TW202042527A - Verification and management system for a digital certificate and method thereof - Google Patents

Verification and management system for a digital certificate and method thereof Download PDF

Info

Publication number
TW202042527A
TW202042527A TW108115126A TW108115126A TW202042527A TW 202042527 A TW202042527 A TW 202042527A TW 108115126 A TW108115126 A TW 108115126A TW 108115126 A TW108115126 A TW 108115126A TW 202042527 A TW202042527 A TW 202042527A
Authority
TW
Taiwan
Prior art keywords
electronic certificate
record
certificate
blockchain
issuance
Prior art date
Application number
TW108115126A
Other languages
Chinese (zh)
Inventor
周頌鈞
楊定國
林錦龍
Original Assignee
鉅亨網路認證股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 鉅亨網路認證股份有限公司 filed Critical 鉅亨網路認證股份有限公司
Priority to TW108115126A priority Critical patent/TW202042527A/en
Publication of TW202042527A publication Critical patent/TW202042527A/en

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

A verification and management system for a digital certificate and method thereof is provided. The certificate authority publishes and stores the issue and revoke records of digital certificates on a blockchain system. A network application service device inquires and checks the issue and revoke records on the blockchain through a network. If the digital certificate is effective and not revoked, the network application service device verifies the digital certificate based on the certificate authority’s public key.

Description

電子憑證驗證及管理系統與方法Electronic certificate verification and management system and method

本發明係有關於一種電子憑證系統,特別是指一種電子憑證驗證及管理系統與方法。The present invention relates to an electronic certificate system, in particular to an electronic certificate verification and management system and method.

目前,有公開金鑰基礎建設架構(Public Key Infrastructure,PKI)來管理電子憑證(Digital Certificate),其包括憑證機構(Certificate Authority,CA)伺服器、註冊中心(Register Authority,RA)伺服器及目錄服務(Directory Service,DS)伺服器。由註冊中心伺服器審核使用者的電子憑證申請,將電子憑證申請送至憑證機構伺服器後發出電子憑證,並將電子憑證公告至目錄服務伺服器中。其中,在使用電子憑證的過程中,除了驗證電子憑證之外,還需要確認電子憑證是否遭到廢止。因此,會每隔一段時間發佈電子憑證廢止清單(Certificate Revocation List,CRL),讓大眾確認哪些電子憑證已被廢止。然而,此作法並無即時性,容易產生漏洞,將當受到分散式阻斷服務攻擊(distributed denial-of-service attack,DDOS)時,便無法得到電子憑證廢止清單。Currently, there is a public key infrastructure (Public Key Infrastructure, PKI) to manage digital certificates (Digital Certificates), which include Certificate Authority (CA) servers, Register Authority (RA) servers and directories Service (Directory Service, DS) server. The registration center server reviews the user's electronic certificate application, sends the electronic certificate application to the certification authority server and then issues the electronic certificate, and announces the electronic certificate to the directory service server. Among them, in the process of using the electronic certificate, in addition to verifying the electronic certificate, it is also necessary to confirm whether the electronic certificate has been revoked. Therefore, the electronic certificate revocation list (Certificate Revocation List, CRL) will be released at regular intervals to let the public confirm which electronic certificates have been revoked. However, this method is not immediacy and is prone to loopholes. When a distributed denial-of-service attack (DDOS) is encountered, the list of electronic certificate revocations cannot be obtained.

有鑑於此,本發明提出一種電子憑證驗證及管理系統與方法,可將電子憑證的發行與廢止記錄即時記錄在區塊鏈上,具有即時性、可靠性與可信賴性。In view of this, the present invention proposes an electronic certificate verification and management system and method, which can record the issuance and revocation records of electronic certificates on the blockchain in real time, which has real-timeness, reliability and reliability.

本發明一實施例提出一種電子憑證驗證系統,包括區塊鏈及網路應用服務裝置。區塊鏈儲存憑證認證機構對於電子憑證之發行記錄及廢止記錄。網路應用服務裝置接收電子憑證,以經由網路向區塊鏈查詢電子憑證的發行記錄及廢止記錄,而於查詢到電子憑證尚未被廢止時,根據發行記錄檢驗電子憑證。An embodiment of the present invention provides an electronic certificate verification system including a blockchain and a network application service device. The blockchain stores the issuance and revocation records of the electronic certificate issued by the certificate certification authority. The network application service device receives the electronic certificate to query the issuance record and revocation record of the electronic certificate from the blockchain via the Internet, and when the electronic certificate has not been revoked, it checks the electronic certificate according to the issuance record.

本發明另一實施例提出一種電子憑證管理系統,包括區塊鏈及複數憑證認證伺服器。各憑證認證伺服器對應所發行的電子憑證產生發行記錄,並將發行記錄上傳至區塊鏈儲存。Another embodiment of the present invention provides an electronic certificate management system, which includes a blockchain and a plural certificate authentication server. Each certificate authentication server generates an issue record corresponding to the issued electronic certificate, and uploads the issue record to the blockchain for storage.

本發明又一實施例提出一種電子憑證驗證方法,包括:取得電子憑證;經由網路向區塊鏈查詢電子憑證的發行記錄及廢止記錄;及於查詢到電子憑證尚未被廢止時,根據發行記錄檢驗電子憑證。Another embodiment of the present invention provides an electronic certificate verification method, including: obtaining an electronic certificate; querying the issuance record and revocation record of the electronic certificate from the blockchain via the network; Electronic certificate.

本發明再一實施例提出一種電子憑證驗證方法,包括:發行電子憑證;依據所發行的電子憑證產生發行記錄;及傳送電子憑證的該發行記錄至區塊鏈儲存。Another embodiment of the present invention provides an electronic certificate verification method, including: issuing an electronic certificate; generating an issuance record based on the issued electronic certificate; and transmitting the issuance record of the electronic certificate to the blockchain for storage.

綜上所述,根據本發明實施例提出的電子憑證驗證及管理系統與方法,可即時的更新各電子憑證的有效狀態,各憑證認證伺服器與網路應用服務裝置也無須被動的等待電子憑證廢止清單。同時,利用區塊鏈的特性,可確保發行記錄與廢止記錄不會遭到竄改,亦可不受DDOS攻擊影響。In summary, the electronic certificate verification and management system and method according to the embodiments of the present invention can update the validity status of each electronic certificate in real time, and each certificate authentication server and network application service device does not need to passively wait for the electronic certificate. Revocation list. At the same time, the use of the characteristics of the blockchain can ensure that the issuance record and revocation record will not be tampered with, and will not be affected by DDOS attacks.

參照圖1,係為本發明一實施例之電子憑證管理系統100架構示意圖。電子憑證管理系統100包括分屬不同憑證認證機構的複數憑證認證伺服器110及區塊鏈120。憑證認證伺服器110與區塊鏈120之間透過網路300連接。憑證認證伺服器110可為伺服器或伺服器叢集。1, which is a schematic diagram of the structure of an electronic credential management system 100 according to an embodiment of the present invention. The electronic certificate management system 100 includes a plurality of certificate authentication servers 110 and a blockchain 120 belonging to different certificate authentication agencies. The certificate authentication server 110 and the blockchain 120 are connected through the network 300. The certificate authentication server 110 may be a server or a cluster of servers.

圖3為本發明一實施例之電子憑證管理方法流程圖(一)。合併參照圖1與圖3。各憑證認證伺服器110在發行電子憑證之後(步驟S301),對應所發行的電子憑證產生發行記錄(步驟S302),並將發行記錄上傳至區塊鏈120儲存(步驟S303)。利用區塊鏈技術的不可竄改的特性,可以確認對應的電子憑證是否真實被發行。發行記錄可記載電子憑證指紋、電子憑證發行機構公鑰指紋、發行機構識別碼、發行時間、啟用時間、過期時間、電子憑證擁有者公鑰指紋等電子憑證中記載的資訊。在此,區塊鏈120是由多個連網設備(如伺服器)所組成的群集,任何一個連網設備接收到的資料,將被即時傳遞並儲存於其他連網設備。另一方面,對區塊鏈120查詢資料,亦可以是向任何一個連網設備查詢。3 is a flowchart (1) of an electronic credential management method according to an embodiment of the present invention. Refer to Figure 1 and Figure 3 together. After each certificate authentication server 110 issues an electronic certificate (step S301), it generates an issuance record corresponding to the issued electronic certificate (step S302), and uploads the issuance record to the blockchain 120 for storage (step S303). Using the non-tamperable feature of blockchain technology, it can be confirmed whether the corresponding electronic certificate is actually issued. The issuance record can record the information recorded in the electronic certificate, such as the fingerprint of the electronic certificate, the fingerprint of the public key of the electronic certificate issuing organization, the ID of the issuing organization, the time of issuance, the activation time, the expiration time, and the public key fingerprint of the electronic certificate owner. Here, the blockchain 120 is a cluster composed of multiple connected devices (such as servers), and the data received by any one connected device will be instantly transmitted and stored in other connected devices. On the other hand, querying data on the blockchain 120 can also be querying any networked device.

圖4為本發明一實施例之電子憑證管理方法流程圖(二)。合併參照圖1與圖4。各憑證認證伺服器110還於廢止電子憑證時產生廢止記錄(步驟S401),並將廢止記錄上傳至區塊鏈120儲存(步驟S402)。利用區塊鏈技術的不可竄改的特性,可以確認對應的電子憑證是否確實被廢止。廢止記錄可記載電子憑證指紋、廢止機構識別碼、廢止時間等資訊。Fig. 4 is a flowchart (2) of an electronic credential management method according to an embodiment of the present invention. Refer to Figure 1 and Figure 4 together. Each certificate authentication server 110 also generates a revocation record when revoking the electronic certificate (step S401), and uploads the revocation record to the blockchain 120 for storage (step S402). Using the non-tampering feature of blockchain technology, it can be confirmed whether the corresponding electronic certificate is indeed revoked. The revocation record can record information such as the fingerprint of the electronic certificate, the identification code of the revocation organization, and the revocation time.

區塊鏈120保存所有電子憑證的發行與廢止記錄,只要記錄一保存至區塊鏈120上,所有的憑證認證伺服器110、網路應用服務裝置230都可以到區塊鏈120上查詢到,具有效用更新的即時性。The block chain 120 saves all electronic certificate issuance and revocation records. As long as the record is saved on the block chain 120, all the certificate authentication servers 110 and network application service devices 230 can be queried on the block chain 120. It has the immediacy of utility update.

參照圖2,係為本發明一實施例之電子憑證驗證系統200架構示意圖。電子憑證驗證系統200包括區塊鏈220及網路應用服務裝置230。區塊鏈220與網路應用服務裝置230之間透過網路300連接。網路應用服務裝置230可為伺服器或伺服器叢集。網路應用服務裝置230提供網路應用服務,包含但不限於社群平台、郵件服務、網路金融服務、網路購物等。使用者欲使用網路應用服務裝置230提供的網路應用服務時,需提供其電子憑證登入,以供網路應用服務裝置230識別。2, which is a schematic diagram of the structure of an electronic certificate verification system 200 according to an embodiment of the present invention. The electronic certificate verification system 200 includes a blockchain 220 and a network application service device 230. The blockchain 220 and the network application service device 230 are connected through the network 300. The web application server 230 may be a server or a cluster of servers. The network application service device 230 provides network application services, including but not limited to social platforms, mail services, online financial services, and online shopping. When a user wants to use the web application service provided by the web application server 230, he needs to provide his electronic certificate to log in for the web application server 230 to recognize.

圖5為本發明一實施例之電子憑證驗證方法流程圖(一)。合併參照圖2與圖5。如前述實施例,區塊鏈220已儲存憑證認證機構對於電子憑證之發行記錄及廢止記錄。當網路應用服務裝置230接收到使用者提供的電子憑證之後(步驟S501),為了確認此電子憑證是否確實被發行或是否被廢止,可經由網路300向區塊鏈220查詢是否有電子憑證的發行記錄及廢止記錄(步驟S502)。若沒有查詢到廢止記錄,即表示電子憑證尚未被廢止,再根據發行記錄檢驗電子憑證,以確認發行記錄與所收到的電子憑證的相關資訊是否一致(步驟S503)。例如,可根據發行記錄記載的資訊,檢驗電子憑證的發行單位、發行時間及擁有者是否正確,若有任一者不同,表示此電子憑證可能遭到竄改或偽造。FIG. 5 is a flowchart (1) of an electronic certificate verification method according to an embodiment of the present invention. Refer to Figure 2 and Figure 5 together. As in the foregoing embodiment, the blockchain 220 has stored the issuance record and revocation record of the electronic certificate by the certificate authority. After the network application server 230 receives the electronic certificate provided by the user (step S501), in order to confirm whether the electronic certificate is indeed issued or revoked, it can check whether there is an electronic certificate from the blockchain 220 via the network 300 The issuance record and revocation record (step S502). If the revocation record is not found, it means that the electronic certificate has not been revoked, and the electronic certificate is checked according to the issuance record to confirm whether the issuance record is consistent with the relevant information of the received electronic certificate (step S503). For example, according to the information recorded in the issuance record, it can be verified whether the issuing unit, issuance time, and owner of the electronic certificate are correct. If any of them are different, it means that the electronic certificate may be tampered with or forged.

圖6為本發明一實施例之電子憑證驗證方法流程圖(二)。合併參照圖2與圖6。若確認此電子憑證符合發行記錄也沒有被廢止,則可進一步驗證其真實性。由於區塊鏈220會保存所有憑證認證機構的公鑰,因此網路應用服務裝置230可至區塊鏈220取得對應發證的憑證認證機構的公鑰(步驟S504),以利用此公鑰驗證電子憑證(步驟S505)。具體來說,憑證認證伺服器110會依據電子憑證資訊產生一資料指紋(如以雜湊函式產生的雜湊值),並將此資料指紋以憑證認證機構的私鑰簽署後放入電子憑證中。網路應用服務裝置230可根據憑證認證機構的公鑰將電子憑證中的資料指紋還原,並再次依據電子憑證資訊計算資料指紋,兩相比對是否吻合,藉以確認所收到的電子憑證與憑證認證機構所發行的是一致的。Fig. 6 is a flowchart (2) of an electronic certificate verification method according to an embodiment of the present invention. Refer to Figure 2 and Figure 6 together. If it is confirmed that the electronic certificate conforms to the issuance record and has not been revoked, its authenticity can be further verified. Since the blockchain 220 saves the public keys of all certificate certification authorities, the network application server 230 can go to the blockchain 220 to obtain the public key of the corresponding certificate certification authority (step S504) to use this public key for verification Electronic certificate (step S505). Specifically, the certificate authentication server 110 generates a data fingerprint (such as a hash value generated by a hash function) based on the electronic certificate information, and signs the data fingerprint with the private key of the certificate certificate authority and puts it into the electronic certificate. The network application service device 230 can restore the data fingerprint in the electronic certificate according to the public key of the certificate authority, and calculate the data fingerprint again according to the electronic certificate information, and check whether the two comparisons match, so as to confirm the received electronic certificate and the certificate The certification bodies issued are consistent.

綜上所述,根據本發明實施例提出的電子憑證驗證及管理系統,可即時的更新各電子憑證的有效狀態,各憑證認證伺服器110與網路應用服務裝置230也無須被動的等待電子憑證廢止清單。同時,利用區塊鏈的特性,可確保發行記錄與廢止記錄不會遭到竄改,亦可不受DDOS攻擊影響。另一方面,將各憑證認證機構的公鑰保存在區塊鏈120、220上,除了避免竄改之外,在公鑰更新時,憑證認證機構僅須對區塊鏈120、220更新公鑰,不須對所有的憑證認證伺服器110與網路應用服務裝置230更新。In summary, the electronic certificate verification and management system according to the embodiment of the present invention can update the validity status of each electronic certificate in real time, and each certificate authentication server 110 and network application server 230 does not need to passively wait for the electronic certificate. Revocation list. At the same time, the use of the characteristics of the blockchain can ensure that the issuance record and revocation record will not be tampered with, and will not be affected by DDOS attacks. On the other hand, the public key of each certificate certification authority is stored on the blockchain 120, 220, in addition to avoiding tampering, when the public key is updated, the certification authority only needs to update the public key of the blockchain 120, 220. It is not necessary to update all the certificate authentication server 110 and the network application server 230.

100:電子憑證管理系統 110:憑證認證伺服器 120:區塊鏈 200:電子憑證驗證系統 230:網路應用服務裝置 220:區塊鏈 300:網路 S301~S303:步驟 S401~S402:步驟 S501~S505:步驟100: Electronic certificate management system 110: certificate authentication server 120: Blockchain 200: Electronic certificate verification system 230: Web Application Service Device 220: Blockchain 300: Internet S301~S303: steps S401~S402: steps S501~S505: steps

[圖1]為本發明一實施例之電子憑證管理系統架構示意圖。 [圖2]為本發明一實施例之電子憑證驗證系統架構示意圖。 [圖3]為本發明一實施例之電子憑證管理方法流程圖(一)。 [圖4]為本發明一實施例之電子憑證管理方法流程圖(二)。 [圖5]為本發明一實施例之電子憑證驗證方法流程圖(一)。 [圖6]為本發明一實施例之電子憑證驗證方法流程圖(二)。[Figure 1] is a schematic diagram of an electronic credential management system architecture according to an embodiment of the present invention. [Figure 2] is a schematic diagram of an electronic credential verification system architecture according to an embodiment of the present invention. [Figure 3] is a flowchart (1) of an electronic credential management method according to an embodiment of the present invention. [Figure 4] is a flowchart (2) of an electronic credential management method according to an embodiment of the present invention. [Figure 5] is a flowchart (1) of an electronic certificate verification method according to an embodiment of the present invention. [Figure 6] is a flowchart (2) of an electronic certificate verification method according to an embodiment of the present invention.

200:電子憑證驗證系統 200: Electronic certificate verification system

230:網路應用服務裝置 230: Web Application Service Device

220:區塊鏈 220: Blockchain

300:網路 300: Internet

Claims (10)

一種電子憑證驗證系統,包括: 一區塊鏈,儲存一憑證認證機構對於一電子憑證之一發行記錄及一廢止記錄;及 一網路應用服務裝置,接收該電子憑證,以經由一網路向該區塊鏈查詢該電子憑證的該發行記錄及該廢止記錄,而於查詢到該電子憑證尚未被廢止時,根據該發行記錄檢驗該電子憑證。An electronic certificate verification system, including: A block chain, storing one of the issuance records and one revocation record of an electronic certificate by a certification authority; and A network application service device receives the electronic certificate to query the issuance record and the revocation record of the electronic certificate from the blockchain via a network, and when the electronic certificate has not been revoked, it is based on the issuance record Check the electronic certificate. 如請求項1所述之電子憑證驗證系統,其中該網路應用服務裝置根據該發行記錄檢驗該電子憑證的發行單位、發行時間及擁有者是否正確。The electronic certificate verification system according to claim 1, wherein the network application service device checks whether the issuing unit, issuing time, and owner of the electronic certificate are correct according to the issuing record. 如請求項1所述之電子憑證驗證系統,其中該區塊鏈還儲存該憑證認證機構的公鑰。The electronic certificate verification system according to claim 1, wherein the blockchain also stores the public key of the certificate certification authority. 一種電子憑證管理系統,包括: 一區塊鏈;及 複數憑證認證伺服器,各該憑證認證伺服器對應所發行的一電子憑證產生一發行記錄,並將該發行記錄上傳至該區塊鏈儲存。An electronic certificate management system, including: A blockchain; and A plurality of certificate authentication servers, each of the certificate authentication servers generates an issue record corresponding to an electronic certificate issued, and uploads the issue record to the blockchain for storage. 如請求項4所述之電子憑證管理系統,其中各該憑證認證伺服器還於廢止該電子憑證時產生一廢止記錄,並將該廢止記錄上傳至該區塊鏈儲存。The electronic certificate management system according to claim 4, wherein each of the certificate authentication servers also generates a revocation record when revoking the electronic certificate, and uploads the revocation record to the blockchain for storage. 一種電子憑證驗證方法,由一網路應用服務裝置執行,包括: 取得一電子憑證; 經由一網路向一區塊鏈查詢該電子憑證的一發行記錄及一廢止記錄;及 於查詢到該電子憑證尚未被廢止時,根據該發行記錄檢驗該電子憑證。An electronic certificate verification method, executed by a network application service device, includes: Obtain an electronic certificate; Query an issuance record and a revocation record of the electronic certificate from a blockchain via a network; and When it is found that the electronic certificate has not been revoked, the electronic certificate is checked according to the issuance record. 如請求項6所述之電子憑證驗證方法,其中該根據該發行記錄檢驗該電子憑證是,根據該發行記錄檢驗該電子憑證的發行單位、發行時間及擁有者是否正確。According to the electronic certificate verification method of claim 6, wherein the verification of the electronic certificate according to the issuance record is to check whether the issuing unit, issuance time, and owner of the electronic certificate are correct according to the issuance record. 如請求項6所述之電子憑證驗證方法,更包括: 向該區塊鏈取得該憑證認證機構的一公鑰;及 利用該公鑰驗證該電子憑證。The electronic certificate verification method as described in claim 6, further including: Obtain a public key of the certification authority from the blockchain; and Use the public key to verify the electronic certificate. 一種電子憑證管理方法,由一憑證認證伺服器執行,包括: 發行一電子憑證; 依據所發行的該電子憑證產生一發行記錄;及 傳送該電子憑證的該發行記錄至一區塊鏈儲存。An electronic certificate management method, executed by a certificate authentication server, includes: Issue an electronic certificate; Generate an issuance record based on the electronic certificate issued; and Send the issuance record of the electronic certificate to a blockchain for storage. 如請求項9所述之電子憑證管理方法,更包括: 於廢止該電子憑證時,產生一廢止記錄;及 傳送該電子憑證的該廢止記錄至該區塊鏈儲存。The electronic certificate management method as described in claim 9 further includes: When revoking the electronic certificate, a revocation record is generated; and Send the revocation record of the electronic certificate to the blockchain for storage.
TW108115126A 2019-04-30 2019-04-30 Verification and management system for a digital certificate and method thereof TW202042527A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108115126A TW202042527A (en) 2019-04-30 2019-04-30 Verification and management system for a digital certificate and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108115126A TW202042527A (en) 2019-04-30 2019-04-30 Verification and management system for a digital certificate and method thereof

Publications (1)

Publication Number Publication Date
TW202042527A true TW202042527A (en) 2020-11-16

Family

ID=74201567

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108115126A TW202042527A (en) 2019-04-30 2019-04-30 Verification and management system for a digital certificate and method thereof

Country Status (1)

Country Link
TW (1) TW202042527A (en)

Similar Documents

Publication Publication Date Title
EP3520356B1 (en) Methods and apparatus for providing blockchain participant identity binding
US11128477B2 (en) Electronic certification system
JP7072071B2 (en) Identity authentication method and system, arithmetic unit and storage medium
CN106972931B (en) Method for transparentizing certificate in PKI
CN108696358B (en) Digital certificate management method and device, readable storage medium and service terminal
US7600123B2 (en) Certificate registration after issuance for secure communication
TWI252662B (en) Method and apparatus for accelerating public-key certificate validation
JP2022504420A (en) Digital certificate issuance methods, digital certificate issuance centers, storage media and computer programs
CN111884815A (en) Block chain-based distributed digital certificate authentication system
JP2019519987A (en) Block chain based identity authentication method, device, node and system
JP2007110180A (en) Signature record storage unit, method and program
EP3966997B1 (en) Methods and devices for public key management using a blockchain
JPWO2020010279A5 (en)
CN113228560A (en) Issuing apparatus and method for issuing, and requesting apparatus and method for requesting digital certificate
JP5785875B2 (en) Public key certificate verification method, verification server, relay server, and program
TWI818209B (en) Distributed ledger-based methods and systems for certificate authentication
JP2001036521A (en) Electronic certificate issue system, electronic certificate authentication system, method for issuing electronic certificate, method for authenticating electronic certificate and recording medium
CN113010871A (en) Electronic calendar certificate verification method based on alliance block chain platform
CN114092092B (en) Decentralized digital certificate management system based on threshold signature and use method
KR100760028B1 (en) Long-term verification method and system for certificate of the electronic signature
NL2028778B1 (en) Blockchain electronic contract management system
CN115102695A (en) Vehicle networking certificate authentication method based on block chain
TW202042527A (en) Verification and management system for a digital certificate and method thereof
CN114500051B (en) Block chain-based certificate management method and system
CN112769817B (en) Block chain network based on trusted network, construction method and construction system