A certificate data reading method, device, equipment and storage medium

By identifying and extracting common data elements in the certificate chain, creating a shared data pool, and encoding it into a compact certificate structure, the problems of storage redundancy and low parsing efficiency in certificate management are solved, achieving efficient certificate storage and access.

CN122247631APending Publication Date: 2026-06-19BEIJING TSINGTENG MICROSYSTEM CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
BEIJING TSINGTENG MICROSYSTEM CO LTD
Filing Date
2026-03-27
Publication Date
2026-06-19

Smart Images

  • Figure CN122247631A_ABST
    Figure CN122247631A_ABST
Patent Text Reader

Abstract

This application discloses a certificate data reading method, apparatus, device, and storage medium, relating to the field of data processing. The method includes acquiring a certificate chain set, identifying and extracting common data elements from the certificate chain set; creating a target shared data pool based on the common data elements; storing the common data elements and their corresponding element indices in the target shared data pool; traversing each certificate in the certificate chain set, encoding each certificate into a compact certificate structure, and configuring a corresponding certificate chain identifier for the compact certificate structure; the compact certificate structure includes: the element index of the common data element corresponding to each certificate and the structure index of the compact certificate structure corresponding to the certificate's parent certificate; assembling all compact certificate structures and the shared data pool into a target single-unit binary object and storing it in a target memory. This application can improve certificate access and parsing efficiency.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of data processing, and in particular to a method, apparatus, device, and storage medium for reading certificate data. Background Technology

[0002] In modern network security systems, the storage and transmission of digital certificate chains are fundamental to secure communication (such as TLS / SSL). However, existing certificate management methods have significant problems: high storage redundancy, with duplicate root certificates and intermediate certificates from multiple certificate chains being stored independently, resulting in wasted memory and disk space; low transmission efficiency, with large complete certificate chains increasing network overhead and affecting handshake performance; and high parsing overhead, lacking structured indexes, requiring repeated parsing of the same fields for each verification, further burdening the system.

[0003] While general compression algorithms (such as Gzip) can be used to reduce file size, they cannot recognize the semantic structure of certificates, have difficulty eliminating semantic redundancy across certificates, and consume a lot of computing resources and memory during the decompression process, making them unsuitable for high-concurrency or resource-constrained environments. Summary of the Invention

[0004] This application provides a certificate data reading method, apparatus, device, and storage medium to at least solve the problem of inflexible server configuration in related technologies.

[0005] This application provides a method for reading certificate data, including: Obtain the certificate chain set, identify and extract the common data elements in the certificate chain set; Based on the common data elements, a target shared data pool is created; the target shared data pool stores the common data elements and the element indexes corresponding to the common data elements; Traverse each certificate in the certificate chain set, encode each certificate into a compact certificate structure, and configure a corresponding certificate chain identifier for the compact certificate structure; the compact certificate structure includes: the element index of the common data element corresponding to each certificate and the structure index of the compact certificate structure corresponding to the certificate's parent certificate; Among them, the structure index of the compact certificate structure corresponding to the root certificate without a superior certificate is a preset special value; All compact certificate structures are assembled with the shared data pool into a target monolithic binary object and stored in the target memory.

[0006] This application also provides a certificate data reading device, including: The acquisition unit is used to acquire a set of certificate chains, identify and extract common data elements in the set of certificate chains; A creation unit is used to create a target shared data pool based on the common data elements; the target shared data pool stores the common data elements and the element indexes corresponding to the common data elements; The processing unit is used to traverse each certificate in the certificate chain set, encode each certificate into a compact certificate structure, and configure a corresponding certificate chain identifier for the compact certificate structure; the compact certificate structure includes: the element index of the common data element corresponding to each certificate and the structure index of the compact certificate structure corresponding to the certificate's parent certificate; Among them, the structure index of the compact certificate structure corresponding to the root certificate without a superior certificate is a preset special value; An assembly unit is used to assemble all compact certificate structures with the shared data pool into a target monolithic binary object and store it in the target memory.

[0007] This application also provides an electronic device, including: a memory for storing a computer program; and a processor for executing the computer program to implement the steps of any of the above-described certificate data reading methods.

[0008] This application also provides a computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the steps of any of the above-described certificate data reading methods.

[0009] This application also provides a computer program product, including a computer program that, when executed by a processor, implements the steps of any of the above-described certificate data reading methods.

[0010] This invention identifies and extracts common data elements from a certificate chain set, creates a target shared data pool and assigns it a unique element index, then encodes each certificate into a compact certificate structure containing only the element index and the parent certificate structure index. Finally, all compact certificate structures and the shared data pool are assembled into a single target binary object for storage. This completely eliminates common data redundancy within and between certificate chains, significantly reducing the storage space required for certificate storage. At the same time, by referencing the element index and structure index, rapid data location and hierarchical backtracking can be achieved during certificate reconstruction, effectively improving certificate access and parsing efficiency. Furthermore, the storage format of the target binary object also improves the atomicity and integrity of data management, making it more suitable for the storage and operation needs of resource-constrained devices. Attached Figure Description

[0011] To more clearly illustrate the embodiments of this application, the accompanying drawings used in the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0012] Figure 1 This is one of the flowcharts illustrating a certificate data reading method provided in an embodiment of this application; Figure 2 A second schematic flowchart illustrating a certificate data reading method provided in this application embodiment; Figure 3 The third flowchart illustrates a certificate data reading method provided in this application embodiment; Figure 4 The fourth flowchart illustrates a certificate data reading method provided in this application embodiment; Figure 5 This is a schematic diagram of the structure of a system power consumption monitoring device provided in an embodiment of this application. Detailed Implementation

[0013] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the protection scope of this application.

[0014] It should be noted that, in the description of this application, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. The terms "first," "second," etc., in this application are used to distinguish similar objects and are not used to describe a specific order or sequence.

[0015] To enable those skilled in the art to better understand the present application, the present application will be further described in detail below with reference to the accompanying drawings and specific embodiments.

[0016] The embodiments of this application provide a certificate data reading method, referring to... Figure 1 The diagram shown is a flowchart of a certificate data reading method, which includes the following steps: S11. Obtain the certificate chain set, identify and extract the common data elements in the certificate chain set.

[0017] In this step, a set of certificate chains containing multiple digital certificate chains is first obtained. The set of certificate chains can come from multiple server instances, security gateways, or certificate management systems, such as EUM (ECA-UE-MNO) certificate chains, CI (Certificate Issuer) certificate chains, etc. Each certificate chain consists of a root certificate, one or more intermediate certificates, and end entity certificates, i.e., leaf certificates (such as server certificates), arranged in a hierarchical order.

[0018] Then, the certificate chain set is subjected to structured analysis and traversal, that is, all data fields of each certificate in each certificate chain are parsed, including but not limited to: Distinguished Name (DN), Common Name (CN), Organizational Unit (OU), Object Identifier (OID), Public Key Information, Signature Algorithm Identifier, Signature Value, Key Identifier, etc., to clarify the content, format and storage location of each data field.

[0019] In this embodiment of the application, the process of identifying and extracting common data elements in the certificate chain set can be as follows: by performing consistency determination on the content of the same type of data fields of different certificates through hash calculation or byte-by-byte comparison, all common data elements (i.e., shared data elements) that appear repeatedly within or between certificate chains can be identified, and such elements can be extracted and temporarily stored; wherein, hash calculation converts the original data of arbitrary length into a hash value of fixed length to achieve rapid determination of data consistency, and byte comparison serves as a fallback check for hash collisions to ensure the accuracy of the identification results.

[0020] For example, multiple certificate chains may share the same root CA certificate's public key and DN information, which are then identified as common data elements. This step enables accurate identification of semantically redundant data across certificates and chains.

[0021] In some embodiments, the common data elements include at least: a proprietary name and its components, an object identifier, a public key, a signature value, and a key identifier. These elements play a crucial role in the certificate verification process and are highly repetitive in actual deployments, making them key targets for deduplication optimization. Furthermore, by extracting shareable semantic units from the original certificate data, a foundation is provided for subsequently building a shared data pool, effectively avoiding the repeated processing and storage of identical data.

[0022] S12. Based on the common data elements, create a target shared data pool.

[0023] The target shared data pool stores the common data elements and the element indexes corresponding to the common data elements.

[0024] In this step, a centrally managed target shared data pool is constructed based on the common data elements extracted in the previous step. Specifically, the extracted common data elements need to be deduplicated to ensure that only one copy of each unique data element is retained; a unique element index is assigned to each deduplicated common data element, which is an integer value or other efficiently addressable data type; a mapping relationship between the element index and the original data content is established to form an index table; all common data elements and their corresponding element indexes are integrated and stored in the target shared data pool to form a structured read-only or updatable data set. Global deduplication is performed on all extracted common data elements to remove duplicate data elements and retain only unique common data elements. This ensures that each type of shareable data exists only once in the target shared data pool, fundamentally solving the problem of data redundancy within and between chains in certificate chain storage.

[0025] Furthermore, all unique common data elements after deduplication are associated with their corresponding element indices and stored to form a unified target shared data pool. Preferably, to improve the efficiency of subsequent data retrieval, the target shared data pool can also classify and organize the unique common data elements according to data type, constructing multiple independent lookup tables, such as a string table (storing character data such as DN), an OID table (storing object identifiers), a public key table (storing public key data), etc. Each element in the lookup table is mapped one-to-one with a unique element index, achieving the effect of quickly locating the target data element through the index value.

[0026] S13. Traverse each certificate in the certificate chain set, encode each certificate into a compact certificate structure, and configure the corresponding certificate chain identifier for the compact certificate structure.

[0027] The compact certificate structure includes: the element index of the common data element corresponding to each certificate and the structure index of the compact certificate structure corresponding to the superior certificate of the certificate; the structure index of the compact certificate structure corresponding to the root certificate without a superior certificate is a preset special value.

[0028] This step is the certificate structure reconstruction and encoding stage for compressed storage. It mainly transforms the original complete certificate data into a lightweight and compact certificate structure. By replacing the original data with an index, the storage volume of a single certificate is significantly reduced. At the same time, the hierarchical association and chain ownership of certificates are realized through structure index and certificate chain identifier.

[0029] Specifically, each certificate in the certificate chain set is traversed in sequence, and a compact certificate structure is initialized for each certificate. This structure is a custom lightweight data structure that discards information such as tags, length, and redundant structural descriptions in the original certificate standard encoding, and only retains the core index information required for certificate restoration and reconstruction, thus achieving extreme simplification of the certificate structure.

[0030] All common data elements in the current certificate are replaced with their corresponding unique element indices in the target shared data pool. In other words, in the compact certificate structure, the original byte data of common data elements is not stored; only short indices pointing to that data are stored. For example, the public key data in the certificate is replaced with the public key element index in the public key table of the target shared data pool, and the OID data in the certificate is replaced with the OID element index in the OID table. In this way, the large volume of the original certificate data is transformed into small volume index data, which significantly reduces the storage overhead of a single certificate.

[0031] Furthermore, a structure index is configured for each compact certificate structure. This structure index serves as a unique identifier for the compact certificate structure and is used to characterize the hierarchical parent-child relationship of the certificate chain.

[0032] For non-root certificates (intermediate certificates, leaf certificates), their structure index directly points to the compact certificate structure corresponding to their parent certificate, realizing a direct hierarchical reference from child certificate to parent certificate. There is no need to store any original data of the parent certificate in the child certificate, eliminating redundant storage in the certificate chain hierarchy. For a root certificate without a superior certificate, the structure index of its corresponding compact certificate structure is configured with a preset special value (such as -1, 0, etc., which have no actual index meaning). This special value is globally unified and used to uniquely identify the root certificate, making it clearly distinguishable from the structure indexes of other compact certificate structures, thus avoiding logical confusion when tracing back the certificate chain hierarchy.

[0033] It should be noted that a corresponding certificate chain identifier needs to be configured for each compact certificate structure. This identifier is a feature value (such as an enumeration value, a short string, a unique number, etc., such as "EUM_CHAIN" or "CI_CHAIN") that corresponds one-to-one with the original certificate chain. It is used to represent the certificate chain to which the current compact certificate structure belongs, realize the binding between the compact certificate structure and the original certificate chain, and ensure that all compact certificate structures corresponding to a certain certificate chain can be quickly filtered out according to the identifier, thus providing a basis for the rapid reconstruction of the certificate chain.

[0034] S14. Assemble all compact certificate structures with the shared data pool into a target monolithic binary object and store it in the target memory.

[0035] This step is the data integration and persistent storage stage of compressed storage. The core is to integrate the scattered compact certificate structure and the target shared data pool into a self-contained monolithic data object, so as to achieve unified storage and efficient access of multiple certificate chains.

[0036] Specifically, all the encoded compact certificate structures and the constructed target shared data pool are integrated according to a predefined fixed format to generate a single, continuous, self-contained target binary object (Blob). This binary object is a custom continuous byte stream without discrete data blocks. Its structure can be designed according to actual application requirements, and typically includes at least four parts: a file header, a certificate chain index table, a set of compact certificate structures, and the target shared data pool. The file header contains metadata such as the magic word, version number, total number of certificate chains, and the starting offset and size of each logical part, which are used to quickly identify and parse the binary object. The certificate chain index table establishes a mapping relationship between the certificate chain identifier and the corresponding set of compact certificate structures based on the certificate chain identifier of the compact certificate structure, so as to realize the rapid location of the target certificate chain.

[0037] The generated target single binary object is stored in the target memory, which is a non-volatile memory of a resource-constrained device, such as embedded flash memory or NAND flash memory of an IoT device, to meet the persistent storage requirements of certificate chain data and adapt to the hardware storage characteristics of resource-constrained devices.

[0038] It should be noted that the target single binary object includes: a file header, a certificate chain index table, a compact certificate structure array, and the target shared data pool.

[0039] The file header is used to identify the format and version of the target single binary object, and also includes the total number of certificate chains, the starting offset and size of each logical part; the certificate chain index table is used to map the certificate chain identifier to the index position of the leaf certificate of the corresponding certificate chain in the compact certificate structure array; the compact certificate structure array stores all encoded compact certificate structures in sequence.

[0040] This step integrates the originally scattered multiple certificate chains and multiple certificate files into a single binary object. When the device accesses certificate chain data subsequently, it only needs to read all the required data through a single I / O operation, which completely solves the access latency problem caused by multiple I / O operations in the traditional independent storage mode and greatly improves the access efficiency of certificate chain data.

[0041] This invention identifies and extracts common data elements from a certificate chain set, creates a target shared data pool and assigns it a unique element index, then encodes each certificate into a compact certificate structure containing only the element index and the parent certificate structure index. Finally, all compact certificate structures and the shared data pool are assembled into a single target binary object for storage. This completely eliminates common data redundancy within and between certificate chains, significantly reducing the storage space required for certificate storage. At the same time, by referencing the element index and structure index, rapid data location and hierarchical backtracking can be achieved during certificate reconstruction, effectively improving certificate access and parsing efficiency. Furthermore, the storage format of the target binary object also improves the atomicity and integrity of data management, making it more suitable for the storage and operation needs of resource-constrained devices.

[0042] As an extension and refinement of the above embodiments, refer to Figure 2 As shown in the embodiment of this application, another certificate data reading method is also provided, specifically including the following steps S21-S27: S21. Obtain the certificate chain set, perform structured analysis on all certificates in the certificate chain set, and traverse all data fields of each certificate.

[0043] This step is the data decomposition and preprocessing stage. The core is to collect the certificate chains to be processed and decompose the unstructured and semi-structured standard certificate data into field-level data that can be analyzed separately, so as to provide a basis for subsequent data consistency determination.

[0044] Specifically, to perform full-dimensional structured parsing on each certificate in the certificate chain set, the original encoded data of each certificate needs to be broken down into standardized independent data fields. The parsed fields include core identifiers and encryption-related fields (such as proprietary name, object identifier, public key, signature value, key identifier), as well as certificate attribute and constraint fields (such as certificate serial number, validity period timestamp, key purpose, issuer / user information, extended fields, etc.). All fields are the smallest unit for subsequent data comparison.

[0045] Then, all data fields after all certificates are parsed are traversed in sequence, and basic information such as the certificate to which each field belongs, field type, and original content of the field is recorded. This achieves a full-coverage scan of all data in the certificate chain set, avoiding redundant data residues caused by missing fields, and providing operable basic data units for subsequent identification of duplicate data across certificates and certificate chains.

[0046] S22. Perform hash calculations or byte comparisons on the content of each data field to identify and extract the shareable data elements that appear repeatedly among the certificates.

[0047] The common data elements include at least a proprietary name and its components, an object identifier, a public key, a signature value, and a key identifier.

[0048] In this step, by using two complementary determination methods, hash calculation and byte comparison, consistency comparisons are performed on all field data traversed in S21 across certificates and across certificate chains to identify and extract recurring shareable data elements.

[0049] Specifically, for the original content of each data field traversed in S21, a consistency determination is performed separately. In this embodiment, a combined determination strategy of hash calculation as the main method and byte comparison as the auxiliary method can be adopted.

[0050] The original content of fields of arbitrary length can be converted into fixed-length hash values ​​with unique mappings using hash algorithms (such as SM3, SHA1, MD5, etc.). When determining whether two fields of the same type are the same data, it is only necessary to compare their hash values. If the hash values ​​are different, the data content must be different and can be directly excluded. This method transforms "byte-by-byte comparison of long data" into "direct comparison of short hash values", which greatly reduces the amount of CPU computation and improves the comparison efficiency in scenarios with multiple certificates and multiple fields.

[0051] Furthermore, as a fallback verification method for hash calculation, only fields with the same hash value are compared byte by byte in binary content. Since there is an extremely low probability of hash collision (different data generating the same hash value), byte comparison can completely eliminate the misjudgment caused by this probability, ensuring 100% accuracy of the judgment result. When comparing bytes, the original binary content of the two fields needs to be matched bit by bit. If they are completely consistent, they are judged as the same data. If there is any difference in any bit, they are judged as different data.

[0052] Furthermore, based on the above consistency determination results, the same data field content that appears repeatedly across certificates and certificate chains is identified and defined as shareable data elements, i.e. common data elements. These elements are the most redundant parts in certificate chain storage, appearing repeatedly in multiple certificate chains and multiple certificates. They do not need to be stored repeatedly and are the core objects for achieving compressed storage.

[0053] It should be noted that common data elements include at least the following five types of information fields: proprietary name and its components, object identifier, public key, signature value, and key identifier. These fields are the most duplicated and have the largest data volume in the above-mentioned information resource-constrained device certificate chain, and are also the focus of deduplication and compression.

[0054] Specifically, proper nouns (DNs) and their components include sub-components such as country (C), organization (O), organizational unit (OU), and common name (CN), such as the "O=GSMA" component contained in multiple certificate chains.

[0055] Object identifiers (OIDs), such as algorithm identifiers and policy identifiers (e.g., 2.23.140.1.x) in the PKI system, are defined uniformly by industry standards and are frequently repeated across various certificates.

[0056] Public key: The public key of the root CA / intermediate CA will appear repeatedly in the certificate chain corresponding to all the certificates it issues.

[0057] Signature value: Multiple certificates issued by the same CA may contain the same signature verification-related value.

[0058] Key Identifier: A unique identifier used to identify a key pair. Key identifiers of the same CA will be repeated in multiple certificate chains.

[0059] In this step, all the identified common data elements are extracted and temporarily stored. During the extraction process, the field type and original content of each common data element need to be recorded, and a temporary storage list needs to be established to provide original data for the subsequent construction of the target shared data pool. Only one copy of the same common data element needs to be retained during extraction, and there is no need to extract it repeatedly.

[0060] S23. Perform deduplication processing on the extracted common data elements, and assign a corresponding element index to each of the deduplicated common data elements to establish a mapping relationship between the common data elements and the element index.

[0061] Specifically, the deduplication process for the extracted common data elements covers all certificates and all certificate chains in the certificate chain set, rather than local deduplication within a single certificate chain. It ensures that only one original copy of the same common data element is retained in the entire data pool, completely eliminating redundant duplicate data between and within certificate chains.

[0062] Then, for each unique common data element obtained after deduplication, a dedicated unique element index is assigned. This element index is a lightweight identifier value, which can be a short integer value, a continuous offset, or a simplified pointer. It is preferred to use a continuously increasing integer index (such as 1, 2, 3...) to reduce the storage overhead of the index itself and facilitate subsequent fast lookup and calculation.

[0063] It should be noted that index allocation follows the principles of uniqueness and exclusivity. Different common data elements correspond to different element indices, ensuring a one-to-one correspondence between indexes and data elements and avoiding errors in retrieving original data due to duplicate indexes.

[0064] Furthermore, by constructing a hash mapping table or dictionary, an association mapping relationship between unique common data elements and their corresponding element indices is established. The hash value and original characteristic value of the common data element are used as keys, and the unique element index corresponding to that element is used as the value. Auxiliary information such as data element type and storage location can also be added according to implementation requirements.

[0065] By obtaining this mapping relationship, the original data elements in the certificate can be quickly replaced with the corresponding index during subsequent certificate encoding. It can also be used to quickly restore the index to the original common data elements during subsequent certificate chain reconstruction.

[0066] In the embodiments of this application, reference is made to Figure 3 As shown, the specific implementation process of deduplicating the extracted common data elements may include the following steps S231-S235: S231. Construct a hash mapping table.

[0067] The hash mapping table is used to store the association between the hash value of a data element and the corresponding element index.

[0068] Specifically, a hash table is first constructed. This hash mapping table is a lightweight data structure of key-value pairs. The hash value of the data element is used as the key, and the mapping rule is to use the unique element index corresponding to the data element as the value. The key is a fixed-length hash string or number (generated by subsequent hash calculation), and the value is a short integer or integer element index (such as a continuously increasing number). There are no duplicate key values ​​in the table, ensuring that a hash value uniquely corresponds to an element index.

[0069] Furthermore, the hash value is used to quickly determine whether the data element to be processed is a duplicate element that has already appeared. On the other hand, the hash value of the unique data element that has been deduplicated is permanently recorded and the relationship between the assigned element index, providing a basis for subsequent index lookup for certificate encoding and certificate chain reconstruction.

[0070] Meanwhile, this hash table is a temporary memory-level data structure that is created during the deduplication process and will not be destroyed after the process ends. Instead, it is persisted to a single binary object (Blob) along with the target shared data pool, ensuring that subsequent processes can directly call this mapping relationship.

[0071] This step provides an efficient search platform for subsequent duplicate data detection. By utilizing the O(1) level search efficiency of the hash mapping table, the traditional element-by-element traversal comparison is replaced, which greatly reduces the CPU computation overhead of the deduplication process.

[0072] S232. For each of the aforementioned common data elements, calculate the corresponding data hash value.

[0073] Specifically, iterate through all the common data elements extracted above (including proprietary names and their components, object identifiers, public keys, signature values, key identifiers, etc.), and perform hash calculations on each data element one by one. For example, a fixed-length data hash value can be generated by using lightweight, highly unique hash algorithms (such as SM3, SHA-1, MD5, etc., which are adapted to the computing power of resource-constrained devices).

[0074] Furthermore, by leveraging the fixed length, unique mapping, and computationally efficient characteristics of hash values, the original multi-byte data elements (such as public keys and DN strings) are transformed into hash values ​​of only tens of bits. This significantly reduces the data comparison volume during subsequent table lookup matching while ensuring the accuracy of the judgment.

[0075] This step generates a standardized, lightweight, and unique identifier for each data element, transforming subsequent duplicate detection from byte-by-byte comparison of long raw data into direct matching of short hash values, thus improving the overall efficiency of the deduplication process.

[0076] S233. Search the hash table according to the hash value of the data.

[0077] Specifically, the hash value of the data calculated by S232 is used as the lookup key. A precise key-value matching lookup is performed in the hash map table to determine whether the hash value already exists as a key in the table. The table lookup operation is based on the native characteristics of the hash map table. It does not require traversing all the data in the table. It directly locates the storage location of the key by using the hashing rules of the hash algorithm, thus achieving fast lookup.

[0078] In some embodiments, a table lookup may produce two explicit results, including: A matching hash value was found: This indicates that the data element to be processed is a duplicate element, meaning that an element with the same content has appeared before and an index has been assigned.

[0079] No matching hash value found: This indicates that the data element to be processed is a new element, the first unique data element to appear, and a new unique element index needs to be assigned to it.

[0080] It should be noted that for extremely low probability hash collisions (different content data elements generate the same hash value), this step can reserve a secondary verification entry point. If a hash value is matched in the table lookup, the bytes of the original data can be compared first to confirm whether the data content is really consistent, and then it can be determined whether it is a duplicate element, ensuring the accuracy of the deduplication result.

