CN110099067B - Alliance block chain wallet node communication permission system and method - Google Patents
Alliance block chain wallet node communication permission system and method Download PDFInfo
- Publication number
- CN110099067B CN110099067B CN201910401420.3A CN201910401420A CN110099067B CN 110099067 B CN110099067 B CN 110099067B CN 201910401420 A CN201910401420 A CN 201910401420A CN 110099067 B CN110099067 B CN 110099067B
- Authority
- CN
- China
- Prior art keywords
- certificate
- node
- wallet
- block chain
- wallet node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
The utility model discloses a alliance block chain wallet node communication permission system and method, including: a wallet node, a full node and a license management system; the wallet node is configured and deployed at the personal client, is a blockchain access entrance and is convenient for the personal client to access the blockchain for transaction; providing services of certificate application, communication request and acceptance, and transaction initiation and acceptance for users; the full node is configured to be deployed on a server, has a node of a complete block chain account book, synchronizes all block chain data, independently checks all transactions on the block chain, updates the data in real time, and is responsible for broadcasting and verifying the transactions of the block chain; the system is responsible for providing certificate verification, communication acceptance or certificate blacklist management service; the license management system is configured to be deployed on the alliance block chain, is responsible for auditing all wallet nodes on the alliance block chain, and is responsible for providing identity verification, certificate creation and issuance, certificate verification or certificate revocation services.
Description
Technical Field
The present disclosure relates to the field of blockchain technologies, and in particular, to a system and method for granting a federation blockchain wallet node communication.
Background
The statements in this section merely provide background information related to the present disclosure and may not constitute prior art.
In the course of implementing the present disclosure, the inventors found that the following technical problems exist in the prior art:
the blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. The block chain of the alliance is a multi-centralization or partial decentralization block chain, only nodes with high trust degree are permitted to verify the transaction, the block chain is opened for a specific organization or group, risks caused by transparent data whole network can be avoided, and a new choice is provided for the fields of finance, supply chains, public services and the like. The proposal of the alliance block chain wallet node creates an advantage for the popularization of the alliance block chain, does not participate in consensus and block construction, does not store account book data, only provides a block chain access entrance, can be connected to a personal client (C end), runs on mobile equipment such as a mobile phone, a computer and the like, and facilitates the transaction of accessing the block chain by an application end.
However, because the number of wallet nodes is large and the wallet nodes frequently and dynamically enter and exit the alliance block chain, the problems of low efficiency, high communication traffic and the like easily occur when the permission management is realized through chain consensus, and thus the alliance block chain system is required to safely and efficiently process the admission and exit of the wallet nodes. However, the existing wallet node license management mechanism mainly depends on a centralized license management system, namely, the centralized license management system is responsible for processing admission application of the wallet node, continuously verifying the validity of the wallet node CA certificate, and broadcasting the change of the status of the wallet node CA certificate to the whole network. The centralized platform has the risks of single point dependence, information leakage, data tampering and lack of trust, and the trusted license management of the wallet node is difficult to realize. On the other hand, the existing wallet node permission management mechanism requires each full node (the full node is a node having a complete blockchain account book, needs to synchronize all blockchain data, can independently check all transactions on the blockchain and update the data in real time, is mainly responsible for broadcasting and verifying the transactions of the blockchain, and generally runs on a high-performance server) to store permission admission information of all wallet nodes in the whole network, such as a CA certificate, a node ID, an IP address and the like, which results in that the full node stores a large amount of data, increases system overhead and reduces the performance of the block chain of the alliance, and the scheme requires that a centralized permission management system has good communication with each node so that the CA certificate can be quickly synchronized to each node, and if the network condition is poor, the change is difficult to take effect, and a malicious node continues to access the network, Poor physical examination of the user and the like. Therefore, it is necessary to design a decentralized or multicentric wallet node admission management system to manage the access of wallet nodes to the alliance blockchain, so as to reduce the load of all nodes, reduce the operation cost of the alliance blockchain system, improve the credibility of the alliance blockchain system, and improve the performance and availability of the alliance blockchain.
Disclosure of Invention
In order to solve the problems of low credibility of a centralized management mechanism and high load of all nodes in the existing alliance block chain wallet node permission management technology, the disclosure provides an alliance block chain wallet node communication permission system and a method, which save the storage space of all account book nodes and reduce the operation cost of an alliance block chain platform; the verification efficiency of the full account book node in the alliance block chain on the wallet node is improved, and therefore the operation efficiency of the alliance block chain is improved. The method has the characteristics of strong universality, simplicity and convenience in implementation and the like, and has a wide application prospect.
In a first aspect, the present disclosure provides a federation blockchain wallet node communication permission system;
a federation blockchain wallet node communication admission system, comprising: a wallet node, a full node and a license management system;
the wallet node is configured and deployed at the personal client, is a blockchain access entrance and is convenient for the personal client to access the blockchain for transaction; providing services of certificate application, communication request and acceptance, and transaction initiation and acceptance for users;
the full node is configured to be deployed on a server, has a node of a complete block chain account book, synchronizes all block chain data, independently checks all transactions on the block chain, updates the data in real time, and is responsible for broadcasting and verifying the transactions of the block chain; the system is responsible for providing certificate verification, communication acceptance or certificate blacklist management service;
the license management system is configured to be deployed on the alliance block chain, is responsible for auditing all wallet nodes on the alliance block chain, and is responsible for providing identity verification, certificate creation and issuance, certificate verification or certificate revocation services.
In a second aspect, the present disclosure also provides a federation block chain wallet node communication permission method;
a alliance blockchain wallet node communication permission method comprises the following steps:
the wallet node sends an admission application to the admission management system;
the permission management system checks the wallet nodes on the alliance block chain and judges whether the admission condition is met; if the wallet node does not meet the admission permission condition, rejecting the admission application; if the wallet node meets the permission admission condition, the permission management system creates and issues a CA certificate, and simultaneously broadcasts the transaction of the issued CA certificate in the alliance block chain;
the wallet node establishes an https communication channel request to the whole node;
the full node verifies the CA certificate of the wallet node and judges whether the CA certificate is valid or not; if the CA certificate is invalid, the whole node refuses to communicate with the wallet node; if the CA certificate is valid, the wallet node successfully establishes an https communication channel with the whole node;
the wallet node conducts transactions with other wallet nodes on the federation blockchain.
Compared with the prior art, the beneficial effect of this disclosure is:
(1) compared with the traditional centralized node permission management method of the block chain of the alliance, the method designs a multi-center auditing process for the wallet node to enter and exit the block chain of the alliance, and the admission and the exit of the wallet node are decided by the permission management system, so that the safety problems of single-point dependence, information leakage, trust loss, vulnerability, data tampering and the like caused by a centralized wallet node management mode are effectively avoided.
(2) All the nodes are required to store all CA certificate information in the traditional alliance block chain license management system, all the nodes are only required to store the certificate information of the failed wallet nodes in the system, so that whether a communication channel is established with the wallet nodes or not is judged, the storage space of all the nodes is saved, the overall consumption of an alliance block chain system is reduced, and the overall performance of the alliance block chain is effectively improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the application and, together with the description, serve to explain the application and are not intended to limit the application.
Fig. 1 is a federation blockchain wallet node communication permission system of a first embodiment;
FIG. 2 is a flow chart of a method of a second embodiment;
FIG. 3 is a flow chart of a method of the second embodiment.
Detailed Description
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments according to the present application. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
Interpretation of professional terms:
federation blockchains: the block chain is essentially an infrastructure supporting the trusted transfer of value, and is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A federation blockchain is a multicenter or partially decentralized blockchain, and the consensus process is controlled by certain designated nodes for admission to the nodes.
All nodes: the full node is a node with a complete block chain account book, needs to occupy a memory to synchronize all block chain data, can independently check all transactions on the block chain and update the data in real time, and is mainly responsible for broadcasting and verifying the transactions of the block chain.
A wallet node: the wallet node does not participate in consensus and block construction, does not store the book data, but provides a block chain access entrance, and can run on mobile devices such as mobile phones and computers.
Intelligent contract: an intelligent contract is a computer protocol intended to propagate, validate or execute contracts in an informational manner. Smart contracts allow trusted transactions to be conducted without third parties, which transactions are traceable and irreversible.
CA: the CA (certificate Authority) is a third-party trusted Authority (trusted third party) that generates and determines a digital certificate based on public key infrastructure pki (public key infrastructure), and mainly issues an identity certificate and manages normal use of an electronic certificate according to a policy set by a designer.
A license management system: the admission management system is a component of the blockchain that is responsible for auditing nodes on the blockchain.
In the first embodiment, the present embodiment provides a federation block chain wallet node communication permission system;
as shown in fig. 1, a federation blockchain wallet node communication admission system includes: a wallet node 10, a full node 11, and a license management system 12;
the wallet node 10 is configured to be deployed at an individual client, and is a blockchain access entry, so that the individual client can conveniently access the blockchain to perform transactions; providing services of certificate application, communication request and acceptance, and transaction initiation and acceptance for users;
the full node 11 is configured to be deployed on a server, has a node of a complete blockchain account book, synchronizes all blockchain data, independently checks all transactions on the blockchain and updates the data in real time, and is responsible for broadcasting and verifying the transactions of the blockchain; the system is responsible for providing certificate verification, communication acceptance or certificate blacklist management service;
the license management system 12 is configured to be deployed on the federation blockchain, and is responsible for auditing all wallet nodes on the federation blockchain, and for providing authentication, certificate creation and issuance, certificate verification, or certificate revocation services.
It should be understood that the wallet node does not participate in consensus and block construction, does not store the ledger data, but serves as a block chain access entry, can be connected to a personal client (C end), runs on a mobile device such as a mobile phone and a computer, and facilitates the application end to access the block chain for transaction.
It should be understood that the certificate, i.e., the CA certificate, the CA (certificate Authority) is a third-party trusted Authority (trusted third party) that generates and determines a digital certificate based on a public key infrastructure pki (public key infrastructure), and mainly issues an identity certificate and manages normal use of an electronic certificate according to a policy set by a designer.
It should be understood that the whole node decrypts the CA certificate by using the public key of the CA stored in the node, compares whether the certificate is valid or not, rejects the communication request if the certificate is invalid, and directly establishes the https communication channel with the wallet node if the certificate is valid.
As one or more embodiments, the wallet node 10 includes: a certificate application module 101, a communication module 102 and a transaction module 103;
the certificate application module 101 is configured to send the ID of the wallet node, the user name, the user ID and the user public key to the license management system;
the communication module 102 is configured to initiate a communication request to all nodes based on the obtained CA certificate of permission;
the transaction module 103 is configured to initiate transaction requests to other wallet nodes or accept transaction requests of other wallet nodes;
as one or more embodiments, the full node 11 includes: a certificate verification module 111, a communication acceptance module 112 and a certificate blacklist management module 113;
the certificate verification module 111 configured to verify the validity of the CA certificate of the wallet node that initiated the communication request;
the communication acceptance module 112 is configured to accept a communication request of the wallet node;
the certificate blacklist management module 113 is configured to add the CA certificate of the invalidated wallet node to a certificate blacklist.
As one or more embodiments, the license management system 12 includes: an identity authentication module 121, a certificate creation and issuance module 122, a certificate authentication module 123, and a certificate revocation module 124;
the identity authentication module 121 is configured to authenticate identity information of the wallet node;
the certificate creating and issuing module 122 is configured to create a CA certificate signed by multiple parties for a wallet node and issue the CA certificate to the wallet node;
the CA certificate with the multi-party signature is a CA certificate with a set time efficiency which is manufactured by using the public key of the wallet node, the signature of the public key and the basic information of the wallet node.
And the member nodes of the block chain operation committee refer to nodes with the trust degree exceeding a set threshold value, and the trust degree is obtained through a trust degree calculation algorithm.
The basic information of the wallet node comprises: the ID of the wallet node, the user name, the user ID, and the CA certificate usage validity period.
The certificate verification module 123 is configured to verify the validity of the wallet node CA certificate at set time intervals;
the certificate revoking module 124 is configured to revoke the CA certificate of the wallet node verified as being expired and broadcast the result of the verification expiration onto the federation blockchain.
In a second embodiment, the present embodiment provides a federation blockchain wallet node communication permission method;
as shown in fig. 2, the alliance blockchain wallet node communication permission method includes:
s201: the wallet node sends an admission application to the admission management system;
s202: the permission management system checks the wallet nodes on the alliance block chain and judges whether the admission condition is met; if the wallet node does not meet the admission permission condition, rejecting the admission application; if the wallet node meets the permission admission condition, the permission management system creates and issues a CA certificate, and simultaneously broadcasts the transaction of the issued CA certificate in the alliance block chain;
s203: the wallet node establishes an https communication channel request to the whole node;
s204: the full node verifies the CA certificate of the wallet node and judges whether the CA certificate is valid or not; if the CA certificate is invalid, the whole node refuses to communicate with the wallet node; if the CA certificate is valid, the wallet node successfully establishes an https communication channel with the whole node;
s205: the wallet node conducts transactions with other wallet nodes on the federation blockchain.
As one or more embodiments, the admission application issued by the wallet node to the license management system specifically includes: the wallet node submits the related information for proving the legal identity of the user and the user public key corresponding to the intelligent contract according to the process of applying for the third-party CA certificate.
It should be understood that the relevant information for proving the legal identity of the user includes: the ID of the wallet node, the username, and the user ID.
A smart contract, i.e. a computer protocol intended to propagate, verify or execute contracts in an informative manner, allows trusted transactions to be conducted without third parties, which transactions are traceable and irreversible.
As one or more embodiments, the determining whether the admission condition is satisfied specifically includes: and the member node in the operation management committee audits the ID, the user name, the user ID and the user public key of the wallet node submitted by the wallet node to be compared with the data stored in the database, judges whether the access condition is met, votes whether to issue a CA certificate or not, and permits the access to the wallet node when the number of votes approved is more than or equal to two thirds of the total number of the members of the operation committee.
As one or more embodiments, creating a CA certificate specifically includes:
the member nodes of the block chain operation committee use respective private keys to sign the public key of the wallet node;
and the license management system makes the public key of the wallet node, the signature of the public key, the ID of the wallet node, the user name, the user ID and the use validity period of the CA certificate into a CA certificate with set time efficiency.
As one or more embodiments, the S204 specifically includes:
s204-1: the whole node inquires from a blacklist for storing the invalid certificate, checks whether a CA certificate sent by the wallet node is invalid or not, if the CA certificate exists in the blacklist, the certificate is invalid, the whole node rejects the communication request, and if the CA certificate does not exist in the blacklist, the S204-2 is carried out;
s204-2: the full node analyzes the CA certificate by using the public key of the member node of the operation committee stored by the node to obtain the field of the CA certificate, compares whether the verification field is valid or not, and refuses the communication request if the verification field is invalid; if the certificate is valid, the certificate of the wallet node CA is proved to be legal, all nodes do not store the certificate information which is verified to be legal, and the wallet node and all nodes establish an https communication channel.
Fields of the CA certificate, including: the ID of the wallet node, username, user ID, or certificate usage validity period.
As one or more embodiments, the specific steps of S205 are: the wallet node initiates a transaction application to a wallet node, the wallet node initiates a CA certificate query request to any whole node, the whole node feeds back a query result, if the feedback result is that the CA certificate of the wallet node initiating the transaction application is valid, the transaction is accepted, otherwise, the transaction is rejected.
As shown in fig. 3, the method for alliance blockchain wallet node communication admission further comprises:
s206: the permission management system automatically acquires CA certificate information of the wallet node at regular time;
s207: the permission management system verifies whether the CA certificate of the wallet node is invalid; if the CA certificate of the wallet node is not invalid, the process is ended; if the CA certificate of the wallet node is invalid, the permission management system sends the transaction of which the CA certificate of the wallet node is invalid to the alliance blockchain;
s208: the whole node adds the CA certificate of the wallet node which is judged to be invalid by the permission management system into a blacklist;
s209: the wallet node requests communication with the full node to be refused by the full node;
s210: the wallet node fails to transact with other wallet nodes on the federation blockchain.
As one or more embodiments, the specific step of S207 includes:
the member nodes forming the operation management committee verify whether the CA certificate of the wallet node is expired or revoked due to reasons, vote on the quit block chain of the wallet node through the permission management system, and allow the wallet node to quit the alliance block chain when the number of vote votes is more than or equal to two thirds of the total number of the members of the operation management committee;
as one or more embodiments, the specific step of S209 includes:
the CA certificate failed wallet node initiates a communication request with the whole node, and the whole node verifies from the stored failure certificate list that the CA certificate of the wallet node which requests to communicate is failed and refuses to communicate with the whole node.
As one or more embodiments, the specific step of S210 includes:
the wallet node with the certificate failed initiates a transaction request with a wallet node on the alliance block chain, the wallet node initiates a CA certificate inquiry request to any whole node, the whole node feeds back that the CA certificate of the wallet node initiating the transaction request is failed, and the wallet node rejects the transaction request.
The utility model provides a alliance block chain wallet node permission management method, designs multicenter-and-exit alliance block chain of wallet node of many management system management of permission, and the operation management committee that constitutes by the node of high trust examines and verifies identity information, CA certificate etc. to the wallet node to vote to a resolution, and the resolution passes when the number of votes of agreeing to is greater than or equal to two-thirds of operation committee member total number. The wallet CA certificate blacklist is created in the whole node, and when the whole node receives a communication request initiated by the wallet node through the CA certificate, whether the wallet node CA certificate is valid or not is only required to be inquired from the CA certificate blacklist to judge whether the communication request of the wallet node is accepted or not, so that the storage space of the whole node is saved, and the verification efficiency of the whole node on the wallet node is improved. The method and the device improve the credibility of the wallet node permission management mechanism in the alliance blockchain, effectively reduce the running cost of an alliance blockchain platform and improve the running efficiency and the usability of the alliance blockchain. The method has the characteristics of strong universality, simplicity and convenience in implementation and the like, and has a wide application prospect.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. A alliance block chain wallet node communication permission system is characterized by comprising: a wallet node, a full node and a license management system;
the wallet node is configured and deployed at the personal client, is a blockchain access entrance and is convenient for the personal client to access the blockchain for transaction; providing services of certificate application, communication request and acceptance, and transaction initiation and acceptance for users;
the full node is configured to be deployed on a server, has a node of a complete block chain account book, synchronizes all block chain data, independently checks all transactions on the block chain, updates the data in real time, and is responsible for broadcasting and verifying the transactions of the block chain; the system is responsible for providing certificate verification, communication acceptance or certificate blacklist management service; the whole node does not need to store all certificate information, and only needs to store invalid certificate information to judge whether the CA certificate of the wallet node is invalid or not;
the license management system is configured to be deployed on the alliance block chain, is responsible for auditing all wallet nodes on the alliance block chain, and is responsible for providing identity verification, certificate creation and issuance, certificate verification or certificate revocation services.
2. A federation block chain wallet node communication admission system as claimed in claim 1, wherein the wallet node comprises: the system comprises a certificate application module, a communication module and a transaction module;
the certificate application module is configured to send the ID of the wallet node, the user name, the user ID and the user public key to a license management system;
the communication module is configured to initiate a communication request to the whole node based on the obtained CA certificate allowing the access;
the transaction module is configured to initiate transaction requests to other wallet nodes or accept transaction requests of other wallet nodes.
3. A federation block chain wallet node communication admission system as claimed in claim 1 wherein the full node comprises: the system comprises a certificate verification module, a communication acceptance module and a certificate blacklist management module;
the certificate verification module is configured to verify the validity of the CA certificate of the wallet node which initiates the communication request;
the communication acceptance module is configured to accept a communication request of the wallet node;
the certificate blacklist management module is configured to add the CA certificate of the invalidated wallet node to a certificate blacklist.
4. A federation block chain wallet node communication permission system as claimed in claim 1 wherein the permission management system comprises: the system comprises an identity authentication module, a certificate creating and issuing module, a certificate authentication module and a certificate revoking module;
the identity authentication module is configured to authenticate identity information of the wallet node;
the certificate creating and issuing module is configured to create a multi-party signed CA certificate for the wallet node and send the CA certificate to the wallet node;
the certificate verification module is configured to verify the validity of the wallet node CA certificate according to a set time interval;
the certificate revoking module is configured to revoke the CA certificate of the wallet node which is verified to be invalid, and broadcast the result of the verification invalidation to the alliance block chain.
5. A federation blockchain wallet node communication permission method employing the federation blockchain wallet node communication permission system of any one of claims 1-4, comprising:
s201: the wallet node sends a permission admission application to a permission management system;
s202: the permission management system checks the wallet nodes on the alliance block chain and judges whether permission admission conditions are met; if the wallet node does not meet the admission permission condition, rejecting the admission permission application; if the wallet node meets the permission admission condition, the permission management system creates and issues a CA certificate, and simultaneously broadcasts the transaction of the issued CA certificate in the alliance block chain;
s203: the wallet node establishes an https communication channel request to the whole node;
s204: the full node verifies the CA certificate of the wallet node and judges whether the CA certificate is valid or not; if the CA certificate is invalid, the whole node refuses to communicate with the wallet node; if the CA certificate is valid, the wallet node successfully establishes an https communication channel with the whole node; the whole node does not need to store all certificate information, and only needs to store invalid certificate information to judge whether the CA certificate of the wallet node is invalid or not;
s205: the wallet node conducts transactions with other wallet nodes on the federation blockchain.
6. The method of claim 5, wherein determining whether the admission criteria are met comprises: and the member node in the operation management committee audits the ID, the user name, the user ID and the user public key of the wallet node submitted by the wallet node to be compared with the data stored in the database, judges whether the permission admission condition is met, votes whether to issue a CA certificate, and permits the admission to the wallet node when the number of votes for the permission is more than or equal to two thirds of the total number of the members of the operation committee.
7. The method as claimed in claim 5, wherein creating a CA certificate comprises:
the member nodes of the block chain operation committee use respective private keys to sign the public key of the wallet node;
and the license management system makes the public key of the wallet node, the signature of the public key, the ID of the wallet node, the user name, the user ID and the use validity period of the CA certificate into a CA certificate with set time efficiency.
8. The method as claimed in claim 5, wherein the S204 specifically includes:
s204-1: the whole node inquires from a blacklist for storing the invalid certificate, checks whether a CA certificate sent by the wallet node is invalid or not, if the CA certificate exists in the blacklist, the certificate is invalid, the whole node rejects the request of the communication channel, and if the CA certificate does not exist in the blacklist, the S204-2 is switched to;
s204-2: the full node analyzes the CA certificate by using the public key of the member node of the operation committee stored by the node to obtain the field of the CA certificate, compares whether the verification field is valid or not, and refuses the communication channel request if the verification field is invalid; if the certificate is valid, the certificate of the wallet node CA is proved to be legal, all nodes do not store the certificate information which is verified to be legal, and the wallet node and all nodes establish an https communication channel.
9. The method as claimed in claim 5, wherein the step of S205 is as follows: the wallet node initiates a transaction application to a wallet node, the wallet node initiates a CA certificate query request to any whole node, the whole node feeds back a query result, if the feedback result is that the CA certificate of the wallet node initiating the transaction application is valid, the transaction is accepted, otherwise, the transaction is rejected.
10. The method of claim 5, further comprising:
s206: the permission management system automatically acquires CA certificate information of the wallet node at regular time;
s207: the permission management system verifies whether the CA certificate of the wallet node is invalid; if the CA certificate of the wallet node is not invalid, the process is ended; if the CA certificate of the wallet node is invalid, the permission management system sends the transaction of which the CA certificate of the wallet node is invalid to the alliance blockchain;
s208: the whole node adds the CA certificate of the wallet node which is judged to be invalid by the permission management system into a blacklist;
s209: the wallet node requests communication with the full node to be refused by the full node;
s210: the wallet node fails to transact with other wallet nodes on the federation blockchain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910401420.3A CN110099067B (en) | 2019-05-14 | 2019-05-14 | Alliance block chain wallet node communication permission system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910401420.3A CN110099067B (en) | 2019-05-14 | 2019-05-14 | Alliance block chain wallet node communication permission system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110099067A CN110099067A (en) | 2019-08-06 |
| CN110099067B true CN110099067B (en) | 2022-02-25 |
Family
ID=67448100
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910401420.3A Active CN110099067B (en) | 2019-05-14 | 2019-05-14 | Alliance block chain wallet node communication permission system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110099067B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110572398B (en) * | 2019-09-10 | 2021-08-31 | 腾讯科技(深圳)有限公司 | Block chain network control method, device, equipment and storage medium |
| CN110601816B (en) * | 2019-09-18 | 2021-09-28 | 腾讯科技(深圳)有限公司 | Lightweight node control method and device in block chain system |
| CN110599144B (en) * | 2019-09-24 | 2023-08-22 | 腾讯科技(深圳)有限公司 | Network access method and device for blockchain nodes |
| CN110992035A (en) * | 2019-12-13 | 2020-04-10 | 中国工商银行股份有限公司 | Block chain link point management method, device and system |
| CN113098743B (en) * | 2019-12-23 | 2022-12-06 | 北京神经元网络技术有限公司 | Bus type user node dynamic access control method, main node and storage medium |
| CN112398924A (en) * | 2020-11-03 | 2021-02-23 | 深圳壹账通智能科技有限公司 | Block chain node admission control method, block chain node admission control device, computer equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106301792A (en) * | 2016-08-31 | 2017-01-04 | 江苏通付盾科技有限公司 | Ca authentication management method based on block chain, Apparatus and system |
| CN107426157A (en) * | 2017-04-21 | 2017-12-01 | 杭州趣链科技有限公司 | A kind of alliance's chain authority control method based on digital certificate and ca authentication system |
| WO2018008800A1 (en) * | 2016-07-04 | 2018-01-11 | (주)코인플러그 | Accredited certificate authentication system based on blockchain, and accredited certificate authentication method based on blockchain, using same |
| CN108052530A (en) * | 2017-11-10 | 2018-05-18 | 杭州云象网络技术有限公司 | A kind of decentralization CA construction methods and its system based on alliance's chain |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10848322B2 (en) * | 2017-03-24 | 2020-11-24 | Cable Television Laboratories, Inc | System and method for distributed PKI root |
| CN107273760A (en) * | 2017-06-09 | 2017-10-20 | 济南浪潮高新科技投资发展有限公司 | One kind is based on many CA application authentication methods of block chain |
| CN107395343B (en) * | 2017-07-10 | 2019-10-25 | 腾讯科技(深圳)有限公司 | Certificate management method and system |
| US20190140848A1 (en) * | 2017-11-07 | 2019-05-09 | Spinbackup Inc. | Decentralized Access Control for Cloud Services |
-
2019
- 2019-05-14 CN CN201910401420.3A patent/CN110099067B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018008800A1 (en) * | 2016-07-04 | 2018-01-11 | (주)코인플러그 | Accredited certificate authentication system based on blockchain, and accredited certificate authentication method based on blockchain, using same |
| CN106301792A (en) * | 2016-08-31 | 2017-01-04 | 江苏通付盾科技有限公司 | Ca authentication management method based on block chain, Apparatus and system |
| CN107426157A (en) * | 2017-04-21 | 2017-12-01 | 杭州趣链科技有限公司 | A kind of alliance's chain authority control method based on digital certificate and ca authentication system |
| CN108052530A (en) * | 2017-11-10 | 2018-05-18 | 杭州云象网络技术有限公司 | A kind of decentralization CA construction methods and its system based on alliance's chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110099067A (en) | 2019-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110099067B (en) | Alliance block chain wallet node communication permission system and method | |
| CN110032865B (en) | Authority management method, device and storage medium | |
| US8161164B2 (en) | Authorizing service requests in multi-tiered applications | |
| US9642006B2 (en) | Secure wireless charging | |
| US8898457B2 (en) | Automatically generating a certificate operation request | |
| US10341325B2 (en) | System and method for transferring device identifying information | |
| CN1881879B (en) | Public key framework and method for checking user | |
| CN1859096B (en) | Safety verifying system and method | |
| US8539225B2 (en) | Method and device for dynamic deployment of trust bridges in an ad hoc wireless network | |
| US9225525B2 (en) | Identity management certificate operations | |
| CN1681238B (en) | Key allocating method and key allocation system for encrypted communication | |
| CN111884815A (en) | Block chain-based distributed digital certificate authentication system | |
| US20140136838A1 (en) | Entity network translation (ent) | |
| US20100154040A1 (en) | Method, apparatus and system for distributed delegation and verification | |
| CN113507458B (en) | Cross-domain identity authentication method based on block chain | |
| CN111262692A (en) | Key distribution system and method based on block chain | |
| CN113824563B (en) | Cross-domain identity authentication method based on block chain certificate | |
| Abraham et al. | Revocable and offline-verifiable self-sovereign identities | |
| Moussaoui et al. | A Distributed Blockchain Based PKI (BCPKI) architecture to enhance privacy in VANET | |
| CN111586049A (en) | Lightweight key authentication method and device for mobile internet | |
| US9703987B2 (en) | Identity based connected services | |
| US8200811B2 (en) | Automatic server administration of serial numbers in a replicated certificate authority topology | |
| Tian et al. | Feasibility of identity authentication for IoT based on blockchain | |
| CN116208344A (en) | Consensus method, consensus network, electronic device, and readable storage medium | |
| CN113259350A (en) | Cryptographic user authorization and authentication system based on key generation algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |