CN106372941A - CA authentication management method, device and system based on block chain - Google Patents
CA authentication management method, device and system based on block chain Download PDFInfo
- Publication number
- CN106372941A CN106372941A CN201610782864.2A CN201610782864A CN106372941A CN 106372941 A CN106372941 A CN 106372941A CN 201610782864 A CN201610782864 A CN 201610782864A CN 106372941 A CN106372941 A CN 106372941A
- Authority
- CN
- China
- Prior art keywords
- certificate
- block chain
- transaction
- block
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
Abstract
The present invention discloses a CA (Certification Authority) authentication management method, device and system based on block chain which can at least solve the technical problems that the safety of the root CA certificate is difficult to ensure by using the current CA authentication mode to cause the low accuracy of the whole authentication process. The block chain further includes creation blocks and routine blocks, and the creation blocks are configured to store the root CA certificate. The method comprises: receiving the application certificate transaction including non-signature certificates sent by nodes to be certificated in a block chain network; obtaining the non-signature certificates included in the application certificate transaction, and generating signature certificates according to the non-signature certificates; and sending the certificate issuing transaction including the signature certificates to the nodes to be certificated in the block chain network. The certificate issuing transaction further includes: pointing to the first output portions of the block chain account addresses of the nodes to be certificated, and pointing to the second output portions of the preset controllable block chain account addresses.
Description
Technical field
The present invention relates to network communication technology field is and in particular to a kind of ca authentication management method based on block chain, dress
Put and system.
Background technology
Digital certificate is a kind of documentary evidence being issued, being used for proof user identity on network by authoritative institution, issues
The process sending out digital certificate is referred to as Certificate Authority (certification authority, abbreviation ca) process.Traditional
Certificate authority system includes the multistage ca of root ca and root ca subordinate, and wherein, root ca is trust in certificate authority system
Certification authority, can independently certificate, root ca passes through to Generate Certificate from signature it is not necessary to be it by other ca mechanisms
Certificate.Other ca mechanisms at different levels can by its higher level ca mechanism be its certificate or ca mechanism of its subordinate and
Its client's certificate, wherein, the client of ca mechanism can be various network entities, for example, it may be website (website).
Large number of due to ca mechanism, and level is different, therefore, in traditional ca verification process, in order to differentiate one
The true and false of individual certificate, not only will carry out signature verification to this certificate, and, also the mechanism signing and issuing this certificate to be verified,
And, if there is higher level ca mechanism in addition it is also necessary to verify to higher level ca mechanism further in the mechanism signing and issuing this certificate, until
Root ca.For this reason, it may be necessary to user's certificate corresponding to built-in ca in a browser in advance, in order to verify the true and false of root ca.But
It is that the built-in root ca certificate in a browser of user is easy to meet with the attack of hacker, thus results in the safety of root ca certificate
Relatively low, once and root ca certificate be maliciously tampered, then can affect the result of whole proof procedure.
As can be seen here, existing verification mode is due to needing user to pre-save root ca certificate, thus not only increases use
The operational ton at family, occupy the local storage space of user, the safety also resulting in root ca certificate is difficult to ensure that, and then leads to whole
The accuracy of individual proof procedure reduces.
Content of the invention
In view of the above problems it is proposed that the present invention so as to provide one kind overcome the problems referred to above or at least in part solve on
State the ca authentication management method based on block chain, the apparatus and system of problem.
According to one aspect of the present invention, there is provided a kind of ca authentication management method based on block chain, described block chain
Further include to create generation block and conventional block, and described wound generation block is used for storing root ca certificate, methods described includes: connects
That receives that node to be certified sends in block chain network comprises the application certificate transaction of certificate of unsigning;Obtain described application certificate
The certificate of unsigning comprising in transaction, according to described certificates constructing signing certificate of unsigning;To described in block chain network
Node to be certified send comprise described in signing certificate certificate transaction;Wherein, described certificate transaction is wrapped further
Include: point to the first output par, c of described node block chain account address to be certified, and point to default controlled block chain account
Second output par, c of family address.
Alternatively, further include: described application certificate is concluded the business corresponding first transaction record and described issue card
Book corresponding second transaction record of concluding the business is respectively written in the conventional block of described block chain, and to comprising in block chain network
The block of described first transaction record and described second transaction record is broadcasted.
Alternatively, described signing certificate is stored in the second output par, c of described certificate transaction.
Alternatively, described certificate of unsigning includes checking information, then certificates constructing of unsigning described in described basis is signed
The step of name certificate specifically includes: according to described checking information, described certificate of unsigning verified, after being verified, right
Described certificate of unsigning is digitally signed.
Alternatively, described checking information include following at least one: node public key to be certified, node to be certified letter
Breath, node address to be certified, certification nodal information, certification node address, validity period of certificate and certificate authority time.
Alternatively, described will described application certificate conclude the business corresponding first transaction record and described certificate transaction right
After the second transaction record answered is respectively written into the step in the conventional block of described block chain, further include: from described normal
Described second transaction record is searched, signing certificate according to described second transaction record obtains in rule block;In block chain
The cancellation of doucment transaction of signing certificate described in comprising is sent, wherein said cancellation of doucment transaction includes issuing described in sensing in network
Issue licence transaction the second output par, c importation, and point to described node block chain account to be certified output section
Point.
Alternatively, further include: the certificate query request that receive user terminal sends, obtain described certificate query request
In the certificate information that comprises;Corresponding transaction record is searched from described routine block according to described certificate information, and according to looking into
The transaction record finding obtains corresponding signing certificate;To described user terminal send described in signing certificate.
Alternatively, described, further include: inquiry after the step of signing certificate to described in described user terminal sends
The transaction record corresponding with described signing certificate of storage in described routine block, when judging in described transaction record the
When the state of two output par, cs is not spend state, send certificate efficient message to described user terminal;When judging described friendship
When the state of the second output par, c in easily recording is to spend state, send certificate invalid message to described user terminal.
Alternatively, described ca certificate includes: root ca public key, root ca information, root ca address, validity period of certificate, certificate are issued
Send out time and digital signature.
According to another aspect of the present invention, there is provided a kind of ca authentication management device based on block chain, described block chain
Further include to create generation block and conventional block, and described wound generation block is used for storing root ca certificate, methods described includes: connects
Receive module, be suitable to receive that node to be certified sends in block chain network that comprise the to unsign application certificate of certificate is concluded the business;Obtain
Delivery block, is suitable to obtain the certificate of unsigning comprising in described application certificate transaction, is signed according to described certificates constructing of unsigning
Name certificate;Sending module, is suitable to send to described node to be certified described in comprising issuing of signing certificate in block chain network
Issue licence transaction;Wherein, described certificate transaction further includes: points to described node block chain account address to be certified
First output par, c, and point to the second output par, c of default controlled block chain account address.
Alternatively, further include: logging modle, be suitable to by described application certificate conclude the business corresponding first transaction record with
And described certificate corresponding second transaction record of concluding the business is respectively written in the conventional block of described block chain, and in block chain
In network, the block comprising described first transaction record and described second transaction record is broadcasted.
Alternatively, described signing certificate is stored in the second output par, c of described certificate transaction.
Alternatively, described certificate of unsigning includes checking information, then described acquisition module specifically for: tested according to described
Card information is verified to described certificate of unsigning, and after being verified, described certificate of unsigning is digitally signed.
Alternatively, described checking information include following at least one: node public key to be certified, node to be certified letter
Breath, node address to be certified, certification nodal information, certification node address, validity period of certificate and certificate authority time.
Alternatively, further include: revocation module, it is suitable to search described second transaction record from described routine block,
Signing certificate according to described second transaction record obtains;Send described in comprising signing certificate in the block chain network
Cancellation of doucment is concluded the business, and wherein said cancellation of doucment transaction includes pointing to the input of the second output par, c of described certificate transaction
Part, and point to the output par, c of described node block chain account to be certified.
Alternatively, further include: enquiry module, it is suitable to the certificate query request of receive user terminal transmission, obtain institute
State the certificate information comprising in certificate query request;Corresponding transaction is searched from described routine block according to described certificate information
Record, and corresponding signing certificate is obtained according to the transaction record finding;Sign to described in the transmission of described user terminal
Certificate.
Alternatively, described enquiry module is further used for: inquiry described routine block in storage with described card of having signed
The corresponding transaction record of book, when the state of the second output par, c judged in described transaction record is not spend state, to
Described user terminal sends certificate efficient message;When the state of the second output par, c judged in described transaction record is colored
When taking state, send certificate invalid message to described user terminal.
Alternatively, described ca certificate includes: root ca public key, root ca information, root ca address, validity period of certificate, certificate are issued
Send out time and digital signature.
According to another aspect of the invention, there is provided a kind of ca authentication administrative system based on block chain, including above-mentioned
Ca authentication management device, and node to be certified.
In the ca authentication management method based on block chain that the present invention provides, apparatus and system, using block chain network
Manage certificate and the customer's certificate of ca mechanisms at different levels, and, root ca certificate stored in the wound generation block of block chain network,
Because wound generation block is first block, therefore, safety is high, is difficult to be tampered.Correspondingly, the present invention is by certificate
Process is converted into the process of exchange in block chain network, and using block chained record transaction record mode by all about certificate
Operating process all recorded in block chain so that user need not be in locally pre- counterfoil ca certificate, only need to be according to block chain
Network carries out inquiring about, and thus not only simplify user operation, has saved user's space, and greatly improves root ca certificate
Safety and the accuracy of subsequent authentication process.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of description, and in order to allow the above and other objects of the present invention, feature and advantage can
Become apparent, below especially exemplified by the specific embodiment of the present invention.
Brief description
By reading the detailed description of hereafter preferred implementation, various other advantages and benefit are common for this area
Technical staff will be clear from understanding.Accompanying drawing is only used for illustrating the purpose of preferred implementation, and is not considered as to the present invention
Restriction.And in whole accompanying drawing, it is denoted by the same reference numerals identical part.In the accompanying drawings:
Fig. 1 shows the Node distribution figure in the block chain network of the embodiment of the present invention;
The flow chart that Fig. 2 shows the ca authentication management method based on block chain that one embodiment of the invention provides;
Fig. 3 shows the certification hierarchy of root ca;
The flow chart that Fig. 4 shows the certificates constructing process of other ca mechanisms;
Fig. 5 shows the schematic diagram of a transaction;
Fig. 6 shows the schematic diagram of a certificate transaction;
The flow chart that Fig. 7 shows the certificates constructing process of the client of ca mechanism;
Fig. 8 shows the certification hierarchy figure of signing certificate;
Fig. 9 a show in the embodiment of the present invention three issue and Website server that cancellation of doucment link relates generally to,
Ca and the schematic flow sheet of block chain;
Fig. 9 b shows that in the embodiment of the present invention three, the Website server relating generally to, user are whole in inquiry certificate link
End and the schematic diagram of block chain;
Figure 10 shows the network architecture diagram based on block chain;
Figure 11 shows a kind of structure of ca authentication management device based on block chain that another embodiment of the present invention provides
Figure;
Figure 12 shows a kind of structure of ca authentication administrative system based on block chain that another embodiment of the present invention provides
Schematic diagram.
Specific embodiment
It is more fully described the exemplary embodiment of the disclosure below with reference to accompanying drawings.Although showing the disclosure in accompanying drawing
Exemplary embodiment it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here
Limited.On the contrary, these embodiments are provided to be able to be best understood from the disclosure, and can be by the scope of the present disclosure
Complete conveys to those skilled in the art.
Embodiments provide a kind of ca authentication management method based on block chain, apparatus and system, at least can
The safety solving the root ca certificate that existing ca verification mode is led to is difficult to ensure that, and then leads to the standard of whole proof procedure
The technical problem that really property reduces.
In embodiments of the present invention, it is specifically related to a few class network entities as follows in block chain network: (1) root ca, is to be subject to most
The certificate agency trusted;(2) other ca at different levels (non-root ca), need to rely on higher level ca mechanism to identify its body for its certificate
Part;(3) client server, to the corresponding server of user of ca mechanism requests certificate, such as Website server it will be appreciated that
Client for ca mechanism;(4) domestic consumer, needs the corresponding user of user verifying other side's certificate whole during network service
End.Wherein, in embodiments of the present invention, first three class network entity is linked into block chain network as the node in block chain network
In, thus the full detail in block chain can be inquired about, the 4th class network entity does not access as the node in block chain network
To in block chain network, thus any node need to being first coupled in block chain network is inquired about.Certainly, the present invention other
Embodiment in it is also possible to the light node also serving as the 4th class network entity in block chain network is linked into block chain network
In, in order to inquire about.In addition, in above-mentioned a few class network entities, ca mechanism belongs to the complete node in block chain network, has
Packing power, can either write transaction record it is also possible to read the transaction record in block chain in block chain;Client server can
To be complete node or non-fully node, but there is no packing power it is impossible to enough write transaction record in block chain, be merely able to
Read the transaction record in block chain.Fig. 1 shows the Node distribution figure in the block chain network of the embodiment of the present invention.As Fig. 1
Shown, ground floor is root ca, because the certificate of root ca is self-signed certificate, therefore, writes wound generation beforehand through hard coded mode
In block, to realize the purpose that cannot change, and then improve safety.Can is other ca mechanisms, and the certificate of such ca mechanism needs
Issued by higher level ca mechanism.For example, in FIG, ca1, ca2 and ca3 are the subordinate ca of root ca, and it need to issue card by root ca for it
Book, to prove the identity of oneself.Ca11 and ca12 be ca1 subordinate ca, its need to by ca1 for its certificate to prove identity.
Client server is the client needing to ca mechanism requests certificate, and wherein, Consumer Role includes but are not limited to website clothes
Business device, understands for convenience, illustrates in the present embodiment taking Website server as a example.For example, in FIG, customer service
Device 1 and client server 2 are the client of ca11.
The flow chart that Fig. 2 shows the ca authentication management method based on block chain that one embodiment of the invention provides.Fig. 2
The executive agent of shown method both can be root ca or other ca at different levels.As shown in Fig. 2 the method includes:
Step s210: what reception node to be certified sent in block chain network comprises the application certificate friendship of certificate of unsigning
Easily.
Wherein, node to be certified refers to the network entity that all kinds of needs are its certificate by ca mechanism, for example, it may be
Ca mechanism of subordinate or client server.Wherein, this application certificate transaction includes certificate of unsigning.
Step s220: obtain the certificate of unsigning comprising in above-mentioned application certificate transaction, according to this certificates constructing of unsigning
Signing certificate.
Wherein, generate signing certificate by way of certificate of unsigning is signed.Specifically, can pass through all kinds of
Digital Signature Algorithm is signed, and the present invention does not limit to specific signature algorithm.
Alternatively, before being signed, initiator's (i.e. above-mentioned section to be certified of checking application certificate transaction further
Point) whether it is to audit the network node passing through in advance, and only signed when the result is correct, if the result mistake,
Refusal signature.Send application certificate transaction by verifying that link is prevented from unauthorized malicious behaviors of nodes, improve application certificate transaction
Reliability.
Step s230: send the certificate transaction comprising signing certificate in block chain network to node to be certified;
Wherein, certificate transaction further includes: points to the first output par, c of node block chain account address to be certified, and refers to
The second output par, c to default controlled block chain account address.
Wherein, certificate transaction is generated and sent according to signing certificate, to notify node certificate application to be certified to become
Work(.
Alternatively, the embodiment of the present invention can further include following steps s240: will apply for that certificate transaction corresponds to
The first transaction record and certificate conclude the business corresponding second transaction record be respectively written in the conventional block of block chain, and
Block chain network is broadcasted to the block comprising described first transaction record and described second transaction record.
Specifically, in the present invention, block chain further includes to create generation block and conventional block, and wound generation block is used for
Storage root ca certificate, conventional block is used for storing the corresponding transaction record of all kinds of certificate authority operations, so that subsequent query.Institute
Meaning wound generation block, refers to first block in block chain, and it generates the time earliest, safety highest, and subsequently other blocks are equal
Have no right wound generation block is modified, therefore, root ca certificate is stored in wound generation block and can be obviously improved root ca certificate
Safety.In block chain, other blocks in addition to wound generation block are referred to as conventional block, for storing each transaction record, with
For inquiry.
Wherein, the executive agent of step s240 both can be node to be certified mentioned above or block link network
Other network nodes in network, for example, it is also possible to be the network node that certificate of unsigning is executed with signature operation.The present invention is to step
The executive agent of rapid s240 does not limit, and therefore, step s240 is an optional step.
As can be seen here, in the ca authentication management method based on block chain that the present invention provides, using block chain network pipe
Manage certificate and the customer's certificate of ca mechanisms at different levels, and, root ca certificate is stored in the wound generation block of block chain network, by
It is first block in wound generation block, therefore, safety is high, is difficult to be tampered.Correspondingly, the present invention is by the mistake of certificate
Journey is converted into the process of exchange in block chain network, and using block chained record transaction record mode by all about certificate
Operating process all recorded in block chain, so that user need not be in locally pre- counterfoil ca certificate, only need to be according to block link network
Network carries out inquiring about, and thus not only simplify user operation, has saved user's space, and greatly improves the peace of root ca certificate
Full property and the accuracy of subsequent authentication process.
Describe the concrete of the ca authentication management method based on block chain that the present invention provides with reference to instantiation in detail
Realize details.Wherein, relate generally to three kinds of management types, respectively certificate, cancellation of doucment and inquiry certificate, lead to below
Cross three embodiments introduce respectively each type of management operation idiographic flow:
Embodiment one,
The present embodiment is mainly used in realizing the management operation of certificate class.Specifically, certificate is related to root ca certificate
Generating process, subordinate ca superior ca apply for that the process of certificate and client apply for the process of certificate to ca mechanism, separately below
Introduced:
(1) the certificates constructing process of root ca mechanism:
Because root ca is the certificate agency of trust, and the certificate of root ca is self-signed certificate, no higher level ca certification,
Therefore, the certificate of root ca be can trust for a long time, with little need for change.So, in embodiments of the present invention by root ca
Certificate writes wound generation block by hard coded mode, after being all built upon creating generation block due to remaining block, so block chain
The operation of upper each node cannot be modified to wound generation block, even if thus having ensured node in block chain by malicious attack
The certificate of root ca cannot be changed.Fig. 3 shows the certification hierarchy of root ca, because the certificate of root ca is self-signed certificate, need not go up
Level ca mechanism signs for it, so only the root ca information of itself need to be recorded in certificate.As shown in figure 3, root ca certificate includes: card
The public key of book mechanism, certificate agency information, the block chain account address of certificate agency, validity period of certificate, certificate authority time etc.
Other information and digital signature.Wherein, block chain account address includes but is not limited to bit coin address.
(2) the certificates constructing process of other ca mechanisms:
The flow chart that Fig. 4 shows the certificates constructing process of other ca mechanisms.As shown in figure 4, the certificate of other ca mechanisms
Generating process comprises the steps:
Step s410: superior ca mechanism in block chain network of ca mechanism of subordinate sends application certificate transaction.
Here, subordinate ca mechanism is it can be appreciated that node to be certified, and higher level ca mechanism is it can be appreciated that certification node.
The embodiment of the present invention can the transaction form based on publicly-owned block chain be realized, and therefore, every transaction may include input and output two
Part.Fig. 5 shows the schematic diagram of this transaction, can comprise the certificate of unsigning of ca mechanism of subordinate in output par, c, that is, not complete
Whole certificate.Wherein, in order to prevent any certificate of other nodes on block chain, in certificate of unsigning, it is written with higher level
The relevant information of ca mechanism.
Step s420: higher level ca mechanism obtains the certificate of unsigning comprising in the transaction of above-mentioned application certificate, according to unsigning
Certificates constructing signing certificate.
In order to improve safety, alternatively, in this step, higher level ca mechanism gets in above-mentioned application certificate transaction and wraps
After the certificate of unsigning containing, further this certificate of unsigning is verified, and execute subsequent operation only after being verified.
For the ease of checking, checking information can be comprised further in above-mentioned certificate of unsigning, this checking information is above-mentioned except including
Outside the relevant information of higher level ca mechanism mentioned, node public key to be certified, nodal information to be certified, to be certified can also be included
Node block chain account address, certification nodal information, certification node block chain account address, validity period of certificate and certificate are issued
At least one of information such as the time of sending out.During concrete checking, higher level ca mechanism is according to above-mentioned checking information to ca mechanism of subordinate
Identity is verified, and the legitimacy of certificate of unsigning is verified.And, higher level ca mechanism also will verify further not to be signed
The certificate agency block chain account address that the comprises whether block chain account addresses match with this higher level ca mechanism in name certificate,
If coupling, illustrate that the certificate mechanism that ca mechanism of subordinate specifies is this higher level ca mechanism, thus continue executing with subsequent step;
If mismatching, not this higher level ca mechanism of certificate mechanism that ca mechanism of subordinate specifies is described, thus to ca mechanism of subordinate
Return error message, to point out ca mechanism of subordinate to resend correct Transaction Information.Wherein, the present invention holds to verification step
Row opportunity does not limit, for example, it is also possible to be verified after signature.In addition, each included in verification step verifies ring
The execution sequence of section is also arbitrary, and the checking that those skilled in the art can arrange each checking link according to actual needs is suitable
Sequence.
After above-mentioned proof procedure all passes through, higher level ca mechanism signs to certificate of unsigning, and that is, supplement is not completely signed
Name certificate, obtains signing certificate.Generally comprise in signing certificate: the public key of user, the information of user, the block chain of user
Account address, certificate agency information, the block chain account address of certificate agency, validity period of certificate, certificate authority time etc. other
Information and digital signature.Wherein, user refers to ca mechanism of subordinate, and certificate agency refers to higher level ca mechanism, and digital signature refers to
Higher level ca mechanism carries out the result of private key encryption to the Hash of the other information in addition to digital signature in certificate.
In addition, higher level ca mechanism also generates the controlled address that can control, wherein, this controlled address both can be in step
Generate it is also possible to previously generate in s420, the present invention did not limited to the generation opportunity of controlled address.Generate this controlled address
Purpose essentially consists in identity certificate status information, in order to inquire about certificate status.
Step s430: higher level ca mechanism sends to ca mechanism of subordinate in block chain network and comprises issuing of signing certificate
Certificate is concluded the business;Wherein, this certificate transaction further includes: points to the first output par, c of node to be certified, and points to
Second output par, c of default controlled address.Here, controlled address is controlled block chain account address mentioned above
Referred to as.And, typically by it, account address in block chain network is identified node to be certified, therefore, first
Output par, c actually points to node block chain account address to be certified.In addition, when other networks of sensing referred to herein
During node (such as subordinate ca mechanism), it is also actually the block chain account address pointing to this network node.
Higher level ca mechanism initiates a certificate transaction to ca mechanism of subordinate, and signing certificate is write this transaction
Output par, c.Fig. 6 shows the schematic diagram of this certificate transaction, as shown in fig. 6, the transaction of this certificate is sent out by root ca mechanism
Rise, " input " in Fig. 6 is partly the importation of transaction, this partly can be for empty it is also possible to add the address information of root ca.
As shown in fig. 6, this transaction has two output par, cs, wherein, output 0 is to point to (i.e. area of subordinate ca mechanism of ca mechanism of subordinate
Block chain account address) the first output par, c, be used for being sent to ca mechanism of subordinate, to notify this certificate of ca mechanism of subordinate to issue
Send out.Output 1 be point to above-mentioned controlled address the second output par, c, wherein, this partly in " signing certificate " represent pass through
The overall format certificate of signature.Wherein, the order of above-mentioned output 0 and output 1 can be arbitrary.In addition, in this step,
Higher level ca mechanism collects money from the audience further to generate the second above-mentioned output par, c in controlled address, and therefore, the output of this part also may be used
Do not spend transaction output (unspent transaction outputs, abbreviation utxo) to be referred to as.Therefore, the second output par, c
Original state effectively do not spend state for identity certificate it may be assumed that as long as higher level ca mechanism squeezes into in controlled address
Money (such as bit coin) is not spent, then the state of the second output par, c always remains as and do not spend state, thus certification
Effectively, once the money that higher level ca mechanism squeezes into in controlled address is spent, then the state of the second output par, c is changed into
Cost state, thus certification is invalid.
Step s440: above-mentioned application certificate is concluded the business by higher level ca mechanism and certificate is concluded the business, and corresponding transaction record is write
Enter in the conventional block of block chain, and in block chain network to comprise described first transaction record and described second transaction note
The block of record is broadcasted.
Wherein, step s440 is an optional step.In addition, the executive agent of step s440 is except being higher level ca
Outside mechanism, can also be other network nodes in block chain network, the present invention do not limit by above-mentioned application certificate transaction and
The corresponding transaction record of certificate transaction writes the network node of block chain.And, above-mentioned application certificate is concluded the business and is issued
The certificate corresponding transaction record of transaction both can be write by same network node it is also possible to be write by different network nodes respectively
Enter.
(3) the certificates constructing process of client:
The flow chart that Fig. 7 shows the certificates constructing process of the client of ca mechanism, in this example, with client as website service
Illustrate as a example device, in fact, in addition to Website server, can also be other kinds of client server.As shown in fig. 7,
The certificates constructing process of client comprises the steps:
Step s710: Website server sends application certificate transaction to ca mechanism in block chain network.
Here, Website server is it can be appreciated that node to be certified, and ca mechanism is it can be appreciated that certification node.This pen
The certificate of unsigning of Website server, i.e. incomplete certificate is comprised in the output par, c of transaction.Wherein, in order to prevent block chain
On any certificate of other nodes, certificate of unsigning also is written with the relevant information of ca mechanism.Then, website service
Device is by the conventional block applying for certificate transaction corresponding transaction record write block chain.
Step s720:ca mechanism obtains the certificate of unsigning comprising in above-mentioned application certificate transaction, according to certificate of unsigning
Generate signing certificate, and generate the controlled address that this ca mechanism can control.
In order to improve safety, alternatively, in this step, ca mechanism gets and comprises in the transaction of above-mentioned application certificate
Unsign after certificate, further this certificate of unsigning is verified, and execute subsequent operation only after being verified.In order to
It is easy to verify, can comprise checking information in above-mentioned certificate of unsigning further, this checking information removes ca mentioned above
Outside the relevant information of mechanism, can also be node public key to be certified, nodal information to be certified, node address to be certified, certification
The information such as nodal information, certification node address, validity period of certificate and certificate authority time.Concrete when verifying, ca mechanism according to
Above-mentioned checking information is verified to the identity of Website server, and the legitimacy of certificate of unsigning is verified.And, ca
Mechanism also will verify the addresses match whether with this ca mechanism for the certificate agency address comprising in certificate of unsigning further, if
Coupling, then the certificate mechanism that explanation Website server is specified is this ca mechanism, thus continues executing with subsequent step;If not
Join, then not this ca mechanism of certificate mechanism that explanation Website server is specified, thus return mistake to Website server and disappear
Breath, to point out it to resend correct Transaction Information.
After above-mentioned proof procedure all passes through, ca mechanism signs to certificate of unsigning, i.e. supplementary card of completely unsigning
Book, obtains signing certificate.Wherein, the certification hierarchy of signing certificate is as shown in Figure 8, comprising: the public key of user, the letter of user
The other informations such as breath, the address of user, certificate agency information, the address of certificate agency, validity period of certificate, certificate authority time with
And digital signature.
In addition, ca mechanism also will generate the controlled address that can control, this controlled address can generate in this step,
Can previously generate, the purpose generating this controlled address essentially consists in Store Credentials status information, in order to inquire about certificate status.
Step s730:ca mechanism sends, to Website server, the certificate comprising signing certificate in block chain network
Transaction;Wherein, this certificate transaction further includes: points to the first output par, c of Website server, and points to controlled
Second output par, c of address, and be stored with the second output par, c and effectively do not spend status information for identity certificate.
Ca mechanism initiates a certificate transaction to Website server, signing certificate is write the output of this transaction
Part.Wherein, this transaction has two output par, cs, and wherein, the first output par, c pointing to ca mechanism of subordinate is used for sending
To ca mechanism of subordinate, to notify this certificate of ca mechanism of subordinate to issue.Second output par, c points to above-mentioned controlled address, its
In, this partly in sig (cert) represent through signature overall format certificate.In addition, in this step, ca mechanism is further
Collect money from the audience in controlled address to generate the second above-mentioned output par, c, therefore, the output of this part may also be referred to as not spending transaction
Output (unspent transaction outputs, abbreviation utxo).Alternatively, it is also possible to be interpreted as in the output of this part comprising
As long as have effectively not spending status information for identity certificate it may be assumed that the money that ca mechanism squeezes into in controlled address (is also bit
Coin) be not spent, then explanation certificate is effective.
Above-mentioned application certificate is concluded the business and the corresponding transaction record write area of certificate transaction by step s740:ca mechanism
In the conventional block of block chain, and in block chain network, the block comprising above-mentioned transaction record is broadcasted.
Wherein, step s740 is an optional step.In addition, the executive agent of step s740 is except being ca mechanism
Outward, can also be other network nodes in block chain network, the present invention does not limit the transaction of above-mentioned application certificate and issues
The corresponding transaction record of certificate transaction writes the network node of block chain.And, above-mentioned application certificate is concluded the business and certificate
Corresponding transaction record of concluding the business both can have been write by same network node it is also possible to be write by different network nodes respectively.
Embodiment two,
The present embodiment is mainly used in realizing the management operation of cancellation of doucment class.Specifically, cancellation of doucment is related to higher level ca mechanism
Cancel the operation of the certificate that it issues for ca mechanism of subordinate, and ca mechanism cancels the operation of the certificate that it issues for client, by
Flow process in two class destruction operations is similar to, and therefore, mainly introduces first kind destruction operation below:
Because the corresponding address of certificate is controlled by certification authority, therefore, card is issued in certification authority inquiry
The transaction of book, and inquire about the output par, c (i.e. utxo) being located to the controlled address that certificate agency is generated, by this output par, c
In the amount of money that comprises use up, that is, show that certificate is revoked.
Specifically, ca mechanism searches the corresponding transaction record of above-mentioned certificate from conventional block, is obtained according to this transaction record
Take signing certificate;Send the cancellation of doucment comprising this signing certificate to conclude the business, the transaction of this cancellation of doucment includes sensing and issues card
The importation of the second output par, c of book transaction, and the output par, c pointing to node block chain account to be certified.Specifically real
Now, the transaction of this cancellation of doucment quotes, in importation, the output par, c pointing to default controlled address in certificate transaction,
The block chain account address of ca mechanism can be set in output par, c.Can be default controlled by pointing to by cancellation of doucment transaction
The state of the second output par, c of block chain account address is to have spent state from the initial Status Change that do not spend, thus indicating
Certificate is invalid.
Above-mentioned revocation mode both can apply to the certificate of ca mechanism be cancelled it is also possible to be applied to the card to client
Book is cancelled.After certificate revocation, the state information updating that do not spend in the output of the corresponding transaction of this certificate is to have spent shape
State information, thus show that certificate is invalid.
Embodiment three,
The present embodiment is mainly used in realizing inquiry (checking) certificate class management operation.Wherein, the checking of certificate typically by
The user interacting with certificate owner's (such as Website server) existence information goes to verify, proof procedure not only gather around by certificate to be verified
Whether effectively the certificate that the person of having itself is had, also successively will verify the certificate of certification authority upwards.Specifically, authenticated
The key step of journey is as follows:
Step one, user terminal access server, server sends, to user terminal, the certificate that server is had.
Specifically, user need to verify whether the contents such as the effect duration of certificate are correct, if correctly, continues executing with follow-up step
Suddenly, otherwise confirm certificate error.
Step 2, user terminal send certificate query request, this network section to the arbitrary network node in block chain network
Point receives and processes this certificate query request.
Wherein, receive and process this certificate query request network node both can be ca mechanism or website clothes
Business device, due to the distributed storage feature of block chain network decentration, saves complete area on each network node
Block chain information.The certificate information that this network node wherein comprises according to certificate query acquisition request, and machine issued according to certificate
The corresponding transaction of block chain account address search certificate of structure and certificate owner, takes out Transaction Information.
Step 3, this network node obtain corresponding signing certificate according to Transaction Information, and this signing certificate is sent
To user terminal.
Specifically, the address of certification authority first according to described in certificate for this network node and certificate owner
The address of (such as Website server) searches, to block chain, the transaction that this certification authority is initiated to certificate owner, inquires
A up-to-date transaction, and take out signing certificate therein.Then, this signing certificate of this network node is sent to user
Terminal.Whether the signing certificate that user relatively receives is consistent with the certificate receiving in step one, if consistent, continues executing with
Subsequent step, otherwise confirms certificate error.
The transaction record corresponding with signing certificate of storage in step 4, inquiry block chain, when judging transaction record
In the second output par, c when comprising not spending status information, confirm that certificate is effective;When judging that in transaction record second is defeated
Go out part when comprising to spend status information, confirm that certificate is invalid.
Wherein, step 4 both can have been completed by user terminal it is also possible to be completed by user terminal requests ca mechanism.And,
Step 4 can answer the request of user terminal to trigger it is also possible to automatically trigger after step 3 is finished.Specifically, if should
Pen output is used up, then explanation certificate has been revoked;If this output is not used up, illustrate that certificate effectively, wherein, is used up
Mean that by this export the amount of money having pass through trade give-ups to other addresses.
The certificate of step 5, recurrence examination of credentials issuing organization upwards, until root certificate.
Wherein, step 5 both can trigger it is also possible to after step 4 has executed automatically under the request of user terminal
Triggering.In order to ensure the effectiveness of certificate, need to examine the legitimacy of the issuing organization of this certificate further, i.e. examine further
Whether the certificate looking into the issuing organization of this certificate is effective.The checking process of this part and the examination class to Website server certificate
Seemingly, mainly examine in terms of the correctness of certificate and effectiveness two.Wherein, except root certificate, other mistakes inquiring about certificates at different levels
Journey is essentially identical: first, according to the content verification such as effect duration on certificate certificate, secondly, goes to search the card of preservation on block chain
Secretary records, and compares examination of credentials whether correct, finally, by inquiring about whether utxo state is revoked come examination of credentials.As for root
The examination of certificate, only need to go to create in generation block to be examined, not need to verify whether to be revoked.Because root certificate is from signature
Certificate, does not have higher level's issuing organization, would not be revoked after write wound generation block.So the process of checking root certificate only needs
Whether whether certificate to be verified correctly can be it is not necessary to going to examine effect duration and being revoked.
If each of the above step card does not pass through, that is, explanation existing problems, directly can return the result, need not continue
Continuous checking.
By above-mentioned flow process, it is achieved that the checking process of certificate.In addition, in order to be more fully understood from the present invention, Fig. 9 a
The flow chart respectively illustrating the links being related in the above embodiment of the present invention with Fig. 9 b.As illustrated in fig. 9, the present invention
Issuing and cancellation of doucment link relates generally to Website server, ca and block chain in above-described embodiment.In step 91,
Website server initiates transaction, sends certificate of unsigning.In step 92, ca authority signature certificate, the account that Generates Certificate address
(i.e. controlled address mentioned above).In step 93, ca mechanism initiates certificate transaction, by certificate write and to certificate account
Collect money from the audience in family.In step 94, the utxo collecting money from the audience in certificate transaction inquires about in ca mechanism, generates a cancellation of doucment transaction, will
This output is used up.As shown in figure 9b, Website server, use are related generally in inquiry certificate link in the above embodiment of the present invention
Family terminal and block chain.In step 95, user terminal access Website server.In step 96, Website server to
Family terminal returns certificate.In step 97, user is according to Transaction Information corresponding with this certificate in certificate lookup block chain.In step
In rapid 98, the certificate on the certificate of Website server and block chain is made comparisons by user terminal.In step 99, user terminal is tested
Corresponding utxo state in card transaction.In step 100, examine the certificate of ca mechanism.In a step 101, examine root ca mechanism
Certificate.Return examination result in a step 102.
Figure 10 shows the network architecture diagram based on block chain.As shown in Figure 10, this network architecture includes: root ca, root ca
Subordinate ca1 and the bit coin address (i.e. controlled address mentioned above) being controlled by root ca, also include: client's net of ca1
Site server and the bit coin address (i.e. controlled address mentioned above) being controlled by ca1, in addition, also include user user eventually
End and block chain wound generation block.It can be seen from fig. 10 that Website server can send application certificate transaction, ca1 to ca1
Application certificate transaction can also be sent to root ca.Correspondingly, root ca can send certificate transaction to ca1, and ca1 can also be to
Website server sends certificate transaction, wherein, in addition it is also necessary to machine to certificate while sending certificate transaction
Structure is collected money from the audience in controlled bit coin address.In addition, user can access the effectiveness that arbitrary network node verifies certificate.
As can be seen here, what the present invention carried out ca certificate using block chain the management operation such as issues, cancels and inquires about, fully
Make use of the feature being difficult to distort and come into the open of block chain, compensate for the deficiency in traditional ca certification so that ca issue and
Revocation information is propagated faster, improves the credibility of certification authority, especially root ca, user can pass through real-time query area
Record on block chain carrys out examination of credentials, relatively reliable.Even if in addition, depending on the distributed nature of block chain so that ca node
Do not interfere with the safety of whole ca network in the case of suffering from malicious attack, and block chain network is possible in short-term yet
Interior perceive problem.
In addition, those skilled in the art can carry out various changes and deform to above-described embodiment, for example, art technology
Personnel can also be modified from following several respects:
(1) in the above-described embodiments, the node on block chain comprises ca mechanism and applies for the mechanism of certificate (as website service
Device), and domestic consumer verifies and is verified by accessing any node on block chain during certificate.It is alternatively possible to allow common
The node that user also serves as on block chain accesses, to improve the motility of proof procedure.
(2) because the certificate of root ca is to write wound generation block by hard coded, block chain network exists multiple ca,
Once certain root ca is broken, to change root ca, it will destroy whole block chain network.Alternatively, it is that all of ca builds
A vertical superior root, write wound generation block.Come for root ca certificate by superior root.
(3) present invention generates the controlled address of a certification authority in certificate, and transaction generates this account
Whether the corresponding utxo in family, used up to judge whether certificate cancels by this utxo.Alternatively, because the effectiveness of certificate is
Depend on utxo, not particular account, therefore, same account can be multiplexed, that is, a certification authority only needs to give birth to
Become such account, the utxo that all certificates that this certification authority is issued are generated all corresponds to this account.
(4) in the certificate of the embodiment of the present invention, comprise the address that option is certification authority and application organization,
It is its corresponding account address in block chain network.Alternatively, in order to keep the unification with traditional certificate format, this part
Can not put in certificate, and inside the output par, c content of every transaction of writing direct, as follows:
Figure 11 shows a kind of structure of ca authentication management device based on block chain that another embodiment of the present invention provides
Figure.Wherein, block chain further includes to create generation block and conventional block, and wound generation block is used for storing root ca certificate, described
Device includes:
Receiver module 101, is suitable to receive that node to be certified sends in block chain network comprises the Shen of certificate of unsigning
Please certificate transaction;
Acquisition module 102, is suitable to obtain the certificate of unsigning comprising in described application certificate transaction, is unsigned according to described
Certificates constructing signing certificate;
Sending module 103, be suitable to send to described node to be certified in block chain network comprise described in signing certificate
Certificate transaction;Wherein, described certificate transaction further includes: points to described node block chain account ground to be certified
First output par, c of location, and point to the second output par, c of default controlled block chain account address.
Alternatively, this device further includes: logging modle 104, is suitable to described application certificate transaction corresponding first
Transaction record and described certificate corresponding second transaction record of transaction are respectively written in the conventional block of described block chain,
And in block chain network, the block comprising described first transaction record and described second transaction record is broadcasted.
Alternatively, described signing certificate is stored in the second output par, c of described certificate transaction.
Alternatively, described certificate of unsigning includes checking information, then described acquisition module specifically for: tested according to described
Card information is verified to described certificate of unsigning, and after being verified, described certificate of unsigning is digitally signed.
Alternatively, described checking information include following at least one: node public key to be certified, node to be certified letter
Breath, node address to be certified, certification nodal information, certification node address, validity period of certificate and certificate authority time.
Alternatively, this device further includes: revocation module, is suitable to search described second transaction from described routine block
Record, signing certificate according to described second transaction record obtains;Block chain network sends and signs described in comprising
The cancellation of doucment transaction of certificate, wherein said cancellation of doucment transaction includes pointing to the second output par, c of described certificate transaction
Importation, and point to described node block chain account to be certified output par, c.
Alternatively, this device further includes: enquiry module, is suitable to the certificate query request of receive user terminal transmission,
Obtain the certificate information comprising in described certificate query request;Searched from described routine block according to described certificate information and correspond to
Transaction record, and corresponding signing certificate is obtained according to the transaction record that finds;Send described to described user terminal
Signing certificate.Specifically, described enquiry module is further used for: in inquiry described routine block, storage is signed with described
The corresponding transaction record of certificate, when judging the second output par, c in described transaction record is not spend state, to described
User terminal sends certificate efficient message;When judging the second output par, c in described transaction record is to spend state,
Send certificate invalid message to described user terminal.
Wherein, described ca certificate includes: root ca public key, root ca information, root ca address, validity period of certificate, certificate authority
Time and digital signature.
The specific works details of above-mentioned modules can refer to the description of appropriate section in embodiment of the method, no longer superfluous herein
State.
In addition, the above-mentioned ca authentication management device based on block chain is usually ca mechanisms at different levels mentioned above.
Figure 12 shows a kind of structure of ca authentication administrative system based on block chain that another embodiment of the present invention provides
Schematic diagram, as shown in figure 12, this system includes: above-mentioned ca authentication management device 100, and node to be certified 110.Wherein, ca
Authentication management device 100 both can be root ca or other ca at different levels;Node 110 to be certified both can be ca machines at different levels
Structure or client server.
In sum, in the inventive solutions, the main several key problem in technology points as follows that include:
First, using certificate as on the part write block chain of transaction, the trust of block chain is joined jointly by all nodes
With complete.Thereby ensure that the correctness of certificate.
Secondly, even if root certificate is write in wound generation block so that certain node on block chain is by malicious attack, also no
Method arbitrarily changes root certificate.
Again, using the transactional nature of bit coin, by concluding the business, whether the utxo generating is consumed, and to judge that certificate is
No it is revoked.The process of checking examines up-to-date record on current block chain in real time every time, and solving user cannot know in time
The problem whether certificate is revoked.
Finally, in conjunction with the distributed feature of block chain, all nodes all save the record of transaction, and therefore user can connect
It is connected to arbitrary node to go to be examined.Checking process is made not rely on single source it is therefore prevented that recording the wind being maliciously tampered
Danger.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with based on teaching in this.As described above, construct required by this kind of system
Structure be obvious.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to use various
Programming language realizes the content of invention described herein, and the description above language-specific done is to disclose this
Bright preferred forms.
In description mentioned herein, illustrate a large amount of details.It is to be appreciated, however, that the enforcement of the present invention
Example can be put into practice in the case of not having these details.In some instances, known method, structure are not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly it will be appreciated that in order to simplify the disclosure and help understand one or more of each inventive aspect,
Above in the description to the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect an intention that i.e. required guarantor
The application claims of shield more features than the feature being expressly recited in each claim.More precisely, it is such as following
Claims reflected as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
The claims following specific embodiment are thus expressly incorporated in this specific embodiment, wherein each claim itself
All as the separate embodiments of the present invention.
Those skilled in the art are appreciated that and the module in the equipment in embodiment can be carried out adaptively
Change and they are arranged in one or more equipment different from this embodiment.Can be the module in embodiment or list
Unit or assembly be combined into a module or unit or assembly, and can be divided in addition multiple submodule or subelement or
Sub-component.In addition to such feature and/or at least some of process or unit exclude each other, can adopt any
Combination is to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed
Where method or all processes of equipment or unit are combined.Unless expressly stated otherwise, this specification (includes adjoint power
Profit requires, summary and accompanying drawing) disclosed in each feature can carry out generation by the alternative features providing identical, equivalent or similar purpose
Replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments in this include institute in other embodiments
Including some features rather than further feature, but the combination of the feature of different embodiment means to be in the scope of the present invention
Within and form different embodiments.For example, in the following claims, embodiment required for protection any it
One can in any combination mode using.
The all parts embodiment of the present invention can be realized with hardware, or to run on one or more processor
Software module realize, or with combinations thereof realize.It will be understood by those of skill in the art that can use in practice
Microprocessor or digital signal processor (dsp) are realizing some or all portions in device according to embodiments of the present invention
The some or all functions of part.The present invention is also implemented as a part for executing method as described herein or complete
The equipment in portion or program of device (for example, computer program and computer program).Such program realizing the present invention
Can store on a computer-readable medium, or can have the form of one or more signal.Such signal is permissible
Download from internet website and obtain, or provide on carrier signal, or provided with any other form.
It should be noted that above-described embodiment the present invention will be described rather than limits the invention, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference markss between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element listed in the claims or step.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can come real by means of the hardware including some different elements and by means of properly programmed computer
Existing.If in the unit claim listing equipment for drying, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
The invention discloses: a1, a kind of ca authentication management method based on block chain, wherein, described block chain is further
Including wound generation block and conventional block, and described wound generation block is used for storing root ca certificate, and methods described includes:
Receive that node to be certified sends in block chain network comprises the application certificate transaction of certificate of unsigning;
Obtain the certificate of unsigning that comprises in described application certificate transaction, signed card according to described certificates constructing of unsigning
Book;
Send the certificate transaction of signing certificate described in comprising to described node to be certified in block chain network;Its
In, described certificate transaction further includes: point to the first output par, c of described node block chain account address to be certified,
And point to the second output par, c of default controlled block chain account address.
A2, the method according to a1, wherein, further include: by corresponding for described application certificate transaction the first transaction
Record and described certificate corresponding second transaction record of transaction are respectively written in the conventional block of described block chain, and
In block chain network, the block comprising described first transaction record and described second transaction record is broadcasted.
A3, the method according to a1, wherein, it is second defeated that described signing certificate is stored in the transaction of described certificate
Go out part.
A4, the method according to a1, wherein, described certificate of unsigning includes checking information, then described in described basis
The step of certificates constructing signing certificate of unsigning specifically includes:
According to described checking information, described certificate of unsigning is verified, after being verified, to described card of unsigning
Book is digitally signed.
A5, the method according to a4, wherein, described checking information include following at least one: node to be certified
Public key, nodal information to be certified, node address to be certified, certification nodal information, certification node address, validity period of certificate and
The certificate authority time.
A6, the method according to a2, wherein, described by described application certificate conclude the business corresponding first transaction record and
After described certificate corresponding second transaction record of transaction is respectively written into the step in the conventional block of described block chain, enter
One step includes:
Search described second transaction record from described routine block, sign according to described second transaction record obtains
Name certificate;
Send the cancellation of doucment transaction of signing certificate described in comprising in block chain network, wherein said cancellation of doucment is handed over
Easily include pointing to the importation of the second output par, c of described certificate transaction, and point to described node block to be certified
The output par, c of chain account.
A7, the method according to a1, wherein, further include:
The certificate query request that receive user terminal sends, obtains the certificate information comprising in described certificate query request;
Corresponding transaction record is searched from described routine block according to described certificate information, and according to the transaction finding
Record obtains corresponding signing certificate;
To described user terminal send described in signing certificate.
A8, the method according to a7, wherein, described to described user terminal send described in signing certificate step it
Afterwards, further include:
The transaction record corresponding with described signing certificate of storage in inquiry described routine block, when judging described friendship
When the state of the second output par, c in easily recording is not spend state, send certificate efficient message to described user terminal;When
The state judging the second output par, c in described transaction record is for, when spending state, sending certificate to described user terminal
Invalid message.
A9, the method according to a1, wherein, described ca certificate includes: root ca public key, root ca information, root ca address,
Validity period of certificate, certificate authority time and digital signature.
The invention also discloses: b10, a kind of ca authentication management device based on block chain, wherein, described block chain enters one
Step includes creating generation block and conventional block, and described wound generation block is used for storing root ca certificate, and methods described includes:
Receiver module, is suitable to receive that node to be certified sends in block chain network comprises the application card of certificate of unsigning
Book is concluded the business;
Acquisition module, is suitable to obtain the certificate of unsigning comprising in described application certificate transaction, according to described card of unsigning
Inteilectual becomes signing certificate;
Sending module, is suitable to send to described node to be certified described in comprising issuing of signing certificate in block chain network
Issue licence transaction;Wherein, described certificate transaction further includes: points to described node block chain account address to be certified
First output par, c, and point to the second output par, c of default controlled block chain account address.
B11, the device according to b10, wherein, further include: logging modle, are suitable to described application certificate transaction
Corresponding first transaction record and described certificate corresponding second transaction record of transaction are respectively written into described block chain
In conventional block, and in block chain network, the block comprising described first transaction record and described second transaction record is entered
Row broadcast.
B12, the device according to b10, wherein, described signing certificate is stored in the second of described certificate transaction
Output par, c.
B13, the device according to b10, wherein, described certificate of unsigning includes checking information, then described acquisition mould
Block specifically for:
According to described checking information, described certificate of unsigning is verified, after being verified, to described card of unsigning
Book is digitally signed.
B14, the device according to b13, wherein, described checking information include following at least one: section to be certified
Point public key, nodal information to be certified, node address to be certified, certification nodal information, certification node address, validity period of certificate, with
And the certificate authority time.
B15, the device according to b10, wherein, further include:
Revocation module, is suitable to search described second transaction record from described routine block, according to the described second transaction note
Record obtain described in signing certificate;Send the cancellation of doucment transaction of signing certificate described in comprising in block chain network, wherein
Described cancellation of doucment transaction includes pointing to the importation of the second output par, c of described certificate transaction, and points to described
The output par, c of node block chain account to be certified.
B16, the device according to b10, wherein, further include:
Enquiry module, is suitable to the certificate query request of receive user terminal transmission, obtains in described certificate query request and wraps
The certificate information containing;Corresponding transaction record is searched from described routine block according to described certificate information, and according to finding
Transaction record obtain corresponding signing certificate;To described user terminal send described in signing certificate.
B17, the device according to b16, wherein, described enquiry module is further used for:
The transaction record corresponding with described signing certificate of storage in inquiry described routine block, when judging described friendship
When the state of the second output par, c in easily recording is not spend state, send certificate efficient message to described user terminal;When
The state judging the second output par, c in described transaction record is for, when spending state, sending certificate to described user terminal
Invalid message.
B18, the device according to b10, wherein, described ca certificate includes: root ca public key, root ca information, root ca ground
Location, validity period of certificate, certificate authority time and digital signature.
The present invention further discloses: c19, a kind of ca authentication administrative system based on block chain, wherein, including above-mentioned
Arbitrary described ca authentication management device and node to be certified in b10-b18.
Claims (10)
1. a kind of ca authentication management method based on block chain is it is characterised in that described block chain further includes to create generation block
And conventional block, and described wound generation block is used for storing root ca certificate, methods described includes:
Receive that node to be certified sends in block chain network comprises the application certificate transaction of certificate of unsigning;
Obtain the certificate of unsigning comprising in described application certificate transaction, according to described certificates constructing signing certificate of unsigning;
Send the certificate transaction of signing certificate described in comprising to described node to be certified in block chain network;Wherein,
Described certificate transaction further includes: point to the first output par, c of described node block chain account address to be certified, with
And point to the second output par, c of default controlled block chain account address.
2. method according to claim 1, wherein, further includes: by corresponding for described application certificate transaction the first friendship
Easily record and described certificate corresponding second transaction record of transaction are respectively written in the conventional block of described block chain, and
Block chain network is broadcasted to the block comprising described first transaction record and described second transaction record.
3. method according to claim 1, wherein, described signing certificate is stored in the second of described certificate transaction
Output par, c.
4. method according to claim 1, wherein, described certificate of unsigning includes checking information, then described according to institute
The step stating certificates constructing signing certificate of unsigning specifically includes:
According to described checking information, described certificate of unsigning is verified, after being verified, described certificate of unsigning is entered
Row digital signature.
5. method according to claim 4, wherein, described checking information include following at least one: section to be certified
Point public key, nodal information to be certified, node address to be certified, certification nodal information, certification node address, validity period of certificate, with
And the certificate authority time.
6. method according to claim 2, wherein, described by described application certificate conclude the business corresponding first transaction record with
And described certificate concludes the business after corresponding second transaction record is respectively written into the step in the conventional block of described block chain,
Further include:
Search described second transaction record from described routine block, card of having signed according to described second transaction record obtains
Book;
The cancellation of doucment transaction of signing certificate described in comprising, wherein said cancellation of doucment transaction bag is sent in block chain network
Include the importation of the second output par, c pointing to described certificate transaction, and point to described node block chain account to be certified
The output par, c at family.
7. a kind of ca authentication management device based on block chain is it is characterised in that described block chain further includes to create generation block
And conventional block, and described wound generation block is used for storing root ca certificate, methods described includes:
Receiver module, is suitable to receive that node to be certified sends in block chain network that comprise the to unsign application certificate of certificate is handed over
Easily;
Acquisition module, is suitable to obtain the certificate of unsigning comprising in described application certificate transaction, according to described certificate life of unsigning
Become signing certificate;
Sending module, be suitable to send to described node to be certified described in comprising signing certificate in block chain network issues card
Book is concluded the business;Wherein, described certificate transaction further includes: points to the first of described node block chain account address to be certified
Output par, c, and point to the second output par, c of default controlled block chain account address.
8. device according to claim 7, wherein, further includes: logging modle, is suitable to described application certificate transaction
Corresponding first transaction record and described certificate corresponding second transaction record of transaction are respectively written into described block chain
In conventional block, and in block chain network, the block comprising described first transaction record and described second transaction record is entered
Row broadcast.
9. device according to claim 7, wherein, described signing certificate is stored in the second of described certificate transaction
Output par, c.
10. a kind of ca authentication administrative system based on block chain is it is characterised in that include arbitrary institute in the claims 7-9
The ca authentication management device stated and node to be certified.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610782864.2A CN106372941B (en) | 2016-08-31 | 2016-08-31 | Based on the ca authentication management method of block chain, apparatus and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610782864.2A CN106372941B (en) | 2016-08-31 | 2016-08-31 | Based on the ca authentication management method of block chain, apparatus and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106372941A true CN106372941A (en) | 2017-02-01 |
CN106372941B CN106372941B (en) | 2019-07-16 |
Family
ID=57898771
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610782864.2A Active CN106372941B (en) | 2016-08-31 | 2016-08-31 | Based on the ca authentication management method of block chain, apparatus and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106372941B (en) |
Cited By (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106789090A (en) * | 2017-02-24 | 2017-05-31 | 陈晶 | Public key infrastructure system and semi-random participating certificate endorsement method based on block chain |
CN106972931A (en) * | 2017-02-22 | 2017-07-21 | 中国科学院数据与通信保护研究教育中心 | A kind of method of certificate transparence in PKI |
CN107426157A (en) * | 2017-04-21 | 2017-12-01 | 杭州趣链科技有限公司 | A kind of alliance's chain authority control method based on digital certificate and ca authentication system |
CN107451874A (en) * | 2017-07-27 | 2017-12-08 | 武汉天喻信息产业股份有限公司 | Electronic invoice integrated conduct method and system based on block chain |
CN107734502A (en) * | 2017-09-07 | 2018-02-23 | 京信通信系统(中国)有限公司 | Micro-base station communication management method, system and equipment based on block chain |
CN108282539A (en) * | 2018-02-06 | 2018-07-13 | 北京奇虎科技有限公司 | Decentralization storage system based on double-layer network |
CN108347483A (en) * | 2018-02-06 | 2018-07-31 | 北京奇虎科技有限公司 | Decentralization computing system based on double-layer network |
CN108881471A (en) * | 2018-07-09 | 2018-11-23 | 北京信息科技大学 | A kind of the whole network based on alliance uniformly trusts anchor system and construction method |
CN108921694A (en) * | 2018-06-21 | 2018-11-30 | 北京京东尚科信息技术有限公司 | Block chain management method and block chain node and computer readable storage medium |
CN108933667A (en) * | 2018-05-03 | 2018-12-04 | 深圳市京兰健康医疗大数据有限公司 | A kind of management method and management system of the public key certificate based on block chain |
CN108964924A (en) * | 2018-07-24 | 2018-12-07 | 腾讯科技(深圳)有限公司 | Digital certificate method of calibration, device, computer equipment and storage medium |
CN108965469A (en) * | 2018-08-16 | 2018-12-07 | 北京京东尚科信息技术有限公司 | Block chain network member dynamic management approach, device, equipment and storage medium |
CN109034826A (en) * | 2018-08-06 | 2018-12-18 | 佛山市甜慕链客科技有限公司 | It is a kind of for based on block chain verifying digital certificate method and system |
CN109242686A (en) * | 2018-08-31 | 2019-01-18 | 深圳付贝科技有限公司 | Transaction Recall voluntarily method digs mine machine and block catenary system |
CN109325359A (en) * | 2018-09-03 | 2019-02-12 | 平安科技(深圳)有限公司 | System of account setting method, system, computer equipment and storage medium |
CN109359479A (en) * | 2018-09-21 | 2019-02-19 | 北京非对称区块链科技有限公司 | Certificates constructing and the method, apparatus of verifying, storage medium and electronic equipment |
CN109428892A (en) * | 2017-09-01 | 2019-03-05 | 埃森哲环球解决方案有限公司 | Multistage rewritable block chain |
CN109547200A (en) * | 2018-11-21 | 2019-03-29 | 上海点融信息科技有限责任公司 | Certificate distribution method and corresponding calculating equipment and medium in block chain network |
WO2019132767A1 (en) * | 2017-12-28 | 2019-07-04 | 华为国际有限公司 | Transaction processing method and related equipment |
CN110163004A (en) * | 2018-02-14 | 2019-08-23 | 华为技术有限公司 | A kind of method, relevant device and system that block chain generates |
WO2019174430A1 (en) * | 2018-03-14 | 2019-09-19 | 郑杰骞 | Block chain data processing method, management terminal, user terminal, conversion device, and medium |
CN110489234A (en) * | 2019-08-16 | 2019-11-22 | 中国银行股份有限公司 | Message processing method, device, equipment and the readable storage medium storing program for executing of block link layer |
CN110521180A (en) * | 2017-04-11 | 2019-11-29 | 万事达卡国际公司 | The system and method for the biological characteristic authentication of request processing are signed for certificate |
CN110598375A (en) * | 2019-09-20 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Data processing method, device and storage medium |
WO2020001103A1 (en) * | 2018-06-26 | 2020-01-02 | 阿里巴巴集团控股有限公司 | Blockchain-based electronic signature method and apparatus, and electronic device |
CN110855679A (en) * | 2019-11-15 | 2020-02-28 | 微位(深圳)网络科技有限公司 | uPKI combined public key authentication method and system |
CN111027970A (en) * | 2018-12-07 | 2020-04-17 | 深圳市智税链科技有限公司 | Authentication management method, device, medium and electronic equipment for block chain system |
CN111047319A (en) * | 2019-09-03 | 2020-04-21 | 腾讯科技(深圳)有限公司 | Transaction processing method of block chain network and block chain network |
WO2019170177A3 (en) * | 2019-06-28 | 2020-04-30 | Alibaba Group Holding Limited | System and method for updating data in blockchain |
US10693629B2 (en) | 2019-06-28 | 2020-06-23 | Alibaba Group Holding Limited | System and method for blockchain address mapping |
CN111641504A (en) * | 2019-03-01 | 2020-09-08 | 湖南天河国云科技有限公司 | Block chain digital certificate application method and system based on bit currency system |
CN111901121A (en) * | 2018-04-03 | 2020-11-06 | 创新先进技术有限公司 | Cross-block-chain authentication method and device and electronic equipment |
GB2583767A (en) * | 2019-05-10 | 2020-11-11 | Nchain Holdings Ltd | Methods and devices for public key management using a blockchain |
CN112015460A (en) * | 2020-09-09 | 2020-12-01 | 南京工程学院 | Code tracing method and system based on block chain technology |
CN112041873A (en) * | 2018-04-27 | 2020-12-04 | 区块链控股有限公司 | Block chain network partitioning |
CN112512048A (en) * | 2020-11-27 | 2021-03-16 | 达闼机器人有限公司 | Mobile network access system, method, storage medium and electronic device |
JP2021520167A (en) * | 2018-04-12 | 2021-08-12 | イサラ コーポレイション | How to build a root of trust for multiple entities |
CN116055069A (en) * | 2023-04-03 | 2023-05-02 | 北京微芯感知科技有限公司 | Distributed CA (conditional access) implementation method based on block chain |
US11777728B2 (en) * | 2019-05-16 | 2023-10-03 | Gmo Globalsign, Inc. | Systems and methods for blockchain transactions with offer and acceptance |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2589147A (en) * | 2019-11-25 | 2021-05-26 | Nchain Holdings Ltd | Methods and devices for automated digital certificate verification |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105592098A (en) * | 2016-01-16 | 2016-05-18 | 杭州复杂美科技有限公司 | Management method of vote and CA certificate of block chain |
CN105591753A (en) * | 2016-01-13 | 2016-05-18 | 杭州复杂美科技有限公司 | Application method of CA certificate on block chain |
CN105701372A (en) * | 2015-12-18 | 2016-06-22 | 布比(北京)网络技术有限公司 | Block chain identity construction and verification method |
EP3364351A1 (en) * | 2015-10-16 | 2018-08-22 | Coinplug, Inc | Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same |
-
2016
- 2016-08-31 CN CN201610782864.2A patent/CN106372941B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3364351A1 (en) * | 2015-10-16 | 2018-08-22 | Coinplug, Inc | Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same |
CN105701372A (en) * | 2015-12-18 | 2016-06-22 | 布比(北京)网络技术有限公司 | Block chain identity construction and verification method |
CN105591753A (en) * | 2016-01-13 | 2016-05-18 | 杭州复杂美科技有限公司 | Application method of CA certificate on block chain |
CN105592098A (en) * | 2016-01-16 | 2016-05-18 | 杭州复杂美科技有限公司 | Management method of vote and CA certificate of block chain |
Cited By (68)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106972931A (en) * | 2017-02-22 | 2017-07-21 | 中国科学院数据与通信保护研究教育中心 | A kind of method of certificate transparence in PKI |
CN106972931B (en) * | 2017-02-22 | 2020-05-15 | 中国科学院数据与通信保护研究教育中心 | Method for transparentizing certificate in PKI |
CN106789090A (en) * | 2017-02-24 | 2017-05-31 | 陈晶 | Public key infrastructure system and semi-random participating certificate endorsement method based on block chain |
CN106789090B (en) * | 2017-02-24 | 2019-12-24 | 陈晶 | Public key infrastructure system based on block chain and semi-random combined certificate signature method |
CN110521180B (en) * | 2017-04-11 | 2021-07-27 | 万事达卡国际公司 | System and method for biometric authentication for certificate signing request processing |
CN110521180A (en) * | 2017-04-11 | 2019-11-29 | 万事达卡国际公司 | The system and method for the biological characteristic authentication of request processing are signed for certificate |
CN107426157A (en) * | 2017-04-21 | 2017-12-01 | 杭州趣链科技有限公司 | A kind of alliance's chain authority control method based on digital certificate and ca authentication system |
CN107426157B (en) * | 2017-04-21 | 2020-04-17 | 杭州趣链科技有限公司 | Alliance chain authority control method based on digital certificate and CA authentication system |
CN107451874A (en) * | 2017-07-27 | 2017-12-08 | 武汉天喻信息产业股份有限公司 | Electronic invoice integrated conduct method and system based on block chain |
CN109428892A (en) * | 2017-09-01 | 2019-03-05 | 埃森哲环球解决方案有限公司 | Multistage rewritable block chain |
CN109428892B (en) * | 2017-09-01 | 2021-12-28 | 埃森哲环球解决方案有限公司 | Multi-stage rewritable block chain |
CN107734502A (en) * | 2017-09-07 | 2018-02-23 | 京信通信系统(中国)有限公司 | Micro-base station communication management method, system and equipment based on block chain |
CN107734502B (en) * | 2017-09-07 | 2020-02-21 | 京信通信系统(中国)有限公司 | Micro base station communication management method, system and equipment based on block chain |
WO2019132767A1 (en) * | 2017-12-28 | 2019-07-04 | 华为国际有限公司 | Transaction processing method and related equipment |
CN111433800B (en) * | 2017-12-28 | 2024-04-09 | 华为国际有限公司 | Transaction processing method and related equipment |
CN111433800A (en) * | 2017-12-28 | 2020-07-17 | 华为国际有限公司 | Transaction processing method and related equipment |
CN108347483B (en) * | 2018-02-06 | 2021-04-09 | 北京奇虎科技有限公司 | Decentralized computing system based on double-layer network |
CN108347483A (en) * | 2018-02-06 | 2018-07-31 | 北京奇虎科技有限公司 | Decentralization computing system based on double-layer network |
CN108282539A (en) * | 2018-02-06 | 2018-07-13 | 北京奇虎科技有限公司 | Decentralization storage system based on double-layer network |
CN110163004B (en) * | 2018-02-14 | 2023-02-03 | 华为技术有限公司 | Block chain generation method, related equipment and system |
US11902450B2 (en) | 2018-02-14 | 2024-02-13 | Huawei Technologies Co., Ltd. | Blockchain generation method and system, and related device |
CN110163004A (en) * | 2018-02-14 | 2019-08-23 | 华为技术有限公司 | A kind of method, relevant device and system that block chain generates |
WO2019174430A1 (en) * | 2018-03-14 | 2019-09-19 | 郑杰骞 | Block chain data processing method, management terminal, user terminal, conversion device, and medium |
CN111901121B (en) * | 2018-04-03 | 2023-09-29 | 创新先进技术有限公司 | Cross-blockchain authentication method and device and electronic equipment |
CN111901121A (en) * | 2018-04-03 | 2020-11-06 | 创新先进技术有限公司 | Cross-block-chain authentication method and device and electronic equipment |
JP2021520167A (en) * | 2018-04-12 | 2021-08-12 | イサラ コーポレイション | How to build a root of trust for multiple entities |
JP7068543B2 (en) | 2018-04-12 | 2022-05-16 | イサラ コーポレイション | How to Build a Root of Trust for Multiple Entities |
CN112041873A (en) * | 2018-04-27 | 2020-12-04 | 区块链控股有限公司 | Block chain network partitioning |
CN112041873B (en) * | 2018-04-27 | 2024-04-19 | 区块链控股有限公司 | Block chain network partitioning |
CN108933667B (en) * | 2018-05-03 | 2021-08-10 | 深圳市京兰健康医疗大数据有限公司 | Management method and management system of public key certificate based on block chain |
CN108933667A (en) * | 2018-05-03 | 2018-12-04 | 深圳市京兰健康医疗大数据有限公司 | A kind of management method and management system of the public key certificate based on block chain |
CN108921694A (en) * | 2018-06-21 | 2018-11-30 | 北京京东尚科信息技术有限公司 | Block chain management method and block chain node and computer readable storage medium |
WO2020001103A1 (en) * | 2018-06-26 | 2020-01-02 | 阿里巴巴集团控股有限公司 | Blockchain-based electronic signature method and apparatus, and electronic device |
TWI694709B (en) * | 2018-06-26 | 2020-05-21 | 香港商阿里巴巴集團服務有限公司 | Blockchain-based electronic signature method and device, and electronic equipment |
CN108881471B (en) * | 2018-07-09 | 2020-09-11 | 北京信息科技大学 | Union-based whole-network unified trust anchor system and construction method |
CN108881471A (en) * | 2018-07-09 | 2018-11-23 | 北京信息科技大学 | A kind of the whole network based on alliance uniformly trusts anchor system and construction method |
CN108964924A (en) * | 2018-07-24 | 2018-12-07 | 腾讯科技(深圳)有限公司 | Digital certificate method of calibration, device, computer equipment and storage medium |
CN109034826A (en) * | 2018-08-06 | 2018-12-18 | 佛山市甜慕链客科技有限公司 | It is a kind of for based on block chain verifying digital certificate method and system |
CN108965469A (en) * | 2018-08-16 | 2018-12-07 | 北京京东尚科信息技术有限公司 | Block chain network member dynamic management approach, device, equipment and storage medium |
CN108965469B (en) * | 2018-08-16 | 2021-07-30 | 北京京东尚科信息技术有限公司 | Dynamic management method, device, equipment and storage medium for members of block chain network |
CN109242686A (en) * | 2018-08-31 | 2019-01-18 | 深圳付贝科技有限公司 | Transaction Recall voluntarily method digs mine machine and block catenary system |
CN109325359B (en) * | 2018-09-03 | 2023-06-02 | 平安科技(深圳)有限公司 | Account system setting method, system, computer device and storage medium |
CN109325359A (en) * | 2018-09-03 | 2019-02-12 | 平安科技(深圳)有限公司 | System of account setting method, system, computer equipment and storage medium |
CN109359479B (en) * | 2018-09-21 | 2019-12-31 | 北京非对称区块链科技有限公司 | Certificate generation and verification method, device, storage medium and electronic equipment |
CN109359479A (en) * | 2018-09-21 | 2019-02-19 | 北京非对称区块链科技有限公司 | Certificates constructing and the method, apparatus of verifying, storage medium and electronic equipment |
CN109547200A (en) * | 2018-11-21 | 2019-03-29 | 上海点融信息科技有限责任公司 | Certificate distribution method and corresponding calculating equipment and medium in block chain network |
CN111027970A (en) * | 2018-12-07 | 2020-04-17 | 深圳市智税链科技有限公司 | Authentication management method, device, medium and electronic equipment for block chain system |
CN111027970B (en) * | 2018-12-07 | 2024-02-23 | 深圳市智税链科技有限公司 | Authentication management method, device, medium and electronic equipment of block chain system |
CN111641504A (en) * | 2019-03-01 | 2020-09-08 | 湖南天河国云科技有限公司 | Block chain digital certificate application method and system based on bit currency system |
GB2583767A (en) * | 2019-05-10 | 2020-11-11 | Nchain Holdings Ltd | Methods and devices for public key management using a blockchain |
US11777728B2 (en) * | 2019-05-16 | 2023-10-03 | Gmo Globalsign, Inc. | Systems and methods for blockchain transactions with offer and acceptance |
CN111164586B (en) * | 2019-06-28 | 2023-07-04 | 创新先进技术有限公司 | System and method for updating data in a blockchain |
US10931449B2 (en) | 2019-06-28 | 2021-02-23 | Advanced New Technologies Co., Ltd. | System and method for updating data in blockchain |
WO2019170177A3 (en) * | 2019-06-28 | 2020-04-30 | Alibaba Group Holding Limited | System and method for updating data in blockchain |
CN111164586A (en) * | 2019-06-28 | 2020-05-15 | 阿里巴巴集团控股有限公司 | System and method for updating data in a blockchain |
US10693629B2 (en) | 2019-06-28 | 2020-06-23 | Alibaba Group Holding Limited | System and method for blockchain address mapping |
US10715322B2 (en) | 2019-06-28 | 2020-07-14 | Alibaba Group Holding Limited | System and method for updating data in blockchain |
CN110489234A (en) * | 2019-08-16 | 2019-11-22 | 中国银行股份有限公司 | Message processing method, device, equipment and the readable storage medium storing program for executing of block link layer |
CN111047319A (en) * | 2019-09-03 | 2020-04-21 | 腾讯科技(深圳)有限公司 | Transaction processing method of block chain network and block chain network |
CN110598375A (en) * | 2019-09-20 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Data processing method, device and storage medium |
CN110855679A (en) * | 2019-11-15 | 2020-02-28 | 微位(深圳)网络科技有限公司 | uPKI combined public key authentication method and system |
CN110855679B (en) * | 2019-11-15 | 2021-11-30 | 微位(深圳)网络科技有限公司 | uPKI combined public key authentication method and system |
CN112015460B (en) * | 2020-09-09 | 2023-11-03 | 南京工程学院 | Code responsibility-following method and system based on block chain technology |
CN112015460A (en) * | 2020-09-09 | 2020-12-01 | 南京工程学院 | Code tracing method and system based on block chain technology |
CN112512048B (en) * | 2020-11-27 | 2022-07-12 | 达闼机器人股份有限公司 | Mobile network access system, method, storage medium and electronic device |
CN112512048A (en) * | 2020-11-27 | 2021-03-16 | 达闼机器人有限公司 | Mobile network access system, method, storage medium and electronic device |
CN116055069B (en) * | 2023-04-03 | 2023-06-27 | 北京微芯感知科技有限公司 | Distributed CA (conditional access) implementation method based on block chain |
CN116055069A (en) * | 2023-04-03 | 2023-05-02 | 北京微芯感知科技有限公司 | Distributed CA (conditional access) implementation method based on block chain |
Also Published As
Publication number | Publication date |
---|---|
CN106372941B (en) | 2019-07-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106372941A (en) | CA authentication management method, device and system based on block chain | |
CN106301792B (en) | Based on the ca authentication management method of block chain, apparatus and system | |
CN106384236B (en) | Based on the ca authentication management method of block chain, apparatus and system | |
CA3030813C (en) | Method for providing smart contract-based certificate service, and server employing same | |
US10887275B2 (en) | Token based network service among IoT applications | |
CN106339875B (en) | Operation note checking method and device based on publicly-owned block chain | |
CN106357612B (en) | Authentication record checking method and device based on publicly-owned block chain | |
US11469891B2 (en) | Expendable cryptographic key access | |
US20200145373A1 (en) | System for blockchain based domain name and ip number register | |
CN109559224B (en) | Credit investigation evaluation method and device and electronic equipment | |
CN109684375B (en) | Method, accounting node and medium for querying transaction information in blockchain network | |
CN108476246A (en) | Secure domain name parsing in computer network | |
CN109600366A (en) | The method and device of protection user data privacy based on block chain | |
CN111444550A (en) | Block chain-based service data verification method and device and readable storage medium | |
CN109413076A (en) | Domain name analytic method and device | |
KR20060123470A (en) | Signature-efficient real time credentials for ocsp and distributed ocsp | |
CN110535807B (en) | Service authentication method, device and medium | |
JP2016521932A (en) | Terminal identification method, and method, system, and apparatus for registering machine identification code | |
CN110674531B (en) | Residential information management method, device, server and medium based on block chain | |
CN113271311A (en) | Digital identity management method and system in cross-link network | |
CN112311779A (en) | Data access control method and device applied to block chain system | |
US20230412400A1 (en) | Method for suspending protection of an object achieved by a protection device | |
CN114944937A (en) | Distributed digital identity verification method, system, electronic device and storage medium | |
JP2019040537A (en) | Identification information providing method and identification information providing server | |
US11204914B2 (en) | Systems and methods for a federated directory service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: Room 3F301, C2 Building, Suzhou 2.5 Industrial Park, 88 Dongchang Road, Suzhou Industrial Park, Jiangsu Province Applicant after: JIANGSU PAYEGIS TECHNOLOGY CO., LTD. Address before: A street in Suzhou City, Jiangsu Province Industrial Park No. 388 innovation park off No. 6 Building 5 floor Applicant before: JIANGSU PAYEGIS TECHNOLOGY CO., LTD. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |