CN107231351A

CN107231351A - The management method and relevant device of electronic certificate

Info

Publication number: CN107231351A
Application number: CN201710381234.9A
Authority: CN
Inventors: 鲁静; 张建冬; 宋斌; 向万红
Original assignee: Yuanguang Software Co Ltd
Current assignee: Yuanguang Software Co Ltd
Priority date: 2017-05-25
Filing date: 2017-05-25
Publication date: 2017-10-03
Anticipated expiration: 2037-05-25
Also published as: CN107231351B

Abstract

This application discloses the management method of electronic certificate and relevant device.Methods described includes：The process instruction processing electronic certificate that electronic equipment response is received；And by after the encryption processing record broadcast in block chain network so that the node of the block chain network by the processing record storage after the encryption in the block chain of the block chain network.Such scheme, realizes the distributed management of electronic certificate, improves the memory reliability of electronic certificate, and the risk that reduction certificate information is tampered or revealed, the information security and confidence level of electronic certificate is effectively ensured.

Description

The management method and relevant device of electronic certificate

Technical field

The application is related to the management method and relevant device in certificate electronic field, more particularly to electronic certificate.

Background technology

Certificate such as identity card, driver's license etc., have method as personal one kind for being engaged in social activities and enterprise production and management Determine the file of effect, be the essential instrument of the modern life.Because traditional paper document not only causes the wasting of resources so that Repeatability proves to turn into normality, it is often more important that is difficult to prevent certificate forgery phenomenon, trust crisis is caused, while also there is certificate Information Sharing is smooth, easy to lose, it is easily damaged a series of problems, such as.Therefore, with the development of information technology, electronic certificate meet the tendency of and Raw, this solves papery license and submits the waste caused repeatedly to a certain extent, has saved social cost, improves government and does Public efficiency, alleviate common people's certificates handling, with card it is difficult the problem of.

At present, the way to manage of electronic certificate is completed electronics card by central database mainly using shared model is concentrated The making of part, storage, information inquiry and the operation such as shared is exchanged, the owner of database knows the access and renewal of database Authority.If central database goes wrong, all electronic certificates stored all can not be accessed or operated.While Current central number Do not have the secrecy of effectively control certificate information, or purposive specified mandate according to storehouse, i.e., all administrative bodys disclosed, So the information of certificate holder is not maintained secrecy effectively, is distorted larger with privacy leakage risk by attack, is caused certificate can Made a discount by property.

The content of the invention

The application is mainly solving the technical problems that the management method and relevant device of offer electronic certificate, realize that electronics is demonstrate,proved The distributed management of part, improves the memory reliability of electronic certificate, and the risk that reduction certificate information is tampered or revealed, effectively Ensure the information security and confidence level of electronic certificate.

In order to solve the above problems, the application first aspect provides a kind of management method of electronic certificate, methods described Including：The process instruction processing electronic certificate that electronic equipment response is received；The processing record of the electronic certificate is added It is close, and the processing record after the encryption is broadcasted in block chain network, so that the node of the block chain network will be described Processing record storage after encryption is in the block chain of the block chain network.

In order to solve the above problems, the application second aspect provides a kind of management method of electronic certificate, methods described Including：Electronic equipment sends to other nodes of block chain network and asked；Wherein, it is described to ask to be used to ask to enter electronic certificate Row processing；During the block for the processing record that the encryption for the electronic certificate that is stored with is generated in block chain network, by the block It is synchronized in block chain, wherein, the processing of the encryption is recorded as other nodes response request and the electronics is demonstrate,proved What part processing was formed；Processing record information to the encryption is decrypted, the processing of the electronic certificate after being decrypted Record.

In order to solve the above problems, the application third aspect provide a kind of electronic equipment, including memory, processor, And telecommunication circuit；The telecommunication circuit, which is used to realize with other equipment, to communicate；The processor is used to perform above-mentioned method.

In order to solve the above problems, the application fourth aspect provides a kind of non-volatile memory medium, and be stored with processing The computer instruction that device can be run, the computer instruction is used to perform above-mentioned method.

In such scheme, the processing record storage of electronic certificate is realized to electronics in the block chain of block chain network The distributed management of certificate, realizes efficient data sharing, is based on because block chain has between decentralization, block chain node Common recognition mechanism safeguards block chain, and the failure of which part node does not interfere with the loss of network data, and node can not be distorted Data, therefore the memory reliability of electronic certificate is improved, the information security and confidence level of electronic certificate are effectively increased, and should It is stored in after the processing recording of encrypted of electronic certificate in block chain, the node that only can correctly decrypt can obtain processing note Record, therefore the risk of certificate information leakage is reduced, further increase the safe and reliable of electronic certificate.

Brief description of the drawings

Fig. 1 is the block chain Technical Architecture schematic diagram employed in the embodiment of the application block chain network one；

Fig. 2 is the structural representation of the block in the embodiment of the application block chain network one；

Fig. 3 is the structural representation of the embodiment of the application block chain network one；

Fig. 4 is the schematic flow sheet of the embodiment interior joint identity identifying method of the application block chain network one；

Fig. 5 is the schematic flow sheet of the embodiment of management method one of the application electronic certificate；

Fig. 6 is the schematic flow sheet of another embodiment of management method of the application electronic certificate；

Fig. 7 is the schematic flow sheet of the management method another embodiment of the application electronic certificate；

Fig. 8 is the structural representation of the embodiment of the application electronic equipment one.

Embodiment

With reference to Figure of description, the scheme to the embodiment of the present application is described in detail.

In describing below, in order to illustrate rather than in order to limit, it is proposed that such as particular system structure, interface, technology it The detail of class, thoroughly to understand the application.

The terms " system " and " network " are often used interchangeably herein.The terms "and/or", only It is a kind of incidence relation for describing affiliated partner, expression may have three kinds of relations, for example, A and/or B, can be represented：Individually There is A, while there is A and B, these three situations of individualism B.In addition, character "/" herein, typicallys represent forward-backward correlation pair As if a kind of relation of "or".

Block chain technology is a kind of new distributed data organizer risen with the digital encryption such as bit coin currency Method and computing mode.Its maximum feature is：Decentralization, this enables data to realize that distributed collective safeguards, is greatly improved Data operation, management, maintenance efficiency；A set of common recognition mechanism is based between common recognition, node, whole area is safeguarded jointly by competing to calculate Block chain, any node failure, remaining node remains to normal work.The block chain for carrying asymmetric encryption techniques simultaneously possesses Gao An Quan Xing, trackability, can effectively prevent leaking data or illegally distort.The application proposes to realize electronics using block chain technology The management of certificate, such as realization is issued licence, receives card, certificates checking and authenticating user identification.

For ease of understanding the application block chain network, first the block chain technology that the application is used is illustrated. In one concrete application, electronic equipment runs the block chain technology with the node as the block chain network, the block chain technology frame Structure is as shown in figure 1, including technology layer 11, service layer 12, client layer 13.

Electronic certificate information and processing record are carried out blocking encapsulation, even by technology layer 11 with the public platform chain in ether mill It is connected into block chain.It is understood that the technology layer 11 does not limit the public chain in the operation ether mill, in other application example, it can transport Row such as bit coin public affairs chain other can realize the public chain of block chain technology.

Service layer 12 is realized such as membership-based services, the service of block chain, electronic certificate service based on technology layer 11.Its In, the electronic certificate service includes authentication, issues licence, receives the service such as card and examination, it will be understood that, the block chain technology can Different electronic certificate services are provided according to the account of login.

The main forms of client layer 13 is run the user interface of the electronic equipment of the block chain technology, to realize user With the information exchange of other nodes in block chain network.

The present embodiment is based on ether mill technology platform so that the processing record byte number of block chain network is less, and Hash is calculated Method faster, adds more efficient PoW+PoS common recognition mechanism so that the generation time of new block is reduced to 16.6s.Member system account The mode combined with full node with cloud storage makes data protection safer, and privacy of user is fully guaranteed safely.

Specifically, block encapsulation can be as shown in Figure 2.The block 20 of the block chain includes block head (Header) 21 and block Body (Body) 22.The block body 22 be stored with least one electronic certificate processing record 221 and to processing record set Determine the cryptographic Hash (Hash) 222 that Hash operation is obtained.The block first 21 is packaged with current version number 211, previous block address 212nd, the target cryptographic Hash 213 of current block, current block PoW (proof of work) common recognition process solution random number 214, The information such as Merkle roots (Merkle-root) 215 and timestamp 216.Wherein, current version number 211, for indicating software And the relevant release note of agreement；The previous block address 212, alternatively referred to as previous block cryptographic Hash just can be by by the value Each block, which just joins end to end, constitutes block chain；The solution random number 214 decrypts the answer of the related mathematical problem of the block for record Value；The Merkle roots 215 be in block body 22 it is all processing record cryptographic Hash Hash calculation comes out two-by-two step by step again, For examining a processing record to whether there is in the block；The timestamp 216 is used for the time for recording the block 20 generation. It is understood that the structure of the block can be adjusted according to the difference of the block chain technology of use, for example, Pow is not used to be total to Knowledge mechanism, then in the absence of above-mentioned solution random number.

Referring to Fig. 3, Fig. 3 is the structural representation of the embodiment of the application block chain network one.The block chain network is The multinode network system constituted using block chain technology.In the present embodiment, the block chain network 30 includes multiple operation blocks Chain technology and the node 31 (also referred to as block chain node) for participating in same block chain.The node 31 is specifically as follows any electronics and set It is standby, such as mobile phone, computer, tablet personal computer.

The block chain network 30 is used to manage electronic certificate.Specifically, each node 31 in the block chain network 30 is equal Relevant treatment can be carried out to electronic certificate, wherein, different nodes 31 can have different processing authorities to electronic certificate.Moreover, The relevant information of electronic certificate after the processing is stored in the local block chain of each node 31 in the block chain network 30 In block (can be as shown in Figure 2), obtained after preserving the processing record of the electronic certificate, i.e. preservation processing in order to each node 11 The electronic certificate information arrived, realizes the distributed storage of electronic certificate.

In the present embodiment, different disposal is carried out to electronic certificate according to node, is node of issuing licence by the plurality of 31 points of node 31a, ordinary node 31b and examination node 31c.And node is to difference that the different disposal of electronic certificate is according to the Node registers What account identity was determined.The node 31a that issues licence, by Notified Body's Account Logon, alternatively referred to as investigates structural device, for this Electronic certificate is made and updated；Ordinary node 31b, is logged in by regular account, alternatively referred to as regular account equipment, is used for Request makes to electronic certificate or updates and obtain correspondence electronic certificate；Examination node 31c, by examination, mechanism is logged in, and also may be used Structural establishment is referred to as checked, for checking electronic certificate.In a practical application, the Notified Body is government organs, The examination mechanism can be government organs or some tissues or enterprise.In addition, above-mentioned node 31a, 31b, 31c can be block chain Light weight node, or at least node 31a that issues licence is full node.

The block chain network 30 also includes database node 32 and management node 33, and the database node, which is used to store, to be set Database, the certificate information needed for making or updating certificate is provided for node of issuing licence.In a practical application, the setting database For government services database, compared to existing tripartite certification authority, certificate information source is government services storehouse, and data source is more It is credible.The management node 33 is used to carry out Identity Management and authentication to the user of node 31.Wherein, the authentication is used for new The registration of node 11 enters in block chain network, and specific method see Fig. 4, including：

S41：One electronic equipment sends Account Registration request to management equipment.

For example, an electronic equipment receives the Account Registration information of the request participation of the user's input block chain, wherein, the account Family log-on message includes the account name (being provided in User logs in block chain network after succeeding in registration) and the electricity of request registration The identity information of sub- equipment user, the information of the provable user identity such as identification card number, passport No., social security number.Wherein, Account name and subscriber identity information can only include subscriber identity information for identical information, the i.e. log-on message.The electronics is set The standby Account Registration for generating the identity information comprising the electronic device user according to account log-on message is asked, and is sent to pipe Manage equipment (namely above-mentioned management node 32).

S42：Identity information during management equipment is asked according to Account Registration carries out authentication to electronic device user.If Certification does not pass through, then performs S43, if certification passes through, performs S44.

For example, management equipment is verified to user identity authenticity first, specifically such as please by the Account Registration received The identity information asked is compared with the identity information in default identity database, if default identity database has matching Identity information, then be made whether that repeated registration is verified, otherwise determine not by certification.Whether repeated registration checking is specially for this： According to user profile (such as name, unit, city, country and other represent the information of user identity) the generation unique body of the whole network Part mark, whether according to this identity, it is new user to judge equipment user.The present embodiment can utilize HASH (Hash) algorithm Specific such as SHA3, the scheduling algorithm of maximum 2128 generate the whole network unique identity.Due to same input can produce it is same HASH is exported, and the output that different inputs is produced is certainly different.It is provided with management equipment unique for the whole network of authentication storage The database of identity, therefore management equipment can be by the whole network unique identity generated according to user profile and the database The whole network unique identity of storage is contrasted, and to judge that the user is new user or old user, does not find what is stored The whole network unique identity is then new user, determines that certification passes through, is otherwise old user, determines that certification does not pass through.

S43：Management equipment returns to registration failure message to electronic equipment.

Further, it is authentication difference that the registration failure message, which can also indicate failure cause,.

S44：Management equipment sends the message that succeeds in registration to electronic equipment.

Further, management equipment can also be by the identity information in registration request for example by above-mentioned the whole network unique identities mark Write-in is known to setting management database, to be managed collectively the user identity for participating in the block chain.Certainly, the subscriber identity information is not It must be stored in setting management database, the public key of public key and/or own user that the user can also be used is encrypted and deposited It is stored in the block in the block chain network, so that only itself can obtain the body of the user with the electronic equipment using its private key Part information.

S45：The electronic equipment receives the message that succeeds in registration of management equipment, and obtains the block chain network according to described The block chain address of the identity information generation of electronic device user and one group of public key and private key.

In another embodiment, the identity identifying method may not include above-mentioned S41-S44 steps, above-mentioned user identity letter The directly artificial certification of breath is obtained by rear, the equipment logged in by certification personnel or electronic equipment transmission registration request Block chain address and one group of public key and private that the block chain network is generated according to the identity information of the electronic device user Key.

S46：The electronic equipment broadcasts the public key that the management equipment is obtained, and preserves the private key that the management equipment is obtained With block chain address.

For example, electronic equipment is after the message that succeeds in registration is received, related algorithm in self-operating block chain technology or Person generates block chain address by other nodes of block chain network for it, is used as the block chain address of the account of registration；And from Related algorithm in body operation block chain technology generates one group of public key and private key as the public key and private key of the account of registration.Tool Body, the block chain address can but not be limited to obtain, example subscriber identity information progress setting computing (setting Hash operation) Such as it is above-mentioned the whole network unique identity.The public key can be but not be limited to calculate block chain address progress set algorithm Arrive, or be directly the block chain address.The private key can be but not be limited to obtain public key progress set algorithm calculating.So Afterwards, electronic equipment is noted by the public key broadcasts in the block chain network so that the node 31 in network receives and preserves the user The account public key of volume.Also, its private key and block chain address are stored in locally by the electronic equipment, or the private key also can be transmitted Stored in the node trusty of setting, to back up.Now, Account Registration is completed.Wherein, the block chain node can lead to The block chain address lookup of any account in the network obtains the public key of the account, but private key then only logs in correspondence account Family node can just be obtained.

In a particular application, different according to the type of the login account, the purposes of public and private key is also different, for example, general The public and private key of logical account is respectively used to the encryption and decryption of account certificate processing record；The public and private key of Notified Body is used for Notified Body Digital signature verified；Checking the public and private key of structure is used for the encryption and decryption to checking information.

It is understood that above-mentioned database node 32 and management node 33 are the addressable node of node 31, but may not Block chain may not be participated in for block chain node, the i.e. node 32,33.Certainly, the node 32 and/or 33 can also be used as block chain link Point, for example can as block chain full node.In addition, the differentiation of above-mentioned node is according to true by the account of the Node registers Fixed, therefore same electronic equipment can be according to the different accounts of login as different nodes, and same electronic equipment is while conduct Multiple nodes, such as same electronic equipment is simultaneously as the database node 32 and the node 31a that issues licence.

The concrete mode that the block chain network is managed to electronic certificate is as described in example below.

Referring to Fig. 5, Fig. 5 is the schematic flow sheet of the embodiment of management method one of the application electronic certificate.The present embodiment In, this method is specifically included by the electronic equipment execution as above-mentioned block chain node 31：

S51：The process instruction processing electronic certificate that the response of first electronic equipment is received.

For example, the first electronic equipment receives what is inputted as the second electronic equipment of other block chain nodes or user The instructions such as request instruction, renewal request instruction or echo request instruction are made, the first electronic equipment carries out corresponding according to the instruction Operation such as makes electronic certificate, updates electronic certificate, recalls electronic certificate.

S52：The processing of electronic certificate record is encrypted first electronic equipment, and by the processing after the encryption Record is broadcasted in block chain network.

After the completion of handling electronic certificate, first electronic equipment obtains the processing record of the electronic certificate, the processing The process content for showing this is recorded, directly can typically be recorded the electronic certificate after processing as the processing.Then, Processing record is encrypted one electronic equipment, in the present embodiment, is encrypted using rivest, shamir, adelman.For example, should The block chain node that the follow-up block chain node for needing to feed back to request processing of processing record or user specify, therefore first electricity The account public key for the node that sub- equipment use need to feed back is encrypted, so as to receive the node of feedback according to itself account private key The processing record for obtaining unencryption is decrypted.

Each block chain node in block chain networking receives the record of the processing after the encryption or the only block The accounting nodes block chain node of power (can keep accounts) in chain network receive the record of the processing after the encryption, due to this plus The block chain node that the block chain node of the only above-mentioned request processing of close processing record or user specify, which can just be decrypted, to be obtained, Therefore other block chain nodes in network can not be decrypted and obtain original processing record, so as to ensure the confidentiality of processing record.On State can be after the block chain node encryption that receives current slot of reception processing record processing set of records ends be packaged in this In ground block as shown in Figure 2, and the book keeping operation for knowing together mechanism by common recognition mechanism such as Pow to compete the block is weighed.When the block Chain node obtains book keeping operation temporary, and the block is broadcasted to block chain network.Other block chain nodes of block chain network are to the block Validity verified, when the block chain network does not accept block validity, all block chain links of the block chain network Point abandons its block, and competition book keeping operation is weighed and generates new block as described above again；It is effective in block chain network approval block During property, the block or block head are synchronized on its block chain by all block chain nodes of the block chain network.Wherein, if The node is light weight node, then block head is synchronized with its current block chain, if the node is full node, by whole block It is synchronized with its current block chain.Now, that is, realize the processing record storage after the encryption in the block chain network In block chain.Record storage will handled after block chain, block chain node can be recorded using block-identified and alignment processing Cryptographic Hash search obtain correspondence block in store corresponding processing record, and then obtain electronic certificate information.

It is understood that when block chain network other block chain nodes as described in above-mentioned S51-S52 to electronic certificate When carrying out the processing record for handling simultaneously broadcast enciphering, first electronic equipment can also compete book keeping operation power as described in epimere, and will add Close processing record storage is in block chain.

S53：During the block for the processing record that the encryption for the electronic certificate that is stored with is generated in block chain network, the second electricity The block is synchronized to block chain by sub- equipment.

Wherein, the processing of the encryption is recorded as other nodes response request and handles shape to the electronic certificate Into, namely above-mentioned S5 is performed by above-mentioned first electronic equipment formed and broadcast in block chain network.As described in S52, when The node generation block of acquisition book keeping operation power in block chain network is simultaneously broadcasted after the block, and the second electronic equipment receives the block simultaneously By its synchronization in local block chain.

Asked for example, second electronic equipment is sent to above-mentioned first electronic equipment；Wherein, it is described to ask to be used for request pair Electronic certificate is handled.First electronic equipment is performed after above-mentioned S51-S52, the section of the acquisition book keeping operation power in block chain network Point generation stores the block of the encryption record of the electronic certificate and broadcasts the block.Second electronic equipment, which is received, to be remembered The block of the encryption record that is stored with of account power node broadcasts, and when block chain network approves the block validity, will The block is synchronized with local block chain.Certainly, if second electronic equipment obtains book keeping operation power, the second electronic equipment receives the The processing record of the encryption of the electronic certificate of one electronic equipment broadcast, and determine to record the encryption after obtaining book keeping operation power It is packaged in block, then broadcasts the block for the encryption record that is stored with, and approves that the block is effective in block chain network During property, the block is linked in local block chain.

S54：The processing record information of the encryption is decrypted second electronic equipment, the electronics after being decrypted The processing record of certificate.

For ensure the processing record reliability, the second electronic equipment be the encryption processing record be stored in institute The S54 is just performed after stating in the block chain of block chain network.For example, when the second electronic equipment is stored with the encryption in accreditation During the validity for the block for managing record, the processing record of the encryption is extracted from block, and block is synchronized in block chain, so The processing record of the encryption of extraction is decrypted using the account private key of itself afterwards, if successful decryption, it is determined that the processing Record is to feed back to itself, and obtains original processing record.

Further, to ensure the reliability of the processing, above-mentioned processing record is also using the numeral label of the first electronic equipment Name, i.e., be encrypted using the account private key of the first electronic equipment, for example, utilize the account private key of the first electronic equipment and second Processing record is encrypted for the account public key combination of electronic equipment, or is successively utilized respectively the account private of the first electronic equipment The account public key of key and the second electronic equipment carries out secondary encryption to processing record.Accordingly, the second electronic equipment utilizes first Processing record is decrypted for the account public key of electronic equipment and itself account private key combination, or is successively utilized respectively the first electricity The account public key of sub- equipment and the secondary decryption of itself account private key.If successful decryption, then it represents that processing record is to feed back to certainly Body, and digital signature of the processing record with the first electronic equipment account, handle what is obtained by the first electronic equipment account, Processing record is not tampered with.

Further, this method may also include and perform identification step by node 11 shown in Fig. 4.

In the present embodiment, the processing record storage of electronic certificate is realized to electronics in the block chain of block chain network The distributed management of certificate, realizes efficient data sharing, is based on because block chain has between decentralization, block chain node Common recognition mechanism safeguards block chain, and the failure of which part node does not interfere with the loss of network data, and node can not be distorted Data, therefore improve the memory reliability of electronic certificate, effectively increase the information security of electronic certificate, objectivity and credible Degree, and be stored in after the processing recording of encrypted of the electronic certificate in block chain, the node that only can correctly decrypt can be obtained The processing is recorded, therefore reduces the risk of certificate information leakage, further increases the safe and reliable of electronic certificate.

Refer to the schematic flow sheet that Fig. 6, Fig. 6 are another embodiments of management method of the application electronic certificate.This implementation In example, this method is by the electronic equipment execution as above-mentioned block chain node 31, specifically by the machine of issuing licence as the node 31a that issues licence Structure equipment and the regular account equipment execution as ordinary node 31b, are specifically included：

S61：Notified Body equipment of the regular account equipment into block chain network send electronic certificate making request or Update request.

Wherein, it is described to make request and include subscriber identity information (i.e. electricity of type of credential and the regular account equipment The identity information of the owner of sub- certificate), the type of credential can any certificate of such as identity card, driver's license, property ownership certificate, marriage certificate Type.It is described to update request and include subscriber identity information (the i.e. body of the owner of the electronic certificate of the regular account equipment Part information) and the information to be updated of the electronic certificate, client public key, issuer information such as Notified Body's code etc., this is treated more Fresh information gives the information of new electronic certificate, it may include the information such as the term of validity, type of credential.

S62：Notified Body's equipment receives the making request for the electronic certificate that regular account equipment is sent or updates request, and Request according to receiving is handled.

For example, Notified Body's equipment receive making request, then access setting database with search with the making request in Subscriber identity information and type of credential matching certificate information, if finding, inputted according to the certificate information and user Instruction generation electronic certificate, certainly, Notified Body's equipment also directly can automatically generate electronic certificate according to certificate information.If not Find, then sent to regular account equipment and make failed message, and terminate flow.Further, the making failed message can be wrapped Its failure cause is included not find related certificate information.

In another example, Notified Body's equipment receives renewal request, and renewal request includes type of credential, the regular account and set The block chain address (being used for the subscriber identity information as regular account equipment) of the standby account logged in, organization mechanism code of issuing licence And the certificate information to be updated of client public key encryption.Notified Body judges that the renewal request meets update condition, specifically The certificate information of the user is such as inquired about according to the subscriber identity information of regular account equipment, if not finding the certificate with that need to update The existing electronic certificate of type matching, then renewal request determination does not meet update condition, and is sent more to regular account equipment New failed message, and terminate flow；It is relatively more existing if finding the existing electronic certificate matched with the type of credential that need to be updated Whether the information such as client public key, organization mechanism code of issuing licence, the term of validity in electronic certificate are consistent with updating the information in request, Represent that the existing digital certificates are the state after updating if consistent, renewal request does not meet update condition, and to common Account equipment, which is sent, updates failed message, and terminates flow；If it is inconsistent, determine that renewal request meets update condition, And access setting database and ask the certificate information that matches with the renewal to search, if finding, according to the certificate information with And user input instruction generates new electronic certificate, realizes the renewal of the electronic certificate, certainly, Notified Body's equipment also can be straight Connect and electronic certificate is automatically generated according to certificate information.If not finding, sent to regular account equipment and make failed message, and Terminate flow.

S63：The account private key of Notified Body's equipment utilization itself and the account public key of the regular account equipment are to described Electronic certificate is encrypted and broadcasted in block chain network.

In the present embodiment, Notified Body's equipment is using Notified Body's account number signature and regular account equipment user envelope The electronic certificate that India side formula is obtained to processing is encrypted.Specifically, the account private key and common account of Notified Body's equipment are utilized Processing record is encrypted for the account public key combination of family equipment；Or successively it is utilized respectively the account private key of Notified Body's equipment Secondary encryption is carried out to processing record with the account public key of regular account equipment；Or it is private using the account of Notified Body's equipment Key is encrypted to processing record and signed, and the signature and processing are recorded using the account public key of regular account equipment The electronic certificate after being encrypted is encrypted.Notified Body's equipment broadcasts the electronic certificate after encryption in block chain network In.

S64：During the block for the electronic certificate that the encryption that is stored with is generated in block chain network, regular account equipment is by institute State block and be synchronized to block chain.

As described in above-mentioned S52-S53, the node of block chain network receives the electronic certificate of encryption, and utilizes mechanism of knowing together Generate and broadcast the block of the electronic certificate after the encryption that is stored with, so in the block certification by rear synchronization in block chain In, therefore not to repeat here.Further, when other block chain link points receive the electronic certificate after the encryption, regular account is set Standby subscriber identity information confirmed, is performed to be generated and broadcasted using common recognition mechanism again after validation and is stored with after the encryption Electronic certificate block.

S65：The account private key of regular account equipment utilization itself and the account public key of Notified Body's equipment are to the encryption Electronic certificate be decrypted, obtain the electronic certificate of unencryption.

For example, regular account equipment is when it is determined that the block received is effective, the electronics card of encryption is obtained from the block Part.The account public key of regular account equipment utilization Notified Body equipment and the account private key combination of regular account equipment are to encryption electricity Sub- certificate is decrypted；Or successively it is utilized respectively the account public key of Notified Body's equipment and the account private key of regular account equipment Secondary decryption is carried out to encrypted electronic certificate；If successful decryption, then it represents that the encrypted electronic certificate is to feed back to itself, and it should add Close electronic certificate has the digital signature of Notified Body's equipment account, handles what is obtained by the Notified Body, it is ensured that what is received should Electronic certificate is not tampered with.Regular account equipment obtains the electronic certificate of the unencryption, realizes and receives card.

In another example, the account private key pair encryption electronic certificate of regular account equipment utilization regular account equipment is carried out for the first time Decryption, if successful decryption, then it represents that processing record is to feed back to itself, and continues with the account public key of Notified Body's equipment Second is carried out to the digital signature fragments after decryption to decrypt, if the digital signature fragments after decrypting for second with decrypting for the first time Electronic certificate part afterwards is consistent, it is determined that the electronic certificate handles what is obtained by the Notified Body, it is ensured that the electronics received Certificate is not tampered with.Regular account equipment obtains the electronic certificate part after decrypting for the first time, realizes and receives card.

Referring to Fig. 7, Fig. 7 is the schematic flow sheet of the management method another embodiment of the application electronic certificate.This implementation In example, this method is by the electronic equipment execution as above-mentioned block chain node 31, specifically by the examination machine as examination node 31c Structure equipment and the regular account equipment execution as ordinary node 31b, are specifically included：

S71：Check the echo request that regular account equipment of the structural establishment into block chain network sends electronic certificate.

Wherein, the echo request may include the type of credential of the electronic certificate, further may also include examination mechanism letter Breath.

S72：Regular account equipment receives the echo request that examination structural establishment is sent, and it is determined that allowing the examination please When asking, the electronic certificate of request examination is recalled.

For example, examination structural establishment is using long-range examination.The examination structural establishment is directly sent to the regular account equipment Echo request, then the regular account equipment points out the echo request in user, and is receiving the refusal examination of user's input After instruction, examination failed message is sent to examination structural establishment.Regular account equipment receive user input allow examination After instruction, the type of credential checked according to the request, the electricity for recalling request examination from block chain or in local data base Sub- certificate, further also may bring up the electronic certificate of the account private key encryption using Notified Body equipment, also as Notified Body Digital signature.

In another example, examination structural establishment is used and checked under line.Regular account equipment indicates that generation contains according to user's input The identification code of self identification such as Quick Response Code or bar code, the examination structural establishment scan identification code generation echo request, concurrently The regular account equipment is given, now, the regular account equipment then directly confirms the echo request allowed, and according to the request The type of credential of examination, the electronic certificate for recalling request examination from block chain or in local data base.Wherein, the certificate Type information can be carried in the identification code according to user's input by regular account equipment or be swept by the examination structural establishment It is added to after retouching in the echo request of generation.

S73：The electronic certificate is encrypted the account public key that structural establishment is checked described in regular account equipment utilization And broadcast in block chain network.

In the present embodiment, regular account equipment is that the electronic certificate of the digital signature with Notified Body is encrypted.Tool Such as, the digital signature that Notified Body of the account public key of structural establishment to recalling is checked in regular account equipment utilization is added body It is close, or using checking the account public key of structural establishment to the digital signature of Notified Body and the electronic certificate of unencryption that recall It is encrypted, the electronic certificate after being encrypted.Regular account equipment broadcasts the electronic certificate after encryption in block chain network In.

S74：During the block for the electronic certificate that the encryption that is stored with is generated in block chain network, structural establishment is checked by institute State block and be synchronized to block chain.

S75：The electronic certificate of the encryption is decrypted using the account private key of itself for examination structural establishment, is obtained not The electronic certificate of encryption.

For example, examination structural establishment is when it is determined that the block received is effective, the electronics card of encryption is obtained from the block Part.Examination structural establishment is successively utilized respectively the account private key of examination structural establishment and the account public key of Notified Body's equipment and general The account private key pair encryption electronic certificate of logical account equipment carries out secondary decryption；If successful decryption, then it represents that the encrypted electronic is demonstrate,proved Part is to feed back to itself, and the encrypted electronic certificate has the digital signature of Notified Body's equipment account, by the Notified Body What reason was obtained, it is ensured that the electronic certificate received is not tampered with.Examination structural establishment obtains the electronic certificate of the unencryption, and covers The electronics license is checked with setting template.

In another example, examination structural establishment is carried out for the first time using the account private key pair encryption electronic certificate for checking structural establishment Decryption, if successful decryption, then it represents that processing record is to feed back to itself, and continues with the account public key of Notified Body's equipment Second is carried out to the digital signature fragments after decryption to decrypt, if the digital signature fragments after decrypting for second with decrypting for the first time Electronic certificate part afterwards is consistent, it is determined that the electronic certificate handles what is obtained by the Notified Body, it is ensured that the electronics received Certificate is not tampered with.Check structural establishment obtain for the first time decrypt after electronic certificate part, and apply mechanically setting template examination should Electronics license.

Above-mentioned examination mode realizes equipment user and carries out license examination whenever and wherever possible, can significantly save social interaction, The cost of commercial activity.

The application also provides the management method of electronic certificate, and what this method included any above-described embodiment method wherein one holds The step of row main body is performed.

Above-mentioned implementation realizes the distributed management of acentric electronic certificate based on block chain technology, in going The heart, without expense, without threshold the characteristics of, available for all kinds of certificate grantings, management and application whole process electronization.By user's accreditation, Examination, fresh information carry out multi-point backup in distributed data base, improve license confidence level；It is capped timestamp, it is ensured that data Ageing and continuity；The file Hash of license generation is stored in block chain by asymmetric encryption, and file uploads high in the clouds in itself, Certificate security is improved, the effect of electronic certificate existence proof, Process Character proof and accountability proof is realized, greatly simplifies Identifying procedure, improves certificate acquiring and uses and check and accept efficiency, reduce cost, increase license credibility.In a particular application, originally Application can be used for government department to send electronics license to citizen, to replace papery license, and preserve and can not distort by block chain Issue licence, receive card, more verification, new record, each main body of the society can be made to build jointly, safeguarded jointly, common supervision, so as to meet public affairs The right to know of crowd, authority to supervise, strengthen the objectivity and confidence level of electronics license.Licence issuing authority, main market players, third party office with And domestic consumer can be conveniently added with the block chain network, high confidence level, low cost, efficient commercial exchange and political affairs are carried out Examination ＆ approval, application field is very wide.

Referring to Fig. 8, Fig. 8 is the structural representation of the embodiment of the application electronic equipment one.In the present embodiment, the electronics is set Standby 80 be the node 31 in block chain network shown in Fig. 3.The electronic equipment 80 includes memory 81, processor 82 and communication electricity Road 83.Wherein, each component of electronic equipment 80 can be coupled by bus, or base station 80 processor respectively with its He connects component one by one.

Telecommunication circuit 83, which is used to realize with other nodes 31 in other electronic equipments such as block chain network, to communicate, and specifically may be used Including transmitters and receivers.

Memory 81 be used for store processor 82 execution computer instruction, data of the processor 82 in processing procedure with And local block chain, wherein, the memory 81 includes non-volatile memory portion, for storing above computer instruction.

Processor 82 controls the operation of the electronic equipment 80, and processor 82 can also be referred to as CPU (Central Processing Unit, CPU).Processor 82 is probably a kind of IC chip, the processing energy with signal Power.Processor 82 can also be general processor, digital signal processor (DSP), application specific integrated circuit (ASIC), ready-made compile Journey gate array (FPGA) or other PLDs, discrete gate or transistor logic, discrete hardware components.It is logical It can be microprocessor with processor or the processor can also be any conventional processor etc..

In the present embodiment, processor 82 performs following two sides by calling the computer instruction that memory 81 is stored The operation of at least one aspect in face.

First aspect：Processor 82 is used for：

The process instruction processing electronic certificate that response telecommunication circuit 83 is received；

The processing record of the electronic certificate is encrypted, and controls telecommunication circuit 83 to remember the processing after the encryption Record broadcast in block chain network so that the node of the block chain network by the processing record storage after the encryption in described In the block chain of block chain network.

Alternatively, when the electronic equipment is as Notified Body's equipment, processor 82 specifically for：Pass through telecommunication circuit 83 receive the making request for the electronic certificate that regular account equipment is sent, wherein, described make asks to include type of credential and institute State the subscriber identity information of regular account equipment；Searched from setting database and make the certificate information that request is matched with described, And electronic certificate is generated by the certificate information of the lookup；Using itself account private key and the regular account equipment account The electronic certificate that public key is encrypted to the electronic certificate and controls telecommunication circuit 83 to broadcast the encryption, so that the block chain Electronic certificate after the encryption is stored in the block chain of the block chain network by the node that network obtains book keeping operation power, and institute State the account private key of regular account equipment utilization itself and the account public key decryptions of the equipment of issuing licence obtain the electronic certificate.

Alternatively, when the electronic equipment is as Notified Body's equipment, processor 82 specifically for：Pass through telecommunication circuit 83 receive the renewal request for the electronic certificate that regular account equipment is sent, wherein, described update asks to include the regular account The information to be updated of the subscriber identity information of equipment and the electronic certificate；If judging, the renewal request meets update condition, Then searched from setting database and update the new certificate information that request is matched with described, and according to the new certificate of the lookup Information updating electronic certificate；Using itself account private key and the regular account equipment account public key to the electronic certificate The electronic certificate for being encrypted and controlling telecommunication circuit 83 to broadcast the encryption, so that the block chain network obtains the section of book keeping operation power Electronic certificate after the encryption is stored in the block chain of the block chain network by point, and the regular account equipment utilization The account private key of itself and the account public key decryptions of the equipment of issuing licence obtain the electronic certificate.

Alternatively, when the electronic equipment is as regular account equipment, processor 82 specifically for：Pass through telecommunication circuit 83 receive the echo request that examination structural establishment is sent；When it is determined that allowing the echo request, the electronics of request examination is recalled Certificate；The electronic certificate is encrypted using the account public key of the examination structural establishment and controls telecommunication circuit 83 to broadcast The electronic certificate of the encryption, so that the node that the block chain network obtains book keeping operation power stores the electronic certificate after the encryption In the block chain of the block chain network, and the examination structural establishment obtains the electricity using the account private key decryption of itself Sub- certificate.

Alternatively, processor 82 is additionally operable to：Other node broadcasts of the block chain network are received by telecommunication circuit 83 Encryption data, and be stored in the block of memory 81, wherein, the encryption data is other described nodes to electronic certificate Processing recording of encrypted after obtained data；Obtaining book keeping operation temporary, control telecommunication circuit 83 broadcasts described to block chain network Block；When the block chain network accepts the block validity, the block or block head are linked to memory 81 Block chain on.

Alternatively, processor 82 is additionally operable to：Telecommunication circuit 83 is controlled to send account registration request to management equipment, wherein, The account registration request comprising the electronic device user identity information there is provided in the management equipment according to the identity Information carries out authentication to the electronic device user；The message that succeeds in registration of management equipment is received by telecommunication circuit 83, And obtain block chain address and one group of public affairs that the block chain network is generated according to the identity information of the electronic device user Key and private key；Control telecommunication circuit 83 broadcasts the public key that the management equipment is obtained, and preserves the private that the management equipment is obtained Key and block chain address are in memory 81.

Second aspect, processor 82 is used for：

Control telecommunication circuit 83 to send to other nodes of block chain network to ask；Wherein, it is described to ask to be used for request pair Electronic certificate is handled；

During the block for the processing record that the encryption for the electronic certificate that is stored with is generated in block chain network, by the block It is synchronized in the block chain of memory 81, wherein, the processing of the encryption is recorded as other nodes response request pair What the electronic certificate processing was formed；

Processing record information to the encryption is decrypted, the processing record of the electronic certificate after being decrypted.

Alternatively, when the electronic equipment is as regular account equipment, processor 82 controls telecommunication circuit 83 to block Other nodes of chain network, which send request, to be included：Notified Body equipment of the telecommunication circuit 83 into block chain network is controlled to send electricity The making request of sub- certificate updates request, so that Notified Body's equipment asks or updated request to make according to the making Or update electronic certificate, and using itself account private key and the regular account equipment account public key to making or renewal after Electronic certificate be encrypted, and the electronic certificate after encryption is broadcasted in the block chain network；Described in 82 pairs of processor The electronic certificate information of encryption is decrypted, the electronic certificate after being decrypted, including：Using the account private key of itself and issuing licence The electronic certificate of the encryption is decrypted the account public key of structural establishment, obtains the electronic certificate of unencryption.

Alternatively, when the electronic equipment is as examination structural establishment, processor 82 controls telecommunication circuit 83 to block Other nodes of chain network, which send request, to be included：Regular account equipment of the telecommunication circuit 83 into block chain network is controlled to send electricity The echo request of sub- certificate, so that the regular account equipment recalls electronic certificate according to the echo request, and described in Examination structural establishment account public key the electronic certificate recalled is encrypted, and by the electronic certificate after encryption broadcast in In the block chain network；The electronic certificate information of 82 pairs of encryptions of processor is decrypted, the electronics card after being decrypted Part, including：The electronic certificate of the encryption is decrypted using the account private key of itself, the electronics card of unencryption is obtained Part.

Further, the processor 82 of the electronic equipment 80 can be used for the method for performing above-described embodiment.

The application also provides a kind of embodiment of non-volatile memory medium, and the non-volatile memory medium is stored with processing The computer instruction that device can be run, the computer instruction is used to perform the method in above-described embodiment.Specifically, the storage medium Memory 81 that specifically can be as shown in Figure 8.

Such scheme, the processing record storage of electronic certificate realizes and electronics is demonstrate,proved in the block chain of block chain network The distributed management of part, realizes efficient data sharing, because block chain has between decentralization, block chain node based on altogether Knowledge mechanism safeguards block chain, and the failure of which part node does not interfere with the loss of network data, and node can not distort number According to, therefore the memory reliability of electronic certificate is improved, effectively increase the information security and confidence level of electronic certificate, and the electricity It is stored in after the processing recording of encrypted of sub- certificate in block chain, the node that only can correctly decrypt can obtain processing record, Therefore the risk of certificate information leakage is reduced, the safe and reliable of electronic certificate is further increased.

Concrete analysis, such scheme can realize following beneficial effect：

(1) central database is replaced using inter-organization distributed data base, it is point-to-point to issue licence, investigate, verifying, retain note Record, flow is transparent to be reviewed, and the accreditation of certificate, examination, more new record are all stored on block chain, and open process, result are not It can distort, effectively evade third party's moral hazard that current electronic certificate manages generally existing；

(2) certificate information carries out multi-point backup by encrypting storing in block chain, and certificate uploads high in the clouds, dual guarantor in itself Data safety is demonstrate,proved, therefore security is higher, is prevented effectively from personal or enterprise's privacy leakage；

(3) distributed database architecture is used, does not change and realizes certification dependent part under conditions of government's existing business system Door information flow, reduction electronics license platform construction cost and management difficulty, improve the efficiency of management；

(4) authentication result is transferred whenever and wherever possible, it is to avoid repeat certification, waste of resource；

(5) subscriber identity information is set up in block chain main chain, side chain is used for other electronics licenses, main chain and side chain two-way anchor It is fixed.Main chain carries out authentication, and the side chain corresponding to grappling difference electronic certificate, relatively single-stranded examination is more efficient, side chain Bidirectionally anchoring technology makes user credit to be transmitted in the whole network, as certificate handles the accumulation of record, is conducive to further setting up and levies Letter system；

(6) implementation management cost is low, more operability.Block chain core is decentralization, it is to avoid trans-departmental, across ground In the data set in area, the existing business system without changing government department improves the mobility of inter-sectional information；

(7) realize that network user's certificate business zero is run.Domestic consumer, Notified Body, examination mechanism are respectively by oneself Client carry out related certificate service.User sends transmitting-receiving card (examination) request to Notified Body, at certificate after checking Reason record uploads block chain after public private key encryption, and completing a certificate information after licensee (certifying organization) deblocking checking hands over Easily；

(8) dramatically promote " with no paper " to do work, reduce certificate making cost；

(9) existence proof is realized：Electronic certificate capping Notified Body signature, issues processing record and is stored in block chain On, provable its determines moment legal existence in a certain, thoroughly prevents certificate and forges phenomenon, improves certificate confidence level.

(10) implementation process is proved：What the preservation of block chain can not be distorted issues licence, with card, checking and more new record, is capped Timestamp, the version after renewal can be connected with prototype version, and continuity is guaranteed；

(11) realize that auditing possibility is proved：Electronic certificate data source is government database, the e-file of certificate generation Block chain is stored in by Hash, file uploads high in the clouds in itself, and Information Security is high, and certificate usage record can be reviewed, and can be careful Meter department provides more believable data supporting.

(12) realize that credit is proved：Main chain carries out authentication, side chain certification other various certificates (marriage certificate, real estate, Degree educational background, business license, hygiene permits etc.), side chain and main chain bidirectionally anchoring realize that certificate information is flowed freely, accumulation Application data, progressively provides reference service.

In above description, in order to illustrate rather than in order to limit, it is proposed that such as particular system structure, interface, technology it The detail of class, thoroughly to understand the application.However, it will be clear to one skilled in the art that there is no these specific The application can also be realized in the other embodiment of details.In other situations, omit to well-known device, circuit with And the detailed description of method, in case unnecessary details hinders the description of the present application.

Claims

1. a kind of management method of electronic certificate, it is characterised in that methods described includes：

The process instruction processing electronic certificate that electronic equipment response is received；

The processing record of the electronic certificate is encrypted, and the processing record after the encryption is broadcasted in block chain network In so that the node of the block chain network by the processing record storage after the encryption in the block chain of the block chain network In.

2. the method as described in claim 1, it is characterised in that when the electronic equipment is as Notified Body's equipment：

The process instruction received that responds handles electronic certificate, including：

Receive the making request for the electronic certificate that regular account equipment is sent, wherein, it is described make request include type of credential with The subscriber identity information of the regular account equipment；

Searched from setting database and make the certificate information that request is matched with described, and generated by the certificate information of the lookup Electronic certificate；

The processing record to the electronic certificate is encrypted, and the processing record after the encryption is broadcasted in block chain In network so that the node of the block chain network by the processing record storage after the encryption in the area of the block chain network In block chain, including：

The electronic certificate is encrypted using the account private key of itself and the account public key of the regular account equipment and wide Broadcast, so that the electronic certificate after the encryption is stored in the block link network by the node that the block chain network obtains book keeping operation power In the block chain of network, and the account private key of the regular account equipment utilization itself and the account public key decryptions of the equipment of issuing licence Obtain the electronic certificate.

3. method as claimed in claim 1 or 2, it is characterised in that when the electronic equipment is as Notified Body's equipment：

The renewal request for the electronic certificate that regular account equipment is sent is received, wherein, described update asks to include the common account The information to be updated of the subscriber identity information of family equipment and the electronic certificate；

If judge it is described renewal request meet update condition, from setting database in search with it is described update ask match it is new Certificate information, and electronic certificate is updated according to the new certificate information of the lookup；

4. the method as described in claim 1, it is characterised in that when the electronic equipment is as regular account equipment：

Receive the echo request that examination structural establishment is sent；

When it is determined that allowing the echo request, the electronic certificate of request examination is recalled；

The electronic certificate is encrypted and broadcasted using the account public key of the examination structural establishment, so that the block chain Electronic certificate after the encryption is stored in the block chain of the block chain network by the node that network obtains book keeping operation power, and institute State examination structural establishment and obtain the electronic certificate using the account private key decryption of itself.

5. the method as described in claim 1, it is characterised in that also include：

The encryption data of other node broadcasts of the block chain network is received, and is stored in local block, wherein, it is described Encryption data is other described nodes to the data obtained after the processing recording of encrypted of electronic certificate；

Obtaining book keeping operation temporary, the block is broadcasted to block chain network；

When the block chain network accepts the block validity, the block or block head are linked to local block chain On.

6. the method as described in claim 1, it is characterised in that also include：

Account registration request is sent to management equipment, wherein, the account registration request includes the body of the electronic device user There is provided carry out authentication to the electronic device user according to the identity information in the management equipment for part information；

The message that succeeds in registration of management equipment is received, and obtains identity of the block chain network according to the electronic device user The block chain address of information generation and one group of public key and private key；

The public key that the management equipment is obtained is broadcasted, and preserves private key and block chain address that the management equipment is obtained.

7. a kind of management method of electronic certificate, it is characterised in that methods described includes：

Electronic equipment sends to other nodes of block chain network and asked；Wherein, it is described to ask to be used to ask to enter electronic certificate Row processing；

It is during the block for the processing record that the encryption for the electronic certificate that is stored with is generated in block chain network, the block is synchronous Into block chain, wherein, the processing of the encryption is recorded as other described nodes and responds described ask to the electronic certificate What reason was formed；

8. method as claimed in claim 7, it is characterised in that when the electronic equipment is as regular account equipment：

Described other nodes to block chain network, which are sent, asks, including：

Notified Body's equipment into block chain network sends the making request of electronic certificate or updates request, so that described issue licence Structural establishment asks or updated to ask to make or update electronic certificate, and the account private key using itself and institute according to described make Electronic certificate after making or renewal is encrypted the account public key for stating regular account equipment, and by the electronic certificate after encryption Broadcast in the block chain network；And

The electronic certificate information to the encryption is decrypted, the electronic certificate after being decrypted, including：

The electronic certificate of the encryption is decrypted using the account private key of itself and the account public key of Notified Body's equipment, obtained To the electronic certificate of unencryption；And/or

When the electronic equipment is as examination structural establishment：

Regular account equipment into block chain network sends the echo request of electronic certificate, so that the regular account equipment root Electronic certificate is recalled according to the echo request, and the electronics recalled is demonstrate,proved using the account public key of the examination structural establishment Part is encrypted, and the electronic certificate after encryption is broadcasted in the block chain network；And

The electronic certificate of the encryption is decrypted using the account private key of itself, the electronic certificate of unencryption is obtained.

9. a kind of electronic equipment, it is characterised in that including memory, processor and telecommunication circuit；

The telecommunication circuit, which is used to realize with other equipment, to communicate；

The processor is used for the method described in perform claim 1 to 8 any one of requirement.

10. a kind of non-volatile memory medium, it is characterised in that the computer instruction that the processor that is stored with can be run, the meter Calculation machine instructs the method required for perform claim described in 1 to 8 any one.