CN114422198A - Digital certificate processing method and device, electronic equipment and readable storage medium - Google Patents

Digital certificate processing method and device, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN114422198A
CN114422198A CN202111607544.0A CN202111607544A CN114422198A CN 114422198 A CN114422198 A CN 114422198A CN 202111607544 A CN202111607544 A CN 202111607544A CN 114422198 A CN114422198 A CN 114422198A
Authority
CN
China
Prior art keywords
block
digital certificate
candidate
request
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111607544.0A
Other languages
Chinese (zh)
Inventor
周宇坤
严兴俊
潘继
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202111607544.0A priority Critical patent/CN114422198A/en
Publication of CN114422198A publication Critical patent/CN114422198A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Abstract

The embodiment of the invention provides a digital certificate processing method and device, electronic equipment and a readable storage medium. In the method, any candidate node in the digital certificate management system responds to an issuing request sent by a request terminal, and generates a digital certificate according to a private key of the candidate node and related information carried in the issuing request. Blocks including at least the digital certificate are created as candidate blocks based on the digital certificate. And under the condition that the candidate block meets the preset requirement, determining the candidate block as a target block, and returning the digital certificate in the target block to the request terminal. In the embodiment of the invention, a plurality of candidate nodes generate the digital certificate and finally return the digital certificate in the target block meeting the preset requirement to the request terminal, so that the digital certificate can be issued to a certain extent even if a single candidate node fails, and the issuing operation stability can be improved.

Description

Digital certificate processing method and device, electronic equipment and readable storage medium
Technical Field
The invention belongs to the technical field of networks, and particularly relates to a digital certificate processing method and device, electronic equipment and a readable storage medium.
Background
Currently, in order to secure end-to-end communication, one end needs to request a digital Certificate from a Certificate Authority (CA) so as to perform operations such as authentication and data encryption using the digital Certificate when communicating with the other end.
In the prior art, when a digital certificate is issued, a single CA center often generates a digital signature, and based on the digital signature and a public key of a requesting end, the digital certificate is generated and issued to the requesting end. In this way, when the CA center fails, the digital certificate cannot be issued normally, and the stability of the issuing operation is poor.
Disclosure of Invention
The invention provides a digital certificate processing method, a digital certificate processing device, electronic equipment and a readable storage medium, and aims to solve the technical problem of poor stability.
In a first aspect, the present invention provides a digital certificate processing method, which is applied to any candidate node in a digital certificate management system including at least two candidate nodes, and comprises:
responding to an issuing request sent by a request end, and generating a digital certificate according to a private key of the candidate node and related information carried in the issuing request;
creating a block including at least the digital certificate based on the digital certificate as a candidate block;
and under the condition that the candidate block meets the preset requirement, determining the candidate block as a target block, and returning a digital certificate in the target block to the request terminal.
Optionally, the determining the candidate block as the target block when the candidate block meets the preset requirement includes:
determining the candidate block as the target block if the candidate block meets a preset block uplink requirement;
before returning the digital certificate in the target block to the request terminal, the method further comprises: performing a block chaining operation on the target block to add the target block to a corresponding block chain of the digital certificate management system; after the successful addition, the operation of returning the digital certificate in the target block to the request end is executed.
Optionally, the performing a block chaining operation on the target block to add the target block to a block chain corresponding to the digital certificate management system includes:
adding the target block to a local blockchain of the candidate node, and broadcasting the target block to other nodes in the digital certificate management system, wherein the other nodes are used for executing validity verification operation on the target block and synchronizing the target block to the local blockchain if verification is passed.
Optionally, the validity verifying operation includes: verifying whether the public key of the request end belongs to the public key of the trusted end stored in the specified block of the block chain; and/or verifying whether the data format of the content in the target block conforms to a specified format; and/or verifying whether the target block meets the uplink requirement of the block.
Optionally, before generating a digital certificate according to the private key of the candidate node and the related information carried in the issuance request, the method further includes:
acquiring a public key of a trusted terminal stored in a designated block of the block chain;
and under the condition that the public key of the request end belongs to the public key of the trusted end, executing the operation of generating a digital certificate according to the private key of the candidate node and the relevant information carried in the issuing request.
Optionally, the designated block is a created block in the block chain, and the created block is created according to a public key of each trusted end in an initialization link of the block chain.
Optionally, in a case that the candidate node receives a certificate verification request sent by the querying end, the method further includes:
responding to the certificate verification request, and determining a block to be queried in the block chain according to the issuing time of the certificate to be verified indicated by the certificate verification request;
detecting whether the digital certificate in the block to be inquired is matched with the certificate to be verified indicated by the certificate verification request;
under the condition of matching, returning effective indication information to the inquiry end;
and if the data are not matched, returning invalid indication information to the inquiry end.
Optionally, the creating a block including at least the digital certificate based on the digital certificate includes: packing the digital certificate and the public key of the candidate node into a block;
the detecting whether the digital certificate in the block to be queried matches the certificate to be verified indicated by the certificate verification request includes:
and verifying whether the digital certificate in the block to be queried is matched with the certificate to be verified or not based on the public key of the candidate node in the block to be queried.
In a second aspect, the present invention provides a digital certificate processing apparatus, which is applied to any candidate node in a digital certificate management system including at least two candidate nodes, the apparatus including:
the generating module is used for responding to an issuing request sent by a request terminal and generating a digital certificate according to the private key of the candidate node and the related information carried in the issuing request;
a creation module for creating a block including at least the digital certificate as a candidate block based on the digital certificate;
the first returning module is used for determining the candidate block as a target block and returning the digital certificate in the target block to the request terminal under the condition that the candidate block meets the preset requirement.
Optionally, the first returning module is specifically configured to:
determining the candidate block as the target block if the candidate block meets a preset block uplink requirement;
the device further comprises: an adding module, configured to perform a block chaining operation on the target block, so as to add the target block to a block chain corresponding to the digital certificate management system; and the first execution module is used for executing the operation of returning the digital certificate in the target block to the request end after the successful addition.
Optionally, the adding module is specifically configured to:
adding the target block to a local blockchain of the candidate node, and broadcasting the target block to other nodes in the digital certificate management system, wherein the other nodes are used for executing validity verification operation on the target block and synchronizing the target block to the local blockchain if verification is passed.
Optionally, the validity verifying operation includes: verifying whether the public key of the request end belongs to the public key of the trusted end stored in the specified block of the block chain; and/or verifying whether the data format of the content in the target block conforms to a specified format; and/or verifying whether the target block meets the uplink requirement of the block.
Optionally, the apparatus further comprises:
the acquisition module is used for acquiring a public key of a trusted terminal stored in a specified block of the block chain;
and the second execution module is used for executing the operation of generating the digital certificate according to the private key of the candidate node and the relevant information carried in the issuing request under the condition that the public key of the request end belongs to the public key of the trusted end.
Optionally, the designated block is a created block in the block chain, and the created block is created according to a public key of each trusted end in an initialization link of the block chain.
Optionally, the apparatus further comprises:
the determining module is used for responding to the certificate verification request and determining the block to be inquired in the block chain according to the issuing time of the certificate to be verified indicated by the certificate verification request;
the detection module is used for detecting whether the digital certificate in the block to be inquired is matched with the certificate to be verified indicated by the certificate verification request;
the second returning module is used for returning effective indication information to the inquiry end under the condition of matching;
and the third returning module is used for returning invalid indication information to the inquiry end under the condition of unmatching.
Optionally, the creating module is specifically configured to: packing the digital certificate and the public key of the candidate node into a block;
the detection module is specifically configured to:
and verifying whether the digital certificate in the block to be queried is matched with the certificate to be verified or not based on the public key of the candidate node in the block to be queried.
In a third aspect, the present invention provides a digital certificate management system, where the system includes at least two candidate nodes, and each candidate node is configured to execute the digital certificate processing method.
In a fourth aspect, the present invention provides an electronic device comprising: a processor, a memory, and a computer program stored on the memory and executable on the processor, wherein the processor implements the digital certificate processing method when executing the program.
In a fifth aspect, the present invention provides a readable storage medium, wherein instructions of the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the above-mentioned digital certificate processing method.
In the digital certificate processing method provided by the embodiment of the present invention, any candidate node in the digital certificate management system may respond to the issuance request sent by the request end, and generate a digital certificate according to the private key of the candidate node and the relevant information carried in the issuance request. Blocks including at least the digital certificate are created as candidate blocks based on the digital certificate. And under the condition that the candidate block meets the preset requirement, determining the candidate block as a target block, and returning the digital certificate in the target block to the request terminal. In the embodiment of the invention, a plurality of candidate nodes generate the digital certificate and finally return the digital certificate in the target block meeting the preset requirement to the request terminal, so that the digital certificate can be issued to a certain extent even if a single candidate node fails, and the issuing operation stability can be improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a flowchart illustrating steps of a method for processing a digital certificate according to an embodiment of the present invention;
FIG. 2 is a schematic process flow diagram provided by an embodiment of the invention;
fig. 3 is a schematic diagram of an application scenario provided in an embodiment of the present invention;
fig. 4 is a block diagram of a digital certificate processing apparatus according to an embodiment of the present invention;
fig. 5 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart of steps of a digital certificate processing method provided by an embodiment of the present invention, where the method is applied to any candidate node in a digital certificate management system including at least two candidate nodes, as shown in fig. 1, the method may include:
step 101, responding to an issuing request sent by a request terminal, and generating a digital certificate according to a private key of the candidate node and related information carried in the issuing request.
In the embodiment of the invention, the digital certificate management system can be regarded as a block chain network, the two candidate nodes can be all nodes in the digital certificate management system or part of nodes, and each candidate node in the digital certificate management system has digital certificate signing and issuing qualification. The requesting side may be a server side, and the server side may be a server of the entity. The issuing request can be sent by the requesting end in an initialization stage, or can be sent under the condition that a digital certificate which is requested before is expired. The issuing request received by the candidate node can be directly sent to the candidate node by the request end or indirectly sent. For example, the issuance request of the request end may be sent to the candidate node closest to the request end in the block chain network according to the principle of proximity, and then the candidate node synchronizes the issuance request to each of the other candidate nodes, thereby implementing indirect sending, so as to save the processing resources consumed by the request end for executing the sending operation. Or, the request end may also directly send the issuance request to each candidate node in the blockchain network, which is not limited in this embodiment of the present invention.
The issuing request may also be referred to as a digital certificate issuing request, the digital certificate issuing authentication request may carry relevant information required for issuing the digital certificate, the specific content of the relevant information may be set according to actual requirements, and the relevant information at least includes a public key of the requesting end. Further, the related information may also include information such as name, identification, address, sending time, etc. of the requesting end. For example, for any candidate node, the certificate digest may be encrypted based on the private key of the candidate node to generate a digital signature, and further, a digital certificate including at least the digital signature and the public key of the requesting end may be generated. The certificate digest may be a hash value of related information, and the operation of encrypting the certificate digest based on the private key of the candidate node may be regarded as a process in which the candidate node signs the public key of the requesting end using the private key. It should be noted that the public key of the request end may be a public key in a private key-public key pair generated by the request end, the private key of each candidate node may be a private key in a private key-public key pair generated in an initialization stage of the candidate node, and the private key-public key pairs generated by different candidate nodes may be different.
Step 102, creating a block at least comprising the digital certificate based on the digital certificate as a candidate block.
In the embodiment of the present invention, after each candidate node generates a digital certificate, a new block may be created based on the digital certificate generated by each candidate node, so as to obtain a candidate block. Since there are at least two candidate nodes, there may be at least two candidate patches that are finally generated, accordingly.
Step 103, determining the candidate block as a target block and returning the digital certificate in the target block to the request terminal when the candidate block meets the preset requirement.
In an embodiment of the present invention, the default requirement may be set according to actual requirements, for example, the default requirement may be a default block uplink requirement, the candidate block is successfully uplink into the block chain, and the target block may be a uplink block of the at least two candidate blocks. Alternatively, the preset requirement may be that the content complexity of the candidate block is the highest, and if the content complexity of the candidate block created by the candidate node is the highest, the candidate block created by the candidate node may be the target block. Wherein the blockchain may be a blockchain for digital certificate management. If the candidate block created by the candidate node meets the preset requirement, the candidate node may perform an operation of determining the candidate block created by the candidate node as a target block and returning the digital certificate in the target block to the requesting end, otherwise, not performing the operation.
Further, for any candidate node, under the condition that it is determined that the candidate block created this time is the target block, the digital certificate in the target block, that is, the digital certificate generated by the candidate node, is issued to the request end, so that the digital certificate issuing authentication can be realized. The requesting end may perform encrypted communication based on the received digital certificate.
In summary, in the digital certificate processing method provided in the embodiments of the present invention, any candidate node in the digital certificate management system responds to the issuance request sent by the request end, and generates a digital certificate according to the private key of the candidate node and the relevant information carried in the issuance request. Blocks including at least the digital certificate are created as candidate blocks based on the digital certificate. And under the condition that the candidate block meets the preset requirement, determining the candidate block as a target block, and returning the digital certificate in the target block to the request terminal. In the embodiment of the invention, a plurality of candidate nodes generate the digital certificate and finally return the digital certificate in the target block meeting the preset requirement to the request terminal, so that the digital certificate can be issued to a certain extent even if a single candidate node fails, and the issuing operation stability can be improved.
Optionally, in the embodiment of the present invention, before generating a digital certificate according to the private key of the candidate node and the related information carried in the issuance request, the public key of the trusted side stored in the specified block of the block chain may be acquired. And under the condition that the public key of the request end belongs to the public key of the credible end, executing the operation of generating the digital certificate according to the private key of the candidate node and the relevant information carried in the issuing request. Specifically, the designated block may be designated in a block that has been linked up in the block chain according to actual requirements, and the candidate node may access the designated block to read the public key of the trusted end therefrom, and extract the public key included in the issuance request as the public key of the requesting end. Then, the public key of the request end is compared with the public keys of the trusted ends to determine whether the public key of the trusted end consistent with the public key of the request end exists. If so, it may be determined that the public key of the requesting peer belongs to the public key of the trusted peer. Otherwise, it may be determined not to belong. In the embodiment of the invention, only the trusted terminal corresponding to the public key stored in the designated block is issued with the digital certificate, and the identity body of the request terminal is verified firstly under the condition of receiving the issuing request, namely, whether the public key of the request terminal belongs to the public key of the trusted terminal is detected, and if the public key of the request terminal belongs to the public key of the trusted terminal, the subsequent certificate issuing operation is executed for the request terminal, so that the problem of issuing the digital certificate for the untrusted request terminal can be avoided to a certain extent.
In the embodiment of the invention, the trusted terminal is used as a trusted node, the public key of the trusted terminal is stored in the founding block, the issuing requests from the trusted terminals can be quickly responded, a complicated manual auditing process is not needed, the identity principal verification can be automatically realized based on the public key of the trusted terminal stored in the designated block, and the processing efficiency can be improved.
It should be noted that, compared to the manner in which each issuance request needs to be submitted to the manual review process, in the embodiment of the present invention, the issuance request sent by the request end may also be submitted to the manual review process under the condition that the public key of the request end does not belong to the public key of the trusted end, so that the manual review process is reduced to a certain extent, and the embodiment of the present invention does not limit this.
Optionally, the step of determining the candidate block as the target block when the candidate block meets the preset requirement may specifically include:
step S21, determining the candidate block as the target block if the candidate block meets a predetermined block uplink requirement.
Specifically, each candidate node may calculate a hash value of the created candidate partition, for example, hash calculation may be performed on the content in the partition header of the candidate partition, so as to obtain the hash value of the candidate partition. Further, it may be detected whether the hash value of the candidate block meets a predetermined value requirement. If there is a candidate block that matches and currently only has a hash value matching the default value requirement, it may be determined that the candidate block matches the default block uplink requirement. If a plurality of candidate blocks with hash values meeting the preset value requirement exist currently, the candidate blocks are determined to meet the preset block uplink requirement under the condition that the candidate blocks meet the preset bifurcation selection condition. The forking selection condition may be that a specified number of new blocks are reached first after the uplink, or the forking selection condition may also be other conditions, for example, a hash value meeting a preset value requirement is calculated first, and the like. For example, the time required for each candidate node to synchronously calculate the hash value meeting the requirement of the preset value or for the first time to reach the specified number of new blocks may be calculated, so that each candidate node may determine whether to calculate the hash value meeting the requirement of the preset value or determine whether to reach the specified number of new blocks.
Accordingly, before the step of returning the digital certificate in the target block to the requesting end, the following operations may be further performed:
step S31, performing a block chaining operation on the target blocks to add the target blocks to the corresponding block chains of the digital certificate management system.
The blockchain corresponding to the digital certificate management system may be used to perform digital certificate management, and the blockchain corresponding to the digital certificate management system may store blocks corresponding to each issued digital certificate, that is, each digital certificate issued by the digital certificate management system in the embodiment of the present invention is stored in a form of a blockchain. It should be noted that, in the embodiment of the present invention, after the digital certificate in the target block is returned to the requesting end, the block uplink operation may also be performed, which is not limited in the embodiment of the present invention. Accordingly, in this implementation, after performing the block uplink operation, it can be detected whether the digital certificate in the target block successfully uplink is consistent with the digital certificate returned to the requesting end. And in case of inconsistency, retransmitting the digital certificate in the target block successfully linked to the requesting terminal so as to ensure that the digital certificate held by the requesting terminal is accurately recorded in the block chain.
Step S32, after the successful addition, the operation of returning the digital certificate in the target block to the request end is executed.
That is to say, the operation of returning the digital certificate in the target block to the request end may specifically be that the digital certificate in the target block is issued to the request end when the target block is successfully added to the block chain corresponding to the digital certificate management system. It should be noted that, the request end may further send a new digital certificate issuance modification request to retrieve the digital certificate when the digital certificate is unavailable. Accordingly, the candidate node in the digital certificate management system may perform the next hash calculation again to issue the digital certificate again.
In the embodiment of the invention, under the condition that the candidate block meets the uplink requirement of the preset block, the candidate block is determined as the target block. And block chaining is performed on the target block to add the target block to a corresponding block chain of the digital certificate management system, and the digital certificate in the target block is returned to the requesting end after the target block is successfully added. In this way, the digital certificate issued to the request terminal can be ensured to be successfully recorded to the blockchain, so that the digital certificate can be conveniently managed based on the blockchain.
Optionally, the performing a block chaining operation on the target block to add the target block to the block chain corresponding to the digital certificate management system specifically includes:
step S41, adding the target block to the local blockchain of the candidate node, and broadcasting the target block to other nodes in the digital certificate management system, where the other nodes are configured to perform validity verification operation on the target block and synchronize the target block to the local blockchain if verification passes.
In this embodiment of the present invention, the blockchain corresponding to the digital certificate management system may include a blockchain deployed locally at each node. Accordingly, in order to add the target block to the corresponding blockchain of the digital certificate management system, each node in the digital certificate management system may perform an uplink operation, so as to ensure content consistency of the blockchain local to each node, thereby ensuring that subsequent operations can be performed normally. Specifically, the candidate node may directly perform uplink operations to add the target block to the local block chain of the candidate node. Further, the target block can be broadcast to any other node in the digital certificate management system, so as to realize a digital certificate issuing business processing link. For any other node, the other node may verify the validity of the target block, and if the verification passes, synchronize the target block to a local blockchain of the other node, and if the target block is added to the local blockchain of the candidate node and synchronized by each other node, may regard the target block as being added to a corresponding blockchain of the digital certificate management system. It should be noted that, after synchronization, the candidate node may further detect whether the target block is successfully added to the corresponding blockchain of the digital certificate management system.
In the embodiment of the present invention, the target block is added to a local blockchain of the candidate node, and the target block is broadcasted to other nodes in the digital certificate management system, where the other nodes are configured to perform validity verification operation on the target block, and synchronize the target block to the local blockchain only when the verification passes. In this way, it can be ensured that only the target block that passes the validity verification can be successfully added to the blockchain corresponding to the digital certificate management system, and the invalid target block is prevented from being synchronized to the blockchain local to other nodes, so that the invalid target block can be prevented from being added to the blockchain corresponding to the digital certificate management system.
Optionally, the validity verifying operation may specifically include: verifying whether the public key of the request end belongs to the public key of the trusted end stored in the specified block of the block chain; and/or verifying whether the data format of the content in the target block conforms to a specified format; and/or verifying whether the target block meets the uplink requirement of the block.
In the embodiment of the present invention, the public key of the requesting end may be included in the digital certificate of the target block, and the public key of the trusted end stored in the designated block may be pre-stored. The other nodes can search the public key of the trusted terminal stored in the designated block from the designated block, and confirm the identity of the request subject again, and if the public key of the request terminal belongs to the public key of the trusted terminal stored in the designated block, the other nodes can determine that the request terminal conforms to the identity of the request subject and has the qualification of being issued with the digital certificate. For verifying whether the target block meets the uplink requirement of the block, reference may be made to the related description in the embodiment of the present invention, which is not described herein again. Further, the specified format may be a data format of content in a block agreed in advance among the nodes, and if the public key of the requesting end belongs to the public key of the trusted end and/or the data format of the content in the target block meets the specified format and/or the target block meets the uplink requirement of the block, it may be indicated to some extent that the digital certificate in the target block is not maliciously issued by an illegal node for an illegal requesting end, and accordingly, it may be determined that the target block passes validity verification under such a condition. For example, fig. 2 is a schematic processing flow diagram provided by an embodiment of the present invention, and as shown in fig. 2, a digital certificate issuance request may be received first, and then the tiles may be packed to create candidate tiles, and in the case of determining a target tile, a tile broadcast may be performed to synchronize other nodes, and accordingly, other nodes may verify the tile, and in the case of passing the verification, complete the synchronization.
In the embodiment of the invention, whether the public key of the request end belongs to the public key of the credible end stored in the specified block of the block chain is verified; and/or verifying whether the data format of the content in the target block conforms to a specified format; and/or verifying whether the target block meets the block uplink requirement or not, so that the certificate issuing validity is confirmed, and the problem of malicious digital certificate issuing can be avoided to a certain extent, thereby ensuring the digital certificate issuing safety.
Optionally, in an implementation, the designated block may be a created block in the block chain, and the created block may be created according to a public key of each trusted end in an initialization step of the block chain. Specifically, a designated node in the digital management system may send a public key reporting instruction to each trusted side, so that each trusted side reports its own public key to the designated node. Or, the public key of the trusted end can be preset in the designated node directly. The designated node may be any node in the digital certificate management system, and the designated node may determine a correspondence between the identifier of the trusted end and the public key according to the public key of each trusted end, and create a first block including the correspondence in an initialization stage to serve as the designated block. Correspondingly, the step of comparing the public key of the request end with the public keys of the trusted ends to determine whether the public key of the trusted end consistent with the public key of the request end exists may specifically include: and comparing each public key in the corresponding relation with the public key of the request end respectively, and if the public key is consistent with the public key of the request end and the identification of the credible end corresponding to the public key is consistent with the identification of the request end, determining that the public key of the request end belongs to the public key of the credible end. Otherwise, it may be determined that the public key of the requesting end does not belong to the public key of the trusted end.
In the embodiment of the invention, the created block is created according to the public key of each trusted terminal in the initialization link of the block chain, the created block is used as the first block in the block chain, and the created block in the block chain is used as the designated block, so that the public key of the trusted terminal can be found in the process of signing and issuing the digital certificate based on the block chain network every time, and the signing and issuing operation can be normally carried out.
It should be noted that, in the embodiment of the present invention, when a new trusted peer appears, a new blockchain may be created for the digital certificate management system based on the public key of the new trusted peer, so as to issue a digital certificate for the new trusted peer. Compared with a mode that a new public key of a trusted terminal is added in a created block, so that the whole block chain needs to be updated, in the embodiment of the invention, only a new block chain needs to be created, so that the new efficiency can be ensured to a certain extent, and the new cost is reduced.
Optionally, the candidate node may further perform the following operation when receiving the certificate verification request sent by the query end:
step S51, in response to the certificate verification request, determining a block to be queried in the block chain according to the issuance time of the certificate to be verified indicated by the certificate verification request.
Specifically, in an implementation manner, the certificate verification request sent by the query end may be specifically sent to the candidate node closest to the query end. The query side can be a client side, or can also be a server side.
For example, fig. 3 is a schematic diagram of an application scenario provided by an embodiment of the present invention, and as shown in fig. 3, a server may request a CA blockchain network to issue a digital certificate, that is, the server may send an issuance request to the CA blockchain network. The client may request digital certificate authentication from the CA blockchain network, i.e., the client may send a certificate verification request to the CA blockchain network. Wherein, the CA block chain network can be regarded as a digital certificate management system, CA1、CA2、……、CAkMay be viewed as a node in a digital certificate management system. The CA block chain network provided by the embodiment of the invention can quickly verify the issued digital certificate, thereby ensuring the query efficiency of the digital certificate.
The certificate to be verified indicated by the certificate verification request may be a certificate carried in the certificate verification request. The issuing time of the certificate to be verified may be carried in the certificate verification request, or, when the digital certificate is issued, the generation time of the digital certificate may be written in the digital certificate as the issuing time, and accordingly, the candidate node may also obtain the issuing time from the certificate to be verified.
Further, in the case of creating a tile, each tile may be time stamped, and accordingly, the time stamp characterizing time of each tile in the tile chain may be taken as the creation time. Specifically, the block whose creation time coincides with the issuance time and m blocks before and/or after the block may be determined as the block to be queried. The specific value of m may be set according to actual requirements, and for example, m may be 1. Or, determining the block with the time difference between the creation time and the issuance time of the certificate to be verified smaller than a preset threshold as the block to be queried. The preset threshold may be determined according to actual conditions, for example, the preset threshold may be 0, or may also be 10 minutes, and the like.
Step S52, detecting whether the digital certificate in the block to be queried matches the certificate to be verified indicated by the certificate verification request.
The number of the blocks to be queried can be one or more, correspondingly, the digital certificates in the blocks to be queried can be respectively compared with the certificate to be verified, and if the digital certificates are consistent with the certificate to be verified, the digital certificates are determined to be matched with the certificate to be verified.
Optionally, in an implementation manner, the operation of creating a block based on a digital certificate generated by a candidate node may specifically include: and packaging the digital certificate and the public key of the candidate node into a block. As an example, each candidate node may directly perform CA traffic processing, i.e., packing digital certificate issuance records into blocks. Accordingly, the tile validity may subsequently be determined by a consensus algorithm. The issuing record at least comprises a digital certificate and a public key of the candidate node, and the block validity is determined through a consensus algorithm, namely Hash calculation is performed to determine the candidate block meeting the block uplink requirement. That is, the block to be queried also includes the public key of the candidate node that generated the digital certificate in the block to be queried. Accordingly, whether the digital certificate in the block to be queried and the certificate to be verified match can be verified based on the public key of the candidate node in the block to be queried. Specifically, the public key of the candidate node included in the block to be queried may be obtained first. And then, decrypting the encrypted certificate digest in the certificate to be verified by using the obtained public key, and obtaining the certificate digest based on the certificate content. If the acquired certificate digest is consistent with the decrypted certificate digest, it can be ensured that the certificate to be verified is matched with the digital certificate in the block to be queried. Otherwise, a mismatch may be determined. In the embodiment of the invention, the public key of the candidate node is further packaged when the block is created, so that the validity verification of the certificate can be conveniently realized subsequently based on the public key of the candidate node in the block, and the certificate inquiry efficiency can be improved to a certain extent.
It should be noted that, in the embodiment of the present invention, based on the identification information of the certificate to be verified, whether the certificate to be verified exists in the block to be queried may be quickly located by using the merkel tree structure, and in the presence, the verification may be performed based on the public key of the candidate node in the block to be queried. And whether the digital certificate in the block to be queried is matched with the certificate to be verified can be verified based on the public key of the candidate node positioned in the block to be queried with the certificate to be verified. Thus, the problem of resource waste caused by unnecessary verification operation can be avoided.
And step S53, returning effective indication information to the inquiry terminal under the condition of matching.
And step S54, returning invalid indication information to the inquiry terminal under the condition of no match.
In the embodiment of the present invention, the valid indication information may be used to represent that the certificate to be verified is valid, and the invalid indication information may be used to represent that the certificate to be verified is invalid.
In an existing process, when a server requests a CA center to authenticate a server digital certificate, a single CA center issues the digital certificate to the server. However, the single CA center is easily attacked due to the problem of centralization, and a single node failure occurs, so that the digital certificate issuance cannot be normally performed. Accordingly, in the existing process, the client needs to download and install the CA root certificate first, when the client communicates with the server, the client needs to request the server for the digital certificate first, the server returns the digital certificate of the server to the client, and the client verifies the validity of the digital certificate based on the local CA root certificate (i.e., the CA public key). Accordingly, under the condition that the digital certificate is verified to be valid, the server public key provided in the digital certificate can be determined to be provided by a legal server indeed, and can be used for verifying the identity of the server subsequently. However, the CA public key locally stored in the client is easily tampered, and in this way, in the case where the CA public key is easily tampered, communication security cannot be ensured.
In the embodiment of the invention, the digital certificate is stored in the block chain corresponding to the digital certificate management system, and the digital certificate is managed based on the block chain, so that tampering can be prevented to a certain extent. And under the condition that the candidate node receives a certificate verification request sent by the query end, responding to the certificate verification request, and determining the block to be queried in the block chain according to the issuance time of the certificate to be verified indicated by the certificate verification request. And detecting whether the digital certificate in the block to be inquired is matched with the certificate to be verified indicated by the certificate verification request. And if the matching is carried out, returning effective indication information to the inquiry end. And if the data are not matched, returning invalid indication information to the inquiry end. The method and the device can directly inquire from the block chain corresponding to the digital management system, and can avoid the problem that the communication safety can not be ensured under the condition that a CA public key is easily tampered because the candidate node receiving the certificate verification request carries out certificate verification based on the block chain and a local CA root certificate of a client is not needed.
Meanwhile, the blockchain network per se signs and issues the digital certificate, namely, the blockchain network per se serves as a CA center, the digital certificate signing, the authentication and the storage module are integrated in the structure, and the function of a single CA center is deconstructed to the whole blockchain network, so that decentralization is realized. Each blockchain link performs a request issuing packing process, and the CA certification records are stored in the blocks (i.e., creating candidate areas), and the blockchain network will eventually link up the required target blocks. That is to say, in the embodiment of the present invention, each block chain node performs a CA function, has no specific CA center, has no confirmation step of the CA center, and directly performs service processing. By adopting the flow structure, an attacker does not have a specific CA center to attack, the attacker can only attack the blockchain network, and under the condition that the attacker attacks the multi-node blockchain network, nodes with unaffected functions can still issue digital certificates. Therefore, the digital certificate management system based on decentralization can better resist attack, can ensure that the issuing process can be normally carried out to a certain extent, and ensures that the system can stably run. The block chain network provided by the embodiment of the invention can be regarded as an effective CA center, the system can stably run after being initialized, and the problem that the issuing process cannot be normally carried out due to single-point faults is solved, so that the stability of the system is ensured.
In addition, each block chain link point in the embodiment of the invention can provide complete functions of issuing, storing and inquiring, so that the capacity expansion can be realized only by adding nodes with the same function, the capacity expansion of the block chain network can be conveniently carried out to a certain extent, and the capacity expansion difficulty is reduced. Furthermore, a digital certificate can be generated only by multi-node joint signature, and a single management node still has the centralization problem and higher system coupling degree in a mode of verifying and returning the certificate, and the influence of single-node failure on the whole processing flow is larger. In the embodiment of the invention, each candidate node has the capability of generating the digital certificate, so that communication is not needed in the link of generating the digital certificate, the communication time consumption can be reduced to a certain extent, the embodiment of the invention can effectively avoid the centralization problem, the nodes are conveniently managed, and the whole processing flow is not influenced even if a single node fails. In the embodiment of the invention, each candidate node is simultaneously used as the CA center to issue the digital certificate without confirming the current CA center, so that the problems of centralization and high confirmation difficulty can be avoided.
Fig. 4 is a block diagram of a digital certificate processing apparatus according to an embodiment of the present invention, where the apparatus may be applied to any candidate node in a digital certificate management system including at least two candidate nodes, and the apparatus 20 may include:
a generating module 201, configured to respond to an issuing request sent by a requesting end, and generate a digital certificate according to a private key of the candidate node and related information carried in the issuing request;
a creating module 202 for creating a block including at least the digital certificate based on the digital certificate as a candidate block;
the first returning module 203 is configured to, if the candidate block meets a preset requirement, determine the candidate block as a target block, and return a digital certificate in the target block to the requesting end.
Optionally, the first returning module 203 is specifically configured to:
determining the candidate block as the target block if the candidate block meets a preset block uplink requirement;
the apparatus 20 further comprises: an adding module, configured to perform a block chaining operation on the target block, so as to add the target block to a block chain corresponding to the digital certificate management system; and the first execution module is used for executing the operation of returning the digital certificate in the target block to the request end after the successful addition.
Optionally, the adding module is specifically configured to:
adding the target block to a local blockchain of the candidate node, and broadcasting the target block to other nodes in the digital certificate management system, wherein the other nodes are used for executing validity verification operation on the target block and synchronizing the target block to the local blockchain if verification is passed.
Optionally, the validity verifying operation includes: verifying whether the public key of the request end belongs to the public key of the trusted end stored in the specified block of the block chain; and/or verifying whether the data format of the content in the target block conforms to a specified format; and/or verifying whether the target block meets the uplink requirement of the block.
Optionally, the apparatus 20 further includes:
the acquisition module is used for acquiring a public key of a trusted terminal stored in a specified block of the block chain;
and the second execution module is used for executing the operation of generating the digital certificate according to the private key of the candidate node and the relevant information carried in the issuing request under the condition that the public key of the request end belongs to the public key of the trusted end.
Optionally, the designated block is a created block in the block chain, and the created block is created according to a public key of each trusted end in an initialization link of the block chain.
Optionally, the apparatus 20 further includes:
the determining module is used for responding to the certificate verification request and determining the block to be inquired in the block chain according to the issuing time of the certificate to be verified indicated by the certificate verification request;
the detection module is used for detecting whether the digital certificate in the block to be inquired is matched with the certificate to be verified indicated by the certificate verification request;
the second returning module is used for returning effective indication information to the inquiry end under the condition of matching;
and the third returning module is used for returning invalid indication information to the inquiry end under the condition of unmatching.
Optionally, the creating module 202 is specifically configured to: packing the digital certificate and the public key of the candidate node into a block;
the detection module is specifically configured to:
and verifying whether the digital certificate in the block to be queried is matched with the certificate to be verified or not based on the public key of the candidate node in the block to be queried.
In summary, in the digital certificate processing apparatus provided in the embodiments of the present invention, any candidate node in the digital certificate management system responds to the issuance request sent by the request end, and generates a digital certificate according to the private key of the candidate node and the relevant information carried in the issuance request. Blocks including at least the digital certificate are created as candidate blocks based on the digital certificate. And under the condition that the candidate block meets the preset requirement, determining the candidate block as a target block, and returning the digital certificate in the target block to the request terminal. In the embodiment of the invention, a plurality of candidate nodes generate the digital certificate and finally return the digital certificate in the target block meeting the preset requirement to the request terminal, so that the digital certificate can be issued to a certain extent even if a single candidate node fails, and the issuing operation stability can be improved.
The invention also provides a digital certificate management system, which comprises at least two candidate nodes, wherein each candidate node is used for executing the digital certificate processing method of the embodiment.
The present invention also provides an electronic device, see fig. 5, comprising: a processor 901, a memory 902 and a computer program 9021 stored on and executable on the memory, the processor implementing the digital certificate processing method of the foregoing embodiment when executing the program.
The present invention also provides a readable storage medium, in which instructions, when executed by a processor of an electronic device, enable the electronic device to perform the digital certificate processing method of the foregoing embodiment.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
It should be noted that various information and data acquired in the embodiment of the present invention are acquired under the authorization of the information/data holder.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the invention and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. It will be appreciated by those skilled in the art that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in a sequencing device according to the present invention. The present invention may also be embodied as an apparatus or device program for carrying out a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (12)

1. A digital certificate processing method, applied to any candidate node in a digital certificate management system comprising at least two candidate nodes, the method comprising:
responding to an issuing request sent by a request end, and generating a digital certificate according to a private key of the candidate node and related information carried in the issuing request;
creating a block including at least the digital certificate based on the digital certificate as a candidate block;
and under the condition that the candidate block meets the preset requirement, determining the candidate block as a target block, and returning a digital certificate in the target block to the request terminal.
2. The method of claim 1, wherein the determining the candidate block as a target block if the candidate block meets a preset requirement comprises:
determining the candidate block as the target block if the candidate block meets a preset block uplink requirement;
before returning the digital certificate in the target block to the request terminal, the method further comprises: performing a block chaining operation on the target block to add the target block to a corresponding block chain of the digital certificate management system; after the successful addition, the operation of returning the digital certificate in the target block to the request end is executed.
3. The method of claim 2, wherein performing a block chaining operation on the target block to add the target block to a corresponding block chain of the digital certificate management system comprises:
adding the target block to a local blockchain of the candidate node, and broadcasting the target block to other nodes in the digital certificate management system, wherein the other nodes are used for executing validity verification operation on the target block and synchronizing the target block to the local blockchain if verification is passed.
4. The method of claim 3, wherein the validation operation comprises: verifying whether the public key of the request end belongs to the public key of the trusted end stored in the specified block of the block chain; and/or verifying whether the data format of the content in the target block conforms to a specified format; and/or verifying whether the target block meets the uplink requirement of the block.
5. The method according to claim 2, wherein before generating a digital certificate according to the private key of the candidate node and the related information carried in the issuance request, the method further comprises:
acquiring a public key of a trusted terminal stored in a designated block of the block chain;
and under the condition that the public key of the request end belongs to the public key of the trusted end, executing the operation of generating a digital certificate according to the private key of the candidate node and the relevant information carried in the issuing request.
6. The method according to claim 4 or 5, wherein the designated block is a created block in the block chain, and the created block is created according to a public key of each trusted side in an initialization process of the block chain.
7. The method according to claim 2, wherein in case that the candidate node receives a certificate verification request sent by a query side, the method further comprises:
responding to the certificate verification request, and determining a block to be queried in the block chain according to the issuing time of the certificate to be verified indicated by the certificate verification request;
detecting whether the digital certificate in the block to be inquired is matched with the certificate to be verified indicated by the certificate verification request;
under the condition of matching, returning effective indication information to the inquiry end;
and if the data are not matched, returning invalid indication information to the inquiry end.
8. The method of claim 7, wherein creating the block including at least the digital certificate based on the digital certificate comprises: packing the digital certificate and the public key of the candidate node into a block;
the detecting whether the digital certificate in the block to be queried matches the certificate to be verified indicated by the certificate verification request includes:
and verifying whether the digital certificate in the block to be queried is matched with the certificate to be verified or not based on the public key of the candidate node in the block to be queried.
9. A digital certificate processing apparatus, applied to any candidate node in a digital certificate management system including at least two candidate nodes, the apparatus comprising:
the generating module is used for responding to an issuing request sent by a request terminal and generating a digital certificate according to the private key of the candidate node and the related information carried in the issuing request;
a creation module for creating a block including at least the digital certificate as a candidate block based on the digital certificate;
the first returning module is used for determining the candidate block as a target block and returning the digital certificate in the target block to the request terminal under the condition that the candidate block meets the preset requirement.
10. A digital certificate management system, characterized in that the system comprises at least two candidate nodes, each candidate node being adapted to perform the method according to one or more of claims 1-8.
11. An electronic device, comprising:
processor, memory and computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to one or more of claims 1-8 when executing the program.
12. A readable storage medium, characterized in that instructions in the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the method of one or more of claims 1-8.
CN202111607544.0A 2021-12-23 2021-12-23 Digital certificate processing method and device, electronic equipment and readable storage medium Pending CN114422198A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111607544.0A CN114422198A (en) 2021-12-23 2021-12-23 Digital certificate processing method and device, electronic equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111607544.0A CN114422198A (en) 2021-12-23 2021-12-23 Digital certificate processing method and device, electronic equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN114422198A true CN114422198A (en) 2022-04-29

Family

ID=81268877

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111607544.0A Pending CN114422198A (en) 2021-12-23 2021-12-23 Digital certificate processing method and device, electronic equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN114422198A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117527268A (en) * 2024-01-08 2024-02-06 布比(北京)网络技术有限公司 Multi-party digital certificate verification method and system based on blockchain

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110598482A (en) * 2019-09-30 2019-12-20 腾讯科技(深圳)有限公司 Block chain-based digital certificate management method, device, equipment and storage medium
WO2020186827A1 (en) * 2019-03-21 2020-09-24 深圳壹账通智能科技有限公司 User authentication method and apparatus, computer device and computer-readable storage medium
CN112332980A (en) * 2020-11-13 2021-02-05 浙江数秦科技有限公司 Digital certificate signing and verifying method, equipment and storage medium
CN112398658A (en) * 2020-11-13 2021-02-23 浙江数秦科技有限公司 Distributed digital certificate management method, system, equipment and storage medium
CN112865982A (en) * 2017-07-26 2021-05-28 创新先进技术有限公司 Digital certificate management method and device and electronic equipment
CN113193961A (en) * 2021-04-29 2021-07-30 中国人民银行数字货币研究所 Digital certificate management method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112865982A (en) * 2017-07-26 2021-05-28 创新先进技术有限公司 Digital certificate management method and device and electronic equipment
WO2020186827A1 (en) * 2019-03-21 2020-09-24 深圳壹账通智能科技有限公司 User authentication method and apparatus, computer device and computer-readable storage medium
CN110598482A (en) * 2019-09-30 2019-12-20 腾讯科技(深圳)有限公司 Block chain-based digital certificate management method, device, equipment and storage medium
CN112332980A (en) * 2020-11-13 2021-02-05 浙江数秦科技有限公司 Digital certificate signing and verifying method, equipment and storage medium
CN112398658A (en) * 2020-11-13 2021-02-23 浙江数秦科技有限公司 Distributed digital certificate management method, system, equipment and storage medium
CN113193961A (en) * 2021-04-29 2021-07-30 中国人民银行数字货币研究所 Digital certificate management method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117527268A (en) * 2024-01-08 2024-02-06 布比(北京)网络技术有限公司 Multi-party digital certificate verification method and system based on blockchain
CN117527268B (en) * 2024-01-08 2024-03-22 布比(北京)网络技术有限公司 Multi-party digital certificate verification method and system based on blockchain

Similar Documents

Publication Publication Date Title
CN109409122B (en) File storage method, electronic device and storage medium
US11128477B2 (en) Electronic certification system
CN110084069B (en) Server log monitoring method and system based on block chain
US7673334B2 (en) Communication system and security assurance device
JP6684930B2 (en) Blockchain-based identity authentication method, device, node and system
CN102271042B (en) Certificate authorization method, system, universal serial bus (USB) Key equipment and server
KR100823738B1 (en) Method for integrity attestation of a computing platform hiding its configuration information
CN108259437B (en) HTTP access method, HTTP server and system
CN109413076B (en) Domain name resolution method and device
CN109039649B (en) Key management method and device based on block chain in CCN and storage medium
CN112399382A (en) Vehicle networking authentication method, device, equipment and medium based on block chain network
US8274401B2 (en) Secure data transfer in a communication system including portable meters
CN111538784B (en) Digital asset transaction method, device and storage medium based on blockchain
US20030018896A1 (en) Method, systems and computer program products for checking the validity of data
CN111970299A (en) Block chain-based distributed Internet of things equipment identity authentication device and method
US20200218830A1 (en) Method and server for certifying an electronic document
CN111108735A (en) Asset update service
CN107786515B (en) Certificate authentication method and equipment
US20210067507A1 (en) Information processing apparatus and processing method for the same
CN111865993B (en) Identity authentication management method, distributed system and readable storage medium
CN115001695B (en) Secure provisioning of baseboard management controller identities for platforms
CN112734431B (en) Method and device for querying Fabric Block Link book data
CN112311779B (en) Data access control method and device applied to block chain system
CN113708935B (en) Internet of things equipment unified authentication method and system based on block chain and PUF
CN113536284A (en) Method, device, equipment and storage medium for verifying digital certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination