CN106372941A - CA authentication management method, device and system based on block chain - Google Patents

CA authentication management method, device and system based on block chain Download PDF

Info

Publication number
CN106372941A
CN106372941A CN201610782864.2A CN201610782864A CN106372941A CN 106372941 A CN106372941 A CN 106372941A CN 201610782864 A CN201610782864 A CN 201610782864A CN 106372941 A CN106372941 A CN 106372941A
Authority
CN
China
Prior art keywords
certificate
block chain
transaction
block
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610782864.2A
Other languages
Chinese (zh)
Other versions
CN106372941B (en
Inventor
汪德嘉
郭宇
王少凡
姜中正
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Payegis Technology Co Ltd
Original Assignee
Jiangsu Payegis Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Payegis Technology Co Ltd filed Critical Jiangsu Payegis Technology Co Ltd
Priority to CN201610782864.2A priority Critical patent/CN106372941B/en
Publication of CN106372941A publication Critical patent/CN106372941A/en
Application granted granted Critical
Publication of CN106372941B publication Critical patent/CN106372941B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification

Abstract

The present invention discloses a CA (Certification Authority) authentication management method, device and system based on block chain which can at least solve the technical problems that the safety of the root CA certificate is difficult to ensure by using the current CA authentication mode to cause the low accuracy of the whole authentication process. The block chain further includes creation blocks and routine blocks, and the creation blocks are configured to store the root CA certificate. The method comprises: receiving the application certificate transaction including non-signature certificates sent by nodes to be certificated in a block chain network; obtaining the non-signature certificates included in the application certificate transaction, and generating signature certificates according to the non-signature certificates; and sending the certificate issuing transaction including the signature certificates to the nodes to be certificated in the block chain network. The certificate issuing transaction further includes: pointing to the first output portions of the block chain account addresses of the nodes to be certificated, and pointing to the second output portions of the preset controllable block chain account addresses.

Description

Ca authentication management method based on block chain, apparatus and system
Technical field
The present invention relates to network communication technology field is and in particular to a kind of ca authentication management method based on block chain, dress Put and system.
Background technology
Digital certificate is a kind of documentary evidence being issued, being used for proof user identity on network by authoritative institution, issues The process sending out digital certificate is referred to as Certificate Authority (certification authority, abbreviation ca) process.Traditional Certificate authority system includes the multistage ca of root ca and root ca subordinate, and wherein, root ca is trust in certificate authority system Certification authority, can independently certificate, root ca passes through to Generate Certificate from signature it is not necessary to be it by other ca mechanisms Certificate.Other ca mechanisms at different levels can by its higher level ca mechanism be its certificate or ca mechanism of its subordinate and Its client's certificate, wherein, the client of ca mechanism can be various network entities, for example, it may be website (website).
Large number of due to ca mechanism, and level is different, therefore, in traditional ca verification process, in order to differentiate one The true and false of individual certificate, not only will carry out signature verification to this certificate, and, also the mechanism signing and issuing this certificate to be verified, And, if there is higher level ca mechanism in addition it is also necessary to verify to higher level ca mechanism further in the mechanism signing and issuing this certificate, until Root ca.For this reason, it may be necessary to user's certificate corresponding to built-in ca in a browser in advance, in order to verify the true and false of root ca.But It is that the built-in root ca certificate in a browser of user is easy to meet with the attack of hacker, thus results in the safety of root ca certificate Relatively low, once and root ca certificate be maliciously tampered, then can affect the result of whole proof procedure.
As can be seen here, existing verification mode is due to needing user to pre-save root ca certificate, thus not only increases use The operational ton at family, occupy the local storage space of user, the safety also resulting in root ca certificate is difficult to ensure that, and then leads to whole The accuracy of individual proof procedure reduces.
Content of the invention
In view of the above problems it is proposed that the present invention so as to provide one kind overcome the problems referred to above or at least in part solve on State the ca authentication management method based on block chain, the apparatus and system of problem.
According to one aspect of the present invention, there is provided a kind of ca authentication management method based on block chain, described block chain Further include to create generation block and conventional block, and described wound generation block is used for storing root ca certificate, methods described includes: connects That receives that node to be certified sends in block chain network comprises the application certificate transaction of certificate of unsigning;Obtain described application certificate The certificate of unsigning comprising in transaction, according to described certificates constructing signing certificate of unsigning;To described in block chain network Node to be certified send comprise described in signing certificate certificate transaction;Wherein, described certificate transaction is wrapped further Include: point to the first output par, c of described node block chain account address to be certified, and point to default controlled block chain account Second output par, c of family address.
Alternatively, further include: described application certificate is concluded the business corresponding first transaction record and described issue card Book corresponding second transaction record of concluding the business is respectively written in the conventional block of described block chain, and to comprising in block chain network The block of described first transaction record and described second transaction record is broadcasted.
Alternatively, described signing certificate is stored in the second output par, c of described certificate transaction.
Alternatively, described certificate of unsigning includes checking information, then certificates constructing of unsigning described in described basis is signed The step of name certificate specifically includes: according to described checking information, described certificate of unsigning verified, after being verified, right Described certificate of unsigning is digitally signed.
Alternatively, described checking information include following at least one: node public key to be certified, node to be certified letter Breath, node address to be certified, certification nodal information, certification node address, validity period of certificate and certificate authority time.
Alternatively, described will described application certificate conclude the business corresponding first transaction record and described certificate transaction right After the second transaction record answered is respectively written into the step in the conventional block of described block chain, further include: from described normal Described second transaction record is searched, signing certificate according to described second transaction record obtains in rule block;In block chain The cancellation of doucment transaction of signing certificate described in comprising is sent, wherein said cancellation of doucment transaction includes issuing described in sensing in network Issue licence transaction the second output par, c importation, and point to described node block chain account to be certified output section Point.
Alternatively, further include: the certificate query request that receive user terminal sends, obtain described certificate query request In the certificate information that comprises;Corresponding transaction record is searched from described routine block according to described certificate information, and according to looking into The transaction record finding obtains corresponding signing certificate;To described user terminal send described in signing certificate.
Alternatively, described, further include: inquiry after the step of signing certificate to described in described user terminal sends The transaction record corresponding with described signing certificate of storage in described routine block, when judging in described transaction record the When the state of two output par, cs is not spend state, send certificate efficient message to described user terminal;When judging described friendship When the state of the second output par, c in easily recording is to spend state, send certificate invalid message to described user terminal.
Alternatively, described ca certificate includes: root ca public key, root ca information, root ca address, validity period of certificate, certificate are issued Send out time and digital signature.
According to another aspect of the present invention, there is provided a kind of ca authentication management device based on block chain, described block chain Further include to create generation block and conventional block, and described wound generation block is used for storing root ca certificate, methods described includes: connects Receive module, be suitable to receive that node to be certified sends in block chain network that comprise the to unsign application certificate of certificate is concluded the business;Obtain Delivery block, is suitable to obtain the certificate of unsigning comprising in described application certificate transaction, is signed according to described certificates constructing of unsigning Name certificate;Sending module, is suitable to send to described node to be certified described in comprising issuing of signing certificate in block chain network Issue licence transaction;Wherein, described certificate transaction further includes: points to described node block chain account address to be certified First output par, c, and point to the second output par, c of default controlled block chain account address.
Alternatively, further include: logging modle, be suitable to by described application certificate conclude the business corresponding first transaction record with And described certificate corresponding second transaction record of concluding the business is respectively written in the conventional block of described block chain, and in block chain In network, the block comprising described first transaction record and described second transaction record is broadcasted.
Alternatively, described signing certificate is stored in the second output par, c of described certificate transaction.
Alternatively, described certificate of unsigning includes checking information, then described acquisition module specifically for: tested according to described Card information is verified to described certificate of unsigning, and after being verified, described certificate of unsigning is digitally signed.
Alternatively, described checking information include following at least one: node public key to be certified, node to be certified letter Breath, node address to be certified, certification nodal information, certification node address, validity period of certificate and certificate authority time.
Alternatively, further include: revocation module, it is suitable to search described second transaction record from described routine block, Signing certificate according to described second transaction record obtains;Send described in comprising signing certificate in the block chain network Cancellation of doucment is concluded the business, and wherein said cancellation of doucment transaction includes pointing to the input of the second output par, c of described certificate transaction Part, and point to the output par, c of described node block chain account to be certified.
Alternatively, further include: enquiry module, it is suitable to the certificate query request of receive user terminal transmission, obtain institute State the certificate information comprising in certificate query request;Corresponding transaction is searched from described routine block according to described certificate information Record, and corresponding signing certificate is obtained according to the transaction record finding;Sign to described in the transmission of described user terminal Certificate.
Alternatively, described enquiry module is further used for: inquiry described routine block in storage with described card of having signed The corresponding transaction record of book, when the state of the second output par, c judged in described transaction record is not spend state, to Described user terminal sends certificate efficient message;When the state of the second output par, c judged in described transaction record is colored When taking state, send certificate invalid message to described user terminal.
Alternatively, described ca certificate includes: root ca public key, root ca information, root ca address, validity period of certificate, certificate are issued Send out time and digital signature.
According to another aspect of the invention, there is provided a kind of ca authentication administrative system based on block chain, including above-mentioned Ca authentication management device, and node to be certified.
In the ca authentication management method based on block chain that the present invention provides, apparatus and system, using block chain network Manage certificate and the customer's certificate of ca mechanisms at different levels, and, root ca certificate stored in the wound generation block of block chain network, Because wound generation block is first block, therefore, safety is high, is difficult to be tampered.Correspondingly, the present invention is by certificate Process is converted into the process of exchange in block chain network, and using block chained record transaction record mode by all about certificate Operating process all recorded in block chain so that user need not be in locally pre- counterfoil ca certificate, only need to be according to block chain Network carries out inquiring about, and thus not only simplify user operation, has saved user's space, and greatly improves root ca certificate Safety and the accuracy of subsequent authentication process.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of description, and in order to allow the above and other objects of the present invention, feature and advantage can Become apparent, below especially exemplified by the specific embodiment of the present invention.
Brief description
By reading the detailed description of hereafter preferred implementation, various other advantages and benefit are common for this area Technical staff will be clear from understanding.Accompanying drawing is only used for illustrating the purpose of preferred implementation, and is not considered as to the present invention Restriction.And in whole accompanying drawing, it is denoted by the same reference numerals identical part.In the accompanying drawings:
Fig. 1 shows the Node distribution figure in the block chain network of the embodiment of the present invention;
The flow chart that Fig. 2 shows the ca authentication management method based on block chain that one embodiment of the invention provides;
Fig. 3 shows the certification hierarchy of root ca;
The flow chart that Fig. 4 shows the certificates constructing process of other ca mechanisms;
Fig. 5 shows the schematic diagram of a transaction;
Fig. 6 shows the schematic diagram of a certificate transaction;
The flow chart that Fig. 7 shows the certificates constructing process of the client of ca mechanism;
Fig. 8 shows the certification hierarchy figure of signing certificate;
Fig. 9 a show in the embodiment of the present invention three issue and Website server that cancellation of doucment link relates generally to, Ca and the schematic flow sheet of block chain;
Fig. 9 b shows that in the embodiment of the present invention three, the Website server relating generally to, user are whole in inquiry certificate link End and the schematic diagram of block chain;
Figure 10 shows the network architecture diagram based on block chain;
Figure 11 shows a kind of structure of ca authentication management device based on block chain that another embodiment of the present invention provides Figure;
Figure 12 shows a kind of structure of ca authentication administrative system based on block chain that another embodiment of the present invention provides Schematic diagram.
Specific embodiment
It is more fully described the exemplary embodiment of the disclosure below with reference to accompanying drawings.Although showing the disclosure in accompanying drawing Exemplary embodiment it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here Limited.On the contrary, these embodiments are provided to be able to be best understood from the disclosure, and can be by the scope of the present disclosure Complete conveys to those skilled in the art.
Embodiments provide a kind of ca authentication management method based on block chain, apparatus and system, at least can The safety solving the root ca certificate that existing ca verification mode is led to is difficult to ensure that, and then leads to the standard of whole proof procedure The technical problem that really property reduces.
In embodiments of the present invention, it is specifically related to a few class network entities as follows in block chain network: (1) root ca, is to be subject to most The certificate agency trusted;(2) other ca at different levels (non-root ca), need to rely on higher level ca mechanism to identify its body for its certificate Part;(3) client server, to the corresponding server of user of ca mechanism requests certificate, such as Website server it will be appreciated that Client for ca mechanism;(4) domestic consumer, needs the corresponding user of user verifying other side's certificate whole during network service End.Wherein, in embodiments of the present invention, first three class network entity is linked into block chain network as the node in block chain network In, thus the full detail in block chain can be inquired about, the 4th class network entity does not access as the node in block chain network To in block chain network, thus any node need to being first coupled in block chain network is inquired about.Certainly, the present invention other Embodiment in it is also possible to the light node also serving as the 4th class network entity in block chain network is linked into block chain network In, in order to inquire about.In addition, in above-mentioned a few class network entities, ca mechanism belongs to the complete node in block chain network, has Packing power, can either write transaction record it is also possible to read the transaction record in block chain in block chain;Client server can To be complete node or non-fully node, but there is no packing power it is impossible to enough write transaction record in block chain, be merely able to Read the transaction record in block chain.Fig. 1 shows the Node distribution figure in the block chain network of the embodiment of the present invention.As Fig. 1 Shown, ground floor is root ca, because the certificate of root ca is self-signed certificate, therefore, writes wound generation beforehand through hard coded mode In block, to realize the purpose that cannot change, and then improve safety.Can is other ca mechanisms, and the certificate of such ca mechanism needs Issued by higher level ca mechanism.For example, in FIG, ca1, ca2 and ca3 are the subordinate ca of root ca, and it need to issue card by root ca for it Book, to prove the identity of oneself.Ca11 and ca12 be ca1 subordinate ca, its need to by ca1 for its certificate to prove identity. Client server is the client needing to ca mechanism requests certificate, and wherein, Consumer Role includes but are not limited to website clothes Business device, understands for convenience, illustrates in the present embodiment taking Website server as a example.For example, in FIG, customer service Device 1 and client server 2 are the client of ca11.
The flow chart that Fig. 2 shows the ca authentication management method based on block chain that one embodiment of the invention provides.Fig. 2 The executive agent of shown method both can be root ca or other ca at different levels.As shown in Fig. 2 the method includes:
Step s210: what reception node to be certified sent in block chain network comprises the application certificate friendship of certificate of unsigning Easily.
Wherein, node to be certified refers to the network entity that all kinds of needs are its certificate by ca mechanism, for example, it may be Ca mechanism of subordinate or client server.Wherein, this application certificate transaction includes certificate of unsigning.
Step s220: obtain the certificate of unsigning comprising in above-mentioned application certificate transaction, according to this certificates constructing of unsigning Signing certificate.
Wherein, generate signing certificate by way of certificate of unsigning is signed.Specifically, can pass through all kinds of Digital Signature Algorithm is signed, and the present invention does not limit to specific signature algorithm.
Alternatively, before being signed, initiator's (i.e. above-mentioned section to be certified of checking application certificate transaction further Point) whether it is to audit the network node passing through in advance, and only signed when the result is correct, if the result mistake, Refusal signature.Send application certificate transaction by verifying that link is prevented from unauthorized malicious behaviors of nodes, improve application certificate transaction Reliability.
Step s230: send the certificate transaction comprising signing certificate in block chain network to node to be certified; Wherein, certificate transaction further includes: points to the first output par, c of node block chain account address to be certified, and refers to The second output par, c to default controlled block chain account address.
Wherein, certificate transaction is generated and sent according to signing certificate, to notify node certificate application to be certified to become Work(.
Alternatively, the embodiment of the present invention can further include following steps s240: will apply for that certificate transaction corresponds to The first transaction record and certificate conclude the business corresponding second transaction record be respectively written in the conventional block of block chain, and Block chain network is broadcasted to the block comprising described first transaction record and described second transaction record.
Specifically, in the present invention, block chain further includes to create generation block and conventional block, and wound generation block is used for Storage root ca certificate, conventional block is used for storing the corresponding transaction record of all kinds of certificate authority operations, so that subsequent query.Institute Meaning wound generation block, refers to first block in block chain, and it generates the time earliest, safety highest, and subsequently other blocks are equal Have no right wound generation block is modified, therefore, root ca certificate is stored in wound generation block and can be obviously improved root ca certificate Safety.In block chain, other blocks in addition to wound generation block are referred to as conventional block, for storing each transaction record, with For inquiry.
Wherein, the executive agent of step s240 both can be node to be certified mentioned above or block link network Other network nodes in network, for example, it is also possible to be the network node that certificate of unsigning is executed with signature operation.The present invention is to step The executive agent of rapid s240 does not limit, and therefore, step s240 is an optional step.
As can be seen here, in the ca authentication management method based on block chain that the present invention provides, using block chain network pipe Manage certificate and the customer's certificate of ca mechanisms at different levels, and, root ca certificate is stored in the wound generation block of block chain network, by It is first block in wound generation block, therefore, safety is high, is difficult to be tampered.Correspondingly, the present invention is by the mistake of certificate Journey is converted into the process of exchange in block chain network, and using block chained record transaction record mode by all about certificate Operating process all recorded in block chain, so that user need not be in locally pre- counterfoil ca certificate, only need to be according to block link network Network carries out inquiring about, and thus not only simplify user operation, has saved user's space, and greatly improves the peace of root ca certificate Full property and the accuracy of subsequent authentication process.
Describe the concrete of the ca authentication management method based on block chain that the present invention provides with reference to instantiation in detail Realize details.Wherein, relate generally to three kinds of management types, respectively certificate, cancellation of doucment and inquiry certificate, lead to below Cross three embodiments introduce respectively each type of management operation idiographic flow:
Embodiment one,
The present embodiment is mainly used in realizing the management operation of certificate class.Specifically, certificate is related to root ca certificate Generating process, subordinate ca superior ca apply for that the process of certificate and client apply for the process of certificate to ca mechanism, separately below Introduced:
(1) the certificates constructing process of root ca mechanism:
Because root ca is the certificate agency of trust, and the certificate of root ca is self-signed certificate, no higher level ca certification, Therefore, the certificate of root ca be can trust for a long time, with little need for change.So, in embodiments of the present invention by root ca Certificate writes wound generation block by hard coded mode, after being all built upon creating generation block due to remaining block, so block chain The operation of upper each node cannot be modified to wound generation block, even if thus having ensured node in block chain by malicious attack The certificate of root ca cannot be changed.Fig. 3 shows the certification hierarchy of root ca, because the certificate of root ca is self-signed certificate, need not go up Level ca mechanism signs for it, so only the root ca information of itself need to be recorded in certificate.As shown in figure 3, root ca certificate includes: card The public key of book mechanism, certificate agency information, the block chain account address of certificate agency, validity period of certificate, certificate authority time etc. Other information and digital signature.Wherein, block chain account address includes but is not limited to bit coin address.
(2) the certificates constructing process of other ca mechanisms:
The flow chart that Fig. 4 shows the certificates constructing process of other ca mechanisms.As shown in figure 4, the certificate of other ca mechanisms Generating process comprises the steps:
Step s410: superior ca mechanism in block chain network of ca mechanism of subordinate sends application certificate transaction.
Here, subordinate ca mechanism is it can be appreciated that node to be certified, and higher level ca mechanism is it can be appreciated that certification node. The embodiment of the present invention can the transaction form based on publicly-owned block chain be realized, and therefore, every transaction may include input and output two Part.Fig. 5 shows the schematic diagram of this transaction, can comprise the certificate of unsigning of ca mechanism of subordinate in output par, c, that is, not complete Whole certificate.Wherein, in order to prevent any certificate of other nodes on block chain, in certificate of unsigning, it is written with higher level The relevant information of ca mechanism.
Step s420: higher level ca mechanism obtains the certificate of unsigning comprising in the transaction of above-mentioned application certificate, according to unsigning Certificates constructing signing certificate.
In order to improve safety, alternatively, in this step, higher level ca mechanism gets in above-mentioned application certificate transaction and wraps After the certificate of unsigning containing, further this certificate of unsigning is verified, and execute subsequent operation only after being verified. For the ease of checking, checking information can be comprised further in above-mentioned certificate of unsigning, this checking information is above-mentioned except including Outside the relevant information of higher level ca mechanism mentioned, node public key to be certified, nodal information to be certified, to be certified can also be included Node block chain account address, certification nodal information, certification node block chain account address, validity period of certificate and certificate are issued At least one of information such as the time of sending out.During concrete checking, higher level ca mechanism is according to above-mentioned checking information to ca mechanism of subordinate Identity is verified, and the legitimacy of certificate of unsigning is verified.And, higher level ca mechanism also will verify further not to be signed The certificate agency block chain account address that the comprises whether block chain account addresses match with this higher level ca mechanism in name certificate, If coupling, illustrate that the certificate mechanism that ca mechanism of subordinate specifies is this higher level ca mechanism, thus continue executing with subsequent step; If mismatching, not this higher level ca mechanism of certificate mechanism that ca mechanism of subordinate specifies is described, thus to ca mechanism of subordinate Return error message, to point out ca mechanism of subordinate to resend correct Transaction Information.Wherein, the present invention holds to verification step Row opportunity does not limit, for example, it is also possible to be verified after signature.In addition, each included in verification step verifies ring The execution sequence of section is also arbitrary, and the checking that those skilled in the art can arrange each checking link according to actual needs is suitable Sequence.
After above-mentioned proof procedure all passes through, higher level ca mechanism signs to certificate of unsigning, and that is, supplement is not completely signed Name certificate, obtains signing certificate.Generally comprise in signing certificate: the public key of user, the information of user, the block chain of user Account address, certificate agency information, the block chain account address of certificate agency, validity period of certificate, certificate authority time etc. other Information and digital signature.Wherein, user refers to ca mechanism of subordinate, and certificate agency refers to higher level ca mechanism, and digital signature refers to Higher level ca mechanism carries out the result of private key encryption to the Hash of the other information in addition to digital signature in certificate.
In addition, higher level ca mechanism also generates the controlled address that can control, wherein, this controlled address both can be in step Generate it is also possible to previously generate in s420, the present invention did not limited to the generation opportunity of controlled address.Generate this controlled address Purpose essentially consists in identity certificate status information, in order to inquire about certificate status.
Step s430: higher level ca mechanism sends to ca mechanism of subordinate in block chain network and comprises issuing of signing certificate Certificate is concluded the business;Wherein, this certificate transaction further includes: points to the first output par, c of node to be certified, and points to Second output par, c of default controlled address.Here, controlled address is controlled block chain account address mentioned above Referred to as.And, typically by it, account address in block chain network is identified node to be certified, therefore, first Output par, c actually points to node block chain account address to be certified.In addition, when other networks of sensing referred to herein During node (such as subordinate ca mechanism), it is also actually the block chain account address pointing to this network node.
Higher level ca mechanism initiates a certificate transaction to ca mechanism of subordinate, and signing certificate is write this transaction Output par, c.Fig. 6 shows the schematic diagram of this certificate transaction, as shown in fig. 6, the transaction of this certificate is sent out by root ca mechanism Rise, " input " in Fig. 6 is partly the importation of transaction, this partly can be for empty it is also possible to add the address information of root ca. As shown in fig. 6, this transaction has two output par, cs, wherein, output 0 is to point to (i.e. area of subordinate ca mechanism of ca mechanism of subordinate Block chain account address) the first output par, c, be used for being sent to ca mechanism of subordinate, to notify this certificate of ca mechanism of subordinate to issue Send out.Output 1 be point to above-mentioned controlled address the second output par, c, wherein, this partly in " signing certificate " represent pass through The overall format certificate of signature.Wherein, the order of above-mentioned output 0 and output 1 can be arbitrary.In addition, in this step, Higher level ca mechanism collects money from the audience further to generate the second above-mentioned output par, c in controlled address, and therefore, the output of this part also may be used Do not spend transaction output (unspent transaction outputs, abbreviation utxo) to be referred to as.Therefore, the second output par, c Original state effectively do not spend state for identity certificate it may be assumed that as long as higher level ca mechanism squeezes into in controlled address Money (such as bit coin) is not spent, then the state of the second output par, c always remains as and do not spend state, thus certification Effectively, once the money that higher level ca mechanism squeezes into in controlled address is spent, then the state of the second output par, c is changed into Cost state, thus certification is invalid.
Step s440: above-mentioned application certificate is concluded the business by higher level ca mechanism and certificate is concluded the business, and corresponding transaction record is write Enter in the conventional block of block chain, and in block chain network to comprise described first transaction record and described second transaction note The block of record is broadcasted.
Wherein, step s440 is an optional step.In addition, the executive agent of step s440 is except being higher level ca Outside mechanism, can also be other network nodes in block chain network, the present invention do not limit by above-mentioned application certificate transaction and The corresponding transaction record of certificate transaction writes the network node of block chain.And, above-mentioned application certificate is concluded the business and is issued The certificate corresponding transaction record of transaction both can be write by same network node it is also possible to be write by different network nodes respectively Enter.
(3) the certificates constructing process of client:
The flow chart that Fig. 7 shows the certificates constructing process of the client of ca mechanism, in this example, with client as website service Illustrate as a example device, in fact, in addition to Website server, can also be other kinds of client server.As shown in fig. 7, The certificates constructing process of client comprises the steps:
Step s710: Website server sends application certificate transaction to ca mechanism in block chain network.
Here, Website server is it can be appreciated that node to be certified, and ca mechanism is it can be appreciated that certification node.This pen The certificate of unsigning of Website server, i.e. incomplete certificate is comprised in the output par, c of transaction.Wherein, in order to prevent block chain On any certificate of other nodes, certificate of unsigning also is written with the relevant information of ca mechanism.Then, website service Device is by the conventional block applying for certificate transaction corresponding transaction record write block chain.
Step s720:ca mechanism obtains the certificate of unsigning comprising in above-mentioned application certificate transaction, according to certificate of unsigning Generate signing certificate, and generate the controlled address that this ca mechanism can control.
In order to improve safety, alternatively, in this step, ca mechanism gets and comprises in the transaction of above-mentioned application certificate Unsign after certificate, further this certificate of unsigning is verified, and execute subsequent operation only after being verified.In order to It is easy to verify, can comprise checking information in above-mentioned certificate of unsigning further, this checking information removes ca mentioned above Outside the relevant information of mechanism, can also be node public key to be certified, nodal information to be certified, node address to be certified, certification The information such as nodal information, certification node address, validity period of certificate and certificate authority time.Concrete when verifying, ca mechanism according to Above-mentioned checking information is verified to the identity of Website server, and the legitimacy of certificate of unsigning is verified.And, ca Mechanism also will verify the addresses match whether with this ca mechanism for the certificate agency address comprising in certificate of unsigning further, if Coupling, then the certificate mechanism that explanation Website server is specified is this ca mechanism, thus continues executing with subsequent step;If not Join, then not this ca mechanism of certificate mechanism that explanation Website server is specified, thus return mistake to Website server and disappear Breath, to point out it to resend correct Transaction Information.
After above-mentioned proof procedure all passes through, ca mechanism signs to certificate of unsigning, i.e. supplementary card of completely unsigning Book, obtains signing certificate.Wherein, the certification hierarchy of signing certificate is as shown in Figure 8, comprising: the public key of user, the letter of user The other informations such as breath, the address of user, certificate agency information, the address of certificate agency, validity period of certificate, certificate authority time with And digital signature.
In addition, ca mechanism also will generate the controlled address that can control, this controlled address can generate in this step, Can previously generate, the purpose generating this controlled address essentially consists in Store Credentials status information, in order to inquire about certificate status.
Step s730:ca mechanism sends, to Website server, the certificate comprising signing certificate in block chain network Transaction;Wherein, this certificate transaction further includes: points to the first output par, c of Website server, and points to controlled Second output par, c of address, and be stored with the second output par, c and effectively do not spend status information for identity certificate.
Ca mechanism initiates a certificate transaction to Website server, signing certificate is write the output of this transaction Part.Wherein, this transaction has two output par, cs, and wherein, the first output par, c pointing to ca mechanism of subordinate is used for sending To ca mechanism of subordinate, to notify this certificate of ca mechanism of subordinate to issue.Second output par, c points to above-mentioned controlled address, its In, this partly in sig (cert) represent through signature overall format certificate.In addition, in this step, ca mechanism is further Collect money from the audience in controlled address to generate the second above-mentioned output par, c, therefore, the output of this part may also be referred to as not spending transaction Output (unspent transaction outputs, abbreviation utxo).Alternatively, it is also possible to be interpreted as in the output of this part comprising As long as have effectively not spending status information for identity certificate it may be assumed that the money that ca mechanism squeezes into in controlled address (is also bit Coin) be not spent, then explanation certificate is effective.
Above-mentioned application certificate is concluded the business and the corresponding transaction record write area of certificate transaction by step s740:ca mechanism In the conventional block of block chain, and in block chain network, the block comprising above-mentioned transaction record is broadcasted.
Wherein, step s740 is an optional step.In addition, the executive agent of step s740 is except being ca mechanism Outward, can also be other network nodes in block chain network, the present invention does not limit the transaction of above-mentioned application certificate and issues The corresponding transaction record of certificate transaction writes the network node of block chain.And, above-mentioned application certificate is concluded the business and certificate Corresponding transaction record of concluding the business both can have been write by same network node it is also possible to be write by different network nodes respectively.
Embodiment two,
The present embodiment is mainly used in realizing the management operation of cancellation of doucment class.Specifically, cancellation of doucment is related to higher level ca mechanism Cancel the operation of the certificate that it issues for ca mechanism of subordinate, and ca mechanism cancels the operation of the certificate that it issues for client, by Flow process in two class destruction operations is similar to, and therefore, mainly introduces first kind destruction operation below:
Because the corresponding address of certificate is controlled by certification authority, therefore, card is issued in certification authority inquiry The transaction of book, and inquire about the output par, c (i.e. utxo) being located to the controlled address that certificate agency is generated, by this output par, c In the amount of money that comprises use up, that is, show that certificate is revoked.
Specifically, ca mechanism searches the corresponding transaction record of above-mentioned certificate from conventional block, is obtained according to this transaction record Take signing certificate;Send the cancellation of doucment comprising this signing certificate to conclude the business, the transaction of this cancellation of doucment includes sensing and issues card The importation of the second output par, c of book transaction, and the output par, c pointing to node block chain account to be certified.Specifically real Now, the transaction of this cancellation of doucment quotes, in importation, the output par, c pointing to default controlled address in certificate transaction, The block chain account address of ca mechanism can be set in output par, c.Can be default controlled by pointing to by cancellation of doucment transaction The state of the second output par, c of block chain account address is to have spent state from the initial Status Change that do not spend, thus indicating Certificate is invalid.
Above-mentioned revocation mode both can apply to the certificate of ca mechanism be cancelled it is also possible to be applied to the card to client Book is cancelled.After certificate revocation, the state information updating that do not spend in the output of the corresponding transaction of this certificate is to have spent shape State information, thus show that certificate is invalid.
Embodiment three,
The present embodiment is mainly used in realizing inquiry (checking) certificate class management operation.Wherein, the checking of certificate typically by The user interacting with certificate owner's (such as Website server) existence information goes to verify, proof procedure not only gather around by certificate to be verified Whether effectively the certificate that the person of having itself is had, also successively will verify the certificate of certification authority upwards.Specifically, authenticated The key step of journey is as follows:
Step one, user terminal access server, server sends, to user terminal, the certificate that server is had.
Specifically, user need to verify whether the contents such as the effect duration of certificate are correct, if correctly, continues executing with follow-up step Suddenly, otherwise confirm certificate error.
Step 2, user terminal send certificate query request, this network section to the arbitrary network node in block chain network Point receives and processes this certificate query request.
Wherein, receive and process this certificate query request network node both can be ca mechanism or website clothes Business device, due to the distributed storage feature of block chain network decentration, saves complete area on each network node Block chain information.The certificate information that this network node wherein comprises according to certificate query acquisition request, and machine issued according to certificate The corresponding transaction of block chain account address search certificate of structure and certificate owner, takes out Transaction Information.
Step 3, this network node obtain corresponding signing certificate according to Transaction Information, and this signing certificate is sent To user terminal.
Specifically, the address of certification authority first according to described in certificate for this network node and certificate owner The address of (such as Website server) searches, to block chain, the transaction that this certification authority is initiated to certificate owner, inquires A up-to-date transaction, and take out signing certificate therein.Then, this signing certificate of this network node is sent to user Terminal.Whether the signing certificate that user relatively receives is consistent with the certificate receiving in step one, if consistent, continues executing with Subsequent step, otherwise confirms certificate error.
The transaction record corresponding with signing certificate of storage in step 4, inquiry block chain, when judging transaction record In the second output par, c when comprising not spending status information, confirm that certificate is effective;When judging that in transaction record second is defeated Go out part when comprising to spend status information, confirm that certificate is invalid.
Wherein, step 4 both can have been completed by user terminal it is also possible to be completed by user terminal requests ca mechanism.And, Step 4 can answer the request of user terminal to trigger it is also possible to automatically trigger after step 3 is finished.Specifically, if should Pen output is used up, then explanation certificate has been revoked;If this output is not used up, illustrate that certificate effectively, wherein, is used up Mean that by this export the amount of money having pass through trade give-ups to other addresses.
The certificate of step 5, recurrence examination of credentials issuing organization upwards, until root certificate.
Wherein, step 5 both can trigger it is also possible to after step 4 has executed automatically under the request of user terminal Triggering.In order to ensure the effectiveness of certificate, need to examine the legitimacy of the issuing organization of this certificate further, i.e. examine further Whether the certificate looking into the issuing organization of this certificate is effective.The checking process of this part and the examination class to Website server certificate Seemingly, mainly examine in terms of the correctness of certificate and effectiveness two.Wherein, except root certificate, other mistakes inquiring about certificates at different levels Journey is essentially identical: first, according to the content verification such as effect duration on certificate certificate, secondly, goes to search the card of preservation on block chain Secretary records, and compares examination of credentials whether correct, finally, by inquiring about whether utxo state is revoked come examination of credentials.As for root The examination of certificate, only need to go to create in generation block to be examined, not need to verify whether to be revoked.Because root certificate is from signature Certificate, does not have higher level's issuing organization, would not be revoked after write wound generation block.So the process of checking root certificate only needs Whether whether certificate to be verified correctly can be it is not necessary to going to examine effect duration and being revoked.
If each of the above step card does not pass through, that is, explanation existing problems, directly can return the result, need not continue Continuous checking.
By above-mentioned flow process, it is achieved that the checking process of certificate.In addition, in order to be more fully understood from the present invention, Fig. 9 a The flow chart respectively illustrating the links being related in the above embodiment of the present invention with Fig. 9 b.As illustrated in fig. 9, the present invention Issuing and cancellation of doucment link relates generally to Website server, ca and block chain in above-described embodiment.In step 91, Website server initiates transaction, sends certificate of unsigning.In step 92, ca authority signature certificate, the account that Generates Certificate address (i.e. controlled address mentioned above).In step 93, ca mechanism initiates certificate transaction, by certificate write and to certificate account Collect money from the audience in family.In step 94, the utxo collecting money from the audience in certificate transaction inquires about in ca mechanism, generates a cancellation of doucment transaction, will This output is used up.As shown in figure 9b, Website server, use are related generally in inquiry certificate link in the above embodiment of the present invention Family terminal and block chain.In step 95, user terminal access Website server.In step 96, Website server to Family terminal returns certificate.In step 97, user is according to Transaction Information corresponding with this certificate in certificate lookup block chain.In step In rapid 98, the certificate on the certificate of Website server and block chain is made comparisons by user terminal.In step 99, user terminal is tested Corresponding utxo state in card transaction.In step 100, examine the certificate of ca mechanism.In a step 101, examine root ca mechanism Certificate.Return examination result in a step 102.
Figure 10 shows the network architecture diagram based on block chain.As shown in Figure 10, this network architecture includes: root ca, root ca Subordinate ca1 and the bit coin address (i.e. controlled address mentioned above) being controlled by root ca, also include: client's net of ca1 Site server and the bit coin address (i.e. controlled address mentioned above) being controlled by ca1, in addition, also include user user eventually End and block chain wound generation block.It can be seen from fig. 10 that Website server can send application certificate transaction, ca1 to ca1 Application certificate transaction can also be sent to root ca.Correspondingly, root ca can send certificate transaction to ca1, and ca1 can also be to Website server sends certificate transaction, wherein, in addition it is also necessary to machine to certificate while sending certificate transaction Structure is collected money from the audience in controlled bit coin address.In addition, user can access the effectiveness that arbitrary network node verifies certificate.
As can be seen here, what the present invention carried out ca certificate using block chain the management operation such as issues, cancels and inquires about, fully Make use of the feature being difficult to distort and come into the open of block chain, compensate for the deficiency in traditional ca certification so that ca issue and Revocation information is propagated faster, improves the credibility of certification authority, especially root ca, user can pass through real-time query area Record on block chain carrys out examination of credentials, relatively reliable.Even if in addition, depending on the distributed nature of block chain so that ca node Do not interfere with the safety of whole ca network in the case of suffering from malicious attack, and block chain network is possible in short-term yet Interior perceive problem.
In addition, those skilled in the art can carry out various changes and deform to above-described embodiment, for example, art technology Personnel can also be modified from following several respects:
(1) in the above-described embodiments, the node on block chain comprises ca mechanism and applies for the mechanism of certificate (as website service Device), and domestic consumer verifies and is verified by accessing any node on block chain during certificate.It is alternatively possible to allow common The node that user also serves as on block chain accesses, to improve the motility of proof procedure.
(2) because the certificate of root ca is to write wound generation block by hard coded, block chain network exists multiple ca, Once certain root ca is broken, to change root ca, it will destroy whole block chain network.Alternatively, it is that all of ca builds A vertical superior root, write wound generation block.Come for root ca certificate by superior root.
(3) present invention generates the controlled address of a certification authority in certificate, and transaction generates this account Whether the corresponding utxo in family, used up to judge whether certificate cancels by this utxo.Alternatively, because the effectiveness of certificate is Depend on utxo, not particular account, therefore, same account can be multiplexed, that is, a certification authority only needs to give birth to Become such account, the utxo that all certificates that this certification authority is issued are generated all corresponds to this account.
(4) in the certificate of the embodiment of the present invention, comprise the address that option is certification authority and application organization, It is its corresponding account address in block chain network.Alternatively, in order to keep the unification with traditional certificate format, this part Can not put in certificate, and inside the output par, c content of every transaction of writing direct, as follows:
Figure 11 shows a kind of structure of ca authentication management device based on block chain that another embodiment of the present invention provides Figure.Wherein, block chain further includes to create generation block and conventional block, and wound generation block is used for storing root ca certificate, described Device includes:
Receiver module 101, is suitable to receive that node to be certified sends in block chain network comprises the Shen of certificate of unsigning Please certificate transaction;
Acquisition module 102, is suitable to obtain the certificate of unsigning comprising in described application certificate transaction, is unsigned according to described Certificates constructing signing certificate;
Sending module 103, be suitable to send to described node to be certified in block chain network comprise described in signing certificate Certificate transaction;Wherein, described certificate transaction further includes: points to described node block chain account ground to be certified First output par, c of location, and point to the second output par, c of default controlled block chain account address.
Alternatively, this device further includes: logging modle 104, is suitable to described application certificate transaction corresponding first Transaction record and described certificate corresponding second transaction record of transaction are respectively written in the conventional block of described block chain, And in block chain network, the block comprising described first transaction record and described second transaction record is broadcasted.
Alternatively, described signing certificate is stored in the second output par, c of described certificate transaction.
Alternatively, described certificate of unsigning includes checking information, then described acquisition module specifically for: tested according to described Card information is verified to described certificate of unsigning, and after being verified, described certificate of unsigning is digitally signed.
Alternatively, described checking information include following at least one: node public key to be certified, node to be certified letter Breath, node address to be certified, certification nodal information, certification node address, validity period of certificate and certificate authority time.
Alternatively, this device further includes: revocation module, is suitable to search described second transaction from described routine block Record, signing certificate according to described second transaction record obtains;Block chain network sends and signs described in comprising The cancellation of doucment transaction of certificate, wherein said cancellation of doucment transaction includes pointing to the second output par, c of described certificate transaction Importation, and point to described node block chain account to be certified output par, c.
Alternatively, this device further includes: enquiry module, is suitable to the certificate query request of receive user terminal transmission, Obtain the certificate information comprising in described certificate query request;Searched from described routine block according to described certificate information and correspond to Transaction record, and corresponding signing certificate is obtained according to the transaction record that finds;Send described to described user terminal Signing certificate.Specifically, described enquiry module is further used for: in inquiry described routine block, storage is signed with described The corresponding transaction record of certificate, when judging the second output par, c in described transaction record is not spend state, to described User terminal sends certificate efficient message;When judging the second output par, c in described transaction record is to spend state, Send certificate invalid message to described user terminal.
Wherein, described ca certificate includes: root ca public key, root ca information, root ca address, validity period of certificate, certificate authority Time and digital signature.
The specific works details of above-mentioned modules can refer to the description of appropriate section in embodiment of the method, no longer superfluous herein State.
In addition, the above-mentioned ca authentication management device based on block chain is usually ca mechanisms at different levels mentioned above.
Figure 12 shows a kind of structure of ca authentication administrative system based on block chain that another embodiment of the present invention provides Schematic diagram, as shown in figure 12, this system includes: above-mentioned ca authentication management device 100, and node to be certified 110.Wherein, ca Authentication management device 100 both can be root ca or other ca at different levels;Node 110 to be certified both can be ca machines at different levels Structure or client server.
In sum, in the inventive solutions, the main several key problem in technology points as follows that include:
First, using certificate as on the part write block chain of transaction, the trust of block chain is joined jointly by all nodes With complete.Thereby ensure that the correctness of certificate.
Secondly, even if root certificate is write in wound generation block so that certain node on block chain is by malicious attack, also no Method arbitrarily changes root certificate.
Again, using the transactional nature of bit coin, by concluding the business, whether the utxo generating is consumed, and to judge that certificate is No it is revoked.The process of checking examines up-to-date record on current block chain in real time every time, and solving user cannot know in time The problem whether certificate is revoked.
Finally, in conjunction with the distributed feature of block chain, all nodes all save the record of transaction, and therefore user can connect It is connected to arbitrary node to go to be examined.Checking process is made not rely on single source it is therefore prevented that recording the wind being maliciously tampered Danger.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein. Various general-purpose systems can also be used together with based on teaching in this.As described above, construct required by this kind of system Structure be obvious.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to use various Programming language realizes the content of invention described herein, and the description above language-specific done is to disclose this Bright preferred forms.
In description mentioned herein, illustrate a large amount of details.It is to be appreciated, however, that the enforcement of the present invention Example can be put into practice in the case of not having these details.In some instances, known method, structure are not been shown in detail And technology, so as not to obscure the understanding of this description.
Similarly it will be appreciated that in order to simplify the disclosure and help understand one or more of each inventive aspect, Above in the description to the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect an intention that i.e. required guarantor The application claims of shield more features than the feature being expressly recited in each claim.More precisely, it is such as following Claims reflected as, inventive aspect is all features less than single embodiment disclosed above.Therefore, The claims following specific embodiment are thus expressly incorporated in this specific embodiment, wherein each claim itself All as the separate embodiments of the present invention.
Those skilled in the art are appreciated that and the module in the equipment in embodiment can be carried out adaptively Change and they are arranged in one or more equipment different from this embodiment.Can be the module in embodiment or list Unit or assembly be combined into a module or unit or assembly, and can be divided in addition multiple submodule or subelement or Sub-component.In addition to such feature and/or at least some of process or unit exclude each other, can adopt any Combination is to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed Where method or all processes of equipment or unit are combined.Unless expressly stated otherwise, this specification (includes adjoint power Profit requires, summary and accompanying drawing) disclosed in each feature can carry out generation by the alternative features providing identical, equivalent or similar purpose Replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments in this include institute in other embodiments Including some features rather than further feature, but the combination of the feature of different embodiment means to be in the scope of the present invention Within and form different embodiments.For example, in the following claims, embodiment required for protection any it One can in any combination mode using.
The all parts embodiment of the present invention can be realized with hardware, or to run on one or more processor Software module realize, or with combinations thereof realize.It will be understood by those of skill in the art that can use in practice Microprocessor or digital signal processor (dsp) are realizing some or all portions in device according to embodiments of the present invention The some or all functions of part.The present invention is also implemented as a part for executing method as described herein or complete The equipment in portion or program of device (for example, computer program and computer program).Such program realizing the present invention Can store on a computer-readable medium, or can have the form of one or more signal.Such signal is permissible Download from internet website and obtain, or provide on carrier signal, or provided with any other form.
It should be noted that above-described embodiment the present invention will be described rather than limits the invention, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference markss between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element listed in the claims or step.Word "a" or "an" before element does not exclude the presence of multiple such Element.The present invention can come real by means of the hardware including some different elements and by means of properly programmed computer Existing.If in the unit claim listing equipment for drying, several in these devices can be by same hardware branch To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame Claim.
The invention discloses: a1, a kind of ca authentication management method based on block chain, wherein, described block chain is further Including wound generation block and conventional block, and described wound generation block is used for storing root ca certificate, and methods described includes:
Receive that node to be certified sends in block chain network comprises the application certificate transaction of certificate of unsigning;
Obtain the certificate of unsigning that comprises in described application certificate transaction, signed card according to described certificates constructing of unsigning Book;
Send the certificate transaction of signing certificate described in comprising to described node to be certified in block chain network;Its In, described certificate transaction further includes: point to the first output par, c of described node block chain account address to be certified, And point to the second output par, c of default controlled block chain account address.
A2, the method according to a1, wherein, further include: by corresponding for described application certificate transaction the first transaction Record and described certificate corresponding second transaction record of transaction are respectively written in the conventional block of described block chain, and In block chain network, the block comprising described first transaction record and described second transaction record is broadcasted.
A3, the method according to a1, wherein, it is second defeated that described signing certificate is stored in the transaction of described certificate Go out part.
A4, the method according to a1, wherein, described certificate of unsigning includes checking information, then described in described basis The step of certificates constructing signing certificate of unsigning specifically includes:
According to described checking information, described certificate of unsigning is verified, after being verified, to described card of unsigning Book is digitally signed.
A5, the method according to a4, wherein, described checking information include following at least one: node to be certified Public key, nodal information to be certified, node address to be certified, certification nodal information, certification node address, validity period of certificate and The certificate authority time.
A6, the method according to a2, wherein, described by described application certificate conclude the business corresponding first transaction record and After described certificate corresponding second transaction record of transaction is respectively written into the step in the conventional block of described block chain, enter One step includes:
Search described second transaction record from described routine block, sign according to described second transaction record obtains Name certificate;
Send the cancellation of doucment transaction of signing certificate described in comprising in block chain network, wherein said cancellation of doucment is handed over Easily include pointing to the importation of the second output par, c of described certificate transaction, and point to described node block to be certified The output par, c of chain account.
A7, the method according to a1, wherein, further include:
The certificate query request that receive user terminal sends, obtains the certificate information comprising in described certificate query request;
Corresponding transaction record is searched from described routine block according to described certificate information, and according to the transaction finding Record obtains corresponding signing certificate;
To described user terminal send described in signing certificate.
A8, the method according to a7, wherein, described to described user terminal send described in signing certificate step it Afterwards, further include:
The transaction record corresponding with described signing certificate of storage in inquiry described routine block, when judging described friendship When the state of the second output par, c in easily recording is not spend state, send certificate efficient message to described user terminal;When The state judging the second output par, c in described transaction record is for, when spending state, sending certificate to described user terminal Invalid message.
A9, the method according to a1, wherein, described ca certificate includes: root ca public key, root ca information, root ca address, Validity period of certificate, certificate authority time and digital signature.
The invention also discloses: b10, a kind of ca authentication management device based on block chain, wherein, described block chain enters one Step includes creating generation block and conventional block, and described wound generation block is used for storing root ca certificate, and methods described includes:
Receiver module, is suitable to receive that node to be certified sends in block chain network comprises the application card of certificate of unsigning Book is concluded the business;
Acquisition module, is suitable to obtain the certificate of unsigning comprising in described application certificate transaction, according to described card of unsigning Inteilectual becomes signing certificate;
Sending module, is suitable to send to described node to be certified described in comprising issuing of signing certificate in block chain network Issue licence transaction;Wherein, described certificate transaction further includes: points to described node block chain account address to be certified First output par, c, and point to the second output par, c of default controlled block chain account address.
B11, the device according to b10, wherein, further include: logging modle, are suitable to described application certificate transaction Corresponding first transaction record and described certificate corresponding second transaction record of transaction are respectively written into described block chain In conventional block, and in block chain network, the block comprising described first transaction record and described second transaction record is entered Row broadcast.
B12, the device according to b10, wherein, described signing certificate is stored in the second of described certificate transaction Output par, c.
B13, the device according to b10, wherein, described certificate of unsigning includes checking information, then described acquisition mould Block specifically for:
According to described checking information, described certificate of unsigning is verified, after being verified, to described card of unsigning Book is digitally signed.
B14, the device according to b13, wherein, described checking information include following at least one: section to be certified Point public key, nodal information to be certified, node address to be certified, certification nodal information, certification node address, validity period of certificate, with And the certificate authority time.
B15, the device according to b10, wherein, further include:
Revocation module, is suitable to search described second transaction record from described routine block, according to the described second transaction note Record obtain described in signing certificate;Send the cancellation of doucment transaction of signing certificate described in comprising in block chain network, wherein Described cancellation of doucment transaction includes pointing to the importation of the second output par, c of described certificate transaction, and points to described The output par, c of node block chain account to be certified.
B16, the device according to b10, wherein, further include:
Enquiry module, is suitable to the certificate query request of receive user terminal transmission, obtains in described certificate query request and wraps The certificate information containing;Corresponding transaction record is searched from described routine block according to described certificate information, and according to finding Transaction record obtain corresponding signing certificate;To described user terminal send described in signing certificate.
B17, the device according to b16, wherein, described enquiry module is further used for:
The transaction record corresponding with described signing certificate of storage in inquiry described routine block, when judging described friendship When the state of the second output par, c in easily recording is not spend state, send certificate efficient message to described user terminal;When The state judging the second output par, c in described transaction record is for, when spending state, sending certificate to described user terminal Invalid message.
B18, the device according to b10, wherein, described ca certificate includes: root ca public key, root ca information, root ca ground Location, validity period of certificate, certificate authority time and digital signature.
The present invention further discloses: c19, a kind of ca authentication administrative system based on block chain, wherein, including above-mentioned Arbitrary described ca authentication management device and node to be certified in b10-b18.

Claims (10)

1. a kind of ca authentication management method based on block chain is it is characterised in that described block chain further includes to create generation block And conventional block, and described wound generation block is used for storing root ca certificate, methods described includes:
Receive that node to be certified sends in block chain network comprises the application certificate transaction of certificate of unsigning;
Obtain the certificate of unsigning comprising in described application certificate transaction, according to described certificates constructing signing certificate of unsigning;
Send the certificate transaction of signing certificate described in comprising to described node to be certified in block chain network;Wherein, Described certificate transaction further includes: point to the first output par, c of described node block chain account address to be certified, with And point to the second output par, c of default controlled block chain account address.
2. method according to claim 1, wherein, further includes: by corresponding for described application certificate transaction the first friendship Easily record and described certificate corresponding second transaction record of transaction are respectively written in the conventional block of described block chain, and Block chain network is broadcasted to the block comprising described first transaction record and described second transaction record.
3. method according to claim 1, wherein, described signing certificate is stored in the second of described certificate transaction Output par, c.
4. method according to claim 1, wherein, described certificate of unsigning includes checking information, then described according to institute The step stating certificates constructing signing certificate of unsigning specifically includes:
According to described checking information, described certificate of unsigning is verified, after being verified, described certificate of unsigning is entered Row digital signature.
5. method according to claim 4, wherein, described checking information include following at least one: section to be certified Point public key, nodal information to be certified, node address to be certified, certification nodal information, certification node address, validity period of certificate, with And the certificate authority time.
6. method according to claim 2, wherein, described by described application certificate conclude the business corresponding first transaction record with And described certificate concludes the business after corresponding second transaction record is respectively written into the step in the conventional block of described block chain, Further include:
Search described second transaction record from described routine block, card of having signed according to described second transaction record obtains Book;
The cancellation of doucment transaction of signing certificate described in comprising, wherein said cancellation of doucment transaction bag is sent in block chain network Include the importation of the second output par, c pointing to described certificate transaction, and point to described node block chain account to be certified The output par, c at family.
7. a kind of ca authentication management device based on block chain is it is characterised in that described block chain further includes to create generation block And conventional block, and described wound generation block is used for storing root ca certificate, methods described includes:
Receiver module, is suitable to receive that node to be certified sends in block chain network that comprise the to unsign application certificate of certificate is handed over Easily;
Acquisition module, is suitable to obtain the certificate of unsigning comprising in described application certificate transaction, according to described certificate life of unsigning Become signing certificate;
Sending module, be suitable to send to described node to be certified described in comprising signing certificate in block chain network issues card Book is concluded the business;Wherein, described certificate transaction further includes: points to the first of described node block chain account address to be certified Output par, c, and point to the second output par, c of default controlled block chain account address.
8. device according to claim 7, wherein, further includes: logging modle, is suitable to described application certificate transaction Corresponding first transaction record and described certificate corresponding second transaction record of transaction are respectively written into described block chain In conventional block, and in block chain network, the block comprising described first transaction record and described second transaction record is entered Row broadcast.
9. device according to claim 7, wherein, described signing certificate is stored in the second of described certificate transaction Output par, c.
10. a kind of ca authentication administrative system based on block chain is it is characterised in that include arbitrary institute in the claims 7-9 The ca authentication management device stated and node to be certified.
CN201610782864.2A 2016-08-31 2016-08-31 Based on the ca authentication management method of block chain, apparatus and system Active CN106372941B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610782864.2A CN106372941B (en) 2016-08-31 2016-08-31 Based on the ca authentication management method of block chain, apparatus and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610782864.2A CN106372941B (en) 2016-08-31 2016-08-31 Based on the ca authentication management method of block chain, apparatus and system

Publications (2)

Publication Number Publication Date
CN106372941A true CN106372941A (en) 2017-02-01
CN106372941B CN106372941B (en) 2019-07-16

Family

ID=57898771

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610782864.2A Active CN106372941B (en) 2016-08-31 2016-08-31 Based on the ca authentication management method of block chain, apparatus and system

Country Status (1)

Country Link
CN (1) CN106372941B (en)

Cited By (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789090A (en) * 2017-02-24 2017-05-31 陈晶 Public key infrastructure system and semi-random participating certificate endorsement method based on block chain
CN106972931A (en) * 2017-02-22 2017-07-21 中国科学院数据与通信保护研究教育中心 A kind of method of certificate transparence in PKI
CN107426157A (en) * 2017-04-21 2017-12-01 杭州趣链科技有限公司 A kind of alliance's chain authority control method based on digital certificate and ca authentication system
CN107451874A (en) * 2017-07-27 2017-12-08 武汉天喻信息产业股份有限公司 Electronic invoice integrated conduct method and system based on block chain
CN107734502A (en) * 2017-09-07 2018-02-23 京信通信系统(中国)有限公司 Micro-base station communication management method, system and equipment based on block chain
CN108282539A (en) * 2018-02-06 2018-07-13 北京奇虎科技有限公司 Decentralization storage system based on double-layer network
CN108347483A (en) * 2018-02-06 2018-07-31 北京奇虎科技有限公司 Decentralization computing system based on double-layer network
CN108881471A (en) * 2018-07-09 2018-11-23 北京信息科技大学 A kind of the whole network based on alliance uniformly trusts anchor system and construction method
CN108921694A (en) * 2018-06-21 2018-11-30 北京京东尚科信息技术有限公司 Block chain management method and block chain node and computer readable storage medium
CN108933667A (en) * 2018-05-03 2018-12-04 深圳市京兰健康医疗大数据有限公司 A kind of management method and management system of the public key certificate based on block chain
CN108964924A (en) * 2018-07-24 2018-12-07 腾讯科技(深圳)有限公司 Digital certificate method of calibration, device, computer equipment and storage medium
CN108965469A (en) * 2018-08-16 2018-12-07 北京京东尚科信息技术有限公司 Block chain network member dynamic management approach, device, equipment and storage medium
CN109034826A (en) * 2018-08-06 2018-12-18 佛山市甜慕链客科技有限公司 It is a kind of for based on block chain verifying digital certificate method and system
CN109242686A (en) * 2018-08-31 2019-01-18 深圳付贝科技有限公司 Transaction Recall voluntarily method digs mine machine and block catenary system
CN109325359A (en) * 2018-09-03 2019-02-12 平安科技(深圳)有限公司 System of account setting method, system, computer equipment and storage medium
CN109359479A (en) * 2018-09-21 2019-02-19 北京非对称区块链科技有限公司 Certificates constructing and the method, apparatus of verifying, storage medium and electronic equipment
CN109428892A (en) * 2017-09-01 2019-03-05 埃森哲环球解决方案有限公司 Multistage rewritable block chain
CN109547200A (en) * 2018-11-21 2019-03-29 上海点融信息科技有限责任公司 Certificate distribution method and corresponding calculating equipment and medium in block chain network
WO2019132767A1 (en) * 2017-12-28 2019-07-04 华为国际有限公司 Transaction processing method and related equipment
CN110163004A (en) * 2018-02-14 2019-08-23 华为技术有限公司 A kind of method, relevant device and system that block chain generates
WO2019174430A1 (en) * 2018-03-14 2019-09-19 郑杰骞 Block chain data processing method, management terminal, user terminal, conversion device, and medium
CN110489234A (en) * 2019-08-16 2019-11-22 中国银行股份有限公司 Message processing method, device, equipment and the readable storage medium storing program for executing of block link layer
CN110521180A (en) * 2017-04-11 2019-11-29 万事达卡国际公司 The system and method for the biological characteristic authentication of request processing are signed for certificate
CN110598375A (en) * 2019-09-20 2019-12-20 腾讯科技(深圳)有限公司 Data processing method, device and storage medium
WO2020001103A1 (en) * 2018-06-26 2020-01-02 阿里巴巴集团控股有限公司 Blockchain-based electronic signature method and apparatus, and electronic device
CN110855679A (en) * 2019-11-15 2020-02-28 微位(深圳)网络科技有限公司 uPKI combined public key authentication method and system
CN111027970A (en) * 2018-12-07 2020-04-17 深圳市智税链科技有限公司 Authentication management method, device, medium and electronic equipment for block chain system
CN111047319A (en) * 2019-09-03 2020-04-21 腾讯科技(深圳)有限公司 Transaction processing method of block chain network and block chain network
WO2019170177A3 (en) * 2019-06-28 2020-04-30 Alibaba Group Holding Limited System and method for updating data in blockchain
US10693629B2 (en) 2019-06-28 2020-06-23 Alibaba Group Holding Limited System and method for blockchain address mapping
CN111641504A (en) * 2019-03-01 2020-09-08 湖南天河国云科技有限公司 Block chain digital certificate application method and system based on bit currency system
CN111901121A (en) * 2018-04-03 2020-11-06 创新先进技术有限公司 Cross-block-chain authentication method and device and electronic equipment
GB2583767A (en) * 2019-05-10 2020-11-11 Nchain Holdings Ltd Methods and devices for public key management using a blockchain
CN112015460A (en) * 2020-09-09 2020-12-01 南京工程学院 Code tracing method and system based on block chain technology
CN112041873A (en) * 2018-04-27 2020-12-04 区块链控股有限公司 Block chain network partitioning
CN112512048A (en) * 2020-11-27 2021-03-16 达闼机器人有限公司 Mobile network access system, method, storage medium and electronic device
JP2021520167A (en) * 2018-04-12 2021-08-12 イサラ コーポレイション How to build a root of trust for multiple entities
CN116055069A (en) * 2023-04-03 2023-05-02 北京微芯感知科技有限公司 Distributed CA (conditional access) implementation method based on block chain
US11777728B2 (en) * 2019-05-16 2023-10-03 Gmo Globalsign, Inc. Systems and methods for blockchain transactions with offer and acceptance

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2589147A (en) * 2019-11-25 2021-05-26 Nchain Holdings Ltd Methods and devices for automated digital certificate verification

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105592098A (en) * 2016-01-16 2016-05-18 杭州复杂美科技有限公司 Management method of vote and CA certificate of block chain
CN105591753A (en) * 2016-01-13 2016-05-18 杭州复杂美科技有限公司 Application method of CA certificate on block chain
CN105701372A (en) * 2015-12-18 2016-06-22 布比(北京)网络技术有限公司 Block chain identity construction and verification method
EP3364351A1 (en) * 2015-10-16 2018-08-22 Coinplug, Inc Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3364351A1 (en) * 2015-10-16 2018-08-22 Coinplug, Inc Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same
CN105701372A (en) * 2015-12-18 2016-06-22 布比(北京)网络技术有限公司 Block chain identity construction and verification method
CN105591753A (en) * 2016-01-13 2016-05-18 杭州复杂美科技有限公司 Application method of CA certificate on block chain
CN105592098A (en) * 2016-01-16 2016-05-18 杭州复杂美科技有限公司 Management method of vote and CA certificate of block chain

Cited By (68)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106972931A (en) * 2017-02-22 2017-07-21 中国科学院数据与通信保护研究教育中心 A kind of method of certificate transparence in PKI
CN106972931B (en) * 2017-02-22 2020-05-15 中国科学院数据与通信保护研究教育中心 Method for transparentizing certificate in PKI
CN106789090A (en) * 2017-02-24 2017-05-31 陈晶 Public key infrastructure system and semi-random participating certificate endorsement method based on block chain
CN106789090B (en) * 2017-02-24 2019-12-24 陈晶 Public key infrastructure system based on block chain and semi-random combined certificate signature method
CN110521180B (en) * 2017-04-11 2021-07-27 万事达卡国际公司 System and method for biometric authentication for certificate signing request processing
CN110521180A (en) * 2017-04-11 2019-11-29 万事达卡国际公司 The system and method for the biological characteristic authentication of request processing are signed for certificate
CN107426157A (en) * 2017-04-21 2017-12-01 杭州趣链科技有限公司 A kind of alliance's chain authority control method based on digital certificate and ca authentication system
CN107426157B (en) * 2017-04-21 2020-04-17 杭州趣链科技有限公司 Alliance chain authority control method based on digital certificate and CA authentication system
CN107451874A (en) * 2017-07-27 2017-12-08 武汉天喻信息产业股份有限公司 Electronic invoice integrated conduct method and system based on block chain
CN109428892A (en) * 2017-09-01 2019-03-05 埃森哲环球解决方案有限公司 Multistage rewritable block chain
CN109428892B (en) * 2017-09-01 2021-12-28 埃森哲环球解决方案有限公司 Multi-stage rewritable block chain
CN107734502A (en) * 2017-09-07 2018-02-23 京信通信系统(中国)有限公司 Micro-base station communication management method, system and equipment based on block chain
CN107734502B (en) * 2017-09-07 2020-02-21 京信通信系统(中国)有限公司 Micro base station communication management method, system and equipment based on block chain
WO2019132767A1 (en) * 2017-12-28 2019-07-04 华为国际有限公司 Transaction processing method and related equipment
CN111433800B (en) * 2017-12-28 2024-04-09 华为国际有限公司 Transaction processing method and related equipment
CN111433800A (en) * 2017-12-28 2020-07-17 华为国际有限公司 Transaction processing method and related equipment
CN108347483B (en) * 2018-02-06 2021-04-09 北京奇虎科技有限公司 Decentralized computing system based on double-layer network
CN108347483A (en) * 2018-02-06 2018-07-31 北京奇虎科技有限公司 Decentralization computing system based on double-layer network
CN108282539A (en) * 2018-02-06 2018-07-13 北京奇虎科技有限公司 Decentralization storage system based on double-layer network
CN110163004B (en) * 2018-02-14 2023-02-03 华为技术有限公司 Block chain generation method, related equipment and system
US11902450B2 (en) 2018-02-14 2024-02-13 Huawei Technologies Co., Ltd. Blockchain generation method and system, and related device
CN110163004A (en) * 2018-02-14 2019-08-23 华为技术有限公司 A kind of method, relevant device and system that block chain generates
WO2019174430A1 (en) * 2018-03-14 2019-09-19 郑杰骞 Block chain data processing method, management terminal, user terminal, conversion device, and medium
CN111901121B (en) * 2018-04-03 2023-09-29 创新先进技术有限公司 Cross-blockchain authentication method and device and electronic equipment
CN111901121A (en) * 2018-04-03 2020-11-06 创新先进技术有限公司 Cross-block-chain authentication method and device and electronic equipment
JP2021520167A (en) * 2018-04-12 2021-08-12 イサラ コーポレイション How to build a root of trust for multiple entities
JP7068543B2 (en) 2018-04-12 2022-05-16 イサラ コーポレイション How to Build a Root of Trust for Multiple Entities
CN112041873A (en) * 2018-04-27 2020-12-04 区块链控股有限公司 Block chain network partitioning
CN112041873B (en) * 2018-04-27 2024-04-19 区块链控股有限公司 Block chain network partitioning
CN108933667B (en) * 2018-05-03 2021-08-10 深圳市京兰健康医疗大数据有限公司 Management method and management system of public key certificate based on block chain
CN108933667A (en) * 2018-05-03 2018-12-04 深圳市京兰健康医疗大数据有限公司 A kind of management method and management system of the public key certificate based on block chain
CN108921694A (en) * 2018-06-21 2018-11-30 北京京东尚科信息技术有限公司 Block chain management method and block chain node and computer readable storage medium
WO2020001103A1 (en) * 2018-06-26 2020-01-02 阿里巴巴集团控股有限公司 Blockchain-based electronic signature method and apparatus, and electronic device
TWI694709B (en) * 2018-06-26 2020-05-21 香港商阿里巴巴集團服務有限公司 Blockchain-based electronic signature method and device, and electronic equipment
CN108881471B (en) * 2018-07-09 2020-09-11 北京信息科技大学 Union-based whole-network unified trust anchor system and construction method
CN108881471A (en) * 2018-07-09 2018-11-23 北京信息科技大学 A kind of the whole network based on alliance uniformly trusts anchor system and construction method
CN108964924A (en) * 2018-07-24 2018-12-07 腾讯科技(深圳)有限公司 Digital certificate method of calibration, device, computer equipment and storage medium
CN109034826A (en) * 2018-08-06 2018-12-18 佛山市甜慕链客科技有限公司 It is a kind of for based on block chain verifying digital certificate method and system
CN108965469A (en) * 2018-08-16 2018-12-07 北京京东尚科信息技术有限公司 Block chain network member dynamic management approach, device, equipment and storage medium
CN108965469B (en) * 2018-08-16 2021-07-30 北京京东尚科信息技术有限公司 Dynamic management method, device, equipment and storage medium for members of block chain network
CN109242686A (en) * 2018-08-31 2019-01-18 深圳付贝科技有限公司 Transaction Recall voluntarily method digs mine machine and block catenary system
CN109325359B (en) * 2018-09-03 2023-06-02 平安科技(深圳)有限公司 Account system setting method, system, computer device and storage medium
CN109325359A (en) * 2018-09-03 2019-02-12 平安科技(深圳)有限公司 System of account setting method, system, computer equipment and storage medium
CN109359479B (en) * 2018-09-21 2019-12-31 北京非对称区块链科技有限公司 Certificate generation and verification method, device, storage medium and electronic equipment
CN109359479A (en) * 2018-09-21 2019-02-19 北京非对称区块链科技有限公司 Certificates constructing and the method, apparatus of verifying, storage medium and electronic equipment
CN109547200A (en) * 2018-11-21 2019-03-29 上海点融信息科技有限责任公司 Certificate distribution method and corresponding calculating equipment and medium in block chain network
CN111027970A (en) * 2018-12-07 2020-04-17 深圳市智税链科技有限公司 Authentication management method, device, medium and electronic equipment for block chain system
CN111027970B (en) * 2018-12-07 2024-02-23 深圳市智税链科技有限公司 Authentication management method, device, medium and electronic equipment of block chain system
CN111641504A (en) * 2019-03-01 2020-09-08 湖南天河国云科技有限公司 Block chain digital certificate application method and system based on bit currency system
GB2583767A (en) * 2019-05-10 2020-11-11 Nchain Holdings Ltd Methods and devices for public key management using a blockchain
US11777728B2 (en) * 2019-05-16 2023-10-03 Gmo Globalsign, Inc. Systems and methods for blockchain transactions with offer and acceptance
CN111164586B (en) * 2019-06-28 2023-07-04 创新先进技术有限公司 System and method for updating data in a blockchain
US10931449B2 (en) 2019-06-28 2021-02-23 Advanced New Technologies Co., Ltd. System and method for updating data in blockchain
WO2019170177A3 (en) * 2019-06-28 2020-04-30 Alibaba Group Holding Limited System and method for updating data in blockchain
CN111164586A (en) * 2019-06-28 2020-05-15 阿里巴巴集团控股有限公司 System and method for updating data in a blockchain
US10693629B2 (en) 2019-06-28 2020-06-23 Alibaba Group Holding Limited System and method for blockchain address mapping
US10715322B2 (en) 2019-06-28 2020-07-14 Alibaba Group Holding Limited System and method for updating data in blockchain
CN110489234A (en) * 2019-08-16 2019-11-22 中国银行股份有限公司 Message processing method, device, equipment and the readable storage medium storing program for executing of block link layer
CN111047319A (en) * 2019-09-03 2020-04-21 腾讯科技(深圳)有限公司 Transaction processing method of block chain network and block chain network
CN110598375A (en) * 2019-09-20 2019-12-20 腾讯科技(深圳)有限公司 Data processing method, device and storage medium
CN110855679A (en) * 2019-11-15 2020-02-28 微位(深圳)网络科技有限公司 uPKI combined public key authentication method and system
CN110855679B (en) * 2019-11-15 2021-11-30 微位(深圳)网络科技有限公司 uPKI combined public key authentication method and system
CN112015460B (en) * 2020-09-09 2023-11-03 南京工程学院 Code responsibility-following method and system based on block chain technology
CN112015460A (en) * 2020-09-09 2020-12-01 南京工程学院 Code tracing method and system based on block chain technology
CN112512048B (en) * 2020-11-27 2022-07-12 达闼机器人股份有限公司 Mobile network access system, method, storage medium and electronic device
CN112512048A (en) * 2020-11-27 2021-03-16 达闼机器人有限公司 Mobile network access system, method, storage medium and electronic device
CN116055069B (en) * 2023-04-03 2023-06-27 北京微芯感知科技有限公司 Distributed CA (conditional access) implementation method based on block chain
CN116055069A (en) * 2023-04-03 2023-05-02 北京微芯感知科技有限公司 Distributed CA (conditional access) implementation method based on block chain

Also Published As

Publication number Publication date
CN106372941B (en) 2019-07-16

Similar Documents

Publication Publication Date Title
CN106372941A (en) CA authentication management method, device and system based on block chain
CN106301792B (en) Based on the ca authentication management method of block chain, apparatus and system
CN106384236B (en) Based on the ca authentication management method of block chain, apparatus and system
CA3030813C (en) Method for providing smart contract-based certificate service, and server employing same
US10887275B2 (en) Token based network service among IoT applications
CN106339875B (en) Operation note checking method and device based on publicly-owned block chain
CN106357612B (en) Authentication record checking method and device based on publicly-owned block chain
US11469891B2 (en) Expendable cryptographic key access
US20200145373A1 (en) System for blockchain based domain name and ip number register
CN109559224B (en) Credit investigation evaluation method and device and electronic equipment
CN109684375B (en) Method, accounting node and medium for querying transaction information in blockchain network
CN108476246A (en) Secure domain name parsing in computer network
CN109600366A (en) The method and device of protection user data privacy based on block chain
CN111444550A (en) Block chain-based service data verification method and device and readable storage medium
CN109413076A (en) Domain name analytic method and device
KR20060123470A (en) Signature-efficient real time credentials for ocsp and distributed ocsp
CN110535807B (en) Service authentication method, device and medium
JP2016521932A (en) Terminal identification method, and method, system, and apparatus for registering machine identification code
CN110674531B (en) Residential information management method, device, server and medium based on block chain
CN113271311A (en) Digital identity management method and system in cross-link network
CN112311779A (en) Data access control method and device applied to block chain system
US20230412400A1 (en) Method for suspending protection of an object achieved by a protection device
CN114944937A (en) Distributed digital identity verification method, system, electronic device and storage medium
JP2019040537A (en) Identification information providing method and identification information providing server
US11204914B2 (en) Systems and methods for a federated directory service

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: Room 3F301, C2 Building, Suzhou 2.5 Industrial Park, 88 Dongchang Road, Suzhou Industrial Park, Jiangsu Province

Applicant after: JIANGSU PAYEGIS TECHNOLOGY CO., LTD.

Address before: A street in Suzhou City, Jiangsu Province Industrial Park No. 388 innovation park off No. 6 Building 5 floor

Applicant before: JIANGSU PAYEGIS TECHNOLOGY CO., LTD.

GR01 Patent grant
GR01 Patent grant