[0081] This step uses efficient table lookup to quickly identify duplicate data, which is the key to improving efficiency in the entire deduplication process. Compared with the traditional element-by-element traversal comparison, the table lookup method reduces the time complexity of deduplication from O(n) to O(1).

[0082] S234. If a matching hash value is found, the common data element is determined to be a duplicate element, and the element index of the duplicate element recorded in the hash mapping table is obtained.

[0083] Specifically, based solely on the lookup result of S233, if the hash value matches successfully in the mapping table, the data element to be processed is directly determined to be a globally duplicated element (i.e., an element with the same content that has appeared in all certificates / certificate chains in the certificate chain set), without needing to compare the original data again.

[0084] Then, based on the matched hash value (key), the corresponding element index (value) in the hash map table is directly retrieved, and this index is used as the index of the current duplicate element to be processed, realizing global reuse of the index; there is no need to allocate a new index for duplicate elements, ensuring that data elements with the same content correspond to only one unique index in the entire target shared data pool.

[0085] For common data elements that are determined to be duplicates, no new storage operations are performed. The storage process in the target shared data pool is skipped directly, and only the index of its reuse is recorded. This fundamentally avoids the duplicate storage of the same data elements in the data pool and achieves global deduplication.

[0086] This step, through index reuse, ensures that common data elements with the same content are stored only once in the target shared data pool, corresponding to only one index. It is a key step in achieving certificate chain storage compression.

[0087] S235. If no matching hash value is found, the common data element is determined to be a new element, a new element index is assigned to the new element, and the mapping relationship between the data hash value and the new element index is written into the hash mapping table.

[0088] In this step, the lookup result of S233 is used as the sole basis. If the hash value does not match successfully in the mapping table, the data element to be processed is directly determined to be a new global element, which is the first unique data element to appear in the certificate chain set and needs to be included in the target shared data pool for storage.

[0089] It should be added here that the original content of the new element can be added to the corresponding independent lookup table in the target shared data pool according to its data type. This is because when the target shared data pool was created in S12 above, the unique common data elements were classified and organized according to their data types, and multiple independent lookup tables were constructed. This ensures that the target shared data pool is stored according to data type, thereby improving the efficiency of subsequent index lookups.

[0090] Then, a new element index is assigned to the new element, and the data hash value (key) of the new element and the newly assigned element index (value) are combined to form a new key-value pair, which is written into the hash mapping table constructed in S231 to complete the permanent record of the mapping relationship. This operation ensures that if duplicate elements with the same content appear later, this index can be retrieved directly through the hash value, thus realizing index reuse.

[0091] This step, by storing new elements by type, assigning unique indexes, and recording mapping relationships, transforms the target shared data pool into a unified data warehouse where raw data can be quickly retrieved via indexes, laying the foundation for subsequent indexed encoding of certificates.

[0092] This application embodiment constructs a hash mapping table through the above S231-S235 and combines hash calculation to achieve deduplication and index allocation of common data elements. With the efficient lookup characteristics of the hash mapping table at O(1) level, the original duplicate judgment method of comparing bytes one by one is transformed into fast matching of hash values, which greatly reduces the CPU operation overhead in scenarios with multiple certificates and multiple data elements and significantly improves the processing efficiency of global deduplication. At the same time, the association between data elements and element indexes is established with hash values ​​as unique identifiers, which ensures the accuracy of deduplication judgment. In addition, new elements are classified into corresponding independent lookup tables according to type, and duplicate elements directly reuse existing indexes. This not only fundamentally eliminates the redundancy of duplicate data within and between certificate chains, but also realizes the unique mapping between data elements and indexes. This allows the index replacement during subsequent certificate encoding and the restoration of original data during certificate chain reconstruction to be executed quickly and accurately. It also adapts to the hardware performance constraints of resource-constrained devices, and while ensuring the deduplication effect, it controls memory usage and processing time to the maximum extent.

[0093] S24. Organize the common data elements and their corresponding element indices into the target shared data pool.

[0094] In this step, the deduplicated common data elements and their corresponding indexes are structured and integrated to form the final target shared data pool that can be directly used for certificate encoding and data restoration.

[0095] Specifically, the classification method and description of the corresponding independent lookup tables in the target shared data pool mentioned in S23 above are as follows: String lookup table: Stores character data elements such as proper nouns (DN) and their components (country C, organization O, common name CN, etc.) and their corresponding indexes.

[0096] OID lookup table: Stores all object identifier (OID) data elements and their corresponding indices.

[0097] Public key lookup table: Stores encryption-related data elements such as public keys and key identifiers, along with their corresponding indexes.

[0098] Signature lookup table: Stores data elements such as signature value, signature algorithm identifier, and corresponding index.

[0099] Then, all the independent lookup tables constructed according to the above classification are integrated into a continuous, unified binary data block, namely the target shared data pool, in a predefined fixed order. This data pool is a continuous byte stream, stored at the end of the single binary object (Blob). The starting offset and data size of each lookup table within it are precisely recorded in the header of the Blob file, which facilitates the parsing module to quickly locate the position of each lookup table.

[0100] In this embodiment, the final storage form of the target shared data pool is a structure of "data element type + element index + original data content", which not only ensures the regularity of data storage, but also allows the parsing module to directly calculate the storage location of the corresponding data element in the data pool through the element index, thereby realizing the rapid retrieval of the original data.

[0101] The common data elements and element index mapping table established above are used as internal auxiliary indexes of the target shared data pool and integrated into the data pool along with the various category lookup tables to ensure the callability and consistency of the mapping relationship during subsequent certificate encoding and reconstruction.

[0102] S26. Traverse each certificate in the certificate chain set, encode each certificate into a compact certificate structure, and configure the corresponding certificate chain identifier for the compact certificate structure.

[0103] The compact certificate structure includes: the element index of the common data element corresponding to each certificate and the structure index of the compact certificate structure corresponding to the superior certificate of the certificate; the structure index of the compact certificate structure corresponding to the root certificate without a superior certificate is a preset special value.

[0104] S27. Assemble all compact certificate structures with the shared data pool into a target monolithic binary object and store it in the target memory.

[0105] The explanations of S26 and S27 above can be found in the explanations of S13 and S14, and will not be repeated here.

[0106] As an extension and refinement of the above embodiments, refer to Figure 4 As shown, after assembling all the compact certificate structures and the shared data pool into a target monolithic binary object and storing it in the target memory, the certificate data reading method further includes the following steps: S41. In response to a certificate chain request from an external application, parse the certificate chain request to obtain the target certificate chain identifier.

[0107] In some embodiments, when the method provided in this application is deployed on a resource-constrained device, it can monitor in real time the certificate chain call requests initiated by external applications (such as device authentication module, profile management module, data encryption module, etc.). When a request is detected, the certificate chain reconstruction process is immediately triggered. This request is a necessary prerequisite for the device to complete security operations such as authentication, data encryption, decryption, and configuration file signature verification.

[0108] After receiving a certificate chain request from an external application, the received certificate chain request is parsed at the protocol and data layers to remove irrelevant information (such as request headers, verification information, transmission parameters, etc.) and extract the core target certificate chain identifier. This identifier is a unique identifier that is completely consistent with the certificate chain identifier configured during compressed storage and completely matches the key value of the certificate chain index table in the single binary object.

[0109] Next, the extracted target certificate chain identifier needs to be validated to determine whether it exists within the certificate chain identifier range of the current single binary object storage. If it is an invalid identifier, a request failure result is returned directly to the external application. If it is a valid identifier, the process proceeds to the subsequent compact certificate structure chain location step. This validation step avoids invalid reconstruction operations and reduces waste of device resources.

[0110] S42. Locate and extract the corresponding compact certificate structure chain from the single binary object based on the target certificate chain identifier.

[0111] Specifically, the parsing module reads a single binary object (Blob) from the device's non-volatile memory. Based on the structured design of "file header - certificate chain index table - compact certificate structure array - target shared data pool" corresponding to the Blob, it only reads the file header and certificate chain index table as needed, without loading the full compact certificate structure array and target shared data pool. This significantly reduces the amount of data and memory usage per I / O operation, adapting to the hardware characteristics of resource-constrained devices.

[0112] Then, using the target certificate chain identifier as the lookup key, a key-value matching lookup is performed in the certificate chain index table of the Blob to quickly obtain the compact structure index of the leaf certificate corresponding to the identifier, that is, the compact certificate structure corresponding to the leaf terminal entity certificate of the target certificate chain; the O(1) level lookup efficiency of the certificate chain index table allows the positioning operation to avoid traversing the entire compact certificate structure array, achieving millisecond-level fast positioning.

[0113] Then, based on the compact structure index of the leaf certificate, the compact certificate structure of the leaf certificate is located from the compact certificate structure array. Then, through the structure index in the structure (pointing to the compact certificate structure of the parent certificate), a recursive search is performed upwards to extract the compact certificate structures corresponding to the intermediate certificates and the root certificate in turn, until the root certificate with a structure index of a preset special value (such as -1) is found. All the compact certificate structures extracted in the order of leaf certificate, intermediate certificate, and root certificate are integrated to form a compact certificate structure chain that corresponds one-to-one with the original certificate chain. This structure chain is a lightweight indexed representation of the original certificate chain, containing only element indexes and structure indexes, without any original data.

[0114] S43. Based on the target shared data pool, restore the element indexes of each compact certificate structure in the compact certificate structure chain to the corresponding original data.

[0115] In this embodiment, the parsing module reads the relevant parts of the target shared data pool from the single binary object as needed, based on the starting offset and size of the target shared data pool recorded in the Blob file header, without loading the full data pool. The target shared data pool is divided into independent lookup tables such as string table, OID table, public key table, and signature value table according to data type, and each data element is mapped one-to-one with a unique element index, providing a data foundation for index restoration.

[0116] Specifically, it is necessary to traverse each compact certificate structure in the compact certificate structure chain in sequence and extract all element indices contained in each structure. These indices are short indices or pointers pointing to specific data elements in the target shared data pool, corresponding to the core data fields of the original certificate, such as the proprietary name, object identifier, public key, signature value, and key identifier.

[0117] For each extracted element index, match its data type to the corresponding independent lookup table in the target shared data pool. In the lookup table, quickly locate and read the corresponding original data content using the element index. Fill the read original data content into the corresponding field position in the compact certificate structure to complete the original data restoration of a single compact certificate structure. In turn, complete the data restoration of all structures in the compact certificate structure chain to obtain a set of certificate structures containing the original data but without established hierarchical relationships.

[0118] If domain-aware encoding was performed on non-referenced fields of the certificate during compressed storage (such as converting timestamps to compact integers, encoding certificate serial numbers with variable-length integers, and packing key usage bitmasks into a single byte), this step also requires performing reverse decoding on such fields to restore the encoded compact data to the original field format conforming to the X.509 standard, ensuring the integrity and standardization of the certificate data.

[0119] Specifically, the above S43 can be further refined into the following steps: Step 1: Traverse each compact certificate structure in the compact certificate structure chain and extract all element indices in each compact certificate structure.

[0120] Specifically, the compact certificate structure chain in this step is the sequence of compact certificate structures corresponding to the entire certificate chain obtained by backtracking from the leaf certificate through the structure index (parent certificate index), such as leaf, intermediate CA, and root CA.

[0121] During the traversal, the indexes of all elements contained in each compact certificate structure are extracted. In other words, the "index list" is extracted from the compact structure to prepare for subsequent data recovery.

[0122] Step 2: Based on the element index, perform a precise search in the target shared data pool to match the original common data element corresponding to each element index.

[0123] Then, using the index of each element extracted in step 1, an O(1) level precise search is performed in the target shared data pool.

[0124] Since the shared data pool stores a one-to-one correspondence between element indexes and original common data elements, each element index can uniquely match the corresponding original data (such as a DN string, an OID value, or a public key data block). Therefore, by using lightweight indexes to retrieve the real original data, cross-certificate data reuse can be achieved (the same element index of multiple certificates will point to the same original data in the shared data pool).

[0125] Step 3: Fill the original common data elements into the corresponding field positions of the compact certificate structure to complete the original data restoration of the compact certificate structure.

[0126] In this step, the original common data elements matched in step 2 are backfilled into the original certificate field positions corresponding to the compact certificate structure according to the preset field order, such as subject DN, OID, public key, signature value, etc.

[0127] Once all fields are filled in, the compact certificate structure is restored to a complete original certificate conforming to standard formats such as X.509. Furthermore, by performing the above operations on the entire compact certificate structure chain, a complete original certificate chain can be obtained.

[0128] S44. Based on the structure index of each compact certificate structure in the compact certificate structure chain, recursively backtrack to construct the hierarchical relationship of the certificate chain, assemble the restored original data and the constructed hierarchical relationship, and output the assembled target certificate chain.

[0129] In this step, the structure index of each compact certificate in the compact certificate structure chain needs to be called again. With the root certificate's preset special value as the termination condition, a recursive backtracking from the leaf certificate to the root certificate is performed to clarify the parent-child hierarchical relationship between the certificates, that is, the attribution relationship that the leaf certificate is issued by a certain intermediate certificate and the intermediate certificate is issued by the root certificate. At the same time, the issuer field of the non-root certificate is filled with the parent certificate data pointed to by its structure index to completely restore the issuer information of the certificate and eliminate the redundancy of the issuer field during compressed storage.

[0130] Based on the constructed hierarchical relationship, and following the certificate chain sorting rules of root certificate, intermediate certificate, and leaf certificate, all the restored certificate structures are reordered and structurally assembled. The assembly process strictly follows the standard certificate chain format requirements, supplements the necessary structural information required for the certificate standard encoding, such as tags and length identifiers, to ensure that the assembled certificate chain conforms to industry-wide standards and can be directly recognized and used by external applications and various PKI systems.

[0131] Finally, the assembled target digital certificate chain conforming to the X.509 standard is directly delivered to the external application that initiated the request for security operations such as device authentication, data encryption or decryption, profile management, and signature verification. If the external application has continuous usage needs, the reconstructed certificate chain can be temporarily cached in memory to avoid repeated reconstruction and further improve the response efficiency of subsequent requests.

[0132] This application embodiment responds to certificate chain requests from external applications, quickly locates a compact certificate structure chain based on the target certificate chain identifier, restores the original data corresponding to the element index in the shared data pool, and recursively backtracks to construct the hierarchical relationship based on the structure index. This enables efficient on-demand reconstruction of the certificate chain in resource-constrained devices, ensuring both extreme compression and data reuse of certificate storage, improving certificate access response speed, and ensuring the integrity and reliability of the certificate chain hierarchy, thus meeting the requirements for lightweight device operation and business security authentication.

[0133] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods according to the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method.

[0134] The embodiments of this application also provide a system power consumption monitoring device, which corresponds one-to-one with the method claims. Figure 5 This is a schematic diagram of the system power consumption monitoring device 500 provided in this disclosure, as shown below. Figure 5 As shown, the device 500 of this embodiment includes: Acquisition unit 51 is used to acquire a certificate chain set, identify and extract common data elements in the certificate chain set; Creation unit 52 is used to create a target shared data pool based on the common data elements; the target shared data pool stores the common data elements and the element indexes corresponding to the common data elements; Processing unit 53 is used to traverse each certificate in the certificate chain set, encode each certificate into a compact certificate structure, and configure a corresponding certificate chain identifier for the compact certificate structure; the compact certificate structure includes: the element index of the common data element corresponding to each certificate and the structure index of the compact certificate structure corresponding to the certificate's parent certificate; Among them, the structure index of the compact certificate structure corresponding to the root certificate without a superior certificate is a preset special value; Assembly unit 54 is used to assemble all compact certificate structures with the shared data pool into a target monolithic binary object and store it in the target memory.

[0135] As an optional implementation of this application, the acquisition unit 51 is specifically used to perform structured analysis on all certificates in the certificate chain set, traverse all data fields of each certificate, perform hash calculation or byte comparison on the content of each data field, identify and extract the recurring shareable data elements among the certificates, wherein the common data elements include at least a proprietary name and its components, an object identifier, a public key, a signature value and a key identifier.

[0136] As an optional implementation of this application, the creation unit 52 is specifically used to perform deduplication processing on the extracted common data elements, and assign a corresponding element index to each of the deduplicated common data elements to establish a mapping relationship between the common data elements and the element index; and organize the common data elements and the corresponding element indexes into the target shared data pool.

[0137] As an optional implementation of this application, the creation unit 52 is specifically used to construct a hash mapping table; the hash mapping table is used to store the association between the hash value of a data element and the corresponding element index; for each common data element, the corresponding data hash value is calculated; the hash value is searched in the hash mapping table: if a matching hash value is found, the common data element is determined to be a duplicate element, and the element index of the duplicate element recorded in the hash mapping table is obtained; if no matching hash value is found, the common data element is determined to be a new element, a new element index is assigned to the new element, and the mapping relationship between the data hash value and the new element index is written into the hash mapping table.

[0138] As an optional implementation of this application, the target monolithic binary object includes: a file header, a certificate chain index table, a compact certificate structure array, and the target shared data pool; wherein, the file header is used to identify the format and version of the target monolithic binary object, and also includes the total number of certificate chains, the starting offset and size of each logical part; the certificate chain index table is used to map the certificate chain identifier to the index position of the leaf certificate of the corresponding certificate chain in the compact certificate structure array; the compact certificate structure array stores all encoded compact certificate structures in sequence.

[0139] As an optional implementation of this application, the processing unit 53 is further configured to respond to a certificate chain request from an external application, parse the certificate chain request to obtain a target certificate chain identifier; locate and extract the corresponding compact certificate structure chain from the monolithic binary object according to the target certificate chain identifier; restore the element indexes of each compact certificate structure in the compact certificate structure chain to the corresponding original data based on the target shared data pool; recursively backtrack to construct the hierarchical relationship of the certificate chain according to the structure indexes of each compact certificate structure in the compact certificate structure chain; assemble the restored original data and the constructed hierarchical relationship; and output the assembled target certificate chain.

[0140] As an optional implementation of this application, the processing unit 53 is further configured to traverse each compact certificate structure in the compact certificate structure chain, extract all element indices in each compact certificate structure; perform a precise search in the target shared data pool according to the element index, and match the original common data element corresponding to each element index; and fill the original common data element into the field position corresponding to the compact certificate structure to complete the original data restoration of the compact certificate structure.

[0141] Embodiments of this application also provide an electronic device, including a memory and a processor, wherein the memory stores a computer program and the processor is configured to run the computer program to perform the steps in any of the above-described embodiments of the certificate data reading method.

[0142] Embodiments of this application also provide a computer-readable storage medium storing a computer program, wherein the computer program is configured to execute the steps in any of the above-described certificate data reading method embodiments when running.

[0143] In one exemplary embodiment, the aforementioned computer-readable storage medium may include, but is not limited to, various media capable of storing computer programs, such as a USB flash drive, read-only memory (ROM), random access memory (RAM), portable hard disk, magnetic disk, or optical disk.

[0144] Embodiments of this application also provide a computer program product, which includes a computer program that, when executed by a processor, implements the steps in any of the above-described certificate data reading method embodiments.

[0145] Embodiments of this application also provide another computer program product, including a non-volatile computer-readable storage medium storing a computer program, which, when executed by a processor, implements the steps in any of the above-described certificate data reading method embodiments.

[0146] Those skilled in the art will further recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of both. To clearly illustrate the interchangeability of hardware and software, the components and steps of the various examples have been generally described in terms of functionality in the foregoing description. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.

[0147] The foregoing has provided a detailed description of a certificate data reading method, apparatus, device, and storage medium provided in this application. Specific examples have been used to illustrate the principles and implementation methods of this application. The descriptions of the embodiments above are only intended to aid in understanding the method and core ideas of this application. It should be noted that those skilled in the art can make various improvements and modifications to this application without departing from its principles, and these improvements and modifications also fall within the protection scope of the claims of this application.

Claims

1. A method for reading certificate data, characterized in that, include: Obtain the certificate chain set, identify and extract the common data elements in the certificate chain set; Based on the aforementioned common data elements, a target shared data pool is created; The target shared data pool stores the common data elements and the element indexes corresponding to the common data elements; Iterate through each certificate in the certificate chain set, encode each certificate into a compact certificate structure, and configure the corresponding certificate chain identifier for the compact certificate structure; The compact certificate structure includes: the element index of the common data element corresponding to each certificate and the structure index of the compact certificate structure corresponding to the certificate's parent certificate; Among them, the structure index of the compact certificate structure corresponding to the root certificate without a superior certificate is a preset special value; All compact certificate structures are assembled with the shared data pool into a target monolithic binary object and stored in the target memory.

2. The method according to claim 1, characterized in that, The step of identifying and extracting common data elements in the certificate chain set includes: performing structured analysis on all certificates in the certificate chain set and traversing all data fields of each certificate; The contents of each data field are hashed or compared by bytes to identify and extract the recurring shareable data elements among the certificates. The common data elements include at least a proprietary name and its components, an object identifier, a public key, a signature value, and a key identifier.

3. The method according to claim 1, characterized in that, The step of creating a target shared data pool based on the common data elements includes: performing deduplication on the extracted common data elements, assigning a corresponding element index to each of the deduplicated common data elements, and establishing a mapping relationship between the common data elements and the element indexes. The common data elements and their corresponding element indices are organized into the target shared data pool.

4. The method according to claim 3, characterized in that, The process of deduplicating the extracted common data elements includes: Construct a hash mapping table; the hash mapping table is used to store the association between the hash value of a data element and the corresponding element index; For each of the aforementioned common data elements, calculate the corresponding data hash value; The data hash value is used to look up the data in the hash map table: If a matching hash value is found, the common data element is determined to be a duplicate element, and the element index of the duplicate element recorded in the hash mapping table is obtained. If no matching hash value is found, the common data element is determined to be a new element, a new element index is assigned to the new element, and the mapping relationship between the data hash value and the new element index is written into the hash mapping table.

5. The method according to claim 1, characterized in that, The target single binary object includes: a file header, a certificate chain index table, a compact certificate structure array, and the target shared data pool; The file header is used to identify the format and version of the target single binary object, including the total number of certificate chains, the starting offset and size of each logical part; the certificate chain index table is used to map the certificate chain identifier to the index position of the leaf certificate of the corresponding certificate chain in the compact certificate structure array; the compact certificate structure array stores all encoded compact certificate structures in sequence.

6. The method according to claim 1, characterized in that, After assembling all compact certificate structures with the shared data pool into a target monolithic binary object and storing it in the target memory, the method further includes: In response to a certificate chain request from an external application, the certificate chain request is parsed to obtain the target certificate chain identifier; Based on the target certificate chain identifier, locate and extract the corresponding compact certificate structure chain from the single binary object; Based on the target shared data pool, the element indices of each compact certificate structure in the compact certificate structure chain are restored to the corresponding original data; Based on the structure index of each compact certificate structure in the compact certificate structure chain, the hierarchical relationship of the certificate chain is recursively constructed by backtracking. The restored original data and the constructed hierarchical relationship are then assembled to output the assembled target certificate chain.

7. The method according to claim 6, characterized in that, The step of restoring the element indices of each compact certificate structure in the compact certificate structure chain to their corresponding original data based on the target shared data pool includes: Traverse each compact certificate structure in the compact certificate structure chain and extract all element indices in each compact certificate structure; Based on the element index, a precise search is performed in the target shared data pool to match the original common data element corresponding to each element index; The original common data elements are filled into the corresponding field positions of the compact certificate structure to complete the original data restoration of the compact certificate structure.

8. A certificate data reading device, characterized in that, include: The acquisition unit is used to acquire a set of certificate chains, identify and extract common data elements in the set of certificate chains; A creation unit is used to create a target shared data pool based on the aforementioned common data elements; The target shared data pool stores the common data elements and the element indexes corresponding to the common data elements; The processing unit is used to traverse each certificate in the certificate chain set, encode each certificate into a compact certificate structure, and configure the corresponding certificate chain identifier for the compact certificate structure. The compact certificate structure includes: the element index of the common data element corresponding to each certificate and the structure index of the compact certificate structure corresponding to the certificate's parent certificate; Among them, the structure index of the compact certificate structure corresponding to the root certificate without a superior certificate is a preset special value; An assembly unit is used to assemble all compact certificate structures with the shared data pool into a target monolithic binary object and store it in the target memory.

9. An electronic device, characterized in that, include: Memory, used to store computer programs; A processor, configured to implement the steps of the certificate data reading method as described in any one of claims 1 to 7 when executing the computer program.

10. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program, wherein the computer program, when executed by a processor, implements the steps of the certificate data reading method as described in any one of claims 1 to 7.