CN117527268B - Multi-party digital certificate verification method and system based on blockchain - Google Patents
Multi-party digital certificate verification method and system based on blockchain Download PDFInfo
- Publication number
- CN117527268B CN117527268B CN202410025263.1A CN202410025263A CN117527268B CN 117527268 B CN117527268 B CN 117527268B CN 202410025263 A CN202410025263 A CN 202410025263A CN 117527268 B CN117527268 B CN 117527268B
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- license
- validity
- blockchain
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims abstract description 73
- 238000000034 method Methods 0.000 title claims abstract description 63
- 230000007246 mechanism Effects 0.000 claims abstract description 10
- 238000004891 communication Methods 0.000 claims description 22
- 238000004590 computer program Methods 0.000 claims description 10
- 230000004044 response Effects 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 7
- 230000008901 benefit Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 4
- 239000002699 waste material Substances 0.000 description 4
- 241001674048 Phthiraptera Species 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000005215 recombination Methods 0.000 description 1
- 230000006798 recombination Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention discloses a multi-party digital certificate verification method and system based on a blockchain, wherein the method comprises the following steps: the user generates a digital certificate application, the digital certificate application is sent to an authority mechanism related to the blockchain, and after the authority mechanism receives the digital certificate application, the authority mechanism judges whether the digital certificate application content contains a digital certificate or not; if the digital certificate application does not contain the digital certificate, the authority issues the digital certificate and sends the digital certificate to the user so that the user deploys the blockchain node based on the digital certificate; if the digital certificate application contains a digital certificate, the authority issues a LICENSE LICENSE and sends the LICENSE to the user, and the user deploys the blockchain node based on the contained digital certificate and the LICENSE.
Description
Technical Field
The present disclosure relates to blockchain technologies, and in particular, to a blockchain-based multiparty digital certificate verification method and system, and an electronic device and storage medium.
Background
Digital certificates are generally regarded as standards with absolute trust and authority. However, the absolute trustworthiness of digital certificates presents a potential security risk. To meet the demand that digital certificates are not counterfeitable and difficult to tamper with data, blockchains are widely regarded as an effective solution. By combining digital certificates with blockchain technology, greater security and trust may be provided. Among the major advantages of blockchain technology is its distributed and de-centralized nature, which makes the data on the blockchain highly transparent and tamper-resistant, thus providing a reliable basis for the authentication of digital certificates. However, although the blockchain technology can meet the requirements of the digital certificate in some aspects, some challenges still exist in the aspects of identity authentication, node binding and the like, namely, the digital certificate only can use the digital certificate specified by the blockchain due to some special attributes, such as the binding node address, the hardware information of the binding server and the like, and other applied digital certificates cannot be used, so that more time cost and operation and maintenance cost are required, and resource waste is also caused.
In the prior art, blockchains use specified digital certificates: if the blockchain is to be applied, the specified digital certificate needs to be applied at the same time. The method has the advantages that the blockchain and the corresponding digital certificate are managed conveniently and better; blockchain uses zero knowledge proof instead of digital certificates: the zero knowledge proof is used for solving the problem of identity authentication, and the decentralization mode is adopted for guaranteeing the potential safety hazard of the identity information.
The blockchain then uses the specified digital certificate: if the applied digital certificate exists, the appointed digital certificate is applied again, so that the time cost and the operation and maintenance cost are increased, and the resource waste is also caused; blockchain uses zero knowledge proof instead of digital certificates: although the problem of identity authentication can be solved, the technology can only work after the blockchain is operated, and some limitations are required to be limited before the blockchain is operated, and the function cannot be met; in addition, the supervision is inconvenient.
Accordingly, there is a need for one or more approaches to address the above-described problems.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
It is an object of the present disclosure to provide a blockchain-based multiparty digital certificate verification method and system, and an electronic device and storage medium, which overcome, at least in part, one or more of the problems due to the limitations and disadvantages of the related art.
According to one aspect of the present disclosure, there is provided a blockchain-based multiparty digital certificate verification method, comprising:
the user generates a digital certificate application, the digital certificate application is sent to an authority mechanism related to a blockchain, and after the authority mechanism receives the digital certificate application, the authority mechanism judges whether the digital certificate application content contains a digital certificate or not;
if the digital certificate application does not contain the digital certificate, the authority issues the digital certificate and sends the digital certificate to the user so that the user deploys the blockchain node based on the digital certificate;
the method comprises the steps that a blockchain node is deployed based on a digital certificate, when P2P communication is connected, the validity of the digital certificate is verified through the node, and whether P2P is connected is judged according to a verification result of the validity of the digital certificate;
if the digital certificate application contains a digital certificate, the authority issues a LICENSE LICENSE and sends the LICENSE LICENSE to the user, and the user deploys the blockchain node based on the contained digital certificate and the LICENSE;
and respectively verifying the validity of the contained digital certificate and the validity of the LICENSE when the P2P is in communication connection according to the LICENSE and the blockchain node deployed by the contained digital certificate, and judging whether the P2P is connected or not according to the verification results of the validity of the contained digital certificate and the validity of the LICENSE.
In an exemplary embodiment of the present disclosure, the method further comprises:
the user generates a digital certificate application based on a preset format;
the signed certificate data is sent by mail to an authority associated with the blockchain:
after receiving the digital certificate application, the authority determines whether to issue the digital certificate or issue the LICENSE according to whether the digital certificate application content contains the digital certificate.
In an exemplary embodiment of the present disclosure, the method further comprises:
after receiving the application, the authority judges whether the digital certificate application contains a digital certificate or not;
if the digital certificate application does not contain the digital certificate, the authority issues the digital certificate and sends the digital certificate to the user through a mail.
In an exemplary embodiment of the present disclosure, verifying, by a node, the validity of the digital certificate further comprises:
verifying whether a sequence number of the digital certificate is used by other nodes in a blockchain;
verifying whether the digital certificate expires;
and verifying whether the node address bound in the digital certificate is consistent with the connected node address.
In an exemplary embodiment of the present disclosure, the method further comprises:
after receiving the application, the authority judges whether the digital certificate application contains a digital certificate or not;
if the digital certificate application contains a digital certificate, verifying the digital signature of the digital certificate;
if the digital signature of the digital certificate passes verification, issuing a LICENSE, and sending the LICENSE to a user through mail.
In an exemplary embodiment of the present disclosure, verifying the validity of the LICENSE further comprises:
verifying whether a sequence number of the LICENSE is used by other nodes in a blockchain;
verifying whether the serial number of the digital certificate in the LICENSE is consistent with the serial number of the digital certificate;
verifying whether the LICENSE is expired;
and verifying whether the node address bound in the LICENSE is consistent with the node address connected.
In an exemplary embodiment of the present disclosure, determining whether P2P is connected in response to a result of verifying the validity of the contained digital certificate, the validity, further includes:
if the verification results of the validity of the contained digital certificate and the validity are successful, the P2P connection is successful;
if the verification result of the validity of the digital certificate or the validity is verification failure, the P2P connection fails.
In one aspect of the present disclosure, there is provided a blockchain-based multiparty digital certificate verification system, comprising:
the digital certificate judging module is used for generating a digital certificate application by a user, sending the digital certificate application to an authority related to a blockchain, and judging whether the digital certificate is contained in the digital certificate application content or not after the authority receives the digital certificate application;
the digital certificate issuing module is used for issuing a digital certificate by an authority if the digital certificate application does not contain the digital certificate, and sending the digital certificate to a user so that the user deploys a blockchain node based on the digital certificate;
the digital certificate verification module is used for deploying blockchain nodes based on the digital certificates, verifying the validity of the digital certificates through the nodes when the P2P communication is connected, and judging whether the P2P is connected or not according to the verification result of the validity of the digital certificates;
the system comprises a LICENSE issuing module, a block chain node, a digital certificate issuing module and a block chain node, wherein the LICENSE issuing module is used for issuing a LICENSE LICENSE if the digital certificate application contains the digital certificate, and sending the LICENSE to a user, and the user deploys the block chain node based on the contained digital certificate and the LICENSE;
and the LICENSE verification module is used for respectively verifying the validity of the contained digital certificate and the validity of the LICENSE when the P2P is in communication connection according to the LICENSE and the blockchain node deployed by the contained digital certificate, and judging whether the P2P is connected or not according to the verification results of the validity of the contained digital certificate and the validity of the LICENSE.
In one aspect of the present disclosure, there is provided an electronic device comprising:
a processor; and
a memory having stored thereon computer readable instructions which, when executed by the processor, implement a method according to any of the above.
In one aspect of the present disclosure, a computer readable storage medium is provided, on which a computer program is stored, which when executed by a processor, implements a method according to any of the above.
Based on the embodiment of the disclosure, a user generates a digital certificate application, the digital certificate application is sent to an authority related to a blockchain, and after the authority receives the digital certificate application, the authority judges whether the digital certificate application content contains a digital certificate or not; if the digital certificate application does not contain the digital certificate, the authority issues the digital certificate and sends the digital certificate to the user so that the user deploys the blockchain node based on the digital certificate; if the digital certificate application contains a digital certificate, the authority issues a LICENSE, and sends the LICENSE to the user, and the user deploys the blockchain node based on the contained digital certificate and the LICENSE. The embodiment of the disclosure realizes the rapid verification of the digital certificate and the LICENSE, does not need to apply for the digital certificate for multiple times, reduces the time cost and the operation and maintenance cost, and reduces the waste of resources.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
The technical scheme of the present disclosure is described in further detail below through the accompanying drawings and examples.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The disclosure may be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings in which:
FIG. 1 is a flow diagram of a blockchain-based multi-party digital certificate verification method in accordance with an embodiment of the disclosed method;
FIG. 2 is a decision logic flow diagram of a blockchain-based multi-party digital certificate verification method in accordance with an embodiment of the disclosed method;
FIG. 3 is a block diagram of a multi-party digital certificate verification system based on a blockchain in accordance with an embodiment of the disclosed method;
fig. 4 is a block diagram of an electronic device of one embodiment of the disclosed method.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the disclosed aspects may be practiced without one or more of the specific details, or with other methods, components, materials, devices, steps, etc. In other instances, well-known structures, methods, devices, implementations, materials, or operations are not shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, these functional entities may be implemented in software, or in one or more software-hardened modules, or in different networks and/or processor devices and/or microcontroller devices.
Fig. 1 is a flow chart of a blockchain-based multi-party digital certificate verification method in accordance with an embodiment of the disclosed method. Referring to fig. 1, the blockchain-based multiparty digital certificate verification method may include the steps of:
step S110, a user generates a digital certificate application, the digital certificate application is sent to an authority related to a blockchain, and after the authority receives the digital certificate application, the authority judges whether the digital certificate application content contains a digital certificate or not;
step S120, if the digital certificate application does not contain a digital certificate, an authority issues the digital certificate and sends the digital certificate to a user so that the user deploys a blockchain node based on the digital certificate;
step S130, a blockchain node is deployed based on a digital certificate, when P2P communication is connected, the validity of the digital certificate is verified through the node, and whether P2P is connected is judged according to a verification result of the validity of the digital certificate;
step S140, if the digital certificate application contains a digital certificate, the authority issues a LICENSE LICENSE and sends the LICENSE LICENSE to the user, and the user deploys the blockchain node based on the contained digital certificate and the LICENSE;
step S150, according to the LICENSE and the block chain node deployed by the contained digital certificate, respectively verifying the validity of the contained digital certificate and the validity of the LICENSE when the P2P is in communication connection, and judging whether the P2P is connected or not according to the verification results of the validity of the contained digital certificate and the validity of the LICENSE.
Based on the embodiment of the disclosure, a user generates a digital certificate application, the digital certificate application is sent to an authority related to a blockchain, and after the authority receives the digital certificate application, the authority judges whether the digital certificate application content contains a digital certificate or not; if the digital certificate application does not contain the digital certificate, the authority issues the digital certificate and sends the digital certificate to the user so that the user deploys the blockchain node based on the digital certificate; if the digital certificate application contains a digital certificate, the authority issues a LICENSE, and sends the LICENSE to the user, and the user deploys the blockchain node based on the contained digital certificate and the LICENSE. The embodiment of the disclosure realizes the rapid verification of the digital certificate and the LICENSE, does not need to apply for the digital certificate for multiple times, reduces the time cost and the operation and maintenance cost, and reduces the waste of resources.
Next, referring to fig. 2, a decision logic flow diagram of a multi-party digital certificate verification method based on a blockchain is shown, and a further description is given of the multi-party digital certificate verification method based on a blockchain in an embodiment of the disclosure with reference to fig. 2.
Embodiment one:
in step S110, a user may generate a digital certificate application, send the digital certificate application to an authority related to a blockchain, and after the authority receives the digital certificate application, determine whether the digital certificate is included in the content of the digital certificate application.
In some optional embodiments of the present example, the method further comprises:
the user generates a digital certificate application based on a preset format;
the signed certificate data is sent by mail to an authority associated with the blockchain:
after receiving the digital certificate application, the authority determines whether to issue the digital certificate or issue the LICENSE according to whether the digital certificate application content contains the digital certificate.
In step S120, if the digital certificate application does not include a digital certificate, the authority issues a digital certificate, and sends the digital certificate to the user, so that the user deploys the blockchain node based on the digital certificate.
In some optional embodiments of the present example, the method further comprises:
after receiving the application, the authority judges whether the digital certificate application contains a digital certificate or not;
if the digital certificate application does not contain the digital certificate, the authority issues the digital certificate and sends the digital certificate to the user through a mail.
In step S130, a blockchain node may be deployed based on the digital certificate, and when the P2P is connected in communication, the validity of the digital certificate is verified by the node, and whether the P2P is connected is determined in response to the verification result of the validity of the digital certificate.
In some optional embodiments of the present example, further comprising:
verifying whether a sequence number of the digital certificate is used by other nodes in a blockchain;
verifying whether the digital certificate expires;
and verifying whether the node address bound in the digital certificate is consistent with the connected node address.
In step S140, if the digital certificate application includes a digital certificate, the authority issues a LICENSE, and sends the LICENSE to the user, and the user deploys the blockchain node based on the included digital certificate and the LICENSE.
In some optional embodiments of the present example, the method further comprises:
after receiving the application, the authority judges whether the digital certificate application contains a digital certificate or not;
if the digital certificate application contains a digital certificate, verifying the digital signature of the digital certificate;
if the digital signature of the digital certificate passes verification, issuing a LICENSE, and sending the LICENSE to a user through mail.
In step S150, the validity of the included digital certificate and the validity of the LICENSE may be verified according to the LICENSE and the blockchain node deployed by the included digital certificate, respectively, when the P2P is connected in communication, and whether the P2P is connected is determined according to the verification results of the validity of the included digital certificate and the validity of the LICENSE. Verifying the validity of the LICENSE further comprises:
verifying whether a sequence number of the LICENSE is used by other nodes in a blockchain;
verifying whether the serial number of the digital certificate in the LICENSE is consistent with the serial number of the digital certificate;
verifying whether the LICENSE is expired;
and verifying whether the node address bound in the LICENSE is consistent with the node address connected.
In some optional embodiments of the present example, determining whether the P2P is connected in response to a result of verifying the validity of the contained digital certificate, the validity further comprises:
if the verification results of the validity of the contained digital certificate and the validity are successful, the P2P connection is successful;
if the verification result of the validity of the digital certificate or the validity is verification failure, the P2P connection fails.
In some optional embodiments of the present example, the blockchain-based multiparty digital certificate verification method of the present invention solves the problems of blockchain identity authentication, node binding, etc., and effectively promotes the fusion of blockchain technology and multiparty digital certificates, thereby improving overall flexibility and high scalability, and promoting the wide application of digital certificates and blockchain technology in various industries.
Embodiment two:
in some alternative embodiments of the present example, the present invention is two processing methods of issuing digital certificates with blockchain information by a third party blockchain information-free digital certificate issuing authority that the user already exists and by a related authority specified by the blockchain, wherein the blockchain information comprises node addresses, server hardware information, and the like. Because of the necessity of such blockchain information, such information is verified during the digital certificate verification phase to ensure the validity and reliability of the digital certificate for the current blockchain. Thus there are two main flows: a digital certificate issuing process and a P2P communication digital certificate verifying process.
In some optional embodiments of this example, the issuing process of the blockchain compatible multiparty digital certificate provided by the present invention includes a process of issuing a digital certificate and a process of verifying the digital certificate during P2P communication, where the issuing and verification of the digital certificate respectively processes the two cases that the user has a third party digital certificate and does not have a digital certificate.
In some alternative embodiments of the present example, the system defines the symbolic expressions and terms as follows:
< >: an object representing a plurality of attributes;
: representing a signature of a message, whichSubscript c represents Client, < ->Indicating that n nodes are message signatures;
: representation pair->Go->Manipulation of functions, e.g.)>Representing a Hash operation on the transaction.
Step S110, the user applies for the digital certificate, the application is sent to a CA authority related to the blockchain, and after the authority receives the application, whether to issue the digital certificate or issue LICENSE is judged according to whether the application content and the related files contain the digital certificate or not.
Step S110, described in detail below, is that a user applies for a digital certificate, sends the application to a CA authority related to a blockchain, and after the authority receives the application, determines whether to issue the digital certificate or issue a LICENSE according to whether the application content and the related file contain the digital certificate, including the following steps:
step S111, before deploying the blockchain node, a user needs to apply for a digital certificate; we define certificatesThe REQUEST is a user REQUEST for content, which is as follows;
a) Content: applying for content;
b) files: a file list;
c) signedData: signature data, if no digital certificate exists, no signature data exists;
step S112, the signed certificate data is sent to the CA authority related to the blockchain through mail:
a) The CA authority did not previously receive the user's request;
b) Judging that all parameters of the certificate are legal;
c) Certificate signature is correct;
in step S113, after receiving the application data, the CA authority determines whether to issue a digital certificate or issue a LICENSE according to the application content and the related files.
Step S120, if the application does not contain the digital certificate, the authority issues the digital certificate, and sends the digital certificate to the user, and the user deploys the blockchain node by using the digital certificate.
Step S120 is described in detail below, and if the application does not include a digital certificate, the authority issues the digital certificate and sends the digital certificate to the user, and the user uses the digital certificate to deploy the blockchain node, including the following steps:
step S121, after the CA authority receives the application, the processing is as follows:
a) files do not contain digital certificates;
step S122, if the application does not contain the digital certificate, the authority issues the digital certificate and sends the digital certificate to the applicant through mail;
in step S130, according to the blockchain node deployed by the digital certificate, the peer node verifies the validity of the digital certificate when the P2P communication is connected. If the digital certificate is valid, the P2P connection is successful; if the digital certificate is invalid, the P2P connection is disconnected.
Step S130 is described in detail below, where the opposite node verifies the validity of its digital certificate when the P2P communication is connected according to the blockchain node where the digital certificate is deployed. If the digital certificate is valid, the P2P connection is successful; if the digital certificate is invalid, the P2P connection is disconnected, and the method comprises the following steps:
step S131, according to the blockchain node deployed by the digital certificate, when the P2P communication is connected, the opposite node verifies the validity of the digital certificate and judges whether the digital certificate meets the following conditions:
a) The serial number of the digital certificate is not used by other nodes in the blockchain;
b) The digital certificate is not expired;
c) The node address bound in the digital certificate is consistent with the node address connected with the digital certificate;
step S132, if the digital certificate validity verification is successful, the P2P connection is successful;
in step S133, if the digital certificate validity verification fails, the P2P connection is disconnected.
In step S140, if the application contains a digital certificate, the authority issues a LICENSE and sends the LICENSE to the user, who deploys the blockchain node with the existing digital certificate and LICENSE.
Step S140 is described in detail below, and if the application includes a digital certificate, the authority issues a LICENSE and sends the LICENSE to the user, and the user deploys the blockchain node with the existing digital certificate and LICENSE, including the steps of:
in step S141, after the CA authority receives the application, the processing is as follows:
a) files contain digital certificates;
b) And verifying the validity of signedData.
Step S142, if the application contains a digital certificate, the authority issues a LICENSE and sends the LICENSE to the applicant through a mail;
in step S150, according to the lice and the blockchain node deployed by the existing digital certificate, the validity of the existing digital certificate is verified when the P2P communication is connected. If the P2P connection is valid, the P2P connection is successful; if one of them is invalid, the P2P connection is broken.
Step S150 is described in detail below, and verifies the validity of the existing digital certificate as well as the validity of the existing digital certificate when the P2P communication connection is performed according to the lice and the blockchain node deployed by the existing digital certificate. If the P2P connection is valid, the P2P connection is successful; if one of them is invalid, the P2P connection is disconnected, comprising the steps of:
step S151, according to the LICENSE and the existing block chain nodes deployed by the digital certificate, when P2P communication connection is performed, verifying the validity of the digital certificate, and judging whether the digital certificate meets the following conditions:
a) The serial number of the digital certificate is not used by other nodes in the blockchain;
b) The digital certificate is not expired;
step S152, then verifies the validity of the LICENSE, and determines whether the LICENSE meets the following conditions:
a) The sequence number of the LICENSE is not used by other nodes in the blockchain;
b) The serial number of the digital certificate in the LICENSE is consistent with the serial number of the digital certificate;
c) LICENSE is not expired;
d) The node address bound in LICENSE is consistent with the node address connected;
in step S153, if the digital certificate and the certificate are successfully validated, the P2P connection is successful.
In step S154, if the digital certificate or the certificate fails to verify the validity, the P2P connection is disconnected.
It should be noted that although the steps of the methods of the present disclosure are illustrated in the accompanying drawings in a particular order, this does not require or imply that the steps must be performed in that particular order or that all of the illustrated steps be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.
Furthermore, in the present example embodiment, a blockchain-based multiparty digital certificate verification system is also provided. Fig. 3 is a block diagram of a multi-party digital certificate verification system based on a blockchain in accordance with an embodiment of the disclosed method. Referring to fig. 3, the blockchain-based multi-party digital certificate verification system 200 may include: digital certificate determination module 210, digital certificate issue module 220, digital certificate verification module 230, LICENSE issue module 240, and LICENSE verification module 250. Wherein:
the digital certificate judging module 210 is configured to generate a digital certificate application by a user, send the digital certificate application to an authority related to a blockchain, and judge whether the digital certificate is included in the digital certificate application content after the authority receives the digital certificate application;
the digital certificate issuing module 220 is configured to issue a digital certificate by an authority if the digital certificate application does not include the digital certificate, and send the digital certificate to a user, so that the user deploys a blockchain node based on the digital certificate;
the digital certificate verification module 230 is configured to deploy blockchain nodes based on digital certificates, verify the validity of the digital certificates by the nodes when the P2P is in communication connection, and determine whether the P2P is connected in response to a verification result of the validity of the digital certificates;
the LICENSE issuing module 240 is configured to issue a LICENSE if the digital certificate application includes a digital certificate, and send the LICENSE to a user, and the user deploys a blockchain node based on the digital certificate and the LICENSE;
the LICENSE verification module 250 is configured to verify the validity of the included digital certificate and the validity of the LICENSE when the P2P is connected according to the LICENSE and the blockchain node deployed by the included digital certificate, and determine whether the P2P is connected according to the verification result of the validity of the included digital certificate and the validity of the LICENSE.
The multi-party digital certificate verification system based on the blockchain in the embodiment of the present disclosure corresponds to the embodiment of the multi-party digital certificate verification method based on the blockchain in the present disclosure, and the related contents may be referred to each other and are not described herein. The corresponding advantageous technical effects of the blockchain-based multi-party digital certificate verification system according to the embodiments of the present disclosure may be referred to the corresponding advantageous technical effects of the corresponding exemplary method section described above, and will not be described herein.
It should be noted that although several modules or units of the blockchain-based multi-party digital certificate verification system 200 are mentioned in the detailed description above, such partitioning is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Next, an electronic device according to an embodiment of the present disclosure is described with reference to fig. 4. The electronic device may be either or both of the first device and the second device, or a stand-alone device independent thereof, which may communicate with the first device and the second device to receive the acquired input signals therefrom.
Fig. 4 illustrates a block diagram of an electronic device according to an embodiment of the disclosure.
As shown in fig. 4, the electronic device includes one or more processors and memory.
The processor may be a Central Processing Unit (CPU) or other form of processing unit having data processing and/or instruction execution capabilities, and may control other components in the electronic device to perform the desired functions.
The memory may store one or more computer program products, which may include various forms of computer-readable storage media, such as volatile memory and/or nonvolatile memory. The volatile memory may include, for example, random Access Memory (RAM) and/or cache memory (cache), and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like. One or more computer program products may be stored on the computer readable storage medium that can be run by a processor to implement the various embodiments methods of the present disclosure and/or other desired functions as described above.
In one example, the electronic device may further include: input devices and output devices, which are interconnected by a bus system and/or other forms of connection mechanisms (not shown).
In addition, the input device may include, for example, a keyboard, a mouse, and the like.
The output device may output various information including the determined distance information, direction information, etc., to the outside. The output device may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, etc.
Of course, only some of the components of the electronic device relevant to the present disclosure are shown in fig. 4 for simplicity, components such as buses, input/output interfaces, etc. being omitted. In addition, the electronic device may include any other suitable components depending on the particular application.
In addition to the methods and apparatus described above, embodiments of the present disclosure may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform steps in a method according to various embodiments of the present disclosure described in the above section of the specification.
The computer program product may write program code for performing the operations of embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium, having stored thereon computer program instructions, which when executed by a processor, cause the processor to perform steps in a method according to various embodiments of the present disclosure described in the above section of the present disclosure.
The computer readable storage medium may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The basic principles of the present disclosure have been described above in connection with specific embodiments, however, it should be noted that the advantages, benefits, effects, etc. mentioned in the present disclosure are merely examples and not limiting, and these advantages, benefits, effects, etc. are not to be considered as necessarily possessed by the various embodiments of the present disclosure. Furthermore, the specific details disclosed herein are for purposes of illustration and understanding only, and are not intended to be limiting, since the disclosure is not necessarily limited to practice with the specific details described.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different manner from other embodiments, so that the same or similar parts between the embodiments are mutually referred to. For system embodiments, the description is relatively simple as it essentially corresponds to method embodiments, and reference should be made to the description of method embodiments for relevant points.
The block diagrams of the devices, apparatuses, devices, systems referred to in this disclosure are merely illustrative examples and are not intended to require or imply that the connections, arrangements, configurations must be made in the manner shown in the block diagrams. As will be appreciated by one of skill in the art, the devices, apparatuses, devices, systems may be connected, arranged, configured in any manner. Words such as "including," "comprising," "having," and the like are words of openness and mean "including but not limited to," and are used interchangeably therewith. The terms "or" and "as used herein refer to and are used interchangeably with the term" and/or "unless the context clearly indicates otherwise. The term "such as" as used herein refers to, and is used interchangeably with, the phrase "such as, but not limited to.
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, firmware. The above-described sequence of steps for the method is for illustration only, and the steps of the method of the present disclosure are not limited to the sequence specifically described above unless specifically stated otherwise. Furthermore, in some embodiments, the present disclosure may also be implemented as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the apparatus, devices and methods of the present disclosure, components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered equivalent to the present disclosure.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, this description is not intended to limit the embodiments of the disclosure to the form disclosed herein. Although a number of example aspects and embodiments have been discussed above, a person of ordinary skill in the art will recognize certain variations, modifications, alterations, additions, and subcombinations thereof.
Claims (8)
1. A blockchain-based multi-party digital certificate verification method, comprising:
the user generates a digital certificate application, the digital certificate application is sent to an authority mechanism related to a blockchain, and after the authority mechanism receives the digital certificate application, the authority mechanism judges whether the digital certificate application content contains a digital certificate or not;
if the digital certificate application does not contain the digital certificate, the authority issues the digital certificate and sends the digital certificate to the user so that the user deploys the blockchain node based on the digital certificate;
the method comprises the steps that a blockchain node is deployed based on a digital certificate, when P2P communication is connected, the validity of the digital certificate is verified through the node, and whether P2P is connected is judged according to a verification result of the validity of the digital certificate;
if the digital certificate application contains a digital certificate, the authority issues a LICENSE LICENSE and sends the LICENSE LICENSE to the user, and the user deploys the blockchain node based on the contained digital certificate and the LICENSE;
according to the LICENSE and the block chain node of the digital certificate deployment, respectively verifying the validity of the digital certificate and the LICENSE when the P2P is in communication connection, and judging whether the P2P is connected or not according to the verification results of the validity of the digital certificate and the LICENSE;
verifying the validity of the LICENSE further comprises:
verifying whether a sequence number of the LICENSE is used by other nodes in a blockchain;
verifying whether the serial number of the digital certificate in the LICENSE is consistent with the serial number of the digital certificate;
verifying whether the LICENSE is expired;
verifying whether the node address bound in the LICENSE is consistent with the connected node address;
determining whether P2P is connected in response to the verification result of the validity of the included digital certificate and the validity, further comprising:
if the verification results of the validity of the contained digital certificate and the validity are successful, the P2P connection is successful;
if the verification result of the validity of the digital certificate or the validity is verification failure, the P2P connection fails.
2. The blockchain-based multi-party digital certificate verification method of claim 1, further comprising:
the user generates a digital certificate application based on a preset format;
the signed certificate data is sent by mail to an authority associated with the blockchain:
after receiving the digital certificate application, the authority determines whether to issue the digital certificate or issue the LICENSE according to whether the digital certificate application content contains the digital certificate.
3. The blockchain-based multi-party digital certificate verification method of claim 1, further comprising:
after receiving the application, the authority judges whether the digital certificate application contains a digital certificate or not;
if the digital certificate application does not contain the digital certificate, the authority issues the digital certificate and sends the digital certificate to the user through a mail.
4. The blockchain-based multiparty digital certificate verification method according to claim 1, wherein verifying the validity of the digital certificate by a node further comprises:
verifying whether a sequence number of the digital certificate is used by other nodes in a blockchain;
verifying whether the digital certificate expires;
and verifying whether the node address bound in the digital certificate is consistent with the connected node address.
5. The blockchain-based multi-party digital certificate verification method of claim 1, further comprising:
after receiving the application, the authority judges whether the digital certificate application contains a digital certificate or not;
if the digital certificate application contains a digital certificate, verifying the digital signature of the digital certificate;
if the digital signature of the digital certificate passes verification, issuing a LICENSE, and sending the LICENSE to a user through mail.
6. A blockchain-based multi-party digital certificate verification system, comprising:
the digital certificate judging module is used for generating a digital certificate application by a user, sending the digital certificate application to an authority related to a blockchain, and judging whether the digital certificate is contained in the digital certificate application content or not after the authority receives the digital certificate application;
the digital certificate issuing module is used for issuing a digital certificate by an authority if the digital certificate application does not contain the digital certificate, and sending the digital certificate to a user so that the user deploys a blockchain node based on the digital certificate;
the digital certificate verification module is used for deploying blockchain nodes based on the digital certificates, verifying the validity of the digital certificates through the nodes when the P2P communication is connected, and judging whether the P2P is connected or not according to the verification result of the validity of the digital certificates;
the system comprises a LICENSE issuing module, a block chain node, a digital certificate issuing module and a block chain node, wherein the LICENSE issuing module is used for issuing a LICENSE LICENSE if the digital certificate application contains the digital certificate, and sending the LICENSE to a user, and the user deploys the block chain node based on the contained digital certificate and the LICENSE;
the LICENSE verification module is used for verifying the validity of the contained digital certificate and the validity of the LICENSE respectively when the P2P communication connection is carried out according to the LICENSE and the block chain node deployed by the contained digital certificate, and judging whether the P2P is connected or not according to the verification results of the validity of the contained digital certificate and the validity of the LICENSE;
verifying the validity of the LICENSE further comprises:
verifying whether a sequence number of the LICENSE is used by other nodes in a blockchain;
verifying whether the serial number of the digital certificate in the LICENSE is consistent with the serial number of the digital certificate;
verifying whether the LICENSE is expired;
verifying whether the node address bound in the LICENSE is consistent with the connected node address;
determining whether P2P is connected in response to the verification result of the validity of the included digital certificate and the validity, further comprising:
if the verification results of the validity of the contained digital certificate and the validity are successful, the P2P connection is successful;
if the verification result of the validity of the digital certificate or the validity is verification failure, the P2P connection fails.
7. An electronic device, comprising:
a memory for storing a computer program product;
a processor for executing a computer program product stored in the memory, which, when executed, implements the method according to any of claims 1-5.
8. A computer readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410025263.1A CN117527268B (en) | 2024-01-08 | 2024-01-08 | Multi-party digital certificate verification method and system based on blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410025263.1A CN117527268B (en) | 2024-01-08 | 2024-01-08 | Multi-party digital certificate verification method and system based on blockchain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117527268A CN117527268A (en) | 2024-02-06 |
| CN117527268B true CN117527268B (en) | 2024-03-22 |
Family
ID=89749877
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410025263.1A Active CN117527268B (en) | 2024-01-08 | 2024-01-08 | Multi-party digital certificate verification method and system based on blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117527268B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10404477B1 (en) * | 2016-02-25 | 2019-09-03 | Amazon Technologies, Inc. | Synchronization of personal digital certificates |
| CN111092724A (en) * | 2019-12-25 | 2020-05-01 | 杭州溪塔科技有限公司 | Block chain system digital certificate issuing method, equipment, system and medium |
| CN111478769A (en) * | 2020-03-18 | 2020-07-31 | 西安电子科技大学 | Distributed credible identity authentication method, system, storage medium and terminal |
| CN112332980A (en) * | 2020-11-13 | 2021-02-05 | 浙江数秦科技有限公司 | Digital certificate signing and verifying method, equipment and storage medium |
| CN114238914A (en) * | 2021-11-22 | 2022-03-25 | 广东电网有限责任公司 | Digital certificate application system, method, device, computer equipment and storage medium |
| CN114422198A (en) * | 2021-12-23 | 2022-04-29 | 中国电信股份有限公司 | Digital certificate processing method and device, electronic equipment and readable storage medium |
-
2024
- 2024-01-08 CN CN202410025263.1A patent/CN117527268B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10404477B1 (en) * | 2016-02-25 | 2019-09-03 | Amazon Technologies, Inc. | Synchronization of personal digital certificates |
| CN111092724A (en) * | 2019-12-25 | 2020-05-01 | 杭州溪塔科技有限公司 | Block chain system digital certificate issuing method, equipment, system and medium |
| CN111478769A (en) * | 2020-03-18 | 2020-07-31 | 西安电子科技大学 | Distributed credible identity authentication method, system, storage medium and terminal |
| CN112332980A (en) * | 2020-11-13 | 2021-02-05 | 浙江数秦科技有限公司 | Digital certificate signing and verifying method, equipment and storage medium |
| CN114238914A (en) * | 2021-11-22 | 2022-03-25 | 广东电网有限责任公司 | Digital certificate application system, method, device, computer equipment and storage medium |
| CN114422198A (en) * | 2021-12-23 | 2022-04-29 | 中国电信股份有限公司 | Digital certificate processing method and device, electronic equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117527268A (en) | 2024-02-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106534160B (en) | Identity authentication method and system based on block chain | |
| US10891383B2 (en) | Validating computer resource usage | |
| US9363258B2 (en) | Secure digital signature system | |
| CN110177124B (en) | Identity authentication method based on block chain and related equipment | |
| US20120324229A1 (en) | System and method for generating keyless digital multi-signatures | |
| US10796001B2 (en) | Software verification method and apparatus | |
| US9652599B2 (en) | Restricted code signing | |
| US20080301793A1 (en) | Apparatus and method of verifying online certificate for offline device | |
| CN115361233B (en) | Block chain-based electronic document signing method, device, equipment and medium | |
| CN115460019B (en) | Method, apparatus, device and medium for providing digital identity-based target application | |
| US20200034129A1 (en) | Computer implemented system and method for encoding configuration information in a filename | |
| CN112597485A (en) | Information checking method, device and equipment based on block chain and storage medium | |
| CN115802350A (en) | Certificate revocation status verification system, method, and storage medium | |
| CN112131041A (en) | Method, apparatus and computer program product for managing data placement | |
| CN117527268B (en) | Multi-party digital certificate verification method and system based on blockchain | |
| CN116506134B (en) | Digital certificate management method, device, equipment, system and readable storage medium | |
| CN116707758A (en) | Authentication method, equipment and server of trusted computing equipment | |
| CN112199096A (en) | Intelligent contract deployment detection method and device, node equipment and storage medium | |
| CN115982247B (en) | Block chain-based account information query method and device, equipment and medium | |
| CN116991948A (en) | Block data synchronization system and method, electronic device and storage medium | |
| JP2017187963A (en) | Electronic apparatus and system | |
| CN113904873B (en) | Authentication method, authentication device, computing equipment and storage medium | |
| CN115495770A (en) | Block chain based overdue contract processing method and device, equipment and medium | |
| CN110351090B (en) | Group signature digital certificate revoking method and device, storage medium and electronic equipment | |
| CN115345760B (en) | Multi-party signing method and device based on block chain, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |