CN115550060B - Trusted certificate verification method, device, equipment and medium based on block chain - Google Patents

Trusted certificate verification method, device, equipment and medium based on block chain Download PDF

Info

Publication number
CN115550060B
CN115550060B CN202211462551.0A CN202211462551A CN115550060B CN 115550060 B CN115550060 B CN 115550060B CN 202211462551 A CN202211462551 A CN 202211462551A CN 115550060 B CN115550060 B CN 115550060B
Authority
CN
China
Prior art keywords
information item
hash value
value
target information
hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211462551.0A
Other languages
Chinese (zh)
Other versions
CN115550060A (en
Inventor
张波
马若龙
郭世杰
聂凡杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Academy of Information and Communications Technology CAICT
Original Assignee
China Academy of Information and Communications Technology CAICT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Academy of Information and Communications Technology CAICT filed Critical China Academy of Information and Communications Technology CAICT
Priority to CN202211462551.0A priority Critical patent/CN115550060B/en
Publication of CN115550060A publication Critical patent/CN115550060A/en
Application granted granted Critical
Publication of CN115550060B publication Critical patent/CN115550060B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Abstract

The embodiment of the disclosure discloses a block chain-based trusted certificate verification method, a block chain-based trusted certificate verification device, block chain-based trusted certificate verification equipment and a block chain-based trusted certificate verification medium, which relate to the field of block chains, wherein the block chain-based trusted certificate verification method comprises the following steps: in response to receiving a verification request sent by a verifier, obtaining a trusted certificate and a digital signature thereof from a block chain, wherein the verification request comprises a target information item which the verifier expects to verify; based on the target information item, extracting partial information related to the verification target information item from the trusted certificate as to-be-verified information; generating a trusted declaration based on the information to be verified and the digital signature; the trusted declaration is sent to the verifier in order for the verifier to verify the target information item. According to the verification request, corresponding contents in the trusted certificate are selectively disclosed, and other contents irrelevant to the verification request are not disclosed, so that the risk of leakage of other contents irrelevant to the verification request can be reduced, and the security of information in the verification process of the trusted certificate is improved.

Description

Trusted certificate verification method, device, equipment and medium based on block chain
Technical Field
The present disclosure relates to the field of blockchain technologies, and in particular, to a method, an apparatus, a device, and a medium for verifying a trusted certificate based on a blockchain.
Background
The credible certificate is a digital expression of a physical certificate in the real world, and the technical characteristic of the credible certificate is to apply a cryptographic technology to a data calculation and storage process so as to provide credible certification and privacy protection for data. Generally, after a data content is signed by a data issuer (also called a prover) and a digital signature is attached to the data content, a licensee can assemble a trusted certificate and the digital signature into a trusted declaration for a verifier to verify the authenticity and integrity of the data therein.
In the related art, when the verifier needs to verify part of the data in the trusted certificate, the certifier needs to show the whole trusted certificate, which causes the risk of leakage of other data in the trusted certificate that is unrelated to the data to be verified.
Disclosure of Invention
The embodiment of the disclosure provides a block chain-based trusted certificate verification method, device, equipment and medium.
In one aspect of the embodiments of the present disclosure, a method for verifying a trusted certificate based on a block chain is provided, including: in response to receiving a verification request sent by a verifier, obtaining a trusted certificate and a digital signature thereof from a block chain, wherein the verification request comprises a target information item which the verifier expects to verify; based on the target information item, extracting partial information related to the verification target information item from the trusted certificate as to-be-verified information; generating a credible statement based on the information to be verified and the digital signature; the trusted declaration is sent to the verifier so that the verifier verifies the target information item.
In some embodiments, extracting, from the trusted certificate, partial information related to the verification target information item based on the target information item, as the information to be verified, includes: extracting an original value, a salt value and a first hash value of the target information item from the trusted certificate based on the target information item, wherein the first hash value of the target information item is obtained by hashing the original value of the target information item after salt addition; extracting first hash values of other information items except the target information item from the trusted certificate, wherein the first hash values of the other information items are obtained by hashing original values of the other information items after salt addition; and determining the original value, the salt value, the first hash value and the first hash values of other items of the target information item as the information to be verified.
In some embodiments, the method further comprises the step of generating the trusted certificate as follows: acquiring an original value and a salt value of each information item; adding salt to the original value of each information item based on the original value and the salt value of each information item to obtain the original value of each information item after the salt is added; carrying out hash processing on the original value after the salt is added to obtain a first hash value of each information item; carrying out hash processing on the first hash value of each information item to obtain a second hash value; signing the second hash value to obtain a digital signature; and generating a trusted certificate based on the digital signature and the original value, the salt value and the first hash value of each information item.
In some embodiments, the verifier verifies the target information item by: extracting a digital signature from the credible statement and acquiring a public key corresponding to the digital signature; verifying the digital signature by using the public key; in response to the digital signature passing the verification, extracting a second hash value from the digital signature; verifying the first hash value of each information item included in the credibility statement based on the second hash value; extracting the first hash value of the target information item from the digital signature in response to the first hash value of each information item passing verification; and verifying the original value of the target information item based on the first hash value of the target information item.
In some embodiments, verifying the first hash value of each information item included in the trusted declaration based on the second hash value includes: in response to the digital signature being verified, extracting a first hash value for each information item from the trusted declaration; carrying out hash processing on the first hash value of each information item to obtain a temporary second hash value; and comparing the temporary second hash value with the second hash value to verify the first hash value of each information item.
In some embodiments, verifying the original value of the target information item based on the first hash value of the target information item comprises: in response to the first hash value of each information item passing verification, extracting an original value, a salt value and a first hash value of a target information item from the credibility statement; performing salting and hash processing on an original value of a target information item to obtain a temporary first hash value; and comparing the temporary first hash value with the first hash value of the target information item to verify the original value of the target information item.
According to another aspect of the embodiments of the present disclosure, there is provided a block chain-based trusted certificate verification apparatus, including: the certificate acquisition unit is configured to acquire the trusted certificate and the digital signature thereof from the block chain in response to receiving a verification request sent by a verifier, wherein the verification request comprises a target information item which the verifier desires to verify; an information extraction unit configured to extract partial information related to the verification target information item from the trusted certificate as information to be verified, based on the target information item; a declaration assembling unit configured to generate a trusted declaration based on the information to be verified and the digital signature; a declaration sending unit configured to send the trusted declaration to the verifier so that the verifier verifies the target information item.
In some embodiments, the information extraction unit further comprises: the first extraction module is configured to extract an original value, a salt value and a first hash value of a target information item from the trusted certificate based on the target information item, wherein the first hash value of the target information item is obtained by hashing the original value of the target information item after salt addition; the second extraction module is configured to extract first hash values of other information items except the target information item from the trusted certificate, wherein the first hash values of the other information items are obtained by hashing original values of the other information items after salt addition; and the information determining module is configured to determine the original value, the salt value, the first hash value and the first hash values of other items of the target information item as the information to be verified.
According to still another aspect of an embodiment of the present disclosure, there is provided an electronic device including: a memory for storing a computer program product; a processor for executing the computer program product stored in the memory, and when the computer program product is executed, the method of any of the above embodiments is implemented.
According to yet another aspect of an embodiment of the present disclosure, there is provided a computer-readable storage medium having stored thereon computer program instructions, which, when executed by a processor, implement the method in any of the above embodiments.
According to the block chain-based trusted certificate verification method provided by the embodiment of the disclosure, part of information related to the verification target information item can be extracted from the trusted certificate according to the verification request of the verifier to serve as the information to be verified, and the information to be verified and the digital signature are assembled into the trusted declaration so that the verifier can verify the target information item. According to the verification request, corresponding contents in the trusted certificate are selectively disclosed, and other contents irrelevant to the verification request are not disclosed, so that the risk of leakage of other contents irrelevant to the verification request can be reduced, and the security of information in the verification process of the trusted certificate is improved.
The technical solution of the present disclosure is further described in detail by the accompanying drawings and examples.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings, in which:
fig. 1 is a schematic view of a scenario in which the block chain-based trusted certificate verification method of the present disclosure is applied;
FIG. 2 is a flowchart illustrating an embodiment of a method for verifying a trusted certificate based on a blockchain according to the present disclosure;
fig. 3 is a schematic flowchart of extracting information to be verified in an embodiment of the block chain-based trusted certificate verification method according to the present disclosure;
FIG. 4 is a schematic flowchart illustrating the generation of a trusted certificate in an embodiment of the block chain-based trusted certificate verification method according to the present disclosure;
FIG. 5 is a schematic flowchart illustrating verification of a target information item in an embodiment of the block chain-based trusted certificate verification method according to the present disclosure;
FIG. 6 is a block diagram of an embodiment of a trusted certificate authority based on a blockchain according to the present disclosure;
fig. 7 is a schematic structural diagram of an application embodiment of the electronic device of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
It will be understood by those of skill in the art that the terms "first," "second," and the like in the embodiments of the present disclosure are used merely to distinguish one element from another, and are not intended to imply any particular technical meaning, nor is the necessary logical order between them.
It is also understood that in embodiments of the present disclosure, "a plurality" may refer to two or more and "at least one" may refer to one, two or more.
It is also to be understood that any reference to any component, data, or structure in the embodiments of the disclosure, may be generally understood as one or more, unless explicitly defined otherwise or stated otherwise.
In addition, the term "and/or" in the present disclosure is only one kind of association relationship describing the association object, and indicates that three relationships may exist, for example, a and/or B, may indicate: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in the present disclosure generally indicates that the former and latter associated objects are in an "or" relationship.
It should also be understood that the description of the various embodiments of the present disclosure emphasizes the differences between the various embodiments, and the same or similar parts may be referred to each other, so that the descriptions thereof are omitted for brevity.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
The disclosed embodiments may be applied to electronic devices such as terminal devices, computer systems, servers, etc., which are operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known terminal devices, computing systems, environments, and/or configurations that may be suitable for use with electronic devices, such as terminal devices, computer systems, servers, and the like, include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set-top boxes, programmable consumer electronics, networked personal computers, minicomputer systems, mainframe computer systems, distributed cloud computing environments that include any of the above, and the like.
Electronic devices such as terminal devices, computer systems, servers, etc. may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc. that perform particular tasks or implement particular abstract data types. The computer system/server may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computer system storage media including memory storage devices.
In the process of implementing the present disclosure, the inventors found that, in the current trusted certificate verification process, no matter a verifier requests to verify all contents of the trusted certificate or only verifies part of the contents of the trusted certificate, the whole trusted certificate needs to be presented by a licensee, which results in a risk of revealing data unrelated to the verification request.
The block chain-based trusted certificate verification method of the present disclosure is exemplarily described below with reference to fig. 1, where fig. 1 shows a schematic view of a scenario to which the block chain-based trusted certificate verification method of the present disclosure is applicable. As shown in fig. 1, the trusted certificate 100 may include a name information item and an age information item of the licensee 110, where each information item may include an original value (value) of the information, a salt value (salt), and a hash value (hash), where the original value represents an actual value of the information, the salt value represents a parameter value obtained by salting the original value of the information, and the hash value represents a parameter value obtained by hashing the salted original value. In addition, the trusted certificate 100 may further include a digital signature 160 generated by signing each information item by the issuer, that is, sign on (name. Hash, age. Hash) in fig. 1.
The blockchain 130 may include a plurality of service nodes and backbone nodes for storing the trusted certificate 100 and its digital signature 160.
The verifier 110 may send a verification request to the prover 120 according to actual needs, which may be, for example, a request for verification age (age). After the authenticator 120 receives the authentication request, it may obtain the trusted certificate 100 and the digital signature 160 thereof from the blockchain 130, and then extract part of information related to the age information item from the trusted certificate 100 as the information to be authenticated 150, for example, an original value (age.value), a salt value (age.salt), a hash value (age.hash) and a hash value (name.hash) of the Name information item; the information to be verified 150 and the digital signature 160 are then assembled into a trusted claim 140, and the trusted claim 140 is sent to the verifier 110 to facilitate the verifier in verifying the age information of the prover 120.
The block chain based trusted certificate verification method of the present disclosure is exemplarily described below with reference to fig. 2, and as shown in fig. 2, an embodiment of the block chain based trusted certificate verification method of the present disclosure includes the following steps.
Step 210, in response to receiving a verification request sent by a verifier, obtaining a trusted certificate and a digital signature thereof from a blockchain.
The verification request comprises a target information item which the verifier desires to verify.
In this embodiment, the digital signature is a digital certificate obtained by a certificate issuer signing the content in the trusted certificate, and the digital signature may be attached to the trusted certificate or separately stored in the block chain.
As an example, the digital signature may only sign the hash value of each information item in the trusted certificate, and ignore the original value and the salt value of each information item, so that, when the digital signature is verified, only the hash value of each information item can be obtained, and the original value and the salt value of each information item cannot be obtained, which may reduce the risk of information leakage.
And step 220, extracting partial information related to the verification target information item from the trusted certificate based on the target information item, wherein the partial information is used as the information to be verified.
In this embodiment, the information to be verified includes both partial information related to the target information item and the original values of the other information items in the trusted certificate.
Continuing with the example in fig. 1, if the target information item included in the verification request is an Age (Age) information item, the information to be verified only includes the original value, the salt value, the hash value, and the hash value of the Name information item, but does not include the original value and the salt value of the Name information item.
Step 230, generating a trusted declaration based on the information to be verified and the digital signature.
In this embodiment, the trusted declaration represents a verifiable digital certificate presented by the certifier to the verifier, and is assembled from the information to be verified and the digital signature.
Step 240, the trusted declaration is sent to the verifier so that the verifier verifies the target information item.
According to the block chain-based trusted certificate verification method provided by the embodiment of the disclosure, according to the verification request of the verifier, part of information related to the verification target information item is extracted from the trusted certificate and is used as the information to be verified, and the information to be verified and the digital signature are assembled into the trusted declaration so that the verifier can verify the target information item. According to the verification request, corresponding contents in the trusted certificate are selectively disclosed, and other contents irrelevant to the verification request are not disclosed, so that the risk of leakage of other contents irrelevant to the verification request can be reduced, and the security of information in the verification process of the trusted certificate is improved.
Referring next to fig. 3, fig. 3 shows a flowchart of extracting information to be authenticated in an embodiment of the block chain-based trusted certificate authentication method of the present disclosure, and as shown in fig. 3, the flowchart includes the following steps.
And step 310, extracting the original value, the salt value and the first hash value of the target information item from the trusted certificate based on the target information item.
The first hash value of the target information item is obtained by hashing the original value of the target information item after the salt is added.
In the present embodiment, the original value of the target information item represents the true value of the target information item, and the salt value of the target information item represents the parameter value at the time of salt addition processing of the original value of the target information item.
And step 320, extracting first hash values of other information items except the target information item from the trusted certificate.
And the first hash values of the other information items are obtained by hashing the original values of the other information items after salt addition.
Continuing with the example of fig. 1, the target information item is an age information item, the other information items are Name information items, and the first hash value (Name _ hash) of the Name information item is obtained by hashing the salted original value (Name _ value) of the Name information item.
And step 330, determining the original value, the salt value, the first hash value and the first hash values of other information items of the target information item as information to be verified.
Continuing with the example described in connection with fig. 1, the target information item is an age information item, and the information to be verified may include an original value (age.value) of the age information item, a salt value (age.salt), a hash value (age.hash), and a hash value (name.hash) of the Name information item.
The embodiment shown in fig. 3 embodies the step of determining the original value, the salt value, the first hash value of the target information item and the first hash values of other information items as the information to be verified, and can avoid revealing the original values of other information items to the verifier, thereby reducing the risk of leakage of other information items.
Referring next to fig. 4, fig. 4 shows a flowchart of generating a trusted certificate in an embodiment of the block chain-based trusted certificate verification method of the present disclosure, and as shown in fig. 4, the flowchart includes the following steps.
And step 410, acquiring the original value and the salt value of each information item.
And step 420, adding salt to the original value of each information item based on the original value and the salt value of each information item to obtain the original value of each information item after salt addition.
And 430, hashing the original value after the salt is added to obtain a first hash value of each information item.
Step 440, hashing the first hash value of each information item to obtain a second hash value.
Continuing with the example of fig. 1, the first Hash value of each information item includes a first Hash value of an Age information item (Age Hash) and a first Hash value of a Name information item (Name Hash), and the second Hash value is a Hash value obtained by hashing the Age Hash and the Name Hash using a one-way Hash function.
And step 450, signing the second hash value to obtain a digital signature.
In this embodiment, the second hash value may be encrypted by using a private key to obtain a digital signature.
The digital signature uses two technologies of 'asymmetric key encryption and decryption' and 'digital digest' to realize an effect similar to a paper physical signature. The digital abstract is a string of ciphertext with fixed length which is obtained by hashing the plaintext to be encrypted by adopting a one-way Hash function, the string of ciphertext is also called a digital fingerprint and has fixed length, different plaintext abstracts are used as the ciphertext, the result is always different, and the method can be used for ensuring the integrity of data and preventing falsification. The digital digest may then be encrypted using a private key, and the resulting string, i.e., the digital signature. The verifier can decrypt the digital signature according to the corresponding public key to obtain the digital abstract and verify whether the abstract data is correct.
In this embodiment, the digital digest is a second hash value, and the second hash value is encrypted by using a private key, so as to obtain the digital signature.
And 460, generating a trusted certificate based on the digital signature and the original value, the salt value and the first hash value of each information item.
In the embodiment shown in fig. 4, the first hash value of each information item may be hashed to generate a second hash value, and only the second hash value is signed to generate a digital signature, so that the digital signature only includes the second hash value, but does not include the original value and the salt value of each information item, the digital signature may be decrypted and verified by the verifier only by providing the first hash value of each information item, and when the digital signature is decrypted by the verifier, only the second hash value may be obtained, but the original value and the salt value of each information item may not be obtained, which is beneficial to further reducing the risk of information leakage.
Referring now to fig. 5, fig. 5 illustrates a flowchart of verifying a target information item in an embodiment of the block chain-based trusted certificate verification method of the present disclosure, where the flowchart includes the following steps, as shown in fig. 5.
And 510, extracting the digital signature from the credible statement and acquiring a public key corresponding to the digital signature.
As an example, the public key may be stored in the blockchain in advance, and the verifier may obtain the corresponding public key from the blockchain according to the digital signature.
Step 520, the digital signature is verified using the public key.
As an example, the digital signature is successfully decrypted by using the public key, i.e., the digital signature is determined to be authentic and complete, and the digital signature can be determined to be verified at this time.
Step 530, in response to the digital signature being verified, a second hash value is extracted from the digital signature.
And 540, verifying the first hash value of each information item included in the credibility statement based on the second hash value.
In this embodiment, since the second hash value is obtained by hashing the first hash value of each information item, the authenticity of the first hash value of each information item included in the trust declaration can be verified using the second hash value.
Specifically, if the first hash value of each information item included in the trusted declaration is hashed, a second hash value can be obtained, which indicates that the first hash value of each information item included in the trusted declaration is real, and otherwise, indicates that the first hash value of each information item included in the trusted declaration has false content.
In some optional implementations of this embodiment, the step may further include: responsive to the digital signature being verified, extracting a first hash value for each information item from the trusted declaration; carrying out hash processing on the first hash value of each information item to obtain a temporary second hash value; and comparing the temporary second hash value with the second hash value to verify the first hash value of each information item.
In the present embodiment, the provisional second hash value represents a hash value obtained by the verifier performing hash processing on the first hash value of each information item included in the trusted declaration. If the temporary second hash value is the same as the second hash value, the first hash value of each information item included in the credibility statement is true and credible, and otherwise, the first hash value of each information item included in the credibility statement has false content.
Step 550, in response to the first hash value of each information item passing verification, extracts the first hash value of the target information item from the digital signature.
Step 560, verifying the original value of the target information item based on the first hash value of the target information item.
In this embodiment, since the first hash value of the target information item is obtained by hashing the original value of the target information item after adding salt, the original value of the target information item provided in the trusted declaration can be verified by using the first hash value of the target information item. Specifically, if the first hash value in the digital signature can be obtained through the original value of the target information item in the trusted declaration, it indicates that the original value of the target information item in the trusted declaration is true, and otherwise, it indicates that the original value of the target information item in the trusted declaration is false.
In some optional implementations of this embodiment, the step may include: in response to the first hash value of each information item passing verification, extracting an original value, a salt value and a first hash value of a target information item from the credibility statement; performing salting and hash processing on an original value of a target information item to obtain a temporary first hash value; and comparing the temporary first hash value with the first hash value of the target information item to verify the original value of the target information item.
In this embodiment, the temporary first hash value represents a hash value obtained by hashing an original value and a salt value of the target information item in the trusted declaration by the certifying party, and the authenticity of the target information item can be verified by comparing the temporary first hash value with the first hash value in the digital signature. Specifically, if the temporary first hash value is the same as the first hash value, it indicates that the original value of the target information item provided by the trusted declaration is true, and otherwise, it indicates that the original value of the target information item provided by the trusted declaration is false.
In the embodiment shown in fig. 5, the public key may be used to verify the correctness of the digital signature, and then the second hash value in the digital signature is used to verify the authenticity of the first hash value of each information item provided in the trusted declaration, and then the first hash value of the target information item in the digital signature is used to verify the authenticity of the original value of the target information item provided in the trusted declaration, so that the content in the trusted declaration may be fully verified from three different granularities, and the false information in the trusted declaration may be effectively identified, which is helpful to improve the pertinence and reliability of the trusted declaration formed by doping the real information and the false information.
Referring now to fig. 6, fig. 6 is a schematic block diagram illustrating an embodiment of a block chain-based trusted certificate authority according to the present disclosure, where, as shown in fig. 6, the apparatus includes: a certificate acquisition unit 610 configured to acquire, from the blockchain, the trusted certificate and the digital signature thereof in response to receiving a verification request sent by the verifier, the verification request including a target information item that the verifier desires to verify; an information extraction unit 620 configured to extract, based on the target information item, partial information related to the verification target information item from the trusted certificate as information to be verified; a claim assembling unit 630 configured to generate a trusted claim based on the information to be verified and the digital signature; a declaration sending unit 640 configured to send the trusted declaration to the verifier so that the verifier verifies the target information item.
In one embodiment, the information extracting unit 620 further includes: the first extraction module is configured to extract an original value, a salt value and a first hash value of a target information item from the trusted certificate based on the target information item, wherein the first hash value of the target information item is obtained by hashing the original value of the target information item after being salted; the second extraction module is configured to extract first hash values of other information items except the target information item from the trusted certificate, wherein the first hash values of the other information items are obtained by hashing original values of the other information items after salt addition; an information determination module configured to determine an original value, a salt value, a first hash value of the target information item, and first hash values of other items as information to be verified.
In one embodiment, the apparatus further includes a certificate generation unit configured to: acquiring an original value and a salt value of each information item; adding salt to the original value of each information item based on the original value and the salt value of each information item to obtain the original value of each information item after the salt is added; carrying out hash processing on the original value after the salt is added to obtain a first hash value of each information item; carrying out hash processing on the first hash value of each information item to obtain a second hash value; signing the second hash value to obtain a digital signature; and generating a trusted certificate based on the digital signature and the original value, the salt value and the first hash value of each information item.
In one embodiment, the apparatus further includes a certificate verification unit, including: the public key acquisition module is configured to extract a digital signature from the credible declaration and acquire a public key corresponding to the digital signature; a signature verification module configured to verify the digital signature using the public key; a first extraction module configured to extract a second hash value from the digital signature in response to the digital signature being verified; a first verification module configured to verify a first hash value of each information item included in the trusted declaration based on the second hash value; a second extraction module configured to extract the first hash value of the target information item from the digital signature in response to the first hash value of each information item being verified; a second verification module configured to verify an original value of the target information item based on the first hash value of the target information item.
In one embodiment, the first authentication module is further configured to: in response to the digital signature being verified, extracting a first hash value for each information item from the trusted declaration; hashing the first hash value of each information item to obtain a temporary second hash value; and comparing the temporary second hash value with the second hash value to verify the first hash value of each information item.
In one embodiment, the second authentication module is further configured to: in response to the first hash value of each information item passing verification, extracting an original value, a salt value and a first hash value of a target information item from the credibility statement; performing salting and hashing processing on an original value of a target information item to obtain a temporary first hash value; and comparing the temporary first hash value with the first hash value of the target information item to verify the original value of the target information item.
Fig. 7 is a schematic structural diagram of an embodiment of an electronic device according to the present disclosure. Next, an electronic apparatus according to an embodiment of the present disclosure is described with reference to fig. 7.
As shown in fig. 7, the electronic device includes one or more processors and memory.
The processor may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device to perform desired functions.
The memory may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, random Access Memory (RAM), cache memory (cache), and/or the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, etc. One or more computer program instructions may be stored on the computer-readable storage medium and executed by a processor to implement the blockchain-based trusted certificate verification methods of the various embodiments of the present disclosure described above and/or other desired functionality.
In one example, the electronic device may further include: an input device and an output device, which are interconnected by a bus system and/or other form of connection mechanism (not shown).
The input device may also include, for example, a keyboard, a mouse, and the like.
The output device may output various information including the determined distance information, direction information, and the like to the outside. The output devices may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, among others.
Of course, for simplicity, only some of the components of the electronic device relevant to the present disclosure are shown in fig. 7, omitting components such as buses, input/output interfaces, and the like. In addition, the electronic device may include any other suitable components, depending on the particular application.
In addition to the above methods and apparatus, embodiments of the present disclosure may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform the steps in the block chain based trusted certificate verification method according to various embodiments of the present disclosure described in the above section of this specification.
The computer program product may write program code for carrying out operations for embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform the steps in the block chain based trusted certificate verification method according to various embodiments of the present disclosure described in the above section of this specification.
The computer-readable storage medium may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The foregoing describes the general principles of the present disclosure in conjunction with specific embodiments, however, it is noted that the advantages, effects, etc. mentioned in the present disclosure are merely examples and are not limiting, and they should not be considered essential to the various embodiments of the present disclosure. Furthermore, the foregoing disclosure of specific details is for the purpose of illustration and description and is not intended to be limiting, since the disclosure is not intended to be limited to the specific details so described.
In the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts in the embodiments are referred to each other. For the system embodiment, since it basically corresponds to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The block diagrams of devices, apparatuses, systems referred to in this disclosure are only given as illustrative examples and are not intended to require or imply that the connections, arrangements, configurations, etc. must be made in the manner shown in the block diagrams. These devices, apparatuses, devices, systems may be connected, arranged, configured in any manner, as will be appreciated by one skilled in the art. Words such as "including," "comprising," "having," and the like are open-ended words that mean "including, but not limited to," and are used interchangeably herein. The words "or" and "as used herein mean, and are used interchangeably with, the word" and/or, "unless the context clearly dictates otherwise. The word "such as" is used herein to mean, and is used interchangeably with, the phrase "such as but not limited to".
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the apparatus, devices, and methods of the present disclosure, various components or steps may be broken down and/or re-combined. These decompositions and/or recombinations are to be considered equivalents of the present disclosure.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, the description is not intended to limit embodiments of the disclosure to the form disclosed herein. While a number of example aspects and embodiments have been discussed above, those of skill in the art will recognize certain variations, modifications, alterations, additions and sub-combinations thereof.

Claims (8)

1. A block chain-based trusted certificate verification method is characterized by comprising the following steps:
in response to receiving a verification request sent by a verifier, obtaining a trusted certificate and a digital signature thereof from a blockchain, wherein the verification request comprises a target information item which the verifier desires to verify;
based on the target information item, extracting partial information related to the verification of the target information item from the trusted certificate as to-be-verified information;
generating a credible statement based on the information to be verified and the digital signature;
sending the trusted declaration to the verifier so that the verifier verifies the target information item;
based on the target information item, extracting partial information related to verification of the target information item from the trusted certificate, as to-be-verified information, including: extracting an original value, a salt value and a first hash value of the target information item from the trusted certificate based on the target information item, wherein the first hash value of the target information item is obtained by hashing the original value of the target information item after being added with salt; extracting first hash values of other information items except the target information item from the trusted certificate, wherein the first hash values of the other information items are obtained by hashing original values of the other information items after salt addition; and determining the original value, the salt value and the first hash value of the target information item and the first hash values of the other information items as the information to be verified.
2. The method of claim 1, further comprising the step of generating the trusted certificate by:
acquiring an original value and a salt value of each information item;
based on the original value and the salt value of each information item, adding salt to the original value of each information item to obtain the original value of each information item after adding salt;
carrying out hash processing on the original value after the salt is added to obtain a first hash value of each information item;
carrying out hash processing on the first hash value of each information item to obtain a second hash value;
signing the second hash value to obtain the digital signature;
and generating the trusted certificate based on the digital signature and the original value, the salt value and the first hash value of each information item.
3. The method of claim 2, wherein the verifier verifies the target information item by:
extracting the digital signature from the credible statement and acquiring a public key corresponding to the digital signature;
verifying the digital signature by using the public key;
in response to the digital signature being verified, extracting the second hash value from the digital signature;
verifying the first hash value of each information item included in the credible declaration based on the second hash value;
extracting the first hash value of the target information item from the digital signature in response to the first hash value of each information item being verified;
and verifying the original value of the target information item based on the first hash value of the target information item.
4. The method according to claim 3, wherein the verifying the first hash value of each information item included in the trusted declaration based on the second hash value comprises:
in response to the digital signature verifying, extracting a first hash value of the respective information item from the trusted declaration;
hashing the first hash value of each information item to obtain a temporary second hash value;
and comparing the temporary second hash value with the second hash value to verify the first hash value of each information item.
5. The method of claim 4, wherein verifying the original value of the target information item based on the first hash value of the target information item comprises:
in response to the first hash value of each information item passing verification, extracting the original value, the salt value and the first hash value of the target information item from the credible declaration;
performing salting and hashing processing on the original value of the target information item to obtain a temporary first hash value;
and comparing the temporary first hash value with the first hash value of the target information item to verify the original value of the target information item.
6. A block chain-based trusted certificate verification apparatus, comprising:
a certificate acquisition unit configured to acquire a trusted certificate and a digital signature thereof from a blockchain in response to receiving a verification request sent by a verifier, the verification request including a target information item that the verifier desires to verify;
an information extraction unit configured to extract partial information related to verification of the target information item from the trusted certificate as information to be verified, based on the target information item;
a declaration assembling unit configured to generate a trusted declaration based on the information to be verified and the digital signature;
a declaration sending unit configured to send the trusted declaration to the verifier in order for the verifier to verify the target information item;
wherein the information extraction unit further comprises: a first extraction module configured to extract, from the trusted certificate, an original value, a salt value, and a first hash value of the target information item based on the target information item, where the first hash value of the target information item is obtained by hashing the original value of the target information item after adding salt; a second extraction module configured to extract a first hash value of an information item other than the target information item from the trusted certificate, where the first hash value of the other information item is obtained by hashing a salted original value of the other information item; an information determining module configured to determine an original value, a salt value, a first hash value of the target information item and a first hash value of the other information item as the information to be verified.
7. An electronic device, comprising: a memory for storing a computer program product; a processor for executing the computer program product stored in the memory, and when executed, implementing the method of any of the preceding claims 1-5.
8. A computer-readable storage medium having computer program instructions stored thereon, which, when executed by a processor, implement the method of any of claims 1-5.
CN202211462551.0A 2022-11-22 2022-11-22 Trusted certificate verification method, device, equipment and medium based on block chain Active CN115550060B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211462551.0A CN115550060B (en) 2022-11-22 2022-11-22 Trusted certificate verification method, device, equipment and medium based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211462551.0A CN115550060B (en) 2022-11-22 2022-11-22 Trusted certificate verification method, device, equipment and medium based on block chain

Publications (2)

Publication Number Publication Date
CN115550060A CN115550060A (en) 2022-12-30
CN115550060B true CN115550060B (en) 2023-03-14

Family

ID=84721499

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211462551.0A Active CN115550060B (en) 2022-11-22 2022-11-22 Trusted certificate verification method, device, equipment and medium based on block chain

Country Status (1)

Country Link
CN (1) CN115550060B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116886319A (en) * 2023-09-08 2023-10-13 海马云(天津)信息技术有限公司 Certificate verification method and device and communication equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110493011A (en) * 2019-09-26 2019-11-22 腾讯科技(深圳)有限公司 Certificate authority management method and device based on block chain
CN111092737A (en) * 2019-12-27 2020-05-01 上海市数字证书认证中心有限公司 Digital certificate management method and device and block link points
CN112380287A (en) * 2020-11-13 2021-02-19 浙江数秦科技有限公司 Distributed credible statement generation method, system, equipment and storage medium
WO2021068636A1 (en) * 2019-10-11 2021-04-15 支付宝(杭州)信息技术有限公司 Block chain-based creation method, apparatus, device and system for verifiable claim
WO2022042301A1 (en) * 2020-08-26 2022-03-03 腾讯科技(深圳)有限公司 Data processing method and apparatus, smart device and storage medium
CN114201781A (en) * 2021-12-14 2022-03-18 深圳市电子商务安全证书管理有限公司 Block chain-based storage verification method and device, computer equipment and medium
CN115037478A (en) * 2022-06-07 2022-09-09 浙江网商银行股份有限公司 File signing method and device based on block chain

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111090876B (en) * 2020-03-18 2020-07-17 支付宝(杭州)信息技术有限公司 Contract calling method and device
DE102020128685A1 (en) * 2020-10-30 2022-05-05 Bundesdruckerei Gmbh Blockchain-based digital document system
CN113014392B (en) * 2021-02-19 2022-04-08 湖南大学 Block chain-based digital certificate management method, system, equipment and storage medium
CN114338054B (en) * 2022-03-17 2022-06-07 北京笔新互联网科技有限公司 Block chain trusted data transmission, verification and acquisition method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110493011A (en) * 2019-09-26 2019-11-22 腾讯科技(深圳)有限公司 Certificate authority management method and device based on block chain
WO2021068636A1 (en) * 2019-10-11 2021-04-15 支付宝(杭州)信息技术有限公司 Block chain-based creation method, apparatus, device and system for verifiable claim
CN111092737A (en) * 2019-12-27 2020-05-01 上海市数字证书认证中心有限公司 Digital certificate management method and device and block link points
WO2022042301A1 (en) * 2020-08-26 2022-03-03 腾讯科技(深圳)有限公司 Data processing method and apparatus, smart device and storage medium
CN112380287A (en) * 2020-11-13 2021-02-19 浙江数秦科技有限公司 Distributed credible statement generation method, system, equipment and storage medium
CN114201781A (en) * 2021-12-14 2022-03-18 深圳市电子商务安全证书管理有限公司 Block chain-based storage verification method and device, computer equipment and medium
CN115037478A (en) * 2022-06-07 2022-09-09 浙江网商银行股份有限公司 File signing method and device based on block chain

Also Published As

Publication number Publication date
CN115550060A (en) 2022-12-30

Similar Documents

Publication Publication Date Title
CN111066286B (en) Retrieving common data for blockchain networks using high availability trusted execution environments
US10609039B2 (en) Traitor tracing for obfuscated credentials
US11036861B2 (en) Host attestation
US11757641B2 (en) Decentralized data authentication
US10834117B2 (en) Enhanced data security through uniqueness checking
US10979403B1 (en) Cryptographic configuration enforcement
CN112507328B (en) File signature method, computing device and storage medium
KR20150036104A (en) Method, client, server and system of login verification
US10158490B2 (en) Double authentication system for electronically signed documents
CN115550060B (en) Trusted certificate verification method, device, equipment and medium based on block chain
CN115460019A (en) Method, apparatus, device and medium for providing digital identity-based target application
CN113221133A (en) Data transmission method and device
US7853793B2 (en) Trusted signature with key access permissions
CN116579026A (en) Cloud data integrity auditing method, device, equipment and storage medium
CN116244756A (en) Method and device for verifying browser plug-in and computing equipment
US11424939B1 (en) Privacy preserving attestation
US11722464B2 (en) Symmetric account authentication
Lewison et al. Rich credentials for remote identity proofing
CN117454437B (en) Transaction processing method, storage medium and electronic device
JP2002006739A (en) Authentication information generating device and data verifying device
CN116975937B (en) Anonymous attestation method and anonymous verification method
CN115664861B (en) Identity information verification method and device based on block chain, equipment and medium
CN117061127A (en) Digital signature generation method and system, device, electronic equipment and storage medium
JP6398308B2 (en) Information processing system, information processing method, and program
CN115987525A (en) Method and device for adding authorized signature data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant