CN110225013B - Service certificate monitoring and updating system - Google Patents
Service certificate monitoring and updating system Download PDFInfo
- Publication number
- CN110225013B CN110225013B CN201910461486.1A CN201910461486A CN110225013B CN 110225013 B CN110225013 B CN 110225013B CN 201910461486 A CN201910461486 A CN 201910461486A CN 110225013 B CN110225013 B CN 110225013B
- Authority
- CN
- China
- Prior art keywords
- certificate
- service
- domain name
- information
- background server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 38
- 238000012423 maintenance Methods 0.000 claims abstract description 87
- 230000002159 abnormal effect Effects 0.000 claims description 21
- 238000000034 method Methods 0.000 description 13
- 230000008569 process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 8
- 230000003203 everyday effect Effects 0.000 description 8
- 238000003860 storage Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present application relates to a system for monitoring and updating service certificates, the system comprising: the operation and maintenance client and the background server; the operation and maintenance client is used for acquiring the domain name information of the monitored server and uploading the domain name information to the background server; the background server is used for receiving the domain name information of the operation and maintenance client; monitoring a service certificate of a service instance according to the domain name information; when the service certificate is judged to need to be updated, generating certificate updating data and sending the certificate updating data to the operation and maintenance client; the operation and maintenance client is also used for receiving certificate updating data of the background server; and updating the service certificate of the service instance according to the certificate updating data. The system can improve the certificate management efficiency of the existing Internet service.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a system for monitoring and updating a service certificate.
Background
With the great development of mobile internet and the popularization of mobile phones, people have higher and higher call for information security and privacy protection. Accordingly, more and more internet services are migrating to HTTPS/SSL, which requires all network communications to be established on top of a secure network connection at the protocol level and employs public SSL certificates to prove authenticity of both parties, which is currently common practice worldwide.
With the increasing development of enterprises and the increasing production traffic, the number of domain names owned by enterprises is increased. For example, an internet enterprise may have thousands of domain names and may need to manage SSL certificates used by the thousands of domain names. However, in the prior art, a manager is usually responsible for timely updating the certificate and matching the certificate with the actual domain name, so that a large amount of human resources need to be input, the management efficiency is low, misoperation is easy to occur, the certificate of the internet service is finally failed, the normal use of a user is influenced slightly, the service revenue is directly influenced seriously, and important economic loss is caused.
Therefore, the existing certificate management of the internet service has the problem of low efficiency.
Disclosure of Invention
In view of the above, it is desirable to provide a service certificate monitoring and updating system that can improve the certificate management efficiency of existing internet services.
A system for monitoring and updating service credentials, the system comprising: the operation and maintenance client and the background server;
the operation and maintenance client is used for acquiring the domain name information of the monitored server and uploading the domain name information to the background server;
the background server is used for receiving the domain name information of the operation and maintenance client; monitoring a service certificate of the service instance according to the domain name information; when the service certificate is judged to need to be updated, generating certificate updating data and sending the certificate updating data to the operation and maintenance client;
the operation and maintenance client is also used for receiving certificate updating data of the background server; and updating the service certificate of the service instance according to the certificate updating data.
In one embodiment, the certificate update data comprises a certificate download link;
the operation and maintenance client is further used for downloading a file by using the certificate downloading link after receiving the certificate updating data of the background server to obtain a certificate updating file; and updating the service certificate according to the certificate update file.
In one embodiment, the certificate update data comprises a reference check code;
the operation and maintenance client is further used for downloading a file by using the certificate downloading link to obtain the certificate updating file, and then calculating a validity check code of the certificate updating file; judging whether the reference check code is consistent with the validity check code; and if so, updating the service certificate by adopting the certificate updating file.
In one embodiment, the background server is further configured to extract domain name IP information in the domain name information after receiving the domain name information of the operation and maintenance client; acquiring service port information, and reading each service certificate corresponding to each service instance according to the domain name IP information and the service port information; and recording the corresponding relation among the service certificates, the domain name IP information and the service port information.
In one embodiment, the background server is further configured to, when receiving a new service certificate, query a type matching certificate in each service certificate; the type matching certificate is a service certificate matched with the certificate information of the newly added service certificate; acquiring target domain name IP information and target service port information corresponding to the type matching certificate; and determining the applicable service instance of the newly added service certificate according to the target domain name IP information and the target service port information.
In one embodiment, the background server is further configured to obtain a certificate expiration date corresponding to each service certificate; the validity of the certificate expiration date is monitored to obtain a certificate monitoring result; generating a certificate expiration alarm according to the certificate monitoring result; the certificate expiration alarm is used for reminding a certificate manager that a service certificate is about to expire.
In one embodiment, the background server is further configured to obtain a current system date, and determine, according to the certificate expiration date and the current system date, a certificate available time corresponding to each service certificate; generating the certificate expiration alert when the certificate availability time is less than a preset availability time threshold.
In one embodiment, the background server is further configured to query a service certificate with the same domain name in the service certificates; the service certificates with the same domain name are service certificates corresponding to different service instances of the same domain name; judging whether the same domain name service certificate has an abnormal service certificate or not; the certificate detailed information of the abnormal service certificate is inconsistent with the certificate detailed information of the service certificate with the same domain name; if so, generating a certificate abnormal alarm; the certificate abnormity alarm is used for reminding a certificate manager that the same domain name has inconsistent service certificates.
In one embodiment, the background server is further configured to query peer service certificates in the service certificates; the peer service certificate is a service certificate corresponding to a plurality of domain names at the same level; judging whether a difference service certificate exists in the peer service certificate or not; certificate detailed information of the differentiated service certificate is different from certificate detailed information of the peer service certificate; if yes, recording the difference certificate information and generating a certificate difference alarm; the certificate difference alarm is used for reminding a certificate manager that the service certificates corresponding to the plurality of domain names of the same level are different.
In one embodiment, the operation and maintenance client is further configured to restart the service instance after the service certificate is updated according to the certificate update data; detecting whether the service certificate is successfully updated; and if so, sending an updating success message to the background server.
According to the monitoring and updating system of the service certificate, the domain name information of the monitored server is uploaded to the background server at regular time through the operation and maintenance client, so that the background server can monitor the service certificate of the service instance in real time according to the domain name information, and automatic scanning, storage and management of the certificate information are realized; when the service certificate is judged to need to be updated, generating and sending certificate updating data to the operation and maintenance client side, and updating the service certificate of the service instance in time by the operation and maintenance client side according to the certificate updating data; the investment of manual monitoring resources is reduced, and the certificate management efficiency of the existing internet service is improved.
Drawings
FIG. 1 is a block diagram of a system for monitoring and updating service credentials, according to one embodiment;
FIG. 2 is a flow diagram of certificate auto-discovery for a service certificate monitoring and update system in one embodiment;
FIG. 3 is a flow diagram of certificate updating for a service certificate monitoring and updating system in one embodiment;
FIG. 4 is a flow diagram of a certificate monitoring alarm of a service certificate monitoring and update system, according to one embodiment;
fig. 5 is a block diagram of a system for monitoring and updating a service certificate according to another embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The system for monitoring and updating the service certificate provided by the application can be applied to the structural block diagram shown in fig. 1. The operation and maintenance client 110 is deployed in each server in each machine room providing internet service. The background server 120 may be implemented as a stand-alone server or a server cluster composed of a plurality of servers.
In one embodiment, there is provided a service certificate monitoring and updating system, comprising: the operation and maintenance client and the background server;
the operation and maintenance client 110 is configured to obtain domain name information of the monitored server, and upload the domain name information to the background server 120.
The monitored server may refer to each server in the computer room.
In a specific implementation, the user deploys the operation and maintenance client 110 in each server in each machine room providing internet service. Before the user starts the operation and maintenance client 110, the user specifies in the configuration file of the operation and maintenance client 110 whether the server is a domain name server and a configuration server of its corresponding IP. Meanwhile, the user specifies the path of the configuration file and the format type of the configuration file. The format type of the configuration file is mainly determined by the domain name DNS service and the format is fixed, and the operation and maintenance client 110 can support reading and writing of the domain name configuration information after being adapted.
After the configuration file of the operation and maintenance client 110 is configured by the user, the operation and maintenance client 110 periodically reads all domain name data of each domain name server according to a reading time interval preset by the user, for example, 5 pm in the tomorrow, where all the domain name data may include domain name data and IP address data corresponding to each domain name data, and performs batch compression on all the domain name data to obtain domain name information. Finally, the domain name information is reported to the background server 120.
In addition, the operation and maintenance client 110 is also used to obtain certificate basic information of the monitored server.
The certificate basic information may refer to basic information of a service instance currently using a certificate, for example, service operation conditions (whether a default service is normal through local monitoring), a service name, a certificate file name, a file path, a certificate serial number, and the like.
The service instance may refer to an instantiated service providing various internet services, such as a nginnx (a high-performance HTTP and reverse proxy web server) server, an Apache HTTP (an open source web server) server, or a TCP/IP service.
In a specific implementation, before the user starts the operation and maintenance client 110, the user specifies, in the configuration file of the operation and maintenance client 110, a domain name of a server and a service that use the certificate, a path of the certificate configuration file, and a format category of the configuration file. After the operation and maintenance client 110 is adapted, the operation and maintenance client 110 may acquire basic certificate information of the monitored server at a plurality of acquisition moments pre-configured by a user every day, for example, service operation conditions (whether default service is normal through local monitoring), a service name, a certificate file name, a file path, a certificate serial number, and the like. Finally, the certificate base information is uploaded to the backend server 120.
The background server 120 is configured to receive domain name information of the operation and maintenance client 110; monitoring a service certificate of a service instance according to the domain name information; when the service certificate is judged to need to be updated, certificate update data is generated and sent to the operation and maintenance client 110.
The service certificate may refer to a digital certificate for an internet application system, for example, an SSL (Secure Sockets Layer) certificate.
In a specific implementation, the background server 120 receives domain name information sent by the operation and maintenance client 110 through a special data interface, reads certificate information of service instances running on each server in the machine room according to the domain name information, and monitors and manages the certificate information. When the service certificate is judged to need updating, for example, the certificate expires or the certificate needs to be configured for an unconfigured service instance; meanwhile, the user may also select a group of service instances, for example, a group of Nginx servers, to configure the designated certificate through the operation interface of the backend server 120; or the user sets in advance that the selected certificate needs to be enabled for the specific domain name, the background server 120 determines that the service certificate corresponding to the service instance needs to be updated according to an update triggering condition specified by the user, for example, specified update time, generates certificate update data, and sends the certificate update data to the operation and maintenance client 110. Specifically, after the operation and maintenance client 110 reports the domain name information, the background server 120 may use the certificate update data as reporting operation return information, and send the reporting operation return information to the operation and maintenance client 110. And if the service certificate corresponding to the service instance does not need to be updated, reporting that the operation return information is null.
The operation and maintenance client 110 is further configured to receive certificate update data of the background server 120; the service credentials of the service instance are updated according to the credential update data.
In a specific implementation, after the operation and maintenance client 110 reports the domain name information to the background server 120, it receives a report operation return message that the background server 120 returns a report operation for a current report operation. When the background server 120 specifies that the service certificate on the machine where the client is located is to be updated, the reporting operation return information is not null, that is, the reporting operation return information is certificate update data. Then, the operation and maintenance client 110 will detect whether the local service certificate needs to be updated, and if so, the operation and maintenance client 110 will parse the certificate update data and store the certificate update data locally. Then, the operation and maintenance client 110 checks whether there is a certificate to be updated locally at a preset checking time, for example, 6 am every day, and updates the service certificate of the service instance according to the certificate update data. In addition, the user may also select to configure the specific update time, in this case, the certificate update data generated by the backend server 120 includes an update date, and when the operation and maintenance client 110 detects that the current system time meets the update date data, the service certificate of the service instance is updated according to the certificate update data.
In the monitoring and updating system of the service certificate, the domain name information of the monitored server is uploaded to the background server at regular time by the operation and maintenance client, so that the background server can monitor the service certificate of the service instance in real time according to the domain name information, and automatic scanning, storage and management of the certificate information are realized; when the service certificate is judged to need to be updated, generating and sending certificate updating data to the operation and maintenance client side, and updating the service certificate of the service instance in time by the operation and maintenance client side according to the certificate updating data; the investment of manual monitoring resources is reduced, and the certificate management efficiency of the existing internet service is improved.
In another embodiment, the certificate update data includes a certificate download link; the operation and maintenance client 110 is further configured to download a file by using the certificate download link after receiving the certificate update data of the background server 120, so as to obtain a certificate update file; and updating the service certificate according to the certificate updating file.
Wherein, the certificate downloading link may refer to a network link for downloading the certificate update file.
In a specific implementation, in the process of generating the certificate update data by the background server 120, the background server 120 generates a certificate download link according to a storage path of the certificate update file in the background server 120, and finally generates the certificate update data, where the certificate update data includes the certificate download link.
When the operation and maintenance client 110 updates the service certificate of the service instance according to the certificate update data, specifically, the operation and maintenance client 110 downloads a file according to the certificate download link, downloads a certificate update file stored in the background server 120, and stores the certificate update file locally in the operation and maintenance client 110.
When the operation and maintenance client 110 updates the service certificate using the certificate update file, the configuration file of the service instance using the service certificate, for example, Nginx. conf, of the Nginx is backed up, the certificate update file is decompressed to obtain a new version certificate, and then the configuration file is modified so that the service instance uses and stores the new version certificate, thereby updating the service certificate. Meanwhile, in the whole service certificate updating process, the operation and maintenance client 110 writes the execution conditions of the main steps into a log file of the operation and maintenance client 110 for subsequent investigation.
According to the technical scheme, after receiving the update data of the background service certificate, the operation and maintenance client downloads the certificate update file stored in the background server by using the certificate download link only when judging that the local service certificate is needed to be updated, so that network transmission resources are saved, the file transmission efficiency of the background server for deploying the service certificate is improved, and further the certificate management efficiency of the existing internet service is improved.
In another embodiment, the certificate update data includes a reference check code; the operation and maintenance client is also used for downloading the file by using the certificate downloading link to obtain a certificate updating file and then calculating the validity check code of the certificate updating file; judging whether the reference check code is consistent with the validity check code; and if so, updating the file by adopting the certificate and updating the service certificate.
In a specific implementation, in the process of generating the certificate update data by the background server 120, the background server 120 generates a reference check code for the certificate update file. In practical application, the background server 120 calculates an MD5 code, i.e., a reference check code, corresponding to the certificate update file by using a hash encryption algorithm; meanwhile, the background server 120 generates a certificate download link for the storage path of the certificate update file in the background server 120; certificate update data is then generated, the certificate update data including the reference check code and the certificate download link.
When the operation and maintenance client 110 updates the service certificate of the service instance according to the certificate update data, specifically, the operation and maintenance client 110 downloads a file according to the certificate download link, downloads a certificate update file stored in the background server 120, and stores the certificate update file locally in the operation and maintenance client 110.
Then, the operation and maintenance client 110 calculates an MD5 code, i.e., a validity check code, corresponding to the certificate update file that is successfully downloaded to the local by using a hash encryption algorithm; then, judging whether the reference check code is consistent with the validity check code; if so, the operation and maintenance client 110 updates the service certificate using the certificate update file.
According to the technical scheme, when the operation and maintenance client side obtains the certificate update file by using the certificate download link, validity verification is conducted on the downloaded certificate update file, and the service certificate is updated by using the certificate update file only when the validity verification is passed, so that the situation that the certificate update file is abnormal due to data loss or tampering in the process of transmitting the certificate update file to the operation and maintenance client side by a background server is avoided, the reliability of transmission of the certificate update file is improved, the service certificate is accurately updated, and the certificate management efficiency of the existing internet service is improved.
In another embodiment, the background server 120 is further configured to extract domain name IP information in the domain name information after receiving the domain name information of the operation and maintenance client; acquiring service port information, and reading each service certificate corresponding to each service instance according to the domain name IP information and the service port information; and recording the corresponding relation among each service certificate, the domain name IP information and the service port information.
The service port information may refer to port number information corresponding to each service instance.
In a specific implementation, a user may enter service port information of an item actually providing a service to the outside and item information required for management in advance, for example, an item type and an operation and maintenance person in charge, where a default port number of the HTTPS is 443. After receiving the domain name information of the operation and maintenance client 110, the background server 120 obtains domain name IP information of the domain name information. The domain name IP information includes domain name data information and IP address information corresponding to each service. Meanwhile, the background server 120 obtains the service port information entered by the user. Then, the background server 120 uses the SSLSocket, Certificate, SSLContext, sslsessession, and SSLSocketFactory classes of JDK to completely read the Certificate information of all service instances below each domain name using the domain name data information, the IP address information corresponding to each service, and the service port information. Specifically, the background server 120 directly connects corresponding IP address information and service port information to obtain each service instance through a network, and reads each service certificate corresponding to each service instance; the backend server 120 reads detailed certificate information such as a certificate version, a serial number, a signature algorithm, a validity period, a user, an issuing organization, a certificate policy, a CRL distribution point, a basic constraint and a fingerprint algorithm, an organization unit and a department granted for use, a fingerprint and the like corresponding to each service certificate. Finally, the corresponding relationship among each service certificate, the domain name IP information, and the service port information is recorded for the subsequent query by the background server 120.
The IP address information may be a public network IP address or a local area network IP address, when a local area network IP address that cannot be accessed by the background server is addressed, a new slave background server may be deployed in a machine room associated with the local area network IP address, a service instance of the slave background server is designated to monitor and acquire a service certificate of the machine room associated with the local area network IP address and a URL of the master background server, and the slave background server reports information of the service certificate corresponding to each acquired service instance to the master background server, as shown in fig. 5.
According to the technical scheme of the embodiment, after receiving domain name information of an operation and maintenance client, a background server extracts domain name IP information in the domain name information; according to the domain name IP information and the service port information, the service certificates corresponding to the service instances in the current system can be accurately and comprehensively read, and the corresponding relations among the service certificates, the domain name IP information and the service port information are recorded, so that the service certificates are conveniently subjected to standardized management, and the certificate management efficiency of the existing Internet service is improved.
In another embodiment, the background server 120 is further configured to, when receiving a new service certificate, query a type matching certificate in each service certificate; the type matching certificate is a service certificate matched with the certificate information of the newly added service certificate; acquiring target domain name IP information and target service port information corresponding to the type matching certificate; and determining the applicable service instance of the newly added service certificate according to the target domain name IP information and the target service port information.
In a specific implementation, after purchasing a new version of a certificate file, an enterprise providing internet services may upload the new version of the certificate file as a new service certificate to the background server 120, and when the background server 120 receives the new service certificate, the background server 120 may automatically generate an MD5 code of each new service certificate and store the MD5 code together with information such as a file name, a storage path, and a purchaser of the certificate. Then, the backend server 120 automatically analyzes, reads and stores the uploaded Certificate detail information of the newly added service Certificate by using the tool class Certificate factory, X509Certificate, KeyStore, keymanager factory, trustmanagementfactory, SSLContext, PublicKey, and PrivateKey of JDK.
Then, inquiring a type matching certificate in each service certificate by using information such as a certificate serial number, a certificate authority, a certificate version number, a certificate applicable domain name and the like in the detailed certificate information; the information of the certificate serial number, the certificate issuing authority, the certificate version number, the certificate applicable domain name and the like of the type matching certificate is consistent with the information of the certificate serial number, the certificate issuing authority, the certificate version number, the certificate applicable domain name and the like of the newly added service certificate, namely the type matching certificate is the service certificate matched with the certificate information of the newly added service certificate; then, acquiring target domain name IP information and target service port information corresponding to the type matching certificate; and determining an applicable service instance of the newly added service certificate according to the target domain name IP information and the target service port information, thereby determining a specific machine room and a specific service instance to which the newly added service certificate is applicable. If an abnormality occurs during the process of reading the detailed certificate information, it is determined that the certificate is illegal and stored.
According to the technical scheme of the embodiment, when the user uploads the new service certificate, the background server can accurately and automatically determine the applicable domain name and the applicable service instance of the new service certificate according to the certificate information of the new service certificate, so that the management workload of certificate management personnel is reduced, the standardization degree of service certificate management is improved, and the certificate management efficiency of the existing internet service is improved.
In another embodiment, the backend server 120 is further configured to obtain a certificate expiration date corresponding to each service certificate; the validity of the certificate expiration date is monitored to obtain a certificate monitoring result; generating a certificate expiration alarm according to the certificate monitoring result; the certificate expiration alarm is used for reminding a certificate manager that a service certificate is about to expire.
In a specific implementation, the backend server 120 periodically queries each service certificate monitored by the backend server 120 every day, for example, the backend server 120 may perform query operations on each monitored service certificate at 6 points every day and 20 points every day. Specifically, the background server 120 obtains a certificate expiration date corresponding to each service certificate; the validity of the certificate expiration date is monitored to obtain a certificate monitoring result; generating a certificate expiration alarm according to the certificate monitoring result and storing the certificate expiration alarm locally in the background server 120; the certificate expiration alarm is used for reminding a certificate manager that a service certificate is about to expire. In practical application, the certificate expiration alarm can be rendered by a Freemarker template (a template engine) and then notified to an operation and maintenance responsible person of the project and the certificate through mails, enterprise communication software and the like.
According to the technical scheme of the embodiment, the background server monitors the validity according to the certificate expiration date and generates the certificate difference alarm in time according to the monitoring result, so that the condition that the service certificate is about to expire is found in time, and related management personnel are effectively informed to process and update the service certificate in time, therefore, the certificate management efficiency of the existing internet service is improved, and the conditions of service faults or user complaints caused by the certificate are reduced.
In another embodiment, the background server 120 is further configured to obtain a current system date, and determine a certificate available time corresponding to each service certificate according to the certificate expiration date and the current system date; when the certificate availability time is less than a preset availability time threshold, a certificate expiration alert is generated.
In a specific implementation, when the background server 120 monitors the validity of the certificate expiration date, the background server 120 obtains the current system date, and calculates the available time of the certificate corresponding to each service certificate according to the certificate expiration date and the current system date. Recording the corresponding relation between the available time of the certificate and each service certificate; when it is detected that the available time of the certificate is smaller than the preset available time threshold, for example, assuming that the available time of the certificate of a certain service certificate is 89 days and the preset available time threshold is 90 days, the available time of the certificate is smaller than the preset available time threshold, which indicates that the service certificate is about to expire and requires the enterprise user to purchase a new version of the service certificate in time. At the moment, a certificate expiration alarm is generated to remind a certificate manager that the service certificate is about to expire and to purchase a new version of the service certificate in time.
In practical application, the certificate due alarm can be rendered by a Freemarker template in an HTML (hypertext markup language) mode and then notified to an operation and maintenance responsible person of the project and the certificate through mails, enterprise communication software and the like. Meanwhile, the background server 120 also prompts a suggestion for solving the certificate problem in the alarm to the user along with the certificate expiration alarm, for example, recommending a certificate purchaser contact way, so that the certificate purchaser can be notified to purchase a new certificate, and the alarm is provided with a hyperlink to guide the user to quickly solve the problem by adopting a corresponding function in the system.
According to the technical scheme of the embodiment, the background server calculates the available time of the certificate corresponding to each service certificate according to the expiration date of the certificate and the current system date, and generates the certificate expiration alarm in time when the available time of the certificate is smaller than the preset available time threshold, so that the condition that the service certificate is about to expire is accurately found, and related management personnel are effectively informed to process and update the service certificate in time, and therefore the certificate management efficiency of the existing internet service is improved, and the conditions of service faults or user complaints caused by the certificate are reduced.
In another embodiment, the backend server 120 is further configured to query the service certificates with the same domain name in the service certificates; the service certificates with the same domain name are service certificates corresponding to different service instances of the same domain name; judging whether an abnormal service certificate exists in the same domain name service certificate or not; the detailed certificate information of the abnormal service certificate is inconsistent with the detailed certificate information of the service certificate with the same domain name; if so, generating a certificate abnormal alarm; the certificate abnormity alarm is used for reminding a certificate manager that the same domain name has inconsistent service certificates.
In a specific implementation, the background server 120 queries a service certificate with the same domain name in each service certificate; the service certificate with the same domain name is a service certificate corresponding to different service instances of the same domain name; then, the background server 120 queries the detailed certificate information of the service certificate with the same domain name, and judges whether an abnormal service certificate exists in the service certificate with the same domain name according to the detailed certificate information of the service certificate with the same domain name; the certificate detailed information of the abnormal service certificate is inconsistent with the certificate detailed information of the service certificate with the same domain name; if the abnormal service certificate exists in the service certificates with the same domain name, the service certificates corresponding to the service instances under the same domain name are inconsistent. And determining service instance information corresponding to the abnormal service certificate, and generating a certificate abnormal alarm. The certificate abnormity alarm is used for reminding a certificate manager that the same domain name has inconsistent service certificates.
In practical application, the certificate abnormal alarm can be rendered by a Freemarker template in an HTML mode and then notified to an operation and maintenance responsible person of the project and the certificate through mails, enterprise communication software and the like. Meanwhile, the background server 120 also prompts a suggestion for solving the certificate problem in the alarm to the user along with the certificate abnormal alarm, a service instance of the abnormal service certificate occurs, and the certificate difference alarm is provided with a hyperlink, so that the user is guided to adopt the corresponding function in the system to quickly solve the problem.
According to the technical scheme, the background server detects and judges whether an abnormal service certificate exists in the same domain name service certificate or not, and generates a certificate abnormal alarm in time, so that the condition that the service certificates corresponding to the service instances under the same domain name are inconsistent is found in time, and related management personnel are effectively informed to process in time, therefore, the certificate management efficiency of the existing internet service is improved, and the condition of service faults or user complaints caused by the certificates is reduced.
In another embodiment, the background server 120 is further configured to query peer service certificates in the service certificates; the peer service certificate is a service certificate corresponding to a plurality of domain names at the same level; judging whether a difference service certificate exists in peer service certificates or not; the certificate detailed information of the differential service certificate is different from the certificate detailed information of the peer service certificate; if yes, recording the difference certificate information and generating a certificate difference alarm; the certificate difference alarm is used for reminding a certificate manager that a plurality of service certificates corresponding to the same-level domain names are different.
The domain names at the same level may refer to different domain names at the same level, for example, a domain name a "a.tech.company.com" and a domain name B "b.tech.company.com", and since the contents of the last three parts of the domain names are consistent, the domain names are classified as "a.tech.company.com", and thus, the domain name a and the domain name B are both the same-level domain names.
In a specific implementation, the background server 120 queries a peer service certificate from the service certificates; wherein, the service certificate of the same level is a plurality of service certificates corresponding to domain names of the same level; for example, the domain name a "a.tech.company.com" and the domain name B "b.tech.company.com" are both homonymous domain names. The peer service certificates are the service certificates of all service instances under the domain name a "a.tech.company.com" and the service certificates of all service instances under the domain name B "b.tech.company.com". Then, the background server 120 queries the detailed certificate information of the peer service certificate, and determines whether a differential service certificate exists in the peer service certificate; the certificate detailed information of the differential service certificate is different from the certificate detailed information of the peer service certificate; if the peer service certificate has a different service certificate; the service certificates corresponding to a plurality of domain names with the same level are not completely consistent; therefore, recording the differential certificate information and generating a certificate differential alarm; the certificate difference alarm is used for reminding a certificate manager that a plurality of service certificates corresponding to the same-level domain names are different.
In practical application, the certificate difference alarm can be rendered by a Freemarker template in an HTML (hypertext markup language) mode and then notified to an operation and maintenance responsible person of the project and the certificate through mails, enterprise communication software and the like. Meanwhile, the background server 120 also prompts a suggestion for solving the certificate problem in the alarm to the user along with the certificate difference alarm, for example, the situation that the domain name certificate in the same level is not matched, and the certificate difference alarm also carries a hyperlink, so that the user is guided to adopt the corresponding function in the system to quickly solve the problem.
According to the technical scheme, the background server detects whether the service certificates corresponding to different domain names of the same level are different or not, and generates a certificate difference alarm in time, so that the condition that the service certificates corresponding to a plurality of domain names of the same level are not completely consistent is found in time, and related management personnel are effectively informed to process in time, the certificate management efficiency of the existing internet service is improved, and the condition of service faults or user complaints caused by the certificates is reduced.
In another embodiment, the operation and maintenance client 110 is further configured to restart the service instance after updating the service certificate according to the certificate update data; detecting whether the service certificate is successfully updated; if yes, an update success message is sent to the backend server 120.
In a specific implementation, when updating a service certificate according to certificate update data, the operation and maintenance client 110 first backs up a configuration file of a service instance using the service certificate, for example, a configuration file Nginx. conf of Nginx, acquires a new version certificate and modifies the configuration file so that the service instance uses the new version certificate and stores the new version certificate, and then starts the new certificate by restarting the service instance, so that the operation and maintenance client 110 realizes updating the service certificate. The operation and maintenance client 110 detects whether the service certificate is successfully updated; specifically, the operation and maintenance client 110 compares the certificate information of the service certificate to be updated with the monitored certificate information of the current actual service certificate to determine whether the service certificate is updated successfully, where the compared fields include a serial number, an issuer, a version number, and an applicable domain name. If the service certificate is successfully updated, an update success message is sent to the background server 120, and meanwhile, the operation and maintenance client 110 deletes the certificate update data stored locally. In addition, the operation and maintenance client 110 displays the status of the certificate deployment task as "successfully deployed" on the user operation interface.
According to the technical scheme of the embodiment, after the operation and maintenance client updates the service certificate, the service instance is restarted, and a new version certificate is started; and the service certificate is successfully updated, and an update success message is sent to the background server, so that the background server can update the deployment state of the current service certificate in time, and certificate management personnel can know the deployment state of the current service certificate conveniently, thereby improving the certificate management efficiency of the existing internet service.
To facilitate understanding by those skilled in the art, as shown in fig. 2, a flow diagram of certificate auto-discovery for a service certificate monitoring and update system is provided; specifically, each client reads all domain names and IP thereof from a domain name server, and then the client reports the domain names and the IP thereof to a background server; meanwhile, each client reports the server information and the certificate basic information of the used certificate to the background server from the server information and the certificate basic information of the used certificate. And the background server stores the domain name information uploaded by each client. After the user uploads the newly added service certificate, the background server analyzes and stores the service certificate; meanwhile, the user enters the service port information corresponding to the domain name. The background server can regularly judge whether all service certificates corresponding to the IP are processed or not; if not, the background server acquires the detailed certificate information corresponding to each IP, associates and stores the domain name, the certificate, the IP, the port, the project and the responsible person until all service certificates corresponding to the IPs are processed.
To facilitate understanding by those skilled in the art, as shown in fig. 3, a flow chart of a certificate update of a service certificate monitoring and updating system is provided; specifically, firstly, a user sets a group of servers to start a new version certificate through an operation interface of a background server, and then the background server generates certificate updating data; meanwhile, the background server checks whether a new version certificate is to be issued or not when receiving a certificate reporting request of the client; if so, the background server issues the certificate updating data to the client; the client side detects whether the local certificate needs to be updated at regular time, and if so, the client side analyzes the certificate updating data and writes the certificate updating data into the local. The client regularly detects whether a certificate needs to be updated locally every day; if so, the client downloads the certificate update file according to the certificate update data and verifies whether the certificate update file is valid. If the certificate updating file is valid, the client updates the configuration file and starts the new version certificate, then the client restarts the service instance and deletes local certificate updating data, and the client informs the background service that the certificate is updated successfully.
To facilitate understanding by those skilled in the art, as shown in fig. 4, a flow diagram of a certificate monitoring alarm of a service certificate monitoring and updating system is provided; specifically, the background server inquires the domain name and the service certificate of all the service instances from the database; then, the background server analyzes and compares the information of each service certificate. The background server regularly analyzes whether the certificate is about to expire or not by combining the current date of the system, and if so, generates an alarm and a suggestion and stores the alarm and the suggestion; the background server regularly analyzes whether the service certificates of each service instance of a domain name are consistent every day, and if yes, an alarm and a suggestion are generated and stored; the background server regularly analyzes whether the service certificates corresponding to the domain names at the same level are consistent every day, and if so, an alarm and a suggestion are generated and stored; and finally, the background server checks and sends the alarm to be notified at regular time, renders the alarm and notifies the corresponding certificate manager. In addition, the background server can also detect whether the update alarm is in a state of successful sending.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A system for monitoring and updating service credentials, the system comprising: the operation and maintenance client and the background server;
the operation and maintenance client is used for acquiring the domain name information of the monitored server and uploading the domain name information to the background server;
the background server is used for receiving the domain name information of the operation and maintenance client; monitoring a service certificate of a service instance according to the domain name information; when the service certificate is judged to need to be updated, generating certificate updating data and sending the certificate updating data to the operation and maintenance client;
the operation and maintenance client is also used for receiving certificate updating data of the background server; updating the service certificate of the service instance according to the certificate updating data;
the background server is further used for extracting domain name IP information in the domain name information after receiving the domain name information of the operation and maintenance client; acquiring service port information, and reading each service certificate corresponding to each service instance according to the domain name IP information and the service port information;
the background server is also used for inquiring the service certificate with the same domain name in each service certificate; the service certificates with the same domain name are service certificates corresponding to different service instances of the same domain name; if an abnormal service certificate exists in the service certificate with the same domain name, generating a certificate abnormal alarm; the certificate abnormity alarm is used for reminding a certificate manager that the same domain name has inconsistent service certificates.
2. The system of claim 1, wherein the certificate update data comprises a certificate download link;
the operation and maintenance client is further used for downloading a file by using the certificate downloading link after receiving the certificate updating data of the background server to obtain a certificate updating file; and updating the service certificate according to the certificate update file.
3. The system of claim 2, wherein the credential update data comprises a reference check code;
the operation and maintenance client is further used for downloading a file by using the certificate downloading link to obtain the certificate updating file, and then calculating a validity check code of the certificate updating file; judging whether the reference check code is consistent with the validity check code; and if so, updating the service certificate by adopting the certificate updating file.
4. The system according to claim 1, wherein the backend server is further configured to record a correspondence relationship between each service certificate, the domain name IP information, and the service port information.
5. The system according to claim 1, wherein the backend server is further configured to, when receiving a new service certificate, query a type matching certificate in each service certificate; the type matching certificate is a service certificate matched with the certificate information of the newly added service certificate; acquiring target domain name IP information and target service port information corresponding to the type matching certificate; and determining the applicable service instance of the newly added service certificate according to the target domain name IP information and the target service port information.
6. The system according to claim 1, wherein the backend server is further configured to obtain a certificate expiration date corresponding to each service certificate; the validity of the certificate expiration date is monitored to obtain a certificate monitoring result; generating a certificate expiration alarm according to the certificate monitoring result; the certificate expiration alarm is used for reminding a certificate manager that a service certificate is about to expire.
7. The system of claim 6, wherein the backend server is further configured to obtain a current system date, and determine, according to the certificate expiration date and the current system date, a certificate availability time corresponding to each service certificate; generating the certificate expiration alert when the certificate availability time is less than a preset availability time threshold.
8. The system according to claim 1, wherein the background server is further configured to determine whether an abnormal service certificate exists in the same domain name service certificate; the certificate detail information of the abnormal service certificate is inconsistent with the certificate detail information of the service certificate with the same domain name.
9. The system of claim 6, wherein the background server is further configured to query peer service certificates in the service certificates; the peer service certificate is a service certificate corresponding to a plurality of domain names at the same level; judging whether a difference service certificate exists in the peer service certificate or not; certificate detailed information of the differentiated service certificate is different from certificate detailed information of the peer service certificate; if yes, recording the difference certificate information and generating a certificate difference alarm; the certificate difference alarm is used for reminding a certificate manager that the service certificates corresponding to the plurality of domain names of the same level are different.
10. The system according to any one of claims 1-3, wherein the operation and maintenance client is further configured to restart the service instance after updating the service certificate according to the certificate update data; detecting whether the service certificate is successfully updated; and if so, sending an updating success message to the background server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910461486.1A CN110225013B (en) | 2019-05-30 | 2019-05-30 | Service certificate monitoring and updating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910461486.1A CN110225013B (en) | 2019-05-30 | 2019-05-30 | Service certificate monitoring and updating system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110225013A CN110225013A (en) | 2019-09-10 |
| CN110225013B true CN110225013B (en) | 2021-11-09 |
Family
ID=67818643
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910461486.1A Active CN110225013B (en) | 2019-05-30 | 2019-05-30 | Service certificate monitoring and updating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110225013B (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112583944B (en) * | 2019-09-27 | 2022-11-22 | 北京国双科技有限公司 | Processing method and device for updating domain name certificate |
| CN110766409A (en) * | 2019-10-24 | 2020-02-07 | 深圳前海微众银行股份有限公司 | SSL certificate verification method, device, equipment and computer storage medium |
| CN111224957A (en) * | 2019-12-27 | 2020-06-02 | 中国建设银行股份有限公司 | Certificate management device, method and related equipment |
| CN111277581A (en) * | 2020-01-15 | 2020-06-12 | 江苏满运软件科技有限公司 | Certificate early warning management method and device, electronic equipment and storage medium |
| CN113259108A (en) * | 2020-02-10 | 2021-08-13 | 上海艾拉比智能科技有限公司 | Certificate updating method, Internet of things platform and Internet of things equipment |
| CN111464429B (en) * | 2020-03-31 | 2022-09-23 | 高新兴科技集团股份有限公司 | WeChat applet multi-item compatible sharing method, system, storage medium and equipment |
| CN113872764B (en) * | 2020-06-12 | 2022-09-20 | 广州汽车集团股份有限公司 | Vehicle digital certificate management method and device |
| CN112422551B (en) * | 2020-11-16 | 2022-08-23 | 微医云(杭州)控股有限公司 | SSL certificate updating method and device, electronic equipment and storage medium |
| CN112491859B (en) * | 2020-11-20 | 2023-06-20 | 上海连尚网络科技有限公司 | Domain name certificate detection method, device, electronic device and computer-readable medium |
| CN112995158B (en) * | 2021-02-09 | 2022-11-08 | 中国建设银行股份有限公司 | Communication method, terminal, server and communication system |
| CN113360508A (en) * | 2021-04-28 | 2021-09-07 | 浙江宏恩网络科技有限公司 | Product quality control management method and device, storage medium and electronic equipment |
| CN115942314A (en) * | 2021-08-06 | 2023-04-07 | 华为技术有限公司 | Certificate management method and device |
| CN113810501B (en) * | 2021-09-23 | 2024-11-05 | 福信富通科技股份有限公司 | A method for managing HTTPS certificates |
| CN113992405B (en) * | 2021-10-27 | 2024-04-16 | 中国银行股份有限公司 | Digital certificate temporary reminding method and device |
| CN116015666B (en) * | 2022-12-02 | 2025-05-30 | 北京天融信网络安全技术有限公司 | Method and device for generating proxy certificate, storage medium and electronic equipment |
| CN116112468B (en) * | 2023-03-23 | 2023-07-04 | 深圳高灯计算机科技有限公司 | SSL certificate detection method, SSL certificate detection device, SSL certificate detection computer equipment, SSL certificate storage medium and SSL certificate product |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634324A (en) * | 2013-12-09 | 2014-03-12 | 飞天诚信科技股份有限公司 | Method for monitoring certificates in real time |
| CN105099930A (en) * | 2014-05-21 | 2015-11-25 | 杭州华三通信技术有限公司 | Method and device for controlling traffic of encrypted data flow |
| CN106161450A (en) * | 2016-07-20 | 2016-11-23 | 上海携程商务有限公司 | Distributed HTTPS monitors method |
| CN108270610A (en) * | 2017-02-16 | 2018-07-10 | 广州市动景计算机科技有限公司 | The method and apparatus of digital certificate monitoring |
| CN109257373A (en) * | 2018-10-31 | 2019-01-22 | 腾讯科技(深圳)有限公司 | A kind of Domain Hijacking recognition methods, apparatus and system |
| CN109801152A (en) * | 2019-01-24 | 2019-05-24 | 中国农业银行股份有限公司 | Supplementary pension method for processing business and system based on block chain |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9240888B2 (en) * | 2003-03-05 | 2016-01-19 | Bally Gaming, Inc. | Authentication system for gaming machines |
| US20130198284A1 (en) * | 2013-02-04 | 2013-08-01 | Sriram Karri | OFFLINE vCARD |
-
2019
- 2019-05-30 CN CN201910461486.1A patent/CN110225013B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634324A (en) * | 2013-12-09 | 2014-03-12 | 飞天诚信科技股份有限公司 | Method for monitoring certificates in real time |
| CN105099930A (en) * | 2014-05-21 | 2015-11-25 | 杭州华三通信技术有限公司 | Method and device for controlling traffic of encrypted data flow |
| CN106161450A (en) * | 2016-07-20 | 2016-11-23 | 上海携程商务有限公司 | Distributed HTTPS monitors method |
| CN108270610A (en) * | 2017-02-16 | 2018-07-10 | 广州市动景计算机科技有限公司 | The method and apparatus of digital certificate monitoring |
| CN109257373A (en) * | 2018-10-31 | 2019-01-22 | 腾讯科技(深圳)有限公司 | A kind of Domain Hijacking recognition methods, apparatus and system |
| CN109801152A (en) * | 2019-01-24 | 2019-05-24 | 中国农业银行股份有限公司 | Supplementary pension method for processing business and system based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110225013A (en) | 2019-09-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110225013B (en) | Service certificate monitoring and updating system | |
| CN101194233B (en) | System and method of testing wireless component applications | |
| US10157050B2 (en) | Method for confirming correction program and information processing apparatus | |
| CN110543788A (en) | Data storage method, data storage device, computer-readable storage medium and computer equipment | |
| US12126610B1 (en) | Central cryptographic management for computer systems | |
| US9654480B2 (en) | Systems and methods for profiling client devices | |
| CN110262926B (en) | Metadata repairing method, device and system for server and computer equipment | |
| US20050114658A1 (en) | Remote web site security system | |
| CN107682361B (en) | Website vulnerability scanning method and device, computer equipment and storage medium | |
| CN110597541B (en) | Interface updating processing method, device, equipment and storage medium based on block chain | |
| CN110716538A (en) | Vehicle diagnosis method, device, equipment and readable storage medium | |
| CN113993137B (en) | Monitoring system, method and device for configuration data, electronic equipment and medium | |
| CN107623735B (en) | A precise update and upgrade system and method based on openssl in a credit reporting machine system | |
| CN111694590A (en) | Upgrading method of intelligent water meter | |
| CN111818025A (en) | User terminal detection method and device | |
| CN107888548A (en) | A kind of Information Authentication method and device | |
| CN117499478A (en) | Java server application proxy automatic updating platform and device | |
| CN116700895A (en) | Data acquisition system, method, equipment and medium for k8s cluster application | |
| CN112822279B (en) | Monitoring method and device based on intelligent sensing and trusted storage | |
| CN108322470A (en) | A kind of network request processing method and processing device | |
| CN112836190A (en) | Permission control method, device and intelligent terminal for resource data | |
| CN113779510A (en) | Method and device for managing file signing authority, computer equipment and storage medium | |
| US12381884B1 (en) | Time-based credential validity period reduction | |
| CN116436613B (en) | Automatic renewal system of digital certificate | |
| CN107749878B (en) | Method and device for synchronizing files |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220224 Address after: Room 1423, No. 1256 and 1258, Wanrong Road, Jing'an District, Shanghai 200040 Patentee after: Tianyi Digital Life Technology Co.,Ltd. Address before: 1 / F and 2 / F, East Garden, Huatian International Plaza, 211 Longkou Middle Road, Tianhe District, Guangzhou, Guangdong 510630 Patentee before: Century Dragon Information Network Co.,Ltd. |
|
| TR01 | Transfer of patent right |