CN115378609A - Electronic certificate display method, verification method, terminal and server - Google Patents

Abstract

Embodiments of the present application provide an electronic certificate display method, a verification method, a terminal, and a server, and relate to the technical field of electronic certificates. The method includes: in response to the user's electronic certificate presentation operation, sending an information acquisition request to the server, instructing the server to obtain the user's user information, and returning the user information, digital signature result and encryption result generated by the digital signature time. The digital signature result is obtained by the server according to Institutional digital certificate signature generates user information and digital signature time signature; receives and decrypts the encrypted result, obtains user information, digital signature result and digital signature time; generates and digital signature result, digital signature time according to the preset QR code template The QR code corresponding to the user ID generates and displays the electronic certificate. The embodiment of the present application can generate a dynamic and secure electronic certificate, prevent it from being photographed and copied, protect the certificate information based on cryptographic technology, and prevent it from being tampered with, and does not require special verification equipment.

Description

Electronic certificate display method, verification method, terminal and server

technical field

The present application relates to the technical field of electronic certificates. Specifically, the present application relates to an electronic certificate display method, a verification method, a terminal, a server, an electronic device, and a computer-readable storage medium.

Background technique

With the popularization of the mobile Internet, more and more services are migrated to the mobile terminal, gradually realizing electronic and digitalization. Users only need to complete business operations through networked mobile terminals, which brings great convenience to users. Electronic certificate technology is also developing continuously. Common electronic certificate technologies include: pictures, format files, format files combined with digital signatures and biometric entry. The above methods are all static electronic certificates, which are easy to be maliciously tampered with and difficult to identify authenticity. , The risk of copying and fraudulent use, some electronic certificates can only be verified online with dedicated hardware equipment, and the other part is affected by factors such as angles and lighting when passing biometric verification, and the probability of verification failure is high.

Contents of the invention

Embodiments of the present application provide an electronic certificate display method, a verification method, a terminal, a server, an electronic device, and a computer-readable storage medium, which can solve the above problems. The technical solution is as follows:

According to an aspect of an embodiment of the present application, there is provided a method for presenting an electronic certificate, which is applied to a first terminal, and the method includes:

In response to the operation of presenting the electronic certificate of the first user, an information acquisition request is sent to the server, and the information acquisition request includes the user identification of the first user to instruct the server to perform the following operations:

Obtain the user information of the first user according to the user ID, and return the encryption result generated by encrypting the user information, digital signature result and digital signature time through the personal digital certificate. The digital signature result is that the server signs the user information and digital signature time according to the organization's digital certificate Generated later, the digital signature time is the time when the user information and digital signature time are signed according to the organization's digital certificate;

Receive the encrypted result returned by the server, decrypt the encrypted result according to the personal digital certificate, and obtain user information, digital signature result and digital signature time;

Generate a QR code corresponding to the digital signature result, digital signature time and user identification according to the preset QR code template, generate and display an electronic certificate, and the electronic certificate includes user information and a QR code.

As an optional embodiment, in response to the operation of presenting the electronic certificate of the first user, the method also includes:

In response to the registration operation of the first user, the basic information of the first user is transmitted to the server, so as to instruct the server to perform the following operations:

Obtain and generate the first user’s physical certificate information from the preset database, use the basic information and physical certificate information as user information, determine the first user’s user ID, establish the correspondence between the user ID and user information, and store the user ID Return to the first terminal.

According to the second aspect of the embodiments of the present application, there is provided an electronic certificate verification method applied to a second terminal, including:

Scanning and analyzing the QR code in the electronic certificate to be verified by the first terminal to obtain the digital signature result to be verified, digital signature time and user identification;

Send a verification request to the server, the verification request includes the digital signature result, digital signature time and user ID, to instruct the server to query the user information corresponding to the user ID, verify and return according to the digital signature result, digital signature time and the queried user information verification results;

Receive and display verification results.

According to a third aspect of the embodiments of the present application, there is provided an information processing method applied to a server, including:

receiving an information acquisition request sent by the first terminal in response to the first user's electronic certificate presentation operation, where the information acquisition request includes the user identification of the first user;

Obtain the user information of the first user according to the user identification, and generate a digital signature result after signing the user information and the digital signature time according to the organization's digital certificate, and the digital signature time is the time when the user information and the digital signature time are signed according to the organization's digital certificate;

Encrypt user information, digital signature results and digital signature time through personal digital certificates to generate encrypted results;

return the encryption result to the first terminal.

As an optional embodiment, before receiving the information acquisition request sent by the first terminal, it also includes:

Responding to the registration operation of the first user, receiving the basic information of the first user sent by the first terminal, acquiring and generating the physical certificate information of the first user from a preset database according to the basic information of the first user;

Using basic information and physical certificate information as user information to determine the user identification of the first user;

A corresponding relationship between the user identifier and the user information is established, and the user identifier is returned to the first terminal.

As an optional embodiment, the verification request sent by the second terminal is received, and the verification request includes a digital signature result, a digital signature time and a user identifier;

Querying the user information corresponding to the user ID according to the user ID, performing verification according to the digital signature result, the digital signature time and the queried user information, and returning the verification result to the second terminal;

Wherein, if it is determined that the user information of the first user is authentic and valid and the digital signature result is verified, the verification result is a verification success;

Wherein, the verification request is sent by the second terminal after scanning and analyzing the two-dimensional code in the electronic certificate to be verified.

According to a fourth aspect of the embodiments of the present application, a first terminal is provided, including:

The acquisition module is configured to send an information acquisition request to the server in response to the first user's electronic certificate presentation operation, and the information acquisition request includes the user identification of the first user to instruct the server to perform the following operations:

Obtain the user information of the first user according to the user ID, and return the encryption result generated by encrypting the user information, digital signature result and digital signature time through the personal digital certificate. The digital signature result is that the server signs the user information and digital signature time according to the organization's digital certificate Generated later, the digital signature time is the time when the user information and digital signature time are signed according to the organization's digital certificate;

The receiving module is used to receive the encrypted result returned by the server, decrypt the encrypted result according to the personal digital certificate, and obtain user information, digital signature result and digital signature time;

The display module is used to generate a two-dimensional code corresponding to the digital signature result, digital signature time and user identification according to the preset two-dimensional code template, generate and display an electronic certificate, and the electronic certificate includes user information and a two-dimensional code.

As an optional embodiment, in response to the operation of presenting the electronic certificate of the first user, the method also includes:

The registration initiating module is configured to transmit the basic information of the first user to the server in response to the registration operation of the first user, so as to instruct the server to perform the following operations:

Obtain and generate the first user’s physical certificate information from the preset database, use the basic information and physical certificate information as user information, determine the first user’s user ID, establish the correspondence between the user ID and user information, and store the user ID Return to the first terminal.

According to a fifth aspect of the embodiments of the present application, a second terminal is provided, including:

The scanning analysis module is used to scan and analyze the two-dimensional code in the electronic certificate to be verified of the first terminal, and obtain the digital signature result to be verified, the digital signature time and the user identification;

The request sending module is used to send a verification request to the server. The verification request includes a digital signature result, a digital signature time and a user ID to instruct the server to query the user information corresponding to the user ID. According to the digital signature result, the digital signature time and the queried Verify the user information and return the verification result;

The receiving display module is used to receive and display the verification results.

According to a sixth aspect of the embodiments of the present application, a server is provided, including:

A request receiving module, configured to receive an information acquisition request sent by the first terminal in response to the first user's electronic certificate presentation operation, where the information acquisition request includes the user identification of the first user;

The signature calculation module is used to obtain the user information of the first user according to the user identification, and generate a digital signature result after signing the user information and digital signature time according to the organization's digital certificate, and the digital signature time is the user information and digital signature time according to the organization's digital certificate the time the signature was made;

The encryption module is used to encrypt user information, digital signature results and digital signature time through personal digital certificates to generate encrypted results;

A sending module, configured to return the encryption result to the first terminal.

As an optional embodiment, before receiving the information acquisition request sent by the first terminal, it also includes:

The information acquisition module is configured to receive the basic information of the first user sent by the first terminal in response to the registration operation of the first user, and obtain and generate the physical certificate of the first user from a preset database according to the basic information of the first user information;

An information processing module, configured to use basic information and entity certificate information as user information to determine the user identifier of the first user;

The relationship establishing module is configured to establish a corresponding relationship between the user identifier and the user information, and return the user identifier to the first terminal.

As an optional embodiment, it also includes:

A verification request receiving module, configured to receive a verification request sent by the second terminal, where the verification request includes a digital signature result, a digital signature time and a user ID;

The information verification module is used to query the user information corresponding to the user identification according to the user identification, perform verification according to the digital signature result, the digital signature time and the queried user information, and return the verification result to the second terminal;

Wherein, if it is determined that the user information of the first user is authentic and valid and the digital signature result is verified, the verification result is a verification success;

Wherein, the verification request is sent by the second terminal after scanning and analyzing the two-dimensional code in the electronic certificate to be verified.

According to a seventh aspect of the embodiments of the present application, there is provided an electronic device, the electronic device includes: a memory, a processor, and a computer program stored on the memory, and the processor executes the computer program to implement the steps of any one of the methods described above .

According to an eighth aspect of the embodiments of the present application, there is provided a computer-readable storage medium, a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the method of any one of the above-mentioned aspects is implemented. step.

The beneficial effect of the technical solution provided by the embodiment of the present application is: in response to the first user’s electronic certificate presentation operation, an information acquisition request is sent to the server, and the information acquisition request includes the user identification of the first user to instruct the server to Identify and obtain the user information of the first user, and return the encryption result generated by encrypting the user information, digital signature result and digital signature time through the personal digital certificate. The digital signature result is generated after the server signs the user information and digital signature time according to the organization's digital certificate Receive the encrypted result returned by the server, decrypt the encrypted result according to the personal digital certificate, and obtain user information, digital signature result and digital signature time; generate and digital signature result, digital signature time and user information according to the preset QR code template Identify the corresponding QR code, generate and display an electronic certificate, which includes user information and a QR code. It realizes the cooperation between the terminal and the server to generate a safe and dynamic electronic certificate, which prevents it from being photographed or copied for fraudulent use. When verifying the certificate, it is not necessary to use special equipment. It is only necessary to install the APP on the general mobile device and scan the code. Securely complete password-based authentication of identity information.

Description of drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the following briefly introduces the drawings that need to be used in the description of the embodiments of the present application.

Figure 1 is a schematic diagram of the system architecture for realizing electronic certificate presentation and verification provided by the embodiment of the present application;

FIG. 2 is a schematic flowchart of a method for displaying an electronic certificate provided in an embodiment of the present application;

FIG. 3 is a schematic flow diagram of an electronic certificate verification method provided in an embodiment of the present application;

FIG. 4 is a schematic diagram of a flow of an information processing method provided in an embodiment of the present application;

Fig. 5 is a flow chart of a first user from registration to electronic certificate presentation provided by the embodiment of this application;

FIG. 6 is a schematic structural diagram of a first terminal provided in an embodiment of the present application;

FIG. 7 is a schematic structural diagram of a second terminal provided in an embodiment of the present application;

FIG. 8 is a schematic structural diagram of a server provided by an embodiment of the present application;

FIG. 9 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.

Detailed ways

Embodiments of the present application are described below with reference to the drawings in the present application. It should be understood that the implementation manner described below in conjunction with the accompanying drawings is an exemplary description for explaining the technical solutions of the embodiments of the present application, and does not limit the technical solutions of the embodiments of the present application.

Those skilled in the art will understand that the singular forms "a", "an" and "the" used herein may also include plural forms unless otherwise stated. It should be further understood that the terms "comprising" and "comprising" used in the embodiments of the present application mean that the corresponding features can be implemented as the presented features, information, data, steps, operations, elements and/or components, but do not exclude The realization is other features, information, data, steps, operations, elements, components and/or their combinations etc. supported by the technical field. It should be understood that when we say that an element is "connected" or "coupled" to another element, the one element can be directly connected or coupled to the other element, or it can mean that the one element and another element pass through intermediate elements. Establish a connection relationship. Additionally, "connected" or "coupled" as used herein may include wireless connection or wireless coupling. The term "and/or" used herein indicates at least one of the items defined by the term, for example, "A and/or B" can be implemented as "A", or as "B", or as "A and B ".

In order to make the purpose, technical solution and advantages of the present application clearer, the implementation manners of the present application will be further described in detail below in conjunction with the accompanying drawings.

The present application provides an electronic certificate display method, a verification method, a terminal, a server, an electronic device, and a computer-readable storage medium, aiming to solve the above technical problems in the prior art.

The following describes the technical solutions of the embodiments of the present application and the technical effects produced by the technical solutions of the present application by describing several exemplary implementations. It should be pointed out that the following embodiments may refer to, learn from or combine with each other, and the same terms, similar features, and similar implementation steps in different embodiments will not be described repeatedly.

FIG. 1 is a schematic diagram of a system architecture for displaying and verifying electronic certificates provided by an embodiment of the present application. The system includes a first terminal 110 , a second terminal 120 and a server 130 .

The first terminal 110 installs and runs the electronic certificate presentation program 111. When the first terminal 110 runs the application program 111, the registration interface, login interface and user interface of the electronic certificate presentation program 111 can be displayed on the screen of the first terminal 110. .

The first terminal 110 is the terminal used by the first user, and the electronic certificate display program 111 may respond to the registration operation of the first user, store the information of the first user in the server 130 and apply for a personal digital certificate; Identity authentication calculation request: an information acquisition request can be sent to the server 130 according to the presentation operation of the first user, and after the information is obtained and processed, the electronic certificate interface in the electronic certificate display program 111 can be displayed on the screen of the first terminal 110 .

The second terminal 120 installs and runs the electronic certificate verification program 112. When the second terminal 120 runs the electronic certificate verification program 112, the verification interface of the electronic certificate verification program 112 can be displayed on the screen of the second terminal 120.

The second terminal 120 is a terminal used by the second user. The electronic certificate verification program 112 can respond to the verification operation of the user, scan the QR code of the electronic certificate, obtain user information, send a verification request to the server 130, and receive the verification result and display it on interface.

Optionally, the device types of the first terminal 110 and the second terminal 120 include: any Android or iOS device such as a smart phone or a tablet computer.

Only two terminals are shown in FIG. 1 , but there are many other terminals that can access the server 130 in different embodiments. Optionally, there are also one or more terminals corresponding to the developer, on which the application development and editing platform is installed, and the developer can edit and update the application on the terminal, and the updated The application installation package is transmitted to the server 130 through a wired or wireless network, and the first terminal 110 and the second terminal 120 can download the application installation package from the server 130 to update the application.

The server 130 can be an independent physical server, or a server cluster or a distributed system composed of multiple physical servers, and can also provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, Cloud servers for basic cloud computing services such as middleware services, domain name services, security services, content delivery network (Content Delivery Network, CDN), and big data and artificial intelligence platforms.

An embodiment of the present application provides a method for displaying an electronic certificate, as shown in Figure 2, the method includes:

S101. In response to the first user's electronic certificate presentation operation, send an information acquisition request to the server, where the information acquisition request includes the user identification of the first user, so as to instruct the server to perform the following operations:

Obtain the user information of the first user according to the user ID, and return the encryption result generated by encrypting the user information, digital signature result and digital signature time through the personal digital certificate. The digital signature result is that the server signs the user information and digital signature time according to the organization's digital certificate Generated later, the digital signature time is the time when the user information and digital signature time are signed according to the organization's digital certificate;

In this embodiment of the application, after the first user selects the electronic certificate presentation function, the first terminal sends an information acquisition request to the server based on the SSL data secure transmission channel, wherein the information acquisition request includes the user identification corresponding to the first user, and the server based on After the SSL data secure transmission channel obtains the information acquisition request and the user ID corresponding to the first user, the user information of the corresponding first user is obtained according to the user ID corresponding to the first user. For example, when user Zhang San selects the electronic certificate presentation function, the second A terminal sends an information acquisition request to the server based on the SSL data secure transmission channel and Zhang San's user ID "123" included in the request. After receiving the information based on the SSL data secure transmission channel, the server searches for the information based on the user ID "123". Get Zhang San's name, phone number, ID number and other user information.

The server uses an organization digital certificate to perform digital signature operations on the user information and digital signature time to generate a digital signature result, and then uses a personal digital certificate to encrypt the user information, digital signature result and digital signature time of the above-mentioned first user to generate an encrypted result After that, the encryption result is sent back to the first terminal.

S102. Receive the encrypted result returned by the server, decrypt the encrypted result according to the personal digital certificate, and obtain user information, digital signature result and digital signature time;

The first terminal receives the encryption result obtained in the above step S101 based on the SSL data secure transmission channel, and uses a personal digital certificate to perform decryption operation on the encryption result to obtain the first user's user information, digital signature results and other plaintext data; wherein, the user information It includes the user's trusted identity, and can also include the status of the electronic certificate. The user's trusted identity includes basic information and physical certificate information, such as obtaining Zhang San's name, phone number, ID number and other information.

S103. Generate a QR code corresponding to the digital signature result, digital signature time and user ID according to the preset QR code template, generate and display an electronic certificate, the electronic certificate includes user information and a QR code.

According to the preset QR code template, according to the digital signature result, digital signature time and user identification, the QR code of the electronic certificate is dynamically generated in real time, and the user's trusted identity, status of the electronic certificate, and the data of the QR code of the electronic certificate are assembled, and finally Show full electronic certificate.

That is, in this application, the electronic certificate includes user information and the QR code of the electronic certificate; the QR code of the electronic certificate includes the user identification, digital signature result and digital signature time, which are dynamically generated in real time during the presentation stage. The digital signature time is the time when the server signs the user information and digital signature time according to the organization's digital certificate.

The content covered by the user information of the electronic certificate in the embodiment of this application includes but not limited to: basic information, physical certificate information and electronic certificate status. The content covered by the basic information includes but is not limited to: name, mobile phone number, ID card number, recent passport photo of the person without a hat, etc.; the content covered by the physical certificate information includes but not limited to: certificate issuing agency, certificate type, certificate number, certificate validity period etc.; the status of the electronic certificate is the current status of the electronic certificate, for example, it can be normal, expired, frozen, cancelled, etc.

In this embodiment of the present application, an information acquisition request is sent to the server in response to the operation of presenting the electronic certificate of the first user, and the information acquisition request includes the user identification of the first user to instruct the server to obtain the user information of the first user according to the user identification, and Returns the encryption result generated by encrypting user information, digital signature result and digital signature time through the personal digital certificate. The digital signature result is generated by the server after signing the user information and digital signature time according to the organization's digital certificate; receiving the encrypted result returned by the server, according to The personal digital certificate decrypts the encrypted result, obtains user information, digital signature result and digital signature time; generates and displays the QR code corresponding to the digital signature result, digital signature time and user ID according to the preset QR code template Electronic certificates, electronic certificates include user information and QR codes. It realizes the cooperation between the terminal and the server to generate a safe and dynamic electronic certificate, which prevents it from being photographed or copied for fraudulent use. When verifying the certificate, it is not necessary to use special equipment. It is only necessary to install the APP on the general mobile device and scan the code. Securely complete password-based authentication of identity information.

On the basis of the above-mentioned embodiments, as an optional embodiment, in response to the operation of presenting the electronic certificate of the first user, the previous steps also include:

The registration initiating module is configured to transmit the basic information of the first user to the server in response to the registration operation of the first user, so as to instruct the server to perform the following operations:

Obtain and generate the first user’s physical certificate information from the preset database, use the basic information and physical certificate information as user information, determine the first user’s user ID, establish the correspondence between the user ID and user information, and store the user ID Return to the first terminal.

In the embodiment of this application, if the first user wants to generate an electronic certificate, he needs to register as a user first, and the user sends the basic information and physical certificate information to the server, and the server takes the received basic information and physical certificate information as the user's trusted identity , the user information in this embodiment of the application may include the trusted identity of the user and the status of the electronic certificate;

A user ID of the user is generated, and a corresponding relationship between the user ID and user information is established, and then the created user ID is sent to the first terminal.

On the basis of the above-mentioned embodiments, as an optional embodiment, in response to the operation of presenting the electronic certificate of the first user, the previous steps also include:

In response to the completion of the registration operation, a pop-up window is displayed, and the pop-up window includes an input box to be filled;

In response to the input operation for the input box, generate a PIN password according to the input encrypted information;

In this embodiment of the application, after the user enters the basic information and physical certificate information, he can set a PIN password that meets the specifications according to the pop-up window popped up by the first terminal. The PIN password can be used as one of the conditions for the user to log in successfully. Send a digital certificate application to the server and obtain a personal digital certificate generated by the server.

Send a certificate application request to the server according to the generated PIN password, and the certificate application request is used to instruct the server to generate and return the personal digital certificate of the first user;

Receive the personal digital certificate returned by the server;

In response to the login operation of the first user, if it is determined that the login operation inputs the correct PIN password, a connection request is sent to the server based on the personal digital certificate to instruct the server to establish a secure SSL data transmission channel with the first terminal based on the personal digital certificate;

Send an identity authentication operation request to the server based on the SSL channel to instruct the server to generate and return an authentication result for the personal digital certificate.

Specifically, the user needs to log in after successfully registering. After receiving the personal digital certificate returned by the server, you first need to enter the correct PIN password, and you can send a connection request to the server based on the personal digital certificate, thereby establishing a secure SSL data transmission channel with the server, so that the terminal and the server The data between them can be transmitted safely. The data transmission between the first and second terminals and the server in the electronic certificate presentation stage and the electronic certificate verification stage in the embodiment of this application are all realized based on the SSL data secure transmission channel.

In the embodiment of this application, the electronic certificate is verified according to the content known to the user, that is, the PIN password. The PIN password can be bound to biological information such as face and fingerprint, and at the same time, sensitive information such as name, mobile phone number, and ID number can be desensitized. , there is no risk of privacy leakage. For example, the first and last characters of a name with more than two characters are reserved, and the last character of a name with two characters is reserved; the 4th to 7th digits of a mobile phone number are displayed with "*"; "*"show.

After the SSL channel is established, an identity authentication operation request is sent to the server based on the SSL channel, and an authentication result of the server is obtained.

In the embodiment of the present application, the electronic certificate PIN password and the personal digital certificate realize two-factor identity authentication, and verify the identity of the user to ensure that the identity of the user is true and valid.

Optionally, the device information can be verified, and the electronic certificate can be used normally only after the verification is passed, which further improves the security of the electronic certificate and makes the electronic certificate difficult to be cracked.

As an optional embodiment, the above method may also be implemented when the verification personnel of the second terminal log in.

An embodiment of the present application provides a method for electronic certificate verification, as shown in Figure 3, the method includes:

S201. Scan and analyze the QR code in the electronic certificate to be verified by the first terminal, and obtain the digital signature result to be verified, digital signature time and user identification;

In this embodiment of the application, the first terminal dynamically generates a QR code corresponding to the user ID, digital signature result, and digital signature time in real time according to the preset QR code template, and stores the user's trusted identity, electronic The status of the certificate, the QR code data of the electronic certificate are assembled, and after the complete electronic certificate is finally displayed, it is displayed to the verification personnel.

The second terminal held by the verifier scans the two-dimensional code of the electronic certificate displayed on the first terminal, and analyzes the two-dimensional code to obtain the corresponding user identification, digital signature result and digital signature time. For example, after Zhang San generates his own electronic certificate, he presents his electronic certificate to the verification personnel. The verification personnel use the second terminal to scan the QR code of his electronic certificate, and obtain the corresponding user ID "123" and the information about Zhang San, including his name and phone number. No., ID card number, electronic certificate in "normal" state, etc." the digital signature result and digital signature time of user information, such as "July 28, 2022 16:23:23".

S202. Send a verification request to the server, the verification request includes the digital signature result, digital signature time and user ID, to instruct the server to query the user information corresponding to the user ID, and perform verification according to the digital signature result, digital signature time and the queried user information And return the verification result;

After the second terminal parses out the information contained in the above two-dimensional code, based on the established SSL secure transmission channel, it sends the user identification, digital signature result and digital signature time to the server, and the server receives the user identification, digital signature result and the digital signature time, first check the corresponding user information according to the user ID to determine whether the user information is authentic and valid, and then perform signature verification based on the user information, digital signature result and digital signature time, and then complete the verification of the electronic certificate. The SSL secure transmission channel returns the real-time verification result to the second terminal.

S203. Receive and display the verification result.

The second terminal receives the verification result obtained by the server, and displays the verification result. For example, after the verification of Zhang San's electronic certificate is passed, the second terminal interface will display: "Verification succeeded".

The second terminal in the embodiment of this application can install the electronic certificate verification program 112. The verification APP completes the verification of certificate information and signature information based on cryptographic technology. The electronic certificate verification program 112 is expressed as an executable application program and supports both APP and SDK. Mode, specifically manifested as APP software that can be installed on smart mobile terminals or integrated into third-party application APP software, can be deployed on Android and iOS mobile terminals according to actual needs, and the requirement for terminal equipment is only that APP software can be installed. There is no need to provide special verification equipment. The electronic document verification SDK can also be integrated into hardware devices such as time attendance machines and gates. Electronic documents can be verified through time attendance machines and gates. It is easy to use while saving costs. , improving the user experience.

In addition, encryption technology is used to protect the business data transmission process such as electronic certificate presentation and verification, as well as the integrity and confidentiality of business data, so as to ensure the security of information in the communication process.

An information processing method is provided in an embodiment of the present application, which is applied to a server, as shown in FIG. 4 , the method includes:

S301. Receive an information acquisition request sent by the first terminal in response to the first user's electronic certificate presentation operation, where the information acquisition request includes the user identifier of the first user;

In this embodiment of the application, after the first user selects the electronic certificate presentation function, the first terminal sends an information acquisition request to the server, wherein the information acquisition request includes the user identification corresponding to the first user, and the server obtains the information acquisition request and the second A user ID corresponding to a user. For example, Zhang San uses the first terminal to send an information acquisition request, and the request includes Zhang San's user ID "123", and the server can obtain the information acquisition request and the user ID "123".

S302. Obtain the user information of the first user according to the user identification, and generate a digital signature result after signing the user information and the digital signature time according to the organization's digital certificate, and the digital signature time is the time when the user information and the digital signature time are signed according to the organization's digital certificate ;

The server obtains the user information of the corresponding first user according to the user identification corresponding to the first user, and performs digital signature calculation on the user information and digital signature time through the organization digital certificate to generate a signature result. Wherein, the digital signature time is the time when the user information and the digital signature time are signed according to the organization's digital certificate. For example, when user Zhang San selects the electronic certificate presentation function, the first terminal sends an information acquisition request to the server and Zhang San's user ID "123" included in the request. After receiving the information, the server, according to the user ID "123", Find Zhang San's name, phone number, ID number and other user information, and the server signs the above information and digital signature time, such as "July 28, 2022 16:23:23" through the organization's digital certificate to generate a digital signature result .

S303. Encrypt the user information, digital signature result and digital signature time with the personal digital certificate to generate an encrypted result;

S304. Return the encryption result to the first terminal.

The server uses the personal digital certificate to encrypt the user information of the first user, the digital signature result and the digital signature time, and after generating the encrypted result, sends the encrypted result back to the first terminal.

On the basis of the foregoing embodiments, as an optional embodiment, receiving the information acquisition request sent by the first terminal also includes:

Responding to the registration operation of the first user, receiving the basic information of the first user sent by the first terminal, acquiring and generating the entity certificate information of the first user from a preset database according to the basic information of the first user;

Using basic information and physical certificate information as user information to determine the user identification of the first user;

A corresponding relationship between the user identifier and the user information is established, and the user identifier is returned to the first terminal. In this embodiment of the application, the server takes the received basic information and physical certificate information as the user information of the first user, and at this time generates the user ID of the user, establishes the correspondence between the user ID and user information, and then sends the The created user ID is sent to the first terminal. In addition, the user information may also include the status of the electronic certificate.

On the basis of the foregoing embodiments, as an optional embodiment, receiving the information acquisition request sent by the first terminal also includes:

Receiving the information acquisition request sent by the first terminal also includes:

receiving a certificate application request sent by the first terminal, where the certificate application request includes a user identifier;

According to the user information corresponding to the user identification, generate a personal digital certificate of the first user and send the personal digital certificate to the first terminal;

Wherein, the certificate application request is sent by the first terminal after generating a PIN password according to the input encrypted information in response to the first user's input operation on the input box to be filled;

receiving a connection request sent by the first terminal, and establishing a secure SSL data transmission channel with the first terminal according to the personal digital certificate;

receiving the identity authentication operation request sent by the first terminal, verifying the personal digital certificate based on the SSL channel to generate a verification result, and sending the verification result to the first terminal;

Wherein, the connection request is sent by the first terminal after confirming that a correct PIN password is entered in the login operation in response to the first user's login operation.

On the basis of the foregoing embodiments, as an optional embodiment, receiving the information acquisition request sent by the first terminal also includes:

receiving an identity authentication operation request sent by the first terminal, where the identity authentication operation request includes a personal digital certificate;

Verifying the received personal digital certificate to generate a verification result, and sending the verification result to the first terminal;

receiving a connection request sent by the first terminal, and establishing a secure SSL data transmission channel with the first terminal according to the personal digital certificate;

Wherein, the identity authentication operation request is sent by the first terminal after confirming that a correct PIN password is entered in the login operation in response to the first user's login operation.

In the embodiment of this application, the PIN password of the electronic certificate and the personal digital certificate realize two-factor identity authentication. Optionally, the device information can be verified, and the electronic certificate can be used normally only after the verification is passed, which further improves the security of the electronic certificate, making Electronic documents are not easily cracked.

On the basis of the foregoing embodiments, an optional embodiment includes:

receiving a verification request sent by the second terminal, where the verification request includes a digital signature result, a digital signature time and a user ID;

Querying the user information corresponding to the user ID according to the user ID, performing verification according to the digital signature result, the digital signature time and the queried user information, and returning the verification result to the second terminal;

Wherein, if it is determined that the user information of the first user is authentic and valid and the digital signature result is verified, the verification result is a verification success;

Wherein, the verification request is sent by the second terminal after scanning and analyzing the two-dimensional code in the electronic certificate to be verified.

Specifically, the server first queries the corresponding user information based on the user ID to determine whether the user information is authentic and valid, and then performs signature verification based on the user information, digital signature result and digital signature time, and then completes the verification of the electronic certificate. The server will verify the result in real time Return to the second terminal.

The verification process in the embodiment of this application is divided into two steps. The first step is to check whether the user information of the user is authentic and valid according to the user ID. The second step is to verify the user information and digital signature results. There are only two steps of verification results. When all pass, the verification of the electronic certificate is successful. During the verification, the user information stored in the server and the user information in the digital signature result are compared online and in real time. At the same time, the user information and digital signature time are used as the original text to be signed to participate in the verification The process can effectively distinguish whether the user's information has been tampered with, and can ensure the authenticity, integrity and non-repudiation of the user's information.

Please refer to Figure 5, which schematically shows the flow chart of the first user from registration to electronic certificate presentation in an embodiment of the present application:

S401. The first user performs a registration operation and inputs basic information;

S402. The first terminal transmits the basic information of the first user to the server;

S403. The server receives the basic information of the first user, obtains the entity certificate information from the preset database according to the basic information, uses the basic information and the entity certificate information as user information, determines the user identifier of the first user, and establishes a relationship between the user identifier and the user information corresponding relationship;

S404. The server returns the user identifier to the first terminal;

S405. The first user sets a PIN password according to the pop-up window of the first terminal;

S406. After completing the setting of the PIN password, the first terminal sends a certificate application request to the server, where the certificate application request includes the user ID;

S407. The server receives the certificate application request sent by the first terminal, and generates the personal digital certificate of the first user according to the user information corresponding to the user identifier;

S408. The first user performs a login operation and enters a correct PIN password;

S409. The first terminal sends a connection request to the server based on the personal digital certificate;

S410. The server establishes an SSL data secure transmission channel with the first terminal based on the personal digital certificate;

S411. The first terminal sends an identity authentication operation request to the server;

S412. The server performs an identity authentication operation, and returns an identity authentication result to the first terminal;

S413. The first user performs an operation of presenting an electronic certificate;

S414. The first terminal sends an information acquisition request to the server, where the information acquisition request includes the user identifier of the first user;

S415. The server receives the information acquisition request, the server acquires the user information of the first user according to the user identification, and generates a digital signature result after signing the user information and digital signature time with an organization digital certificate; the server encrypts the user information and digital signature time with the personal digital certificate And digital signature result, generate encryption result;

S416. The server returns the encryption result to the first terminal;

S417. The first terminal receives the encrypted result returned by the server, decrypts the encrypted result according to the personal digital certificate, and obtains user information, digital signature time and digital signature result;

S418. The first terminal generates a two-dimensional code corresponding to the digital signature and the user ID according to the preset two-dimensional code template, generates and displays an electronic certificate, and the electronic certificate includes user information and a two-dimensional code.

In an optional application scenario, for example, Zhang San wants to generate an electronic certificate, and the verifier Li Si verifies Zhang San's electronic certificate.

Zhang San performs the registration operation on the first user of the first terminal, and enters basic information such as name "Zhang San", ID number 430xxxxx123, mobile phone number 156xxxx, and his recent bareheaded ID photo. The first terminal sends the above basic information to the server, and the server After receiving, obtain and generate Zhang San's physical certificate information from the preset database, for example, it can include: certificate issuing authority "L organization", certificate type such as "employee certificate", certificate validity period "May 2022-2025 May moon";

In addition, the server can also judge that the status of Zhang San's electronic certificate is "normal";

The server generates Zhang San's user identifier, such as "123", and establishes a corresponding relationship between the user identifier "123" and Zhang San's user information, and returns the identifier "123" to the first terminal;

According to the pop-up window displayed by the first terminal, Zhang San sets the PIN password "abc123" that conforms to the preset specification, and sends a certificate application request to the server. The certificate application request includes Zhang San's user ID "123";

The server receives the certificate application request sent by the first terminal, generates and returns Zhang San's personal digital certificate according to the user information corresponding to Zhang San's user ID "123";

After the first terminal receives the above data, Zhang San performs the login operation and enters the PIN password "abc123". The first terminal judges that the PIN password is entered correctly, then sends a connection request to the server, and the server establishes an SSL with the first terminal based on the personal digital certificate. Data security transmission channel; after that, send an identity authentication operation request to the server, and the server performs identity authentication operation;

If the identity authentication operation passes, the login is successful. After the login is successful, Zhang San performs the operation of presenting the electronic certificate, and the first terminal sends an information acquisition request to the server. The information acquisition request includes Zhang San's user identification "123";

The server obtains Zhang San’s user information according to the above request and the user ID “123”, signs the user information and digital signature time with the organization’s digital certificate to generate a digital signature result, and encrypts the user information and digital signature time “July 2022” with the personal digital certificate 16:23:23 on March 28" and the digital signature result, generate an encrypted result and send it to the first terminal;

The first terminal receives the encryption result returned by the server, decrypts the encryption result according to the personal digital certificate, obtains the above user information, digital signature time and digital signature result, and generates the digital signature result and digital signature according to the preset QR code template The time "July 28, 2022 16:23:23" and the QR code corresponding to Zhang San's user ID "123" generate and display Zhang San's electronic certificate, which includes: electronic certificate QR code, Basic information such as name "Zhang San", ID number 430xxxxx123, mobile phone number 156xxxx, and Zhang San's recent passport photo without hat, the certificate issuing agency "L institution", the type of certificate such as "employee certificate", and the validity period of the certificate "May 2022- May 2025" and other physical certificate information and electronic certificate status are "normal".

Verifier Li Si used the second terminal to scan and analyze the QR code in Zhang San's electronic certificate to be verified, and obtained Zhang San's user ID "123" and digital signature time "July 28, 2022 16:23:23 seconds" and digital signature results;

The second terminal sends a verification request to the server. The verification request includes Zhang San's user ID "123", the digital signature time "July 28, 2022 16:23:23" and the digital signature result. The server query and user ID "123 "Corresponding user information, determine whether Zhang San's user information is authentic and valid, and verify the user information, digital signature time, and digital signature results. When the two-step verification results pass, the electronic certificate verification is successful;

The server returns the verification result to the second terminal, and the second terminal receives and displays the result as "verification passed".

As an optional embodiment, on the basis that the first terminal has successfully applied for a personal digital certificate, the first user can also use the PIN password for identity verification, and at the same time compare and verify the user identity information, device information, etc., and pass the verification Only then can the electronic certificate be used.

Optionally, if the encryption and signature process involves the use of the key or the application of the certificate, the PIN password can also participate in the key generation and certificate application process, and participate in the key generation and certificate application operations as a protection factor. The certificate needs to go through identity authentication and device verification, and then it can be called for signature calculation to ensure real-time verification of the user's identity.

The embodiment of the present application provides a first terminal. As shown in FIG. 6, the terminal may include: an acquiring module 601, a receiving module 602, and a display module 603, wherein:

The acquisition module 601 is configured to send an information acquisition request to the server in response to the first user's electronic certificate presentation operation, and the information acquisition request includes the user identification of the first user to instruct the server to perform the following operations:

Obtain the user information of the first user according to the user ID, and return the encryption result generated by encrypting the user information, digital signature result and digital signature time through the personal digital certificate. The digital signature result is that the server signs the user information and digital signature time according to the organization's digital certificate Generated later, the digital signature time is the time when the user information and digital signature time are signed according to the organization's digital certificate;

The receiving module 602 is used to receive the encrypted result returned by the server, decrypt the encrypted result according to the personal digital certificate, and obtain user information, digital signature result and digital signature time;

The display module 603 is configured to generate a two-dimensional code corresponding to the digital signature result, digital signature time and user identification according to a preset two-dimensional code template, generate and display an electronic certificate, and the electronic certificate includes user information and a two-dimensional code.

The terminal in the embodiment of the present application can execute the method provided in the embodiment of the present application, and its realization principle is similar. Corresponding to the steps, for the detailed function description of each module of the device, please refer to the description in the corresponding method shown above, which will not be repeated here.

As an optional embodiment, in response to the operation of presenting the electronic certificate of the first user, the method also includes:

The registration initiating module is configured to transmit the basic information of the first user to the server in response to the registration operation of the first user, so as to instruct the server to perform the following operations:

Obtain and generate the first user’s physical certificate information from the preset database, use the basic information and physical certificate information as user information, determine the first user’s user ID, establish the correspondence between the user ID and user information, and store the user ID Return to the first terminal.

The embodiment of the present application provides a second terminal. As shown in FIG. 7, the terminal may include a scanning analysis module 701, a request sending module 702, and a receiving display module 603, wherein:

The scanning analysis module 701 is used to scan and analyze the two-dimensional code in the electronic certificate to be verified of the first terminal, and obtain the digital signature result to be verified, digital signature time and user identification;

The request sending module 702 is used to send a verification request to the server. The verification request includes a digital signature result, a digital signature time and a user identification, so as to instruct the server to inquire about the user information corresponding to the user identification. Verify the user information and return the verification result;

The receiving and displaying module 703 is configured to receive and display the verification result.

The embodiment of this application provides a server. As shown in FIG. 8, the server may include a request receiving module 801, a signature calculation module 802, an encryption module 803, and a receiving and sending module 804, wherein:

A request receiving module 801, configured to receive an information acquisition request sent by the first terminal in response to the first user's electronic certificate presentation operation, where the information acquisition request includes the user identification of the first user;

The signature operation module 802 is used to obtain the user information of the first user according to the user identification, and generate a digital signature result after signing the user information and the digital signature time according to the organization's digital certificate, and the digital signature time is to sign the user information and the digital signature according to the organization's digital certificate the time at which the signature was made;

The encryption module 803 is used to encrypt user information, digital signature results and digital signature time through personal digital certificates, and generate encrypted results;

A sending module 804, configured to return the encryption result to the first terminal.

As an optional embodiment, before receiving the information acquisition request sent by the first terminal, it also includes:

The information acquisition module is configured to receive the basic information of the first user sent by the first terminal in response to the registration operation of the first user, and obtain and generate the physical certificate of the first user from a preset database according to the basic information of the first user information;

An information processing module, configured to use basic information and entity certificate information as user information to determine the user identifier of the first user;

The relationship establishing module is configured to establish a corresponding relationship between the user identifier and the user information, and return the user identifier to the first terminal.

As an optional embodiment, it also includes:

A verification request receiving module, configured to receive a verification request sent by the second terminal, where the verification request includes a digital signature result, a digital signature time and a user ID;

The information verification module is used to query the user information corresponding to the user identification according to the user identification, perform verification according to the digital signature result, the digital signature time and the queried user information, and return the verification result to the second terminal;

Wherein, if it is determined that the user information of the first user is authentic and valid and the digital signature result is verified, the verification result is a verification success;

Wherein, the verification request is sent by the second terminal after scanning and analyzing the two-dimensional code in the electronic certificate to be verified.

An embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory. The processor executes the above computer program to implement the above steps. Compared with related technologies, it can be realized: by responding to The operation of presenting the electronic certificate of the first user sends an information acquisition request to the server, and the information acquisition request includes the user identification of the first user to instruct the server to obtain the user information of the first user according to the user identification, and returns the encrypted information of the user through the personal digital certificate The encryption result generated by the information, digital signature result and digital signature time. The digital signature result is generated by the server after signing the user information and digital signature time according to the organization's digital certificate; receiving the encrypted result returned by the server, and performing encryption on the encrypted result according to the personal digital certificate Decrypt to obtain user information, digital signature results and digital signature time; generate a QR code corresponding to the digital signature result, digital signature time and user ID according to the preset QR code template, generate and display electronic certificates, including user information and QR codes. It realizes the cooperation between the terminal and the server to generate a safe and dynamic electronic certificate, which prevents it from being photographed or copied for fraudulent use. When verifying the certificate, it is not necessary to use special equipment. It is only necessary to install the APP on the general mobile device and scan the code. Securely complete password-based authentication of identity information.

An electronic device is provided in an optional embodiment. As shown in FIG. 9 , the electronic device 4000 shown in FIG. 9 includes: a processor 4001 and a memory 4003 . Wherein, the processor 4001 is connected to the memory 4003 , such as through a bus 4002 . Optionally, the electronic device 4000 may further include a transceiver 4004, and the transceiver 4004 may be used for data interaction between the electronic device and other electronic devices, such as sending data and/or receiving data. It should be noted that, in practical applications, the transceiver 4004 is not limited to one, and the structure of the electronic device 4000 does not limit the embodiment of the present application.

The processor 4001 can be a CPU (Central Processing Unit, central processing unit), a general-purpose processor, a DSP (Digital Signal Processor, a data signal processor), an ASIC (Application Specific Integrated Circuit, an application specific integrated circuit), an FPGA (Field Programmable Gate Array, field programmable gate array) or other programmable logic devices, transistor logic devices, hardware components, or any combination thereof. It can implement or execute the various illustrative logical blocks, modules and circuits described in connection with the present disclosure. The processor 4001 may also be a combination that implements computing functions, for example, a combination of one or more microprocessors, a combination of a DSP and a microprocessor, and the like.

Bus 4002 may include a path for communicating information between the components described above. The bus 4002 may be a PCI (Peripheral Component Interconnect, Peripheral Component Interconnect Standard) bus or an EISA (Extended Industry Standard Architecture, Extended Industry Standard Architecture) bus or the like. The bus 4002 can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 9 , but it does not mean that there is only one bus or one type of bus.

Memory 4003 can be ROM (Read Only Memory, read-only memory) or other types of static storage devices that can store static information and instructions, RAM (Random Access Memory, random access memory) or other types of static storage devices that can store information and instructions A dynamic storage device can also be EEPROM (Electrically Erasable Programmable Read Only Memory, Electrically Erasable Programmable Read-Only Memory), CD-ROM (Compact DiscRead Only Memory, CD-ROM) or other CD storage, CD storage (including compact CD, Laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media, other magnetic storage devices, or any other medium that can be used to carry or store computer programs and can be read by a computer, without limitation.

The memory 4003 is used to store the computer programs for executing the embodiments of the present application, and the execution is controlled by the processor 4001 . The processor 4001 is configured to execute the computer program stored in the memory 4003 to implement the steps shown in the foregoing method embodiments.

An embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored. When the computer program is executed by a processor, the steps and corresponding contents of the aforementioned method embodiments can be realized.

The embodiment of the present application also provides a computer program product, including a computer program. When the computer program is executed by a processor, the steps and corresponding content of the aforementioned method embodiments can be realized.

The terms "first", "second", "third", "fourth", "1", "2", etc. (if any) in the description and claims of this application and the above drawings are used for Distinguishes between similar objects and does not necessarily describe a particular order or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances such that the embodiments of the application described herein can be practiced in sequences other than those illustrated or described in writing.

It should be understood that although arrows indicate various operation steps in the flow chart of the embodiment of the present application, the execution order of these steps is not limited to the order indicated by the arrows. Unless otherwise specified herein, in some implementation scenarios of the embodiments of the present application, the implementation steps in each flowchart may be performed in other orders as required. In addition, part or all of the steps in each flow chart may include multiple sub-steps or multiple stages based on actual implementation scenarios. Some or all of these sub-steps or stages may be executed at the same time, and each of these sub-steps or stages may also be executed at different times. In scenarios where execution times are different, the execution order of these sub-steps or stages can be flexibly configured according to requirements, which is not limited in this embodiment of the present application.

The above are only optional implementations of some implementation scenarios of this application. It should be pointed out that for those of ordinary skill in the art, on the premise of not departing from the technical concept of this application, other similar methods based on the technical ideas of this application can be adopted. The means of implementation also belong to the scope of protection of the embodiments of the present application.

Claims (11)

1. A method for displaying an electronic certificate, characterized in that it is applied to a first terminal, and the method comprises: In response to the operation of presenting the electronic certificate of the first user, an information acquisition request is sent to the server, and the information acquisition request includes the user identification of the first user, so as to instruct the server to perform the following operations: Acquire the user information of the first user according to the user identification, and return the encryption result generated by encrypting the user information, digital signature result and digital signature time through the personal digital certificate, and the digital signature result is obtained by the server according to the organization The digital certificate is generated after signing the user information and the digital signature time, and the digital signature time is the time when the user information and digital signature time are signed according to the organization's digital certificate; receiving the encryption result returned by the server, decrypting the encryption result according to the personal digital certificate, and obtaining the user information, the digital signature result and the digital signature time; Generate a two-dimensional code corresponding to the digital signature result, the digital signature time, and the user ID according to a preset two-dimensional code template, generate and display an electronic certificate, the electronic certificate includes the user information and the QR code. 2. The method according to claim 1, characterized in that, before responding to the operation of presenting the electronic certificate of the first user, the method further includes: In response to the registration operation of the first user, the basic information of the first user is transmitted to the server, so as to instruct the server to perform the following operations: Obtain and generate the entity certificate information of the first user from a preset database, use the basic information and the entity certificate information as the user information, determine the user identifier of the first user, establish the relationship between the user identifier and the Correspondence between user information and returning the user identifier to the first terminal. 3. An electronic certificate verification method, characterized in that it is applied to a second terminal, and the method comprises: Scanning and analyzing the QR code in the electronic certificate to be verified by the first terminal to obtain the digital signature result to be verified, digital signature time and user identification; Send a verification request to the server, the verification request includes the digital signature result, digital signature time and user identification, to instruct the server to query the user information corresponding to the user identification, according to the digital signature result, the digital The signature time and the queried user information are verified and the verification result is returned; The verification result is received and displayed. 4. An information processing method, characterized in that it is applied to a server, and the method comprises: receiving an information acquisition request sent by the first terminal in response to the first user's electronic certificate presentation operation, where the information acquisition request includes the user identification of the first user; Obtain the user information of the first user according to the user identification, and generate a digital signature result after signing the user information and digital signature time according to the organization's digital certificate, and the digital signature time is the user information according to the organization's digital certificate and digital signature time for signing; Encrypting the user information, the digital signature result and the digital signature time with a personal digital certificate to generate an encryption result; returning the encryption result to the first terminal. 5. The method according to claim 4, characterized in that before receiving the information acquisition request sent by the first terminal, it also includes: Responding to the registration operation of the first user, receiving the basic information of the first user sent by the first terminal, obtaining and generating the physical certificate of the first user from a preset database according to the basic information of the first user information; Using the basic information and the entity certificate information as the user information to determine the user identifier of the first user; Establishing a correspondence between the user identifier and the user information, and returning the user identifier to the first terminal. 6. The method of claim 4, comprising: receiving a verification request sent by the second terminal, where the verification request includes the digital signature result, digital signature time and user identification; Querying the user information corresponding to the user ID according to the user ID, performing verification according to the digital signature result, the digital signature time, and the queried user information, and returning the verification result to the second terminal; Wherein, if it is determined that the user information of the first user is authentic and valid and the digital signature result is verified, the verification result is a successful verification; Wherein, the verification request is sent by the second terminal after scanning and analyzing the two-dimensional code in the electronic certificate to be verified. 7. A first terminal, characterized in that it comprises: An acquisition module, configured to send an information acquisition request to the server in response to the first user's electronic certificate presentation operation, where the information acquisition request includes the user identification of the first user, so as to instruct the server to perform the following operations: Acquire the user information of the first user according to the user identification, and return the encryption result generated by encrypting the user information, digital signature result and digital signature time through the personal digital certificate, and the digital signature result is obtained by the server according to the organization The digital certificate is generated after signing the user information and the digital signature time, and the digital signature time is the time when the user information and digital signature time are signed according to the organization's digital certificate; A receiving module, configured to receive the encryption result returned by the server, decrypt the encryption result according to the personal digital certificate, and obtain the user information, the digital signature result and the digital signature time; A display module, configured to generate a two-dimensional code corresponding to the digital signature result, the digital signature time, and the user ID according to a preset two-dimensional code template, generate and display an electronic certificate, the electronic certificate includes the User information and the QR code. 8. A second terminal, characterized in that it comprises: The scanning analysis module is used to scan and analyze the two-dimensional code in the electronic certificate to be verified of the first terminal, and obtain the digital signature result to be verified, the digital signature time and the user identification; A request sending module, configured to send a verification request to the server, the verification request including the digital signature result, digital signature time and user identification, to instruct the server to inquire about the user information corresponding to the user identification, according to the queried Verify the user information, digital signature result and digital signature time and return the verification result; The receiving display module is used to receive and display the verification result. 9. A server, characterized in that, comprising: A request receiving module, configured to receive an information acquisition request sent by the first terminal in response to the first user's electronic certificate presentation operation, where the information acquisition request includes the user identification of the first user; The signature calculation module is used to obtain the user information of the first user according to the user identification, and generate a digital signature result after signing the user information and the digital signature time according to the organization's digital certificate, and the digital signature time is according to the organization's digital signature time. The time when the certificate signs the user information and digital signature time; An encryption module, configured to encrypt the user information, the digital signature result and the digital signature time through a personal digital certificate to generate an encryption result; A sending module, configured to return the encryption result to the first terminal. 10. An electronic device, comprising a memory, a processor and a computer program stored on the memory, wherein the processor executes the computer program to implement the steps of the method according to any one of claims 1-6. 11. A computer-readable storage medium, on which a computer program is stored, wherein, when the computer program is executed by a processor, the steps of the method according to any one of claims 1-6 are implemented.

Images