CN113556312A - Weighted consensus CA management system based on alliance chain - Google Patents
Weighted consensus CA management system based on alliance chain Download PDFInfo
- Publication number
- CN113556312A CN113556312A CN202010857397.1A CN202010857397A CN113556312A CN 113556312 A CN113556312 A CN 113556312A CN 202010857397 A CN202010857397 A CN 202010857397A CN 113556312 A CN113556312 A CN 113556312A
- Authority
- CN
- China
- Prior art keywords
- consensus
- alliance chain
- certificate
- alliance
- intelligent contract
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 abstract description 5
- 238000000034 method Methods 0.000 abstract description 2
- 238000007726 management method Methods 0.000 description 7
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention discloses a CA management system based on the weighted consensus of alliance chains, which comprises: consensus CA alliance chain system: the system comprises four or more alliance chain nodes, wherein each node is in a flat same-row relationship and is provided with an independent root certificate system; the consensus CA alliance chain weighting consensus system: connecting with a consensus CA alliance chain system; the consensus certificate issuing intelligent contract system comprises: for issuing a consensus certificate; the consensus certificate verifies the intelligent contract system: for verifying the digital certificate. The method can avoid the centralized decision and service mechanism of the traditional single-point CA, and can avoid the centralized blackout and single-point collapse of the traditional single-point CA; the trust, fairness and safety of the digital certificate issuance and verification can be improved; identity, seal and signature information can be prevented from being tampered and counterfeited; the problem that the conventional CA cannot solve supervision supervisors and verification verifiers and cannot form a closed loop of supervision and authentication can be solved.
Description
Technical Field
The invention relates to the technical field of block chain application, in particular to a weighted consensus CA management system based on a alliance chain.
Background
The existing CA-centered digital identity authentication and digital identity certificate issuing system has the following defects: 1. the CA system is easy to collapse at a single point; CA center black screen, center benefit maximization; the digital identity information is easy to be tampered; 2. digital identity authentication and digital identity certificate issuance create additional intermediary costs; 3. the hierarchical CA system cannot solve the problem of the supervising supervisor, and cannot form a closed loop of supervision and authentication: CA authenticates identity, issues certificate, but who supervises authenticating CA itself; the superior CA supervises and authenticates the inferior CA, but who authenticates and supervises the superior CA, the CA's root, and the root certificate issuer!
The application of the existing block chain in the field of electronic signature is only limited to block chain storage certificate, and the block chain is not deeply integrated with digital identity authentication and digital identity certificate issuing, so that the problem of centralization by CA cannot be solved.
Disclosure of Invention
In view of the above technical deficiencies, an object of the present invention is to provide a federation chain-based weighted consensus CA management system, which can decentralize and solve the problem of centralization of CA-centric digital identity authentication and digital identity certificate issuing systems.
In order to solve the technical problems, the invention adopts the following technical scheme:
the CA management system based on the weighted consensus of the alliance chain is characterized by comprising the following components:
consensus CA alliance chain system: the system comprises four or more alliance chain nodes, wherein each node is in a flat same-row relationship and is provided with an independent root certificate system; the consensus CA alliance chain weighting consensus system: connecting with a consensus CA alliance chain system; the consensus certificate issuing intelligent contract system comprises: the system is connected with a consensus CA alliance chain weighting consensus system and used for issuing a consensus certificate; the consensus certificate verifies the intelligent contract system: and the system is connected with the consensus CA alliance chain weighting consensus system and the consensus certificate issuing intelligent contract system and is used for verifying the digital certificate.
Preferably, each node of the consensus CA alliance chain system has a voting weight with a different weight;
preferably, the number of nodes in the consensus CA alliance chain system is at least four.
The invention has the beneficial effects that: 1. the centralized decision making and service mechanism of the traditional single-point CA can be avoided, and the centralized blackout and single-point collapse of the traditional single-point CA can be avoided; 2. the trust, fairness and safety of the digital certificate issuance and verification can be improved; 3. identity, seal and signature information can be prevented from being tampered and counterfeited; 4. the problem that the conventional CA cannot solve supervision supervisors and verification verifiers and cannot form a closed loop of supervision and authentication can be solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic block diagram of a federation chain-based weighted consensus CA management system of the present invention;
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in FIG. 1, the CA management system based on the weighted consensus of the alliance chain comprises
The method comprises the following steps: consensus CA alliance chain system: the system comprises four or more alliance chain nodes, wherein each node is in a flat same-row relationship and is provided with an independent root certificate system; the consensus CA alliance chain weighting consensus system: connecting with a consensus CA alliance chain system; the consensus certificate issuing intelligent contract system comprises: the system is connected with a consensus CA alliance chain weighting consensus system and used for issuing a consensus certificate; the consensus certificate verifies the intelligent contract system: and the system is connected with the consensus CA alliance chain weighting consensus system and the consensus certificate issuing intelligent contract system and is used for verifying the digital certificate.
Further, each node of the consensus CA alliance chain system has voting weights with different weights; the safety is higher.
Further, the number of nodes in the consensus CA alliance chain system is at least four; the node is not a single mechanism any more, and all nodes form a consensus CA alliance committee which can supervise and restrict each other.
At least one node in each node of the consensus CA alliance chain system has an electronic authentication service management method issued by the ministry of public trust;
each node in the consensus CA alliance chain system is completely cut logically, physically and in organizational structure; the nodes are not in a vertical level relationship, but in a flat same-row relationship: the nodes are mutually independent, equal, restricted and supervised in decision making, so that the centralized decision making and service mechanism of the traditional single-point CA can be avoided, and the centralized blackout of the traditional single-point CA can be avoided; the public trust, the fairness and the safety of the digital certificate issuing and verification are improved; identity, seal and signature information can be prevented from being tampered and counterfeited; the problem that the traditional CA cannot solve the problem of supervising supervisors and cannot form a closed loop for supervision and authentication can be solved.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (3)
1. The CA management system based on the weighted consensus of the alliance chain is characterized by comprising the following components: consensus CA alliance chain system: the system comprises four or more alliance chain nodes, wherein each node is in a flat same-row relationship and is provided with an independent root certificate system; the consensus CA alliance chain weighting consensus system: connecting with a consensus CA alliance chain system; the consensus certificate issuing intelligent contract system comprises: the system is connected with a consensus CA alliance chain weighting consensus system and used for issuing a consensus certificate; the consensus certificate verifies the intelligent contract system: and the system is connected with the consensus CA alliance chain weighting consensus system and the consensus certificate issuing intelligent contract system and is used for verifying the digital certificate.
2. A CA federation chain-based weighted consensus CA management system as claimed in claim 1 wherein each node of the CA federation chain system has a voting weight of different weight.
3. A CA management system according to claim 1 or 2, wherein there are at least four consensus nodes in the CA federation chain system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010857397.1A CN113556312A (en) | 2020-08-24 | 2020-08-24 | Weighted consensus CA management system based on alliance chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010857397.1A CN113556312A (en) | 2020-08-24 | 2020-08-24 | Weighted consensus CA management system based on alliance chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113556312A true CN113556312A (en) | 2021-10-26 |
Family
ID=78130019
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010857397.1A Pending CN113556312A (en) | 2020-08-24 | 2020-08-24 | Weighted consensus CA management system based on alliance chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113556312A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107508680A (en) * | 2017-07-26 | 2017-12-22 | 阿里巴巴集团控股有限公司 | Digital certificate management method, device and electronic equipment |
| CN108052530A (en) * | 2017-11-10 | 2018-05-18 | 杭州云象网络技术有限公司 | A kind of decentralization CA construction methods and its system based on alliance's chain |
| US20180253539A1 (en) * | 2017-03-05 | 2018-09-06 | Ronald H. Minter | Robust system and method of authenticating a client in non-face-to-face online interactions based on a combination of live biometrics, biographical data, blockchain transactions and signed digital certificates. |
| CN110061851A (en) * | 2019-04-28 | 2019-07-26 | 广州大学 | A kind of across trust domain authentication method and system of decentralization |
-
2020
- 2020-08-24 CN CN202010857397.1A patent/CN113556312A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180253539A1 (en) * | 2017-03-05 | 2018-09-06 | Ronald H. Minter | Robust system and method of authenticating a client in non-face-to-face online interactions based on a combination of live biometrics, biographical data, blockchain transactions and signed digital certificates. |
| CN107508680A (en) * | 2017-07-26 | 2017-12-22 | 阿里巴巴集团控股有限公司 | Digital certificate management method, device and electronic equipment |
| CN108052530A (en) * | 2017-11-10 | 2018-05-18 | 杭州云象网络技术有限公司 | A kind of decentralization CA construction methods and its system based on alliance's chain |
| CN110061851A (en) * | 2019-04-28 | 2019-07-26 | 广州大学 | A kind of across trust domain authentication method and system of decentralization |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110012015A (en) | A kind of internet of things data sharing method and system based on block chain | |
| CN109493063A (en) | The method of permission control is carried out in a kind of alliance's block chain | |
| CN107231299A (en) | A kind of chain route and realized the system that block chain communicates across chain | |
| CN110213246A (en) | A kind of wide area multiple-factor identity authorization system | |
| CN112055002A (en) | Cross-link network supervision method based on public governance link | |
| CN104484620B (en) | A method of false sales volume and inventory are avoided in pin sales management cloud system fastly | |
| CN106713229A (en) | Intelligent power grid terminal trusted access system based on user behaviors and intelligent power grid terminal trusted access method thereof | |
| CN109840424A (en) | A kind of data base encryption and the system that desensitizes | |
| CN105072085B (en) | A kind of stream rule legitimacy authentication method under software defined network | |
| CN113010922B (en) | Tamper-proof energy industry internet multi-edge chain data sharing method | |
| CN108848085A (en) | A kind of electric power data distributed security protection tool based on block chain | |
| CN113572825A (en) | Access control and resource access control method and system for relay chain cross-link architecture | |
| CN110324331A (en) | Power system security stability contorting terminal identity authentication method based on block chain | |
| CN115641139A (en) | Block chain consensus method based on weight plan behavior certification | |
| CN112733211A (en) | Intelligent power grid data storage scheme based on block chain | |
| CN112149073A (en) | Cone block chain management method and system | |
| CN113722722A (en) | Block chain-based high-security-level access control method and system | |
| CN113556312A (en) | Weighted consensus CA management system based on alliance chain | |
| CN115796261A (en) | Block chain-based lightweight group consensus federated learning method | |
| CN109766390A (en) | A kind of tamper-evident means diploma system based on block chain | |
| CN114036522A (en) | Heterogeneous trusted computing/trusted reward and punishment model extension | |
| CN109508553A (en) | A kind of pair of user data carries out the method and system that authentication deposits card | |
| CN112132573A (en) | CA (certificate Authority) and Key removal electronic signature and electronic contract system based on block chain | |
| CN110807188A (en) | Authority management method and system based on block chain | |
| CN107995204A (en) | Hadoop framework method for evaluating trust based on Bayes models |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211026 |
|
| RJ01 | Rejection of invention patent application after publication |