CN107769925A - Public key infrastructure system and its certificate management method based on block chain - Google Patents

Public key infrastructure system and its certificate management method based on block chain Download PDF

Info

Publication number
CN107769925A
CN107769925A CN201710832853.5A CN201710832853A CN107769925A CN 107769925 A CN107769925 A CN 107769925A CN 201710832853 A CN201710832853 A CN 201710832853A CN 107769925 A CN107769925 A CN 107769925A
Authority
CN
China
Prior art keywords
certificate
block chain
user
affairs
blm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710832853.5A
Other languages
Chinese (zh)
Other versions
CN107769925B (en
Inventor
万志国
管章双
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong University
Original Assignee
Shandong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong University filed Critical Shandong University
Priority to CN201710832853.5A priority Critical patent/CN107769925B/en
Publication of CN107769925A publication Critical patent/CN107769925A/en
Application granted granted Critical
Publication of CN107769925B publication Critical patent/CN107769925B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to the public key infrastructure system based on block chain and its certificate management method, including user u, several CA, several blocks chain guardian BLM, block chain, client Client, user u sends signature request to multiple CA, and multiple CA are signed and feed back to user u respectively;User u will sign in the certificate authority affairs after being merged into signature, be sent to block chain guardian BLM;Block chain guardian BLM is verified and is stored in the candidate block in block chain, and sends proof existing for the certificate authority affairs CI_signed after signing to user u;Client Client asks certificate to user u, and user u replys its domain name and block chain guardian BLM, client Client and sends inquiring and authenticating request to block chain guardian BLM, inquires about certificate status and is replied.The present invention realizes the simple and effective management of certificate, and the problem of CA Single Point of Faliures can be avoided.

Description

Public key infrastructure system and its certificate management method based on block chain
Technical field
Public key infrastructure system and its certificate management method of the invention based on block chain, belong to block chain technology neck Domain.
Background technology
It is well known that PKIX (Public Key Infrastructure, PKI) is led safely in cyberspace Vital effect is played in domain.Such as the SSL/TLS of the security protocol based on public key cryptography, for ensureing that web communication is pacified Entirely.PKI solves many safety such as the non repudiation of authentication in network service, the integrality of information and information and asked Topic, reliable and secure service is provided for network applications such as ecommerce, E-Government, Web bank and Internet securities.Card Book signs and issues mechanism (Certificate Authority, CA), and as PKI core, its security is particularly important.Most Closely, the attack of certificate, tradition are cheated in the domain name issue for the well-known CA such as Google.com, Yahoo.com, mozilla.org PKI has been faced with serious fragile sex chromosome mosaicism.
Current PKI is still using trusted third party CA graduation management certificates.However, impaired or malice CA can be issued The certificate of some malice carries out man-in-the-middle attack, and this will make PKI by huge loss.Search to the bottom, this leak be with regard to because Caused by lacking detection for current PKI and prevent the mechanism of CA behavioral disorders.
Block chain is the Floor layer Technology of the password currency such as bit coin, is safeguarded jointly by all participants as one public Account book, because account book is open and clear, so anyone can check wherein any one transaction.In addition, it passes through common recognition Mechanism realizes center, the transaction record that can not be distorted, and can further by script or intelligent contract realize it is complicated, The transaction of compulsory execution.Therefore, this technology received in fields such as finance, security, insurance, medical treatment, IT extensively pay attention to and just Step application.
At present, solve the existing many of scheme of PKI fragility, wherein, the scheme based on daily record is maximally effective Method.Using the open additional current all effective certificates of log recording, so as to which the certificate authority of any malice can be quickly found out Or the scheme such as revocation, AKI, ARPKI, EICT and DTKI all follows this method.But in these schemes, some realities Body needs to safeguard one or more daily records to record all certificates, and CA and other related entities are also required to monitor mutual activity, The communications cost that this inevitably results in PKI system is too high, and operation and interaction are complicated, it is deposited in efficiency and function etc. In shortcomings.
Chinese patent literature CN 106789090A disclose a kind of public key infrastructure system based on block chain and half with Machine participating certificate endorsement method, system are made up of user Client, Web server and some certificate authorization center CAs;Some cards Book authorization center CA compositions CA alliances, the Web server is to some certificate authorization center CA application certificates, some certificate grantings After center CA coalition signature, certificate is stored in block chain, after storage is completed, certificate authorization center CA gives certificate authority Web server, when then user Client is connected with Web server progress TLS, user Client needs to verify Web server Certificate legitimacy.But in that patent, 1, certificate be stored in the block catenary system outside PKIX, but simultaneously Not all block catenary system is credible, and this will cause whole PKIX dangerous;2nd, certificate authority operation needs more Collaboration carries out coalition signature between individual CA, and communication overhead is big, less efficient;3rd, each block is required to store complete certificate Revocation list, to ensure the correctness of certificate revocation information, which results in great storage and communication overhead;4th, client certificates Verification process is complicated, must verify the record and certificate revocation list of certificate in itself, in block chain, less efficient.
Design it is a kind of call to account, flexibly effectively, the PKI methods of decentralization be network security active demand, have weight The meaning and huge application value wanted.
The content of the invention
In view of the shortcomings of the prior art, the invention provides the public key infrastructure system based on block chain;
Present invention also offers certificate management method;
The present invention based on open and clear, decentralization block catenary system, realize can call to account, flexibly effectively, multicenter Public key infrastructure system, make certificate management more highly effective and safe.
By technology proposed by the invention, PKI is performed on block catenary system, is exercised supervision without third party, so as to Cost is greatly reduced, and drastically increases efficiency.On the basis of block chain, present invention employs multiple CA cooperations, this hair The bright certificate management method based on block chain has the characteristics of efficiency high, flexibility are strong, safe, scalability is high.
Term is explained:
1st, block chain guardian (Blockchain-based Log Maintainer, BLM):Known together in block chain thing Business, generation block, the node that certificate query checking is provided.
2nd, Merkle is proved (Merkle proof):The Merkle of some leaf segment point value proves the root section for including Merkle trees Point value, and from the leaf node to the path of root node the brotgher of node of all nodes set, its some provable leaf segment Point value is present on Merkle trees.
3、MPT(MerklePatricia Tree):One kind combines RadixTree (dictionary tree) and MerkleTree is (silent Ke Er trees) advantage tree form data structure, can not only perform efficient keyword query, Merkle can also be utilized to prove effective Verification tree leaf node data.The application safeguards the last state of certificate using MPT trees.
4th, affairs (Transaction):The transaction sent similar to digital cash in bit coin, in this application referred to as thing It is engaged in (transaction);Multiple affairs are included in one block, running common recognition algorithm by block chain guardian is added to block On block chain.
The technical scheme is that:
Tieed up based on the public key infrastructure system of block chain, including user u (User), several CA, several block chains Shield person BLM, block chain, client Client.
The user u sends signature request to multiple CA, and multiple CA verify the identity of the user u, respectively Signed, and feed back to the user u;Signature is merged into certificate authority affairs CI by the user u, finally gives signature Certificate authority affairs CI_signed afterwards, and send it to the block chain guardian BLM.
The block chain guardian BLM verifies the certificate authority affairs CI_signed after signing and is stored to block In candidate block in chain, the block chain guardian BLM sends the signature in the candidate block in block chain to the user u Certificate authority affairs CI_signed afterwards is existing to be proved;
The client Client asks certificate to the user u, and the user u replys its domain name and block chain dimension Shield person BLM, the client Client send inquiring and authenticating request to the block chain guardian BLM, and the block chain is safeguarded Person BLM inquires about certificate status and replied.
According to currently preferred, the block chain guardian BLM is CA or third party's independent agency.Third party is independent Mechanism refers to authoritative trust authority, such as notary organization or government bodies.
According to currently preferred, several CA include CA1、CA2、CA3…CAi…CAn, the CAiGenerate its public and private key To (PKCAi, SKCAi), PKCAiFor CAiPublic key, SKCAiFor CAiPrivate key, and issue it in its website (or other safety places) Public key PKCAi;So that user u verifies CAiPublic key PKCAi
The user u sends signature request to the k CA, and 3≤t≤k≤n, k, t are the public bases based on block chain The presetting parameter of facility system, k are used for certificate authority and renewal, and t is used for certificate revocation, and t is arbitrary t in k CA.k Mean that security is higher more greatly with t.
According to currently preferred, the block chain includes Bitcoin, Ethereum or Hyperledger Fabric etc. System, block catenary system and intelligent contract system support to realize the required certificate registration of the present invention, inquiry, checking, renewal and The functions such as deletion.
The certificate management method of public key infrastructure system based on block chain, including step are as follows:
A, the user u sends request to multiple CA, and the request includes user u identity documents cre, intends application Domain name or other login names;Transmission can pass through any safe lane or offline mode;Multiple CA verify the body of the user u Part, respectively described user u request is signed, and feeds back to the user u;Signature is merged into certificate by the user u Affairs CI is issued, the certificate authority affairs CI_signed after being signed, is sent to the block chain guardian BLM;
B, the block chain guardian BLM verifies the certificate authority affairs CI_signed after signing and is stored to institute In the candidate block for stating block chain;The block chain guardian BLM confirms the candidate block by algorithm of knowing together and is added to area Block chain;The block chain guardian BLM synchronous candidate blocks in whole block chain;The block chain guardian BLM is to institute State user u and send the existing proofs of certificate authority affairs CI_signed after the signature in the candidate block;
C, the client Client asks certificate to the user u, the user u reply the client Client its Domain name and the block chain guardian BLM;The client Client sends inquiring and authenticating to the block chain guardian BLM please Ask;The block chain guardian BLM inquires about certificate status and replied.
The present invention is combined the affairs based on block chain with special MerklePatricia Tree (MPT) data structure, real The problem of existing certificate last state is inquired about, and the present invention can avoid CA Single Point of Faliures.
According to currently preferred, the step A, including step are as follows:
(1) request is sent:The user u generates its public private key pair (PKu, SKu);PKuFor user u public key, SKuFor with Family u private key, several CA include CA1、CA2、CA3…CAi…CAn, the user u therefrom selects k CA to be issued as its certificate Send out mechanism;
The user u creates affairs CI:Affairs TX_ID refers to Current transaction CI mark, and NULL refers to the marks of leading affairs, and (certificate is issued The leading affairs for sending out affairs CI are sky, therefore are arranged to NULL), DN is domain name, and ET is the certificate expiration time;Represent thresholding T CA in mechanism, i.e. k CA can cancellation of doucment;In any case, do not allow to change in DN and ET, user u or k CA Any t CA can update this certificate authority affairs CI (changing certificate content).
Affairs CI and the user u identity documents cre are sent respectively to k CA by the user u;
The block chain guardian BLM forms the block catenary system based on P2P networks, safeguards the block for including certificate affairs Chain, build block and make the block chain between BLM synchronized with each other;Block catenary system can carry out the data of affairs, block and block chain Exchange, BLM, CA and user is able to verify that affairs;Block chain is opened to the outside world, and any user can monitor BLM activity, and And any improper activity can be immediately detected.
(2) sign affairs CI:CAjAfter the request for receiving the user u, the identity documents cre of the user u, body are verified Part voucher cre is the proof that can arbitrarily confirm user identity;If CAjVerify that the identity documents cre of the user u is legal, then use CAjPrivate keyAffairs CI is signed, signing isJ=1,2 ..., k;CAjWill signatureReturn to institute State user u;Otherwise, without signature;
(3) affairs CI is merged:The user u collects all k signaturesThe user u willMerge Into certificate authority affairs CI, the certificate authority affairs after finally being signedThe user Certificate authority affairs CI_signed after signature is sent to the block chain guardian BLM by u.K signature is merged together, Prove that the registered public keys of user in final certificate authority affairs CI are legal jointly, avoid CA Single Point of Faliure.
According to outband channel currently preferred, that the identity documents cre of the user u is passed through safety by the user u (out-of-bandchannel, such as offline face-to-face mode) is sent to k CA.
According to currently preferred, by signature function such as RSA or ECDSA, CA is usedjPrivate keyAffairs CI is signed Name.
According to currently preferred, the step B, including step are as follows:
(4) whether the signature in the certificate authority affairs CI_signed after the block chain guardian BLM checkings signature closes Method, if illegal, the block chain guardian BLM abandons the certificate authority affairs CI_signed after the signature, and to described User u sends error information;If legal, into step (5);
(5) the block chain guardian BLM checks the certificate status tree MPT of current newest block on block chain, the use Whether family u login name is occupied, if occupied, the block chain guardian BLM abandons the certificate authority after the signature Affairs CI_signed, and send error information to the user u;If unoccupied, the block chain guardian BLM is produced (candidate block is the next block being likely to become on block chain to one candidate block, if common recognition algorithm will turn into after confirming Next block), what certificate authority affairs CI_signed and the BLM after the signature submitted comprising the user were received Other affairs, all affairs of the BLM in this candidate block update the certificate status tree MPT in this candidate block, and pass through Common recognition algorithm confirms the candidate block jointly with other BLM, the candidate block is added on block chain, into step (6);
The certificate status data that MPT is used on memory block chain, can not only perform efficient keyword query, can also be Effective checking of data is realized on leaf node (such as Merkletree).The current last state of all certificates is have recorded in MPT, is wrapped Include whether be revoked, whether expired, expired time etc..When domain name is unoccupied, MPT in this method is by SHA256 (domain name) As keyword, and the value using public key and certificate expiration time as leaf node.New card is had verified that in block chain guardian BLM Under conditions of book affairs and the domain name of user's application are unoccupied, certificate status can be just updated.
(6) synchronous block:The block chain guardian BLM is confirmed comprising the certificate authority thing after signature by algorithm of knowing together Business CI_signed block, and the block is added to block chain;The block chain guardian BLM will be in whole block linkwork Synchronous block in system;Each user u can check the block and verify the certificate authority affairs CI_signed after signature;
(7) the block chain guardian BLM sends receipt to the user u, and the receipt is included containing the certificate after signature Issue affairs CI_signed block block head and the block in sign after certificate authority affairs CI_signed deposit Proof, block head include timestamp, the cryptographic Hash of a upper block, certificate affairs Merkle Tree root cryptographic Hash, demonstrate,prove Book-like state MPT root cryptographic Hash;Merkel tree (Merkle is proved existing for certificate authority affairs CI_signed after signature Tree root cryptographic Hash and Merkle) proves.The cryptographic Hash can prove that CI affairs are located on Merkel tree, further prove CI Affairs are on block chain.
According to currently preferred, the block chain guardian BLM is according to the certificate authority thing after being signed in candidate block Business CI_signed domain name, public key and the occurrence of certificate expiration time renewal certificate status tree MPT states, i.e.,:The block Chain guardian BLM is made with the cryptographic Hash (such as SHA256 (domain name)) of the domain name of the certificate authority affairs CI_signed after signing For certificate status tree MPT keyword, keyword refers to that tree root to the path of leaf node, increases on certificate status tree MPT One node, and the value using public key and certificate expiration time as leaf node.As shown in Figure 6.
According to currently preferred, the root cryptographic Hash of Merkel tree is obtained by following steps:Institute in the block of block chain Have signature after certificate authority affairs CI_signed formed Merkel tree, Merkel tree each leaf correspondence one sign after Certificate authority affairs CI_signed, each internal node of Merkel tree to two child by passing through hash function Hash () obtains its value, Hash (Txa)=SHA256 (SHA256 ()), SHA256 are 256 hash functions, are finally obtained Take the root cryptographic Hash of Merkel tree.
According to currently preferred, the step C, including step are as follows:
(8) certificate is asked:The client Client sends to the user u (certificate holder, i.e. registered user) and demonstrate,proved Book is asked;
(9) domain name is replied:Its domain name and the block chain guardian BLM are replied to the client by the user u Client;
(10) inquiring and authenticating:The client Client sends inquiring and authenticating request to the block chain guardian BLM;
(11) certificate status proves:Whether the block chain guardian BLM verifies certificate corresponding with domain name in block chain On, if being not present, to the client Client certificates send error information, if in the presence of, continue verify certificate whether have Effect, if invalid, to the client Client certificates send error information, if effectively, the block chain guardian BLM to The state that client Client sends certificate corresponding with domain name proves that the state of certificate proves certificate status tree MPT Shang couple It should be proved in user u leaf node certificate information and its Merkle, domain name of the leaf node certificate information including user u, public key, card Book expiration time;
(12) certificate update:The user u or multiple CA, which can Generate Certificate, updates affairs CU, and affairs CU is issued It is to be verified to block chain etc.;
(13) certificate revocation:The user u request transactions CU or signature after certificate authority affairs CI_signed output in T CA cooperation complete certificate revocation;T CA, which Generates Certificate, cancels affairs CR;Certificate revocation affairs CR is published to area by t CA Block chain etc. is to be verified.
It is as follows according to currently preferred, the step (12), affairs CU: TX_ID ' refers to Current transaction CU mark, by all data Hash of affairs Obtain;PKu' the same PK of acquisition modesuAcquisition modes it is identical, by user oneself select.Affairs CU quotes affairs CI affairs ID, i.e. TX_ID, represent the public key PK in CIuIt is updated to PKu', as shown in Figure 4.User u can be created in the same way New CU affairs continue to update its public key.
According to currently preferred, the step (13), user using the certificate authority affairs CI_signed after signature or At least certificate revocation is completed in t CA cooperation in affairs CU output:Assuming that t CA of revocation user certificate is CAi1, CAi2..., CAit, i1, i2..., itThe certificate after signature can be revoked in ∈ { 1,2 ..., k }, the certificate revocation affairs CR of generation Issue the user certificate in affairs CI_signed:CR={ TX_ID ", TX_ID, DN, ET;Input: Output:NULL};Or the user certificate in revocation affairs CU:CR=TX_ID ", TX_ID ', DN, ET;Input:Output:NULL}。
Beneficial effects of the present invention are:
1st, the present invention devises multicenter signature on block chain, supports the free multiple credible CA of user, avoids single-point Failure;Systematic parameter flexibility and changeability, user can select corresponding parameter to ensure the public key certificate of oneself according to actual conditions Security;
2nd, effective checking of efficient keyword query and data is realized using the MPT data structures of optimization in the present invention, demonstrate,proved Book inquiry operation simple and effective;Efficient MPT data structures substitute huge certificate revocation list, and client checking certificates only need The record on newest block is verified, greatly reduces certification authentication expense;
3rd, the present invention realizes that certificate is stored in block chain by block chain, and without third-party platform, certificate is externally all public Open, anyone can be carried out inquiring and authenticating and can not be distorted.
4th, the present invention includes special facility maintenance certificate block chain, and non-dependent outside area block chain;It is not required to assist between CA It is digitally signed, avoids the expense for the CA that over-burden.
Brief description of the drawings
Fig. 1 is the certificate management method schematic flow sheet of public key infrastructure system of the embodiment 1 based on block chain.
Fig. 2 is the data structure schematic diagram of the certificate authority affairs CI init states of embodiment 1.
Fig. 3 is the data structure schematic diagram after the certificate authority affairs CI of embodiment 1 merges with CA signatures.
Fig. 4 is the data structure schematic diagram after the certificate update affairs CI of embodiment 1 merges with CA signatures.
Fig. 5 is the data structure schematic diagram after the certificate revocation affairs CI of embodiment 1 merges with CA signatures.
Fig. 6 is the MPT data structure schematic diagrames that embodiment 1 preserves certificate information and state.
Embodiment
The present invention is further qualified with reference to Figure of description and embodiment, but not limited to this.
Embodiment 1
Tieed up based on the public key infrastructure system of block chain, including user u (User), several CA, several block chains Shield person BLM, block chain, client Client.Several CA include CA1、CA2、CA3…CAi…CAn, CAiGenerate its public private key pair For CAiPublic key,For CAiPrivate key, and it is public to issue in its website (or other safety places) its KeySo that user u verifies CAiPublic key
User u sends signature request to k CA, and 3≤t≤k≤n, k, t are the public key infrastructure systems based on block chain Presetting parameter, k are used for certificate authority and renewal, and t is used for certificate revocation, and t is arbitrary t in k CA.K and t are more careless It is higher that taste security.K CA checking users u identity, is signed, and feed back to user u respectively;User u will sign and close And into certificate authority affairs CI, the certificate authority affairs CI_signed after signature is finally given, and send it to block chain Guardian BLM.
Block chain guardian BLM verifies the certificate authority affairs CI_signed after signing and is stored in block chain Candidate block in, block chain guardian BLM to user u send block chain in candidate block in signature after certificate authority Affairs CI_signed is existing to be proved;
Client Client asks certificate to user u, and user u replys its domain name and block chain guardian BLM, client Client sends inquiring and authenticating request to block chain guardian BLM, and block chain guardian BLM inquiry certificate status is simultaneously returned It is multiple.
Block chain guardian BLM is CA or third party's independent agency.Third party's independent agency refers to authoritative trust authority, Such as notary organization or government bodies.
Block chain includes system, block catenary system and the intelligence such as Bitcoin, Ethereum or Hyperledger Fabric Contract system is supported to realize the functions such as required certificate registration, inquiry, checking, renewal and deletion of the invention.
Embodiment 2
The certificate management method of the public key infrastructure system based on block chain described in embodiment 1, as shown in figure 1, bag It is as follows to include step:
(1) request is sent:User u generates its public private key pair (PKu, SKu);Domain name is A.com;Several CA include CA1、 CA2、CA3…CAi…CAn, user u therefrom selects 7 CA as its certification authority, including CA1,CA2,…,CA7
User u creates affairs CI: As shown in Fig. 2 TX_ID refers to Current transaction CI mark, NULL refers to leading affairs CI Mark (why be arranged to NULL, be because this affairs be certificate authority affairs), 20190809 represent when expiring of certificate Between for August in 2019 9 days (containing August in 2019 9 days);Threshold mechanism is represented, i.e. 5 CA in 7 CA can cancellation of doucment;
Affairs CI and user u identity documents cre is sent respectively to 7 CA by user u;
Block chain guardian BLM forms the block catenary system based on P2P networks, safeguards the block chain for including certificate affairs, Structure block simultaneously makes the block chain between BLM synchronized with each other;The data that block catenary system can carry out affairs, block and block chain are handed over Change, BLM, CA and user is able to verify that affairs;Block chain is opened to the outside world, and any user can monitor BLM activity, and Any improper activity can be immediately detected.
(2) sign affairs CI:7 CA include CA1,CA2,…,CA7After the request for receiving user u, user u identity is verified Voucher cre, identity documents cre are the proof that can arbitrarily confirm user identity;If CAjVerify that user u identity documents cre is closed Method, then use CAjPrivate keyAffairs CI is signed, signing isJ=1,2 ..., 7;CAjWill signatureReturn Back to user u;Otherwise, without signature;
(3) affairs CI is merged:User u collects 7 different signaturesAfterwards, user u willIt is merged into card Book is issued in affairs CI, the certificate authority affairs after finally being signedAs shown in figure 3, with Any 5 CA in family u or 7 CA " can change " output of this affairs;CI affairs in Fig. 3 are published to block chain by u System etc. is to be verified;
(4) common recognition confirms:Whether block chain guardian BLM checking certificate authority affairs CI is legal, described if illegal Block chain guardian BLM abandons certificate authority affairs CI, and sends error information to user u;If legal, into step (5);
(5) block chain guardian BLM checks the certificate status tree MPT of current newest block on block chain, user u registration Whether name is occupied, if occupied, the block chain guardian BLM abandons certificate authority affairs CI, and is sent out to user u Send error information;If unoccupied, block chain guardian BLM will update MPT shape by checking the new affairs in new block State, by SHA256 (A.com)=" 93b34d3347edf93876dd6567f59b901e7177adba281d299909fc991f 1b35c7d8 " is used as MPT keywords, by (PKu, 20190809) and value as leaf node, as shown in fig. 6, remembering in i-th of block 4 certificate informations are recorded, its MPT tree roots are root;When increasing a new domain name certificate DN5 in i+1 block, more New MPT trees (tree root root ') increase a new node DN5, and link 4 certificate nodes in i-th of block.Each leaf Child node have recorded certificate status information, including public key, expiration time etc..Keys in Fig. 6 represents SHA256 (domain name) value, MPT is stored in the current newest block on block chain all the time;If affairs are legal and domain name is unoccupied, BLM is just by CI affairs It is added in the new candidate blocks that algorithm to be known together confirms;
Certificate status in Fig. 6 is as shown in table 1;Keyword virtual value in table 1 should be SHA256 (DN), be actually 256, facilitated for citing, reduce the length of keyword here.
Table 1
The certificate status data that MPT is used on memory block chain, can not only perform efficient keyword query, can also be Effective checking of data is realized on leaf node (such as Merkletree).The current last state of all certificates is have recorded in MPT, is wrapped Include whether be revoked, whether expired, expired time etc..When domain name is unoccupied, MPT in this method is by SHA256 (domain name) As keyword, and the value using public key and certificate expiration time as leaf node.New card is had verified that in block chain guardian BLM Under conditions of book affairs and the domain name of user's application are unoccupied, certificate status can be just updated.
(6) synchronous block:Block chain guardian BLM is confirmed comprising the certificate authority affairs after signature by algorithm of knowing together CI_signed block, and the block is added to block chain;Block chain guardian BLM will be same in whole block catenary system Walk the block;Block chain is opened to the outside world, and each user can check the block, verifies CI affairs;Any user can supervise BLM activity is controlled, and any improper activity can be immediately detected;
(7) affairs, which exist, proves:Block chain guardian BLM sends receipt to user u, and the receipt is included containing after signature Certificate authority affairs CI_ after being signed in the block head of certificate authority affairs CI_signed block and the block Signed is existing to be proved, CI affairs are existing to be proved by Hash (TxCI)=SHA256 (SHA256 (TxCI)) calculate layer by layer To HashrootRepresent, the cryptographic Hash can prove that CI affairs are located on Merkel tree, further prove CI affairs in block chain On.
After user u (such as domain name owner) obtains the certificate issued, the certificate comprising CI affairs be also recorded in by On the block chain that BLM is safeguarded.If client is intended and domain server establishes secure connection, then he is necessary to ensure that:Certificate is true It is recorded in fact on block chain;Certificate not yet cancels.
(8) certificate is asked:Client Client sends certificate request to user u (certificate holder, i.e. registered user);
(9) domain name is replied:Its domain name A.com and block chain guardian BLM are replied to client Client by user u;
(10) inquiring and authenticating:Client Client sends inquiring and authenticating request to block chain guardian BLM;
(11) certificate status proves:The domain name of acquisition is sent to block chain guardian BLM by client Client;Block chain Guardian BLM inquires about the certificate status of corresponding domain name on the MPT on the block chain that oneself is safeguarded in current newest block, and will The public key and certificate expiration time (PK of certificate holderu, ET) and it is sent to client;If not inquiring certificate corresponding to domain name, Then error information is sent to client.
(12) certificate update:Generated Certificate by user u and update affairs CU, renewal affairs CU " becomes affairs CI output More " to the new public key PK of useru’;It is to be verified that affairs CU is published to block catenary system etc. by user;Updated to enable CA to cancel Certificate, newly-generated affairs CU output should include 7 CA of affairs CI identicals with user.Update affairs CU affairs It is as follows: As shown in Figure 4.User u can create new affairs CU in the same way to continue to update its public key.
(13) certificate revocation:User u completes certificate using at least five CA cooperations in affairs CI or affairs CU output and removed Pin.Assuming that cancelling 5 CA of user certificate isWherein i1, i2..., i5∈ { 1,2 ..., 7 }.It Generate following certificate revocation affairs (CR) to cancel the user certificate in CI:CR=TX_ID ", TX_ID, A.com, 20190809;Input: Output:NULL};Or the user certificate in revocation CU:CR=TX_ID ", TX_ID’,A.com,20190809;Input: Output:NULL }, as shown in Figure 5;CA is by CR affairs It is to be verified to be published to block catenary system etc..

Claims (10)

1. the public key infrastructure system based on block chain, it is characterised in that including user u, several CA, several block chains Guardian BLM, block chain, client Client;
The user u sends signature request to multiple CA, and multiple CA verify the identity of the user u, carried out respectively Signature, and feed back to the user u;Signature is merged into certificate authority affairs CI by the user u, after finally giving signature Certificate authority affairs CI_signed, and send it to the block chain guardian BLM;
The block chain guardian BLM verifies the certificate authority affairs CI_signed after signing and is stored in block chain Candidate block in, the block chain guardian BLM to the user u send block chain in candidate block in signature after Certificate authority affairs CI_signed is existing to be proved;
The client Client asks certificate to the user u, and the user u replys its domain name and the block chain guardian BLM, the client Client send inquiring and authenticating request, the block chain guardian BLM to the block chain guardian BLM Inquiry certificate status is simultaneously replied.
2. the public key infrastructure system according to claim 1 based on block chain, it is characterised in that the block chain dimension Shield person BLM is CA or third party's independent agency;
Several CA include CA1、CA2、CA3…CAi…CAn, the CAiGenerate its public private key pair (PKCAi, SKCAi), PKCAiFor CAi Public key, SKCAiFor CAiPrivate key, and issue its public key PKCAi
The user u sends signature request to the k CA, and 3≤t≤k≤n, k, t are the PKIXs based on block chain The fixed parameter of systemic presupposition, k are used for certificate authority and renewal, and t is used for certificate revocation, and t is arbitrary t in k CA.
3. the certificate management method of the public key infrastructure system based on block chain described in claim 1 or 2, its feature exist In, including step is as follows:
A, the user u sends request to multiple CA, and the request includes user u identity documents cre, intends the domain name of application Or other login names;Multiple CA verify the identity of the user u, and respectively described user u request is signed, and instead Feed the user u;Signature is merged into certificate authority affairs CI by the user u, the certificate authority affairs CI_ after being signed Signed, it is sent to the block chain guardian BLM;
B, the block chain guardian BLM verifies the certificate authority affairs CI_signed after signing and is stored to the area In the candidate block of block chain;The block chain guardian BLM confirms the candidate block by algorithm of knowing together and is added to block chain; The block chain guardian BLM synchronous candidate blocks in whole block chain;The block chain guardian BLM is to the user U sends the existing proofs of certificate authority affairs CI_signed after the signature in the candidate block;
C, the client Client asks certificate to the user u, and the user u replys described its domain name of client Client With the block chain guardian BLM;The client Client sends inquiring and authenticating request to the block chain guardian BLM; The block chain guardian BLM inquires about certificate status and replied.
4. the certificate management method of the public key infrastructure system according to claim 3 based on block chain, its feature exist In the step A, including step are as follows:
(1) request is sent:The user u generates its public private key pair (PKu, SKu);PKuFor user u public key, SKuFor user u's Private key, several CA include CA1、CA2、CA3…CAi…CAn, the user u therefrom selects k CA as its certificate authority machine Structure;
The user u creates affairs CI:Affairs TX_ID refers to Current transaction CI mark, and NULL refers to leading affairs CI mark, and DN is Domain name, ET are the certificate expiration time;Threshold mechanism is represented, i.e. t CA energy cancellation of doucment in k CA;
Affairs CI and the user u identity documents cre are sent respectively to k CA by the user u;
(2) sign affairs CI:CAjAfter the request for receiving the user u, the identity documents cre of the user u is verified, if CAjTest It is legal to demonstrate,prove the identity documents cre of the user u, then uses CAjPrivate key SKCAjAffairs CI is signed, signed as SigCAj(CI), j =1,2 ..., k;CAjTo be signed SigCAj(CI) the user u is returned to;Otherwise, without signature;
(3) affairs CI is merged:The user u collects all k Sig that signedCAj(CI);The user u is by SigCAj(CI) close And into certificate authority affairs CI, the certificate authority affairs after finally being signedThe use Certificate authority affairs CI_signed after signature is sent to the block chain guardian BLM by family u.
5. the certificate management method of the public key infrastructure system according to claim 4 based on block chain, its feature exist In the identity documents cre of the user u is sent to k CA by the user u by the outband channel of safety;
By signature function RSA or ECDSA, CA is usedjPrivate key SKCAjAffairs CI is signed.
6. the certificate management method of the public key infrastructure system according to claim 3 based on block chain, its feature exist In the step B, including step are as follows:
(4) whether the signature in the certificate authority affairs CI_signed after the block chain guardian BLM checkings signature is legal, If illegal, the block chain guardian BLM abandons the certificate authority affairs CI_signed after the signature, and to the use Family u sends error information;If legal, into step (5);
(5) the block chain guardian BLM checks the certificate status tree MPT of current newest block on block chain, the user u's Whether login name is occupied, if occupied, the block chain guardian BLM abandons the certificate authority affairs after the signature CI_signed, and send error information to the user u;If unoccupied, the block chain guardian BLM produces one Candidate block includes other that the certificate authority affairs CI_signed after the signature submitted of the user and the BLM receive Affairs, all affairs of the BLM in this candidate block update the certificate status tree MPT in this candidate block, and pass through common recognition Algorithm confirms the candidate block jointly with other BLM, the candidate block is added on block chain, into step (6);
(6) synchronous block:The block chain guardian BLM is confirmed comprising the certificate authority affairs after signature by algorithm of knowing together CI_signed block, and the block is added to block chain;The block chain guardian BLM will be in whole block catenary system The middle synchronization block;Each user u can check the block and verify the certificate authority affairs CI_signed after signature;
(7) the block chain guardian BLM sends receipt to the user u, and the receipt is included containing the certificate authority after signature Existing for certificate authority affairs CI_signed after being signed in the block head of affairs CI_signed block and the block Prove, block head includes timestamp, the cryptographic Hash of a upper block, certificate affairs Merkle Tree root cryptographic Hash, certificate shape State MPT root cryptographic Hash;Proved existing for certificate authority affairs CI_signed after signature Merkel tree root cryptographic Hash and Merkle is proved.
7. the certificate management method of the public key infrastructure system according to claim 6 based on block chain, its feature exist In the domain name of, the block chain guardian BLM according to the certificate authority affairs CI_signed after being signed in candidate block, public key Certificate status tree MPT states are updated with the occurrence of certificate expiration time, i.e.,:After the block chain guardian BLM is to sign The keyword for the certificate status tree MPT that the cryptographic Hash of certificate authority affairs CI_signed domain name is used as, keyword refer to tree root To the path of leaf node, increase a node on certificate status tree MPT, and using public key and certificate expiration time as leaf node Value.
8. the certificate management method of the public key infrastructure system according to claim 6 based on block chain, its feature exist In the root cryptographic Hash of Merkel tree is obtained by following steps:Certificate authority affairs in the block of block chain after all signatures CI_signed forms Merkel tree, and each leaf of Merkel tree corresponds to the certificate authority affairs CI_ after a signature Signed, each internal node of Merkel tree by obtaining its value by hash function Hash () to two child, Hash(Txa)=SHA256 (SHA256 ()), SHA256 are 256 hash functions, the final root Hash for obtaining Merkel tree Value.
9. the certificate management method of the public key infrastructure system according to claim 3 based on block chain, its feature exist In the step C, including step are as follows:
(8) certificate is asked:The client Client sends certificate to the user u (certificate holder, i.e. registered user) please Ask;
(9) domain name is replied:Its domain name and the block chain guardian BLM are replied to the client Client by the user u;
(10) inquiring and authenticating:The client Client sends inquiring and authenticating request to the block chain guardian BLM;
(11) certificate status proves:The block chain guardian BLM verifies certificate corresponding with domain name whether on block chain, if It is not present, then sends error information to the client Client certificates, if in the presence of, continue to verify whether certificate is effective, if It is invalid, then error information is sent to the client Client certificates, if effectively, the block chain guardian BLM is to client The state that end Client sends certificate corresponding with domain name proves that the state of certificate proves to be corresponded on certificate status tree MPT User u leaf node certificate information and its Merkle proves that domain name of the leaf node certificate information including user u, public key, certificate arrive Time phase;
(12) certificate update:The user u or multiple CA, which can Generate Certificate, updates affairs CU, and affairs CU is published into area Block chain etc. is to be verified;
(13) certificate revocation:The user u request transactions CU or signature after certificate authority affairs CI_signed output in t Certificate revocation is completed in individual CA cooperations;T CA, which Generates Certificate, cancels affairs CR;Certificate revocation affairs CR is published to block by t CA Chain etc. is to be verified.
10. the certificate management method of the public key infrastructure system according to claim 9 based on block chain, its feature exist It is as follows in, the step (12), affairs CU: TX_ID ' refers to Current transaction CU mark, is obtained by all data Hash of affairs;
The step (13), user use at least t in the output of certificate authority affairs CI_signed or affairs CU after signature Certificate revocation is completed in CA cooperations:Assuming that t CA of revocation user certificate is CAi1, CAi2..., CAit, i1, i2..., it∈{1, 2 ..., k }, the user certificate in the certificate authority affairs CI_signed after signing can be revoked in the revocation affairs that Generate Certificate CR:CR ={ TX_ID ", TX_ID, DN, ET;Input:CAi1, CAi2..., CAit;Output:NULL};Or the use in revocation affairs CU Family certificate:CR=TX_ID ", TX_ID ', DN, ET;Input:CAi1, CAi2..., CAit;Output:NULL}.
CN201710832853.5A 2017-09-15 2017-09-15 Public key infrastructure system based on block chain and certificate management method thereof Active CN107769925B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710832853.5A CN107769925B (en) 2017-09-15 2017-09-15 Public key infrastructure system based on block chain and certificate management method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710832853.5A CN107769925B (en) 2017-09-15 2017-09-15 Public key infrastructure system based on block chain and certificate management method thereof

Publications (2)

Publication Number Publication Date
CN107769925A true CN107769925A (en) 2018-03-06
CN107769925B CN107769925B (en) 2020-06-19

Family

ID=61265696

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710832853.5A Active CN107769925B (en) 2017-09-15 2017-09-15 Public key infrastructure system based on block chain and certificate management method thereof

Country Status (1)

Country Link
CN (1) CN107769925B (en)

Cited By (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768657A (en) * 2018-04-17 2018-11-06 深圳技术大学(筹) A kind of digital certificate based on block platform chain issues system and method
CN108768747A (en) * 2018-06-19 2018-11-06 肇庆中能创智信息科技有限公司 A kind of Platform Server for safeguarding block chain network
CN108777625A (en) * 2018-06-28 2018-11-09 腾讯科技(深圳)有限公司 Verification method, device and system, storage medium, the electronic device of signature
CN108924107A (en) * 2018-06-21 2018-11-30 桂林电子科技大学 A kind of block chain tele-medicine data call can verify that method
CN108985011A (en) * 2018-07-23 2018-12-11 北京聚道科技有限公司 A kind of genomic data management method and system based on block chain technology
CN108985100A (en) * 2018-08-15 2018-12-11 百度在线网络技术(北京)有限公司 Element Security Proof method, apparatus, equipment and medium based on block chain
CN109067521A (en) * 2018-07-27 2018-12-21 天津大学 A kind of public key distribution method based on block chain
CN109101526A (en) * 2018-06-20 2018-12-28 北京欧链科技有限公司 A kind of corrigenda of block chain method and device, storage medium, electronic equipment
CN109274573A (en) * 2018-07-12 2019-01-25 华泰证券股份有限公司 A kind of immediate news systems, method and application for merging block chain technology
CN109325359A (en) * 2018-09-03 2019-02-12 平安科技(深圳)有限公司 System of account setting method, system, computer equipment and storage medium
CN109345243A (en) * 2018-09-18 2019-02-15 百度在线网络技术(北京)有限公司 A kind of data processing of block chain and verification method, device, equipment and medium
CN109450843A (en) * 2018-09-14 2019-03-08 众安信息技术服务有限公司 A kind of SSL certificate management method and system based on block chain
CN109687958A (en) * 2018-12-28 2019-04-26 全链通有限公司 A kind of design of art work certificate and verification method based on fidelity block chain
CN110149205A (en) * 2019-05-27 2019-08-20 北京计算机技术及应用研究所 A method of internet-of-things terminal is protected conducive to block chain
WO2019184155A1 (en) * 2018-03-27 2019-10-03 深圳市网心科技有限公司 Blockchain node authority control method, blockchain system and storage medium
CN110855679A (en) * 2019-11-15 2020-02-28 微位(深圳)网络科技有限公司 uPKI combined public key authentication method and system
CN110912707A (en) * 2019-11-22 2020-03-24 腾讯科技(深圳)有限公司 Block chain-based digital certificate processing method, device, equipment and storage medium
CN110914849A (en) * 2018-06-08 2020-03-24 安纳科技有限公司 System and method for securing transactions in a blockchain network
CN110929288A (en) * 2018-12-07 2020-03-27 深圳市智税链科技有限公司 Method for generating public key certificate, certificate authority and medium
CN111327424A (en) * 2020-01-20 2020-06-23 南京可信区块链与算法经济研究院有限公司 Method, system and storage medium for issuing CA certificate by multiple nodes
CN111434085A (en) * 2018-11-16 2020-07-17 阿里巴巴集团控股有限公司 Domain name management scheme for cross-chain interaction in blockchain systems
CN111711925A (en) * 2020-06-04 2020-09-25 中国联合网络通信集团有限公司 Method and device for judging close contact person
CN111819817A (en) * 2018-03-08 2020-10-23 区块链控股有限公司 Method and system for block chain implementation for bilinear mapping accumulator-based authorization
CN111835526A (en) * 2020-06-30 2020-10-27 北京泰尔英福网络科技有限责任公司 Method and system for generating anonymous voucher
CN112398658A (en) * 2020-11-13 2021-02-23 浙江数秦科技有限公司 Distributed digital certificate management method, system, equipment and storage medium
CN113204744A (en) * 2021-04-07 2021-08-03 西安西电链融科技有限公司 Software authorization system and method based on distributed identity
CN113647050A (en) * 2019-03-25 2021-11-12 美光科技公司 Memory command validation based on block chains
CN114500051A (en) * 2022-01-26 2022-05-13 中国科学院信息工程研究所 Block chain-based certificate management method and system
CN114679281A (en) * 2022-03-15 2022-06-28 北京宏思电子技术有限责任公司 RSA-based joint signature generation method and device
CN114726567A (en) * 2021-01-05 2022-07-08 中国移动通信有限公司研究院 Node interaction method, certificate verification method, device and related equipment
CN114788219A (en) * 2019-09-16 2022-07-22 诺得技术公司 Provisioning and verifying device credentials
CN115021930A (en) * 2022-05-30 2022-09-06 广州大学 Router certificate issuing method based on resource public key infrastructure block chain
CN115065486A (en) * 2022-07-27 2022-09-16 北京共识数信科技有限公司 Intelligent contract certificate management method, system and readable storage medium
CN115150184A (en) * 2022-07-25 2022-10-04 中国互联网络信息中心 Method and system for applying metadata in fabric blockchain certificate
CN116566660A (en) * 2023-04-21 2023-08-08 石家庄铁道大学 Identity authentication method based on medical block chain

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150323870A1 (en) * 2014-05-08 2015-11-12 Jsr Corporation Composition for pattern formation, and pattern-forming method
WO2016081714A1 (en) * 2014-11-20 2016-05-26 Broda Tech, Llc Water-soluble supramolecular complexes
US20170021014A1 (en) * 2015-07-21 2017-01-26 The Johns Hopkins University Vaccine adjuvants for cytomegalovirus prevention and treatment
CN106385315A (en) * 2016-08-30 2017-02-08 北京三未信安科技发展有限公司 Digital certificate management method and system
CN106411901A (en) * 2016-10-08 2017-02-15 北京三未信安科技发展有限公司 Digital identity-based cryptograph management method and system
CN106789090A (en) * 2017-02-24 2017-05-31 陈晶 Public key infrastructure system and semi-random participating certificate endorsement method based on block chain
CN107070644A (en) * 2016-12-26 2017-08-18 北京科技大学 A kind of decentralization public key management method and management system based on trust network

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150323870A1 (en) * 2014-05-08 2015-11-12 Jsr Corporation Composition for pattern formation, and pattern-forming method
WO2016081714A1 (en) * 2014-11-20 2016-05-26 Broda Tech, Llc Water-soluble supramolecular complexes
US20170021014A1 (en) * 2015-07-21 2017-01-26 The Johns Hopkins University Vaccine adjuvants for cytomegalovirus prevention and treatment
CN106385315A (en) * 2016-08-30 2017-02-08 北京三未信安科技发展有限公司 Digital certificate management method and system
CN106411901A (en) * 2016-10-08 2017-02-15 北京三未信安科技发展有限公司 Digital identity-based cryptograph management method and system
CN107070644A (en) * 2016-12-26 2017-08-18 北京科技大学 A kind of decentralization public key management method and management system based on trust network
CN106789090A (en) * 2017-02-24 2017-05-31 陈晶 Public key infrastructure system and semi-random participating certificate endorsement method based on block chain

Cited By (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111819817A (en) * 2018-03-08 2020-10-23 区块链控股有限公司 Method and system for block chain implementation for bilinear mapping accumulator-based authorization
WO2019184155A1 (en) * 2018-03-27 2019-10-03 深圳市网心科技有限公司 Blockchain node authority control method, blockchain system and storage medium
CN108768657A (en) * 2018-04-17 2018-11-06 深圳技术大学(筹) A kind of digital certificate based on block platform chain issues system and method
CN110914849A (en) * 2018-06-08 2020-03-24 安纳科技有限公司 System and method for securing transactions in a blockchain network
CN108768747A (en) * 2018-06-19 2018-11-06 肇庆中能创智信息科技有限公司 A kind of Platform Server for safeguarding block chain network
CN109101526A (en) * 2018-06-20 2018-12-28 北京欧链科技有限公司 A kind of corrigenda of block chain method and device, storage medium, electronic equipment
CN108924107A (en) * 2018-06-21 2018-11-30 桂林电子科技大学 A kind of block chain tele-medicine data call can verify that method
CN108924107B (en) * 2018-06-21 2020-08-21 桂林电子科技大学 Verifiable method for block chain remote medical data calling
CN108777625A (en) * 2018-06-28 2018-11-09 腾讯科技(深圳)有限公司 Verification method, device and system, storage medium, the electronic device of signature
CN108777625B (en) * 2018-06-28 2020-08-11 腾讯科技(深圳)有限公司 Signature verification method, device and system, storage medium and electronic device
CN109274573A (en) * 2018-07-12 2019-01-25 华泰证券股份有限公司 A kind of immediate news systems, method and application for merging block chain technology
CN109274573B (en) * 2018-07-12 2021-03-23 华泰证券股份有限公司 Instant message system and method fusing block chain technology
CN108985011A (en) * 2018-07-23 2018-12-11 北京聚道科技有限公司 A kind of genomic data management method and system based on block chain technology
CN109067521A (en) * 2018-07-27 2018-12-21 天津大学 A kind of public key distribution method based on block chain
CN108985100B (en) * 2018-08-15 2022-02-25 百度在线网络技术(北京)有限公司 Block chain-based element security certification method, device, equipment and medium
CN108985100A (en) * 2018-08-15 2018-12-11 百度在线网络技术(北京)有限公司 Element Security Proof method, apparatus, equipment and medium based on block chain
CN109325359B (en) * 2018-09-03 2023-06-02 平安科技(深圳)有限公司 Account system setting method, system, computer device and storage medium
CN109325359A (en) * 2018-09-03 2019-02-12 平安科技(深圳)有限公司 System of account setting method, system, computer equipment and storage medium
CN109450843A (en) * 2018-09-14 2019-03-08 众安信息技术服务有限公司 A kind of SSL certificate management method and system based on block chain
CN109450843B (en) * 2018-09-14 2021-06-15 众安信息技术服务有限公司 SSL certificate management method and system based on block chain
CN109345243A (en) * 2018-09-18 2019-02-15 百度在线网络技术(北京)有限公司 A kind of data processing of block chain and verification method, device, equipment and medium
CN111434085A (en) * 2018-11-16 2020-07-17 阿里巴巴集团控股有限公司 Domain name management scheme for cross-chain interaction in blockchain systems
CN110929288A (en) * 2018-12-07 2020-03-27 深圳市智税链科技有限公司 Method for generating public key certificate, certificate authority and medium
CN110929288B (en) * 2018-12-07 2021-06-01 深圳市智税链科技有限公司 Method for generating public key certificate, certificate authority and medium
CN109687958A (en) * 2018-12-28 2019-04-26 全链通有限公司 A kind of design of art work certificate and verification method based on fidelity block chain
CN113647050A (en) * 2019-03-25 2021-11-12 美光科技公司 Memory command validation based on block chains
CN110149205A (en) * 2019-05-27 2019-08-20 北京计算机技术及应用研究所 A method of internet-of-things terminal is protected conducive to block chain
CN110149205B (en) * 2019-05-27 2022-02-08 北京计算机技术及应用研究所 Method for protecting Internet of things terminal by using block chain
CN114788219A (en) * 2019-09-16 2022-07-22 诺得技术公司 Provisioning and verifying device credentials
CN110855679A (en) * 2019-11-15 2020-02-28 微位(深圳)网络科技有限公司 uPKI combined public key authentication method and system
CN110855679B (en) * 2019-11-15 2021-11-30 微位(深圳)网络科技有限公司 uPKI combined public key authentication method and system
CN110912707A (en) * 2019-11-22 2020-03-24 腾讯科技(深圳)有限公司 Block chain-based digital certificate processing method, device, equipment and storage medium
CN111327424A (en) * 2020-01-20 2020-06-23 南京可信区块链与算法经济研究院有限公司 Method, system and storage medium for issuing CA certificate by multiple nodes
CN111711925A (en) * 2020-06-04 2020-09-25 中国联合网络通信集团有限公司 Method and device for judging close contact person
CN111835526A (en) * 2020-06-30 2020-10-27 北京泰尔英福网络科技有限责任公司 Method and system for generating anonymous voucher
CN111835526B (en) * 2020-06-30 2023-11-21 北京泰尔英福科技有限公司 Method and system for generating anonymous credential
CN112398658A (en) * 2020-11-13 2021-02-23 浙江数秦科技有限公司 Distributed digital certificate management method, system, equipment and storage medium
CN114726567A (en) * 2021-01-05 2022-07-08 中国移动通信有限公司研究院 Node interaction method, certificate verification method, device and related equipment
CN113204744A (en) * 2021-04-07 2021-08-03 西安西电链融科技有限公司 Software authorization system and method based on distributed identity
CN113204744B (en) * 2021-04-07 2024-04-23 西安链融科技有限公司 Software authorization system and method based on distributed identity
CN114500051B (en) * 2022-01-26 2022-10-11 中国科学院信息工程研究所 Block chain-based certificate management method and system
CN114500051A (en) * 2022-01-26 2022-05-13 中国科学院信息工程研究所 Block chain-based certificate management method and system
CN114679281A (en) * 2022-03-15 2022-06-28 北京宏思电子技术有限责任公司 RSA-based joint signature generation method and device
CN114679281B (en) * 2022-03-15 2023-12-01 北京宏思电子技术有限责任公司 RSA-based joint signature generation method and apparatus
CN115021930B (en) * 2022-05-30 2023-05-26 广州大学 Router certificate issuing method based on resource public key infrastructure block chain
CN115021930A (en) * 2022-05-30 2022-09-06 广州大学 Router certificate issuing method based on resource public key infrastructure block chain
CN115150184A (en) * 2022-07-25 2022-10-04 中国互联网络信息中心 Method and system for applying metadata in fabric blockchain certificate
CN115150184B (en) * 2022-07-25 2023-07-21 中国互联网络信息中心 Method and system for applying metadata in fabric block chain certificate
CN115065486B (en) * 2022-07-27 2022-11-04 北京共识数信科技有限公司 Intelligent contract certificate management method, system and readable storage medium
CN115065486A (en) * 2022-07-27 2022-09-16 北京共识数信科技有限公司 Intelligent contract certificate management method, system and readable storage medium
CN116566660A (en) * 2023-04-21 2023-08-08 石家庄铁道大学 Identity authentication method based on medical block chain
CN116566660B (en) * 2023-04-21 2024-02-13 石家庄铁道大学 Identity authentication method based on medical block chain

Also Published As

Publication number Publication date
CN107769925B (en) 2020-06-19

Similar Documents

Publication Publication Date Title
CN107769925A (en) Public key infrastructure system and its certificate management method based on block chain
US10764067B2 (en) Operation of a certificate authority on a distributed ledger
CN106972931B (en) Method for transparentizing certificate in PKI
CN114186248B (en) Zero-knowledge proof verifiable certificate digital identity management system and method based on block chain intelligent contracts
CN111884815A (en) Block chain-based distributed digital certificate authentication system
WO2021120253A1 (en) Data storage method and verification method for blockchain structure, blockchain structure implementation method, blockchain-structured system, device, and medium
Fromknecht et al. A decentralized public key infrastructure with identity retention
CN112818368A (en) Digital certificate authentication method based on block chain intelligent contract
US20140136838A1 (en) Entity network translation (ent)
CN110046521A (en) Decentralization method for secret protection
EP3664005B1 (en) Credential generation and distribution method and system for a blockchain network
CN111262692B (en) Key distribution system and method based on block chain
CN110059503A (en) The retrospective leakage-preventing method of social information
CN110138560A (en) A kind of dual-proxy cross-domain authentication method based on id password and alliance's chain
CN114499898A (en) Block chain cross-chain secure access method and device
CN113360861B (en) Mortgage loan oriented decentralized identity method based on repeater cross-chain
CN109146479A (en) Data ciphering method based on block chain
CN113343213A (en) Multi-CA cross-domain authentication method based on block chain in distributed autonomous network
Aini et al. Blockchain based certificate verification system management
Gulati et al. Self-sovereign dynamic digital identities based on blockchain technology
Garba et al. BB-PKI: Blockchain-based public key infrastructure certificate management
CN110706102B (en) Multistage signature method with anonymity for alliance block chain
TWI818209B (en) Distributed ledger-based methods and systems for certificate authentication
CN113495924B (en) Anti-fake data safe sharing method based on blockchain
CN115664683A (en) Cross-domain method based on block chain intelligent contract

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant