TW202042527A - Verification and management system for a digital certificate and method thereof - Google Patents
Verification and management system for a digital certificate and method thereof Download PDFInfo
- Publication number
- TW202042527A TW202042527A TW108115126A TW108115126A TW202042527A TW 202042527 A TW202042527 A TW 202042527A TW 108115126 A TW108115126 A TW 108115126A TW 108115126 A TW108115126 A TW 108115126A TW 202042527 A TW202042527 A TW 202042527A
- Authority
- TW
- Taiwan
- Prior art keywords
- electronic certificate
- record
- certificate
- blockchain
- issuance
- Prior art date
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
Description
本發明係有關於一種電子憑證系統,特別是指一種電子憑證驗證及管理系統與方法。The present invention relates to an electronic certificate system, in particular to an electronic certificate verification and management system and method.
目前,有公開金鑰基礎建設架構(Public Key Infrastructure,PKI)來管理電子憑證(Digital Certificate),其包括憑證機構(Certificate Authority,CA)伺服器、註冊中心(Register Authority,RA)伺服器及目錄服務(Directory Service,DS)伺服器。由註冊中心伺服器審核使用者的電子憑證申請,將電子憑證申請送至憑證機構伺服器後發出電子憑證,並將電子憑證公告至目錄服務伺服器中。其中,在使用電子憑證的過程中,除了驗證電子憑證之外,還需要確認電子憑證是否遭到廢止。因此,會每隔一段時間發佈電子憑證廢止清單(Certificate Revocation List,CRL),讓大眾確認哪些電子憑證已被廢止。然而,此作法並無即時性,容易產生漏洞,將當受到分散式阻斷服務攻擊(distributed denial-of-service attack,DDOS)時,便無法得到電子憑證廢止清單。Currently, there is a public key infrastructure (Public Key Infrastructure, PKI) to manage digital certificates (Digital Certificates), which include Certificate Authority (CA) servers, Register Authority (RA) servers and directories Service (Directory Service, DS) server. The registration center server reviews the user's electronic certificate application, sends the electronic certificate application to the certification authority server and then issues the electronic certificate, and announces the electronic certificate to the directory service server. Among them, in the process of using the electronic certificate, in addition to verifying the electronic certificate, it is also necessary to confirm whether the electronic certificate has been revoked. Therefore, the electronic certificate revocation list (Certificate Revocation List, CRL) will be released at regular intervals to let the public confirm which electronic certificates have been revoked. However, this method is not immediacy and is prone to loopholes. When a distributed denial-of-service attack (DDOS) is encountered, the list of electronic certificate revocations cannot be obtained.
有鑑於此,本發明提出一種電子憑證驗證及管理系統與方法,可將電子憑證的發行與廢止記錄即時記錄在區塊鏈上,具有即時性、可靠性與可信賴性。In view of this, the present invention proposes an electronic certificate verification and management system and method, which can record the issuance and revocation records of electronic certificates on the blockchain in real time, which has real-timeness, reliability and reliability.
本發明一實施例提出一種電子憑證驗證系統,包括區塊鏈及網路應用服務裝置。區塊鏈儲存憑證認證機構對於電子憑證之發行記錄及廢止記錄。網路應用服務裝置接收電子憑證,以經由網路向區塊鏈查詢電子憑證的發行記錄及廢止記錄,而於查詢到電子憑證尚未被廢止時,根據發行記錄檢驗電子憑證。An embodiment of the present invention provides an electronic certificate verification system including a blockchain and a network application service device. The blockchain stores the issuance and revocation records of the electronic certificate issued by the certificate certification authority. The network application service device receives the electronic certificate to query the issuance record and revocation record of the electronic certificate from the blockchain via the Internet, and when the electronic certificate has not been revoked, it checks the electronic certificate according to the issuance record.
本發明另一實施例提出一種電子憑證管理系統,包括區塊鏈及複數憑證認證伺服器。各憑證認證伺服器對應所發行的電子憑證產生發行記錄,並將發行記錄上傳至區塊鏈儲存。Another embodiment of the present invention provides an electronic certificate management system, which includes a blockchain and a plural certificate authentication server. Each certificate authentication server generates an issue record corresponding to the issued electronic certificate, and uploads the issue record to the blockchain for storage.
本發明又一實施例提出一種電子憑證驗證方法,包括:取得電子憑證;經由網路向區塊鏈查詢電子憑證的發行記錄及廢止記錄;及於查詢到電子憑證尚未被廢止時,根據發行記錄檢驗電子憑證。Another embodiment of the present invention provides an electronic certificate verification method, including: obtaining an electronic certificate; querying the issuance record and revocation record of the electronic certificate from the blockchain via the network; Electronic certificate.
本發明再一實施例提出一種電子憑證驗證方法,包括:發行電子憑證;依據所發行的電子憑證產生發行記錄;及傳送電子憑證的該發行記錄至區塊鏈儲存。Another embodiment of the present invention provides an electronic certificate verification method, including: issuing an electronic certificate; generating an issuance record based on the issued electronic certificate; and transmitting the issuance record of the electronic certificate to the blockchain for storage.
綜上所述,根據本發明實施例提出的電子憑證驗證及管理系統與方法,可即時的更新各電子憑證的有效狀態,各憑證認證伺服器與網路應用服務裝置也無須被動的等待電子憑證廢止清單。同時,利用區塊鏈的特性,可確保發行記錄與廢止記錄不會遭到竄改,亦可不受DDOS攻擊影響。In summary, the electronic certificate verification and management system and method according to the embodiments of the present invention can update the validity status of each electronic certificate in real time, and each certificate authentication server and network application service device does not need to passively wait for the electronic certificate. Revocation list. At the same time, the use of the characteristics of the blockchain can ensure that the issuance record and revocation record will not be tampered with, and will not be affected by DDOS attacks.
參照圖1,係為本發明一實施例之電子憑證管理系統100架構示意圖。電子憑證管理系統100包括分屬不同憑證認證機構的複數憑證認證伺服器110及區塊鏈120。憑證認證伺服器110與區塊鏈120之間透過網路300連接。憑證認證伺服器110可為伺服器或伺服器叢集。1, which is a schematic diagram of the structure of an electronic
圖3為本發明一實施例之電子憑證管理方法流程圖(一)。合併參照圖1與圖3。各憑證認證伺服器110在發行電子憑證之後(步驟S301),對應所發行的電子憑證產生發行記錄(步驟S302),並將發行記錄上傳至區塊鏈120儲存(步驟S303)。利用區塊鏈技術的不可竄改的特性,可以確認對應的電子憑證是否真實被發行。發行記錄可記載電子憑證指紋、電子憑證發行機構公鑰指紋、發行機構識別碼、發行時間、啟用時間、過期時間、電子憑證擁有者公鑰指紋等電子憑證中記載的資訊。在此,區塊鏈120是由多個連網設備(如伺服器)所組成的群集,任何一個連網設備接收到的資料,將被即時傳遞並儲存於其他連網設備。另一方面,對區塊鏈120查詢資料,亦可以是向任何一個連網設備查詢。3 is a flowchart (1) of an electronic credential management method according to an embodiment of the present invention. Refer to Figure 1 and Figure 3 together. After each
圖4為本發明一實施例之電子憑證管理方法流程圖(二)。合併參照圖1與圖4。各憑證認證伺服器110還於廢止電子憑證時產生廢止記錄(步驟S401),並將廢止記錄上傳至區塊鏈120儲存(步驟S402)。利用區塊鏈技術的不可竄改的特性,可以確認對應的電子憑證是否確實被廢止。廢止記錄可記載電子憑證指紋、廢止機構識別碼、廢止時間等資訊。Fig. 4 is a flowchart (2) of an electronic credential management method according to an embodiment of the present invention. Refer to Figure 1 and Figure 4 together. Each
區塊鏈120保存所有電子憑證的發行與廢止記錄,只要記錄一保存至區塊鏈120上,所有的憑證認證伺服器110、網路應用服務裝置230都可以到區塊鏈120上查詢到,具有效用更新的即時性。The
參照圖2,係為本發明一實施例之電子憑證驗證系統200架構示意圖。電子憑證驗證系統200包括區塊鏈220及網路應用服務裝置230。區塊鏈220與網路應用服務裝置230之間透過網路300連接。網路應用服務裝置230可為伺服器或伺服器叢集。網路應用服務裝置230提供網路應用服務,包含但不限於社群平台、郵件服務、網路金融服務、網路購物等。使用者欲使用網路應用服務裝置230提供的網路應用服務時,需提供其電子憑證登入,以供網路應用服務裝置230識別。2, which is a schematic diagram of the structure of an electronic
