RU2718480C2 - Method and system for authorizing website in web browser - Google Patents

Abstract

FIELD: physics.SUBSTANCE: invention relates to web technologies. Computer-implemented method of validating access to a website in a web browser includes recording a blockchain record associated with the website and containing website and domain credentials in the chain of a gambling chain, as well as recording a transaction associated with a blockchain record in the chain of a gay chain, a transaction containing a blockchain token with a score, is associated with the website, receiving a request from the web browser to check the website based on the web browser request for access request validation to a website, verification includes checking availability of a blockchain record and checking the current indicator of the block-token, depending on the nature of the change in the current indicator of the block-token, validating or not validating the current request.EFFECT: technical result consists in controlling access to a website.26 cl, 3 dwg

Description

FIELD OF THE INVENTION

[0001] This technical solution relates to web technologies, and more specifically to technologies for issuing website certificates and validating certificates in a web browser when a user visits websites.

State of the art

[0002] Currently, SSL (Secure Sockets Layer) certificates are common for verification of websites (on the Internet). SSL protocol is implemented at the application level, directly over TCP (Transmission Control Protocol), which allows higher-level protocols (such as HTTP / HTTPS or email protocol) to work without changes. If SSL is configured correctly, then a third-party observer can only find out the connection parameters (for example, the type of encryption used), as well as the transmission frequency and the approximate amount of data, but cannot read and change them. TLS (transport layer security protocol), as well as its predecessor SSL (secure sockets layer), are cryptographic protocols that provide secure data transfer between nodes on the Internet. TLS and SSL use asymmetric encryption for authentication, symmetric encryption for privacy, and message authentication codes to maintain message integrity.

[0003] Since HTTPS is adopted worldwide in various online services, such as e-business, e-banking and e-government, TLS, the cornerstone of HTTPS, plays an important role in secure web connections over a computer network. In TLS, authentication and secure connection creation is based on a public key infrastructure (PKI) issued by certification authorities (CAs).

[0004] By signing and issuing certificates, certification authorities provide information on trust and guarantee the integrity of the website, confidentiality and speaks about minimizing the risks of interception of web traffic.

[0005] These protocols are widely used in applications that work with the Internet, such as web browsers, e-mail, instant messaging and IP-telephony. Today there are over a thousand certificate authorities issuing certificates to websites. For example, Symantec, Thawte, Verisign, Geotrust and others. To receive a certificate from one of the certification organizations, the webmaster or site owner must pay (every year) payments to get on the list of certified sites and continue to be on the list. Each of these centers uses its own databases, infrastructure and storage systems. Therefore, web browsers must also be compatible with data structures for exchanging information with certification authorities. The structure used today has a large degree of decentralization, demonstrates a low degree of uniformity in the data storage structure, and is also highly susceptible to compromise and fraud attacks.

[0006] In the well-known decision US 2017330179 A1, publ. November 16, 2017, on page 26, describes a method for issuing authentication information on a server using a blockchain. The method includes the steps of: (a) managing a server upon receipt of user data acquired from device users in response to a request for issuing authentication information and identifying information. The availability of information is determined, and transactions are created, the results of which include: (I) specific public keys of the user and (II) hash values of the identification information or their processed values to thereby record for other devices; and (III) the management server receiving the transaction identifier provides information about the location of the transaction recorded on the blockchain.

Disclosure of Invention

[0007] The problems listed above lead to the fact that when a certification authority is compromised or the equipment of the center fails, a large number of websites, when trying to access them through a web browser, experience problems with verification of certificates issued by a compromised center. Moreover, due to technological features, the use of blockchain technologies creates a decentralized system for storing certification data for websites.

[0008] Another objective of the present technical solution is to provide cheaper technology with more reliable protection and more efficient use, which can replace the existing digital certificate, or be used as an addition and / or duplicate technology. In versions of this decision, this technical solution is used as an arbitration system in resolving disputes about a issued certificate or company and domain name information on behalf of which the certificate was issued, including when transferring rights to a domain and / or when selling a company.

[0009] The technical result of this decision is to implement access control to a website.

[0010] In embodiments of the present solution, a computer-implemented method for validating a website in a web browser includes the initial registration of the website — issuing an entry in the blockchain chain. An entry in the blockchain chain is registered in connection with the website. The records also indicate the credentials of the website. Then register the transaction associated with the blockchain record in the blockchain chain. The transaction includes a blockchain token with an indicator. A transaction is also associated with a website. After registering a token in the blockchain and writing about the website, the website is considered registered and confirmed.

[0011] In embodiments of the present solution, upon receipt of a request from a user, the web browser checks for the presence of the blockchain record associated with the website credentials in the blockchain; and checking the current blockchain token metric associated with the website, in which, in response to the fact that the current blockchain token metric is less than the primary metric, the current request is not validated; or, in response to the fact that the current indicator of the blockchain token is larger than the primary indicator, the current request is validated.

[0012] In embodiments of the present solution, the nature of the change in the current blockchain token metric is analyzed, which may be an increase or decrease in the blockchain token metric.

[0013] In embodiments of the present solution, after validation of the current request regarding the initial blockchain token, the blockchain record is updated taking into account the current indicator of the blockchain token.

[0014] In other embodiments of the present solution, the chain associated with one (first) domain name is used when making an entry in the same or another chain for another domain (second) name.

[0015] In embodiments of the present decision, the blockchain token metric is a deposit. The deposit can be currency, cryptocurrency or any other without restrictions. In some solutions, the indicator of the blockchain token is an indicator of the cost of resources when issuing a certificate received in relation to website data. Resource costs reflect the costs, for example, of the energy spent during mining, that is, during the calculation for the issuance of a token.

[0016] In embodiments of the present solution, checking the current metric includes checking a threshold for changing a metric of a blockchain token. In some cases, where the token indicator is currency or cryptocurrency, the threshold may be the value in rubles or bitcoins.

[0017] In some embodiments of the present solution, the blockchain record associated with the credentials of the website includes a release or chaining date, a domain name and / or an identifier, for example, a resource’s IP address, owner’s name, and the hash of the record.

[0018] In some embodiments of the present solution, the blockchain chain has a distributed structure. The distributed structure can be a virtual server network, a physically distributed network, including data duplication and mirroring.

[0019] In embodiments of the present solution, the web browser can visualize the degree of trust in the website when it is visited. When visiting a web page, the web browser may display a message and / or an icon and / or banner explaining the current degree of trust in the website. The degree of trust can be visualized with color or quantitative indicators, for example, points or badges and / or color indicators, for example, green - trusted website, red - untrusted website.

[0020] In the variants of the present decision, the degree of trust to the website is calculated on the basis of a) a token metric, b) blockchain record data - release date, domain name, owner’s name, hash of the record.

[0021] In the context of the present description, “server” means a computer program running on appropriate equipment that is able to receive requests (for example, from client devices) over the network and execute these requests or initiate the execution of these requests. The equipment may be one physical computer or one physical computer system, but neither one nor the other is mandatory for this technology. In the context of this technology, the use of the expression “server” does not mean that every task (for example, received commands or requests) or any specific task will be received, executed or initiated to be executed by the same server (that is, by the same software software and / or hardware); this means that any number of software elements or hardware devices can be involved in receiving / transmitting, executing or initiating the execution of any request or the consequences of any request related to the client device, and all this software and hardware can be one server or several servers , both options are included in the expression “at least one server”.

[0022] In the context of the present description, unless specifically indicated otherwise, "client device" means an electronic device associated with the user and including any hardware device capable of working with software suitable for solving the corresponding problem. Thus, examples of client devices (among other things) include personal computers (desktop computers, laptops, netbooks, etc.) smartphones, tablets, as well as network equipment such as routers, switches, and gateways. It should be borne in mind that a computer device that behaves as a client device in the present context can behave like a server in relation to other client devices. The use of the expression “client device” does not exclude the possibility of using multiple client devices to receive / send, execute, or initiate the execution of any task or request, or the consequences of any task or request, or the steps of any method described above.

[0023] In the context of the present description, unless specifically indicated otherwise, "computer device" means any electronic device capable of working with software suitable for solving the corresponding problem. A computer device may be a server, a client device, and so on.

[0024] In the context of the present description, unless otherwise indicated, the term "database" means any structured data set that is independent of the specific structure, database management software, hardware of the computer on which the data is stored, used or otherwise are available for use. The database can be located on the same equipment that performs the process on which information stored in the database is stored or used, or the database can be located on separate equipment, for example, a dedicated server or multiple servers.

[0025] In the context of the present description, unless otherwise indicated, “information” includes any information of any type, including information that can be stored in a database. Thus, information includes, among other things, audiovisual works (photographs, videos, sound recordings, presentations, etc.), data (map data, location data, digital data, etc.), text (opinions, comments, questions, messages, etc.), documents, tables, etc.

[0026] In the context of the present description, unless otherwise indicated, a “component” means software (corresponding to a specific hardware context) that is necessary and sufficient to perform the specific specified (s) function (s).

[0027] In the context of the present description, unless otherwise indicated, the term "storage medium" means a medium of absolutely any type and nature, including RAM, ROM, disks (CDs, DVDs, floppy disks, hard drives, etc. .), USB flash drives, solid state drives, tape drives, etc. In the context of the present description, unless specifically indicated otherwise, the words "first", "second", "third", etc. used in the form of adjectives solely to distinguish the nouns to which they relate from each other, and not for the purpose of describing any specific relationship between these nouns. So, for example, it should be borne in mind that the use of the terms “first server” and “third server” does not imply any ordering, chronology, hierarchy or ranking (for example) of servers / between servers, as well as their use (in and of itself) does not imply that a certain “second server” must exist in a given situation. Further, as indicated here in other contexts, the mention of the “first” element and the “second” element does not exclude the possibility that it is one and the same actual real element. So, for example, in some cases, the “first” server and the “second” server can be the same software and / or hardware, and in other cases they can be different software and / or hardware.

[0028] Each embodiment of the present technology pursues at least one of the aforementioned objectives and / or objects, but all are not required. It should be borne in mind that some objects of this technology, obtained as a result of attempts to achieve the aforementioned goal, may not satisfy this goal and / or may satisfy other goals not specifically indicated here.

[0029] Additional and / or alternative characteristics, aspects and advantages of embodiments of the present technology will become apparent from the following description, the accompanying drawings, and the appended claims.

Brief Description of the Drawings

The following description is provided for a better understanding of the present technology, as well as other aspects and their characteristics, the description is not limiting, and should be used in conjunction with the attached drawings.

[0031] In FIG. 1 shows a diagram of a technical system for website authorization.

[0032] In FIG. Figure 2 shows the website registration scheme and the creation of the initial website record in the blockchain chain.

[0033] FIG. 3 shows a scheme for verifying the conditions for fulfilling a smart contract.

The implementation of the invention

[0035] The present technical solution relates to two subjects. First, the solution describes an approach to authorizing websites. Secondly, the present solution describes a data storage system for authorizing web pages in a browser based on blockchain technology.

[0036] Currently, websites must use certificates provided by an authorized body, and certificates must be supported by a web browser. Today, a standard for issuing certificates is used, called an SSL certificate confirming the domain. When the user's web browser accesses the website, the web browser, using a special pre-built library, checks:

a) who provided, i.e. issued, the certificate (the browser checks the public key of the certification center) and

b) whether the certificate is valid (looking at the website’s private key) is a general TLS / SSL approach.

[0037] If the website has a valid certificate, this means that the certification authority has taken steps to verify that the web address actually belongs to this organization. When a user enters a URL or clicks on a link to a “certified” website, the browser checks the certificate for compliance with the following characteristics: the website address matches the address in the certificate, and the certificate is signed by a certification authority, which the browser recognizes as a “trusted” center certification.

[0038] However, such a structure has inherent disadvantages:

distributed network of certificates (various companies, etc.) web browsers must support a variety of certificates;

Each of these centers uses its own databases, infrastructure and storage systems.

Therefore, web browsers must maintain compatibility with data structures for exchanging information with certification authorities. The structure used today has a large degree of decentralization, demonstrates a low degree of uniformity in the data storage structure, and is also highly susceptible to compromise and fraud attacks.

[0039] There is an effective solution to solving two of the above problems - the use of advanced blockchain technology to solve the problem. In other words, the use of advanced blockchain technology for website certification allows you to create a distributed and publicly accessible website record structure that is technologically difficult to replace and / or compromise.

[0040] In general, in some embodiments, the present technical solution teaches to use both a blockchain registry entry and a blockchain token metric that a webmaster issues as a confirmation of the status of his website to verify (authorize) the website.

[0041] FIG. 1 shows a diagram of a technical system according to one embodiment of the implementation of this technology. Obviously, the system is only one of the possible options for implementing this technology. Thus, a further description of the system is a description of examples illustrating the present technology. This description is not intended to determine the scope or boundaries of this technology. In some cases, useful examples of system modifications are also provided. They contribute to understanding, but also do not define the scope or boundaries of the present technology. These modifications do not constitute an exhaustive list. One skilled in the art will appreciate that other modifications are possible. In addition, if modifications are not described in some cases, this does not mean that they are not possible and / or the description contains a single implementation option for this or that element of the present technology. In addition, it should be understood that the system in some cases may constitute a simplified implementation of the present technology, and that such options are presented in order to facilitate a better understanding of it. It will be apparent to those skilled in the art that various implementations of the present technology can be significantly more complex.

[0042] The system comprises an electronic device. An electronic device typically interacts with the server (s) and databases and may be referred to as a “client device”. It should be noted that the communication of the electronic device with the server does not mean the need to indicate or assume any operating mode, for example, logging in, registering, etc. A system may comprise a plurality of electronic devices similar to or different from an electronic device.

[0043] There are no particular restrictions on the implementation of an electronic device. As an example, an electronic device can be implemented as a personal computer (desktop, laptop, netbook, etc.) or as a wireless electronic device (cell phone, smartphone, tablet, etc.). In the embodiment of FIG. In one example, an electronic device is implemented as a laptop, such as a 13-inch MacBook Pro ™ (contains a 13.3-inch LED backlit IPS display with a resolution of 2560 × 1600 pixels at a density of 227 pixels per inch; sixth-generation Intel Core i5 dual-core processor with frequency 2.9 GHz; Intel ™ Iris Graphics 550; 8 GB RAM; 256 GB SSD; touchpad) Apple, Inc., USA (Apple Campus, 1 Infinite Loop, Cupertino, California. USA).

[0044] A general implementation of an electronic device is known in the art and therefore, a detailed description thereof is omitted. Suffice it to say that the electronic device contains a user input interface (such as a keyboard, mouse, touchpad, touch screen, etc.) for receiving user input; an output user interface (such as a screen, touch screen, printer, etc.) for outputting visual and audio information to a user; a network data transmission interface (such as a modem, network card, etc.) for bidirectional data transmission through a communication network; a processor connected to an input user interface, an output user interface, and a network data interface, wherein the processor is configured to perform various procedures, including those described below. To this end, the processor may store or have access to instructions for reading by a computer. When these instructions are executed, the processor performs the various procedures presented in the present description.

[0045] The aforementioned communication network may be the Internet. In other embodiments of the present technology, a communication network may be implemented differently, for example, in the form of an arbitrary global communication network, a local communication network, a personal communication network, etc.

[0046] The electronic device comprises hardware and / or software and / or firmware (or a combination thereof) for executing a web browser (browser) in the electronic device. The browser provides the user access through the communication network to one or more network resources, such as a first network resource, a second network resource and many additional resources, which are collectively indicated as in FIG. 1. The browser can be implemented as one of the following browsers: Mozilla Firefox ™, Google Chrome ™, Yandex ™ Browser. It should be noted that several versions of a browser from one or more providers may be installed in an electronic device.

[0047] Each website (first network resource, second network resource, and many additional resources) can be a specific website (such as an Amazon ™ online store, Wikipedia ™ information resource, Canadian Cancer affiliated website Foundation, etc.), aggregator web resource, etc. Some or all network resources, such as a first network resource, a second network resource, and a plurality of additional resources, may reside in one or more network resource servers, collectively referred to as in FIG. 1. Available in the first network resource, the second network resource and many additional resources, the information may include various types of content, such as photographs, videos, audio materials, etc., and may relate to various topics, such as news, weather, traffic, entertainment, finance, etc.

[0048] In general, when a user of an electronic device needs access to information from one of the network resources, such as the first network resource, the second network resource, and many additional resources, the user can access the web resource either directly by entering the address of the resource (usually the URL , such as www.webpage.com), or by clicking on the link in the email message or on another web resource. The browser typically also provides a search function by which the user can search for information on a topic of interest to him (as described in more detail below).

[0049] The electronic device is further configured to execute a device process controller program. The controller program can be executed either by the browser or by the operating system (OS) of the electronic device (or both). Registering a website and creating an initial website entry in the blockchain chain (blockchain certification).

[0050] FIG. Figure 2 shows the website registration scheme and the creation of the initial website record in the blockchain chain. The domain owner, using the user's device, registers his website (domain name) by registering the domain name and / or website URL in the public blockchain registry located in the blockchain database. To do this, the website owner contacts the certification server. The certification server has access to the database of records (chains). That is, the owner requests the release from the server, and the server, accordingly, registers the record by means of updating the blockchain of the data chain in the database. By adding a new record to the chain, the owner can optionally indicate his data, that is, identifies himself, the owner’s identification data is also stored in the chain. Subsequently, if an attacker tries to change the data (overwrite the chain), then the attacker will need to additionally specify the data of the original owner who issued the original record to make changes to the original record. Owner data may include login and password, identification data of an individual or legal entity, etc.

[0051] The issuance of the initial record in embodiments of this solution is based on the SSL certificate provided to the website, for example, provided by another certification server earlier, containing the domain name and certificate serial number. An SSL certificate can also be initially signed by a third-party web service that issued the certificate. Such an option of the present solution is possible, for example, in cases where the website is being initially registered in the blockchain certification system, or the transition is made from the standard certification system to the blockchain certification system. In addition, the blockchain certification system described in this decision can be used as an additional system in conjunction with other known technologies to increase the reliability of the website certification procedure and subsequent verification of the website when users visit the website.

[0052] The blockchain record associated with the credentials of the website includes the release or chaining date, domain name and / or identifier, for example, the IP address of the resource, the name of the owner, the hash of the record. In addition, the record may be associated with the data of the owner of the website, full name, registration data in web resources, based on the electronic digital signature (digital signature) validating the owner.

[0053] The domain owner may also optionally conduct the following transaction. In this case, the owner issues a blockchain token and transmits it for writing to the database to the certification server. The token has an assigned metric, that is, a set of values assigned to the token during generation and / or subsequent update. For example, an indicator of a blockchain token may be an indicator of the cost of resources when issuing a certificate received in relation to website data. Resource costs reflect the costs, for example, of the energy spent during mining, that is, during the calculation of the values needed to issue a token.

[0054] In the variants of this technical solution, the domain owner puts a certain amount (for example, bitcoins or any other cryptocurrency or “real” currency) into his wallet associated with his website (provided based on the registry in the chain). This is the initial deposit of the website, confirming the ownership of the domain name and websites in general. In this embodiment, the blockchain token has an indicator associated with the amount of the deposit.

[0055] The server registers the record in the chain, updates the chain in the database, ensuring that the selected domain is secured by the initial deposit of the website in wallet A (wallet identifier) with deposit B itself and the certificate identifier. An identifier is a token containing a hash token or any other token. The token can be executed with the participation of crypto providers and issued, including using an electronic digital signature (digital signature) validating the owner.

[0056] Based on the token and the entry in the chain, the certification server issues a smart contract (“smart contract” from the English smart contract) that has a signature. A smart contract is signed using methods similar to controlling movement and sending funds in cryptocurrency networks. After signing by the parties, the contract takes effect. The terms of the contract should have a mathematical description and a clear logic of execution. Having unhindered access to the objects of the contract, the smart contract monitors the achievement or violation of points according to the specified conditions and makes independent decisions based on the programmed conditions. Thus, the basic principle of a smart contract is the complete automation and reliability of the execution of contractual relations. In essence, a smart contract is a program code that contains information about a transaction in the “if ... then” format. For example, in a smart contract, a condition can be indicated like: if the user has visited the website, check the token metric with serial (serial) No. 11111. If the token metric is> 100 units, then allow access to the website. Another example may explain the control of a cryptocurrency wallet deposit. For example, if a user accesses a website, check wallet deposit No. 22222. If the wallet deposit is ≥100 cryptocurrency units, then allow access to the website.

[0057] Variants of this solution using smart contracts make it possible to automate the verification of indicators (records) in blockchain chains, including without direct user access to data and information on the website side (webmasters). Validation is performed automatically on the server side, which further reduces the amount of information transmitted to the end user of the website content. All contracts are stored in blockchain chains in encrypted form. That is, only the parties to the agreement (web master and certification server) know about the terms of the contract, and third parties cannot make changes to the program code (rewrite the agreement in the chain). This is due to the structure and principles of blockchain technology and the features of this solution.

[0058] One of the features of this technical solution is the combination of a blockchain token metric and a blockchain record, which, as already mentioned, verify the domain (website) owner and a blockchain token metric, additionally confirming the fact that the transaction was issued by the specific owner. A blockchain-token pair and a blockchain record form a certificate within the framework of a smart contract, which, upon subsequent verification by a web browser of a client device, verifies or does not verify the website. For this, the client device’s web browser communicates with a database storing blockchain chains with blockchain tokens and corresponding blockchain entries in smart contracts, which will be described in more detail below.

[0059] The database is hosted on a remote server or, in the case of a distributed structure, on multiple servers. The server, in the process of filling the database, registers transactions and blockchain tokens issued on websites (domain names), chains are published in a single global space through the blockchain chain. In the chain, each of the certificates consists of a header and several transactions, which are organized as a hash tree.

[0060] The block header consists of:

a) the time when the miner (certificate holder) begins to generate a block;

b) the digest of the last block header in the block chain, for example, the current token metric.

[0061] Transaction records contain lists (type of operation or record, DNS name) of changes and transactions, for example, sorted by date and time or in lexicographic order. Different types of transactions can be issued in the certificate chain. A transaction of the first type is signed by the server using its key or key pair. The key can be public or private, generated using the password and login of the client device. When the certificate expires and is renewed, the new key will be included in the next transaction. If the certificate is revoked, it will be excluded from the next transaction. Transactions of the second type are used to initialize or reset key pairs.

[0062] In cases where the DNS name (or website URL) is initially entered into the blockchain chain, the fact of its “publication” can be signed using several other websites. These websites will act as “guarantors” of the new registered website. A surety can be, among other things, the website of one company product when the company launches a new product.

[0063] The server then generates a certificate for the new website based on the keys of the “guarantors”. All transactions are continuously publicly published by the server in the blockchain chain. In case of issuing a certificate with a guarantor, the server generates a new certificate based on previously issued certificates of “guarantors”.

[0064] In an embodiment of the present decision using a smart contract, the newly issued contract may additionally have a condition for verifying the validity of the execution of the contract of the guarantor.

[0065] In each operation, the server (s) are allowed to publish one or more transactions. If users of the system (miners) receive both transactions of the first type and transactions of the second type with the same DNS name, the transaction of the second type takes precedence. If there are several transactions of the same name and type of DNS, the server selects one of them based on the timestamps of registration of the arrival of the transaction and / or the time of generating the request on the client device side. The client device browser interacts with the server network according to the P2P (peer-to-peer) scheme; other client devices can receive updates directly from the server or from other clients. When the browser of the client device establishes a connection with the server, it can additionally verify its certificate on the server using a local copy of the certificate from the memory of the client device.

Website Authorization Procedure.

[0066] FIG. Figure 2 shows the interaction diagram of a user device with an authorization server (first server) and a certification server (second server). In the variants of the present solution, the functions of the authorization server and the certification server can be performed by the same server, in other embodiments, the authorization server and / or the certification server can be a virtual server, or be part of a distributed server architecture. The certification server can be connected to the database of blockchain records, accessing the database with incoming requests from the authorization server. The certification server, authorization server, and client device are connected via the Internet and / or intranet or any other, such as cellular communication networks. The database can be executed as part of a certification server, or as a remote solution, including using virtual databases and distributed structures.

[0067] A user, using a web browser, connects to a network (Internet) and requests the desired website. The browser can be equipped with both built-in tools for processing website authorization requests (similar to SSL certificates), and third-party libraries and / or extensions installed separately from the application store and / or from the websites of authorization service providers. Using the built-in verification library or browser extension, the browser connects to the authorization server (first server), sending the authorization request to the website to the authorization server. The request contains instructions for checking the blockchain certificate chain of the website. The authorization server, upon receipt of the request, initiates a check. The browser request contains an indication of the domain name (website) that the user requires access to. The authorization server, having received a request from a web browser, generates a certification request to the certification server (second server). The request to the certification server includes the public (public) key, the domain name of the website that the user requests. In response to a request from the authorization server, the certification server contacts the database and verifies the public key and the record of the domain name registered in the blockchain chain. If there is an entry that matches the received domain name and public key, the certification server returns to the authorization server a request to sign the request with a private (private key).

[0068] Next, the authorization server signs the returned request with a private key and again passes the second request to the certification server to reconcile with the blockchain database. The second request from the authorization server contains instructions for verifying the fulfillment of the terms of the smart contract. During verification of compliance with the terms of the smart contract, the certification server can access the browser. The browser, using the built-in verification library or browser extension, obtains the verification conditions from the smart contract, which are then checked (verified) by the built-in verification library or browser extension. In other embodiments, the browser refers to a smart contract, according to which, depending on the specific conditions of the contract, it is possible to check, for example, several conditions, sequentially or in parallel, for one or more contracts.

[0069] In embodiments of the present solution, as shown in FIG. 3, the browser will check the conditions for verifying the smart contract and verify that the conditions of the token metric are met with respect to the requested domain name. In this case, the server and / or browser accesses the database in which the smart contract is stored, the contract indicates a) the conditions for verification (fulfillment of the conditions of the contract) and b) the subject being verified. The subject to be verified may be a specific token or several tokens stored in the database and indicated in the smart contract. In such an option, the contract may indicate a threshold for the value of the indicator, in case of achievement (or excess / decrease) of which the smart contract is considered fulfilled or, accordingly, unfulfilled.

[0070] In other embodiments of the present decision, the subject to be verified may be a wallet and / or cryptocurrency indicator of a token, which is indicated in the smart contract for verification. In case of reconciliation of the token or wallet indicator, the deposit of the wallet or token is checked. In addition, in smart contract options, reconciliation of the nature of the change is possible. For example, in solutions, the nature of the change in the current indicator of the blockchain token (or wallet deposit) is to increase or decrease the indicator of the blockchain token (or wallet deposit).

[0071] In embodiments of the present solution, during the check, the server checks the pair of records, including

a) the current status of the certificate of the requested website, and

b) the token metric, which, at the time of verification, may be higher, equal to or lower than the token's originally registered metric.

[0072] In the variants of the present solution, the certification server, after checking the conditions for fulfilling the smart contract, if the conditions of the contract are met, sends instructions to the authorization server to allow access to the website, and if the contract is not satisfied, sends instructions to the authorization server to block access to to the website. In response to receiving instructions to allow access to the website, the authorization server transmits autorotation data to the web browser of the user device, that is, the website requested by the user is considered trusted.

[0073] The degree of trust of a web browser with respect to a particular website or web page can be calculated from the totality of trust in the SSL certificate and satisfaction of the verification of compliance with the terms of the smart contract. In other embodiments, the degree of trust can be calculated on the basis of one or more conditions of a smart contract, for example, on the principle that the more conditions are met, the greater the degree of trust.

[0074] The web browser may be equipped with means for displaying the degree of trust in a particular website when visiting one. Confidence indicators are implemented in the web browser interface. The degree of trust is determined on the basis of the above procedure for verifying a certificate through a blockchain chain. In embodiments of the present solution, the indicator may be configured to colorly, numerically and / or combined display the degree of trust of the website. An indicator executed with a color indication indicates, for example, green — trusted website, red — untrusted website, yellow — no verification, or, in other cases, the website does not use blockchain-based verification.

[0075] In embodiments of the present solution, the certification server may, after validating the current request, update records in the blockchain chain taking into account the current indicator of the blockchain token. In such cases, if during the verification of the smart contract the token data has changed, provided that the contract is satisfied, the certification server can clarify the data for the contract for subsequent checks. For example, if the wallet deposit has changed since the first check of the smart contract, while still satisfying the conditions of the contract check, the certification server can update the new indicator and rewrite the smart contract with the condition of checking the new deposit. As mentioned earlier, a smart contract can take into account both the deposit and the token value and / or their combination.

[0076] In some embodiments of the present solution, the certification server may overwrite the smart contract, that is, delete the old one and create a new contract to replace the old one with new data (indicators) for verification.

[0077] In some embodiments of the present solution, the certification server and the authorization server may be implemented as a single server. A database storing blockchain records and smart contracts can be implemented as a single database or a distributed database with which an authorization server or a certification server or both servers can communicate.

[0078] In some embodiments of the present solution, the certification server and / or authorization server may charge, as compensation for data processing, a part of the deposit (the percentage of the deposit wound up on one of the wallets) during transactions. For example, during the initial registration of a website, the certification server can withhold 1% of the token value and / or 2% (as an example) from the webmaster’s cryptocurrency account. This approach is due to the maintenance of the functioning of the infrastructure using blockchain technology.

[0079] It is important to keep in mind that not all of the technical results mentioned here may occur in each embodiment of the present technology. For example, embodiments of the present technology may be performed without the manifestation of some technical results, others may be performed with the manifestation of other technical results or without them at all.

[0080] Modifications and improvements to the above-described embodiments of the present technology will be apparent to those skilled in the art. The preceding description is provided as an example only and does not set any limitations. Thus, the scope of the present technology is limited only by the scope of the attached claims.

Claims (41)

1. A computer-implemented method for validating access to a website in a web browser, including: registering the blockchain record associated with the website and containing the credentials of the website and domain in the blockchain chain; registering a transaction related to the blockchain record in the blockchain chain, a transaction containing a blockchain token with a metric is associated with a website; receiving a request from a web browser to check a website based on a request from a web browser to validate a request to access a website, the check includes: checking for the blockchain record associated with the website credentials in the blockchain; and checking the current indicator of the blockchain token associated with the website, in which Depending on the nature of the change in the current indicator of the blockchain token, the current request is validated or not validated. 2. The method according to p. 1, in which the nature of the change in the current indicator of the blockchain token is an increase or decrease in the indicator of the blockchain token. 3. The method according to claim 1, in which, after validating the current request, the blockchain record is updated taking into account the current indicator of the blockchain token. 4. The method according to claim 2, in which in response to the fact that the current blockchain token is less than the primary indicator, the web browser denies access to the web page. 5. The method of claim 1, wherein, in response to validating the current request, the web browser allows access to the web page. 6. The method of claim 1, wherein the domain chain is used when issuing a certificate of another domain. 7. The method according to claim 2, in which the indicator of the blockchain token is a deposit saved in relation to the website data. 8. The method of claim 7, wherein the deposit is a cryptocurrency deposit. 9. The method according to claim 1, in which the indicator of the blockchain token is an indicator of the cost of resources when issuing a certificate stored in relation to the website data. 10. The method according to p. 1, in which checking the current indicator includes checking the threshold for changing the indicator of the blockchain token. 11. The method according to claim 1, in which the blockchain record associated with the credentials of the website includes: release date, domain name, name of owner, hash amount of the record. 12. The method of claim 1, wherein the blockchain chain has a distributed structure. 13. The method according to p. 1, in which on the basis of verification determine the degree of trust to the website. 14. The method of claim 13, wherein the degree of confidence is visualized with one of a color, and / or a numerical metric, and / or a combined metric. 15. The method according to claim 1, in which to check for the presence of a blockchain record, a verification condition is created for the blockchain chain. 16. The method according to claim 1, in which the transaction containing the blockchain token with the primary indicator, and the condition for checking the availability of the blockchain record associated with the credentials of the website, are saved as a smart contract. 17. A computer system for generating instructions for validating access to a website, including a blockchain database, a user device, an authorization server, and a certification server connected through a network, a system including: - a user device sends a request for authorization of a website to the authorization server, the authorization request includes instructions for checking the website’s domain certificate and website’s domain name in the blockchain chain; - generating a certification request, including the public key, by the authorization server, based on a request from the user's device, and transmitting the certification request to the certification server by the authorization server; - access by the certification server, in response to a certification request, to the database; - verification by the certification server of the presence of a record in the database containing the domain name of the site; - in response to the check, the certification server returns to the authorization server a request to sign the request with a private key; - signature by the authorization server of the returned request with a private key and forwarding of the second request to the certification server, including instructions for verifying the fulfillment of the terms of the smart contract stored in the database; - in response to the fulfillment of the terms of the smart contract, the certification server generating instructions for validating access to the website. 18. The computer system of claim 17, wherein the authorization server and the certification server are the same server. 19. The computer system according to claim 17, in which the certification server, after checking the conditions for fulfilling the smart contract, if the conditions of the contract are met, transmits instructions to the authorization server to allow access to the website, and if the contract is not satisfied, sends instructions to the authorization server denied access to the website. 20. The computer system of claim 17, wherein the database is part of an authorization server or certification server. 21. The computer system according to claim 17, in which the database contains a smart contract, which indicates the conditions for verifying compliance with the contract and the subject being verified. 22. The computer system according to claim 21, in which the subject can be a specific blockchain token or several blockchain tokens stored in a database and indicated in a smart contract. 23. The computer system of claim 21, wherein the blockchain token has a metric. 24. The computer system according to claim 23, wherein the threshold value of the blockchain token indicator is indicated, in the case of which the smart contract is deemed executed or unfulfilled. 25. The computer system of claim 23, wherein the blockchain token metric is cryptocurrency. 26. The computer system according to claim 23, in which the indicator of the blockchain token is the deposit saved in relation to the website data.

Images