CN112862487A - Digital certificate authentication method, equipment and storage medium - Google Patents

Digital certificate authentication method, equipment and storage medium Download PDF

Info

Publication number
CN112862487A
CN112862487A CN202110236665.2A CN202110236665A CN112862487A CN 112862487 A CN112862487 A CN 112862487A CN 202110236665 A CN202110236665 A CN 202110236665A CN 112862487 A CN112862487 A CN 112862487A
Authority
CN
China
Prior art keywords
digital certificate
algorithm
alliance chain
resource platform
nodes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110236665.2A
Other languages
Chinese (zh)
Inventor
陈录城
徐春长
冷合礼
盛国军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao Haichain Digital Technology Co ltd
Haier Digital Technology Qingdao Co Ltd
Haier Caos IoT Ecological Technology Co Ltd
Qingdao Haier Industrial Intelligence Research Institute Co Ltd
Original Assignee
Qingdao Haichain Digital Technology Co ltd
Haier Digital Technology Qingdao Co Ltd
Haier Caos IoT Ecological Technology Co Ltd
Qingdao Haier Industrial Intelligence Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao Haichain Digital Technology Co ltd, Haier Digital Technology Qingdao Co Ltd, Haier Caos IoT Ecological Technology Co Ltd, Qingdao Haier Industrial Intelligence Research Institute Co Ltd filed Critical Qingdao Haichain Digital Technology Co ltd
Priority to CN202110236665.2A priority Critical patent/CN112862487A/en
Publication of CN112862487A publication Critical patent/CN112862487A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention provides a digital certificate authentication method, equipment and a storage medium, wherein the method comprises the following steps: acquiring different digital certificates from a resource platform; and acquiring a corresponding CA algorithm from a alliance chain based on the CA mechanism identification information corresponding to the digital certificate, analyzing the digital certificate through the CA algorithm, and sending an analysis result to the resource platform so that the resource platform judges whether the digital certificate is successfully authenticated based on the analysis result. The technical scheme provided by the embodiment of the invention can be used for carrying out compatibility and authentication on different digital certificates, can reduce the cost of enterprises and can better protect the CA algorithm of the enterprises.

Description

Digital certificate authentication method, equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of networks, in particular to a digital certificate authentication method, digital certificate authentication equipment and a storage medium.
Background
At present, regional electronic authentication service organizations, namely, ca (certificate authority) organizations, are established in various regions throughout the country, and the application of certificate issuing and electronic authentication in various regions is rapidly developed after several years of construction.
Since the CA organizations in various regions do not realize the interconnection of systems at the beginning of construction, the phenomena of incompatibility and mutual recognition of one CA organization, one industry CA organization and a plurality of CA organizations, and inconsistent standard specifications of digital certificates issued by the CA organizations appear. The digital certificate is an electronic key for enterprises to participate in resource transactions, and is commonly called a 'secret key dog'. At present, there are more than 40 CA organizations in the whole country to provide authentication service for the transaction systems of all resource platforms in the whole country, and one transaction system generally has 4 to 5 CA organizations to provide authentication service. Due to the incompatibility of different digital certificates and the mutual authentication of the digital certificates among CA organizations, enterprises need to purchase different electronic keys to participate in transactions by using transaction systems, and high cost is needed.
Disclosure of Invention
The embodiment of the invention provides a digital certificate authentication method, which can be used for carrying out compatibility and authentication on different digital certificates, can reduce the cost of enterprises and can better protect the CA algorithm of the enterprises.
In a first aspect, an embodiment of the present invention provides a digital certificate authentication method, including:
acquiring different digital certificates from a resource platform;
and acquiring a corresponding CA algorithm from a alliance chain based on the CA mechanism identification information corresponding to the digital certificate, analyzing the digital certificate through the CA algorithm, and sending an analysis result to the resource platform so that the resource platform judges whether the digital certificate is successfully authenticated based on the analysis result.
In a second aspect, an embodiment of the present invention further provides a digital certificate authentication method, including:
the resource platform accesses different digital certificates;
the CA organization node acquires different digital certificates from the resource platform;
the CA organization node acquires a corresponding CA algorithm from a alliance chain based on the CA organization identification information corresponding to the digital certificate, analyzes the digital certificate through the CA algorithm and sends an analysis result to the resource platform;
and the resource platform judges whether the digital certificate is successfully authenticated or not based on the analysis result.
In a third aspect, an embodiment of the present invention provides a digital certificate authentication apparatus, including:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the methods provided by the embodiments of the present invention.
In a fourth aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the method provided by the present invention.
According to the technical scheme provided by the embodiment of the invention, different digital certificates are obtained from the resource platform, the corresponding CA algorithm is obtained from the alliance chain based on the CA mechanism identification information corresponding to the digital certificates, the digital certificates are analyzed through the CA algorithm, the analysis result is sent to the resource platform so that the resource platform can judge whether the digital certificates are successfully authenticated based on the analysis result, the different digital certificates can be compatible and authenticated, the digital certificates can be mutually authenticated among the CA mechanisms, the enterprise cost can be reduced, and the CA algorithm of an enterprise can be better protected.
Drawings
Fig. 1 is a flowchart of a digital certificate authentication method according to an embodiment of the present invention;
fig. 2a is a flowchart of a method for authenticating a digital certificate according to an embodiment of the present invention;
FIG. 2b is an interaction diagram of a resource platform and a federation chain network;
FIG. 2c is a diagram of the interaction between the resource platform, the digital certificate mutual authentication platform, and the nodes in the federation chain network;
fig. 3 is a flowchart of a method for authenticating a digital certificate according to an embodiment of the present invention;
fig. 4 is a block diagram of a digital certificate authentication apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an apparatus according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Fig. 1 is a flowchart of a digital certificate authentication method provided by an embodiment of the present invention, where the method may be performed by a digital certificate authentication apparatus, where the apparatus may be implemented by software and/or hardware, and the apparatus may be configured on a CA authority node, where the CA authority node may be a device corresponding to a CA authority. The method provided by the embodiment of the invention can be applied to a scene of authenticating digital certificates issued by different CA authorities.
As shown in fig. 1, the technical solution provided by the embodiment of the present invention includes:
s110: and acquiring different digital certificates from the resource platform.
In the embodiment of the present invention, the digital certificate may be a CA certificate, and the resource platform may access different digital certificates, that is, the resource platform may access digital certificates issued by different CA authorities. The digital certificates issued by the various CA authorities are not identical. The resource platform may send each of the accessed different digital certificates to the CA authority node, and the CA authority node may obtain the digital certificate from the resource platform, where each CA authority node may correspond to the resource platform, that is, each resource platform may correspond to one CA authority node. The resource platform can access a plurality of different digital certificates at the same time, or the resource platform can access a plurality of digital certificates in sequence.
S120: and acquiring a corresponding CA algorithm from a alliance chain based on the CA mechanism identification information corresponding to the digital certificate, analyzing the digital certificate through the CA algorithm, and sending an analysis result to the resource platform so that the resource platform judges whether the digital certificate is successfully authenticated based on the analysis result.
In the embodiment of the invention, the alliance chain stores the CA algorithm uploaded by each CA mechanism node, and the CA algorithm can analyze the digital certificate.
In an implementation manner of the embodiment of the present invention, optionally, before acquiring a corresponding CA algorithm from a federation chain based on CA authority identification information corresponding to the digital certificate and analyzing the digital certificate through the CA algorithm, the method may further include: acquiring the CA algorithm, and uploading the CA algorithm to an alliance chain of local CA organization nodes; synchronizing the CA algorithm to the alliance chain of other CA institution nodes in the alliance chain network; the CA mechanism node, the super node and the supervision mechanism node form a alliance chain network. The CA mechanism node acquires the CA algorithm according to the instruction, uploads the CA algorithm to the alliance chain of the local CA mechanism node, and synchronizes the CA algorithm to the alliance chain of other CA mechanism nodes in the alliance chain network. The CA structure nodes, the super nodes and the supervision agency nodes form a alliance chain network.
Therefore, by performing uplink storage on the CA algorithm, the CA algorithm can be better protected, a resource platform can be compatible with more digital certificates, and the upgrading of the CA algorithm can also be compatible.
In the embodiment of the invention, the CA mechanism node can acquire the corresponding CA mechanism identification information through the digital certificate, or the CA mechanism node can acquire the CA mechanism identification information corresponding to the digital certificate from the resource platform, the CA mechanism node can acquire the CA algorithm corresponding to the CA mechanism identification information from the alliance chain, the digital certificate is analyzed through the CA algorithm, and the analysis result is sent to the resource platform so that the resource platform can judge whether the digital certificate is successfully authenticated based on the analysis result, thereby enabling a user to know the authenticity of the digital certificate.
In an implementation manner of the embodiment of the present invention, optionally, the determining, based on the analysis result, whether the digital certificate is successfully authenticated includes: if the analysis result is enterprise identification information and CA mechanism information, the digital certificate is judged to be successfully authenticated; and if the analysis result is error information, judging that the digital certificate authentication fails. The enterprise identification information is the enterprise identification information to which the digital certificate belongs; the analyzed CA authority information is CA authority information for issuing a digital certificate, and may be uniform code certificate information of the CA authority, for example. When the enterprise identification information and the CA organization information can be analyzed through the CA algorithm, the authentication of the digital certificate is successful, and the digital certificate is legal and real; if the enterprise identification information and the CA organization information cannot be analyzed through the CA algorithm, the digital certificate is proved to be unreal, and the digital certificate authentication fails.
According to the technical scheme provided by the embodiment of the invention, different digital certificates are obtained from the resource platform, the corresponding CA algorithm is obtained from the alliance chain based on the CA mechanism identification information corresponding to the digital certificates, the digital certificates are analyzed through the CA algorithm, and the analysis result is sent to the resource platform so that the resource platform can judge whether the digital certificates are successfully authenticated based on the analysis result, so that the CA algorithm of an enterprise can be better protected, different digital certificates can be compatible and authenticated, and the cost can be reduced.
Fig. 2a is a flowchart of a method for authenticating a digital certificate according to an embodiment of the present invention, where in this embodiment, optionally, the method according to the embodiment of the present invention may further include:
acquiring the CA algorithm, and uploading the CA algorithm to an alliance chain of local CA organization nodes;
synchronizing the CA algorithm to the alliance chain of other CA institution nodes in the alliance chain network; the CA mechanism node, the super node and the supervision mechanism node form a alliance chain network.
Optionally, the method provided in the embodiment of the present invention may further include:
acquiring a signature algorithm, and uploading the signature algorithm to a alliance chain of local CA (certificate Authority) organization nodes;
synchronizing the signature algorithm to alliance chains of other CA mechanism nodes in an alliance chain network; the CA mechanism node, the super node and the supervision mechanism node form a alliance chain network.
Optionally, the method provided in the embodiment of the present invention may further include:
receiving a signature request of a target file based on the digital certificate, which is sent by the resource platform;
and acquiring a signature algorithm corresponding to the signature request from the alliance chain, and sending the signature algorithm to the resource platform so that the resource platform signs the target file through the signature algorithm based on the digital certificate.
As shown in fig. 2a, the technical solution provided by the embodiment of the present invention includes:
s210: and acquiring the CA algorithm, and uploading the CA algorithm to the alliance chain of the local CA organization nodes.
In this embodiment, a user may customize a CA algorithm through the digital certificate mutual authentication platform and send an instruction of a chain in the CA algorithm, and the CA organization node obtains the CA algorithm according to the instruction and uploads the CA algorithm to the alliance chain of local CA organization nodes.
S220: synchronizing the CA algorithm to the alliance chain of other CA institution nodes in the alliance chain network; the CA mechanism node, the super node and the supervision mechanism node form a alliance chain network.
In the embodiment of the present invention, as shown in fig. 2b, the formed alliance chain network is shown in fig. 2b, where the CA authority nodes, the supernodes, and the supervisor authority nodes form an alliance chain network, and the CA authority nodes may include a CA authority root node, a CA authority secondary node, a third-party CA authority node, and the like.
The super node can control the access of the CA mechanism node and other operations, and the supervision mechanism node can supervise the nodes in the alliance chain network.
In the embodiment of the invention, the local CA mechanism node synchronizes the CA algorithm to other CA mechanism nodes in the alliance chain network, so as to realize the uplink storage of the CA algorithm.
Therefore, by performing uplink storage on the CA algorithm, the CA algorithm can be better protected, a resource platform can be compatible with more digital certificates, and the upgrading of the CA algorithm can also be compatible.
S230: and acquiring a signature algorithm, and uploading the signature algorithm to a alliance chain of local CA (certificate Authority) nodes.
In the embodiment of the invention, the signature algorithm can realize electronic signature on the target file based on the digital certificate.
S240: synchronizing the signature algorithm to alliance chains of other CA mechanism nodes in an alliance chain network; the CA mechanism node, the super node and the supervision mechanism node form a alliance chain network.
In the embodiment of the invention, by performing uplink storage on the signature algorithm, different digital certificates can be compatible, and the target file can be signed by the different digital certificates.
S250: and acquiring different digital certificates from the resource platform.
S260: and acquiring a corresponding CA algorithm from a alliance chain based on the CA mechanism identification information corresponding to the digital certificate, analyzing the digital certificate through the CA algorithm, and sending an analysis result to the resource platform so that the resource platform judges whether the digital certificate is successfully authenticated based on the analysis result.
S270: and receiving a signing request of a target file based on the digital certificate, which is sent by the resource platform.
In the embodiment of the invention, when a target file in the resource platform needs to be signed, a user can trigger the resource platform, so that the resource platform sends a signature request for the target file based on the digital certificate to the CA mechanism node. Wherein the target file can be a document in a resource platform, etc.
S280: and acquiring a signature algorithm corresponding to the signature request from the alliance chain, and sending the signature algorithm to the resource platform so that the resource platform signs the target file through the signature algorithm based on the digital certificate.
In the embodiment of the present invention, the signature request carries CA authority identification information corresponding to the digital certificate, and a corresponding signature algorithm may be obtained from the federation chain based on the CA authority identification information, and the signature algorithm is sent to the resource platform, so that the resource platform signs the target file based on the digital certificate through the signature algorithm. Specifically, the resource platform may generate an electronic signature of the digital certificate through a signature algorithm, and embed the electronic signature into the target file to form a signed file.
Therefore, the resource platform can sign the target file based on the digital certificate by acquiring the signature algorithm from the alliance chain and sending the signature algorithm to the resource platform, and can sign the target file by different digital certificates, so that the resource platform is compatible with more digital certificates, and the cost of the resource platform is reduced.
In the related technology, a centralized certification platform is built, enterprise identification information is added when a CA (certificate authority) issues a digital certificate key to distinguish different CA mechanisms, the certification platform collects CA algorithms of all CA mechanisms and concentrates the CA algorithms into a U shield plug-in, different CA algorithms are matched according to the CA enterprise identification information, and then the digital certificate is analyzed, so that the digital certificate is certified, but the CA algorithms are collected in a centralized mode, so that the following problems exist in the certification of different digital certificates:
(1) the CA algorithm related to enterprises has large promotion resistance, is not friendly to the subsequently added enterprises, is exclusive to other enterprises, has high docking cost and complex implementation mode, and increases correspondingly with the increase of the enterprises, so that clients become more bloated and complex;
(2) if the information of the centralized authentication platform is leaked, a large-area CA algorithm is leaked, and the safety of the digital certificate is not guaranteed any more;
(3) the centralized authentication platform is difficult to maintain the independence of the third-party digital signature, and how to ensure that the authentication platform is not badly done becomes a new risk point.
As shown in fig. 2b, in the embodiment of the present invention, a federation chain network is formed, and the CA algorithm and the signature algorithm are chain-stored, so that the security of the CA algorithm and the signature algorithm can be ensured, leakage is avoided, security is kept, responsibility is clearly determined, the rejection of subsequent enterprises due to centralized situations is avoided, the counterfeiting of a third-party digital signature can be avoided, the situation that digital certificates are mutually not mutually authenticated by each CA organization can be avoided, and the situation that an enterprise purchases repeatedly can be avoided.
It should be noted that, in fig. 2b, the common resource bidding platform may be understood as a resource platform, the CA company may be understood as a CA organization, and the CA company in the alliance chain network may be understood as a CA organization node corresponding to the CA organization.
The technical scheme provided by the embodiment of the invention can realize mutual authentication, compatibility and universality of digital certificates of all CA organizations. The government organization can master the registration authentication data and progress of the enterprise on the resource platform, analyzes the use analysis of the digital certificate on the resource platform in real time and analyzes the mutual recognition of the digital certificate, thereby reducing the burden of the enterprise and analyzing the active condition of each local market through the utilization rate of the digital certificate on the resource platform. After the digital certificates are mutually certified, a consensus foundation is provided for collecting default and evaluation of enterprises on each resource platform, timely risk prompt is carried out on the resource platform, and the enterprises are supervised to perform contract and standardize behaviors in time based on the risk prompt.
When enterprises participate in bidding activities across areas, local digital certificates are often required to be applied for requirements of policies of all areas, so that the cost is increased, the process is prolonged, and the bidding is delayed sometimes. By the technical scheme provided by the embodiment of the invention, mutual authentication of the digital certificates can be realized, enterprises can be well helped to solve the problem, and because each resource platform can be compatible with different digital certificates, identity verification can be realized on each resource platform by adopting one digital certificate, so that the preparation time before bidding is greatly shortened, and the investment of the enterprises is also reduced. In the scheme interaction and contract signing processes, the digital certificate can be used for signing, so that the time for posting the contract back and forth is greatly shortened.
The resource platform also reduces the use threshold, attracts more enterprise interaction, completes the bidding of projects more efficiently, and meets the requirements of security and confidentiality by using a digital certificate. And early warning is timely carried out on the participation projects of the risk enterprises by means of enterprise risk prompt, so that the risk of the projects is reduced. The technical scheme provided by the embodiment of the invention provides convenient mutual authentication and intercommunication of digital certificates for a resource platform as a starting point, a alliance chain network is established by a CA (certificate Authority), an industry CA (certificate Authority) and other CA organizations in parallel according to the principle that alliances are jointly treated and disclosed, a mutual authentication model of the digital certificates and a system butt joint safety protocol are jointly established, and simultaneously, alliance chain synchronous and mutual authentication methods, protocols, interfaces and other information in a block chain are used by block chain nodes deployed in each organization. Meanwhile, the alliance chain can open the node access of the CA mechanism by adopting an authorized admission mode under the supervision of the super node. The system provides services such as CA verification information registration, verification access, access verification and the like for a CA organization, and provides services such as user authentication, certificate verification, digital certificate signature, file signature and the like for a resource platform.
On the basis of the above embodiment, the technical solution provided by the embodiment of the present invention may further include: and displaying the information of the nodes in the alliance chain network through the digital certificate mutual-authentication platform, and managing the nodes in the alliance chain network, wherein the nodes in the alliance chain network comprise CA mechanism nodes, super nodes and supervision mechanism nodes. In an implementation manner of the embodiment of the present invention, optionally, the managing the nodes in the alliance-link network includes: sending an instruction for authorizing a target CA mechanism node in the alliance chain network through a digital certificate mutual-authentication platform; controlling, by a super node on a federation chain, access of the target CA authority node based on the instruction.
As shown in fig. 2c, the digital certificate mutual-authentication platform can provide functions of service access management, platform supervision, CA mechanism registration, node authorization management, exception handling, plug-in management, and the like, store platform key data, and perform audit authorization by the digital certificate mutual-authentication platform when the resource platform applies for access, and perform docking and authentication between systems by single sign-on digital certificates. The exception handling includes access exception of each node, network exception and the like, and the plug-in management may include updating of data such as a CA algorithm and a signature algorithm. It should be noted that the CA company registration in fig. 2c may be understood as CA organization registration.
The mutual-authentication open service can be a service provided by a node in a alliance chain network, can be locally deployed, and can synchronize the verification information from the locally deployed node, so that the service capability and high-concurrency response of a resource platform can be greatly improved, and meanwhile, the mutual-authentication open service is responsible for the service quality and the safety. By means of the distributed and non-falsifiable characteristics of a block chain (alliance chain), the whole process of signature of the digital certificate is tracked, and each node synchronizes the signature result under the permission of authorization. When each node is accessed to the alliance chain network, an account key is issued for each node, data is encrypted by using the account key in the transaction process, core data in the whole processes of CA registration, verification, use and signature are encrypted by each node and then stored on the chain, and if necessary, the process of using a digital certificate is traced back through a reverse process, so that repudiation is prevented.
According to the method provided by the embodiment of the invention, the CA algorithm and the signature algorithm are subjected to uplink storage, namely, a decentralized storage mode is adopted, so that the algorithm of an enterprise can be better protected in the authentication process of the digital certificate, more digital certificates can be compatible, the algorithm upgrade of the enterprise is compatible, the illegal competitive behaviors such as enterprise rejection can be avoided, the limitation that a resource platform belongs to or can only be applied to a specific area and a specific industry does not exist, the construction cost of the resource platform can be saved, and particularly the later-stage operation popularization cost is saved.
Fig. 3 is a flowchart of a digital certificate authentication method according to an embodiment of the present invention, where the method may be executed by a digital certificate authentication system, and the system may be composed of a resource platform, a CA authority node, and the like. The technical scheme provided by the embodiment of the invention comprises the following steps:
s310: the resource platform accesses each different digital certificate.
S320: and the CA organization node acquires different digital certificates from the resource platform.
S330: the CA organization node acquires a corresponding CA algorithm from a alliance chain based on the CA organization identification information corresponding to the digital certificate, analyzes the digital certificate through the CA algorithm and sends an analysis result to the resource platform;
s340: and the resource platform judges whether the digital certificate is successfully authenticated or not based on the analysis result.
Optionally, the method further includes:
the CA organization node acquires the CA algorithm and uploads the CA algorithm to an alliance chain of local CA organization nodes;
CA authority node synchronizes the CA algorithm to the federation of other CA authority nodes in a federation chain network
Optionally, the method further includes:
the CA organization node receives a signature request of a target file based on the digital certificate, which is sent by the resource platform;
and the CA organization node acquires a signature algorithm corresponding to the signature request from the alliance chain and sends the signature algorithm to the resource platform so that the resource platform signs the target file through the signature algorithm based on the digital certificate.
Optionally, the method further includes:
the CA organization node acquires a signature algorithm and uploads the signature algorithm to a alliance chain of local CA organization nodes;
the CA organization node synchronizes the signature algorithm to the alliance chain of other CA organization nodes in the alliance chain network; the CA mechanism node, the super node and the supervision mechanism node form a alliance chain network.
Optionally, the method further includes:
and the digital certificate mutual authentication platform displays the information of the nodes in the alliance chain network and manages the nodes in the alliance chain network, wherein the nodes in the alliance chain network comprise CA mechanism nodes, super nodes and supervision mechanism nodes.
Optionally, the managing the nodes in the alliance-link network includes:
sending an instruction for authorizing a target CA mechanism node in the alliance chain network through a digital certificate mutual-authentication platform;
controlling, by a super node on a federation chain, access of the target CA authority node based on the instruction.
Optionally, the determining, based on the analysis result, whether the digital certificate is successfully authenticated includes:
if the analysis result is enterprise identification information and CA mechanism information, the digital certificate is judged to be successfully authenticated;
and if the analysis result is error information, judging that the digital certificate authentication fails.
In the present embodiment, the above steps can be described by referring to the description of the above embodiments.
Fig. 4 is a block diagram of a digital authentication apparatus according to an embodiment of the present invention, and as shown in fig. 4, the apparatus may include; an acquisition module 410 and a parsing module 420.
The acquiring module 410 is configured to acquire different digital certificates from the resource platform;
the parsing module 420 is configured to obtain a corresponding CA algorithm from a federation chain based on CA mechanism identification information corresponding to the digital certificate, parse the digital certificate through the CA algorithm, and send a parsing result to the resource platform, so that the resource platform determines whether the digital certificate is successfully authenticated based on the parsing result.
Optionally, the apparatus further includes an uplink storage module, configured to:
acquiring the CA algorithm, and uploading the CA algorithm to an alliance chain of local CA organization nodes;
synchronizing the CA algorithm to the alliance chain of other CA institution nodes in the alliance chain network; the CA mechanism node, the super node and the supervision mechanism node form a alliance chain network.
Optionally, the apparatus further comprises:
the receiving module is used for receiving a signature request of a target file based on the digital certificate, which is sent by the resource platform;
and the sending module is used for acquiring a signature algorithm corresponding to the signature request from the alliance chain and sending the signature algorithm to the resource platform so that the resource platform signs the target file through the signature algorithm based on the digital certificate.
Optionally, the uplink storage module is further configured to:
acquiring a signature algorithm, and uploading the signature algorithm to a alliance chain of local CA (certificate Authority) organization nodes;
synchronizing the signature algorithm to alliance chains of other CA mechanism nodes in an alliance chain network; the CA mechanism node, the super node and the supervision mechanism node form a alliance chain network.
Optionally, the apparatus further includes a management module, configured to:
and displaying the information of the nodes in the alliance chain network through the digital certificate mutual-authentication platform, and managing the nodes in the alliance chain network, wherein the nodes in the alliance chain network comprise CA mechanism nodes, super nodes and supervision mechanism nodes.
Optionally, the managing the nodes in the alliance-link network includes:
sending an instruction for authorizing a target CA mechanism node in the alliance chain network through a digital certificate mutual-authentication platform;
controlling, by a super node on a federation chain, access of the target CA authority node based on the instruction.
Optionally, the determining, based on the analysis result, whether the digital certificate is successfully authenticated includes:
if the analysis result is enterprise identification information and CA mechanism information, the digital certificate is judged to be successfully authenticated;
and if the analysis result is error information, judging that the digital certificate authentication fails.
The device can execute the method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Fig. 5 is a schematic structural diagram of an apparatus according to an embodiment of the present invention, where the apparatus may be a digital certificate authentication apparatus, and as shown in fig. 5, the apparatus includes:
one or more processors 510, one processor 510 being illustrated in FIG. 5;
a memory 520;
the apparatus may further include: an input device 530 and an output device 540.
The processor 510, the memory 520, the input device 530 and the output device 540 of the apparatus may be connected by a bus or other means, and fig. 5 illustrates the connection by a bus as an example.
The memory 520, which is a non-transitory computer-readable storage medium, may be used to store software programs, computer-executable programs, and modules, such as program instructions/modules (e.g., the obtaining module 410 and the parsing module 420 shown in fig. 4) corresponding to a digital authentication method in an embodiment of the present invention. The processor 510 executes various functional applications and data processing of the computer device by executing software programs, instructions and modules stored in the memory 520, namely, implements a digital authentication method of the above method embodiment, that is:
acquiring different digital certificates from a resource platform;
and acquiring a corresponding CA algorithm from a alliance chain based on the CA mechanism identification information corresponding to the digital certificate, analyzing the digital certificate through the CA algorithm, and sending an analysis result to the resource platform so that the resource platform judges whether the digital certificate is successfully authenticated based on the analysis result.
The memory 520 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the computer device, and the like. Further, the memory 520 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 520 may optionally include memory located remotely from processor 510, which may be connected to a terminal device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 530 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the computer apparatus. The output device 540 may include a display device such as a display screen.
An embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a digital certificate authentication method as provided in the embodiment of the present invention:
acquiring different digital certificates from a resource platform;
and acquiring a corresponding CA algorithm from a alliance chain based on the CA mechanism identification information corresponding to the digital certificate, analyzing the digital certificate through the CA algorithm, and sending an analysis result to the resource platform so that the resource platform judges whether the digital certificate is successfully authenticated based on the analysis result.
Any combination of one or more computer-readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (10)

1. A method for digital certificate authentication, comprising:
acquiring different digital certificates from a resource platform;
and acquiring a corresponding CA algorithm from a alliance chain based on the CA mechanism identification information corresponding to the digital certificate, analyzing the digital certificate through the CA algorithm, and sending an analysis result to the resource platform so that the resource platform judges whether the digital certificate is successfully authenticated based on the analysis result.
2. The method of claim 1, further comprising:
acquiring the CA algorithm, and uploading the CA algorithm to an alliance chain of local CA organization nodes;
synchronizing the CA algorithm to the alliance chain of other CA institution nodes in the alliance chain network; the CA mechanism node, the super node and the supervision mechanism node form a alliance chain network.
3. The method of claim 1, further comprising:
receiving a signature request of a target file based on the digital certificate, which is sent by the resource platform;
and acquiring a signature algorithm corresponding to the signature request from the alliance chain, and sending the signature algorithm to the resource platform so that the resource platform signs the target file through the signature algorithm based on the digital certificate.
4. The method of claim 3, further comprising:
acquiring a signature algorithm, and uploading the signature algorithm to a alliance chain of local CA (certificate Authority) organization nodes;
synchronizing the signature algorithm to alliance chains of other CA mechanism nodes in an alliance chain network; the CA mechanism node, the super node and the supervision mechanism node form a alliance chain network.
5. The method of claim 1, further comprising:
and displaying the information of the nodes in the alliance chain network through the digital certificate mutual-authentication platform, and managing the nodes in the alliance chain network, wherein the nodes in the alliance chain network comprise CA mechanism nodes, super nodes and supervision mechanism nodes.
6. The method of claim 5, wherein the managing the nodes in the federation chain network comprises:
sending an instruction for authorizing a target CA mechanism node in the alliance chain network through a digital certificate mutual-authentication platform;
controlling, by a super node on a federation chain, access of the target CA authority node based on the instruction.
7. The method according to claim 1, wherein the determining whether the digital certificate is successfully authenticated based on the parsing result comprises:
if the analysis result is enterprise identification information and CA mechanism information, the digital certificate is judged to be successfully authenticated;
and if the analysis result is error information, judging that the digital certificate authentication fails.
8. A method for digital certificate authentication, comprising:
the resource platform accesses different digital certificates;
the CA organization node acquires different digital certificates from the resource platform;
the CA organization node acquires a corresponding CA algorithm from a alliance chain based on the CA organization identification information corresponding to the digital certificate, analyzes the digital certificate through the CA algorithm and sends an analysis result to the resource platform;
and the resource platform judges whether the digital certificate is successfully authenticated or not based on the analysis result.
9. A digital certificate authentication apparatus, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 7.
CN202110236665.2A 2021-03-03 2021-03-03 Digital certificate authentication method, equipment and storage medium Pending CN112862487A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110236665.2A CN112862487A (en) 2021-03-03 2021-03-03 Digital certificate authentication method, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110236665.2A CN112862487A (en) 2021-03-03 2021-03-03 Digital certificate authentication method, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN112862487A true CN112862487A (en) 2021-05-28

Family

ID=75991387

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110236665.2A Pending CN112862487A (en) 2021-03-03 2021-03-03 Digital certificate authentication method, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112862487A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113824566A (en) * 2021-10-19 2021-12-21 恒宝股份有限公司 Certificate authentication method, code number downloading method, device, server and storage medium
CN116132069A (en) * 2023-04-10 2023-05-16 江苏省国信数字科技有限公司 Method for realizing interconnection and intercommunication of multi-CA digital certificate and multi-electronic signature
CN117156440A (en) * 2023-10-27 2023-12-01 中电科网络安全科技股份有限公司 Certificate authentication method, system, storage medium and electronic equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108173659A (en) * 2017-12-18 2018-06-15 河北华沃通信科技有限公司 A kind of certificate management method based on UKEY equipment, system and terminal device
CN109003083A (en) * 2018-07-27 2018-12-14 山东渔翁信息技术股份有限公司 A kind of ca authentication method, apparatus and electronic equipment based on block chain
CN109617698A (en) * 2019-01-09 2019-04-12 腾讯科技(深圳)有限公司 Provide the method for digital certificate, digital certificate issues center and medium
WO2020019912A1 (en) * 2018-07-24 2020-01-30 腾讯科技(深圳)有限公司 Digital certificate management method and apparatus, computer device, and storage medium
CN111092737A (en) * 2019-12-27 2020-05-01 上海市数字证书认证中心有限公司 Digital certificate management method and device and block link points
CN111092724A (en) * 2019-12-25 2020-05-01 杭州溪塔科技有限公司 Block chain system digital certificate issuing method, equipment, system and medium
US20200169547A1 (en) * 2017-06-19 2020-05-28 Alibaba Group Holding Limited Authentication method and device, and blockchain-based authentication data processing method and device
CN111831996A (en) * 2020-06-10 2020-10-27 北京国电通网络技术有限公司 Service system of multi-digital certificate certification authority

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200169547A1 (en) * 2017-06-19 2020-05-28 Alibaba Group Holding Limited Authentication method and device, and blockchain-based authentication data processing method and device
CN108173659A (en) * 2017-12-18 2018-06-15 河北华沃通信科技有限公司 A kind of certificate management method based on UKEY equipment, system and terminal device
WO2020019912A1 (en) * 2018-07-24 2020-01-30 腾讯科技(深圳)有限公司 Digital certificate management method and apparatus, computer device, and storage medium
US20200396089A1 (en) * 2018-07-24 2020-12-17 Tencent Technology (Shenzhen) Company Limited Digital certificate management method and apparatus, computer device, and storage medium
CN109003083A (en) * 2018-07-27 2018-12-14 山东渔翁信息技术股份有限公司 A kind of ca authentication method, apparatus and electronic equipment based on block chain
CN109617698A (en) * 2019-01-09 2019-04-12 腾讯科技(深圳)有限公司 Provide the method for digital certificate, digital certificate issues center and medium
CN111092724A (en) * 2019-12-25 2020-05-01 杭州溪塔科技有限公司 Block chain system digital certificate issuing method, equipment, system and medium
CN111092737A (en) * 2019-12-27 2020-05-01 上海市数字证书认证中心有限公司 Digital certificate management method and device and block link points
CN111831996A (en) * 2020-06-10 2020-10-27 北京国电通网络技术有限公司 Service system of multi-digital certificate certification authority

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113824566A (en) * 2021-10-19 2021-12-21 恒宝股份有限公司 Certificate authentication method, code number downloading method, device, server and storage medium
CN116132069A (en) * 2023-04-10 2023-05-16 江苏省国信数字科技有限公司 Method for realizing interconnection and intercommunication of multi-CA digital certificate and multi-electronic signature
CN117156440A (en) * 2023-10-27 2023-12-01 中电科网络安全科技股份有限公司 Certificate authentication method, system, storage medium and electronic equipment
CN117156440B (en) * 2023-10-27 2024-01-30 中电科网络安全科技股份有限公司 Certificate authentication method, system, storage medium and electronic equipment

Similar Documents

Publication Publication Date Title
CN107231351B (en) Electronic certificate management method and related equipment
CN110555029B (en) Ticket management method, device and storage medium based on block chain
EP4216077A1 (en) Blockchain network-based method and apparatus for data processing, and computer device
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
CN112862487A (en) Digital certificate authentication method, equipment and storage medium
CN110417790B (en) Block chain real-name system queuing system and method
CN110569658A (en) User information processing method and device based on block chain network, electronic equipment and storage medium
CN110381075B (en) Block chain-based equipment identity authentication method and device
CN111639327A (en) Authentication method and device for open platform
CN113256297B (en) Data processing method, device and equipment based on block chain and readable storage medium
CN111586021B (en) Remote office business authorization method, terminal and system
CN112235301B (en) Access right verification method and device and electronic equipment
CN108319857A (en) Trusted application adds unlocking method and system
CN110647583B (en) Block chain construction method, device, terminal and medium
MX2007013310A (en) Method, system, and program product for connecting a client to a network.
CN113037827B (en) Voting method based on block chain, self-organization management method and computer equipment
CN110602133B (en) Intelligent contract processing method, block chain management device and storage medium
CN112634040A (en) Data processing method and device
Feng et al. Autonomous Vehicles' Forensics in Smart Cities
CN113869901B (en) Key generation method, key generation device, computer-readable storage medium and computer equipment
CN112926981B (en) Transaction information processing method, device and medium for block chain and electronic equipment
CN113014540B (en) Data processing method, device, equipment and storage medium
CN109033776A (en) A kind of personnel management methods, system, equipment and computer readable storage medium
CN112989398B (en) Data processing method and device for block chain network, computer equipment and medium
CN112712365B (en) Processing method and device for digital certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210528