Detailed Description
The present application will be described in further detail below with reference to the attached drawings, wherein it is apparent that the embodiments described are only some, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In order to ensure privacy of a user when inquiring a certificate state, the embodiment of the application provides a certificate state inquiring system, a method, a device, equipment and a medium.
In the embodiment of the application, a certificate state query system comprises a terminal and a server, wherein the terminal adopts a first preset algorithm to determine a first target row in which a certificate number to be queried is stored in a certificate state matrix in the server, adopts a second preset algorithm to determine a first target column in which the certificate number to be queried is stored in the certificate state matrix in the server, and according to a preset query rule, the terminal takes the first target row or the first target column as a query term, sends information of the query term to the server, and according to the information of the query term and the preset query rule, the server obtains each candidate identifier recorded in the first target row or the first target column in the certificate state query matrix, sends each candidate identifier contained in the first target row or the first target column and a sequence number corresponding to the column or the row to the terminal, and obtains a target identifier with a corresponding sequence number of the first target column or the first target row in each candidate identifier and the sequence number corresponding to the column or the row, and determines whether the certificate number to be queried is revoked or not according to the target identifier.
Example 1:
Fig. 1 is a schematic structural diagram of a certificate status query system according to an embodiment of the present application, where the certificate status query system includes a terminal 101 and a server 102;
The terminal 101 is configured to determine a first target row in which the certificate number to be queried is stored in a certificate status matrix in the server by using a first preset algorithm and the certificate number to be queried, determine a first target column in which the certificate number to be queried is stored in the certificate status matrix by using a second preset algorithm and the certificate number to be queried, and send information of the query item to the server 102 according to a preset query rule, where the first target row or the first target column is used as the query item;
The server 102 is configured to obtain, according to the information of the query term and a preset query rule, each candidate identifier included in the first target row or the first target column in the certificate status matrix, and send each candidate identifier and a sequence number corresponding to the column or row to the terminal 101;
The terminal 101 is further configured to obtain, from the received sequence numbers of each candidate identifier and the corresponding column or row, a target identifier with a sequence number of the first target column or the first target row, and determine, according to the target identifier, whether the certificate corresponding to the certificate number to be queried is revoked.
In the embodiment of the present application, in order to perform a certificate status query, the certificate status query system includes a terminal 101 and a server 102, where the terminal 101 is connected to the server 102.
In the embodiment of the application, when a user operates the terminal to access a certain website, the terminal needs to inquire the certificate state of the certificate corresponding to the website, namely whether the certificate corresponding to the website is revoked. Specifically, the terminal may obtain, according to the information of the website, for example, the address of the website, a certificate number of a certificate corresponding to the website, and determine the certificate number as the certificate number to be queried. Specifically, how the terminal obtains the certificate number of the certificate corresponding to the website according to the information of the website is in the prior art, and is not described herein again.
In the embodiment of the present application, a certificate status matrix may be pre-stored in the server, where, for each certificate number, an identifier corresponding to the certificate number is stored in the certificate status matrix, where the identifier may indicate a certificate status corresponding to the certificate number, where the certificate status includes revoked and not revoked, an identifier indicating that a certificate corresponding to the certificate number is revoked and an identifier indicating that the certificate status is not revoked are any different values, for example, an identifier indicating that a certificate corresponding to the certificate number is revoked may be 1, and an identifier indicating that a certificate corresponding to the certificate number is not revoked may be 0. In the embodiment of the application, each certificate number corresponds to an identifier recorded in a certain column of a certain row in the certificate status matrix.
After the terminal obtains the certificate number to be queried, a first preset algorithm and the certificate number to be queried can be adopted to determine a first target row of the identifier corresponding to the certificate number to be queried, which is stored in the certificate state matrix, wherein the first target row refers to the serial number of the row of the identifier corresponding to the certificate number to be queried in the certificate state matrix. The method for determining the first target row stored in the certificate state matrix by the identification corresponding to the certificate number to be queried by the terminal through a first preset algorithm and the certificate number to be queried can be that the ratio of the certificate number to be queried to the first preset value is determined, the value obtained by rounding up the ratio is determined to be the first target row, and the first preset value can be a value smaller than or equal to the number of columns of the certificate state matrix.
After the terminal obtains the certificate number to be queried, a second preset algorithm and the certificate number to be queried can be adopted to determine a first target column in which the identifier corresponding to the certificate number to be queried is stored in the certificate state matrix, wherein the first target column refers to the serial number of the column in which the identifier corresponding to the certificate number to be queried is located in the certificate state matrix. The method for determining the first target column of the identifier stored in the certificate status matrix corresponding to the certificate number to be queried by the terminal through the second preset algorithm and the certificate number to be queried may be that a remainder obtained by dividing the certificate number to be queried and the first preset value is obtained, and the remainder is determined to be the first target column.
After the terminal determines the first target row and the first target column corresponding to the certificate number to be queried, the terminal may use the first target row or the first target column as a query term according to a preset query rule, where the preset rule may set the row as the query term or the column as the query term. For example, if the preset rule is to set a row as a query term, the terminal may use the first target row as the query term. And after determining the query term, the terminal sends the information of the query term to the server. Specifically, the terminal may directly send the query term to the server, for example, directly send the first target row or the first target column. For example, if the terminal determines that the certificate number to be queried is stored in the first row and the second column in the certificate status matrix of the server, the second column may be used as the query term, and then the terminal may send the information "2" or "second column" of the query term to the server.
After acquiring the information of the query term sent by the terminal, the server can acquire each candidate identifier contained in the first target row or the first target column in the certificate state matrix according to the information of the query term and a preset query rule. Specifically, if the query term is the first target row, the server may acquire each identifier indicating the certificate status corresponding to the certificate number recorded in the first target row in the certificate status matrix, and use each acquired identifier as a candidate identifier, and if the query term is the first target column, the server may acquire each identifier recorded in the first target column in the certificate status matrix, and use each acquired identifier as a candidate identifier. Taking the information of the query term as a second column as an example, the server acquires each identifier of the second column record in the certificate status matrix, and takes each identifier as a candidate identifier.
After the server acquires each candidate identifier contained in the first target row or the first target column, each candidate identifier contained in the first target row and the first target column and the serial number of the column or the row where each candidate identifier is located are sent to the terminal.
After receiving each candidate identifier and the sequence number of the column or the row where each candidate identifier is located, which are sent by the server, the terminal may obtain, from each received candidate identifier and the sequence number of the column or the row where each candidate identifier is located, a candidate identifier corresponding to the sequence number of the first target column or the first target row, and determine the candidate identifier as a target identifier. The target identifier may be used to represent a certificate state of a certificate number corresponding to the first target column in the certificate state matrix, and the identifier recorded by the first target column in the first target row in the certificate state matrix is an identifier representing a certificate state corresponding to the certificate number to be queried, so that the terminal may determine whether the certificate corresponding to the certificate number to be queried is revoked according to the target identifier.
In the embodiment of the application, if the terminal takes the first target row as the query term, the server can acquire each candidate identifier recorded in the first target row in the certificate state matrix and the serial number of the column where each candidate identifier is located, the terminal acquires each candidate identifier and the serial number of the column where each candidate identifier is located, the serial number of the column is the candidate identifier corresponding to the first target column, and the candidate identifier is taken as the target identifier.
After the target identifier is obtained, the terminal can determine whether the certificate corresponding to the certificate number to be queried is revoked according to the target identifier, specifically, whether the certificate corresponding to the certificate number to be queried is revoked or not can be determined by judging whether the target identifier is a prestored identifier for identifying the certificate to be revoked, if the target identifier is a prestored identifier for indicating that the certificate is revoked, determining that the certificate corresponding to the certificate number to be queried is revoked, and if the target identifier is a prestored identifier for identifying the certificate not to be revoked, determining that the certificate corresponding to the certificate number to be queried is not revoked.
Since in the embodiment of the application, the terminal determines that the certificate number to be queried is stored in the first target row and the first target column in the certificate state matrix, and the terminal uses the acquired first target row or first target column as the query term, sends the information of the query term to the server, and the terminal does not directly send the certificate number to be queried, in the embodiment of the application, when querying the certificate state, even if the information of the query term is intercepted, the device for acquiring the information of the query term cannot determine the certificate number to be queried, so that the problem of user privacy disclosure caused by disclosure of the certificate number to be queried can be avoided.
Example 2:
In order to accurately query the certificate status, in the above embodiment, the server 102 is further configured to, if a revoked certificate number is received, determine a second target row in which the revoked certificate number is stored in the certificate status matrix by using the first preset algorithm and the revoked certificate number, determine a second target column in which the revoked certificate number is stored in the certificate status matrix by using the second preset algorithm and the revoked certificate number, and modify an identifier recorded in the second target column in the certificate status matrix into a revoked identifier.
In the embodiment of the present application, a certificate status matrix is pre-stored in a server, where, for each certificate number, an identifier corresponding to the certificate number is stored in the certificate status matrix, where the identifier indicates a certificate status corresponding to the certificate number, and the certificate status includes revoked and non-revoked identifiers that indicate that the certificate corresponding to the certificate number is revoked and an identifier that indicates that the certificate status is not revoked are different, for example, an identifier that indicates that the certificate corresponding to the certificate number is revoked may be 1, and an identifier that indicates that the certificate corresponding to the certificate status is not revoked may be 0. In the embodiment of the application, each certificate number corresponds to an identifier recorded in a certain column of a certain row in the certificate status matrix.
In the embodiment of the present application, when a certain certificate is revoked, the server receives the certificate number of the revoked certificate, which is referred to as the revoked certificate number for convenience of description, where the server mentioned in the embodiment of the present application may be a certificate status query server (CERTIFICATE STATUS SERVER, CSS), and the revoked certificate number may be sent to the certificate status query server by a certificate management center server (CERTIFICATE AUTHORITY, CA).
In the embodiment of the application, if the server receives the revoked certificate number, the server modifies the identifier corresponding to the certificate number in the certificate status matrix into the prestored revoked identifier. Specifically, the server may determine, by using a first preset algorithm and the revoked certificate number, a second target row in the certificate status matrix, where the identifier corresponding to the revoked certificate number is stored, where the second target row may be a serial number of the row in the certificate status matrix where the identifier corresponding to the revoked certificate number is located. The method for determining the second target row stored in the certificate state matrix by the identifier corresponding to the revoked certificate number by the server through a first preset algorithm and the revoked certificate number may be to determine a ratio of the revoked certificate number to the first preset value, and determine the value obtained by rounding up the ratio as the second target row, where the first preset value may be a value less than or equal to the number of columns of the certificate state matrix.
And the terminal can also adopt a second preset algorithm and the revoked certificate number to determine a second target column in which the identifier corresponding to the revoked certificate number is stored in the certificate status matrix, wherein the second target column can be the serial number of the column in which the identifier corresponding to the revoked certificate number is located in the certificate status matrix. The server adopts a second preset algorithm and the revoked certificate number, and the method for determining the second target column of the identifier corresponding to the revoked certificate number stored in the certificate status matrix can be that a remainder after the revoked certificate number and the first preset numerical value are subjected to the division operation is obtained, and the remainder is determined to be the second target column.
After determining the second target row and the second target column of the identifier corresponding to the revoked certificate number stored in the certificate status matrix, the server may acquire the identifier recorded in the second target row and the second target column of the second target row in the certificate status matrix, and modify the identifier to be a revoked identifier. The revocation identifier may be any preset identifier, for example, may be "1". It should be noted that, each identifier in the certificate status matrix stored in the server is an identifier corresponding to a non-revoked identifier at the beginning, and when a certain revoked certificate number is received, the identifier corresponding to the revoked certificate number is modified into a revoked identifier.
In the embodiment of the application, after receiving the revoked certificate numbers, the server modifies the identifiers corresponding to the revoked certificate numbers in the certificate state matrix into the revoked identifiers, so that the state of the certificate corresponding to each certificate number can be ensured to be accurately recorded in the certificate state matrix, and the subsequent inquiry of the certificate state is facilitated.
Example 3:
in order to accurately query the certificate status corresponding to the certificate number to be queried, in the above embodiments, in the embodiments of the present application, the terminal 101 is specifically configured to determine the first target row according to a ratio of the certificate number to be queried to a number of columns of the pre-stored certificate status matrix.
In the embodiment of the application, when determining the first target row in which the identifier corresponding to the certificate number to be queried is stored in the certificate state matrix, the terminal can acquire the column number of the pre-stored certificate state matrix, acquire the ratio of the certificate number to be queried to the column number, and determine the first target row in which the identifier corresponding to the certificate number to be queried is stored in the certificate state matrix according to the ratio. Specifically, the terminal may determine that the value obtained by rounding up the ratio is the first target row, or may determine that the value obtained by rounding down the ratio is the first target row, and determine that the sum of the value and a second preset value is the first target row, where the second preset value may be any integer not less than 1, for example, may be 1.
The formula of determining, by the terminal, that the identifier corresponding to the certificate number to be queried is stored in the certificate status matrix may be:
Wherein a is a first target row of the identification corresponding to the certificate number to be queried, A is the certificate number to be queried, t is the number of columns of the pre-stored certificate state matrix, and 1 is a second preset value.
In the embodiment of the application, the method for determining the second target row stored in the certificate state matrix by the server by adopting the first preset algorithm and the revoked certificate number can also be that the number of columns of the pre-stored certificate state matrix is obtained, and the second target row stored in the certificate state matrix by the identifier corresponding to the revoked certificate number is determined according to the ratio of the revoked certificate number to the number of columns. Specifically, the terminal may determine that the value obtained by rounding up the ratio is the second target row, or may determine that the value obtained by rounding down the ratio is the second target row, and determine that the sum of the value and a second preset value is the second target row, where the second preset value may be 1.
In order to accurately query the certificate status corresponding to the certificate number to be queried, in the above embodiments, in the embodiments of the present application, the terminal 101 is specifically configured to determine, as the first target column, a remainder after division operation between the certificate number to be queried and a column number of the pre-stored certificate status matrix.
In the embodiment of the application, when determining the first target column of the identifier stored in the certificate state matrix corresponding to the certificate number to be queried, the terminal can acquire the column number of the pre-stored certificate state matrix, acquire the remainder of division operation between the certificate number to be queried and the column number, and determine the remainder as the first target column.
The formula of determining, by the terminal, that the identifier corresponding to the certificate number to be queried is stored in the certificate status matrix may be:
b=Amodt
Wherein b is a first target column of the identification corresponding to the certificate number to be queried, A is the certificate number to be queried, and t is the column number of the pre-stored certificate state matrix.
As can be seen from the above description, the first target row and the first target column corresponding to the identifier of the certificate number to be queried are stored in the certificate status matrix, where a is the certificate number to be queried, a is the first target row corresponding to the identifier of the certificate number to be queried and stored in the certificate status matrix, 1 is the second preset value, t is the number of columns of the pre-stored certificate status matrix, and b is the first target column corresponding to the identifier of the certificate number to be queried and stored in the certificate status matrix. As can be seen from a= (a-1) t+b, when the first target row and the first target column are not identical, the corresponding certificate numbers are different, so each identifier in the certificate status matrix only represents the status of the certificate corresponding to one certificate number.
In the embodiment of the application, the method for determining the second target column stored in the certificate state matrix by the server by adopting the second preset algorithm for the identification corresponding to the revoked certificate number can be implemented by acquiring the number of columns of the pre-stored certificate state matrix, and determining the remainder of dividing the certificate number to be queried and the number of columns as the second target column.
In the embodiment of the present application, the revoked certificate number also satisfies a '= (a' -1) ×t+b ', where a' is the revoked certificate number, a 'is a second target row in which the identifier corresponding to the revoked certificate number is stored in the certificate status matrix, 1 is a second preset value, t is the number of columns in the pre-stored certificate status matrix, and b' is a second target column in which the identifier corresponding to the revoked certificate number is stored in the certificate status matrix. When the certificate with the certificate number a ' = (a ' -1) ×t+b ' is revoked, the server modifies the identifier recorded in the second target column of the second target row in the certificate status matrix to be a revoked identifier.
Example 4:
In order to accurately determine the information of the query term, in the embodiments of the present application, the terminal 101 is specifically configured to generate a first preset number of prime numbers, generate a non-prime number according to the generated prime numbers, determine a first target value and a second preset number of second target values, where the first target value is smaller than the non-prime number and is a non-quadratic residue (QNR) of the non-prime number, each second target value is a quadratic residue (quadratic residue, QR) of the non-prime number, and a sum of the number of the first target values and the second preset number is a number of rows or columns of the certificate state matrix stored in advance, and generate a column matrix or a row matrix corresponding to the first target value and the second preset number of second target values, where a row or column where the first target value is located in the column matrix or row matrix is the first target row or the first target column matrix, and the column matrix or row is determined as the query term.
In the embodiment of the application, if the terminal directly sends the query item to the server, that is, the terminal directly sends the first target row or the first target column to the server, if the query item is intercepted, the device acquiring the query item still causes part of information leakage if knowing the first preset algorithm and the second preset algorithm.
Therefore, in the embodiment of the application, certain processing can be performed on the query term. The specific terminal may generate a second preset number of prime numbers, generate non-prime numbers according to the generated prime numbers, and specifically may determine that the product of the generated prime numbers is the non-prime number. The second preset number is usually 2, and the length of the generated prime number is related to a preset safety parameter, specifically, the ratio of the preset safety parameter to 2.
In the embodiment of the present application, the terminal further determines a first target value, where the first target value is a QNR that is smaller than the non-prime number and is non-prime, and the terminal may generate a second preset number of second target values, where each second target value is QR of the non-prime number, and a sum of the second preset number and the first target value is a number of rows or columns of a pre-stored certificate status matrix, and the number of first target values is 1, so that the second preset number is a difference between the number of rows or columns of the pre-stored certificate status matrix and 1. And if the query term is the first target row, the sum of the second preset number and the first target value is the number of rows of the pre-stored certificate state matrix, and if the query term is the first target column, the sum of the second preset number and the first target value is the number of columns of the pre-stored certificate state matrix.
In the embodiment of the present application, when determining whether a certain value is a QR that is not prime, since the non-prime is determined according to two prime numbers, since the two prime numbers are known, it can be determined whether the value is the QR that is not prime, that is, whether the value is the QR that is not prime, which is computable, so in the embodiment of the present application, it is required to determine the non-prime according to a second preset number of prime numbers.
In the embodiment of the application, the terminal determines that a certain value is a non-prime QR in the following way ifWherein, theGcd (N, x) represents the greatest common divisor of N and x and satisfies ω2 =ymod N, QN (y) =0, y is QR of N, otherwise QN (y) =1, y is QNR of N.
In addition, the QR of which a certain value is a non-prime number can be determined by determining1 Or-1, ifWhen y is the QNR of N. When (when)When y is the same as the probability of QR and QNR of N, wherein,Representing jacobian notation, when N is a non-prime number, even if the factorization result of N is not known,The values of (2) may be calculated in polynomial time.
After the terminal determines the first target value and the second preset number of second target values, the terminal may generate a column matrix or a row matrix corresponding to the first target value and the second preset number of second target values, where a row or a column where the first target value is located in the column matrix or the row matrix is a first target row or a first target column, that is, a row where the first target value is located in the column matrix is a first target row, or a column where the first target value is located in the row matrix is a first target column, a sequence number of a row or a column where the second preset number of second target values is located in the column matrix or the row matrix is random, and the terminal determines the column matrix or the row matrix as information of the query term. If the server generates a row matrix, the server may send the row matrix z1,z2…zs to the terminal after generating the row matrix. And if the information of the query term is a first target column, the column in which the first target value is located in the row matrix is the first target column. For example, if the query term is the second column, then the column in the row matrix in which the first target value is located is the second column.
Example 5:
In order to accurately determine the candidate identifier corresponding to each row or each column in the certificate status matrix, in the above embodiments of the present application, the server 102 is specifically configured to obtain, for each column or each row in the certificate status matrix, each identifier recorded in the column or the row in the certificate status matrix, obtain, for each identifier, a value recorded in a row in the column matrix that is the same as the row in which the identifier is located, or a value recorded in a column in the row matrix that is the same as the column in which the identifier is located, and determine whether the identifier is a prestored revocation identifier, if yes, determine that the value is a value corresponding to the identifier, if no, determine that the square of the value is a value corresponding to the identifier, determine a product of the values corresponding to each identifier in the column or the row, and use the product as the candidate identifier corresponding to the column or the row in the first target row or the first target column.
In the embodiment of the present application, after receiving information of a query term sent by a terminal, that is, after receiving a row matrix or a column matrix sent by the terminal, a server may acquire, for each column or each row in a certificate state matrix, each identifier recorded in the column or the row in the certificate state matrix, for each identifier recorded in the column or the row, acquire a value recorded in a row in the column matrix that is the same as a row in which the identifier is located, or acquire a value recorded in a column in the row matrix that is the same as a column in which the identifier is located, and determine whether the identifier is a prestored revocation identifier, if the identifier is a prestored revocation identifier, determine that the value is unchanged, and if the identifier is not a prestored revocation identifier, update the value to a square value of the value, and the server may determine, in this manner, a value corresponding to each identifier in the row.
The server obtains, for each column in the certificate status matrix, each identifier recorded in the column, for each identifier, a value recorded in a row in the column matrix that is the same as the row in which the identifier is located, and, if the identifier is in the first row of the column, a value recorded in the first row in the column matrix, and if the information of the query is in the first target column, the server obtains, for each row in the certificate status matrix, each identifier recorded in the row, and, for each identifier, a value recorded in a column in the row matrix that is the same as the column in which the identifier is located, and if the identifier is in the first column of the row, a value recorded in the first column in the row matrix.
Taking the information of the query term as a first target column as an example, the formula of determining the numerical value corresponding to a certain identifier recorded in a certain row after the certificate state matrix by the server can be as follows:
wherein ωr,j is a value corresponding to the identifier, r is a row in which the identifier is located, j is a column in which the identifier is located, Mr,j is the identifier, 0 is a pre-stored identifier that is not revoked, 1 is a pre-stored revocation identifier, and yj is a value recorded in the same column as the column in which the identifier is located in the received row matrix.
The server can determine the product of the numerical values corresponding to each identifier in the column or the row after acquiring the numerical values corresponding to each identifier in the column or the row for each column or each row in the certificate state matrix, and take the determined product as the candidate identifier corresponding to the column or the row.
After the server obtains the value corresponding to each identifier in a certain row or a certain column, the formula for determining the candidate identifier corresponding to the row or the column may be:
Wherein zr is a candidate identifier corresponding to the row or the column, r is the row or the column, j is the column or the row where each identifier in the row or the column is located, t is the total number of identifiers contained in the row or the column, i.e. the number of columns or the number of rows of the certificate status matrix, and ωr,j is the number corresponding to the identifier recorded in the j columns or the j rows in the row or the column.
Taking the information of the query term sent to the server as an example, taking a row matrix corresponding to the first target column as an example, it should be noted that the square of QNR of a certain non-prime number is the QR of the non-prime number, and the square of QR of a certain non-prime number is also the QR of the non-prime number. The first target value is recorded in the first target column of the row matrix, and the first target value is the QNR of the non-prime number, so when the mark recorded in the first target column of a certain row in the certificate state matrix is the non-revoked mark, the determined value corresponding to the mark is the square of the value in the non-first target column of the row matrix, namely the square of the first target value, so the determined value corresponding to the mark is the QR of the non-prime number, when the mark recorded in the first target column of a certain row in the certificate state matrix is the revoked mark, the determined value is the QNR of the non-prime number, so when the mark recorded in the other columns of a certain row in the certificate state matrix is the non-revoked mark, the determined value is the square of the value in the non-first target column of the row matrix, namely the determined value in the non-prime number, and when the determined value in the corresponding row in the certificate state matrix is the non-prime number, namely the non-first column of the non-target column of the corresponding to the mark is the non-prime number.
In addition, in the case of the optical fiber,Wherein, theThe exclusive or is expressed, and if QN (xy) =0, xy is QR, and if QN (xy) +.0, xy is QNR. That is, if and only if one of x and y is QNR, xy is QNR, so when determining the product of the values corresponding to each of the identifications in a certain row, that is, when determining the candidate identifications of a certain row, only the identifications recorded in the first target column in the row are the revoked identifications, the determined product is QNR that is not prime, so in the embodiment of the present application, it can be determined whether the identifications recorded in the first target column in the row are the revoked identifications through the candidate identifications of the certain row. Similarly, in the embodiment of the present application, it may also be determined whether the identifier recorded in the first target row in a column is the revoked identifier through a candidate identifier in the column.
Example 5:
In order to accurately determine whether the certificate corresponding to the certificate number to be queried is revoked, in the above embodiments, in the embodiments of the present application, the terminal 101 is specifically configured to determine whether the target identifier is the QNR of the non-prime number, if so, determine that the certificate corresponding to the certificate number to be queried is revoked, and if not, determine that the certificate corresponding to the certificate number to be queried is not revoked.
In the embodiment of the application, after the terminal acquires the target identifier, the terminal can determine whether the target identifier is the generated non-prime number QNR, if the target identifier is the generated non-prime number QNR, the terminal determines that the certificate corresponding to the certificate number to be queried is revoked if the identifier recorded in the first target column of the first target row in the certificate state matrix is the revoked identifier, and if the target identifier is not the generated non-prime number QR, the terminal determines that the certificate corresponding to the certificate number to be queried is not revoked.
When the factor of the non-prime number is known, how to determine whether a value is the QNR of the non-prime number is the prior art, and will not be described herein.
Fig. 2 is a detailed schematic diagram of a certificate status query process according to an embodiment of the present application, in which fig. 2 illustrates a query term as a first target column, the process includes the following steps:
S201, the terminal adopts a first preset algorithm to determine a first target row in which the certificate number to be queried is stored in a certificate state matrix in the server, and adopts a second preset algorithm to determine a first target column in which the certificate number to be queried is stored in the certificate state matrix.
S202, the terminal generates non-prime numbers and determines a first target value and a second target value of a second preset number.
Wherein the terminal may generate two primes, and determine that the product of the two primes is a non-prime.
S203, the terminal generates a row matrix corresponding to the first target value and a second preset number of second target values, and sends the row matrix to the server.
The numerical value recorded in the first target column in the row matrix is a first target numerical value.
S204, the server acquires each mark recorded in the row of the certificate state matrix for each row of the certificate state matrix, acquires the numerical value recorded in the column of the row matrix which is the same as the column of the mark for each mark, judges whether the mark is a prestored revocation mark, if so, determines that the numerical value is the numerical value corresponding to the mark, if not, determines that the square of the numerical value is the numerical value corresponding to the mark, determines the product of the numerical values corresponding to each mark in the row, and takes the product as a candidate mark corresponding to the row in the first target column.
S205, the server sends each candidate identification and the serial number of the line to the terminal.
S206, the terminal obtains the target identification with the sequence number of the first target row from the received candidate identifications and the sequence numbers corresponding to the rows.
S207, the terminal judges whether the target identifier is a non-prime number QR, if so, the terminal executes S208, and if not, the terminal executes S209.
S208, determining that the certificate corresponding to the certificate number to be queried is not revoked.
S209, determining that the certificate corresponding to the certificate number to be queried is revoked.
Example 6:
On the basis of the above embodiments, the present application further provides a certificate status query method, and fig. 3 is a schematic diagram of a certificate status query process provided by the embodiment of the present application, as shown in fig. 3, where the method includes:
s301, determining a first target row in which the certificate number to be queried is stored in a certificate state matrix in the server by adopting a first preset algorithm and the certificate number to be queried, and determining a first target column in which the certificate number to be queried is stored in the certificate state matrix by adopting a second preset algorithm and the certificate number to be queried;
S302, according to a preset query rule, the first target row or the first target column is used as a query item, and information of the query item is sent to the server, so that the server obtains each candidate identifier contained in the first target row or the first target column in a certificate state matrix according to the information of the query item and the preset query rule, and sends each candidate identifier and a serial number of the corresponding column or row to the terminal;
s303, acquiring a target identifier with a sequence number of the first target column or the first target row from the received candidate identifiers and the sequence numbers of the corresponding columns or rows, and determining whether the certificate corresponding to the certificate number to be queried is revoked according to the target identifier.
In one possible implementation manner, the determining, by using a first preset algorithm and a certificate number to be queried, a first target row in which the certificate number to be queried is stored in a certificate status matrix in the server includes:
And determining the first target row according to the ratio of the number of the certificate to be queried to the number of columns of the pre-stored certificate state matrix.
In one possible implementation manner, the determining, using a second preset algorithm and the certificate number to be queried, the first target column in which the certificate number to be queried is stored in the certificate status matrix includes:
And performing a division operation on the certificate number to be queried and the column number of the pre-stored certificate state matrix to obtain a remainder, and determining the remainder as the first target column.
In one possible embodiment, the method further comprises:
Generating a first preset number of prime numbers, generating a non-prime number according to the generated prime numbers, determining a first target value and a second preset number of second target values, wherein the first target value is a QNR (quick response) smaller than the non-prime number and not prime, each second target value is a QR (quick response) of the non-prime number, the sum of the number of the first target values and the second preset number is the number of rows or columns of the pre-stored certificate state matrix, generating a column matrix or a row matrix corresponding to the first target value and the second preset number of the second target values, wherein the row or column where the first target value is located in the column matrix or the row matrix is the first target row or the first target column, and determining the column matrix or the row matrix is information of the query item.
In a possible implementation manner, the determining whether the certificate corresponding to the certificate number to be queried is revoked according to the target identifier includes:
And judging whether the target identifier is the QNR of the non-prime number, if so, determining that the certificate corresponding to the certificate number to be queried is revoked, and if not, determining that the certificate corresponding to the certificate number to be queried is not revoked.
The application of the method to the terminal, and the specific process of executing the certificate status query method by the terminal may refer to the other embodiments, and specific contents will not be described again.
On the basis of the above embodiments, the present application further provides a certificate status query method, and fig. 4 is a schematic diagram of a certificate status query process provided by the embodiment of the present application, as shown in fig. 4, where the method includes:
S401, acquiring each candidate mark contained in a first target row or a first target column in a certificate state matrix according to information of the query term and a preset query rule, wherein the information of the query term is a first target row which is stored in the certificate state matrix of a server by a terminal through a first preset algorithm and a certificate number to be queried, and a first target column which is stored in the certificate state matrix by a second preset algorithm and the certificate number to be queried, and sending the information of the query term to the server by taking the first target row or the first target column as the query term according to the preset query rule;
And S402, sending each candidate identifier and the serial number corresponding to the column or the row to the terminal, so that the terminal obtains a target identifier with the serial number of the first target column or the first target row from the received each candidate identifier and the serial number corresponding to the column or the row, and determines whether the certificate corresponding to the certificate number to be queried is revoked according to the target identifier.
In one possible embodiment, the method further comprises:
If the revoked certificate number is received, determining a second target row in which the revoked certificate number is stored in the certificate status matrix by adopting the first preset algorithm and the revoked certificate number, and determining a second target column in which the revoked certificate number is stored in the certificate status matrix by adopting the second preset algorithm and the revoked certificate number;
And modifying the identification recorded in the second target column of the second target row in the certificate status matrix into a revocation identification.
In one possible implementation, the acquiring each candidate identifier contained in the first target row or the first target column in the certificate status matrix includes:
And for each mark recorded in the column or the row in the certificate state matrix, acquiring a numerical value recorded in the row which is the same as the row in which the mark is positioned in the column matrix or a numerical value recorded in the column which is the same as the row in which the mark is positioned in the row matrix, judging whether the mark is a prestored revocation mark, if so, determining the numerical value as a numerical value corresponding to the mark, if not, determining the square of the numerical value as the numerical value corresponding to the mark, determining the product of the numerical values corresponding to each mark in the column or the row, and taking the product as a candidate mark corresponding to the column or the row in the first target row or the first target column.
The method is applied to the server, and the specific process of executing the certificate status query method by the server can be referred to the other embodiments, and the specific contents will not be repeated.
Example 7:
fig. 5 is a schematic structural diagram of a certificate status query device according to an embodiment of the present application, where the device includes:
A determining module 501, configured to determine a first target row in which the certificate number to be queried is stored in a certificate status matrix in the server by using a first preset algorithm and the certificate number to be queried, and determine a first target column in which the certificate number to be queried is stored in the certificate status matrix by using a second preset algorithm and the certificate number to be queried;
A first sending module 502, configured to send, according to a preset query rule, information of a query item to the server, where the first target row or the first target column is used as the query item;
A first processing module 503, configured to obtain, from the received sequence numbers of each candidate identifier and the corresponding column or row, a target identifier with a sequence number of the first target column or the first target row, and determine, according to the target identifier, whether the certificate corresponding to the certificate number to be queried is revoked.
In a possible implementation manner, the determining module 501 is specifically configured to determine the first target row according to a ratio of the number of certificates to be queried to a number of columns of the pre-stored certificate status matrix.
In a possible implementation manner, the determining module 501 is specifically configured to determine, as the first target column, a remainder obtained by dividing the number of the certificate to be queried and a column number of the pre-stored certificate status matrix.
In a possible implementation manner, the first processing module 503 is further configured to generate a first preset number of prime numbers, generate a non-prime number according to the generated prime numbers, determine a first target value and a second preset number of second target values, where the first target value is a QNR smaller than the non-prime number and is the non-prime number, each second target value is a QR of the non-prime number, and a sum of the number of the first target values and the second preset number is a number of rows or columns of the certificate status matrix stored in advance, and generate a column matrix or a row matrix corresponding to the first target value and the second preset number of second target values, where a row or a column where the first target value is located in the column matrix or the row matrix is the first target row or the first target column, and determine that the column matrix or the row matrix is information of the query item.
In a possible implementation manner, the first processing module 503 is further configured to determine whether the target identifier is the QNR that is not prime, if so, determine that the certificate corresponding to the certificate number to be queried is revoked, and if not, determine that the certificate corresponding to the certificate number to be queried is not revoked.
Fig. 6 is a schematic structural diagram of a certificate status query device according to an embodiment of the present application, where the device includes:
The second processing module 601 is configured to obtain each candidate identifier included in the first target row or the first target column in the certificate status matrix according to the information of the query term and a preset query rule;
And the second sending module 602 is configured to send each candidate identifier and a sequence number corresponding to the column or row where the candidate identifier is located to the terminal.
In a possible implementation manner, the second processing module 601 is further configured to determine, if a revoked certificate number is received, a second target row in which the revoked certificate number is stored in the certificate status matrix by using the first preset algorithm and the revoked certificate number, determine, by using the second preset algorithm and the revoked certificate number, a second target column in which the revoked certificate number is stored in the certificate status matrix, and modify, to a revoked identifier, an identifier recorded in the second target column in the second target row in the certificate status matrix.
In a possible implementation manner, the second processing module 601 is specifically configured to obtain, for each column or each row in the certificate status matrix, each identifier recorded in the column or the row in the certificate status matrix, obtain, for each identifier, a value recorded in a row in the column matrix that is the same as a row in which the identifier is located, or a value recorded in a column in the row matrix that is the same as a column in which the identifier is located, and determine whether the identifier is a prestored revocation identifier, if yes, determine that the value is a value corresponding to the identifier, if no, determine that a square of the value is a value corresponding to the identifier, determine a product of values corresponding to each identifier in the column or the row, and use the product as a candidate identifier corresponding to the column or the row in the first target row or the first target column.
Example 8:
Fig. 7 is a schematic structural diagram of an electronic device according to the present application, and on the basis of the foregoing embodiments, the embodiment of the present application further provides an electronic device, as shown in fig. 7, including a processor 701, a communication interface 702, a memory 703, and a communication bus 704, where the processor 701, the communication interface 702, and the memory 703 complete communication with each other through the communication bus 704;
The memory 703 has stored therein a computer program which, when executed by the processor 701, causes the processor 701 to perform the steps of:
Determining a first target row in which the certificate number to be queried is stored in a certificate state matrix in the server by adopting a first preset algorithm and the certificate number to be queried, and determining a first target column in which the certificate number to be queried is stored in the certificate state matrix by adopting a second preset algorithm and the certificate number to be queried;
According to a preset query rule, the first target row or the first target column is used as a query item, and information of the query item is sent to the server; according to the information of the query term and a preset query rule, the server acquires each candidate identifier contained in the first target row or the first target column in the certificate state matrix, and sends each candidate identifier and a serial number of the corresponding column or row to the terminal;
And acquiring a target identifier with the sequence number of the first target column or the first target row from the received candidate identifiers and the sequence numbers of the corresponding columns or rows, and determining whether the certificate corresponding to the certificate number to be queried is revoked according to the target identifier.
Further, the processor 701 is specifically configured to determine the first target row according to a ratio of the number of certificates to be queried to a number of columns of the pre-stored certificate status matrix.
Further, the processor 701 is specifically configured to determine, as the first target column, a remainder obtained by dividing the number of the certificate to be queried and a column number of the pre-stored certificate status matrix.
Further, the processor 701 is further configured to generate a first preset number of prime numbers, generate a non-prime number according to the generated prime numbers, determine a first target value and a second preset number of second target values, where the first target value is QNR smaller than the non-prime number and is the non-prime number, each second target value is QR of the non-prime number, and a sum of the number of the first target values and the second preset number is a number of rows or columns of the pre-stored certificate status matrix, and generate a column matrix or a row matrix corresponding to the first target value and the second preset number of second target values, where a row or a column where the first target value is located in the column matrix or the row matrix is the first target row or the first target column, and determine that the column matrix or the row matrix is information of the query item.
Further, the processor 701 is specifically configured to determine whether the target identifier is a QNR of the non-prime number, if yes, determine that the certificate corresponding to the certificate number to be queried is revoked, and if not, determine that the certificate corresponding to the certificate number to be queried is not revoked.
On the basis of the above embodiments, the embodiment of the invention also provides an electronic device, which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are in communication with each other through the communication bus.
The memory has stored therein a computer program which, when executed by the processor 701, causes the processor to perform the steps of:
The method comprises the steps of obtaining each candidate mark contained in a first target row or a first target column in a certificate state matrix according to information of a query term and a preset query rule, wherein the information of the query term is a first target row which is stored in the certificate state matrix of a server by a terminal through a first preset algorithm and a certificate number to be queried, determining a first target column which is stored in the certificate state matrix by a second preset algorithm and the certificate number to be queried, and sending the information of the query term to the server by taking the first target row or the first target column as the query term according to the preset query rule;
And the terminal obtains the target identifier with the sequence number of the first target column or the first target row from the received sequence numbers of each candidate identifier and the corresponding column or row, and determines whether the certificate corresponding to the certificate number to be queried is revoked according to the target identifier.
Further, the processor 701 is further configured to determine, if a revoked certificate number is received, a second target row in which the revoked certificate number is stored in the certificate status matrix using the first preset algorithm and the revoked certificate number, and determine, using the second preset algorithm and the revoked certificate number, a second target column in which the revoked certificate number is stored in the certificate status matrix;
And modifying the identification recorded in the second target column of the second target row in the certificate status matrix into a revocation identification.
Further, the processor 701 is specifically configured to obtain, for each column or each row in the certificate status matrix, each identifier recorded in the column or the row in the certificate status matrix, obtain, for each identifier, a value recorded in a row in the column matrix that is the same as a row in which the identifier is located, or a value recorded in a column in the row matrix that is the same as a column in which the identifier is located, and determine whether the identifier is a prestored revocation identifier, if yes, determine that the value is a value corresponding to the identifier, if no, determine that a square of the value is a value corresponding to the identifier, determine a product of the values corresponding to each identifier in the column or the row, and use the product as a first target row or a candidate identifier corresponding to the column or the row in the first target column.
The communication bus mentioned by the server may be a peripheral component interconnect standard (PERIPHERAL COMPONENT INTERCONNECT, PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the electronic device and other devices.
The Memory may include random access Memory (Random Access Memory, RAM) or may include Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor including a central Processing unit (cpu), a network processor (Network Processor, NP), etc., or may be a digital instruction processor (DIGITAL SIGNAL Processing, DSP), an application specific integrated circuit (asic), a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component, etc.
Example 9:
On the basis of the above embodiments, the embodiments of the present invention further provide a computer readable storage medium having stored therein a computer program executable by an electronic device, which when run on the electronic device, causes the electronic device to perform the steps of:
the memory has stored therein a computer program which, when executed by the processor, causes the processor to perform the steps of:
Determining a first target row in which the certificate number to be queried is stored in a certificate state matrix in the server by adopting a first preset algorithm and the certificate number to be queried, and determining a first target column in which the certificate number to be queried is stored in the certificate state matrix by adopting a second preset algorithm and the certificate number to be queried;
According to a preset query rule, the first target row or the first target column is used as a query item, and information of the query item is sent to the server; according to the information of the query term and a preset query rule, the server acquires each candidate identifier contained in the first target row or the first target column in the certificate state matrix, and sends each candidate identifier and a serial number of the corresponding column or row to the terminal;
And acquiring a target identifier with the sequence number of the first target column or the first target row from the received candidate identifiers and the sequence numbers of the corresponding columns or rows, and determining whether the certificate corresponding to the certificate number to be queried is revoked according to the target identifier.
In one possible implementation manner, the determining, by using a first preset algorithm and a certificate number to be queried, a first target row in which the certificate number to be queried is stored in a certificate status matrix in the server includes:
And determining the first target row according to the ratio of the number of the certificate to be queried to the number of columns of the pre-stored certificate state matrix.
In one possible implementation manner, the determining, using a second preset algorithm and the certificate number to be queried, the first target column in which the certificate number to be queried is stored in the certificate status matrix includes:
And performing a division operation on the certificate number to be queried and the column number of the pre-stored certificate state matrix to obtain a remainder, and determining the remainder as the first target column.
In one possible embodiment, the method further comprises:
Generating a first preset number of prime numbers, generating a non-prime number according to the generated prime numbers, determining a first target value and a second preset number of second target values, wherein the first target value is a QNR (quick response) smaller than the non-prime number and not prime, each second target value is a QR (quick response) of the non-prime number, the sum of the number of the first target values and the second preset number is the number of rows or columns of the pre-stored certificate state matrix, generating a column matrix or a row matrix corresponding to the first target value and the second preset number of the second target values, wherein the row or column where the first target value is located in the column matrix or the row matrix is the first target row or the first target column, and determining the column matrix or the row matrix is information of the query item.
In a possible implementation manner, the determining whether the certificate corresponding to the certificate number to be queried is revoked according to the target identifier includes:
And judging whether the target identifier is the QNR of the non-prime number, if so, determining that the certificate corresponding to the certificate number to be queried is revoked, and if not, determining that the certificate corresponding to the certificate number to be queried is not revoked.
The application of the method to the terminal, and the specific process of executing the certificate status query method by the terminal may refer to the other embodiments, and specific contents will not be described again.
On the basis of the above embodiments, the embodiments of the present invention further provide a computer readable storage medium having stored therein a computer program executable by a processor, which when run on the processor, causes the processor to perform the steps of:
The method comprises the steps of obtaining each candidate mark contained in a first target row or a first target column in a certificate state matrix according to information of a query term and a preset query rule, wherein the information of the query term is a first target row which is stored in the certificate state matrix of a server by a terminal through a first preset algorithm and a certificate number to be queried, determining a first target column which is stored in the certificate state matrix by a second preset algorithm and the certificate number to be queried, and sending the information of the query term to the server by taking the first target row or the first target column as the query term according to the preset query rule;
And the terminal obtains the target identifier with the sequence number of the first target column or the first target row from the received sequence numbers of each candidate identifier and the corresponding column or row, and determines whether the certificate corresponding to the certificate number to be queried is revoked according to the target identifier.
In one possible embodiment, the method further comprises:
If the revoked certificate number is received, determining a second target row in which the revoked certificate number is stored in the certificate status matrix by adopting the first preset algorithm and the revoked certificate number, and determining a second target column in which the revoked certificate number is stored in the certificate status matrix by adopting the second preset algorithm and the revoked certificate number;
And modifying the identification recorded in the second target column of the second target row in the certificate status matrix into a revocation identification.
In one possible implementation, the acquiring each candidate identifier contained in the first target row or the first target column in the certificate status matrix includes:
And for each mark recorded in the column or the row in the certificate state matrix, acquiring a numerical value recorded in the row which is the same as the row in which the mark is positioned in the column matrix or a numerical value recorded in the column which is the same as the row in which the mark is positioned in the row matrix, judging whether the mark is a prestored revocation mark, if so, determining the numerical value as a numerical value corresponding to the mark, if not, determining the square of the numerical value as the numerical value corresponding to the mark, determining the product of the numerical values corresponding to each mark in the column or the row, and taking the product as a candidate mark corresponding to the column or the row in the first target row or the first target column.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.