CN109450843A - A kind of SSL certificate management method and system based on block chain - Google Patents
A kind of SSL certificate management method and system based on block chain Download PDFInfo
- Publication number
- CN109450843A CN109450843A CN201811083408.4A CN201811083408A CN109450843A CN 109450843 A CN109450843 A CN 109450843A CN 201811083408 A CN201811083408 A CN 201811083408A CN 109450843 A CN109450843 A CN 109450843A
- Authority
- CN
- China
- Prior art keywords
- ssl certificate
- block chain
- web server
- certificate
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 30
- 238000004891 communication Methods 0.000 claims abstract description 17
- 238000000034 method Methods 0.000 claims abstract description 11
- 238000004422 calculation algorithm Methods 0.000 claims description 17
- 238000012795 verification Methods 0.000 claims description 13
- 238000012360 testing method Methods 0.000 claims description 5
- 238000012937 correction Methods 0.000 claims description 4
- 230000015572 biosynthetic process Effects 0.000 claims description 3
- 238000002360 preparation method Methods 0.000 claims description 3
- 238000003786 synthesis reaction Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 7
- 230000006870 function Effects 0.000 description 6
- 230000008520 organization Effects 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 230000029305 taxis Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The invention discloses a kind of SSL certificate management methods and system based on block chain, belong to block chain technical field.Described method includes following steps: S1:Web server generates SSL certificate, and the certificate includes public key and private key;S2:Web server increases record entry in domain name, sends the SSL certificate in block chain and saves;S3: client requests SSL certificate to Web server, and the client is using the public key in the SSL certificate received as obtaining corresponding SSL certificate on key assignments to block chain;S4: the client verifies the SSL certificate, if being verified, client and Web server establish coded communication, otherwise, prompts connection risky.The present invention can either improve the sharing efficiency of resume information inquiry, and can technically guarantee privacy and the safety of information, and oneself generates certificate, substantially reduces cost by combining asymmetric encryption and block chain technology.
Description
Technical field
The present invention relates to block chain technical field, in particular to a kind of SSL certificate management method based on block chain and it is
System.
Background technique
SSL certificate is one kind of digital certificate, similar to the electronic copies of driver's license, passport and business license.Because matching
It sets on the server, also referred to as SSL service device certificate.SSL certificate abides by ssl protocol, issues machine by trusted digital certificate
Structure CA is issued after authentication server identity, and there is server authentication and data to transmit encryption function.SSL certificate by
It establishes a SSL exit passageway (Secure socket layer (SSL)), realizes between client browser and Web server
Data transmit encryption function, wherein security protocol is designed and developed by Netscape Communication company.This is assisted safely
View is mainly used to provide the certification to user and server;The data of transmission are encrypted and hidden;Ensure that data are transmitting
In be not changed, i.e. the integrality of data has become the standard to globalize in the field.
Since SSL technology has been established in all main browsers and WEB server program, thus, it is only required to install clothes
Business device certificate can activate the function, i.e., can activate ssl protocol by it, realize data information in client and service
Encrypted transmission between device can not only prevent the leakage of data information, ensure that both sides transmit the safety of information, Er Qieyong
Family can he is accessed by server certificate verification website whether be true and reliable.
Numerical digit signature also known as number mark, stamped signature (i.e. Digital Certificate, Digital ID), provide one
Kind is the digital information file for indicating and proving network communication both sides' identity, generally in the method for carrying out authentication on the net
Driver's driving license or identity card in the similar daily life of thought is similar.Digital signature is mainly used for sending safety E-mail, access
Secure site, Internet-based tendering and bid, sign up agreement on Internet, shopping on net, safe Document-Intranet, online working, Online Payment,
It pays taxes on the net and the online electronic transaction activity of the safety such as shopping online.
At present in technology, SSL certificate is issued by digital certificate issuing organization (CA), and applicant makes CSR text first
CSR, is then submitted to CA by part, and CA generates SSL certificate according to CSR and issues applicant.One drawback of this scheme is SSL card
Book is grasped by a few CA mechanism, leads to its excessively centralization, so as to cause there may be security risk and current SSL cards
The high price of book.
Block chain is a more fiery recently technology, it is a kind of system of decentralization, utilizes block chained record knot
Structure is known together algorithm with storing data, using distributed node and generates and more new data, protected in the way of cryptography to verify
The safety of the transmission of card data and access, programmed using the intelligent contract being made of automatized script code and operation data one
Kind completely new distributed basis framework and calculation paradigm.Therefore, block chain as one have it is distributed, can not distort, can chase after
The new technology for the characteristics such as trace back has the function of fabulous, can either improve what resume information was inquired for saving curriculum vitae information
Sharing efficiency, and can technically guarantee privacy and the safety of information.
Summary of the invention
In order to solve problems in the prior art, the embodiment of the invention provides a kind of SSL certificate management based on block chain
Method and system, with overcome in the prior art SSL certificate be to be issued by digital certificate issuing organization (CA), cause it excessively in
The heart, so as to cause there are security risk and current SSL certificate it is at high price the problems such as.
In order to solve the above technical problems, the technical solution adopted by the present invention is that:
On the one hand, a kind of SSL certificate management method based on block chain is provided, described method includes following steps:
S1:Web server generates SSL certificate, and the certificate includes public key and private key;
S2:Web server increases record entry in domain name, sends the SSL certificate in block chain and saves;
S3: client to Web server request SSL certificate, the client using the public key in the SSL certificate received as
Corresponding SSL certificate is obtained on key assignments to block chain;
S4: the client verifies the SSL certificate, if being verified, client and Web server are established
Otherwise coded communication prompts connection risky.
Further, the step S1 is specifically included:
S1.1:Web server generates public private key pair;
S1.2: preparing field to be signed, the effective time limit of the domain name, SSL certificate to be bound including public key, SSL certificate and
Signature algorithm;
S1.3: signing to the field to be signed using private key, the field after obtaining signature;
S1.4: the field after the field to be signed and the signature is combined composition SSL certificate.
Further, the step S2 is specifically included:
S2.1:Web server increases a record entry newly in domain name, wherein record type txt, host record title
For _ pubkey.owner, the public key that record value is the SSL certificate;
S2.2: the public key of the SSL certificate and SSL certificate is constituted into one group of key assignments, using the private key by the key
Value is sent on block chain and saves.
Further, the step S2 further include:
After the SSL certificate is sent to block chain, block chain verifies the SSL certificate, will be described if passing through
SSL certificate is saved on block chain, otherwise abandons the SSL certificate.
Further, the block chain interior joint verify to SSL certificate and be specifically included:
The domain that whether SSL certificate validity period is effective, whether verifying SSL certificate signature is effective, inquiry SSL certificate is bound verified
Name corresponding to host record _ pubkey.owner record value whether with the public key match in SSL certificate.
Further, the step S4 is specifically included:
The SSL certificate that the client examines the SSL certificate obtained on block chain and Web server to send whether one
Cause, if inconsistent, prompt to connect it is risky, if unanimously, being verified to the SSL certificate itself that Web server is sent,
If being verified, client and Web server establish coded communication, otherwise, prompt connection risky.
Further, described SSL certificate sent to Web server itself verify and is specifically included:
In client verification SSL certificate domain name whether be the domain name of the website to be accessed, validity period whether effectively, according to label
Whether name proof of algorithm signature is effective.
On the other hand, a kind of SSL certificate management system based on block chain is provided, the system comprises:
Web server, for generating SSL certificate, the certificate includes public key and private key, and the Web server is also used to
A record entry is increased newly in domain name, is sent the SSL certificate in block chain and is saved;
Client, for requesting SSL certificate to Web server, the client makees the public key in the SSL certificate received
To obtain corresponding SSL certificate on key assignments to block chain, the client is also used to verify the SSL certificate, if testing
Card passes through, then client and Web server establish coded communication, otherwise, prompts connection risky;
Block chain, for saving the SSL certificate.
Further, the Web server includes:
Generation module, for generating public private key pair;
Field preparation module, for preparing field to be signed, domain name, the SSL certificate to be bound including public key, SSL certificate
Effective time limit and signature algorithm;
Signature blocks, for being signed using private key to the field to be signed, the field after obtaining signature;
Synthesis module, for the field after the field to be signed and the signature to be combined composition SSL certificate.
Further, the Web server further include:
Increasing module, for increasing record entry in domain name, wherein record type txt, host record be entitled _
Pubkey.owner, the public key that record value is the SSL certificate;
Sending module uses the private key for the public key of the SSL certificate and SSL certificate to be constituted one group of key assignments
It sends the key assignments on block chain and saves.
Further, the block chain includes:
Node is verified, after being sent to block chain for the SSL certificate, the SSL certificate is verified, if passing through,
Then the SSL certificate is saved on block chain, otherwise abandons the SSL certificate.
Further, the client includes:
Correction verification module, whether the SSL certificate for examining the SSL certificate obtained on block chain and Web server to send
Unanimously, if it is inconsistent, prompt to connect it is risky, if unanimously, SSL certificate sent to Web server itself carries out school
It tests, if being verified, client and Web server establish coded communication, otherwise, prompt connection risky.
Technical solution provided in an embodiment of the present invention has the benefit that
1, the SSL certificate management method and system provided in an embodiment of the present invention based on block chain, certainly by Web server
Row generates SSL certificate, without being issued by digital certificate issuing organization (CA), to avoid digital certificate issuing organization (CA)
The SSL certificate issued it is at high price, substantially reduce cost.
2, the SSL certificate management method and system provided in an embodiment of the present invention based on block chain, it is asymmetric by combining
Encryption and block chain technology, can either improve the sharing efficiency of resume information inquiry, and can technically guarantee the privacy of information
Property and safety.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is the flow chart for the SSL certificate management method based on block chain shown according to an exemplary embodiment;
Fig. 2 is the flow chart for showing Web server according to an exemplary embodiment and generating SSL certificate;
Fig. 3 is the flow chart of step S2 shown according to an exemplary embodiment;
Fig. 4 is the structural schematic diagram of the SSL certificate management system shown according to an exemplary embodiment based on block chain.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached in the embodiment of the present invention
Figure, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only this
Invention a part of the embodiment, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art exist
Every other embodiment obtained under the premise of creative work is not made, shall fall within the protection scope of the present invention.
Embodiment 1
Fig. 1 is the flow chart of the SSL certificate management method shown according to an exemplary embodiment based on block chain, reference
Shown in Fig. 1, described method includes following steps:
S1:Web server generates SSL certificate, and the certificate includes public key and private key.
Specifically, SSL certificate no longer needs third-party CA mechanism to sign and issue in the embodiment of the present invention, but by Web service
Device oneself is signed and issued, to avoid paying the high expense of third-party CA mechanism.And in the embodiment of the present invention SSL certificate structure
Also correspondence changes, and further includes domain name, effective time limit, signature algorithm and signature etc. other than above-mentioned public key and private key,
Middle effective time limit includes effective time started and effective end time.
S2:Web server increases record entry in domain name, sends the SSL certificate in block chain and saves.
Specifically, if the not all person of a domain name creates certificate and cochain, client (including browsing
Device) oneself certificate on block chain may be substituted for by attacker when access the website, then carry out eavesdropping data.
In order to guarantee that domain name can only create SSL certificate and cochain by the domain name owner, a cochain is increased in the embodiment of the present invention and is tested
Card mechanism, i.e. Web server increase record entry in domain name, when SSL certificate is sent to block chain by Web server (owner)
When, after the node of block chain receives the information, SSL certificate can be verified according to increased record entry, if passing through,
Then the SSL certificate is saved on block chain, otherwise abandons the SSL certificate.
Further, block chain interior joint verify to SSL certificate and be specifically included:
The domain that whether SSL certificate validity period is effective, whether verifying SSL certificate signature is effective, inquiry SSL certificate is bound verified
Name corresponding to host record _ pubkey.owner record value whether with the public key match etc. in SSL certificate.
S3: client to Web server request SSL certificate, the client using the public key in the SSL certificate received as
Corresponding SSL certificate is obtained on key assignments to block chain.
It is requested specifically, client is sent to Web server, the SSL certificate of oneself is sent to client by Web server
End, client is using the public key in the SSL certificate received as obtaining the corresponding SSL certificate of the key assignments on key assignments to block chain.
S4: the client verifies the SSL certificate, if being verified, client and Web server are established
Otherwise coded communication prompts connection risky.
Further, the SSL that the client examines the SSL certificate obtained on block chain and Web server to send is demonstrate,proved
Whether book consistent, if inconsistent, prompt to connect it is risky, if unanimously, the SSL certificate itself that Web server is sent
It is verified, if being verified, client and Web server establish coded communication, otherwise, prompt connection risky.
Further, SSL certificate sent to Web server itself carries out verification and specifically includes:
In client verification SSL certificate domain name whether be the domain name of the website to be accessed, validity period whether effectively, according to label
Whether name proof of algorithm signature is effective.
Specifically, can be carried out according to Web server in domain name increased record entry to the verification of above-mentioned item.
Specifically include what needs to be explained here is that client establishes coded communication with Web server: client handle will lead to
The key of the asymmetric encryption of letter is then sent to Web server, Web server receives using the public key encryption in SSL certificate
It is decrypted afterwards using the private key of oneself, the communication of following both sides is exactly to pass through this key to carry out, and ensure that the privacy of information
And safety.
Fig. 2 is the flow chart for showing Web server according to an exemplary embodiment and generating SSL certificate, referring to shown in Fig. 2,
Its step are as follows:
S1.1:Web server generates public private key pair.
Specifically, Web server generates public private key pair, public private key pair mentioned here is above-mentioned public key and private key.This
Rivest, shamir, adelman is selected in inventive embodiments, it is specific to select ED25519 algorithm.Algorithm for encryption decryption speed is fast, raw
At the time, short and safety is higher.What needs to be explained here is that public key and private key are a pair, if carried out with public key to data
Encryption, could only be decrypted with corresponding private key;If encrypted with private key to data, only just with corresponding public key
It can decryption.Because encryption and decryption use two different keys, this algorithm is called rivest, shamir, adelman.It is non-
Symmetric encipherment algorithm realizes that the basic process of confidential information exchange is: Party A generates a pair of secret keys and by therein one as public
Key is disclosed to other sides, obtain the public key Party B encrypted using the key pair confidential information after be then forwarded to Party A, first
Another encrypted information is decrypted in private key (i.e. private key) of Fang Zaiyong oneself preservation.
S1.2: preparing field to be signed, the effective time limit of the domain name, SSL certificate to be bound including public key, SSL certificate and
Signature algorithm.
Specifically, the effective time limit of SSL certificate includes effective time started and effective end time.In the embodiment of the present invention
The signature algorithm of selection is ED25519 algorithm.
S1.3: signing to the field to be signed using private key, the field after obtaining signature.
It signs specifically, treating signature field using the private key generated in above-mentioned steps, the field after obtaining signature.
S1.4: the field after the field to be signed and the signature is combined composition SSL certificate.
Fig. 3 is the flow chart of step S2 shown according to an exemplary embodiment, referring to shown in Fig. 3, the step S2 tool
Body includes:
S2.1:Web server increases a record entry newly in domain name, wherein record type txt, host record title
For _ pubkey.owner, the public key that record value is the SSL certificate.
Specifically, Web server (i.e. the domain name owner) increases a record newly in domain name before the certificate cochain of production
Entry, wherein record type txt, host record be entitled _ pubkey.owner, the public affairs that record value is the SSL certificate
Key.In this way, the node of block chain receives when SSL certificate is sent to block chain by Web server (i.e. the domain name owner)
After the information, SSL certificate can be verified according to increased record entry, if passing through, the SSL certificate is saved in area
On block chain, the SSL certificate is otherwise abandoned.
S2.2: the public key of the SSL certificate and SSL certificate is constituted into one group of key assignments, using the private key by the key
Value is sent on block chain and saves.
Specifically, the public key of the SSL certificate and SSL certificate is constituted into one group of key assignments, it will be described using the private key
Key assignments is sent on block chain and saves.Then, so that it may which corresponding SSL is inquired on block chain according to public key (namely key assignments)
Certificate.
Embodiment 2
Fig. 4 is the structural schematic diagram of the SSL certificate management system shown according to an exemplary embodiment based on block chain,
Referring to shown in Fig. 4, the system comprises:
Web server, for generating SSL certificate, the certificate includes public key and private key, and the Web server is also used to
A record entry is increased newly in domain name, is sent the SSL certificate in block chain and is saved;
Client, for requesting SSL certificate to Web server, the client makees the public key in the SSL certificate received
To obtain corresponding SSL certificate on key assignments to block chain, the client is also used to verify the SSL certificate, if testing
Card passes through, then client and Web server establish coded communication, otherwise, prompts connection risky;
Block chain, for saving the SSL certificate.
Further, the Web server includes:
Generation module, for generating public private key pair, the public private key pair is above-mentioned public key and private key;
Field preparation module, for preparing field to be signed, domain name, the SSL certificate to be bound including public key, SSL certificate
Effective time limit and signature algorithm;
Signature blocks, for being signed using private key to the field to be signed, the field after obtaining signature;
Synthesis module, for the field after the field to be signed and the signature to be combined composition SSL certificate.
Further, the Web server further include:
Increasing module, for increasing record entry in domain name, wherein record type txt, host record be entitled _
Pubkey.owner, the public key that record value is the SSL certificate;
Sending module uses the private key for the public key of the SSL certificate and SSL certificate to be constituted one group of key assignments
It sends the key assignments on block chain and saves.
Further, the block chain includes:
Node is verified, after being sent to block chain for the SSL certificate, the SSL certificate is verified, if passing through,
Then the SSL certificate is saved on block chain, otherwise abandons the SSL certificate.
Specifically, whether verifying node verification SSL certificate validity period is effective, whether verifying SSL certificate signature is effective, inquiry
SSL certificate binding domain name corresponding to host record _ pubkey.owner record value whether with the public key in SSL certificate
Match, if passing through, the SSL certificate is saved on block chain, otherwise abandons the SSL certificate.
The key assignments (i.e. public key) that block chain is also used to be sent according to client is used as on key assignments to block chain and obtains the key
It is worth corresponding SSL certificate.
Further, the client includes:
Correction verification module, whether the SSL certificate for examining the SSL certificate obtained on block chain and Web server to send
Unanimously, if it is inconsistent, prompt to connect it is risky, if unanimously, SSL certificate sent to Web server itself carries out school
It tests, if being verified, client and Web server establish coded communication, otherwise, prompt connection risky.
Specifically, the SSL certificate itself that correction verification module is also used to send Web server verifies, specifically include:
In client verification SSL certificate domain name whether be the domain name of the website to be accessed, validity period whether effectively, according to label
Whether name proof of algorithm signature is effective.
In conclusion technical solution provided in an embodiment of the present invention has the benefit that
1, the SSL certificate management method and system provided in an embodiment of the present invention based on block chain, certainly by Web server
Row generates SSL certificate, without being issued by digital certificate issuing organization (CA), to avoid digital certificate issuing organization (CA)
The SSL certificate issued it is at high price, substantially reduce cost.
2, the SSL certificate management method and system provided in an embodiment of the present invention based on block chain, it is asymmetric by combining
Encryption and block chain technology, can either improve the sharing efficiency of resume information inquiry, and can technically guarantee the privacy of information
Property and safety.
It should be understood that provided by the above embodiment triggering certificate pipe based on the SSL certificate management system of block chain
When reason business, only the example of the division of the above functional modules, in practical application, can according to need and will be above-mentioned
Function distribution is completed by different functional modules, i.e., the internal structure of system is divided into different functional modules, with complete with
The all or part of function of upper description.In addition, the SSL certificate management system and base provided by the above embodiment based on block chain
Belong to same design in the SSL certificate management method embodiment of block chain, specific implementation process is detailed in embodiment of the method, here
It repeats no more.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware
It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (12)
1. a kind of SSL certificate management method based on block chain, which is characterized in that described method includes following steps:
S1:Web server generates SSL certificate, and the certificate includes public key and private key;
S2:Web server increases record entry in domain name, sends the SSL certificate in block chain and saves;
S3: client requests SSL certificate to Web server, and the client is using the public key in the SSL certificate received as key assignments
Corresponding SSL certificate is obtained on to block chain;
S4: the client verifies the SSL certificate, if being verified, client and Web server are established and encrypted
Otherwise communication prompts connection risky.
2. the SSL certificate management method according to claim 1 based on block chain, which is characterized in that the step S1 tool
Body includes:
S1.1:Web server generates public private key pair;
S1.2: preparing field to be signed, the effective time limit and signature of the domain name, SSL certificate to be bound including public key, SSL certificate
Algorithm;
S1.3: signing to the field to be signed using private key, the field after obtaining signature;
S1.4: the field after the field to be signed and the signature is combined composition SSL certificate.
3. the SSL certificate management method according to claim 1 based on block chain, which is characterized in that the step S2 tool
Body includes:
S2.1:Web server increases a record entry newly in domain name, wherein and record type txt, host record be entitled _
Pubkey.owner, the public key that record value is the SSL certificate;
S2.2: the public key of the SSL certificate and SSL certificate is constituted into one group of key assignments, is sent out the key assignments using the private key
It is sent on block chain and saves.
4. according to claim 1 to described in 3 any one based on the SSL certificate management method of block chain, which is characterized in that institute
State step S2 further include:
After the SSL certificate is sent to block chain, block chain verifies the SSL certificate, if passing through, by the SSL
Certificate is saved on block chain, otherwise abandons the SSL certificate.
5. the SSL certificate management method according to claim 4 based on block chain, which is characterized in that in the block chain
Node carries out verifying to SSL certificate and specifically includes:
The domain name institute that whether SSL certificate validity period is effective, whether verifying SSL certificate signature is effective, inquiry SSL certificate is bound verified
The record value of corresponding host record _ pubkey.owner whether with the public key match in SSL certificate.
6. the SSL certificate management method according to claim 1 based on block chain, which is characterized in that the step S4 tool
Body includes:
Whether the SSL certificate that the client examines the SSL certificate obtained on block chain to send with Web server is consistent, if
It is inconsistent, then prompt to connect it is risky, if unanimously, being verified to the SSL certificate itself that Web server is sent, if testing
Card passes through, then client and Web server establish coded communication, otherwise, prompts connection risky.
7. the SSL certificate management method according to claim 6 based on block chain, which is characterized in that described to Web service
SSL certificate that device is sent itself carries out verification and specifically includes:
Whether domain name is the domain name for the website to be accessed in client verification SSL certificate, whether validity period is effective, is calculated according to signature
Whether method verifying signature is effective.
8. a kind of SSL certificate management system based on block chain, which is characterized in that the system comprises:
Web server, for generating SSL certificate, the certificate includes public key and private key, and the Web server is also used in domain
Name increases a record entry newly, sends the SSL certificate in block chain and saves;
Client, for requesting SSL certificate to Web server, the client is using the public key in the SSL certificate received as key
It is worth on block chain and obtains corresponding SSL certificate, the client is also used to verify the SSL certificate, if verifying is logical
It crosses, then client and Web server establish coded communication, otherwise, prompt connection risky;
Block chain, for saving the SSL certificate.
9. the SSL certificate management system according to claim 8 based on block chain, which is characterized in that the Web server
Include:
Generation module, for generating public private key pair;
Field preparation module, for preparing field to be signed, the domain name to be bound including public key, SSL certificate, SSL certificate have
Imitate time limit and signature algorithm;
Signature blocks, for being signed using private key to the field to be signed, the field after obtaining signature;
Synthesis module, for the field after the field to be signed and the signature to be combined composition SSL certificate.
10. the SSL certificate management system according to claim 8 based on block chain, which is characterized in that the Web service
Device further include:
Increasing module, for increasing record entry in domain name, wherein record type txt, host record be entitled _
Pubkey.owner, the public key that record value is the SSL certificate;
Sending module, for the public key of the SSL certificate and SSL certificate to be constituted one group of key assignments, using the private key by institute
It states key assignments and is sent on block chain and save.
11. based on the SSL certificate management system of block chain according to claim 8 to 10 any one, which is characterized in that
The block chain includes:
Node is verified, after being sent to block chain for the SSL certificate, the SSL certificate is verified, it, will if passing through
The SSL certificate is saved on block chain, otherwise abandons the SSL certificate.
12. the SSL certificate management system according to claim 8 based on block chain, which is characterized in that the client packet
It includes:
Correction verification module, whether the SSL certificate for examining the SSL certificate obtained on block chain and Web server to send is consistent,
If inconsistent, prompt to connect it is risky, if unanimously, being verified to the SSL certificate itself that Web server is sent, if
It is verified, then client and Web server establish coded communication, otherwise, prompt connection risky.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811083408.4A CN109450843B (en) | 2018-09-14 | 2018-09-14 | SSL certificate management method and system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811083408.4A CN109450843B (en) | 2018-09-14 | 2018-09-14 | SSL certificate management method and system based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109450843A true CN109450843A (en) | 2019-03-08 |
| CN109450843B CN109450843B (en) | 2021-06-15 |
Family
ID=65532882
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811083408.4A Active CN109450843B (en) | 2018-09-14 | 2018-09-14 | SSL certificate management method and system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109450843B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110866288A (en) * | 2019-11-18 | 2020-03-06 | 广州安加互联科技有限公司 | Data protection method, system and terminal based on block chain |
| CN111209262A (en) * | 2020-01-10 | 2020-05-29 | 浪潮天元通信信息系统有限公司 | Large-scale distributed safe storage system based on block chain |
| CN111507719A (en) * | 2020-04-22 | 2020-08-07 | 北京众享比特科技有限公司 | Method and system for dynamically updating alliance link verification node in centralized mode |
| WO2020199982A1 (en) * | 2019-03-29 | 2020-10-08 | 华为技术有限公司 | Information verification method and apparatus, and device |
| CN112787823A (en) * | 2021-01-27 | 2021-05-11 | 上海发电设备成套设计研究院有限责任公司 | Intelligent detection equipment identity authentication method, system and device based on block chain |
| CN112861106A (en) * | 2021-02-26 | 2021-05-28 | 卓尔智联(武汉)研究院有限公司 | Digital certificate processing method and system, electronic device and storage medium |
| CN113254731A (en) * | 2021-06-30 | 2021-08-13 | 支付宝(杭州)信息技术有限公司 | Block link point connection method and device and electronic equipment |
| CN113704742A (en) * | 2021-09-23 | 2021-11-26 | 北京国民安盾科技有限公司 | Method and system for preventing user privacy leakage through equipment verification |
| CN115021938A (en) * | 2022-06-27 | 2022-09-06 | 中国银行股份有限公司 | Secure digital certificate application method and device |
| CN113704742B (en) * | 2021-09-23 | 2024-04-26 | 北京国民安盾科技有限公司 | Method and system for preventing device verification from leaking user privacy |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160275461A1 (en) * | 2015-03-20 | 2016-09-22 | Rivetz Corp. | Automated attestation of device integrity using the block chain |
| CN106385315A (en) * | 2016-08-30 | 2017-02-08 | 北京三未信安科技发展有限公司 | Digital certificate management method and system |
| CN106559211A (en) * | 2016-11-22 | 2017-04-05 | 中国电子科技集团公司第三十研究所 | Secret protection intelligence contract method in a kind of block chain |
| CN106651331A (en) * | 2016-12-22 | 2017-05-10 | 飞天诚信科技股份有限公司 | Digital currency-based electronic transaction method and system |
| CN106972931A (en) * | 2017-02-22 | 2017-07-21 | 中国科学院数据与通信保护研究教育中心 | A kind of method of certificate transparence in PKI |
| US20170250972A1 (en) * | 2016-02-29 | 2017-08-31 | Troy Jacob Ronda | Systems and methods for distributed identity verification |
| WO2017171165A1 (en) * | 2015-12-14 | 2017-10-05 | (주)코인플러그 | System for issuing public certificate on basis of block chain, and method for issuing public certificate on basis of block chain by using same |
| CN107769925A (en) * | 2017-09-15 | 2018-03-06 | 山东大学 | Public key infrastructure system and its certificate management method based on block chain |
-
2018
- 2018-09-14 CN CN201811083408.4A patent/CN109450843B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160275461A1 (en) * | 2015-03-20 | 2016-09-22 | Rivetz Corp. | Automated attestation of device integrity using the block chain |
| WO2017171165A1 (en) * | 2015-12-14 | 2017-10-05 | (주)코인플러그 | System for issuing public certificate on basis of block chain, and method for issuing public certificate on basis of block chain by using same |
| US20170250972A1 (en) * | 2016-02-29 | 2017-08-31 | Troy Jacob Ronda | Systems and methods for distributed identity verification |
| CN106385315A (en) * | 2016-08-30 | 2017-02-08 | 北京三未信安科技发展有限公司 | Digital certificate management method and system |
| CN106559211A (en) * | 2016-11-22 | 2017-04-05 | 中国电子科技集团公司第三十研究所 | Secret protection intelligence contract method in a kind of block chain |
| CN106651331A (en) * | 2016-12-22 | 2017-05-10 | 飞天诚信科技股份有限公司 | Digital currency-based electronic transaction method and system |
| CN106972931A (en) * | 2017-02-22 | 2017-07-21 | 中国科学院数据与通信保护研究教育中心 | A kind of method of certificate transparence in PKI |
| CN107769925A (en) * | 2017-09-15 | 2018-03-06 | 山东大学 | Public key infrastructure system and its certificate management method based on block chain |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020199982A1 (en) * | 2019-03-29 | 2020-10-08 | 华为技术有限公司 | Information verification method and apparatus, and device |
| CN111756678A (en) * | 2019-03-29 | 2020-10-09 | 华为技术有限公司 | Information verification method, device and equipment |
| CN111756678B (en) * | 2019-03-29 | 2023-03-28 | 华为技术有限公司 | Information verification method, device and equipment |
| CN110866288B (en) * | 2019-11-18 | 2023-01-10 | 广州安加互联科技有限公司 | Data protection method, system and terminal based on block chain |
| CN110866288A (en) * | 2019-11-18 | 2020-03-06 | 广州安加互联科技有限公司 | Data protection method, system and terminal based on block chain |
| CN111209262A (en) * | 2020-01-10 | 2020-05-29 | 浪潮天元通信信息系统有限公司 | Large-scale distributed safe storage system based on block chain |
| CN111209262B (en) * | 2020-01-10 | 2023-06-16 | 浪潮通信信息系统有限公司 | Large-scale distributed secure storage system based on block chain |
| CN111507719A (en) * | 2020-04-22 | 2020-08-07 | 北京众享比特科技有限公司 | Method and system for dynamically updating alliance link verification node in centralized mode |
| CN112787823A (en) * | 2021-01-27 | 2021-05-11 | 上海发电设备成套设计研究院有限责任公司 | Intelligent detection equipment identity authentication method, system and device based on block chain |
| CN112787823B (en) * | 2021-01-27 | 2023-01-13 | 上海发电设备成套设计研究院有限责任公司 | Intelligent detection equipment identity authentication method, system and device based on block chain |
| CN112861106A (en) * | 2021-02-26 | 2021-05-28 | 卓尔智联(武汉)研究院有限公司 | Digital certificate processing method and system, electronic device and storage medium |
| CN113254731A (en) * | 2021-06-30 | 2021-08-13 | 支付宝(杭州)信息技术有限公司 | Block link point connection method and device and electronic equipment |
| CN113704742A (en) * | 2021-09-23 | 2021-11-26 | 北京国民安盾科技有限公司 | Method and system for preventing user privacy leakage through equipment verification |
| CN113704742B (en) * | 2021-09-23 | 2024-04-26 | 北京国民安盾科技有限公司 | Method and system for preventing device verification from leaking user privacy |
| CN115021938A (en) * | 2022-06-27 | 2022-09-06 | 中国银行股份有限公司 | Secure digital certificate application method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109450843B (en) | 2021-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109450843A (en) | A kind of SSL certificate management method and system based on block chain | |
| CN109768988B (en) | Decentralized Internet of things security authentication system, equipment registration and identity authentication method | |
| JP4625234B2 (en) | User certificate / private key assignment in token-enabled public key infrastructure system | |
| CN101938473B (en) | Single-point login system and single-point login method | |
| CN100556035C (en) | In when operation packet signature, use trusted, hardware based authentication is so that the method for safety is carried out in mobile communication and high-value transactions | |
| CN109687965B (en) | Real-name authentication method for protecting user identity information in network | |
| CN103905204B (en) | The transmission method and Transmission system of data | |
| CN107810617A (en) | Secret certification and supply | |
| WO2021219086A1 (en) | Data transmission method and system based on blockchain | |
| US20080022085A1 (en) | Server-client computer network system for carrying out cryptographic operations, and method of carrying out cryptographic operations in such a computer network system | |
| CN101547095A (en) | Application service management system and management method based on digital certificate | |
| CN102834830A (en) | Method for reading an attribute from an id token | |
| TW201424316A (en) | Method for authenticatiing online transactions using a browser | |
| JP2000222362A (en) | Method and device for realizing multiple security check point | |
| CN101393628A (en) | Novel network safe transaction system and method | |
| CN104394172A (en) | Single sign-on device and method | |
| CN101335754B (en) | Method for information verification using remote server | |
| CN106060078A (en) | User information encryption method, user registration method and user validation method applied to cloud platform | |
| CN109981287A (en) | A kind of code signature method and its storage medium | |
| Bhiogade | Secure socket layer | |
| CN106845986A (en) | The signature method and system of a kind of digital certificate | |
| CN1838141A (en) | Technology for improving security of accessing computer application system by mobile phone | |
| CN111917543B (en) | User access cloud platform security access authentication system and application method thereof | |
| CN104125230A (en) | Short message authentication service system and authentication method | |
| Rattan et al. | E-Commerce Security using PKI approach |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240306 Address after: Room 1179, W Zone, 11th Floor, Building 1, No. 158 Shuanglian Road, Qingpu District, Shanghai, 201702 Patentee after: Shanghai Zhongan Information Technology Service Co.,Ltd. Country or region after: China Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Patentee before: ZHONGAN INFORMATION TECHNOLOGY SERVICE Co.,Ltd. Country or region before: China |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20240415 Address after: Room 1179, W Zone, 11th Floor, Building 1, No. 158 Shuanglian Road, Qingpu District, Shanghai, 201702 Patentee after: Shanghai Zhongan Information Technology Service Co.,Ltd. Country or region after: China Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Patentee before: ZHONGAN INFORMATION TECHNOLOGY SERVICE Co.,Ltd. Country or region before: China |