书区块链中的多个节点服务器发送证书查询请求,所述节点服务器用于存储所述社保数字证书中心服务器通过预设的第二私钥对所述社保数字证书进行签名得到的中心签名信息;
中心签名信息接收模块,用于接收所述节点服务器发送的所述中心签名信息;
用户校验模块,用于通过预设的第二公钥对所述中心签名信息进行校验,得到用户校验信息,所述第二公钥和所述第二私钥属于同一密钥对;
存储状态确定模块,用于根据所述用户校验信息确定所述社保数字证书是否已在所述社保数字证书区块链中正确存储。
进一步地,所述存储状态确定模块还可以包括:
信息统计单元,用于统计在所述用户校验信息中校验成功信息出现的第一次数以及校验失败信息出现的第二次数;
比值计算单元,用于计算所述第一次数与所述第二次数的比值;
第一存储状态确定单元,用于若所述第一次数与所述第二次数的比值大于或等于预设的阈值,则确定所述社保数字证书已在所述社保数字证书区块链中正确存储;
第二存储状态确定单元,用于若所述第一次数与所述第二次数的比值小于所述阈值,则确定所述社保数字证书未在所述社保数字证书区块链中正确存储。
进一步地,所述社保数字证书管理装置还可以包括:
记录查询请求发送模块,用于向所述社保数字证书中心服务器发送区块链历史运行记录查询请求;
历史运行记录接收模块,用于接收所述社保数字证书中心服务器发送的区块链历史运行记录;
异常情况统计模块,用于根据所述区块链历史运行记录分别统计所述社保数字证书区块链中的各个节点服务器出现异常情况的次数;
查询优先级确定模块,用于确定各个所述节点服务器的查询优先级,所述查询优先级与节点服务器出现异常情况的次数正相关;
发送对象选取模块,用于选取预设数目的所述查询优先级最高的节点服务器作为所述证书查询请求的发送对象。
进一步地,所述社保数字证书管理装置还可以包括:
第二确定模块,用于若所述中心校验信息为校验失败信息,则确定所述社保数字证书创建失败;
申诉请求发送模块,用于向所述社保数字证书中心服务器发送申诉请求,以使所述社保数字证书中心服务器对所述社保数字证书进行数据恢复处理。
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的装置,模块和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述或记载的部分,可以参见其它实施例的相关描述。
图5示出了本申请实施例提供的一种社保数字证书管理终端设备的示意框图,为了便于说明,仅示出了与本申请实施例相关的部分。
在本实施例中,所述社保数字证书管理终端设备5可以是手机、平板电脑、桌上型计算机、笔记本、掌上电脑等计算设备。该社保数字证书管理终端设备5可包括:处理器50、存储器51以及存储在所述存储器51中并可在所述处理器50上运行的计算机可读指令52,例如执行上述的社保数字证书管理方法的计算机可读指令。所述处理器50执行所述计算机可读指令52时实现上述各个社保数字证书管理方法实施例中的步骤,例如图2所示的步骤S201至S208。或者,所述处理器50执行所述计算机可读指令52时实现上述各装置实施例中各模块/单元的功能,例如图4所示模块401至405的功能。
示例性的,所述计算机可读指令52可以被分割成一个或多个模块/单元,所述一个或者多个模块/单元被存储在所述存储器51中,并由所述处理器50执行,以完成本申请。所述一个或多个模块/单元可以是能够完成特定功能的一系列计算机可读指令段,该指令段用于描述所述计算机可读指令52在所述社保数字证书管理终端设备5中的执行过程。
在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干计算机可读指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储计算机可读指令的介质。

Claims (20)

  1. 一种社保数字证书管理方法,其特征在于,包括:
    向预设的社保数字证书中心服务器发送携带有用户社保信息的证书创建请求;
    接收所述社保数字证书中心服务器发送的社保数字证书,所述社保数字证书由所述社保数字证书中心服务器根据所述用户社保信息创建而成;
    通过预设的第一私钥对所述社保数字证书进行签名,得到用户签名信息,并将所述用户签名信息发送至所述社保数字证书中心服务器;
    接收所述社保数字证书中心服务器发送的中心校验信息,所述中心校验信息为所述社保数字证书中心服务器通过预设的第一公钥对所述用户签名信息进行校验所得到的结果,所述第一公钥和所述第一私钥属于同一密钥对;
    若所述中心校验信息为校验成功信息,则确定所述社保数字证书创建成功。
  2. 根据权利要求1所述的社保数字证书管理方法,其特征在于,在确定所述社保数字证书创建成功之后,还包括:
    向预设的社保数字证书区块链中的多个节点服务器发送证书查询请求,所述节点服务器用于存储所述社保数字证书中心服务器通过预设的第二私钥对所述社保数字证书进行签名得到的中心签名信息;
    接收所述节点服务器发送的所述中心签名信息;
    通过预设的第二公钥对所述中心签名信息进行校验,得到用户校验信息,所述第二公钥和所述第二私钥属于同一密钥对;
    根据所述用户校验信息确定所述社保数字证书是否已在所述社保数字证书区块链中正确存储。
  3. 根据权利要求2所述的社保数字证书管理方法,其特征在于,所述根据所述用户校验信息确定所述社保数字证书是否已在所述社保数字证书区块链中正确存储包括:
    统计在所述用户校验信息中校验成功信息出现的第一次数以及校验失败信息出现的第二次数;
    计算所述第一次数与所述第二次数的比值;
    若所述第一次数与所述第二次数的比值大于或等于预设的阈值,则确定所述社保数字证书已在所述社保数字证书区块链中正确存储;
    若所述第一次数与所述第二次数的比值小于所述阈值,则确定所述社保数字证书未在所述社保数字证书区块链中正确存储。
  4. 根据权利要求2所述的社保数字证书管理方法,其特征在于,在向预设的社保数字证书区块链中的多个节点服务器发送证书查询请求之前,还包括:
    向所述社保数字证书中心服务器发送区块链历史运行记录查询请求;
    接收所述社保数字证书中心服务器发送的区块链历史运行记录;
    根据所述区块链历史运行记录分别统计所述社保数字证书区块链中的各个节点服务器出现异常情况的次数;
    确定各个所述节点服务器的查询优先级,所述查询优先级与节点服务器出现异常情况的次数正相关;
    选取预设数目的所述查询优先级最高的节点服务器作为所述证书查询请求的发送对象。
  5. 根据权利要求1至4中任一项所述的社保数字证书管理方法,其特征在于,还包括:
    若所述中心校验信息为校验失败信息,则确定所述社保数字证书创建失败;
    向所述社保数字证书中心服务器发送申诉请求,以使所述社保数字证书中心服务器对所述社保数字证书进行数据恢复处理。
  6. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机可读指令,其特征在于,所述计算机可读指令被处理器执行时实现如下步骤:
    向预设的社保数字证书中心服务器发送携带有用户社保信息的证书创建请求;
    接收所述社保数字证书中心服务器发送的社保数字证书,所述社保数字证书由所述社保数字证书中心服务器根据所述用户社保信息创建而成;
    通过预设的第一私钥对所述社保数字证书进行签名,得到用户签名信息,并将所述用户签名信息发送至所述社保数字证书中心服务器;
    接收所述社保数字证书中心服务器发送的中心校验信息,所述中心校验信息为所述社保数字证书中心服务器通过预设的第一公钥对所述用户签名信息进行校验所得到的结果,所述第一公钥和所述第一私钥属于同一密钥对;
    若所述中心校验信息为校验成功信息,则确定所述社保数字证书创建成功。
  7. 根据权利要求6所述的计算机可读存储介质,其特征在于,在确定所述社保数字证书创建成功之后,还包括:
    向预设的社保数字证书区块链中的多个节点服务器发送证书查询请求,所述节点服务器用于存储所述社保数字证书中心服务器通过预设的第二私钥对所述社保数字证书进行签名得到的中心签名信息;
    接收所述节点服务器发送的所述中心签名信息;
    通过预设的第二公钥对所述中心签名信息进行校验,得到用户校验信息,所述第二公钥和所述第二私钥属于同一密钥对;
    根据所述用户校验信息确定所述社保数字证书是否已在所述社保数字证书区块链中正确存储。
  8. 根据权利要求7所述的计算机可读存储介质,其特征在于,所述根据所述用户校验信息确定所述社保数字证书是否已在所述社保数字证书区块链中正确存储包括:
    统计在所述用户校验信息中校验成功信息出现的第一次数以及校验失败信息出现的第二次数;
    计算所述第一次数与所述第二次数的比值;
    若所述第一次数与所述第二次数的比值大于或等于预设的阈值,则确定所述社保数字证书已在所述社保数字证书区块链中正确存储;
    若所述第一次数与所述第二次数的比值小于所述阈值,则确定所述社保数字证书未在所述社保数字证书区块链中正确存储。
  9. 根据权利要求7所述的计算机可读存储介质,其特征在于,在向预设的社保数字证书区块链中的多个节点服务器发送证书查询请求之前,还包括:
    向所述社保数字证书中心服务器发送区块链历史运行记录查询请求;
    接收所述社保数字证书中心服务器发送的区块链历史运行记录;
    根据所述区块链历史运行记录分别统计所述社保数字证书区块链中的各个节点服务器出现异常情况的次数;
    确定各个所述节点服务器的查询优先级,所述查询优先级与节点服务器出现异常情况的次数正相关;
    选取预设数目的所述查询优先级最高的节点服务器作为所述证书查询请求的发送对象。
  10. 根据权利要求6至9中任一项所述的计算机可读存储介质,其特征在于,还包括:
    若所述中心校验信息为校验失败信息,则确定所述社保数字证书创建失败;
    向所述社保数字证书中心服务器发送申诉请求,以使所述社保数字证书中心服务器对所述社保数字证书进行数据恢复处理。
  11. 一种社保数字证书管理终端设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,其特征在于,所述处理器执行所述计算机可读指令时实现如下步骤:
    向预设的社保数字证书中心服务器发送携带有用户社保信息的证书创建请求;
    接收所述社保数字证书中心服务器发送的社保数字证书,所述社保数字证书由所述社保数字证书中心服务器根据所述用户社保信息创建而成;
    通过预设的第一私钥对所述社保数字证书进行签名,得到用户签名信息,并将所述用户签名信息发送至所述社保数字证书中心服务器;
    接收所述社保数字证书中心服务器发送的中心校验信息,所述中心校验信息为所述社保数字证书中心服务器通过预设的第一公钥对所述用户签名信息进行校验所得到的结果,所述第一公钥和所述第一私钥属于同一密钥对;
    若所述中心校验信息为校验成功信息,则确定所述社保数字证书创建成功。
  12. 根据权利要求11所述的社保数字证书管理终端设备,其特征在于,在确定所述社保数字证书创建成功之后,还包括:
    向预设的社保数字证书区块链中的多个节点服务器发送证书查询请求,所述节点服务器用于存储所述社保数字证书中心服务器通过预设的第二私钥对所述社保数字证书进行签名得到的中心签名信息;
    接收所述节点服务器发送的所述中心签名信息;
    通过预设的第二公钥对所述中心签名信息进行校验,得到用户校验信息,所述第二公钥和所述第二私钥属于同一密钥对;
    根据所述用户校验信息确定所述社保数字证书是否已在所述社保数字证书区块链中正确存储。
  13. 根据权利要求12所述的社保数字证书管理终端设备,所述根据所述用户校验信息确定所述社保数字证书是否已在所述社保数字证书区块链中正确存储包括:
    统计在所述用户校验信息中校验成功信息出现的第一次数以及校验失败信息出现的第二次数;
    计算所述第一次数与所述第二次数的比值;
    若所述第一次数与所述第二次数的比值大于或等于预设的阈值,则确定所述社保数字证书已在所述社保数字证书区块链中正确存储;
    若所述第一次数与所述第二次数的比值小于所述阈值,则确定所述社保数字证书未在所述社保数字证书区块链中正确存储。
  14. 根据权利要求12所述的社保数字证书管理终端设备,其特征在于,在向预设的社保数字证书区块链中的多个节点服务器发送证书查询请求之前,还包括:
    向所述社保数字证书中心服务器发送区块链历史运行记录查询请求;
    接收所述社保数字证书中心服务器发送的区块链历史运行记录;
    根据所述区块链历史运行记录分别统计所述社保数字证书区块链中的各个节点服务器出现异常情况的次数;
    确定各个所述节点服务器的查询优先级,所述查询优先级与节点服务器出现异常情况的次数正相关;
    选取预设数目的所述查询优先级最高的节点服务器作为所述证书查询请求的发送对象。
  15. 根据权利要求11至14中任一项所述的社保数字证书管理终端设备,其特征在于,还包括:
    若所述中心校验信息为校验失败信息,则确定所述社保数字证书创建失败;
    向所述社保数字证书中心服务器发送申诉请求,以使所述社保数字证书中心服务器对所述社保数字证书进行数据恢复处理。
  16. 一种社保数字证书管理装置,其特征在于,包括:
    证书创建请求发送模块,用于向预设的社保数字证书中心服务器发送携带有用户社保信息的证书创建请求;
    社保数字证书接收模块,用于接收所述社保数字证书中心服务器发送的社保数字证书,所述社保数字证书由所述社保数字证书中心服务器根据所述用户社保信息创建而成;
    第一签名模块,用于通过预设的第一私钥对所述社保数字证书进行签名,得到用户签名信息,并将所述用户签名信息发送至所述社保数字证书中心服务器;
    中心校验信息接收模块,用于接收所述社保数字证书中心服务器发送的中心校验信息,所述中心校验信息为所述社保数字证书中心服务器通过预设的第一公钥对所述用户签名信息进行校验所得到的结果,所述第一公钥和所述第一私钥属于同一密钥对;
    第一确定模块,用于若所述中心校验信息为校验成功信息,则确定所述社保数字证书创建成功。
  17. 根据权利要求16所述的社保数字证书管理装置,其特征在于,还包括:
    证书查询请求发送模块,用于向预设的社保数字证书区块链中的多个节点服务器发送证书查询请求,所述节点服务器用于存储所述社保数字证书中心服务器通过预设的第二私钥对所述社保数字证书进行签名得到的中心签名信息;
    中心签名信息接收模块,用于接收所述节点服务器发送的所述中心签名信息;
    用户校验模块,用于通过预设的第二公钥对所述中心签名信息进行校验,得到用户校验信息,所述第二公钥和所述第二私钥属于同一密钥对;
    存储状态确定模块,用于根据所述用户校验信息确定所述社保数字证书是否已在所述社保数字证书区块链中正确存储。
  18. 根据权利要求17所述的社保数字证书管理装置,其特征在于,所述存储状态确定模块包括:
    信息统计单元,用于统计在所述用户校验信息中校验成功信息出现的第一次数以及校验失败信息出现的第二次数;
    比值计算单元,用于计算所述第一次数与所述第二次数的比值;
    第一存储状态确定单元,用于若所述第一次数与所述第二次数的比值大于或等于预设的阈值,则确定所述社保数字证书已在所述社保数字证书区块链中正确存储;
    第二存储状态确定单元,用于若所述第一次数与所述第二次数的比值小于所述阈值,则确定所述社保数字证书未在所述社保数字证书区块链中正确存储。
  19. 根据权利要求17所述的社保数字证书管理装置,其特征在于,还包括:
    记录查询请求发送模块,用于向所述社保数字证书中心服务器发送区块链历史运行记录查询请求;
    历史运行记录接收模块,用于接收所述社保数字证书中心服务器发送的区块链历史运行记录;
    异常情况统计模块,用于根据所述区块链历史运行记录分别统计所述社保数字证书区块链中的各个节点服务器出现异常情况的次数;
    查询优先级确定模块,用于确定各个所述节点服务器的查询优先级,所述查询优先级与节点服务器出现异常情况的次数正相关;
    发送对象选取模块,用于选取预设数目的所述查询优先级最高的节点服务器作为所述证书查询请求的发送对象。
  20. 根据权利要求16至19中任一项所述的社保数字证书管理装置,其特征在于,还包括:
    第二确定模块,用于若所述中心校验信息为校验失败信息,则确定所述社保数字证书创建失败;
    申诉请求发送模块,用于向所述社保数字证书中心服务器发送申诉请求,以使所述社保数字证书中心服务器对所述社保数字证书进行数据恢复处理。
PCT/CN2018/083295 2018-02-07 2018-04-17 社保数字证书管理方法、可读存储介质、终端设备及装置 WO2019153507A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810121919.4 2018-02-07
CN201810121919.4A CN108494557B (zh) 2018-02-07 2018-02-07 社保数字证书管理方法、计算机可读存储介质及终端设备

Publications (1)

Publication Number Publication Date
WO2019153507A1 true WO2019153507A1 (zh) 2019-08-15

Family

ID=63344641

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/083295 WO2019153507A1 (zh) 2018-02-07 2018-04-17 社保数字证书管理方法、可读存储介质、终端设备及装置

Country Status (2)

Country Link
CN (1) CN108494557B (zh)
WO (1) WO2019153507A1 (zh)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112132592A (zh) * 2020-09-07 2020-12-25 绿瘦健康产业集团有限公司 一种申诉处理方法、装置、介质及终端设备
CN112734581A (zh) * 2021-01-12 2021-04-30 广州市讯奇数码科技有限公司 一种5g区块链社保数据应用系统
CN113064896A (zh) * 2021-03-08 2021-07-02 山东英信计算机技术有限公司 一种紧固件防呆系统、方法及介质
CN113114625A (zh) * 2021-03-16 2021-07-13 上海源庐加佳信息科技有限公司 基于区块链的用户身份校验方法、系统、介质及终端
CN114401096A (zh) * 2022-01-19 2022-04-26 深圳市电子商务安全证书管理有限公司 区块链数据的上链控制方法、装置、设备及存储介质

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110222085B (zh) * 2019-05-07 2021-06-22 北京奇艺世纪科技有限公司 一种存证数据的处理方法、装置及存储介质
CN110545190B (zh) * 2019-09-06 2021-08-13 腾讯科技(深圳)有限公司 一种签名处理的方法、相关装置以及设备
CN112861106B (zh) * 2021-02-26 2023-01-10 卓尔智联(武汉)研究院有限公司 数字证书处理方法及系统、电子设备及存储介质

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100217975A1 (en) * 2009-02-25 2010-08-26 Garret Grajek Method and system for secure online transactions with message-level validation
CN101944997A (zh) * 2010-08-25 2011-01-12 北京市劳动信息中心 基于双密钥及数字证书体制的ic卡签验方法及系统
CN103167491A (zh) * 2011-12-15 2013-06-19 上海格尔软件股份有限公司 一种基于软件数字证书的移动终端唯一性认证方法
CN106453330A (zh) * 2016-10-18 2017-02-22 深圳市金立通信设备有限公司 一种身份认证的方法和系统
US20170324561A1 (en) * 2016-05-04 2017-11-09 Avaya Inc. Secure application attachment
CN107425981A (zh) * 2017-06-12 2017-12-01 清华大学 一种基于区块链的数字证书管理方法及系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100217975A1 (en) * 2009-02-25 2010-08-26 Garret Grajek Method and system for secure online transactions with message-level validation
CN101944997A (zh) * 2010-08-25 2011-01-12 北京市劳动信息中心 基于双密钥及数字证书体制的ic卡签验方法及系统
CN103167491A (zh) * 2011-12-15 2013-06-19 上海格尔软件股份有限公司 一种基于软件数字证书的移动终端唯一性认证方法
US20170324561A1 (en) * 2016-05-04 2017-11-09 Avaya Inc. Secure application attachment
CN106453330A (zh) * 2016-10-18 2017-02-22 深圳市金立通信设备有限公司 一种身份认证的方法和系统
CN107425981A (zh) * 2017-06-12 2017-12-01 清华大学 一种基于区块链的数字证书管理方法及系统

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112132592A (zh) * 2020-09-07 2020-12-25 绿瘦健康产业集团有限公司 一种申诉处理方法、装置、介质及终端设备
CN112734581A (zh) * 2021-01-12 2021-04-30 广州市讯奇数码科技有限公司 一种5g区块链社保数据应用系统
CN113064896A (zh) * 2021-03-08 2021-07-02 山东英信计算机技术有限公司 一种紧固件防呆系统、方法及介质
CN113114625A (zh) * 2021-03-16 2021-07-13 上海源庐加佳信息科技有限公司 基于区块链的用户身份校验方法、系统、介质及终端
CN113114625B (zh) * 2021-03-16 2023-07-18 上海源庐加佳信息科技有限公司 基于区块链的用户身份校验方法、系统、介质及终端
CN114401096A (zh) * 2022-01-19 2022-04-26 深圳市电子商务安全证书管理有限公司 区块链数据的上链控制方法、装置、设备及存储介质
CN114401096B (zh) * 2022-01-19 2024-02-09 深圳市电子商务安全证书管理有限公司 区块链数据的上链控制方法、装置、设备及存储介质

Also Published As

Publication number Publication date
CN108494557B (zh) 2020-03-20
CN108494557A (zh) 2018-09-04

Similar Documents

Publication Publication Date Title
WO2019153507A1 (zh) 社保数字证书管理方法、可读存储介质、终端设备及装置
US10892896B2 (en) Using biometric features for user authentication
AU2019203153B9 (en) Key export techniques
WO2015043491A1 (zh) 一种用于对互联网账号的登录进行安全验证的方法及系统
US11916920B2 (en) Account access security using a distributed ledger and/or a distributed file system
US20170237725A1 (en) Password-Based Authentication
US11374767B2 (en) Key-based authentication for backup service
US20150358167A1 (en) Certificateless Multi-Proxy Signature Method and Apparatus
US20150256542A1 (en) User authentication
CN111698088A (zh) 密钥轮换方法、装置、电子设备及介质
US20210241270A1 (en) System and method of blockchain transaction verification
US11411742B2 (en) Private set calculation using private intersection and calculation, and applications thereof
WO2020160391A1 (en) An efficient, environmental and consumer friendly consensus method for cryptographic transactions
WO2023093638A1 (zh) 异常数据识别方法、装置、设备和存储介质
CN110807209B (zh) 一种数据处理方法、设备及存储介质
WO2022068234A1 (zh) 基于共享根密钥的加密方法、装置、设备及介质
CN113239401A (zh) 一种基于电力物联网的大数据分析系统、方法及计算机存储介质
CN112055008A (zh) 一种身份验证方法、装置、计算机设备和存储介质
JPWO2020065633A5 (zh)
CN112039921B (zh) 用于停车访问的验证方法、停车用户终端和节点服务器
Dhal et al. Cryptanalysis and improvement of a cloud based login and authentication protocol
CN114553443B (zh) 一种对接第三方数据模型的方法及系统
TW201917621A (zh) 防止密碼檔案外洩偵測方法及系統
CN114500025B (zh) 一种账户标识获取方法、装置、服务器及存储介质
WO2022193119A1 (zh) 一种区块链数据保护方法及系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18904654

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 03/11/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18904654

Country of ref document: EP

Kind code of ref document: A1