CN108390872B - Certificate management method, device, medium and electronic equipment - Google Patents

Certificate management method, device, medium and electronic equipment Download PDF

Info

Publication number
CN108390872B
CN108390872B CN201810136908.3A CN201810136908A CN108390872B CN 108390872 B CN108390872 B CN 108390872B CN 201810136908 A CN201810136908 A CN 201810136908A CN 108390872 B CN108390872 B CN 108390872B
Authority
CN
China
Prior art keywords
information
certificate
block
feedback information
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810136908.3A
Other languages
Chinese (zh)
Other versions
CN108390872A (en
Inventor
孙东凯
刘春伟
孙海波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201810136908.3A priority Critical patent/CN108390872B/en
Publication of CN108390872A publication Critical patent/CN108390872A/en
Application granted granted Critical
Publication of CN108390872B publication Critical patent/CN108390872B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention provides a certificate management method, a device, a medium and electronic equipment, wherein the certificate management method comprises the following steps: acquiring related information of a target object, and sending the related information to a block chain node to acquire feedback information containing a digital certificate returned by the block chain node; sending the feedback information to a consensus node in a block chain network; the consensus node generates a block based on the feedback information and sends the generated block to the block chain node; the block link node writes the block into a chain and sends the information of the block to other block chain nodes. The technical scheme of the embodiment of the invention can store the digital certificate in the blockchain network, thereby avoiding the problems of property loss and property dispute caused by tampering of the digital certificate and effectively ensuring the safety of the digital certificate.

Description

Certificate management method, device, medium and electronic equipment
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a certificate management method, apparatus, medium, and electronic device.
Background
As shown in fig. 1, in the related art, after a user requests a CA (digital Certificate Authority) server to assign a Certificate using a public key and user information and the CA server assigns the Certificate to the user, the user information and the Certificate assigned by the CA server are stored in a database, but data stored in the database is easily tampered with, resulting in insecurity of the Certificate.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present invention and therefore may include information that does not constitute prior art known to a person of ordinary skill in the art.
Disclosure of Invention
Embodiments of the present invention provide a method, an apparatus, a medium, and an electronic device for managing a certificate, so as to overcome, at least to a certain extent, a problem in the related art that the certificate is stored in a database, which results in insecurity of the certificate.
Additional features and advantages of the invention will be set forth in the detailed description which follows, or may be learned by practice of the invention.
According to a first aspect of embodiments of the present invention, there is provided a certificate management method, including: acquiring related information of a target object, and sending the related information to a block chain node to acquire feedback information containing a digital certificate returned by the block chain node; sending the feedback information to a consensus node in a block chain network; the consensus node generates a block based on the feedback information and sends the generated block to the block chain node; the block link node writes the block into a chain and sends the information of the block to other block chain nodes.
In some embodiments of the present invention, based on the foregoing solution, acquiring related information of a target object, and sending the related information to a blockchain node to acquire feedback information including a digital certificate returned by the blockchain node, includes: an SDK (Software Development Kit) module acquires the related information of the target object; the SDK module signs the related information based on a private key of the SDK module and sends a data packet obtained after signing to the block chain node; the block chain node verifies the signature of the data packet according to the public key of the SDK module, acquires the related information from the data packet after the verification is passed, and sends the related information to a certificate center; and the block chain node receives the feedback information generated by the certificate center according to the relevant information and sends the feedback information to the SDK module.
In some embodiments of the present invention, based on the foregoing solution, before the block node receives the feedback information generated by the certificate authority according to the relevant information, the method further includes: the certificate authority signs the relevant information based on a private key of the certificate authority so as to generate the digital certificate.
In some embodiments of the present invention, based on the foregoing scheme, the signing, by the certificate authority, of the related information based on its own private key includes: the certificate center obtains a target private key corresponding to the target object from at least one stored private key, and signs the related information based on the target private key.
In some embodiments of the present invention, each of the at least one private key corresponds to one or more objects based on the foregoing scheme.
In some embodiments of the present invention, based on the foregoing scheme, the SDK module obtains relevant information of the target object, and sends the feedback information to a consensus node in the blockchain network; the certificate management method further comprises: the block link point sends the digital certificate to the SDK module, so that the SDK module sends the digital certificate to the target object.
In some embodiments of the present invention, based on the foregoing solution, the generating, by the consensus node, a block based on the feedback information includes: when the quantity of the received feedback information reaches a preset quantity, the consensus node generates the block according to the received feedback information; or
And when the quantity of the received feedback information does not reach the preset quantity but the time length for receiving the feedback information reaches the preset time length, the consensus node generates the block according to the received feedback information.
In some embodiments of the present invention, based on the foregoing solution, the related information of the target object includes: the identification information of the target object and the public key information of the target object.
According to a second aspect of the embodiments of the present invention, there is provided a certificate management apparatus including: the system comprises an SDK module, block chain link points and consensus nodes; the SDK module is used for acquiring related information of a target object, sending the related information to a block chain node to acquire feedback information containing a digital certificate returned by the block chain node, and sending the feedback information to the consensus node; the consensus node is used for generating a block according to the feedback information and sending the generated block to the block chain node; and the block chain node is used for writing the block into a chain and sending the information of the block to other block chain nodes.
In some embodiments of the present invention, based on the foregoing solution, the certificate management apparatus further includes: a certificate authority; the SDK module is used for signing the related information according to a private key of the SDK module and sending a data packet obtained after signing to the block chain node; the block chain node is used for verifying the signature of the data packet according to the public key of the SDK module, acquiring the related information from the data packet after the signature passes, sending the related information to the certificate center, receiving the feedback information generated by the certificate center, and sending the feedback information to the SDK module; and the certificate center is used for generating the feedback information according to the related information.
According to a third aspect of embodiments of the present invention, there is provided a computer-readable medium on which a computer program is stored, the program, when executed by a processor, implementing the certificate management method as described in the first aspect of the embodiments above.
According to a fourth aspect of embodiments of the present invention, there is provided an electronic apparatus, including: one or more processors; storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the certificate management method as described in the first aspect of the embodiments above.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
in the technical solutions provided in some embodiments of the present invention, the SDK module sends the related information of the target object to the blockchain node, and sends the obtained feedback information including the digital certificate to the consensus node in the blockchain network, so that the consensus node generates a block, and further writes the digital certificate into the generated block, so that the generated digital certificate can be stored in the blockchain network, thereby avoiding the problems of property loss and property dispute caused by tampering of the digital certificate, and effectively ensuring the security of the digital certificate.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort. In the drawings:
fig. 1 is a schematic diagram showing a certificate management scheme in the related art;
FIG. 2 schematically illustrates a flow diagram of a certificate management method according to one embodiment of the invention;
FIG. 3 is a schematic diagram illustrating a processing procedure of step S210 shown in FIG. 2;
FIG. 4 schematically shows a flowchart of a certificate management method according to another embodiment of the invention;
FIG. 5 schematically shows a flow diagram of a signature verification process according to an embodiment of the invention;
FIG. 6 schematically shows a block diagram of a certificate management apparatus according to an embodiment of the present invention;
FIG. 7 illustrates a schematic structural diagram of a computer system suitable for use with the electronic device to implement an embodiment of the invention.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations or operations have not been shown or described in detail to avoid obscuring aspects of the invention.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
Fig. 2 schematically shows a flowchart of a certificate management method according to an embodiment of the invention.
Referring to fig. 2, a certificate management method according to an embodiment of the present invention includes the following steps:
step S210, obtaining relevant information of the target object, and sending the relevant information to the block chain node to obtain feedback information including the digital certificate returned by the block chain node.
In one embodiment of the present invention, the target object is an object that needs to apply for a digital certificate, such as a user, a financial institution (e.g., a bank), a merchant, and the like. The related information of the target object includes identification information of the target object and public key information of the target object, for example, when the target object is a user, the related information of the target object may be user information and a user public key.
In an embodiment of the present invention, step S210 may be executed by an SDK module, where the SDK module may be integrated in a terminal corresponding to the target object, or may be independent of the terminal corresponding to the target object, for example, when the target object is a user, the SDK module may be integrated in the user terminal, or may be independent of the user terminal. The block link points are Peer nodes.
In an embodiment of the present invention, as shown in fig. 3, if the execution subject of step S210 is an SDK module, then step S210 sends the relevant information to a blockchain node to obtain feedback information including a digital certificate returned by the blockchain node, including:
and step S310, the SDK module signs the related information based on the private key of the SDK module and sends the signed data packet to the block chain node.
Step S320, the block chain node verifies the signature of the data packet according to the public key of the SDK module, acquires the related information from the data packet after the verification is passed, and sends the related information to a certificate center.
In an embodiment of the present invention, the block link point may obtain the public key of the SDK module in advance, and may further verify the data packet sent by the SDK module based on the public key of the SDK module.
Step S330, the block chain node receives the feedback information generated by the certificate center according to the relevant information, and sends the feedback information to the SDK module.
In one embodiment of the present invention, the certificate authority may sign the related information based on its own private key to generate the digital certificate.
In one embodiment of the present invention, the certificate authority may obtain a target private key corresponding to the target object from the stored at least one private key, and sign the related information based on the target private key.
In this embodiment, the certificate authority may store multiple private keys, and each private key may correspond to one or more objects, which in turn may ensure that different private keys are employed for different objects.
With continued reference to fig. 2, the certificate management method further includes the steps of:
step S220, the feedback information is sent to a consensus node in the block chain network.
In an embodiment of the present invention, the execution subject of step S220 is the same as that of step S210, for example, when the execution subject of step S210 is an SDK module, the execution subject of step S220 is also the SDK module; the consensus node in the blockchain network may be an Orderer node.
In step S230, the consensus node generates a block based on the feedback information, and sends the generated block to the block chain node.
In an embodiment of the present invention, when generating a block based on the feedback information, the consensus node may generate the block according to the received feedback information when the number of the received feedback information reaches a predetermined number; or when the number of the received feedback information does not reach a predetermined number but the time length for receiving the feedback information reaches a predetermined time length, generating the block according to the received feedback information.
For example, the common node may generate a block according to 10 pieces of feedback information when receiving the 10 pieces of feedback information; or when 10 pieces of feedback information have not been received yet but the waiting time has reached a predetermined time, generating a block according to the received feedback information.
In an embodiment of the invention, the Orderer node can support two consensus mechanisms, namely SBFT (statistical Byzantine failure Tolerance) and Kafka, wherein SBFT (statistical Byzantine failure Tolerance) is a simplified version of PBFT (Practical Byzantine failure Tolerance) and can tolerate partial node failures; kafka is a centralized queuing service, can provide higher performance, and the two consensus algorithms are respectively suitable for different scenes and can be selected according to actual needs in specific application.
In step S240, the block link node writes the block into a chain, and sends the information of the block to other block link nodes.
In one embodiment of the present invention, the blockchain node may further send the digital certificate to the SDK module, so that the SDK module sends the digital certificate to the target object.
The technical scheme of the embodiment can store the generated digital certificate in the blockchain network, thereby avoiding the problems of property loss and property disputes caused by tampering of the digital certificate and effectively ensuring the safety of the digital certificate.
As shown in fig. 4, the following describes in detail a certificate management scheme according to an embodiment of the present invention, with reference to an example that a target object is a User (i.e., User), a blockchain node is a Peer, a certificate center is a Jdchain (it should be noted that a blockchain may install a plurality of chain codes according to a service function, and the Jdchain is one of the chain codes for implementing a CA function), and a consensus node is an order:
as shown in fig. 4, a certificate management method according to another embodiment of the present invention includes the steps of:
in step S401, the User sends the User public key and the User information to the SDK.
Step S402, the SDK encapsulates the received user public key and the user information, uses the private key of the SDK to sign, and then sends the user public key and the user information to the Peer.
In step S403, the Peer verifies the signature using the public key of the SDK.
Step S404, after the Peer passes the verification of the signature, the Peer executes chain code, namely, the user public key and the user information are sent to Jdchain, so that the Jdchain generates a digital certificate accordingly.
Step S405, Jdchain generates a digital certificate according to the user public key and the user information. In particular, Jdchain may sign the user public key and user information with its own private key to generate a digital certificate.
In one embodiment of the invention, Jdchain may correspond to multiple private keys, each of which may correspond to one or more users.
In step S406, Jdchain feeds back the execution result containing the digital certificate to Peer.
In step S407, the Peer feeds back the result to the SDK.
In step S408, the SDK sends an Orderer consensus based on the received result, i.e., the received result is sent to the Orderer.
In step S409, Orderer generates a block according to the received information, where the generated block already includes the generated digital certificate.
In step S410, Orderer returns the generated block information to Peer.
In step S411, the Peer writes the block returned by the Orderer into the chain, and sends the block information to other nodes in the block chain network.
At step S412, Peer returns the digital certificate to the SDK.
In step S413, the SDK returns the digital certificate to the User.
Wherein Peer, Jdchain and Orderer shown in FIG. 4 constitute a blockchain.
In one embodiment of the invention, a web page may be provided for the user to review the generated digital certificate to verify the true identity of the enterprise. Meanwhile, in the embodiment of the invention, the user terminal can send the user public key and the user information to any block chain node (namely peer) through the SDK to acquire the digital certificate, so that the load balance can be effectively realized in a distributed manner, and a single-point fault or a single-point bottleneck is avoided.
In a specific application scenario of the present invention, a user and a bank may respectively obtain their respective digital certificates through the process shown in fig. 4, and a signature verification process after obtaining the digital certificates is shown in fig. 5, which specifically includes the following steps:
step S501, the user terminal obtains an abstract by performing hash operation on the data original text, and then signs the obtained abstract by using a private key of the user terminal to obtain signature information.
Step S502, the user terminal sends the data original text, the signature information and the obtained user digital certificate to the bank side.
Step S503, the bank side performs hash operation on the data original text to obtain an original text digest 1, meanwhile, verifies the user digital certificate by using a CA certificate of a certificate center (e.g., Jdchain shown in fig. 4), decrypts the signature information by using the public key of the user terminal after the verification is passed to obtain an original text digest 2, and then compares whether the original text digest 1 is equal to the original text digest 2.
Step S504, if the comparison original text abstract 1 and the comparison original text abstract 2 at the bank side are equal, a success message is fed back to the user terminal; and if the comparison original text abstract 1 and the comparison original text abstract 2 at the bank side are not equal, feeding back a failure message to the user terminal.
Embodiments of the apparatus of the present invention are described below, which may be used to implement the certificate management method of the present invention described above.
Fig. 6 schematically shows a block diagram of a certificate management apparatus according to an embodiment of the present invention.
Referring to fig. 6, a certificate management apparatus 600 according to an embodiment of the present invention includes: SDK module 602, block link point 604, and consensus node 606.
The SDK module 602 is configured to obtain relevant information of a target object, and send the relevant information to the blockchain node 604, so as to obtain feedback information including a digital certificate, which is returned by the blockchain node 604, and send the feedback information to the consensus node 606; the consensus node 606 is configured to generate a block according to the feedback information, and send the generated block to the block chain node 604; the blockchain node 604 is configured to write the block into a chain and send information of the block to other blockchain nodes 604.
In some embodiments of the present invention, based on the foregoing solution, the certificate management apparatus 600 further includes: a certificate authority 608; the SDK module 602 is configured to sign the relevant information according to a private key of the SDK module, and send a data packet obtained after signing to the block chain node 604; the block chain node 604 is configured to verify a signature of the data packet according to the public key of the SDK module 602, obtain the relevant information from the data packet after the signature passes, send the relevant information to the certificate center 608, receive the feedback information generated by the certificate center 608, and send the feedback information to the SDK module 602; the certificate authority 608 is configured to generate the feedback information according to the related information.
In some embodiments of the present invention, based on the foregoing scheme, the certificate authority 608 is configured to sign the relevant information according to its own private key to generate the digital certificate.
In some embodiments of the present invention, based on the foregoing solution, the certificate authority 608 is configured to obtain a target private key corresponding to the target object from the stored at least one private key, and sign the related information based on the target private key.
In some embodiments of the present invention, each of the at least one private key corresponds to one or more objects based on the foregoing scheme.
In some embodiments of the present invention, based on the foregoing solution, the blockchain node 604 is further configured to send the digital certificate to the SDK module 602, so that the SDK module 602 sends the digital certificate to the target object.
In some embodiments of the present invention, based on the foregoing solution, the consensus node 606 is configured to generate the block according to the received feedback information when the number of the received feedback information reaches a predetermined number; or
And when the number of the received feedback information does not reach the preset number but the time length for receiving the feedback information reaches the preset time length, the consensus node 606 generates the block according to the received feedback information.
In some embodiments of the present invention, based on the foregoing solution, the related information of the target object includes: the identification information of the target object and the public key information of the target object.
For details that are not disclosed in the embodiments of the apparatus of the present invention, reference is made to the above-described embodiments of the certificate management method of the present invention for the respective functional modules of the certificate management apparatus of the exemplary embodiment of the present invention correspond to the steps of the above-described exemplary embodiment of the certificate management method.
Referring now to FIG. 7, shown is a block diagram of a computer system 700 suitable for use with the electronic device implementing an embodiment of the present invention. The computer system 700 of the electronic device shown in fig. 7 is only an example, and should not bring any limitation to the function and the scope of use of the embodiments of the present invention.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU)701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data necessary for system operation are also stored. The CPU 701, the ROM 702, and the RAM 703 are connected to each other via a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
In particular, according to an embodiment of the present invention, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the invention include a computer program product comprising a computer program embodied on a computer-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program executes the above-described functions defined in the system of the present application when executed by the Central Processing Unit (CPU) 701.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present invention may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
As another aspect, the present application also provides a computer-readable medium, which may be contained in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to implement the certificate management method as described in the above embodiments.
For example, the electronic device may implement the following as shown in fig. 2: step S210, acquiring related information of a target object, and sending the related information to a block chain node to acquire feedback information containing a digital certificate returned by the block chain node; step S220, the feedback information is sent to a consensus node in a block chain network; step S230, the consensus node generates a block based on the feedback information and sends the generated block to the block chain node; in step S240, the block link node writes the block into a chain, and sends the information of the block to other block link nodes.
As another example, the electronic device may implement the steps shown in fig. 3.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the invention. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which can be a personal computer, a server, a touch terminal, or a network device, etc.) to execute the method according to the embodiment of the present invention.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims (12)

1. A certificate management method, comprising:
acquiring related information of a target object, and sending the related information to any block chain node to acquire feedback information containing a digital certificate returned by the block chain node;
sending the feedback information to a consensus node in a block chain network;
the consensus node generates a block based on the feedback information and sends the generated block to the block chain node;
the block chain nodes write the blocks into a chain and send the information of the blocks to other block chain nodes;
the method further comprises the following steps:
calculating a digest corresponding to the data original text, and carrying out private key signature on the digest to obtain signature information;
and sending the data original text, the signature information and the digital certificate to a receiving end so that the receiving end calculates an original text abstract 1 of the data original text, after the digital certificate passes verification, a public key decrypts the signature information to obtain an original text abstract 2, and message feedback is carried out according to a comparison result of the original text abstract 1 and the original text abstract 2.
2. The certificate management method according to claim 1, wherein obtaining relevant information of a target object, and sending the relevant information to any blockchain node to obtain feedback information including a digital certificate returned by the blockchain node, comprises:
the SDK module acquires the related information of the target object;
the SDK module signs the related information based on a private key of the SDK module and sends a data packet obtained after signing to any block chain node;
the block chain node verifies the signature of the data packet according to the public key of the SDK module, acquires the related information from the data packet after the verification is passed, and sends the related information to a certificate center;
and the block chain node receives the feedback information generated by the certificate center according to the relevant information and sends the feedback information to the SDK module.
3. The method according to claim 2, wherein before the block node receives the feedback information generated by the certificate authority according to the relevant information, the method further comprises:
the certificate authority signs the relevant information based on a private key of the certificate authority so as to generate the digital certificate.
4. The certificate management method according to claim 3, wherein the certificate authority signs the related information based on its own private key, including:
the certificate center obtains a target private key corresponding to the target object from at least one stored private key, and signs the related information based on the target private key.
5. The certificate management method of claim 4, wherein each of the at least one private key corresponds to one or more objects.
6. The certificate management method according to claim 1, wherein the SDK module obtains the relevant information of the target object and sends the feedback information to the consensus node in the blockchain network;
the certificate management method further comprises:
the block link point sends the digital certificate to the SDK module, so that the SDK module sends the digital certificate to the target object.
7. The certificate management method according to claim 1, wherein the consensus node generates a block based on the feedback information, comprising:
when the quantity of the received feedback information reaches a preset quantity, the consensus node generates the block according to the received feedback information; or
And when the quantity of the received feedback information does not reach the preset quantity but the time length for receiving the feedback information reaches the preset time length, the consensus node generates the block according to the received feedback information.
8. The certificate management method according to any one of claims 1 to 7, wherein the information on the target object includes: the identification information of the target object and the public key information of the target object.
9. A certificate management apparatus, comprising: the system comprises an SDK module, block chain link points and consensus nodes;
the SDK module is used for acquiring related information of a target object, sending the related information to any block chain node to acquire feedback information containing a digital certificate returned by the block chain node, and sending the feedback information to the consensus node;
the consensus node is used for generating a block according to the feedback information and sending the generated block to the block chain node;
the block chain node is used for writing the block into a chain and sending the information of the block to other block chain nodes;
the SDK module is further configured to:
calculating a digest corresponding to the data original text, and carrying out private key signature on the digest to obtain signature information;
and sending the data original text, the signature information and the digital certificate to a receiving end so that the receiving end calculates an original text abstract 1 of the data original text, after the digital certificate passes verification, a public key decrypts the signature information to obtain an original text abstract 2, and message feedback is carried out according to a comparison result of the original text abstract 1 and the original text abstract 2.
10. The certificate management apparatus according to claim 9, characterized in that the certificate management apparatus further comprises: a certificate authority;
the SDK module is used for signing the related information according to a private key of the SDK module, and sending a data packet obtained after signing to any one block chain node;
the any block chain node is used for verifying the signature of the data packet according to the public key of the SDK module, acquiring the related information from the data packet after the signature passes, sending the related information to the certificate center, receiving the feedback information generated by the certificate center, and sending the feedback information to the SDK module;
and the certificate center is used for generating the feedback information according to the related information.
11. A computer-readable medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the certificate management method of any one of claims 1 to 8.
12. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the certificate management method of any of claims 1 to 8.
CN201810136908.3A 2018-02-09 2018-02-09 Certificate management method, device, medium and electronic equipment Active CN108390872B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810136908.3A CN108390872B (en) 2018-02-09 2018-02-09 Certificate management method, device, medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810136908.3A CN108390872B (en) 2018-02-09 2018-02-09 Certificate management method, device, medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN108390872A CN108390872A (en) 2018-08-10
CN108390872B true CN108390872B (en) 2021-02-26

Family

ID=63075742

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810136908.3A Active CN108390872B (en) 2018-02-09 2018-02-09 Certificate management method, device, medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN108390872B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109298835B (en) * 2018-08-16 2022-04-26 北京京东尚科信息技术有限公司 Data archiving processing method, device, equipment and storage medium of block chain
CN109040279B (en) * 2018-08-21 2020-06-23 京东数字科技控股有限公司 Block chain network networking method, device, equipment and readable storage medium
CN109325359B (en) * 2018-09-03 2023-06-02 平安科技(深圳)有限公司 Account system setting method, system, computer device and storage medium
CN109242450A (en) * 2018-09-21 2019-01-18 北京京东尚科信息技术有限公司 Block catenary system and based on block catenary system realize method of commerce and transaction system
CN109508563B (en) * 2018-12-11 2021-11-16 南京大学 Block chain-based electronic file authenticity guarantee method
CN109617698B (en) * 2019-01-09 2021-08-03 腾讯科技(深圳)有限公司 Method for issuing digital certificate, digital certificate issuing center and medium
KR102404284B1 (en) * 2019-02-28 2022-05-31 어드밴스드 뉴 테크놀로지스 씨오., 엘티디. Systems and methods for creating digital marks
CN110602234B (en) * 2019-09-20 2021-10-26 腾讯科技(深圳)有限公司 Block chain network node management method, device, equipment and storage medium
CN110838924B (en) * 2019-11-19 2022-04-12 北京沃东天骏信息技术有限公司 Block transmission method and device
CN110781526A (en) * 2019-12-23 2020-02-11 杭州鸽子蛋网络科技有限责任公司 Digital medal creation method, device, electronic apparatus, and medium
CN111612456A (en) * 2020-04-27 2020-09-01 深圳壹账通智能科技有限公司 Expired digital certificate management and control method, system, device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106301792A (en) * 2016-08-31 2017-01-04 江苏通付盾科技有限公司 Ca authentication management method based on block chain, Apparatus and system
CN106385315A (en) * 2016-08-30 2017-02-08 北京三未信安科技发展有限公司 Digital certificate management method and system
CN106789090A (en) * 2017-02-24 2017-05-31 陈晶 Public key infrastructure system and semi-random participating certificate endorsement method based on block chain
CN106789089A (en) * 2017-02-23 2017-05-31 腾讯科技(深圳)有限公司 A kind of method and system for managing certificate
CN107360001A (en) * 2017-07-26 2017-11-17 阿里巴巴集团控股有限公司 A kind of digital certificate management method, device and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10680833B2 (en) * 2016-02-26 2020-06-09 Apple Inc. Obtaining and using time information on a secure element (SE)
CN107592293A (en) * 2017-07-26 2018-01-16 阿里巴巴集团控股有限公司 The means of communication, digital certificate management method, device and electronic equipment between block chain node
CN112865982A (en) * 2017-07-26 2021-05-28 创新先进技术有限公司 Digital certificate management method and device and electronic equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106385315A (en) * 2016-08-30 2017-02-08 北京三未信安科技发展有限公司 Digital certificate management method and system
CN106301792A (en) * 2016-08-31 2017-01-04 江苏通付盾科技有限公司 Ca authentication management method based on block chain, Apparatus and system
CN106789089A (en) * 2017-02-23 2017-05-31 腾讯科技(深圳)有限公司 A kind of method and system for managing certificate
CN106789090A (en) * 2017-02-24 2017-05-31 陈晶 Public key infrastructure system and semi-random participating certificate endorsement method based on block chain
CN107360001A (en) * 2017-07-26 2017-11-17 阿里巴巴集团控股有限公司 A kind of digital certificate management method, device and system

Also Published As

Publication number Publication date
CN108390872A (en) 2018-08-10

Similar Documents

Publication Publication Date Title
CN108390872B (en) Certificate management method, device, medium and electronic equipment
CN108550037B (en) File processing method and device based on block chain
CN108900364B (en) Block chain network management method, block chain network management device, block chain network management medium and electronic equipment
CN112150141A (en) Block chain consensus method, device and system
CN111125778B (en) Copyright transaction information processing method and device
CN110535659B (en) Method, apparatus, electronic device and computer readable medium for processing data request
CN111275438B (en) Consensus method, device, equipment and storage medium of block chain network
CN111314172A (en) Data processing method, device and equipment based on block chain and storage medium
CN111950032A (en) Block chain-based data storage method, terminal device and storage medium
CN113873004A (en) Task execution method and device and distributed computing system
CN114127724A (en) Integrity audit for multi-copy storage
CN113206746B (en) Digital certificate management method and device
CN114781351A (en) Bidding file analysis method, device, equipment and medium based on electric power data
WO2024055740A1 (en) Data processing method, computer device, and readable storage medium
CN111050326A (en) Short message verification method, device, equipment and medium based on block chain
CN111984615A (en) Method, device and system for sharing files
CN114880397B (en) Decentralised data storage method and device, computer medium and electronic equipment
CN110751467A (en) Digital currency generation method and system
CN113206738B (en) Digital certificate management method and device
CN110781523B (en) Method and apparatus for processing information
CN113672988B (en) Information management method, system, medium and electronic equipment based on block chain
CN114186994A (en) Method, terminal and system for using digital currency wallet application
CN112465498A (en) Data processing method and device for application blockchain enterprise wallet
CN114037446A (en) Transaction method, transaction management method, device and system for digital currency
CN113592645A (en) Data verification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant