Specific embodiment
The application is described below based on embodiment, but the application is not restricted to these embodiments.Under
Text is detailed to describe some specific detail sections in the datail description of the application.Do not have for a person skilled in the art
The description of these detail sections can also understand the application completely.In order to avoid obscuring the essence of the application, well known method, mistake
There is no narrations in detail for journey, flow, element and circuit.
In addition, it should be understood by one skilled in the art that provided herein attached drawing be provided to explanation purpose, and
What attached drawing was not necessarily drawn to scale.
Unless the context clearly requires otherwise, otherwise throughout the specification and claims " comprising ", "comprising" etc. are similar
Word should be construed to the meaning included rather than exclusive or exhaustive meaning;That is, it is containing for " including but not limited to "
Justice.
In the description of the present application, it is to be understood that term " first ", " second " etc. are only used for description purpose, without
It is understood that indicate or imply relative importance.In addition, in the description of the present application, unless otherwise indicated, the meaning of " multiple "
It is two or more.
The embodiment of the present application deposits card in block chain after digital certificate generation application is received, by the digital certificate signed and issued
In, the security of digital certificate is improved, prevents from being distorted by hacker;When carrying out data check, the number is inquired about from block chain
According to corresponding digital certificate and pass through the digital certificate data are verified, it is accurate to be provided by safe and reliable digital certificate
Data check to ensure data safety.
Fig. 1 is the configuration diagram of the generation of the embodiment of the present application data certificate and check system.Wherein block chain 1 is by issuing
End node 20 and cooperation end node 30 are safeguarded jointly.Distribution end refers to the side of signing and issuing of digital certificate, is usually government and authorization machine
Structure;Cooperation end (Partnership) refers to partner or the agent at business end (Business) 4, represent business end 4 and its
Client 5 (Client) generates digital certificate to the application of distribution end.
The backstage for issuing end services (Backend as a Service, BaaS) system 21, by the digital certificate of generation
Block chain 1 is written to so as to carry out depositing card to digital certificate.The software at distribution end i.e. service (Software as a Service,
SaaS) system 22 is for generating digital certificate, and the corresponding digital certificate of the data is verified in data check.Distribution
The encryption equipment 23 at end is used to sign to the digital certificate of generation using private key.
The BaaS systems 31 at cooperation end, for being inquired about when cooperation end carries out data check from block chain 1 and obtaining number
Word certificate.The SaaS systems 32 at cooperation end carry out the certificates constructing application from business end 4 for submitting certificates constructing application
Identity information verifies and will be by the SaaS system 22 for being forwarded to distribution end of verification;The SaaS systems 32 at cooperation end are additionally operable to
Data are verified during data check.
If the application of digital certificate is generated from cooperation end, as shown in Figure 2, it is necessary to by following processing procedure.
S201, the SaaS systems at cooperation end generate public private key pair at random.
S202, the SaaS systems at cooperation end submit certificates constructing application to the SaaS systems for issuing end.
S203, the SaaS systems for issuing end verify identity information therein, pass through if verified, provide in digital certificate
Hold and continue to execute S205.If it verifies not by performing S204.
S204 returns to identity information mistake and remodifies the message of submission to the SaaS systems at cooperation end.
Digital certificate content is sent to encryption equipment by S205.
S206, encryption equipment sign to digital certificate content using private key.
The digital certificate content signed is back to SaaS systems by S207, encryption equipment.
The digital certificate signed is sent to BaaS systems by S208, the SaaS systems for issuing end.
The digital certificate signed is written to block chain and carries out depositing card by S209, the BaaS systems for issuing end.
Wherein, the certificates constructing application that the SaaS systems at cooperation end are submitted includes public key and identity information.Identity information bag
Include the information such as title, the number at cooperation end.
Digital certificate content includes:The identity information and public key of digital certificate owner (applying digital certificate person), number
The information such as sequence number, version, the term of validity and the signature algorithm of certificate, the title of digital certificate issued mechanism (distribution end).
The digital certificate of generation is written in the block that block chain is newly generated and carries out depositing card, node is got
After the digital certificate of signature, broadcasted to the inside of place block chain network.The node each received demonstrate,proves the number signed
Book or its data fingerprint are saved in the block main part in the block that will be created, and then each node begins through competition
Mechanism (as resolve a difficult math question) come obtain create the new block right.When a node is won in competition,
The digital certificate signed or its data fingerprint preserved in the block is broadcasted to the whole network, and core is carried out by the other nodes of the whole network
It is right.The correctness of the data fingerprint of the whole network other node checks block record, if it is confirmed that after correct, all nodes will continue
Next block is created according to competition mechanism competition, the digital certificate signed is implanted to block chain as a result, in the block
Block head preserve the cryptographic Hash of block header, available for the block identified where the digital certificate.Digital certificate is write
Enter the security for block chain, improving digital certificate.
If the application of digital certificate is generated from cooperation end, as shown in Figure 3, it is necessary to by following processing procedure.
S210, business end generate public private key pair at random.
Certificates constructing application is submitted to the SaaS systems at cooperation end in S211, business end.
S212, the SaaS systems at cooperation end verify identity information therein, if verified not by performing S213, such as
Fruit stone is looked by then performing S202.
S213, the SaaS systems at cooperation end return to identity information mistake and remodify the message of submission to business end.
S202, the SaaS systems at cooperation end submit certificates constructing application to the SaaS systems for issuing end.
The generation of subsequent digital certificate with deposit the process of card with it is described previously identical, be not repeated to illustrate.If it submits
For identity information in certificates constructing application not by issuing the SaaS systems at end, the SaaS systems at cooperation end are receiving distribution end
The message that returns of SaaS systems after, the identity information mistake and the message that remodifies submission are forwarded to business end.
If the application of digital certificate is generated from cooperation end, as shown in Figure 4, it is necessary to by following processing procedure.
S214, client generate public private key pair at random.
S215, client submit certificates constructing application to business end.
Identity information therein is verified at S216, business end, if verify not by, perform S217, pass through if verified,
Then perform S211.
S217, business end return to identity information mistake and remodify the message of submission to client.
Certificates constructing application is submitted to the SaaS systems at cooperation end in S211, business end.
Subsequent processes with it is described previously identical, be not repeated to illustrate.If identity information is in the SaaS systems at cooperation end
System is not by verifying, then business end can receive the identity information mistake of the SaaS systems return at cooperation end and remodify submission
Message, which can be forwarded to client by business end;Equally, if the identity information of certificates constructing application is at distribution end
SaaS systems fail to verify and pass through, then the SaaS systems at cooperation end can receive the identity information that the SaaS systems at distribution end return
The message can be forwarded to client by mistake and the message for remodifying submission, the SaaS systems at cooperation end by business end.
The above-mentioned digital certificate for being generated and saved in block chain, available for the number to client, business end and cooperation end
According to progress data check.As shown in figure 5, the process that cooperation end carries out data check comprises the following steps.
S301, the SaaS systems at cooperation end receive data check request, and data check request includes data content, data label
Name and public key.
S302, according to public key from the corresponding digital certificate of the BaaS system queries at the cooperation end data.
S303 judges that the digital certificate whether there is.If it is present S305 is performed, if it does not exist, then performing
S304。
S304, the unsanctioned message of back-checking.
S305 carries out sign test to data content and data signature using public key, judges whether sign test passes through.If sign test is led to
It crosses, then performs S306, if sign test is not by performing S304.
S306, back-checking by message.
If the data check request come from business end, by verify whether by message be back to business end;Such as
The request of the fruit data check comes from client and is forwarded to cooperation end by business end, then by verify whether by message pass through
Business end is forwarded to client.
The SaaS systems at cooperation end can be additionally configured to need to verify digital certificate, at this time as shown in fig. 6, closing
The process for making end progress data check comprises the following steps.
S401, the SaaS systems at cooperation end receive data check request, and data check request includes data content, data label
Name and public key.
S402, according to public key from the corresponding digital certificate of the BaaS system queries at the cooperation end data.
S403 judges that the digital certificate whether there is.If it is present S405 is performed, if it does not exist, then performing
S404。
S404, the unsanctioned message of back-checking.
S405 judges whether to need to verify digital certificate.When needing to verify digital certificate, perform
S406 when need not be verified to digital certificate, performs S409.
S406 sends digital certificate to the SaaS systems for issuing end.
S407, distribution end verify digital certificate using the public key of encryption equipment, judge whether that verification passes through.Verification is logical
It is out-of-date, perform S409, verification not by when, perform S408.
S408, the SaaS systems of the distribution unsanctioned message of end back-checking to cooperation end.The SaaS systems at cooperation end after
It is continuous to perform S404.
S409, the SaaS systems at cooperation end carry out sign test to data content and data signature using public key, judge that sign test is
It is no to pass through.If sign test is by performing S410, if sign test is not by performing S404.
S410, back-checking by message.
In the present embodiment, the corresponding digital certificate of the data is inquired about from block chain and pass through the digital certificate to data into
Row verification provides accurate data check to ensure data safety by safe and reliable digital certificate.In addition, above-mentioned number card
The generating process and checking procedure of book can perform respectively, can also successively be performed according to from the order for being generated to verification, and point
Do not reach corresponding technique effect.
Further, it is also possible to realized by hardware processor (hardware processor) generation of above-mentioned digital certificate and
Each program step of verification.A kind of electronic equipment for being used to perform above-mentioned digital certificate generation method, including:Processor;With
In the memory of storage processor-executable instruction;Wherein, processor is configured as:Receive certificates constructing application, the certificate
Generation application includes public key and identity information;Verify whether the identity information passes through;Pass through in response to identity information verification, carry
It is digitally signed for certificate content and using private key to certificate content;The digital certificate signed is written to block chain to complete
Certificate deposits card.
In one embodiment, the certificate content is digitally signed using private key including:Using in encryption equipment
Private key is digitally signed, and receives the digital certificate signed of encryption equipment return.
In one embodiment, receiving certificates constructing application includes:Receive the certificates constructing application from cooperation end;It is described
Certificates constructing application from cooperation end further includes:The forwarding of cooperation end comes from client or business end and is believed by identity
Cease the certificates constructing application verified.
In one embodiment, processor is configured to:It is verified not in response to identity information by returning to identity
The message of certificates constructing application is resubmited after information errors and modification.
A kind of electronic equipment for being used to perform above-mentioned digital certificate method of calibration, including:Processor;For storing processor
The memory of executable instruction;Wherein, processor is configured as:Data check request is received, data check request includes data
Content, data signature and public key;From block chain querying node and judge that the corresponding digital certificate of data whether there is according to public key;
Exist in response to digital certificate, sign test is carried out to data content and data signature using public key, judges whether sign test passes through;Response
Pass through the message that returned data verification passes through in sign test.
In one embodiment, exist in response to digital certificate, data content and data signature are tested using public key
Whether label, judge sign test by including:
Exist in response to digital certificate, judge whether to need to verify the digital certificate,
In response to needing to verify digital certificate, digital certificate is sent to end is issued, encryption equipment is utilized by issuing end
Public key digital certificate is verified;
The message passed through in response to receiving the digital certificate verification from distribution end, using public key to data content sum number
Sign test is carried out according to signature, judges whether sign test passes through;
In response to need not be verified to digital certificate, sign test is carried out to data content and data signature using public key,
Judge whether sign test passes through.
In one embodiment, receiving data check request includes:
It receives the request of the data check from business end or receives the data school from client forwarded by business end
Test request.
In one embodiment, processor is configured to:
Be not present in response to digital certificate or in response to data content and data signature are carried out sign test not by or
Person verifies unsanctioned message, the unsanctioned message of back-checking to business in response to receiving the digital certificate from distribution end
End.
It will be understood by those skilled in the art that embodiments herein can be provided as method, apparatus (equipment) or computer
Program product.Therefore, in terms of the application can be used complete hardware embodiment, complete software embodiment or combine software and hardware
Embodiment form.Moreover, the meter for wherein including computer usable program code in one or more can be used in the application
The computer journey that calculation machine usable storage medium is implemented on (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of sequence product.
The application is the flow chart with reference to method, apparatus (equipment) and computer program product according to the embodiment of the present application
And/or block diagram describes.It should be understood that each flow in flowchart and/or the block diagram can be realized by computer program instructions
And/or the flow in box and flowchart and/or the block diagram and/or the combination of box.These computer programs can be provided to refer to
The processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is made to generate
One machine so that the instruction generation performed by computer or the processor of other programmable data processing devices is used to implement
The device for the function of being specified in one flow of flow chart or multiple flows and/or one box of block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction generation being stored in the computer-readable memory includes referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to generate computer implemented processing, so as in computer or
The instruction offer performed on other programmable devices is used to implement in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
The foregoing is merely the preferred embodiments of the application, are not limited to the application, for those skilled in the art
For, the application can have various modifications and changes.All any modifications made within spirit herein and principle are equal
Replace, improve etc., it should be included within the protection domain of the application.