圖5為本發明一實施例之電子憑證驗證方法流程圖(一)。合併參照圖2與圖5。如前述實施例,區塊鏈220已儲存憑證認證機構對於電子憑證之發行記錄及廢止記錄。當網路應用服務裝置230接收到使用者提供的電子憑證之後(步驟S501),為了確認此電子憑證是否確實被發行或是否被廢止,可經由網路300向區塊鏈220查詢是否有電子憑證的發行記錄及廢止記錄(步驟S502)。若沒有查詢到廢止記錄,即表示電子憑證尚未被廢止,再根據發行記錄檢驗電子憑證,以確認發行記錄與所收到的電子憑證的相關資訊是否一致(步驟S503)。例如,可根據發行記錄記載的資訊,檢驗電子憑證的發行單位、發行時間及擁有者是否正確,若有任一者不同,表示此電子憑證可能遭到竄改或偽造。FIG. 5 is a flowchart (1) of an electronic certificate verification method according to an embodiment of the present invention. Refer to Figure 2 and Figure 5 together. As in the foregoing embodiment, the
圖6為本發明一實施例之電子憑證驗證方法流程圖(二)。合併參照圖2與圖6。若確認此電子憑證符合發行記錄也沒有被廢止,則可進一步驗證其真實性。由於區塊鏈220會保存所有憑證認證機構的公鑰,因此網路應用服務裝置230可至區塊鏈220取得對應發證的憑證認證機構的公鑰(步驟S504),以利用此公鑰驗證電子憑證(步驟S505)。具體來說,憑證認證伺服器110會依據電子憑證資訊產生一資料指紋(如以雜湊函式產生的雜湊值),並將此資料指紋以憑證認證機構的私鑰簽署後放入電子憑證中。網路應用服務裝置230可根據憑證認證機構的公鑰將電子憑證中的資料指紋還原,並再次依據電子憑證資訊計算資料指紋,兩相比對是否吻合,藉以確認所收到的電子憑證與憑證認證機構所發行的是一致的。Fig. 6 is a flowchart (2) of an electronic certificate verification method according to an embodiment of the present invention. Refer to Figure 2 and Figure 6 together. If it is confirmed that the electronic certificate conforms to the issuance record and has not been revoked, its authenticity can be further verified. Since the
綜上所述,根據本發明實施例提出的電子憑證驗證及管理系統,可即時的更新各電子憑證的有效狀態,各憑證認證伺服器110與網路應用服務裝置230也無須被動的等待電子憑證廢止清單。同時,利用區塊鏈的特性,可確保發行記錄與廢止記錄不會遭到竄改,亦可不受DDOS攻擊影響。另一方面,將各憑證認證機構的公鑰保存在區塊鏈120、220上,除了避免竄改之外,在公鑰更新時,憑證認證機構僅須對區塊鏈120、220更新公鑰,不須對所有的憑證認證伺服器110與網路應用服務裝置230更新。In summary, the electronic certificate verification and management system according to the embodiment of the present invention can update the validity status of each electronic certificate in real time, and each
100:電子憑證管理系統 110:憑證認證伺服器 120:區塊鏈 200:電子憑證驗證系統 230:網路應用服務裝置 220:區塊鏈 300:網路 S301~S303:步驟 S401~S402:步驟 S501~S505:步驟100: Electronic certificate management system 110: certificate authentication server 120: Blockchain 200: Electronic certificate verification system 230: Web Application Service Device 220: Blockchain 300: Internet S301~S303: steps S401~S402: steps S501~S505: steps
[圖1]為本發明一實施例之電子憑證管理系統架構示意圖。 [圖2]為本發明一實施例之電子憑證驗證系統架構示意圖。 [圖3]為本發明一實施例之電子憑證管理方法流程圖(一)。 [圖4]為本發明一實施例之電子憑證管理方法流程圖(二)。 [圖5]為本發明一實施例之電子憑證驗證方法流程圖(一)。 [圖6]為本發明一實施例之電子憑證驗證方法流程圖(二)。[Figure 1] is a schematic diagram of an electronic credential management system architecture according to an embodiment of the present invention. [Figure 2] is a schematic diagram of an electronic credential verification system architecture according to an embodiment of the present invention. [Figure 3] is a flowchart (1) of an electronic credential management method according to an embodiment of the present invention. [Figure 4] is a flowchart (2) of an electronic credential management method according to an embodiment of the present invention. [Figure 5] is a flowchart (1) of an electronic certificate verification method according to an embodiment of the present invention. [Figure 6] is a flowchart (2) of an electronic certificate verification method according to an embodiment of the present invention.
200:電子憑證驗證系統 200: Electronic certificate verification system
230:網路應用服務裝置 230: Web Application Service Device
220:區塊鏈 220: Blockchain
300:網路 300: Internet
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW108115126A TW202042527A (en) | 2019-04-30 | 2019-04-30 | Verification and management system for a digital certificate and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW108115126A TW202042527A (en) | 2019-04-30 | 2019-04-30 | Verification and management system for a digital certificate and method thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
TW202042527A true TW202042527A (en) | 2020-11-16 |
Family
ID=74201567
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW108115126A TW202042527A (en) | 2019-04-30 | 2019-04-30 | Verification and management system for a digital certificate and method thereof |
Country Status (1)
Country | Link |
---|---|
TW (1) | TW202042527A (en) |
-
2019
- 2019-04-30 TW TW108115126A patent/TW202042527A/en unknown
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3520356B1 (en) | Methods and apparatus for providing blockchain participant identity binding | |
US11128477B2 (en) | Electronic certification system | |
JP7072071B2 (en) | Identity authentication method and system, arithmetic unit and storage medium | |
CN106972931B (en) | Method for transparentizing certificate in PKI | |
CN108696358B (en) | Digital certificate management method and device, readable storage medium and service terminal | |
US7600123B2 (en) | Certificate registration after issuance for secure communication | |
TWI252662B (en) | Method and apparatus for accelerating public-key certificate validation | |
JP2022504420A (en) | Digital certificate issuance methods, digital certificate issuance centers, storage media and computer programs | |
CN111884815A (en) | Block chain-based distributed digital certificate authentication system | |
JP2019519987A (en) | Block chain based identity authentication method, device, node and system | |
JP2007110180A (en) | Signature record storage unit, method and program | |
EP3966997B1 (en) | Methods and devices for public key management using a blockchain | |
JPWO2020010279A5 (en) | ||
CN113228560A (en) | Issuing apparatus and method for issuing, and requesting apparatus and method for requesting digital certificate | |
JP5785875B2 (en) | Public key certificate verification method, verification server, relay server, and program | |
TWI818209B (en) | Distributed ledger-based methods and systems for certificate authentication | |
JP2001036521A (en) | Electronic certificate issue system, electronic certificate authentication system, method for issuing electronic certificate, method for authenticating electronic certificate and recording medium | |
CN113010871A (en) | Electronic calendar certificate verification method based on alliance block chain platform | |
CN114092092B (en) | Decentralized digital certificate management system based on threshold signature and use method | |
KR100760028B1 (en) | Long-term verification method and system for certificate of the electronic signature | |
NL2028778B1 (en) | Blockchain electronic contract management system | |
CN115102695A (en) | Vehicle networking certificate authentication method based on block chain | |
TW202042527A (en) | Verification and management system for a digital certificate and method thereof | |
CN114500051B (en) | Block chain-based certificate management method and system | |
CN112769817B (en) | Block chain network based on trusted network, construction method and construction system |