CN111523152B - Block chain-based electronic certificate management method, management network and electronic equipment - Google Patents
Block chain-based electronic certificate management method, management network and electronic equipment Download PDFInfo
- Publication number
- CN111523152B CN111523152B CN202010390746.3A CN202010390746A CN111523152B CN 111523152 B CN111523152 B CN 111523152B CN 202010390746 A CN202010390746 A CN 202010390746A CN 111523152 B CN111523152 B CN 111523152B
- Authority
- CN
- China
- Prior art keywords
- electronic certificate
- certificate
- node
- verification
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000007726 management method Methods 0.000 title claims abstract description 82
- 238000012795 verification Methods 0.000 claims abstract description 115
- 238000003860 storage Methods 0.000 claims abstract description 90
- 238000013500 data storage Methods 0.000 claims abstract description 22
- 238000000034 method Methods 0.000 claims description 17
- 238000004519 manufacturing process Methods 0.000 claims description 10
- 238000004364 calculation method Methods 0.000 claims description 5
- 239000000126 substance Substances 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 14
- 238000010586 diagram Methods 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 238000012790 confirmation Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000012797 qualification Methods 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- RWSOTUBLDIXVET-UHFFFAOYSA-N Dihydrogen sulfide Chemical compound S RWSOTUBLDIXVET-UHFFFAOYSA-N 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000002860 competitive effect Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000005304 joining Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses an electronic certificate management method based on a block chain, a management network and electronic equipment. In the electronic certificate management method, after a corresponding electronic certificate is manufactured through a certificate issuing node based on the electronic certificate transaction application of an application node, plaintext data of the electronic certificate is sent back to the application node, so that an applicant can self-hold the transacted electronic certificate; meanwhile, calculating to obtain a corresponding first certificate identifier based on plaintext data of the manufactured electronic certificate, and chaining and storing the first certificate identifier for subsequent verification of the electronic certificate; on the other hand, the plaintext data of the electronic certificate is transmitted to the data storage network so as to be stored in a distributed mode, the storage pressure of the block chain network is reduced, and meanwhile the safety of the electronic certificate is guaranteed.
Description
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a method, a management network, and an electronic device for managing electronic certificates based on blockchains.
Background
The block chain technology is a novel application technology set of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. From the data perspective, the block chain combines the data blocks in a sequential connection mode into a chain data structure according to the time sequence, and the data structure is guaranteed to be not falsifiable and not to be forged in a cryptographic mode. From a technical perspective, the blockchain technology integrates a plurality of different technologies, and by constructing a blockchain network, each node in the network is allowed to obtain a complete copy of a data block, and updates of the blockchain-based data blocks are maintained based on a consensus mechanism and competition calculation. Therefore, the decentralization and the distrust of data storage and management are realized through an end-to-end network formed by multi-node communication.
The certificate such as ID card, driver's license, etc. is a legal document for individuals to engage in social activities and enterprise production and management, and is an essential tool in modern life. Because the traditional paper certificate not only causes resource waste, the repeatability certificate becomes a normal state, more importantly, the certificate counterfeiting phenomenon is difficult to stop, and the trust crisis is caused, but also a series of problems of unsmooth certificate information sharing, easy loss, easy damage and the like exist. Therefore, along with the development of information technology, the electronic certificate comes along with the transport, which solves the waste caused by repeated submission of the paper certificate to a certain extent, saves the social cost, improves the office efficiency of the government, and relieves the problem of difficult certificate handling and use of people.
At present, the management mode of electronic certificates mainly adopts a centralized sharing mode, operations such as manufacturing, storage, information inquiry, exchange and sharing of the electronic certificates are completed by a central database, and an owner of the database masters the access and updating rights of the database. If a problem occurs in the central database, all the stored electronic certificates cannot be accessed or operated. Meanwhile, the current central database does not effectively control the confidentiality of the certificate information or purposefully appoints authorization, namely, the certificate information is disclosed to all office organizations, so that the information of a certificate holder is not effectively confidential, and the risk of attack and tampering and privacy disclosure is high, so that the reliability of the certificate is discounted.
Disclosure of Invention
The method mainly solves the technical problem of providing the management method and the related equipment of the electronic certificate, realizing the distributed management of the electronic certificate, improving the storage reliability of the electronic certificate, reducing the risk of tampering or leakage of certificate information, and effectively ensuring the information safety and the reliability of the electronic certificate.
In order to solve the above problem, a first aspect of the present application provides an electronic certificate management method based on a block chain, including:
the certificate issuing node receives a transaction application of the electronic certificate initiated by an application node, generates a corresponding electronic certificate based on the transaction application, sends plaintext data of the electronic certificate back to the application node, and generates a corresponding first certificate identifier based on the plaintext data;
and cochaining and storing the first certificate identifier, and sending the plaintext data of the electronic certificate to a distributed data storage network so as to store the plaintext data of the electronic certificate in the data storage network in a distributed manner.
In order to solve the above problems, a second aspect of the present application provides an electronic certificate management network based on a blockchain, the blockchain electronic certificate management network including a certification node, an application node, and a verification node connected to each other; wherein the content of the first and second substances,
the certification node is used for executing the electronic certificate management method.
In order to solve the above-mentioned problems, a third aspect of the present application provides an electronic device comprising a memory and a processor, wherein,
the memory stores computer instructions for execution by the processor;
the processor is used for executing the computer instructions to execute the electronic certificate management method.
In the block chain-based electronic certificate management method, after the certificate issuing node applies for the handling of the electronic certificate of the application node to manufacture the corresponding electronic certificate, the plaintext data of the electronic certificate is sent back to the application node, so that an applicant can self-hold the handled electronic certificate; meanwhile, calculating to obtain a corresponding first certificate identifier based on plaintext data of the manufactured electronic certificate, and chaining and storing the first certificate identifier for subsequent verification of the electronic certificate; on the other hand, the plaintext data of the electronic certificate is transmitted to the data storage network so as to be stored in a distributed mode, the storage pressure of the block chain network is reduced, and meanwhile the safety of the electronic certificate is guaranteed.
Drawings
FIG. 1 is a block chain platform infrastructure of the present application;
FIG. 2 is a block diagram of a block chain used in an embodiment of the present application;
FIG. 3 is a schematic diagram of an embodiment of an electronic certificate management network according to the present application;
FIG. 4 is a schematic flow chart diagram of a first embodiment of the electronic document management method of the present application;
FIG. 5 is a schematic flow chart illustrating one embodiment of step S11 in FIG. 4;
FIG. 6 is a schematic flow chart diagram of a second embodiment of the electronic document management method of the present application;
FIG. 7 is a schematic flow chart illustrating one embodiment of step S21 in FIG. 6;
FIG. 8 is a schematic structural diagram of an embodiment of an electronic device of the present application;
FIG. 9 is a schematic structural diagram of an embodiment of a storage medium according to the present application.
Detailed Description
The following describes in detail the embodiments of the present application with reference to the drawings attached hereto.
In the following description, for purposes of explanation and not limitation, specific details are set forth such as particular system structures, interfaces, techniques, etc. in order to provide a thorough understanding of the present application.
The terms "system" and "network" are often used interchangeably herein. The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
The block chain technology is a novel distributed data organization method and an operation mode which are developed along with digital encryption currencies such as bitcoin and the like. The method is characterized in that: decentralization enables the data to realize distributed collective maintenance, and greatly improves the efficiency of data operation, management and maintenance; the consensus nodes are based on a set of consensus mechanism, the whole block chain is maintained together through competition calculation, any node fails, and other nodes can still work normally. Meanwhile, the block chain carrying the asymmetric encryption technology has high safety and traceability, and can effectively prevent data leakage or illegal tampering. The present application proposes to use a block chain technique to implement electronic certificate management, such as generation, storage, verification, etc. of electronic certificates, where the electronic certificates may be identity cards, driving licenses, academic certificates, etc., and the present application takes the academic certificates as an example for description.
To facilitate understanding of the blockchain network of the present application, the blockchain technique employed in the present application is first exemplified. In one embodiment, the electronic device runs the blockchain technique to become a node of the blockchain network, and the basic architecture of the blockchain platform is shown in fig. 1 and comprises a data layer, a network layer, a consensus layer, a contract layer, a service layer and an application layer of the blockchain.
The data layer is used for encapsulating underlying data blocks and related data encryption and time stamping technologies. Also, at least one (e.g., two) computations may be performed on the file data using an irreversible encryption algorithm (e.g., SHA256 algorithm) to generate a unique blockchain ID, i.e., a Hash (Hash) value. Specifically, the blockchain may be a blockchain, ensuring that the blockchain is not fully public and only accessible to registered member nodes. And the network layer encapsulates elements such as a P2P networking mode, a message propagation protocol, a data verification mechanism and the like of the blockchain network system, so that the nodes are equal in status and mutually communicated in a flat topological structure, and the characteristics of distribution, autonomy, openness, free access and the like are possessed. Each node in the block chain network can participate in the checking and accounting process of the block data, and the block chain can be recorded only after the block data passes verification of most nodes in the whole network. The decentralized design of the block chain ensures that the file data cannot be tampered and forged. And the consensus layer participates in a consensus mechanism of the block chain network. The contract layer is packaged with contract codes, when conditions in the contract codes are triggered, corresponding transactions are automatically executed, and corresponding transaction rules and the like can be specified through contract contents. And the service layer is used for customizing personalized BaaS service according to different application scenes, and deploying intelligent contract codes with different settlement rules on a bottom platform of the block chain for calling under various conditions. The application layer applies the blockchain technology to various related processes of electronic certificate management, such as user registration, user identity management, electronic certificate generation, storage, verification and the like.
The blockchain network collects, packages and secures the relevant identification of the electronic certificate, the information data of the electronic certificate in a decentralized manner, and anchors the information data to the blockchain. In particular, the blockchain may be implemented using a network of blockfederation chains or blockchain private chains. The nodes of the block chain continuously change the responsibility born by the network system, and only one node can never control the whole network system, namely only one accounting node can not carry out accounting. Each node is only part of the network system. The node timing of the blockchain changes roles, e.g., once every minute, and no node will permanently control any part of the network system.
In this embodiment, the basic architecture of the blockchain platform shown in fig. 1 can be applied to an electronic certificate management network based on blockchains, where a user node in the electronic certificate management network is deployed with the basic architecture of the blockchain platform shown in fig. 1.
Further, in one embodiment, the block packing of the block chain may be as shown in fig. 2. The block of the blockchain includes a block Header 21 (Header) and a block Body 22 (Body). The block 22 stores at least one Hash value (Hash) obtained by performing a Hash operation on data information related to the electronic certificate. The block header 21 may be packaged with information such as a current version number 211, a previous block address 212, a target hash value 213 of the current block, a solution random number 214 of a PoW (workload proof) consensus process of the current block, a Merkle root 215 (Merkle-root), and a timestamp 216. Wherein, the current version number 211 is used for marking the relevant version information of software and protocol; the previous block address 212, which may also be referred to as a previous block hash value, by which each block is concatenated end-to-end to form a chain of blocks; the solution random number 214 is a value of the answer to record the decrypted block-related mathematical question; the Merkle root 215 is computed from all data hash values in the block 22 to verify whether file data exists in the block; the timestamp 216 is used to record the time when the block 20 was generated. It is understood that the structure of the block may be adjusted according to the block chain technique, for example, the above solution random number does not exist without using the Pow consensus mechanism.
In one embodiment, the Block chain underlying system may be comprised of hierarchically structured blocks (blocks). The root is a Directory Block (Directory Block). These blocks form a mini chain, on which compressed references (references) are stored. In order to avoid the data size being too large, the reference in the Directory Block (Directory Block) is only the hash value of the recording Block (Entry Block).
The directory block corresponds to the first layer of the system and records the integrity (Hash value) proof block of the recording block. The directory block is created by combining all the recording blocks defined in all the servers together. Thus, each server has all recording blocks, all directory blocks, and all records (entries).
The recording Block (Entry Block) corresponds to the second layer of the system and is a Block for recording an Entry integrity (Hash value) certificate. The application seeking the record may need the record block, and the record of generation, storage, verification and the like of all possibly related electronic certificates can be searched from one digital fingerprint. The recording block contains the electronically recorded hash value. The electronically recorded hash value simultaneously proves the existence of the data and the key to find the record in a Distributed Hash Table (DHT) network.
The recording Block (Entry Block) contains all entries associated with one chain ID. An Entry may be considered not to exist if it is associated to a recording Block (Entry Block). The design can ensure that the application program can be easily certified and can conveniently identify which entries are real and reliable.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a block chain network according to an embodiment of the present application. The blockchain network is a multi-node network system formed by using blockchain technology. In this embodiment, the blockchain network 30 includes a plurality of user nodes 311 (also referred to as blockchain nodes) that run blockchain techniques to participate in the same blockchain. The user node 311 may be any electronic device, such as a mobile phone, a computer, a tablet computer, and the like.
The blockchain network 30 is used to manage electronic certificates. Specifically, each user node 311 in the blockchain network 30 can perform related processing on the electronic certificate, wherein different user nodes 311 can have different processing rights on the electronic certificate. Moreover, the related information of the processed electronic certificate is stored in a block (as shown in fig. 2) of the local block chain of each user node 311 in the block chain network 30, so that each user node 111 stores the processing record of the electronic certificate, i.e. stores the processed electronic certificate information, thereby realizing distributed storage of the electronic certificate.
In this embodiment, the electronic certificates are processed differently according to the nodes, and the plurality of user nodes 311 are divided into a certification node 311a, an application node 311b, and a verification node 311 c. And different processing of the electronic certificate by the node is determined according to different account identities registered by the node. The certification node 311a is logged in from a certification authority account, which may also be called a certification structure device, and is used for making and updating the electronic certificate; the application node 311b is logged in by a general account, which may also be referred to as a general account device, and is configured to request to make or update an electronic certificate and obtain a corresponding electronic certificate; the verification node 311c, which is logged in by a verification authority, also referred to as a verification authority device, is used to verify the electronic document. In one implementation, the certifying authority is a government agency, school, etc., and the certifying authority may be a government agency or some organization or business. In addition, the nodes 311a, 311b, and 311c may all be user nodes of the block chain.
In this embodiment, the blockchain network may further include a billing node 312, in this embodiment, the electronic certificate is taken as an example for explanation, and correspondingly, schools, education departments, and the like related to generation, supervision, and the like of the electronic certificate may all be added to the blockchain network as the billing node 312. The accounting nodes 312 can perform accounting of the blockchain network, each accounting node 312 is a node having competitive accounting capability to store transaction data related to the electronic certificate generated by the user node 311, and each accounting node 312 stores the transaction data related to the electronic certificate generated by the user node 311, thereby realizing distributed storage of the transaction data related to the electronic certificate generated by each user node 311.
The blockchain network may further include a management node 313, which is used for performing identity registration on the user node 311 and the billing node 312, managing identity information and real-name authentication of the user node 311 and the billing node 312, and processing various service functions such as contract template.
The user node 311, the billing node 312 and the management node 313 may be any electronic device, such as a server, a mobile phone, a computer, a tablet computer, and the like, and in an embodiment, the billing node 312 is a blockchain server, and the management node 313 is an application server with a service processing capability and can be used as a bankbook system based on a blockchain network. It is to be understood that the user node 311, the accounting node 312 and the management node 313 may communicate, and the user node 311 and the management node 313 in this embodiment are regarded as blockchain nodes, for example, as lightweight accounting nodes of a blockchain, but in other embodiments, the user node 311 and the management node 313 are not limited to be blockchain nodes, that is, at least part of the user node 311 and the management node 313 do not necessarily participate in the blockchain. In addition, the distinction of the nodes is determined according to the identity information registered by the nodes. Therefore, the corresponding entities of the above nodes, such as the application transaction user of the electronic certificate, the certificate transaction mechanism, the verification unit of the electronic certificate, etc., all need to complete registration in advance on the block chain platform (in an application, the block chain is a block private chain or a block alliance chain, and the story completes identity registration on the block chain platform first), and obtain the corresponding public key and private key, and after determining that the identity is trusted, allow the following management service of the electronic certificate to be developed.
In one embodiment, the management node 313 is used for identity management and identity authentication of the user node 311 and the accounting node 313. The identity authentication is used for registering a new node user into a block chain network, and matching a corresponding intelligent contract according to related identity information when related transactions of electronic certificates occur. Specifically, for example, the new node sends an account registration request to the management node, where the account registration request includes an account name (provided that the user logs in the blockchain network after successful registration) for requesting registration and identity information of the new node, such as an identification number, a passport number, an enterprise number, and other information that can prove the identity of the user. The account registration request may also only include identity information of the user node. The management node compares the identity information in the account registration request with the identity information in a preset identity database; if the preset identity database does not have matched identity information, the authentication is not passed, and a registration failure message containing a failure reason is returned; if the preset identity database is stored in the matched identity information, the authentication is passed, and a registration success message is sent. Furthermore, the management node can also store the identity information in the account registration request to a setting management database so as to uniformly manage the identity of the user participating in the blockchain. After receiving the registration success message, the new node runs a related algorithm in the blockchain technology or generates a blockchain address for the new node by other nodes of the blockchain network, and the blockchain address is used as the blockchain address of the registered account; and a related algorithm in the block chain technology is run by the system, such as hash operation, to generate a group of public keys and private keys as public keys and private keys of the registered account. Then, the new node broadcasts the public key to the blockchain network, so that other nodes in the network all receive and store the account public key registered by the user. And the new node saves the private key and the block chain address in the local, or the private key can be sent to a set trusted node for storage so as to backup. At this point, account registration is complete.
The blockchain network of this embodiment is exemplified by a alliance-chain network or a private-chain network, that is, when a node joins the blockchain network, an identity information registration needs to be performed, and only a member node of the registered identity information can access the blockchain network.
Referring to fig. 4, fig. 4 is a schematic flowchart illustrating a first embodiment of an electronic certificate management method according to the present application. As shown in fig. 4, the electronic certificate management method of the present embodiment may include the following steps:
in step S11, the certification node receives the application for transacting the electronic certificate initiated by the application node, generates a corresponding electronic certificate based on the application, sends the plaintext data of the electronic certificate back to the application node, and generates a corresponding first certificate identifier based on the plaintext data.
The user who needs to handle the electronic certificate carries out identity registration to the block chain network through the application node, and the user can initiate the handling application of the electronic certificate to the certificate issuing node through the application node after completing the identity registration. In this embodiment, the application may include a certificate type and user identity information registered by the application node (the user identity information corresponds to identity information of the electronic certificate transactor), and the certificate type may be an identity card, a driving license, a property license, a marriage license, a academic record, or the like.
In this embodiment, before the application node applies for the certificate issuing node, the management node of the block chain network needs to complete authentication, and after the authentication is completed, the application node can apply for the certificate issuing node. The certificate issuing node can determine the type of the electronic certificate which needs to be transacted by the user according to the transaction application, and the electronic certificate is manufactured based on the identity information of the user. After the certificate issuing node finishes the manufacture of the electronic certificate, the plaintext data of the electronic certificate is sent back to the application node, so that a user can locally store the plaintext data through the application node, namely, after the manufacture of the electronic certificate is finished, the user applying for handling the electronic certificate can directly hold the plaintext data of the electronic certificate. Further, the certificate issuing node calculates to obtain a first certificate identifier based on the generated plaintext data of the electronic certificate. In this embodiment, the first certificate identifier may be a first certificate two-dimensional code obtained by calculating plaintext data of the electronic certificate when the plaintext data of the electronic certificate is stored. The first certificate mark can be used for verifying the authenticity of the electronic certificate subsequently.
In step S12, the certification node uplink-stores the first certificate identifier and simultaneously transmits the plaintext data of the electronic certificate to the distributed data storage network, so that the plaintext data of the electronic certificate is stored in the distributed data storage network.
And after the certificate issuing node generates the first certificate identification, the first certificate identification is stored in the block chain network. Furthermore, the certificate issuing node is connected with a data storage network which is a distributed storage network, and then the plaintext data of the electronic certificate which is produced and generated is stored in the data storage network in a distributed mode
Referring to fig. 5, as shown in fig. 5, the step of the issuing node sending the plaintext data of the electronic certificate to the distributed data storage network in step S12 may further include:
in step S121, the certification node sends the plaintext data of the electronic certificate to a storage management node of the data storage network, so that the storage management node divides the plaintext data of the electronic certificate into a plurality of data blocks, stores the plurality of data blocks in a plurality of storage nodes of the file storage network, respectively, and generates a storage index of the plaintext data of the electronic certificate in the file storage network.
The certificate issuing node corresponds to an equipment terminal for manufacturing the electronic certificate, and after the certificate issuing node finishes manufacturing the electronic certificate, the plaintext data of the electronic certificate to be stored is sent to a storage management node of a file storage network outside the block chain network. And then, the storage management node can perform related storage operation on the plaintext data of the electronic certificate to be stored so as to store the plaintext data of the electronic certificate to be stored into the file storage network. Specifically, the storage management node divides plaintext data of the electronic certificate to be stored into a plurality of data blocks, and respectively stores the divided data blocks into a plurality of storage nodes in a file storage network; and generating a storage index of the plaintext data of the electronic certificate to be stored in the file storage network according to the divided data blocks, and sending the generated storage index back to the certification node. In this embodiment, each storage node may select to store the file content of interest, for example: staff corresponding to the certification nodes can appoint a specific storage node to store the file content of the specific structure or the unstructured data in advance through the storage management node, or the storage node can selectively store the file content according to the sensitivity degree of the file to be stored.
In this embodiment, the storage index generated by the storage management node is used to point to a storage node in the file storage network of each data block constituting plaintext data of the electronic certificate to be stored, and based on the storage index, it is possible to know in which storage node each data block is stored, and further obtain the required data blocks from the plurality of storage nodes, respectively.
The storage index of the present embodiment is generated by the storage management node based on the content of each of the divided data blocks. Specifically, the storage management node performs hash calculation on each data block based on the content of the divided data blocks, to obtain a data block hash value corresponding to each data block. Further, the storage management node combines the obtained hash values of the data blocks into a hash value array according to the dividing sequence of each data block when the data blocks are divided (each hash value of the data blocks in the hash value array corresponds to a divided data block, and the arrangement sequence of the hash values of the data blocks is the combination sequence of each data block in the file to be stored). Further, the storage management node performs hash calculation on the hash value array to obtain a final hash value, and the final hash value can be understood as a file hash value corresponding to plaintext data of the electronic certificate to be stored. Therefore, the storage management node can generate the storage index based on the hash value array and the file hash value of the plaintext data of the electronic certificate to be stored.
When the storage management node executes the storage operation on the plaintext data of the electronic certificate to be stored, the data blocks with the same content in the data blocks can be deleted based on the data block hash value of each data block, so that the data blocks with the same content cannot be stored repeatedly, and the corresponding data block hash values are still reserved in the storage index; therefore, the storage pressure of the file storage network can be relieved, and the complete file content can be obtained when the plaintext data of the electronic certificate to be stored is acquired.
When the data block division is performed on the plaintext data of the electronic certificate to be stored, the storage management node may perform the division according to a certain data block capacity, for example, a maximum capacity of 256KB may be set, that is, the plaintext data of the electronic certificate to be stored is divided into one data block every 256KB according to the content sequence of the plaintext data until the file to be stored is completely divided, so that the size of the last data block may be 256 KB.
Because each data block hash value is obtained based on the content of the corresponding data block, and the file hash value is also obtained based on the plaintext data of the electronic certificate to be stored; the storage index derived based on the data chunk hash value and the file hash value is therefore an index for addressing data chunks based on the file content. When a user needs to acquire the plaintext data of the electronic certificate to be stored, the corresponding data block can be acquired based on the file hash value and the data block hash value in the storage index, and then the plaintext data of the electronic certificate to be stored is acquired.
The storage operation executed by the storage management node combines a storage mode of an Inter Planet File System (IPFS), and files to be stored are stored in different storage nodes in the form of a plurality of data blocks respectively.
In step S122, the certification node receives the storage index from the storage management node, and stores the storage index in the blockchain network.
After receiving the storage index sent by the storage management node, the certification node of the block chain network stores the storage index in the block chain network, and thus, the storage process of the plaintext data of the electronic certificate to be stored is completed.
Further, the present embodiment takes an electronic certificate as an example of an electronic calendar certificate, and the above embodiment is explained: the graduation students register identities through a blockchain network through own terminal equipment (namely, application nodes). When a graduation student needs to transact an electronic school calendar card, the identity information of the graduation student is input through an application node, so that a management node in the block chain network carries out identity authentication on the graduation student, and if the identity authentication passes, the application node is operated to send a transaction application of the electronic school calendar card to a certificate transaction node of a school. The application can include personal information such as the identity card number, the school number, the college, the class and the like of the graduate student, the certificate handling node of the school can acquire the graduate completion condition, the learning score and other student information of the graduate student from the school database based on the personal information of the student contained in the application, so that the handling qualification of the graduate student is confirmed through the acquired student information (whether the student is completed and distinguished through graduate answer, whether the student has unqualified subjects and the like is confirmed), after the student is confirmed to have the handling qualification, the electronic academic certificate can be manufactured based on the application of the student, the plaintext data of the electronic academic certificate is sent to the application node, and the graduate student can hold the electronic academic certificate of the graduate student. On the other hand, the certificate handling node of the school calculates to obtain a corresponding first certificate identifier based on the plaintext data of the manufactured electronic academic certificate, and the first certificate identifier is linked and stored for subsequent verification of the electronic academic certificate; on the other hand, the plaintext data of the electronic academic permit is transmitted to the data storage network so as to be stored in a distributed mode, the storage pressure of the block chain network is reduced, and meanwhile, the safety of the plaintext data of the electronic academic permit is guaranteed.
In the embodiment, after the certificate issuing node makes a corresponding electronic certificate based on the electronic certificate transacting application of the application node, the plaintext data of the electronic certificate is sent back to the application node, so that an applicant can self-hold the transacted electronic certificate; meanwhile, calculating to obtain a corresponding first certificate identifier based on plaintext data of the manufactured electronic certificate, and chaining and storing the first certificate identifier for subsequent verification of the electronic certificate; on the other hand, the plaintext data of the electronic certificate is transmitted to the data storage network so as to be stored in a distributed mode, the storage pressure of the block chain network is reduced, and meanwhile the safety of the electronic certificate is guaranteed.
Referring to fig. 6, fig. 6 is a flowchart illustrating a second embodiment of an electronic certificate management method according to the present application. As shown in fig. 6, the electronic certificate management method of the present embodiment may include the following steps:
in step S21, the certification node receives the verification application of the electronic certificate from the verification node, and determines whether the verification node has the verification authority based on the verification application.
The verification node can request the certification node to verify the authenticity of the electronic certificate acquired from the application node. In the application, the verification node initiates a verification application of the electronic certificate to the certificate issuing node based on plaintext data of the electronic certificate acquired from the application node; therefore, the certification node can judge whether the verification node has the verification authority or not based on the verification application; and when the verification node is determined to have the verification right, continuing to perform the subsequent steps.
It can be understood that the verification node also needs to perform identity registration through the blockchain network when joining the blockchain network, before initiating a verification application of the electronic certificate to the certificate issuing node, the registered identity information needs to be entered, the identity verification is completed through the management node of the blockchain network, and after the identity verification is completed, the verification node can initiate a verification application of the electronic certificate to the certificate issuing node.
Further, as shown in fig. 7, the step S21 may include the following steps:
in step S211, the certification node receives the verification application of the electronic certificate initiated by the verification node, and obtains the user information to be verified and the verification permission of the electronic certificate corresponding to the verification application from the verification application of the electronic certificate.
The verification node needs to verify the electronic certificate corresponding to the electronic certificate provided by the application node, for example, a human unit (corresponding to the verification node) needs to perform academic authentication corresponding to an applicant (corresponding to the application node applying for making the electronic certificate), and at this time, the human unit can obtain the electronic academic certificate provided by the applicant, the user information to be verified of the applicant (which may include the user identity information of the application node applying for making the electronic certificate), verification permission, and the like from the applicant. Specifically, the verification node sends a verification access request to the application node, the application node performs identity confirmation on the verification node after receiving the verification access request, and after the application node completes the identity confirmation of the verification node, the application node can send user information of the application node to the verification node as user information to be verified, and meanwhile sends verification permission to the verification node. Further, the employing unit can initiate the verification application of the electronic certificate to the certificate issuing node based on the electronic certificate, the user information to be verified, the verification permission and the like provided by the employing personnel. Further, the certification node can acquire the information of the user to be verified and the verification permission from the verification application.
In step S212, the verification user information is matched with the user information stored in the blockchain network and applied for making the electronic certificate, and whether the user information to be verified passes verification is determined according to a matching result.
Further, the certification node can match the verified user information with the user information of the electronic certificate applied for manufacturing stored in the blockchain network, find whether the user information of the electronic certificate applied for manufacturing stored in the blockchain network is consistent with the verified user information, obtain a corresponding matching result, and further judge whether the user information to be verified passes verification according to the matching result. If the user information exists, the user information to be verified passes verification, and the subsequent steps are executed; otherwise, the user information to be verified is not verified, the verification step is ended, and verification failure information is fed back to the verification node.
In step S213, the authentication permission is authenticated based on the user information stored in the blockchain network and matching with the user information to be authenticated.
And after the user information to be verified is confirmed to pass the verification, verifying the authenticity of the verification permission according to the corresponding user information. Specifically, the certification node may send a verification request for verifying the license to the application node corresponding to the user information, and the application node may feed back verification information based on the verification request, and have instructed the certification node to perform authenticity verification on the verification license. After the authenticity of the verification license is confirmed, the subsequent steps can be continued.
In step S22, a corresponding first certificate identity is acquired from the blockchain network based on the electronic certificate verification application, and a second certificate identity of the electronic certificate corresponding to the electronic certificate verification application is generated based on the electronic certificate verification application.
The certificate issuing node further finds a first certificate identifier of plaintext data of a corresponding electronic certificate according to the to-be-verified user information contained in the obtained verification application; and meanwhile, generating a second certificate identifier of the electronic certificate corresponding to the electronic certificate verification application based on the verification application of the electronic certificate.
In this embodiment, the second certificate identifier may be a second verification two-dimensional code obtained by calculating plaintext data of electronic verification to be verified included in a verification application for the electronic certificate.
In step S23, the first certificate identifier and the second certificate identifier are compared, and the authenticity verification of the electronic certificate corresponding to the electronic certificate verification application is determined according to the comparison result, and a verification result is sent to the verification node.
The certificate issuing node further compares the first certificate identification with the second certificate identification, if the first certificate identification is consistent with the second certificate identification, the electronic certificate obtained by the verification node from the application node is true, and then a verification result that the electronic certificate is true can be sent to the verification node; if the first certificate identification is inconsistent with the second certificate identification, the electronic certificate obtained by the verification node from the application node is false, and a verification result that the electronic certificate is false can be sent to the verification node. Thereby completing the verification of the electronic certificate.
Further, please refer to fig. 8, fig. 8 is a schematic structural diagram of an embodiment of an electronic device according to the present application. As shown in fig. 8, the electronic device 800 of the present embodiment may be the user node 311 or the accounting node 312 shown in fig. 3. The electronic device 800 may be embodied as a computer, a mobile phone, a tablet computer, or other terminal corresponding to the user node 311 or the billing node 312. The infrastructure of the blockchain platform as shown in fig. 1 is deployed in the electronic device 800 of this embodiment, and can be added to the blockchain network as a node in the blockchain network.
Further, the electronic device 800 of the present embodiment may include a processor 801 and a memory 802 provided inside the electronic device 800, and the processor 801 and the memory 802 are connected by a bus. The memory 802 stores computer instructions executable by the processor 801, and the processor 801 executes the computer instructions to implement any one or more of the first embodiment to the second embodiment of the electronic certificate management method shown in fig. 4 to 7.
Further, please refer to fig. 9, fig. 9 is a schematic structural diagram of an embodiment of a storage medium according to the present application. As shown in fig. 9, the storage medium 900 in this embodiment stores a computer instruction 901 capable of being executed, and the computer instruction 901 is executed to implement any one or more of the first embodiment to the second embodiment of the electronic certificate management method shown in fig. 4 to 7.
In this embodiment, the storage medium 900 may be a storage medium with a storage function, such as a storage module of an intelligent terminal, a mobile storage device (e.g., a mobile hard disk, a usb disk, etc.), a network cloud disk, an application storage platform, or a server. In addition, the storage medium may also be a storage device of a terminal corresponding to the user node 311 shown in fig. 3, or a server corresponding to the accounting node 312 and the management node 313; or the memory 802 shown in fig. 8.
In the description above, for purposes of explanation and not limitation, specific details are set forth such as particular system structures, interfaces, techniques, etc. in order to provide a thorough understanding of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
Claims (8)
1. A block chain-based electronic certificate management method is characterized by comprising the following steps:
the certificate issuing node receives a transaction application of the electronic certificate initiated by an application node, generates a corresponding electronic certificate based on the transaction application, sends plaintext data of the electronic certificate back to the application node, and generates a corresponding first certificate identifier based on the plaintext data;
cochain storage is carried out on the first certificate identification, and meanwhile, plaintext data of the electronic certificate is sent to a distributed data storage network outside a block chain network, so that the plaintext data of the electronic certificate is stored in the data storage network in a distributed mode; the first certificate identification is a first certificate two-dimensional code obtained by calculating the plaintext data of the electronic certificate when the plaintext data of the electronic certificate is stored; the certificate issuing node receives a verification application of the electronic certificate initiated by a verification node, and judges whether the verification node has a verification authority or not based on the verification application, wherein the verification application comprises the following steps:
the certificate issuing node receives a verification application of the electronic certificate initiated by a verification node, and acquires user information to be verified and verification permission of the electronic certificate corresponding to the verification application from the verification application;
matching the user information to be verified with user information stored in a block chain network and applied for manufacturing electronic certificates, and judging whether the user information to be verified passes verification according to a matching result;
and if so, performing authenticity verification on the verification permission based on the user information which is stored in the block chain network and matched with the user information to be verified.
2. The electronic certificate management method as claimed in claim 1,
the certificate issuing node receives a verification application of the electronic certificate initiated by a verification node, and judges whether the verification node has a verification authority or not based on the verification application;
if so, acquiring a corresponding first certificate identifier from a block chain network based on the verification application of the electronic certificate, and generating a second certificate identifier of the electronic certificate corresponding to the verification application of the electronic certificate based on the verification application of the electronic certificate;
and comparing the first certificate identification with the second certificate identification, judging whether the electronic certificate corresponding to the electronic certificate verification application is true or false according to a comparison result, and sending a verification result to the verification node.
3. The electronic certificate management method as claimed in claim 1,
the certificate issuing node sends the plaintext data of the electronic certificate to a distributed data storage network, and the method comprises the following steps:
the certificate issuing node sends the plaintext data of the electronic certificate to a storage management node of a data storage network, so that the storage management node divides the plaintext data of the electronic certificate into a plurality of data blocks, respectively stores the data blocks in a plurality of storage nodes of the data storage network, and generates a storage index of the plaintext data of the electronic certificate in the data storage network;
and the certification node receives the storage index from the storage management node and stores the storage index in the block chain network.
4. The electronic certificate management method as claimed in claim 3,
the storage management node generates a storage index of plaintext data of the electronic certificate in the data storage network based on the plurality of data blocks, and comprises the following steps:
the storage management node respectively calculates the data blocks to obtain corresponding data block hash values;
calculating a file hash value corresponding to the plaintext data of the electronic certificate based on the plurality of data block hash values;
and forming a storage index of the plaintext data of the electronic certificate in the data storage network by using the plurality of data block hash values and the file hash value.
5. The electronic certificate management method as claimed in claim 4,
the calculating of the file hash value corresponding to the plaintext data of the electronic certificate based on the plurality of data block hash values comprises:
arranging the hash values of the data blocks according to the corresponding division sequence of the data blocks to form a hash value array;
and carrying out hash calculation on the hash value array to obtain a final hash value, and enabling the final hash value to be a file hash value corresponding to the plaintext data of the electronic certificate.
6. The electronic certificate management method as claimed in claim 2,
the second certificate identification is a second certificate two-dimensional code obtained by calculating based on plaintext data of the electronic certificate corresponding to the electronic certificate verification application.
7. An electronic certificate management network based on a block chain is characterized by comprising a certificate issuing node, an application node and a verification node which are connected with each other; wherein the content of the first and second substances,
the certification node is used for executing the electronic certificate management method of any one of claims 1 to 6.
8. An electronic device, comprising a memory and a processor, wherein,
the memory stores computer instructions for execution by the processor;
the processor is configured to execute the computer instructions to perform the electronic document management method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010390746.3A CN111523152B (en) | 2020-05-11 | 2020-05-11 | Block chain-based electronic certificate management method, management network and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010390746.3A CN111523152B (en) | 2020-05-11 | 2020-05-11 | Block chain-based electronic certificate management method, management network and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111523152A CN111523152A (en) | 2020-08-11 |
| CN111523152B true CN111523152B (en) | 2021-08-03 |
Family
ID=71912498
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010390746.3A Expired - Fee Related CN111523152B (en) | 2020-05-11 | 2020-05-11 | Block chain-based electronic certificate management method, management network and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111523152B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112214456B (en) * | 2020-11-05 | 2022-05-10 | 深圳市瀚兰区块链地产有限公司 | House property data processing method and device and electronic equipment |
| CN112287403B (en) * | 2020-12-25 | 2021-03-19 | 腾讯科技(深圳)有限公司 | Block chain-based electronic volume management method and device, electronic equipment and medium |
| CN112837036A (en) * | 2021-02-06 | 2021-05-25 | 北京中科云泮智能科技有限公司 | Method for realizing 1+ x certificate acquisition based on block chain technology |
| CN113704734A (en) * | 2021-07-14 | 2021-11-26 | 杭州溪塔科技有限公司 | Distributed digital identity-based method for realizing certificate verification and related device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109558917A (en) * | 2018-11-09 | 2019-04-02 | 山西特信环宇信息技术有限公司 | A kind of certificate chain electronic license system |
| CN109583166A (en) * | 2018-11-09 | 2019-04-05 | 山西特信环宇信息技术有限公司 | A kind of certificate chain electronic certificate system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107231351B (en) * | 2017-05-25 | 2021-01-08 | 远光软件股份有限公司 | Electronic certificate management method and related equipment |
| KR102179543B1 (en) * | 2018-05-08 | 2020-11-18 | 라온시큐어(주) | Blcok chain-based digita id and its issuance and identification method and system |
| CN110661779B (en) * | 2019-08-15 | 2023-03-21 | 中国平安财产保险股份有限公司 | Block chain network-based electronic certificate management method, system, device and medium |
| CN111104386B (en) * | 2019-11-04 | 2023-09-01 | 京东科技信息技术有限公司 | File storage method, terminal and storage medium |
| CN111092737B (en) * | 2019-12-27 | 2023-04-07 | 上海市数字证书认证中心有限公司 | Digital certificate management method and device and block link points |
-
2020
- 2020-05-11 CN CN202010390746.3A patent/CN111523152B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109558917A (en) * | 2018-11-09 | 2019-04-02 | 山西特信环宇信息技术有限公司 | A kind of certificate chain electronic license system |
| CN109583166A (en) * | 2018-11-09 | 2019-04-05 | 山西特信环宇信息技术有限公司 | A kind of certificate chain electronic certificate system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111523152A (en) | 2020-08-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Syed et al. | A comparative analysis of blockchain architecture and its applications: Problems and recommendations | |
| CN111523152B (en) | Block chain-based electronic certificate management method, management network and electronic equipment | |
| CN109409122B (en) | File storage method, electronic device and storage medium | |
| CN111353175B (en) | Data processing method, device, equipment, block chain system and storage medium | |
| TWI703853B (en) | User identity authentication method and device in network | |
| US11170092B1 (en) | Document authentication certification with blockchain and distributed ledger techniques | |
| CN112003858B (en) | Block chain-based platform docking method, electronic device and storage medium | |
| KR20200106000A (en) | System and method for implementing blockchain-based digital certificate | |
| CN108960825A (en) | Electric endorsement method and device, electronic equipment based on block chain | |
| KR20200105999A (en) | System and method for generating digital marks | |
| CN111414434B (en) | Block chain-based data transaction management network, transaction device and storage medium | |
| Imam et al. | DOC-BLOCK: A blockchain based authentication system for digital documents | |
| CN115769241A (en) | Privacy preserving architecture for licensed blockchains | |
| Abbade et al. | Blockchain applied to vehicular odometers | |
| WO2018088475A1 (en) | Electronic authentication method and program | |
| CN109951490A (en) | Webpage integrity assurance, system and electronic equipment based on block chain | |
| Li et al. | A decentralized and secure blockchain platform for open fair data trading | |
| CN115277122A (en) | Cross-border data flow and supervision system based on block chain | |
| CN115147224A (en) | Transaction data sharing method and device based on alliance chain | |
| Liu et al. | A blockchain-based cross-domain authentication management system for IoT devices | |
| CN109690550B (en) | Digital Asset Architecture | |
| KR20200063295A (en) | The abcd-type apparatus and method of block chain for management of research funds by using randomized mesh blockchain type verifier module and smart tcv type blockchain mediation module | |
| CN115913734A (en) | User authority management method, device and equipment applied to alliance chain | |
| KR102450412B1 (en) | SLA-Based Sharing Economy Service with Smart Contract for Resource Integrity in the Internet of Things | |
| KR102294569B1 (en) | Block Chain Management System To Build Block Chain Network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220525 Address after: 510630 room 108, No. 119, Tang'an Road, Tianhe District, Guangzhou City, Guangdong Province Patentee after: Guangzhou Zhizu Information Technology Co.,Ltd. Address before: 124013 Room 101, unit 4, building 35, South District, Xingyou community, Bohai street, Xinglongtai District, Panjin City, Liaoning Province Patentee before: Bi Hongwei |
|
| TR01 | Transfer of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Blockchain based electronic document management methods, management networks, and electronic devices Effective date of registration: 20230418 Granted publication date: 20210803 Pledgee: Science City (Guangzhou) green Financing Guarantee Co.,Ltd. Pledgor: Guangzhou Zhizu Information Technology Co.,Ltd. Registration number: Y2023980038395 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210803 |