CN108390872A - Certificate management method, device, medium and electronic equipment - Google Patents
Certificate management method, device, medium and electronic equipment Download PDFInfo
- Publication number
- CN108390872A CN108390872A CN201810136908.3A CN201810136908A CN108390872A CN 108390872 A CN108390872 A CN 108390872A CN 201810136908 A CN201810136908 A CN 201810136908A CN 108390872 A CN108390872 A CN 108390872A
- Authority
- CN
- China
- Prior art keywords
- block chain
- sent
- certificate
- block
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
An embodiment of the present invention provides a kind of certificate management method, device, medium and electronic equipment, which includes:The relevant information for obtaining target object, and is sent to block chain node by the relevant information, with obtain that the block chain node returns include digital certificate feedback information;The common recognition node feedback information being sent in block chain network;The common recognition node is based on the feedback information and generates block, and the block of generation is sent to the block chain node;The block is written in chain the block chain node, and the information of the block is sent to other block chain nodes.The technical solution of the embodiment of the present invention can preserve digital certificate into block chain network, avoid the problem of digital certificate is tampered and leads to property loss and property dispute, and the safety of digital certificate has been effectively ensured.
Description
Technical field
The present invention relates to field of computer technology, in particular to a kind of certificate management method, device, medium and electricity
Sub- equipment.
Background technology
As shown in Figure 1, using public key and user information to CA (Certificate in user in the related technology
Authority, digital certificate authentication center) server request distribution certificate and CA servers to user distribute certificate after, meeting
The certificate that user information and CA servers distribute is stored into database, but store the data into database be easy by
It distorts, causes certificate dangerous.
It should be noted that information is only used for reinforcing the reason of the background to the present invention disclosed in above-mentioned background technology part
Solution, therefore may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Invention content
The embodiment of the present invention is designed to provide a kind of certificate management method, device, medium and electronic equipment, Jin Erzhi
Overcome the problems, such as in the related technology to store certificate to a certain extent less causes certificate unsafe into database.
Other characteristics and advantages of the present invention will be apparent from by the following detailed description, or partially by the present invention
Practice and acquistion.
According to a first aspect of the embodiments of the present invention, a kind of certificate management method is provided, including:Obtain target object
Relevant information, and the relevant information is sent to block chain node, include number with obtain the block chain node return
The feedback information of word certificate;The common recognition node feedback information being sent in block chain network;The common recognition node is based on
The feedback information generates block, and the block of generation is sent to the block chain node;The block chain node will be described
Block is written in chain, and the information of the block is sent to other block chain nodes.
In some embodiments of the invention, aforementioned schemes are based on, the relevant information of target object are obtained, by the correlation
Information is sent to block chain node, with obtain that the block chain node returns include digital certificate feedback information, including:
SDK (Software Development Kit, Software Development Kit) module obtains the relevant information of the target object;Institute
It states SDK modules to sign to the relevant information based on the private key of itself, and the data packet obtained after signature is sent to institute
State block chain node;The signature of data packet described in public key verifications of the block chain node according to the SDK modules, and verifying
By rear, the relevant information is obtained from the data packet, and the relevant information is sent to certificate center;The block
Chain node receives the feedback information that the certificate center is generated according to the relevant information, and the feedback information is sent
To the SDK modules.
In some embodiments of the invention, aforementioned schemes are based on, the certificate center is received in the block chain node
Before the feedback information generated according to the relevant information, further include:The certificate center is based on the private key of itself to institute
It states relevant information to sign, to generate the digital certificate.
In some embodiments of the invention, aforementioned schemes are based on, the certificate center is based on the private key of itself to described
Relevant information is signed, including:The certificate center obtains and the target object phase from least one private key of storage
Corresponding target private key, and signed to the relevant information based on the target private key.
In some embodiments of the invention, aforementioned schemes, each private key and one at least one private key are based on
A or multiple objects are corresponding.
In some embodiments of the invention, aforementioned schemes are based on, SDK modules obtain the relevant information of target object, and
The common recognition node feedback information being sent in block chain network;The certificate management method further includes:The block chain
The digital certificate is sent to the SDK modules by node, so that the digital certificate is sent to the mesh by the SDK modules
Mark object.
In some embodiments of the invention, aforementioned schemes are based on, the common recognition node is generated based on the feedback information
Block, including:The common recognition node is when the quantity of the feedback information received reaches predetermined quantity, according to what is received
The feedback information generates the block;Or
The common recognition node is not up to predetermined quantity in the quantity of the feedback information received, but receives described anti-
When the duration of feedforward information reaches scheduled duration, the block is generated according to the feedback information received.
In some embodiments of the invention, aforementioned schemes are based on, the relevant information of the target object includes:The mesh
Mark the identification information of object and the public key information of the target object.
According to a second aspect of the embodiments of the present invention, a kind of certificate management device is provided, including:SDK modules, block chain
Node and common recognition node;Wherein, the SDK modules are used to obtain the relevant information of target object, and the relevant information is sent out
Send to block chain node, with obtain that the block chain node returns include digital certificate feedback information, and for by institute
It states feedback information and is sent to the common recognition node;The common recognition node is used to generate block according to the feedback information, and will give birth to
At block be sent to the block chain node;The block chain node is used to the block be written in chain, and by the area
The information of block is sent to other block chain nodes.
In some embodiments of the invention, aforementioned schemes are based on, the certificate management device further includes:Certificate center;
Wherein, the data that the SDK modules are used to that the relevant information to be signed, and will obtained after signature according to the private key of itself
Packet is sent to the block chain node;The block chain node is for data packet described in the public key verifications according to the SDK modules
Signature, and after being verified, the relevant information is obtained from the data packet, and the relevant information is sent to institute
The feedback information stated certificate center, and generated for receiving the certificate center, and the feedback information is sent to institute
State SDK modules;The certificate center is used to generate the feedback information according to the relevant information.
According to a third aspect of the embodiments of the present invention, a kind of computer-readable medium is provided, computer is stored thereon with
Program realizes the certificate management method as described in first aspect in above-described embodiment when described program is executed by processor.
According to a fourth aspect of the embodiments of the present invention, a kind of electronic equipment is provided, including:One or more processors;
Storage device, for storing one or more programs, when one or more of programs are held by one or more of processors
When row so that one or more of processors realize the certificate management method as described in first aspect in above-described embodiment.
Technical solution provided in an embodiment of the present invention can include the following benefits:
In the technical solution that some embodiments of the present invention are provided, by by SDK modules by the correlation of target object
Information is sent to block chain node, and includes that the feedback information of digital certificate is sent in block chain network by what is got
Common recognition node, so that common recognition node generates block, and then in the block that digital certificate write-in is generated, enabling by generation
Digital certificate is preserved into block chain network, is avoided digital certificate and is tampered and leads to asking for property loss and property dispute
Topic, has been effectively ensured the safety of digital certificate.
It should be understood that above general description and following detailed description is only exemplary and explanatory, not
It can the limitation present invention.
Description of the drawings
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the present invention
Example, and be used to explain the principle of the present invention together with specification.It should be evident that the accompanying drawings in the following description is only the present invention
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.In the accompanying drawings:
Fig. 1 shows the schematic diagram of certificate management scheme in the related technology;
Fig. 2 diagrammatically illustrates the flow chart of certificate management method according to an embodiment of the invention;
Fig. 3 shows a kind of processing procedure schematic diagram of step S210 shown in Fig. 2;
Fig. 4 diagrammatically illustrates the flow chart of certificate management method according to another embodiment of the invention;
Fig. 5 diagrammatically illustrates the flow chart of signature sign test process according to an embodiment of the invention;
Fig. 6 diagrammatically illustrates the block diagram of certificate management device according to an embodiment of the invention;
Fig. 7 shows the structural schematic diagram of the computer system of the electronic equipment suitable for being used for realizing the embodiment of the present invention.
Specific implementation mode
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes
Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, thesing embodiments are provided so that the present invention will more
Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.
In addition, described feature, structure or characteristic can be incorporated in one or more implementations in any suitable manner
In example.In the following description, many details are provided to fully understand the embodiment of the present invention to provide.However,
It will be appreciated by persons skilled in the art that technical scheme of the present invention can be put into practice without one or more in specific detail,
Or other methods, constituent element, device, step may be used etc..In other cases, it is not shown in detail or describes known side
Method, device, realization or operation are to avoid fuzzy each aspect of the present invention.
Block diagram shown in attached drawing is only functional entity, not necessarily must be corresponding with physically separate entity.
I.e., it is possible to realize these functional entitys using software form, or realized in one or more hardware modules or integrated circuit
These functional entitys, or these functional entitys are realized in heterogeneous networks and/or processor device and/or microcontroller device.
Flow chart shown in attached drawing is merely illustrative, it is not necessary to including all content and operation/step,
It is not required to execute by described sequence.For example, some operation/steps can also decompose, and some operation/steps can close
And or part merge, therefore the sequence actually executed is possible to be changed according to actual conditions.
Fig. 2 diagrammatically illustrates the flow chart of certificate management method according to an embodiment of the invention.
With reference to shown in Fig. 2, certificate management method according to an embodiment of the invention includes the following steps:
Step S210 obtains the relevant information of target object, and the relevant information is sent to block chain node, to obtain
Take the block chain node return includes the feedback information of digital certificate.
In one embodiment of the invention, target object is the object for needing to apply digital certificate, for example can use
Family, financial institution (such as bank), trade company.The relevant information of target object includes the identification information and target object of target object
Public key information, such as target object be user when, the relevant information of target object can be user information and client public key etc..
In one embodiment of the invention, step S210 can be executed by SDK modules, which can collect
At in the terminal corresponding to target object, can also be used independently of the terminal corresponding to target object, such as target object
When family, SDK modules can integrate in the user terminal, can also be independently of user terminal.Block chain node is Peer nodes.
In one embodiment of the invention, if as shown in figure 3, the executive agent of step S210 is SDK modules, then walking
The relevant information is sent to block chain node in rapid S210, includes digital card with obtain the block chain node return
The feedback information of book, including:
Step S310, SDK module signs to the relevant information based on the private key of itself, and will be obtained after signature
Data packet is sent to the block chain node.
Step S320, the signature of data packet described in public key verifications of the block chain node according to the SDK modules, and
After being verified, the relevant information is obtained from the data packet, and the relevant information is sent to certificate center.
In one embodiment of the invention, block chain node can get the public key of SDK modules in advance, and then can be with
The data packet that public key verifications SDK modules based on SDK modules are sent.
Step S330, the block chain node receive the feedback that the certificate center is generated according to the relevant information
Information, and the feedback information is sent to the SDK modules.
In one embodiment of the invention, certificate center can be signed the relevant information based on the private key of itself
Name, to generate the digital certificate.
In one embodiment of the invention, certificate center can obtain and the mesh from least one private key of storage
The corresponding target private key of object is marked, and is signed to the relevant information based on the target private key.
In this embodiment, certificate center can store multiple private keys, and each private key can correspond to one or more
Object, and then may insure to use different private keys for different objects.
Shown in Fig. 2, the certificate management method further includes following steps:
Step S220, the common recognition node feedback information being sent in block chain network.
In one embodiment of the invention, step S220 is identical with the executive agent of step S210, for example works as step
When the executive agent of S210 is SDK modules, the executive agent of step S220 is also SDK modules;Common recognition section in block chain network
Point can be Orderer nodes.
Step S230, the common recognition node is based on the feedback information and generates block, and the block of generation is sent to institute
State block chain node.
In one embodiment of the invention, common recognition node based on the feedback information generate block when, can be
When the quantity of the feedback information received reaches predetermined quantity, the area is generated according to the feedback information received
Block;Can also be to be not up to predetermined quantity in the quantity of the feedback information received, but receive the feedback information
When duration reaches scheduled duration, the block is generated according to the feedback information received.
For example common recognition node can generate an area when receiving 10 feedback informations according to 10 feedback informations
Block;Can also be not receive 10 feedback informations also, but when waiting time has had reached scheduled duration, according to what is received
Feedback information generates a block.
In one embodiment of the invention, Orderer nodes can support two kinds of common recognition mechanism of SBFT and Kafka,
Middle SBFT (Speculative Byzantine Fault Tolerance) is PBFT (Practical Byzantine Fault
Tolerance, practical Byzantine failure tolerance algorithm) simplification version, can tolerate part of nodes failure;Kafka is a centralization
Queuing service, higher performance can be provided, two kinds of common recognition algorithms are respectively suitable for different scenes, in specific application can be with
It is selected according to actual needs.
Step S240, the block is written in chain the block chain node, and the information of the block is sent to it
Its block chain node.
In one embodiment of the invention, the digital certificate can also be sent to described by the block chain node
SDK modules, so that the digital certificate is sent to the target object by the SDK modules.
The technical solution of above-described embodiment makes it possible to preserve the digital certificate of generation into block chain network, avoids
The safety of digital certificate has been effectively ensured in the problem of digital certificate is tampered and leads to property loss and property dispute.
It is that be Peer, certificate center be for user (i.e. User), block chain node with target object shown in Fig. 4
(it should be noted that block chain can install multiple chain codes according to business function, and Jdchain is to realize CA functions to Jdchain
One of chain code), for common recognition node is Orderer, the certificate management scheme of the embodiment of the present invention is explained in detail
It states:
As shown in figure 4, certificate management method according to another embodiment of the invention, includes the following steps:
Client public key and user information are sent to SDK by step S401, User.
The client public key received and user information are packaged by step S402, SDK, and are carried out using the private key of oneself
Signature, is then forwarded to Peer.
Step S403, Peer are signed using the public key verifications of SDK.
Step S404, Peer execute chain code, i.e., are sent to client public key and user information after verification signature passes through
Jdchain, in order to which Jdchain accordingly generates digital certificate.
Step S405, Jdchain generate digital certificate according to client public key and user information.Specifically, Jdchain can be with
It is signed to client public key and user information using the private key of itself, to generate digital certificate.
In one embodiment of the invention, Jdchain can be corresponding with multiple private keys, and each private key can correspond to one
Or multiple users.
Implementing result comprising digital certificate is fed back to Peer by step S406, Jdchain.
Result is fed back to SDK by step S407, Peer.
Step S408, SDK send orderer common recognitions based on the result received, i.e., are sent to the result received
Orderer。
Step S409, Orderer generate block according to the information received, wherein have been contained in the block of generation
The digital certificate of above-mentioned generation.
The block information of generation is returned to Peer by step S410, Orderer.
In the block write-in chain that step S411, Peer return to Orderer, and block information is sent to block chain network
In other nodes.
Digital certificate is returned to SDK by step S412, Peer.
Digital certificate is returned to User by step S414, SDK.
Wherein, Peer, Jdchain and Orderer shown in Fig. 4 constitute block chain.
In one embodiment of the invention, digital certificate of the web page for consulting generation can be provided to the user, with
Verify enterprise's true identity.Simultaneously as user terminal can be by SDK to any one block chain in the embodiment of the present invention
Node (i.e. peer) sends client public key and user information to obtain digital certificate, therefore from distribution, can be effective
It realizes load balancing, avoids Single Point of Faliure or "bottleneck".
In the concrete application scene of the present invention, user and bank can be obtained by flow shown in Fig. 4 respectively
Respective digital certificate is got, gets the signature sign test process after digital certificate as shown in figure 5, specifically including following step
Suddenly:
Step S501, user terminal are made a summary data original text by Hash operation, then use the private key pair of itself
Obtained abstract is signed, and signing messages is obtained.
The customer digital certificate of data original text, signing messages, acquisition is sent to bank side by step S502, user terminal.
Step S503, bank side carries out Hash operation to data original text and obtains original text abstract 1, while using certificate center
The CA certificate of (Jdchain as shown in Figure 4) verifies customer digital certificate, after being verified, uses user's end
The public key decryptions signing messages at end obtains original text abstract 2, then compares original text abstract 1 and whether original text abstract 2 is equal.
Step S504 feeds back to user terminal and successfully disappears if bank side compares original text abstract 1 and original text abstract 2 is equal
Breath;If bank compares side original text abstract 1 and original text abstract 2 is unequal, to user terminal feeding back unsuccessful message.
The device of the invention embodiment introduced below can be used for executing the above-mentioned certificate management method of the present invention.
Fig. 6 diagrammatically illustrates the block diagram of certificate management device according to an embodiment of the invention.
With reference to shown in Fig. 6, certificate management device 600 according to an embodiment of the invention, including:SDK modules 602,
Block chain node 604 and common recognition node 606.
Wherein, the SDK modules 602 are used to obtain the relevant information of target object, and the relevant information is sent to
Block chain node 604, with obtain that the block chain node 604 returns include digital certificate feedback information, and for will
The feedback information is sent to the common recognition node 606;The common recognition node 606 is used for according to the feedback information generation area
Block, and the block of generation is sent to the block chain node 604;The block chain node 604 is for the block to be written
In chain, and the information of the block is sent to other block chain nodes 604.
In some embodiments of the invention, aforementioned schemes are based on, the certificate management device 600 further includes:In certificate
The heart 608;Wherein, the SDK modules 602 are used to sign to the relevant information according to the private key of itself, and will be after signature
Obtained data packet is sent to the block chain node 604;The block chain node 604 is used for according to the SDK modules 602
The signature of data packet described in public key verifications, and after being verified, obtains the relevant information from the data packet, and by institute
It states relevant information and is sent to the certificate center 608, and the feedback information for receiving the generation of the certificate center 608,
And the feedback information is sent to the SDK modules 602;The certificate center 608 is used to be generated according to the relevant information
The feedback information.
In some embodiments of the invention, aforementioned schemes are based on, the certificate center 608 is used for according to the private key of itself
It signs to the relevant information, to generate the digital certificate.
In some embodiments of the invention, aforementioned schemes are based on, the certificate center 608 is used for from least the one of storage
Corresponding with target object target private key is obtained in a private key, and be based on the target private key to the relevant information into
Row signature.
In some embodiments of the invention, aforementioned schemes, each private key and one at least one private key are based on
A or multiple objects are corresponding.
In some embodiments of the invention, aforementioned schemes are based on, the block chain node 604 is additionally operable to the number
Certificate is sent to the SDK modules 602, so that the digital certificate is sent to the target object by the SDK modules 602.
In some embodiments of the invention, aforementioned schemes are based on, the common recognition node 606 is used for described in receiving
When the quantity of feedback information reaches predetermined quantity, the block is generated according to the feedback information received;Or
The common recognition node 606 is not up to predetermined quantity in the quantity of the feedback information received, but receives institute
When stating the duration of feedback information and reaching scheduled duration, the block is generated according to the feedback information received.
In some embodiments of the invention, aforementioned schemes are based on, the relevant information of the target object includes:The mesh
Mark the identification information of object and the public key information of the target object.
Each function module due to the certificate management device of example embodiments of the present invention and above-mentioned certificate management method
Example embodiment the step of correspond to, therefore for undisclosed details in apparatus of the present invention embodiment, please refer in the present invention
The embodiment for the certificate management method stated.
Below with reference to Fig. 7, it illustrates the computer systems 700 suitable for the electronic equipment for realizing the embodiment of the present invention
Structural schematic diagram.The computer system 700 of electronic equipment shown in Fig. 7 is only an example, should not be to the embodiment of the present invention
Function and use scope bring any restrictions.
As shown in fig. 7, computer system 700 includes central processing unit (CPU) 701, it can be read-only according to being stored in
Program in memory (ROM) 702 or be loaded into the program in random access storage device (RAM) 703 from storage section 708 and
Execute various actions appropriate and processing.In RAM 703, it is also stored with various programs and data needed for system operatio.CPU
701, ROM 702 and RAM 703 are connected with each other by bus 704.Input/output (I/O) interface 705 is also connected to bus
704。
It is connected to I/O interfaces 705 with lower component:Importation 706 including keyboard, mouse etc.;It is penetrated including such as cathode
The output par, c 707 of spool (CRT), liquid crystal display (LCD) etc. and loud speaker etc.;Storage section 708 including hard disk etc.;
And the communications portion 709 of the network interface card including LAN card, modem etc..Communications portion 709 via such as because
The network of spy's net executes communication process.Driver 710 is also according to needing to be connected to I/O interfaces 705.Detachable media 711, such as
Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on driver 710, as needed in order to be read from thereon
Computer program be mounted into storage section 708 as needed.
Particularly, according to an embodiment of the invention, it may be implemented as computer above with reference to the process of flow chart description
Software program.For example, the embodiment of the present invention includes a kind of computer program product comprising be carried on computer-readable medium
On computer program, which includes the program code for method shown in execution flow chart.In such reality
It applies in example, which can be downloaded and installed by communications portion 709 from network, and/or from detachable media
711 are mounted.When the computer program is executed by central processing unit (CPU) 701, executes and limited in the system of the application
Above-mentioned function.
It should be noted that computer-readable medium shown in the present invention can be computer-readable signal media or meter
Calculation machine readable storage medium storing program for executing either the two arbitrarily combines.Computer readable storage medium for example can be --- but not
Be limited to --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor system, device or device, or arbitrary above combination.Meter
The more specific example of calculation machine readable storage medium storing program for executing can include but is not limited to:Electrical connection with one or more conducting wires, just
It takes formula computer disk, hard disk, random access storage device (RAM), read-only memory (ROM), erasable type and may be programmed read-only storage
Device (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), light storage device, magnetic memory device,
Or above-mentioned any appropriate combination.In the present invention, can be any include computer readable storage medium or storage journey
The tangible medium of sequence, the program can be commanded the either device use or in connection of execution system, device.And at this
In invention, computer-readable signal media may include in a base band or as the data-signal that a carrier wave part is propagated,
Wherein carry computer-readable program code.Diversified forms may be used in the data-signal of this propagation, including but unlimited
In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can
Any computer-readable medium other than storage medium is read, which can send, propagates or transmit and be used for
By instruction execution system, device either device use or program in connection.Include on computer-readable medium
Program code can transmit with any suitable medium, including but not limited to:Wirelessly, electric wire, optical cable, RF etc. or above-mentioned
Any appropriate combination.
Flow chart in attached drawing and block diagram, it is illustrated that according to the system of various embodiments of the invention, method and computer journey
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part for a part for one module, program segment, or code of table, above-mentioned module, program segment, or code includes one or more
Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box
The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical
On can be basically executed in parallel, they can also be executed in the opposite order sometimes, this is depended on the functions involved.Also it wants
It is noted that the combination of each box in block diagram or flow chart and the box in block diagram or flow chart, can use and execute rule
The dedicated hardware based systems of fixed functions or operations is realized, or can use the group of specialized hardware and computer instruction
It closes to realize.
Being described in unit involved in the embodiment of the present invention can be realized by way of software, can also be by hard
The mode of part realizes that described unit can also be arranged in the processor.Wherein, the title of these units is in certain situation
Under do not constitute restriction to the unit itself.
As on the other hand, present invention also provides a kind of computer-readable medium, which can be
Included in electronic equipment described in above-described embodiment;Can also be individualism, and without be incorporated the electronic equipment in.
Above computer readable medium carries one or more program, when the electronics is set by one for said one or multiple programs
When standby execution so that the electronic equipment realizes the certificate management method as described in above-described embodiment.
For example, the electronic equipment may be implemented as shown in Figure 2:Step S210 obtains the correlation of target object
Information, and the relevant information is sent to block chain node, include digital card with obtain the block chain node return
The feedback information of book;Step S220, the common recognition node feedback information being sent in block chain network;Step S230, institute
It states common recognition node and is based on feedback information generation block, and the block of generation is sent to the block chain node;Step
S240, the block is written in chain the block chain node, and the information of the block is sent to other block chain nodes.
For another example, each step as shown in Figure 3 may be implemented in the electronic equipment.
It should be noted that although being referred to several modules or list for acting the equipment executed in above-detailed
Member, but this division is not enforceable.In fact, according to the embodiment of the present invention, it is above-described two or more
The feature and function of module either unit can embody in a module or unit.Conversely, an above-described mould
Either the feature and function of unit can be further divided into and embodied by multiple modules or unit block.
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the present invention
The technical solution of embodiment can be expressed in the form of software products, the software product can be stored in one it is non-volatile
Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating
Equipment (can be personal computer, server, touch control terminal or network equipment etc.) is executed according to embodiment of the present invention
Method.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the present invention
Its embodiment.This application is intended to cover the present invention any variations, uses, or adaptations, these modifications, purposes or
Person's adaptive change follows the general principle of the present invention and includes undocumented common knowledge in the art of the invention
Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by following
Claim is pointed out.
It should be understood that the invention is not limited in the precision architectures for being described above and being shown in the accompanying drawings, and
And various modifications and changes may be made without departing from the scope thereof.The scope of the present invention is limited only by the attached claims.
Claims (12)
1. a kind of certificate management method, which is characterized in that including:
The relevant information of target object is obtained, and the relevant information is sent to block chain node, to obtain the block chain
What node returned includes the feedback information of digital certificate;
The common recognition node feedback information being sent in block chain network;
The common recognition node is based on the feedback information and generates block, and the block of generation is sent to the block chain node;
The block is written in chain the block chain node, and the information of the block is sent to other block chain nodes.
2. certificate management method according to claim 1, which is characterized in that the relevant information for obtaining target object, by institute
State relevant information and be sent to block chain node, with obtain that the block chain node returns include digital certificate feedback letter
Breath, including:
SDK modules obtain the relevant information of the target object;
The SDK modules sign to the relevant information based on the private key of itself, and the data packet obtained after signature is sent out
It send to the block chain node;
The signature of data packet described in public key verifications of the block chain node according to the SDK modules, and after being verified, from
The relevant information is obtained in the data packet, and the relevant information is sent to certificate center;
The block chain node receives the feedback information that the certificate center is generated according to the relevant information, and will be described
Feedback information is sent to the SDK modules.
3. certificate management method according to claim 2, which is characterized in that receive the certificate in the block chain node
Before the feedback information that center is generated according to the relevant information, further include:
The certificate center signs to the relevant information based on the private key of itself, to generate the digital certificate.
4. certificate management method according to claim 3, which is characterized in that private key pair of the certificate center based on itself
The relevant information is signed, including:
The certificate center obtains target private key corresponding with the target object, and base from least one private key of storage
It signs to the relevant information in the target private key.
5. certificate management method according to claim 4, which is characterized in that each private key at least one private key
It is corresponding with one or more objects.
6. certificate management method according to claim 1, which is characterized in that SDK modules obtain the related letter of target object
It ceases, and the feedback information is sent to the common recognition node in block chain network;
The certificate management method further includes:
The digital certificate is sent to the SDK modules by the block chain node, so that the SDK modules demonstrate,prove the number
Book is sent to the target object.
7. certificate management method according to claim 1, which is characterized in that the common recognition node is based on the feedback information
Block is generated, including:
The common recognition node is described anti-according to what is received when the quantity of the feedback information received reaches predetermined quantity
Feedforward information generates the block;Or
The common recognition node is not up to predetermined quantity in the quantity of the feedback information received, but receives the feedback letter
When the duration of breath reaches scheduled duration, the block is generated according to the feedback information received.
8. certificate management method according to any one of claim 1 to 7, which is characterized in that the phase of the target object
Closing information includes:The public key information of the identification information of the target object and the target object.
9. a kind of certificate management device, which is characterized in that including:SDK modules, block chain node and common recognition node;
Wherein, the SDK modules are used to obtain the relevant information of target object, and the relevant information is sent to block chain link
Point, with obtain that the block chain node returns include digital certificate feedback information, and for the feedback information to be sent out
It send to the common recognition node;
The common recognition node is used to generate block according to the feedback information, and the block of generation is sent to the block chain link
Point;
The block chain node is used to the block be written in chain, and the information of the block is sent to other block chain links
Point.
10. certificate management device according to claim 9, which is characterized in that the certificate management device further includes:Certificate
Center;
Wherein, the SDK modules are for signing to the relevant information according to the private key of itself, and will be obtained after signature
Data packet is sent to the block chain node;
Signature of the block chain node for data packet described in the public key verifications according to the SDK modules, and be verified
Afterwards, the relevant information is obtained from the data packet, and the relevant information is sent to the certificate center, and for connecing
The feedback information that the certificate center generates is received, and the feedback information is sent to the SDK modules;
The certificate center is used to generate the feedback information according to the relevant information.
11. a kind of computer-readable medium, is stored thereon with computer program, which is characterized in that described program is held by processor
Such as certificate management method described in any item of the claim 1 to 8 is realized when row.
12. a kind of electronic equipment, which is characterized in that including:
One or more processors;
Storage device, for storing one or more programs, when one or more of programs are by one or more of processing
When device executes so that one or more of processors realize such as certificate management side described in any item of the claim 1 to 8
Method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810136908.3A CN108390872B (en) | 2018-02-09 | 2018-02-09 | Certificate management method, device, medium and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810136908.3A CN108390872B (en) | 2018-02-09 | 2018-02-09 | Certificate management method, device, medium and electronic equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108390872A true CN108390872A (en) | 2018-08-10 |
CN108390872B CN108390872B (en) | 2021-02-26 |
Family
ID=63075742
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810136908.3A Active CN108390872B (en) | 2018-02-09 | 2018-02-09 | Certificate management method, device, medium and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108390872B (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109040279A (en) * | 2018-08-21 | 2018-12-18 | 北京京东金融科技控股有限公司 | Block chain network network-building method, device, equipment and readable storage medium storing program for executing |
CN109242450A (en) * | 2018-09-21 | 2019-01-18 | 北京京东尚科信息技术有限公司 | Block catenary system and based on block catenary system realize method of commerce and transaction system |
CN109298835A (en) * | 2018-08-16 | 2019-02-01 | 北京京东尚科信息技术有限公司 | Data filing processing method, device, equipment and the storage medium of block chain |
CN109325359A (en) * | 2018-09-03 | 2019-02-12 | 平安科技(深圳)有限公司 | System of account setting method, system, computer equipment and storage medium |
CN109508563A (en) * | 2018-12-11 | 2019-03-22 | 南京大学 | Electronic document authenticity guarantee method based on block chain |
CN109617698A (en) * | 2019-01-09 | 2019-04-12 | 腾讯科技(深圳)有限公司 | Provide the method for digital certificate, digital certificate issues center and medium |
CN110602234A (en) * | 2019-09-20 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain network node management method, device, equipment and storage medium |
CN110781526A (en) * | 2019-12-23 | 2020-02-11 | 杭州鸽子蛋网络科技有限责任公司 | Digital medal creation method, device, electronic apparatus, and medium |
CN110800254A (en) * | 2019-02-28 | 2020-02-14 | 阿里巴巴集团控股有限公司 | System and method for generating digital indicia |
CN110838924A (en) * | 2019-11-19 | 2020-02-25 | 北京沃东天骏信息技术有限公司 | Block transmission method and device |
CN111612456A (en) * | 2020-04-27 | 2020-09-01 | 深圳壹账通智能科技有限公司 | Expired digital certificate management and control method, system, device and storage medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106301792A (en) * | 2016-08-31 | 2017-01-04 | 江苏通付盾科技有限公司 | Ca authentication management method based on block chain, Apparatus and system |
CN106385315A (en) * | 2016-08-30 | 2017-02-08 | 北京三未信安科技发展有限公司 | Digital certificate management method and system |
CN106789089A (en) * | 2017-02-23 | 2017-05-31 | 腾讯科技(深圳)有限公司 | A kind of method and system for managing certificate |
CN106789090A (en) * | 2017-02-24 | 2017-05-31 | 陈晶 | Public key infrastructure system and semi-random participating certificate endorsement method based on block chain |
CN107360001A (en) * | 2017-07-26 | 2017-11-17 | 阿里巴巴集团控股有限公司 | A kind of digital certificate management method, device and system |
US20170353320A1 (en) * | 2016-02-26 | 2017-12-07 | Apple Inc. | Obtaining and using time information on a secure element (se) |
CN107508680A (en) * | 2017-07-26 | 2017-12-22 | 阿里巴巴集团控股有限公司 | Digital certificate management method, device and electronic equipment |
CN107592293A (en) * | 2017-07-26 | 2018-01-16 | 阿里巴巴集团控股有限公司 | The means of communication, digital certificate management method, device and electronic equipment between block chain node |
-
2018
- 2018-02-09 CN CN201810136908.3A patent/CN108390872B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170353320A1 (en) * | 2016-02-26 | 2017-12-07 | Apple Inc. | Obtaining and using time information on a secure element (se) |
CN106385315A (en) * | 2016-08-30 | 2017-02-08 | 北京三未信安科技发展有限公司 | Digital certificate management method and system |
CN106301792A (en) * | 2016-08-31 | 2017-01-04 | 江苏通付盾科技有限公司 | Ca authentication management method based on block chain, Apparatus and system |
CN106789089A (en) * | 2017-02-23 | 2017-05-31 | 腾讯科技(深圳)有限公司 | A kind of method and system for managing certificate |
CN106789090A (en) * | 2017-02-24 | 2017-05-31 | 陈晶 | Public key infrastructure system and semi-random participating certificate endorsement method based on block chain |
CN107360001A (en) * | 2017-07-26 | 2017-11-17 | 阿里巴巴集团控股有限公司 | A kind of digital certificate management method, device and system |
CN107508680A (en) * | 2017-07-26 | 2017-12-22 | 阿里巴巴集团控股有限公司 | Digital certificate management method, device and electronic equipment |
CN107592293A (en) * | 2017-07-26 | 2018-01-16 | 阿里巴巴集团控股有限公司 | The means of communication, digital certificate management method, device and electronic equipment between block chain node |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109298835A (en) * | 2018-08-16 | 2019-02-01 | 北京京东尚科信息技术有限公司 | Data filing processing method, device, equipment and the storage medium of block chain |
CN109298835B (en) * | 2018-08-16 | 2022-04-26 | 北京京东尚科信息技术有限公司 | Data archiving processing method, device, equipment and storage medium of block chain |
CN109040279B (en) * | 2018-08-21 | 2020-06-23 | 京东数字科技控股有限公司 | Block chain network networking method, device, equipment and readable storage medium |
CN109040279A (en) * | 2018-08-21 | 2018-12-18 | 北京京东金融科技控股有限公司 | Block chain network network-building method, device, equipment and readable storage medium storing program for executing |
CN109325359A (en) * | 2018-09-03 | 2019-02-12 | 平安科技(深圳)有限公司 | System of account setting method, system, computer equipment and storage medium |
CN109325359B (en) * | 2018-09-03 | 2023-06-02 | 平安科技(深圳)有限公司 | Account system setting method, system, computer device and storage medium |
CN109242450A (en) * | 2018-09-21 | 2019-01-18 | 北京京东尚科信息技术有限公司 | Block catenary system and based on block catenary system realize method of commerce and transaction system |
CN109508563A (en) * | 2018-12-11 | 2019-03-22 | 南京大学 | Electronic document authenticity guarantee method based on block chain |
CN109617698A (en) * | 2019-01-09 | 2019-04-12 | 腾讯科技(深圳)有限公司 | Provide the method for digital certificate, digital certificate issues center and medium |
WO2020143470A1 (en) * | 2019-01-09 | 2020-07-16 | 腾讯科技(深圳)有限公司 | Method for issuing digital certificate, digital certificate issuing center, and medium |
US20210167972A1 (en) * | 2019-01-09 | 2021-06-03 | Tencent Technology (Shenzhen) Company Limited | Method for issuing digital certificate, digital certificate issuing center, and medium |
CN109617698B (en) * | 2019-01-09 | 2021-08-03 | 腾讯科技(深圳)有限公司 | Method for issuing digital certificate, digital certificate issuing center and medium |
US11924358B2 (en) * | 2019-01-09 | 2024-03-05 | Tencent Technology (Shenzhen) Company Limited | Method for issuing digital certificate, digital certificate issuing center, and medium |
CN110800254A (en) * | 2019-02-28 | 2020-02-14 | 阿里巴巴集团控股有限公司 | System and method for generating digital indicia |
US11888992B2 (en) | 2019-02-28 | 2024-01-30 | Advanced New Technologies Co., Ltd. | System and method for generating digital marks |
CN110602234B (en) * | 2019-09-20 | 2021-10-26 | 腾讯科技(深圳)有限公司 | Block chain network node management method, device, equipment and storage medium |
CN110602234A (en) * | 2019-09-20 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain network node management method, device, equipment and storage medium |
CN110838924A (en) * | 2019-11-19 | 2020-02-25 | 北京沃东天骏信息技术有限公司 | Block transmission method and device |
CN110838924B (en) * | 2019-11-19 | 2022-04-12 | 北京沃东天骏信息技术有限公司 | Block transmission method and device |
CN110781526A (en) * | 2019-12-23 | 2020-02-11 | 杭州鸽子蛋网络科技有限责任公司 | Digital medal creation method, device, electronic apparatus, and medium |
CN111612456A (en) * | 2020-04-27 | 2020-09-01 | 深圳壹账通智能科技有限公司 | Expired digital certificate management and control method, system, device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN108390872B (en) | 2021-02-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108390872A (en) | Certificate management method, device, medium and electronic equipment | |
CN108683539A (en) | Management method, device, medium and the electronic equipment of block chain network | |
CN109345259A (en) | Virtual resource transfer method, device, medium and electronic equipment based on block chain | |
CN108550037A (en) | Document handling method based on block chain and device | |
CN108370318A (en) | Method and system for the block chain modification for using digital signature | |
CN109146490A (en) | block generation method, device and system | |
CN109274717A (en) | Shared storage method, device, medium and electronic equipment based on block chain | |
CN109873808A (en) | Communication means and device, storage medium and electronic equipment between block chain node | |
CN109255585A (en) | Time management method, device, medium and electronic equipment based on block chain | |
CN110874742B (en) | Payment method and device based on block chain and intelligent contract | |
EP4027577A1 (en) | Method and apparatus for processing data request | |
CN110460563A (en) | Data encryption, decryption method and device, system, readable medium and electronic equipment | |
CN111125778B (en) | Copyright transaction information processing method and device | |
CN109460652A (en) | For marking the method, equipment and computer-readable medium of image pattern | |
CN108600250A (en) | Authentication method | |
CN110445632A (en) | A kind of method and apparatus for preventing client collapse | |
CN110033387A (en) | Claims Resolution data processing method, device, medium and electronic equipment based on block chain | |
CN109948960A (en) | Remove storehouse outbound, storage method and device and electronic equipment and storage medium | |
CN108959642A (en) | Method and apparatus for information to be written | |
CN110223179A (en) | The data processing method of fund, device, system, medium | |
CN109495468A (en) | Authentication method, device, electronic equipment and storage medium | |
CN109769010A (en) | Method, apparatus, equipment and storage medium based on SDK access CloudStack server | |
CN108228280A (en) | The configuration method and device of browser parameters, storage medium, electronic equipment | |
CN108764866A (en) | Method and apparatus for distributing resource, getting resource | |
CN108763881A (en) | Method and apparatus for controlling user right |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |