CN108390872A - Certificate management method, device, medium and electronic equipment - Google Patents

Certificate management method, device, medium and electronic equipment Download PDF

Info

Publication number
CN108390872A
CN108390872A CN201810136908.3A CN201810136908A CN108390872A CN 108390872 A CN108390872 A CN 108390872A CN 201810136908 A CN201810136908 A CN 201810136908A CN 108390872 A CN108390872 A CN 108390872A
Authority
CN
China
Prior art keywords
block chain
sent
certificate
block
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810136908.3A
Other languages
Chinese (zh)
Other versions
CN108390872B (en
Inventor
孙东凯
刘春伟
孙海波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201810136908.3A priority Critical patent/CN108390872B/en
Publication of CN108390872A publication Critical patent/CN108390872A/en
Application granted granted Critical
Publication of CN108390872B publication Critical patent/CN108390872B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

An embodiment of the present invention provides a kind of certificate management method, device, medium and electronic equipment, which includes:The relevant information for obtaining target object, and is sent to block chain node by the relevant information, with obtain that the block chain node returns include digital certificate feedback information;The common recognition node feedback information being sent in block chain network;The common recognition node is based on the feedback information and generates block, and the block of generation is sent to the block chain node;The block is written in chain the block chain node, and the information of the block is sent to other block chain nodes.The technical solution of the embodiment of the present invention can preserve digital certificate into block chain network, avoid the problem of digital certificate is tampered and leads to property loss and property dispute, and the safety of digital certificate has been effectively ensured.

Description

Certificate management method, device, medium and electronic equipment
Technical field
The present invention relates to field of computer technology, in particular to a kind of certificate management method, device, medium and electricity Sub- equipment.
Background technology
As shown in Figure 1, using public key and user information to CA (Certificate in user in the related technology Authority, digital certificate authentication center) server request distribution certificate and CA servers to user distribute certificate after, meeting The certificate that user information and CA servers distribute is stored into database, but store the data into database be easy by It distorts, causes certificate dangerous.
It should be noted that information is only used for reinforcing the reason of the background to the present invention disclosed in above-mentioned background technology part Solution, therefore may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Invention content
The embodiment of the present invention is designed to provide a kind of certificate management method, device, medium and electronic equipment, Jin Erzhi Overcome the problems, such as in the related technology to store certificate to a certain extent less causes certificate unsafe into database.
Other characteristics and advantages of the present invention will be apparent from by the following detailed description, or partially by the present invention Practice and acquistion.
According to a first aspect of the embodiments of the present invention, a kind of certificate management method is provided, including:Obtain target object Relevant information, and the relevant information is sent to block chain node, include number with obtain the block chain node return The feedback information of word certificate;The common recognition node feedback information being sent in block chain network;The common recognition node is based on The feedback information generates block, and the block of generation is sent to the block chain node;The block chain node will be described Block is written in chain, and the information of the block is sent to other block chain nodes.
In some embodiments of the invention, aforementioned schemes are based on, the relevant information of target object are obtained, by the correlation Information is sent to block chain node, with obtain that the block chain node returns include digital certificate feedback information, including: SDK (Software Development Kit, Software Development Kit) module obtains the relevant information of the target object;Institute It states SDK modules to sign to the relevant information based on the private key of itself, and the data packet obtained after signature is sent to institute State block chain node;The signature of data packet described in public key verifications of the block chain node according to the SDK modules, and verifying By rear, the relevant information is obtained from the data packet, and the relevant information is sent to certificate center;The block Chain node receives the feedback information that the certificate center is generated according to the relevant information, and the feedback information is sent To the SDK modules.
In some embodiments of the invention, aforementioned schemes are based on, the certificate center is received in the block chain node Before the feedback information generated according to the relevant information, further include:The certificate center is based on the private key of itself to institute It states relevant information to sign, to generate the digital certificate.
In some embodiments of the invention, aforementioned schemes are based on, the certificate center is based on the private key of itself to described Relevant information is signed, including:The certificate center obtains and the target object phase from least one private key of storage Corresponding target private key, and signed to the relevant information based on the target private key.
In some embodiments of the invention, aforementioned schemes, each private key and one at least one private key are based on A or multiple objects are corresponding.
In some embodiments of the invention, aforementioned schemes are based on, SDK modules obtain the relevant information of target object, and The common recognition node feedback information being sent in block chain network;The certificate management method further includes:The block chain The digital certificate is sent to the SDK modules by node, so that the digital certificate is sent to the mesh by the SDK modules Mark object.
In some embodiments of the invention, aforementioned schemes are based on, the common recognition node is generated based on the feedback information Block, including:The common recognition node is when the quantity of the feedback information received reaches predetermined quantity, according to what is received The feedback information generates the block;Or
The common recognition node is not up to predetermined quantity in the quantity of the feedback information received, but receives described anti- When the duration of feedforward information reaches scheduled duration, the block is generated according to the feedback information received.
In some embodiments of the invention, aforementioned schemes are based on, the relevant information of the target object includes:The mesh Mark the identification information of object and the public key information of the target object.
According to a second aspect of the embodiments of the present invention, a kind of certificate management device is provided, including:SDK modules, block chain Node and common recognition node;Wherein, the SDK modules are used to obtain the relevant information of target object, and the relevant information is sent out Send to block chain node, with obtain that the block chain node returns include digital certificate feedback information, and for by institute It states feedback information and is sent to the common recognition node;The common recognition node is used to generate block according to the feedback information, and will give birth to At block be sent to the block chain node;The block chain node is used to the block be written in chain, and by the area The information of block is sent to other block chain nodes.
In some embodiments of the invention, aforementioned schemes are based on, the certificate management device further includes:Certificate center; Wherein, the data that the SDK modules are used to that the relevant information to be signed, and will obtained after signature according to the private key of itself Packet is sent to the block chain node;The block chain node is for data packet described in the public key verifications according to the SDK modules Signature, and after being verified, the relevant information is obtained from the data packet, and the relevant information is sent to institute The feedback information stated certificate center, and generated for receiving the certificate center, and the feedback information is sent to institute State SDK modules;The certificate center is used to generate the feedback information according to the relevant information.
According to a third aspect of the embodiments of the present invention, a kind of computer-readable medium is provided, computer is stored thereon with Program realizes the certificate management method as described in first aspect in above-described embodiment when described program is executed by processor.
According to a fourth aspect of the embodiments of the present invention, a kind of electronic equipment is provided, including:One or more processors; Storage device, for storing one or more programs, when one or more of programs are held by one or more of processors When row so that one or more of processors realize the certificate management method as described in first aspect in above-described embodiment.
Technical solution provided in an embodiment of the present invention can include the following benefits:
In the technical solution that some embodiments of the present invention are provided, by by SDK modules by the correlation of target object Information is sent to block chain node, and includes that the feedback information of digital certificate is sent in block chain network by what is got Common recognition node, so that common recognition node generates block, and then in the block that digital certificate write-in is generated, enabling by generation Digital certificate is preserved into block chain network, is avoided digital certificate and is tampered and leads to asking for property loss and property dispute Topic, has been effectively ensured the safety of digital certificate.
It should be understood that above general description and following detailed description is only exemplary and explanatory, not It can the limitation present invention.
Description of the drawings
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the present invention Example, and be used to explain the principle of the present invention together with specification.It should be evident that the accompanying drawings in the following description is only the present invention Some embodiments for those of ordinary skill in the art without creative efforts, can also basis These attached drawings obtain other attached drawings.In the accompanying drawings:
Fig. 1 shows the schematic diagram of certificate management scheme in the related technology;
Fig. 2 diagrammatically illustrates the flow chart of certificate management method according to an embodiment of the invention;
Fig. 3 shows a kind of processing procedure schematic diagram of step S210 shown in Fig. 2;
Fig. 4 diagrammatically illustrates the flow chart of certificate management method according to another embodiment of the invention;
Fig. 5 diagrammatically illustrates the flow chart of signature sign test process according to an embodiment of the invention;
Fig. 6 diagrammatically illustrates the block diagram of certificate management device according to an embodiment of the invention;
Fig. 7 shows the structural schematic diagram of the computer system of the electronic equipment suitable for being used for realizing the embodiment of the present invention.
Specific implementation mode
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, thesing embodiments are provided so that the present invention will more Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.
In addition, described feature, structure or characteristic can be incorporated in one or more implementations in any suitable manner In example.In the following description, many details are provided to fully understand the embodiment of the present invention to provide.However, It will be appreciated by persons skilled in the art that technical scheme of the present invention can be put into practice without one or more in specific detail, Or other methods, constituent element, device, step may be used etc..In other cases, it is not shown in detail or describes known side Method, device, realization or operation are to avoid fuzzy each aspect of the present invention.
Block diagram shown in attached drawing is only functional entity, not necessarily must be corresponding with physically separate entity. I.e., it is possible to realize these functional entitys using software form, or realized in one or more hardware modules or integrated circuit These functional entitys, or these functional entitys are realized in heterogeneous networks and/or processor device and/or microcontroller device.
Flow chart shown in attached drawing is merely illustrative, it is not necessary to including all content and operation/step, It is not required to execute by described sequence.For example, some operation/steps can also decompose, and some operation/steps can close And or part merge, therefore the sequence actually executed is possible to be changed according to actual conditions.
Fig. 2 diagrammatically illustrates the flow chart of certificate management method according to an embodiment of the invention.
With reference to shown in Fig. 2, certificate management method according to an embodiment of the invention includes the following steps:
Step S210 obtains the relevant information of target object, and the relevant information is sent to block chain node, to obtain Take the block chain node return includes the feedback information of digital certificate.
In one embodiment of the invention, target object is the object for needing to apply digital certificate, for example can use Family, financial institution (such as bank), trade company.The relevant information of target object includes the identification information and target object of target object Public key information, such as target object be user when, the relevant information of target object can be user information and client public key etc..
In one embodiment of the invention, step S210 can be executed by SDK modules, which can collect At in the terminal corresponding to target object, can also be used independently of the terminal corresponding to target object, such as target object When family, SDK modules can integrate in the user terminal, can also be independently of user terminal.Block chain node is Peer nodes.
In one embodiment of the invention, if as shown in figure 3, the executive agent of step S210 is SDK modules, then walking The relevant information is sent to block chain node in rapid S210, includes digital card with obtain the block chain node return The feedback information of book, including:
Step S310, SDK module signs to the relevant information based on the private key of itself, and will be obtained after signature Data packet is sent to the block chain node.
Step S320, the signature of data packet described in public key verifications of the block chain node according to the SDK modules, and After being verified, the relevant information is obtained from the data packet, and the relevant information is sent to certificate center.
In one embodiment of the invention, block chain node can get the public key of SDK modules in advance, and then can be with The data packet that public key verifications SDK modules based on SDK modules are sent.
Step S330, the block chain node receive the feedback that the certificate center is generated according to the relevant information Information, and the feedback information is sent to the SDK modules.
In one embodiment of the invention, certificate center can be signed the relevant information based on the private key of itself Name, to generate the digital certificate.
In one embodiment of the invention, certificate center can obtain and the mesh from least one private key of storage The corresponding target private key of object is marked, and is signed to the relevant information based on the target private key.
In this embodiment, certificate center can store multiple private keys, and each private key can correspond to one or more Object, and then may insure to use different private keys for different objects.
Shown in Fig. 2, the certificate management method further includes following steps:
Step S220, the common recognition node feedback information being sent in block chain network.
In one embodiment of the invention, step S220 is identical with the executive agent of step S210, for example works as step When the executive agent of S210 is SDK modules, the executive agent of step S220 is also SDK modules;Common recognition section in block chain network Point can be Orderer nodes.
Step S230, the common recognition node is based on the feedback information and generates block, and the block of generation is sent to institute State block chain node.
In one embodiment of the invention, common recognition node based on the feedback information generate block when, can be When the quantity of the feedback information received reaches predetermined quantity, the area is generated according to the feedback information received Block;Can also be to be not up to predetermined quantity in the quantity of the feedback information received, but receive the feedback information When duration reaches scheduled duration, the block is generated according to the feedback information received.
For example common recognition node can generate an area when receiving 10 feedback informations according to 10 feedback informations Block;Can also be not receive 10 feedback informations also, but when waiting time has had reached scheduled duration, according to what is received Feedback information generates a block.
In one embodiment of the invention, Orderer nodes can support two kinds of common recognition mechanism of SBFT and Kafka, Middle SBFT (Speculative Byzantine Fault Tolerance) is PBFT (Practical Byzantine Fault Tolerance, practical Byzantine failure tolerance algorithm) simplification version, can tolerate part of nodes failure;Kafka is a centralization Queuing service, higher performance can be provided, two kinds of common recognition algorithms are respectively suitable for different scenes, in specific application can be with It is selected according to actual needs.
Step S240, the block is written in chain the block chain node, and the information of the block is sent to it Its block chain node.
In one embodiment of the invention, the digital certificate can also be sent to described by the block chain node SDK modules, so that the digital certificate is sent to the target object by the SDK modules.
The technical solution of above-described embodiment makes it possible to preserve the digital certificate of generation into block chain network, avoids The safety of digital certificate has been effectively ensured in the problem of digital certificate is tampered and leads to property loss and property dispute.
It is that be Peer, certificate center be for user (i.e. User), block chain node with target object shown in Fig. 4 (it should be noted that block chain can install multiple chain codes according to business function, and Jdchain is to realize CA functions to Jdchain One of chain code), for common recognition node is Orderer, the certificate management scheme of the embodiment of the present invention is explained in detail It states:
As shown in figure 4, certificate management method according to another embodiment of the invention, includes the following steps:
Client public key and user information are sent to SDK by step S401, User.
The client public key received and user information are packaged by step S402, SDK, and are carried out using the private key of oneself Signature, is then forwarded to Peer.
Step S403, Peer are signed using the public key verifications of SDK.
Step S404, Peer execute chain code, i.e., are sent to client public key and user information after verification signature passes through Jdchain, in order to which Jdchain accordingly generates digital certificate.
Step S405, Jdchain generate digital certificate according to client public key and user information.Specifically, Jdchain can be with It is signed to client public key and user information using the private key of itself, to generate digital certificate.
In one embodiment of the invention, Jdchain can be corresponding with multiple private keys, and each private key can correspond to one Or multiple users.
Implementing result comprising digital certificate is fed back to Peer by step S406, Jdchain.
Result is fed back to SDK by step S407, Peer.
Step S408, SDK send orderer common recognitions based on the result received, i.e., are sent to the result received Orderer。
Step S409, Orderer generate block according to the information received, wherein have been contained in the block of generation The digital certificate of above-mentioned generation.
The block information of generation is returned to Peer by step S410, Orderer.
In the block write-in chain that step S411, Peer return to Orderer, and block information is sent to block chain network In other nodes.
Digital certificate is returned to SDK by step S412, Peer.
Digital certificate is returned to User by step S414, SDK.
Wherein, Peer, Jdchain and Orderer shown in Fig. 4 constitute block chain.
In one embodiment of the invention, digital certificate of the web page for consulting generation can be provided to the user, with Verify enterprise's true identity.Simultaneously as user terminal can be by SDK to any one block chain in the embodiment of the present invention Node (i.e. peer) sends client public key and user information to obtain digital certificate, therefore from distribution, can be effective It realizes load balancing, avoids Single Point of Faliure or "bottleneck".
In the concrete application scene of the present invention, user and bank can be obtained by flow shown in Fig. 4 respectively Respective digital certificate is got, gets the signature sign test process after digital certificate as shown in figure 5, specifically including following step Suddenly:
Step S501, user terminal are made a summary data original text by Hash operation, then use the private key pair of itself Obtained abstract is signed, and signing messages is obtained.
The customer digital certificate of data original text, signing messages, acquisition is sent to bank side by step S502, user terminal.
Step S503, bank side carries out Hash operation to data original text and obtains original text abstract 1, while using certificate center The CA certificate of (Jdchain as shown in Figure 4) verifies customer digital certificate, after being verified, uses user's end The public key decryptions signing messages at end obtains original text abstract 2, then compares original text abstract 1 and whether original text abstract 2 is equal.
Step S504 feeds back to user terminal and successfully disappears if bank side compares original text abstract 1 and original text abstract 2 is equal Breath;If bank compares side original text abstract 1 and original text abstract 2 is unequal, to user terminal feeding back unsuccessful message.
The device of the invention embodiment introduced below can be used for executing the above-mentioned certificate management method of the present invention.
Fig. 6 diagrammatically illustrates the block diagram of certificate management device according to an embodiment of the invention.
With reference to shown in Fig. 6, certificate management device 600 according to an embodiment of the invention, including:SDK modules 602, Block chain node 604 and common recognition node 606.
Wherein, the SDK modules 602 are used to obtain the relevant information of target object, and the relevant information is sent to Block chain node 604, with obtain that the block chain node 604 returns include digital certificate feedback information, and for will The feedback information is sent to the common recognition node 606;The common recognition node 606 is used for according to the feedback information generation area Block, and the block of generation is sent to the block chain node 604;The block chain node 604 is for the block to be written In chain, and the information of the block is sent to other block chain nodes 604.
In some embodiments of the invention, aforementioned schemes are based on, the certificate management device 600 further includes:In certificate The heart 608;Wherein, the SDK modules 602 are used to sign to the relevant information according to the private key of itself, and will be after signature Obtained data packet is sent to the block chain node 604;The block chain node 604 is used for according to the SDK modules 602 The signature of data packet described in public key verifications, and after being verified, obtains the relevant information from the data packet, and by institute It states relevant information and is sent to the certificate center 608, and the feedback information for receiving the generation of the certificate center 608, And the feedback information is sent to the SDK modules 602;The certificate center 608 is used to be generated according to the relevant information The feedback information.
In some embodiments of the invention, aforementioned schemes are based on, the certificate center 608 is used for according to the private key of itself It signs to the relevant information, to generate the digital certificate.
In some embodiments of the invention, aforementioned schemes are based on, the certificate center 608 is used for from least the one of storage Corresponding with target object target private key is obtained in a private key, and be based on the target private key to the relevant information into Row signature.
In some embodiments of the invention, aforementioned schemes, each private key and one at least one private key are based on A or multiple objects are corresponding.
In some embodiments of the invention, aforementioned schemes are based on, the block chain node 604 is additionally operable to the number Certificate is sent to the SDK modules 602, so that the digital certificate is sent to the target object by the SDK modules 602.
In some embodiments of the invention, aforementioned schemes are based on, the common recognition node 606 is used for described in receiving When the quantity of feedback information reaches predetermined quantity, the block is generated according to the feedback information received;Or
The common recognition node 606 is not up to predetermined quantity in the quantity of the feedback information received, but receives institute When stating the duration of feedback information and reaching scheduled duration, the block is generated according to the feedback information received.
In some embodiments of the invention, aforementioned schemes are based on, the relevant information of the target object includes:The mesh Mark the identification information of object and the public key information of the target object.
Each function module due to the certificate management device of example embodiments of the present invention and above-mentioned certificate management method Example embodiment the step of correspond to, therefore for undisclosed details in apparatus of the present invention embodiment, please refer in the present invention The embodiment for the certificate management method stated.
Below with reference to Fig. 7, it illustrates the computer systems 700 suitable for the electronic equipment for realizing the embodiment of the present invention Structural schematic diagram.The computer system 700 of electronic equipment shown in Fig. 7 is only an example, should not be to the embodiment of the present invention Function and use scope bring any restrictions.
As shown in fig. 7, computer system 700 includes central processing unit (CPU) 701, it can be read-only according to being stored in Program in memory (ROM) 702 or be loaded into the program in random access storage device (RAM) 703 from storage section 708 and Execute various actions appropriate and processing.In RAM 703, it is also stored with various programs and data needed for system operatio.CPU 701, ROM 702 and RAM 703 are connected with each other by bus 704.Input/output (I/O) interface 705 is also connected to bus 704。
It is connected to I/O interfaces 705 with lower component:Importation 706 including keyboard, mouse etc.;It is penetrated including such as cathode The output par, c 707 of spool (CRT), liquid crystal display (LCD) etc. and loud speaker etc.;Storage section 708 including hard disk etc.; And the communications portion 709 of the network interface card including LAN card, modem etc..Communications portion 709 via such as because The network of spy's net executes communication process.Driver 710 is also according to needing to be connected to I/O interfaces 705.Detachable media 711, such as Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on driver 710, as needed in order to be read from thereon Computer program be mounted into storage section 708 as needed.
Particularly, according to an embodiment of the invention, it may be implemented as computer above with reference to the process of flow chart description Software program.For example, the embodiment of the present invention includes a kind of computer program product comprising be carried on computer-readable medium On computer program, which includes the program code for method shown in execution flow chart.In such reality It applies in example, which can be downloaded and installed by communications portion 709 from network, and/or from detachable media 711 are mounted.When the computer program is executed by central processing unit (CPU) 701, executes and limited in the system of the application Above-mentioned function.
It should be noted that computer-readable medium shown in the present invention can be computer-readable signal media or meter Calculation machine readable storage medium storing program for executing either the two arbitrarily combines.Computer readable storage medium for example can be --- but not Be limited to --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor system, device or device, or arbitrary above combination.Meter The more specific example of calculation machine readable storage medium storing program for executing can include but is not limited to:Electrical connection with one or more conducting wires, just It takes formula computer disk, hard disk, random access storage device (RAM), read-only memory (ROM), erasable type and may be programmed read-only storage Device (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), light storage device, magnetic memory device, Or above-mentioned any appropriate combination.In the present invention, can be any include computer readable storage medium or storage journey The tangible medium of sequence, the program can be commanded the either device use or in connection of execution system, device.And at this In invention, computer-readable signal media may include in a base band or as the data-signal that a carrier wave part is propagated, Wherein carry computer-readable program code.Diversified forms may be used in the data-signal of this propagation, including but unlimited In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can Any computer-readable medium other than storage medium is read, which can send, propagates or transmit and be used for By instruction execution system, device either device use or program in connection.Include on computer-readable medium Program code can transmit with any suitable medium, including but not limited to:Wirelessly, electric wire, optical cable, RF etc. or above-mentioned Any appropriate combination.
Flow chart in attached drawing and block diagram, it is illustrated that according to the system of various embodiments of the invention, method and computer journey The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation A part for a part for one module, program segment, or code of table, above-mentioned module, program segment, or code includes one or more Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical On can be basically executed in parallel, they can also be executed in the opposite order sometimes, this is depended on the functions involved.Also it wants It is noted that the combination of each box in block diagram or flow chart and the box in block diagram or flow chart, can use and execute rule The dedicated hardware based systems of fixed functions or operations is realized, or can use the group of specialized hardware and computer instruction It closes to realize.
Being described in unit involved in the embodiment of the present invention can be realized by way of software, can also be by hard The mode of part realizes that described unit can also be arranged in the processor.Wherein, the title of these units is in certain situation Under do not constitute restriction to the unit itself.
As on the other hand, present invention also provides a kind of computer-readable medium, which can be Included in electronic equipment described in above-described embodiment;Can also be individualism, and without be incorporated the electronic equipment in. Above computer readable medium carries one or more program, when the electronics is set by one for said one or multiple programs When standby execution so that the electronic equipment realizes the certificate management method as described in above-described embodiment.
For example, the electronic equipment may be implemented as shown in Figure 2:Step S210 obtains the correlation of target object Information, and the relevant information is sent to block chain node, include digital card with obtain the block chain node return The feedback information of book;Step S220, the common recognition node feedback information being sent in block chain network;Step S230, institute It states common recognition node and is based on feedback information generation block, and the block of generation is sent to the block chain node;Step S240, the block is written in chain the block chain node, and the information of the block is sent to other block chain nodes.
For another example, each step as shown in Figure 3 may be implemented in the electronic equipment.
It should be noted that although being referred to several modules or list for acting the equipment executed in above-detailed Member, but this division is not enforceable.In fact, according to the embodiment of the present invention, it is above-described two or more The feature and function of module either unit can embody in a module or unit.Conversely, an above-described mould Either the feature and function of unit can be further divided into and embodied by multiple modules or unit block.
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the present invention The technical solution of embodiment can be expressed in the form of software products, the software product can be stored in one it is non-volatile Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating Equipment (can be personal computer, server, touch control terminal or network equipment etc.) is executed according to embodiment of the present invention Method.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the present invention Its embodiment.This application is intended to cover the present invention any variations, uses, or adaptations, these modifications, purposes or Person's adaptive change follows the general principle of the present invention and includes undocumented common knowledge in the art of the invention Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by following Claim is pointed out.
It should be understood that the invention is not limited in the precision architectures for being described above and being shown in the accompanying drawings, and And various modifications and changes may be made without departing from the scope thereof.The scope of the present invention is limited only by the attached claims.

Claims (12)

1. a kind of certificate management method, which is characterized in that including:
The relevant information of target object is obtained, and the relevant information is sent to block chain node, to obtain the block chain What node returned includes the feedback information of digital certificate;
The common recognition node feedback information being sent in block chain network;
The common recognition node is based on the feedback information and generates block, and the block of generation is sent to the block chain node;
The block is written in chain the block chain node, and the information of the block is sent to other block chain nodes.
2. certificate management method according to claim 1, which is characterized in that the relevant information for obtaining target object, by institute State relevant information and be sent to block chain node, with obtain that the block chain node returns include digital certificate feedback letter Breath, including:
SDK modules obtain the relevant information of the target object;
The SDK modules sign to the relevant information based on the private key of itself, and the data packet obtained after signature is sent out It send to the block chain node;
The signature of data packet described in public key verifications of the block chain node according to the SDK modules, and after being verified, from The relevant information is obtained in the data packet, and the relevant information is sent to certificate center;
The block chain node receives the feedback information that the certificate center is generated according to the relevant information, and will be described Feedback information is sent to the SDK modules.
3. certificate management method according to claim 2, which is characterized in that receive the certificate in the block chain node Before the feedback information that center is generated according to the relevant information, further include:
The certificate center signs to the relevant information based on the private key of itself, to generate the digital certificate.
4. certificate management method according to claim 3, which is characterized in that private key pair of the certificate center based on itself The relevant information is signed, including:
The certificate center obtains target private key corresponding with the target object, and base from least one private key of storage It signs to the relevant information in the target private key.
5. certificate management method according to claim 4, which is characterized in that each private key at least one private key It is corresponding with one or more objects.
6. certificate management method according to claim 1, which is characterized in that SDK modules obtain the related letter of target object It ceases, and the feedback information is sent to the common recognition node in block chain network;
The certificate management method further includes:
The digital certificate is sent to the SDK modules by the block chain node, so that the SDK modules demonstrate,prove the number Book is sent to the target object.
7. certificate management method according to claim 1, which is characterized in that the common recognition node is based on the feedback information Block is generated, including:
The common recognition node is described anti-according to what is received when the quantity of the feedback information received reaches predetermined quantity Feedforward information generates the block;Or
The common recognition node is not up to predetermined quantity in the quantity of the feedback information received, but receives the feedback letter When the duration of breath reaches scheduled duration, the block is generated according to the feedback information received.
8. certificate management method according to any one of claim 1 to 7, which is characterized in that the phase of the target object Closing information includes:The public key information of the identification information of the target object and the target object.
9. a kind of certificate management device, which is characterized in that including:SDK modules, block chain node and common recognition node;
Wherein, the SDK modules are used to obtain the relevant information of target object, and the relevant information is sent to block chain link Point, with obtain that the block chain node returns include digital certificate feedback information, and for the feedback information to be sent out It send to the common recognition node;
The common recognition node is used to generate block according to the feedback information, and the block of generation is sent to the block chain link Point;
The block chain node is used to the block be written in chain, and the information of the block is sent to other block chain links Point.
10. certificate management device according to claim 9, which is characterized in that the certificate management device further includes:Certificate Center;
Wherein, the SDK modules are for signing to the relevant information according to the private key of itself, and will be obtained after signature Data packet is sent to the block chain node;
Signature of the block chain node for data packet described in the public key verifications according to the SDK modules, and be verified Afterwards, the relevant information is obtained from the data packet, and the relevant information is sent to the certificate center, and for connecing The feedback information that the certificate center generates is received, and the feedback information is sent to the SDK modules;
The certificate center is used to generate the feedback information according to the relevant information.
11. a kind of computer-readable medium, is stored thereon with computer program, which is characterized in that described program is held by processor Such as certificate management method described in any item of the claim 1 to 8 is realized when row.
12. a kind of electronic equipment, which is characterized in that including:
One or more processors;
Storage device, for storing one or more programs, when one or more of programs are by one or more of processing When device executes so that one or more of processors realize such as certificate management side described in any item of the claim 1 to 8 Method.
CN201810136908.3A 2018-02-09 2018-02-09 Certificate management method, device, medium and electronic equipment Active CN108390872B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810136908.3A CN108390872B (en) 2018-02-09 2018-02-09 Certificate management method, device, medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810136908.3A CN108390872B (en) 2018-02-09 2018-02-09 Certificate management method, device, medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN108390872A true CN108390872A (en) 2018-08-10
CN108390872B CN108390872B (en) 2021-02-26

Family

ID=63075742

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810136908.3A Active CN108390872B (en) 2018-02-09 2018-02-09 Certificate management method, device, medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN108390872B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040279A (en) * 2018-08-21 2018-12-18 北京京东金融科技控股有限公司 Block chain network network-building method, device, equipment and readable storage medium storing program for executing
CN109242450A (en) * 2018-09-21 2019-01-18 北京京东尚科信息技术有限公司 Block catenary system and based on block catenary system realize method of commerce and transaction system
CN109298835A (en) * 2018-08-16 2019-02-01 北京京东尚科信息技术有限公司 Data filing processing method, device, equipment and the storage medium of block chain
CN109325359A (en) * 2018-09-03 2019-02-12 平安科技(深圳)有限公司 System of account setting method, system, computer equipment and storage medium
CN109508563A (en) * 2018-12-11 2019-03-22 南京大学 Electronic document authenticity guarantee method based on block chain
CN109617698A (en) * 2019-01-09 2019-04-12 腾讯科技(深圳)有限公司 Provide the method for digital certificate, digital certificate issues center and medium
CN110602234A (en) * 2019-09-20 2019-12-20 腾讯科技(深圳)有限公司 Block chain network node management method, device, equipment and storage medium
CN110781526A (en) * 2019-12-23 2020-02-11 杭州鸽子蛋网络科技有限责任公司 Digital medal creation method, device, electronic apparatus, and medium
CN110800254A (en) * 2019-02-28 2020-02-14 阿里巴巴集团控股有限公司 System and method for generating digital indicia
CN110838924A (en) * 2019-11-19 2020-02-25 北京沃东天骏信息技术有限公司 Block transmission method and device
CN111612456A (en) * 2020-04-27 2020-09-01 深圳壹账通智能科技有限公司 Expired digital certificate management and control method, system, device and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106301792A (en) * 2016-08-31 2017-01-04 江苏通付盾科技有限公司 Ca authentication management method based on block chain, Apparatus and system
CN106385315A (en) * 2016-08-30 2017-02-08 北京三未信安科技发展有限公司 Digital certificate management method and system
CN106789089A (en) * 2017-02-23 2017-05-31 腾讯科技(深圳)有限公司 A kind of method and system for managing certificate
CN106789090A (en) * 2017-02-24 2017-05-31 陈晶 Public key infrastructure system and semi-random participating certificate endorsement method based on block chain
CN107360001A (en) * 2017-07-26 2017-11-17 阿里巴巴集团控股有限公司 A kind of digital certificate management method, device and system
US20170353320A1 (en) * 2016-02-26 2017-12-07 Apple Inc. Obtaining and using time information on a secure element (se)
CN107508680A (en) * 2017-07-26 2017-12-22 阿里巴巴集团控股有限公司 Digital certificate management method, device and electronic equipment
CN107592293A (en) * 2017-07-26 2018-01-16 阿里巴巴集团控股有限公司 The means of communication, digital certificate management method, device and electronic equipment between block chain node

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170353320A1 (en) * 2016-02-26 2017-12-07 Apple Inc. Obtaining and using time information on a secure element (se)
CN106385315A (en) * 2016-08-30 2017-02-08 北京三未信安科技发展有限公司 Digital certificate management method and system
CN106301792A (en) * 2016-08-31 2017-01-04 江苏通付盾科技有限公司 Ca authentication management method based on block chain, Apparatus and system
CN106789089A (en) * 2017-02-23 2017-05-31 腾讯科技(深圳)有限公司 A kind of method and system for managing certificate
CN106789090A (en) * 2017-02-24 2017-05-31 陈晶 Public key infrastructure system and semi-random participating certificate endorsement method based on block chain
CN107360001A (en) * 2017-07-26 2017-11-17 阿里巴巴集团控股有限公司 A kind of digital certificate management method, device and system
CN107508680A (en) * 2017-07-26 2017-12-22 阿里巴巴集团控股有限公司 Digital certificate management method, device and electronic equipment
CN107592293A (en) * 2017-07-26 2018-01-16 阿里巴巴集团控股有限公司 The means of communication, digital certificate management method, device and electronic equipment between block chain node

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109298835A (en) * 2018-08-16 2019-02-01 北京京东尚科信息技术有限公司 Data filing processing method, device, equipment and the storage medium of block chain
CN109298835B (en) * 2018-08-16 2022-04-26 北京京东尚科信息技术有限公司 Data archiving processing method, device, equipment and storage medium of block chain
CN109040279B (en) * 2018-08-21 2020-06-23 京东数字科技控股有限公司 Block chain network networking method, device, equipment and readable storage medium
CN109040279A (en) * 2018-08-21 2018-12-18 北京京东金融科技控股有限公司 Block chain network network-building method, device, equipment and readable storage medium storing program for executing
CN109325359A (en) * 2018-09-03 2019-02-12 平安科技(深圳)有限公司 System of account setting method, system, computer equipment and storage medium
CN109325359B (en) * 2018-09-03 2023-06-02 平安科技(深圳)有限公司 Account system setting method, system, computer device and storage medium
CN109242450A (en) * 2018-09-21 2019-01-18 北京京东尚科信息技术有限公司 Block catenary system and based on block catenary system realize method of commerce and transaction system
CN109508563A (en) * 2018-12-11 2019-03-22 南京大学 Electronic document authenticity guarantee method based on block chain
CN109617698A (en) * 2019-01-09 2019-04-12 腾讯科技(深圳)有限公司 Provide the method for digital certificate, digital certificate issues center and medium
WO2020143470A1 (en) * 2019-01-09 2020-07-16 腾讯科技(深圳)有限公司 Method for issuing digital certificate, digital certificate issuing center, and medium
US20210167972A1 (en) * 2019-01-09 2021-06-03 Tencent Technology (Shenzhen) Company Limited Method for issuing digital certificate, digital certificate issuing center, and medium
CN109617698B (en) * 2019-01-09 2021-08-03 腾讯科技(深圳)有限公司 Method for issuing digital certificate, digital certificate issuing center and medium
US11924358B2 (en) * 2019-01-09 2024-03-05 Tencent Technology (Shenzhen) Company Limited Method for issuing digital certificate, digital certificate issuing center, and medium
CN110800254A (en) * 2019-02-28 2020-02-14 阿里巴巴集团控股有限公司 System and method for generating digital indicia
US11888992B2 (en) 2019-02-28 2024-01-30 Advanced New Technologies Co., Ltd. System and method for generating digital marks
CN110602234B (en) * 2019-09-20 2021-10-26 腾讯科技(深圳)有限公司 Block chain network node management method, device, equipment and storage medium
CN110602234A (en) * 2019-09-20 2019-12-20 腾讯科技(深圳)有限公司 Block chain network node management method, device, equipment and storage medium
CN110838924A (en) * 2019-11-19 2020-02-25 北京沃东天骏信息技术有限公司 Block transmission method and device
CN110838924B (en) * 2019-11-19 2022-04-12 北京沃东天骏信息技术有限公司 Block transmission method and device
CN110781526A (en) * 2019-12-23 2020-02-11 杭州鸽子蛋网络科技有限责任公司 Digital medal creation method, device, electronic apparatus, and medium
CN111612456A (en) * 2020-04-27 2020-09-01 深圳壹账通智能科技有限公司 Expired digital certificate management and control method, system, device and storage medium

Also Published As

Publication number Publication date
CN108390872B (en) 2021-02-26

Similar Documents

Publication Publication Date Title
CN108390872A (en) Certificate management method, device, medium and electronic equipment
CN108683539A (en) Management method, device, medium and the electronic equipment of block chain network
CN109345259A (en) Virtual resource transfer method, device, medium and electronic equipment based on block chain
CN108550037A (en) Document handling method based on block chain and device
CN108370318A (en) Method and system for the block chain modification for using digital signature
CN109146490A (en) block generation method, device and system
CN109274717A (en) Shared storage method, device, medium and electronic equipment based on block chain
CN109873808A (en) Communication means and device, storage medium and electronic equipment between block chain node
CN109255585A (en) Time management method, device, medium and electronic equipment based on block chain
CN110874742B (en) Payment method and device based on block chain and intelligent contract
EP4027577A1 (en) Method and apparatus for processing data request
CN110460563A (en) Data encryption, decryption method and device, system, readable medium and electronic equipment
CN111125778B (en) Copyright transaction information processing method and device
CN109460652A (en) For marking the method, equipment and computer-readable medium of image pattern
CN108600250A (en) Authentication method
CN110445632A (en) A kind of method and apparatus for preventing client collapse
CN110033387A (en) Claims Resolution data processing method, device, medium and electronic equipment based on block chain
CN109948960A (en) Remove storehouse outbound, storage method and device and electronic equipment and storage medium
CN108959642A (en) Method and apparatus for information to be written
CN110223179A (en) The data processing method of fund, device, system, medium
CN109495468A (en) Authentication method, device, electronic equipment and storage medium
CN109769010A (en) Method, apparatus, equipment and storage medium based on SDK access CloudStack server
CN108228280A (en) The configuration method and device of browser parameters, storage medium, electronic equipment
CN108764866A (en) Method and apparatus for distributing resource, getting resource
CN108763881A (en) Method and apparatus for controlling user right

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant