WO2019201246A1 - Block chain platform based digital certificate issuing system and method - Google Patents

Block chain platform based digital certificate issuing system and method Download PDF

Info

Publication number
WO2019201246A1
WO2019201246A1 PCT/CN2019/082901 CN2019082901W WO2019201246A1 WO 2019201246 A1 WO2019201246 A1 WO 2019201246A1 CN 2019082901 W CN2019082901 W CN 2019082901W WO 2019201246 A1 WO2019201246 A1 WO 2019201246A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
blockchain
smart contract
request data
authority
Prior art date
Application number
PCT/CN2019/082901
Other languages
French (fr)
Chinese (zh)
Inventor
赵建
张翌维
相韶华
Original Assignee
深圳技术大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳技术大学 filed Critical 深圳技术大学
Publication of WO2019201246A1 publication Critical patent/WO2019201246A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Definitions

  • the invention belongs to the field of digital certificate information security, and in particular relates to a digital certificate issuing system and method based on a blockchain platform.
  • the transparency of certificate issuance is realized by the centralized server recording the issued certificate.
  • the transparency only realizes the transparency of the issued certificate, and can realize the audit of the issued certificate, and solve the problem that it is difficult to find the issued error. Forged digital certificate issue.
  • the project is still prone to security problems.
  • the project through the digital certificate issuing center to actively report the issued digital certificate to the centralized server to record the centralized server may have security problems leading to inaccurate records.
  • the signed digital certificate is recorded by append-only, the record can still be tampered with.
  • the invention provides a digital certificate issuance system and method based on a blockchain platform, which aims to solve the problem that the existing certificate authority-centered process lacks the transparency and auditability of the entire digital certificate issuance process, resulting in easy emergence. Issued false, forged digital certificates, and it is not easy to spot problems with erroneous, forged digital certificates that have been issued.
  • the present invention provides a digital certificate issuance system based on a blockchain platform, the system comprising a blockchain oracle server and a smart contract deployed on the blockchain:
  • the smart contract is configured to receive certificate request data through a smart contract interface included therein, and send the certificate request data to the blockchain oracle server;
  • the certificate request data includes a demander identity information, a demander Public key and certificate authority information;
  • the blockchain oracle server is configured to invoke a web service interface of the identity authentication authority, send the demander identity information to the identity authentication authority for identity verification, and send the identity verification result fed back by the identity authentication authority to the The smart contract;
  • the blockchain oracle server is further configured to invoke a certificate authority's web service interface, requesting the certificate authority to include the certificate authority information, the requirement The identity information and the digital certificate of the public key of the demander are issued;
  • the smart contract is further configured to store metadata of the issued digital certificate to a blockchain by using a distributed ledger technology of a blockchain; wherein the metadata includes certificate basic information and certificate status information. , the requester public key, the certificate hash value.
  • the smart contract is further configured to receive certificate query request data through the smart contract interface, and search for a corresponding certificate from the blockchain according to the certificate query request data, and send the search result to the smart contract interface to Query party.
  • the certificate query request data includes a certificate serial number (for locating a digital certificate) and a certificate hash value (for determining that the content of the digital certificate file that needs to be queried is consistent).
  • the smart contract is further configured to receive the revocation of the issued certificate request data through the smart contract interface, and revoke the corresponding certificate from the blockchain according to the revocation of the issued certificate request data.
  • the certificate request data that is revoked includes a certificate serial number (for locating the digital certificate) and a signature of the certificate serial number (for confirming that the certificate originator initiated the certificate revocation).
  • the present invention provides a blockchain-based certificate verification method, the method comprising:
  • the smart contract receives certificate request data through the smart contract interface it contains and sends the certificate request data to the blockchain oracle server;
  • the certificate request data includes demander identity information, a demander public key, and a certificate issuance Institutional information;
  • the blockchain predictor server invokes a web service interface of the identity certification authority, sends the demander identity information to the identity authentication authority for identity verification, and sends the identity verification result fed back by the identity authentication authority to the smart contract;
  • the blockchain predictor server invokes a web service interface of the certificate authority, and requests the certificate authority to include the certificate authority information and the demander identity information. And issuing a digital certificate of the public key of the demander;
  • the smart contract uses the distributed ledger technology of the blockchain to store the metadata of the issued digital certificate to the blockchain; wherein the metadata includes certificate basic information, certificate status information, and a demander Key, certificate hash value.
  • the method further includes: the smart contract receiving the certificate query request data through the smart contract interface, and searching for a corresponding certificate from the blockchain according to the certificate query request data, and the search result is passed through the smart contract The interface is sent to the querying party.
  • the certificate query request data includes a certificate serial number and a certificate hash value.
  • the method further includes: the smart contract receiving, by the smart contract interface, revoking the issued certificate request data, and searching for the corresponding certificate from the blockchain according to the revocation of the issued certificate request data. Revoked.
  • the certificate request data that has been revoked includes the certificate serial number and the signature of the certificate serial number.
  • the invention provides a digital certificate issuance system based on a blockchain platform.
  • a blockchain platform Through the blockchain predictor server of the system and the smart contract deployed on the blockchain, the entire issuance process of the digital certificate is realized, and finally The relevant information of the issued certificate is stored in the blockchain, so that the corresponding certificate can be operated correspondingly from the blockchain, thereby utilizing the decentralized feature of the blockchain and passing through the decentralized blockchain.
  • the platform realizes the recording and management of digital certificates, and improves the transparency, auditability, and tamper-proof modification of the entire issuance process of digital certificates, thereby solving the security risks caused by the current digital certificate issuance process centered on the certificate authority. .
  • FIG. 1 is a schematic diagram of a digital certificate issuance system based on a blockchain platform according to a first embodiment of the present invention
  • FIG. 2 is another schematic diagram of a digital certificate issuing system based on a blockchain platform according to a first embodiment of the present invention
  • FIG. 3 is a flowchart of a method for issuing a digital certificate based on a blockchain platform according to a second embodiment of the present invention
  • FIG. 4 is a schematic diagram of a digital certificate life cycle provided by the present invention.
  • the present invention provides a blockchain platform-based digital certificate issuance system, which includes a blockchain oracle server 20 and is deployed in a block.
  • the smart contract 10 on the chain, and the smart contract 10 contains a number of smart contract interfaces, through which the certificate request, certificate status query request or certificate revocation request can be received.
  • the smart contract 10 is configured to receive the certificate request data, and send the certificate request data (in the embodiment, the certificate request data includes the demander identity information, the demander public key, and the certificate authority information, etc.) to the blockchain oracle Server 20.
  • the certificate request data includes the demander identity information, the demander public key, and the certificate authority information, etc.
  • the blockchain oracle server 20 is configured to invoke the web service interface of the identity authentication mechanism 30, and send the demander identity information included in the certificate request data to the identity authentication authority 30 for identity verification, and the identity of the identity authentication mechanism 30 is fed back.
  • the verification result is sent to smart contract 10.
  • the identity authentication institution 30 may be an authorized professional institution for authenticating identity information, such as a government agency, a public security organ, a higher education institution, and the like.
  • the blockchain oracle server 20 is further configured to invoke the web service interface of the certificate authority 40, requesting that the certificate authority 40 include the certificate authority information, the demander identity information, and the requirements.
  • the digital certificate (the digital certificate corresponding to the current certificate request data) of the public key (the public key of the requester who issued the certificate) is issued.
  • the certificate authority 40 After receiving the certificate request data, the certificate authority 40 requests the authenticated certificate to be signed using the private key. If the above authentication result is that the authentication fails, the identity verification failure status information may be fed back to the requesting party through the blockchain oracle server 20 and the smart contract interface.
  • the smart contract 10 is further configured to store the metadata of the issued digital certificate to the blockchain 50 by using a distributed ledger technology of the blockchain; wherein the metadata includes certificate basic information, certificate status information, and requirements. Public key, certificate hash value.
  • the basic information of the certificate includes the certificate serial number, certificate storage address, certificate authority information, and so on.
  • the metadata is stored on the blockchain 50, and the original file of the digital certificate is stored under the blockchain 50 (e.g., IPFS, cloud storage, etc.).
  • the smart contract 10 is configured to receive the certificate query request data through the smart contract interface, and search for the corresponding certificate from the blockchain 50 according to the certificate query request data, and send the search result to the querying party through the smart contract interface.
  • the certificate query request data includes a certificate serial number (for locating a digital certificate) and a certificate hash value (for determining that the content of the digital certificate file that needs to be queried is consistent).
  • the issued digital certificate (metadata) is stored in the blockchain, it is distributed and stored on many block nodes on the blockchain 50.
  • the query is performed, the principle of the nearest query is followed. , the certificate information on the nearest node can be fed back to the querying party.
  • the query operation of the certificate on the blockchain can be queried by anyone, unlike the traditional web query method, which requires authorization to query. Therefore, based on the public transparency of the blockchain, the system is implemented in The query is performed on the blockchain, so that the query operation of the system is also transparent.
  • the smart contract 10 is configured to receive the revocation of the issued certificate request data through the smart contract interface, and revoke the corresponding certificate according to the revocation of the issued certificate request data from the blockchain 50 (ie, the revocation status is revoked
  • the certificate is no longer used) and synchronizes the revocation status to all nodes on the blockchain 50 that contain the certificate (the feature of the blockchain is that only one node needs to generate a new block, it will put The new block is broadcast to other nodes, and each node saves the same data. So as long as the block generated by one node contains the data of the revocation certificate, the data will be synchronized to other nodes).
  • the revocation of the issued certificate request data includes the certificate serial number (used to locate the digital certificate) and the signature of the certificate serial number (used to confirm that the certificate originator initiated the certificate revocation).
  • FIG 2 it is a detailed design diagram of a digital certificate issuance system based on the blockchain platform. It shows the management structure of the digital certificate throughout its life cycle (the life cycle of the digital certificate is shown in Figure 4).
  • the distributed ledger technology of the blockchain and the smart contract 10 deployed on the blockchain realize the decentralized management of the digital certificate life cycle, and the certificate request is realized through the calling interface provided by the smart contract 10 (ie, the smart contract interface).
  • the method provided by the present invention realizes the digital certificate lifecycle management system on the blockchain, so that the recording of the digital certificate is decentralized, tamper-proof, and improves the ability of the digital certificate service to prevent DoS attacks.
  • the system provided by the first embodiment of the present invention realizes the entire issuance process of digital certificates (ie, digital certificate life) by implementing decentralized and distributed digital certificate life cycle records on the blockchain. Transparency of the cycle). Not only can the erroneous and forged certificates be audited, but also the audit from the source of the issuance, preventing the generation of erroneous and forged certificates. Therefore, in this embodiment, the digital certificate lifecycle management system is implemented on the blockchain, so that the digital certificate record is decentralized, tamper-proof, and anti-DoS attack, and has higher security, transparency, and Auditing.
  • the present invention provides a blockchain-based certificate verification method, and the method includes:
  • the specific methods include:
  • Step S101 The smart contract receives the certificate request data, and sends the certificate request data (in the embodiment, the certificate request data includes the demander identity information, the demander public key, the certificate authority information, etc.) to the blockchain oracle server. .
  • Step S102 The blockchain predictor server invokes the web service interface of the identity authentication institution, sends the identity information of the requester included in the certificate request data to the identity authentication institution for identity verification, and sends the identity verification result fed back by the identity authentication institution to the identity verification result.
  • the identity certification authority may be an authorized professional institution for authenticating identity information, such as a government agency, a public security organ, a higher education institution, and the like.
  • Step S103 If the foregoing authentication result is that the authentication is passed, the blockchain oracle server is further configured to invoke a certificate authority's web service interface, and request the certificate authority to include the certificate authority information and the demander identity information.
  • the certificate (that is, the digital certificate corresponding to the current certificate request data) is issued.
  • the certificate authority After receiving the certificate request data, the certificate authority will use the private key to issue the authenticated certificate request; if the above authentication result is that the authentication fails, the blockchain predictor server and the smart contract interface can be used.
  • the authentication failure status information is fed back to the requesting party.
  • Step S104 The smart contract stores the metadata of the issued digital certificate into the blockchain by using the distributed ledger technology of the blockchain.
  • the metadata includes certificate basic information, certificate status information, a demander public key, and a certificate hash value.
  • the basic information of the certificate includes the certificate serial number, certificate storage address, certificate authority information, and so on.
  • the metadata is stored on the blockchain, and the original file of the digital certificate is stored under the blockchain (eg IPFS, cloud storage, etc.).
  • Step S105 The smart contract receives the certificate query request data through the smart contract interface, and searches for the corresponding certificate from the blockchain according to the certificate query request data, and sends the search result to the query party through the smart contract interface.
  • the certificate query request data includes a certificate serial number (for locating a digital certificate) and a certificate hash value (for determining a digital certificate that needs to be queried, and the file content is consistent).
  • the specific methods include:
  • Step S106 The smart contract receives the revoked certificate request data through the smart contract interface, and revokes the corresponding certificate from the blockchain according to the revoked certificate request data (ie, the certificate is revoked and revoked) No longer used) and synchronizes the revocation status to all nodes on the blockchain that contain the certificate.
  • the revocation of the issued certificate request data includes the certificate serial number (used to locate the digital certificate) and the signature of the certificate serial number (used to confirm that the certificate originator initiated the certificate revocation).
  • the method provided by the second embodiment of the present invention realizes the recording and management of the digital certificate through the decentralized blockchain platform, and improves the transparency and auditability of the entire issuance process of the digital certificate.
  • the tamper-proof modification will solve the security risks caused by the current digital certificate issuance process centered on the certificate authority, and improve the ability of the digital certificate service to resist service attacks (DoS).

Abstract

The present invention belongs to the digital certificate information security field and provides a block chain platform based digital certificate issuing system. The entire issuing process of a digital certificate is implemented by a block chain oracle machine server of the system and a smart contract deployed in the block chain; and the related information of the finally issued certificate is stored in the block chain, so that corresponding operations can be subsequently performed on the corresponding certificate in the block chain; thus, by use of the characteristic of the decentralization of the block chain, the digital certificate is recorded and managed by a decentralized block chain platform, the transparency, the auditability and the anti-falsifying performance of the entire issuing process of a digital certificate are improved; and furthermore, safety loopholes caused by the digital certificate issuing process by taking the current certificate issuing body as a center, are avoided.

Description

一种基于区块链平台的数字证书颁发系统及方法Digital certificate issuing system and method based on blockchain platform 技术领域Technical field
本发明属于数字证书信息安全领域,尤其涉及一种基于区块链平台的数字证书颁发系统及方法。The invention belongs to the field of digital certificate information security, and in particular relates to a digital certificate issuing system and method based on a blockchain platform.
背景技术Background technique
数字证书签发过程中的安全性非常重要,尤其是证书颁发过程中的透明性是评价证书签发是否安全的一个重要指标。目前,证书颁发的透明性不是很好,针对证书颁发的透明性问题,目前市场上应用较为先进的是Google的Certificate Transparency项目,该项目是通过实现证书签发的透明性来提升数字证书颁发的安全性。但是,该项目存在以下问题:Security in the issuance of digital certificates is very important, especially the transparency in the issuance process of certificates is an important indicator for evaluating the issuance of certificates. At present, the transparency of certificate is not very good. For the transparency of certificate issuance, the more advanced application on the market is Google's Certificate Transparency project, which enhances the security of digital certificate issuance by implementing the transparency of certificate issuance. Sex. However, the project has the following problems:
证书签发的透明性是通过中心化的服务器记录已签发证书来实现,该透明性只实现了已签发证书的透明性,可以实现对已签发证书的审计,解决了不易发现已签发的错误的、伪造的数字证书问题。同时,由于并没有在数字证书的整个流程实现透明性,无法阻止出现签发错误的、伪造的数字证书,因此,该项目依然容易导致安全问题。The transparency of certificate issuance is realized by the centralized server recording the issued certificate. The transparency only realizes the transparency of the issued certificate, and can realize the audit of the issued certificate, and solve the problem that it is difficult to find the issued error. Forged digital certificate issue. At the same time, because there is no transparency in the entire process of digital certificates, and it is impossible to prevent the issuance of false, forged digital certificates, the project is still prone to security problems.
另外,该项目通过数字证书颁发中心主动上报签发的数字证书给中心化的服务器做记录,该中心化的服务器有可能存在安全问题导致记录不准确。虽然是通过append-only的方式记录签发的数字证书,但是记录仍然是可以纂改的。In addition, the project through the digital certificate issuing center to actively report the issued digital certificate to the centralized server to record, the centralized server may have security problems leading to inaccurate records. Although the signed digital certificate is recorded by append-only, the record can still be tampered with.
技术问题technical problem
本发明提供了一种基于区块链平台的数字证书颁发系统及方法,旨在解决现有的以证书颁发机构为中心的流程缺乏整个数字证书签发流程的透明性、可审计性,导致容易出现签发错误的、伪造的数字证书,并且不容易发现已签发的错误的、伪造的数字证书的问题。The invention provides a digital certificate issuance system and method based on a blockchain platform, which aims to solve the problem that the existing certificate authority-centered process lacks the transparency and auditability of the entire digital certificate issuance process, resulting in easy emergence. Issued false, forged digital certificates, and it is not easy to spot problems with erroneous, forged digital certificates that have been issued.
技术解决方案Technical solution
为解决上述技术问题,本发明提供了一种基于区块链平台的数字证书颁发系统,所述系统包括区块链预言机服务器以及部署在区块链上的智能合约:To solve the above technical problem, the present invention provides a digital certificate issuance system based on a blockchain platform, the system comprising a blockchain oracle server and a smart contract deployed on the blockchain:
所述智能合约,用于通过其包含的智能合约接口接收证书请求数据,并将所述证书请求数据发送至所述区块链预言机服务器;所述证书请求数据包含需求者身份信息、需求者公钥以及证书颁发机构信息;The smart contract is configured to receive certificate request data through a smart contract interface included therein, and send the certificate request data to the blockchain oracle server; the certificate request data includes a demander identity information, a demander Public key and certificate authority information;
所述区块链预言机服务器,用于调用身份认证机构的web服务接口,将所述需求者身份信息发送至所述身份认证机构进行身份验证,并将身份认证机构反馈的身份验证结果发送至所述智能合约;The blockchain oracle server is configured to invoke a web service interface of the identity authentication authority, send the demander identity information to the identity authentication authority for identity verification, and send the identity verification result fed back by the identity authentication authority to the The smart contract;
若所述身份验证结果为身份验证通过,则所述区块链预言机服务器还用于调用证书颁发机构的web服务接口,请求所述证书颁发机构将包含所述证书颁发机构信息、所述需求者身份信息及需求者公钥的数字证书进行签发;If the authentication result is authenticated, the blockchain oracle server is further configured to invoke a certificate authority's web service interface, requesting the certificate authority to include the certificate authority information, the requirement The identity information and the digital certificate of the public key of the demander are issued;
所述智能合约,还用于利用区块链的分布式帐本技术将已签发的所述数字证书的元数据存储至区块链上;其中,所述元数据包括证书基本信息、证书状态信息、需求者公钥、证书哈希值。The smart contract is further configured to store metadata of the issued digital certificate to a blockchain by using a distributed ledger technology of a blockchain; wherein the metadata includes certificate basic information and certificate status information. , the requester public key, the certificate hash value.
进一步地,所述智能合约还用于通过所述智能合约接口接收证书查询请求数据,并根据所述证书查询请求数据从所述区块链上查找相应证书,将查找结果通过智能合约接口发送至查询方。其中,所述证书查询请求数据包括证书序列号(用于定位数字证书)以及证书哈希值(用于确定需要查询的数字证书文件内容是一致的)。Further, the smart contract is further configured to receive certificate query request data through the smart contract interface, and search for a corresponding certificate from the blockchain according to the certificate query request data, and send the search result to the smart contract interface to Query party. The certificate query request data includes a certificate serial number (for locating a digital certificate) and a certificate hash value (for determining that the content of the digital certificate file that needs to be queried is consistent).
进一步地,所述智能合约还用于通过所述智能合约接口接收吊销已签发的证书请求数据,并根据所述吊销已签发的证书请求数据从所述区块链上查找到相应证书进行吊销。其中,所述吊销已签发的证书请求数据包括证书序列号(用于定位数字证书)以及证书序列号的签名(用于确认是证书发起者本人发起的证书吊销)。Further, the smart contract is further configured to receive the revocation of the issued certificate request data through the smart contract interface, and revoke the corresponding certificate from the blockchain according to the revocation of the issued certificate request data. The certificate request data that is revoked includes a certificate serial number (for locating the digital certificate) and a signature of the certificate serial number (for confirming that the certificate originator initiated the certificate revocation).
为解决上述技术问题,本发明提供了一种基于区块链的证书验证方法,所述方法包括:To solve the above technical problem, the present invention provides a blockchain-based certificate verification method, the method comprising:
智能合约通过其包含的智能合约接口接收证书请求数据,并将所述证书请求数据发送至所述区块链预言机服务器;所述证书请求数据包含需求者身份信息、需求者公钥以及证书颁发机构信息;The smart contract receives certificate request data through the smart contract interface it contains and sends the certificate request data to the blockchain oracle server; the certificate request data includes demander identity information, a demander public key, and a certificate issuance Institutional information;
区块链预言机服务器调用身份认证机构的web服务接口,将所述需求者身份信息发送至所述身份认证机构进行身份验证,并将身份认证机构反馈的身份验证结果发送至所述智能合约;The blockchain predictor server invokes a web service interface of the identity certification authority, sends the demander identity information to the identity authentication authority for identity verification, and sends the identity verification result fed back by the identity authentication authority to the smart contract;
若所述身份验证结果为身份验证通过,则所述区块链预言机服务器调用证书颁发机构的web服务接口,请求所述证书颁发机构将包含所述证书颁发机构信息、所述需求者身份信息及所述需求者公钥的数字证书进行签发;If the authentication result is authenticated, the blockchain predictor server invokes a web service interface of the certificate authority, and requests the certificate authority to include the certificate authority information and the demander identity information. And issuing a digital certificate of the public key of the demander;
所述智能合约利用区块链的分布式帐本技术将已签发的所述数字证书的元数据存储至区块链上;其中,所述元数据包括证书基本信息、证书状态信息、需求者公钥、证书哈希值。The smart contract uses the distributed ledger technology of the blockchain to store the metadata of the issued digital certificate to the blockchain; wherein the metadata includes certificate basic information, certificate status information, and a demander Key, certificate hash value.
进一步地,所述方法还包括:所述智能合约通过所述智能合约接口接收证书查询请求数据,并根据所述证书查询请求数据从所述区块链上查找相应证书,将查找结果通过智能合约接口发送至查询方。其中,所述证书查询请求数据包括证书序列号以及证书哈希值。Further, the method further includes: the smart contract receiving the certificate query request data through the smart contract interface, and searching for a corresponding certificate from the blockchain according to the certificate query request data, and the search result is passed through the smart contract The interface is sent to the querying party. The certificate query request data includes a certificate serial number and a certificate hash value.
进一步地,所述方法还包括:所述智能合约通过所述智能合约接口接收吊销已签发的证书请求数据,并根据所述吊销已签发的证书请求数据从所述区块链上查找到相应证书进行吊销。其中,所述吊销已签发的证书请求数据包括证书序列号以及证书序列号的签名。Further, the method further includes: the smart contract receiving, by the smart contract interface, revoking the issued certificate request data, and searching for the corresponding certificate from the blockchain according to the revocation of the issued certificate request data. Revoked. The certificate request data that has been revoked includes the certificate serial number and the signature of the certificate serial number.
有益效果Beneficial effect
本发明提供了一种基于区块链平台的数字证书颁发系统,通过该系统的区块链预言机服务器以及部署在区块链上的智能合约,实现了数字证书整个签发流程,且最终将已签发的证书的相关信息存储至区块链上,以便后续可以从区块链上对相应的证书进行相应操作,从而利用了区块链的去中心化的特点,通过去中心化的区块链平台实现了对数字证书的记录和管理,提升了数字证书整个签发流程的透明性、可审计性、防纂改性,进而解决当前以证书颁发机构为中心的数字证书签发流程所造成的安全隐患。The invention provides a digital certificate issuance system based on a blockchain platform. Through the blockchain predictor server of the system and the smart contract deployed on the blockchain, the entire issuance process of the digital certificate is realized, and finally The relevant information of the issued certificate is stored in the blockchain, so that the corresponding certificate can be operated correspondingly from the blockchain, thereby utilizing the decentralized feature of the blockchain and passing through the decentralized blockchain. The platform realizes the recording and management of digital certificates, and improves the transparency, auditability, and tamper-proof modification of the entire issuance process of digital certificates, thereby solving the security risks caused by the current digital certificate issuance process centered on the certificate authority. .
附图说明DRAWINGS
图1是本发明第一个实施例提供的一种基于区块链平台的数字证书颁发系统示意图;1 is a schematic diagram of a digital certificate issuance system based on a blockchain platform according to a first embodiment of the present invention;
图2是本发明第一个实施例提供的一种基于区块链平台的数字证书颁发系统又一示意图;2 is another schematic diagram of a digital certificate issuing system based on a blockchain platform according to a first embodiment of the present invention;
图3是本发明第二个实施例提供的一种基于区块链平台的数字证书颁发方法流程图;3 is a flowchart of a method for issuing a digital certificate based on a blockchain platform according to a second embodiment of the present invention;
图4是本发明提供的数字证书生命周期示意图。4 is a schematic diagram of a digital certificate life cycle provided by the present invention.
本发明的实施方式Embodiments of the invention
为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
作为本发明的第一个实施例,如图1-2所示,本发明提供的一种基于区块链平台的数字证书颁发系统,该系统包括区块链预言机服务器20以及部署在区块链上的智能合约10,且智能合约10上包含有若干智能合约接口,通过智能合约接口可以接收证书请求、证书状态查询请求或证书吊销请求。As a first embodiment of the present invention, as shown in FIG. 1-2, the present invention provides a blockchain platform-based digital certificate issuance system, which includes a blockchain oracle server 20 and is deployed in a block. The smart contract 10 on the chain, and the smart contract 10 contains a number of smart contract interfaces, through which the certificate request, certificate status query request or certificate revocation request can be received.
(1)当系统接收到证书请求时,系统中各单元具体应用如下:(1) When the system receives the certificate request, the specific applications of each unit in the system are as follows:
智能合约10,用于接收证书请求数据,并将证书请求数据(在本实施例中,证书请求数据包含需求者身份信息、需求者公钥以及证书颁发机构信息等)发送至区块链预言机服务器20。The smart contract 10 is configured to receive the certificate request data, and send the certificate request data (in the embodiment, the certificate request data includes the demander identity information, the demander public key, and the certificate authority information, etc.) to the blockchain oracle Server 20.
区块链预言机服务器20,用于调用身份认证机构30的web服务接口,将证书请求数据中包含的需求者身份信息发送至身份认证机构30进行身份验证,并将身份认证机构30反馈的身份验证结果发送至智能合约10。其中,身份认证机构30可以是经过授权的专业的对身份信息进行认证的机构,例如:政府机构、公安机关、高等教育机构等等。The blockchain oracle server 20 is configured to invoke the web service interface of the identity authentication mechanism 30, and send the demander identity information included in the certificate request data to the identity authentication authority 30 for identity verification, and the identity of the identity authentication mechanism 30 is fed back. The verification result is sent to smart contract 10. The identity authentication institution 30 may be an authorized professional institution for authenticating identity information, such as a government agency, a public security organ, a higher education institution, and the like.
若上述身份验证结果为身份验证通过,则区块链预言机服务器20还用于调用证书颁发机构40的web服务接口,请求证书颁发机构40将包含有证书颁发机构信息、需求者身份信息及需求者公钥(请求签发这个证书的需求者的公钥)的数字证书(即当前证书请求数据所对应的数字证书)进行签发。证书颁发机构40接收到该证书请求数据后,会对已通过身份验证的证书请求使用私钥进行签发。若上述身份验证结果为身份验证失败,则可以通过区块链预言机服务器20以及智能合约接口将身份验证失败状态信息反馈给请求方。If the authentication result is authenticated, the blockchain oracle server 20 is further configured to invoke the web service interface of the certificate authority 40, requesting that the certificate authority 40 include the certificate authority information, the demander identity information, and the requirements. The digital certificate (the digital certificate corresponding to the current certificate request data) of the public key (the public key of the requester who issued the certificate) is issued. After receiving the certificate request data, the certificate authority 40 requests the authenticated certificate to be signed using the private key. If the above authentication result is that the authentication fails, the identity verification failure status information may be fed back to the requesting party through the blockchain oracle server 20 and the smart contract interface.
智能合约10,还用于利用区块链的分布式帐本技术将已签发的数字证书的元数据存储至区块链50上;其中,所述元数据包括证书基本信息、证书状态信息、需求者公钥、证书哈希值。证书基本信息包括证书序列号、证书存储地址、证书颁发机构信息等。此时(如图2所示),元数据存储在区块链50上,而数字证书的原文件存储在区块链50下(例如IPFS、云存储等)。The smart contract 10 is further configured to store the metadata of the issued digital certificate to the blockchain 50 by using a distributed ledger technology of the blockchain; wherein the metadata includes certificate basic information, certificate status information, and requirements. Public key, certificate hash value. The basic information of the certificate includes the certificate serial number, certificate storage address, certificate authority information, and so on. At this point (as shown in Figure 2), the metadata is stored on the blockchain 50, and the original file of the digital certificate is stored under the blockchain 50 (e.g., IPFS, cloud storage, etc.).
(2)当系统接收到证书状态查询请求时,系统中各单元具体应用如下:(2) When the system receives the certificate status query request, the specific applications of each unit in the system are as follows:
智能合约10,用于通过所述智能合约接口接收证书查询请求数据,并根据所述证书查询请求数据从所述区块链50上查找相应证书,将查找结果通过智能合约接口发送至查询方。在本实施例中,证书查询请求数据包括证书序列号(用于定位数字证书)以及证书哈希值(用于确定需要查询的数字证书文件内容是一致的)。The smart contract 10 is configured to receive the certificate query request data through the smart contract interface, and search for the corresponding certificate from the blockchain 50 according to the certificate query request data, and send the search result to the querying party through the smart contract interface. In this embodiment, the certificate query request data includes a certificate serial number (for locating a digital certificate) and a certificate hash value (for determining that the content of the digital certificate file that needs to be queried is consistent).
需要说明的是,已签发的数字证书(元数据)存储在区块链上时,是分布存储在区块链50上的很多区块节点上的,在进行查询的时候,遵循就近查询的原则,将最近节点上的证书信息反馈给查询方即可。在区块链上对证书进行查询操作是任何人都可以查询,而不像传统的web查询方式,必须需要授权才能够查询,因此,基于区块链具有公共透明性的特点,本系统实现在区块链上进行查询,使得本系统的查询操作也具有透明性。It should be noted that when the issued digital certificate (metadata) is stored in the blockchain, it is distributed and stored on many block nodes on the blockchain 50. When the query is performed, the principle of the nearest query is followed. , the certificate information on the nearest node can be fed back to the querying party. The query operation of the certificate on the blockchain can be queried by anyone, unlike the traditional web query method, which requires authorization to query. Therefore, based on the public transparency of the blockchain, the system is implemented in The query is performed on the blockchain, so that the query operation of the system is also transparent.
(3)当系统接收到证书吊销请求时,系统中各单元具体应用如下:(3) When the system receives the certificate revocation request, the specific application of each unit in the system is as follows:
智能合约10,用于通过所述智能合约接口接收吊销已签发的证书请求数据,并根据该吊销已签发的证书请求数据从区块链50上查找到相应证书进行吊销(即处于吊销状态,吊销的证书不再使用),并将吊销状态同步至所述区块链50上所有包含所述证书的节点上(区块链的特征是,只需要一个节点生成一个新的区块,就会把新的区块广播给其他节点,每个节点都保存相同的一份数据。所以只要一个节点生成的区块里包含了吊销证书的数据,该数据就会同步到其他节点)。吊销已签发的证书请求数据包括证书序列号(用于定位数字证书)以及证书序列号的签名(用于确认是证书发起者本人发起的证书吊销)。The smart contract 10 is configured to receive the revocation of the issued certificate request data through the smart contract interface, and revoke the corresponding certificate according to the revocation of the issued certificate request data from the blockchain 50 (ie, the revocation status is revoked The certificate is no longer used) and synchronizes the revocation status to all nodes on the blockchain 50 that contain the certificate (the feature of the blockchain is that only one node needs to generate a new block, it will put The new block is broadcast to other nodes, and each node saves the same data. So as long as the block generated by one node contains the data of the revocation certificate, the data will be synchronized to other nodes). The revocation of the issued certificate request data includes the certificate serial number (used to locate the digital certificate) and the signature of the certificate serial number (used to confirm that the certificate originator initiated the certificate revocation).
如图2所示,为一种基于区块链平台的数字证书颁发系统的详细设计图,其展示了数字证书整个生命周期(数字证书的生命周期如图4所示)的管理架构,通过区块链的分布式账本技术以及部署在区块链上的智能合约10,实现了数字证书生命周期的去中心化管理,通过智能合约10所提供的调用接口(即智能合约接口)实现了证书请求、证书状态查询请求及证书吊销请求的周期化管理操作。As shown in Figure 2, it is a detailed design diagram of a digital certificate issuance system based on the blockchain platform. It shows the management structure of the digital certificate throughout its life cycle (the life cycle of the digital certificate is shown in Figure 4). The distributed ledger technology of the blockchain and the smart contract 10 deployed on the blockchain realize the decentralized management of the digital certificate life cycle, and the certificate request is realized through the calling interface provided by the smart contract 10 (ie, the smart contract interface). Periodic management operations for certificate status query requests and certificate revocation requests.
另外,现有的证书签发方法,例如Google的Certificate Transparency项目,其并不能解决吊销证书查询的DoS攻击问题。而本发明所提供的方法通过在区块链上实现该数字证书生命周期管理系统,使得数字证书的记录是去中心化的、防纂改的、且提升了数字证书服务防DoS攻击的能力。In addition, existing certificate issuance methods, such as Google's Certificate Transparency project, do not address the DoS attack problem of revoking certificate queries. The method provided by the present invention realizes the digital certificate lifecycle management system on the blockchain, so that the recording of the digital certificate is decentralized, tamper-proof, and improves the ability of the digital certificate service to prevent DoS attacks.
综上所述,本发明第一个实施例所提供的系统,通过在区块链上实现去中心化的、分布式的数字证书生命周期记录,实现了数字证书整个签发流程(即数字证书生命周期)的透明性。不仅使得错误的、伪造的证书可以被审计发现,也从签发的产生源头做好审计,阻止错误的、伪造的证书的产生。因此本实施例通过在区块链上实现数字证书生命周期管理系统,使得数字证书的记录是去中心化的、防纂改的、防DoS攻击的,具有更高的安全性、透明性、可审计性。In summary, the system provided by the first embodiment of the present invention realizes the entire issuance process of digital certificates (ie, digital certificate life) by implementing decentralized and distributed digital certificate life cycle records on the blockchain. Transparency of the cycle). Not only can the erroneous and forged certificates be audited, but also the audit from the source of the issuance, preventing the generation of erroneous and forged certificates. Therefore, in this embodiment, the digital certificate lifecycle management system is implemented on the blockchain, so that the digital certificate record is decentralized, tamper-proof, and anti-DoS attack, and has higher security, transparency, and Auditing.
作为本发明的第二个实施例,如图3所示,本发明提供的一种基于区块链的证书验证方法,该方法包括:As a second embodiment of the present invention, as shown in FIG. 3, the present invention provides a blockchain-based certificate verification method, and the method includes:
(1)当接收到证书请求时,具体方法包括:(1) When receiving a certificate request, the specific methods include:
步骤S101:智能合约接收证书请求数据,并将证书请求数据(在本实施例中,证书请求数据包含需求者身份信息、需求者公钥以及证书颁发机构信息等)发送至区块链预言机服务器。Step S101: The smart contract receives the certificate request data, and sends the certificate request data (in the embodiment, the certificate request data includes the demander identity information, the demander public key, the certificate authority information, etc.) to the blockchain oracle server. .
步骤S102:区块链预言机服务器调用身份认证机构的web服务接口,将证书请求数据中包含的需求者身份信息发送至身份认证机构进行身份验证,并将身份认证机构反馈的身份验证结果发送至智能合约。其中,身份认证机构可以是经过授权的专业的对身份信息进行认证的机构,例如:政府机构、公安机关、高等教育机构等等。Step S102: The blockchain predictor server invokes the web service interface of the identity authentication institution, sends the identity information of the requester included in the certificate request data to the identity authentication institution for identity verification, and sends the identity verification result fed back by the identity authentication institution to the identity verification result. Smart contract. The identity certification authority may be an authorized professional institution for authenticating identity information, such as a government agency, a public security organ, a higher education institution, and the like.
步骤S103:若上述身份验证结果为身份验证通过,则区块链预言机服务器还用于调用证书颁发机构的web服务接口,请求证书颁发机构将包含有证书颁发机构信息以及需求者身份信息的数字证书(即当前证书请求数据所对应的数字证书)进行签发。证书颁发机构接收到该证书请求数据后,会对已通过身份验证的证书请求使用私钥进行签发;若上述身份验证结果为身份验证失败,则可以通过区块链预言机服务器以及智能合约接口将身份验证失败状态信息反馈给请求方。Step S103: If the foregoing authentication result is that the authentication is passed, the blockchain oracle server is further configured to invoke a certificate authority's web service interface, and request the certificate authority to include the certificate authority information and the demander identity information. The certificate (that is, the digital certificate corresponding to the current certificate request data) is issued. After receiving the certificate request data, the certificate authority will use the private key to issue the authenticated certificate request; if the above authentication result is that the authentication fails, the blockchain predictor server and the smart contract interface can be used. The authentication failure status information is fed back to the requesting party.
步骤S104:智能合约利用区块链的分布式帐本技术将已签发的数字证书的元数据存储至区块链上。其中,所述元数据包括证书基本信息、证书状态信息、需求者公钥、证书哈希值。证书基本信息包括证书序列号、证书存储地址、证书颁发机构信息等。此时(如图2所示),元数据存储在区块链上,而数字证书的原文件存储在区块链下(例如IPFS、云存储等)。Step S104: The smart contract stores the metadata of the issued digital certificate into the blockchain by using the distributed ledger technology of the blockchain. The metadata includes certificate basic information, certificate status information, a demander public key, and a certificate hash value. The basic information of the certificate includes the certificate serial number, certificate storage address, certificate authority information, and so on. At this point (as shown in Figure 2), the metadata is stored on the blockchain, and the original file of the digital certificate is stored under the blockchain (eg IPFS, cloud storage, etc.).
(2)当接收到证书状态查询请求时,具体方法包括:(2) When receiving a certificate status query request, the specific methods include:
步骤S105:智能合约通过所述智能合约接口接收证书查询请求数据,并根据所述证书查询请求数据从所述区块链上查找相应证书,将查找结果通过智能合约接口发送至查询方。在本实施例中,证书查询请求数据包括证书序列号(用于定位数字证书)以及证书哈希值(用于确定需要查询的数字证书、文件内容是一致的)。Step S105: The smart contract receives the certificate query request data through the smart contract interface, and searches for the corresponding certificate from the blockchain according to the certificate query request data, and sends the search result to the query party through the smart contract interface. In this embodiment, the certificate query request data includes a certificate serial number (for locating a digital certificate) and a certificate hash value (for determining a digital certificate that needs to be queried, and the file content is consistent).
(3)当接收到证书吊销请求时,具体方法包括:(3) When receiving a certificate revocation request, the specific methods include:
步骤S106:智能合约通过所述智能合约接口接收吊销已签发的证书请求数据,并根据该吊销已签发的证书请求数据从区块链上查找到相应证书进行吊销(即处于吊销状态,吊销的证书不再使用),并将吊销状态同步至所述区块链上所有包含所述证书的节点上。吊销已签发的证书请求数据包括证书序列号(用于定位数字证书)以及证书序列号的签名(用于确认是证书发起者本人发起的证书吊销)。Step S106: The smart contract receives the revoked certificate request data through the smart contract interface, and revokes the corresponding certificate from the blockchain according to the revoked certificate request data (ie, the certificate is revoked and revoked) No longer used) and synchronizes the revocation status to all nodes on the blockchain that contain the certificate. The revocation of the issued certificate request data includes the certificate serial number (used to locate the digital certificate) and the signature of the certificate serial number (used to confirm that the certificate originator initiated the certificate revocation).
综上所述,本发明第二个实施例所提供的方法,通过去中心化的区块链平台实现了对数字证书的记录和管理,提升了数字证书整个签发流程的透明性、可审计性、防纂改性,进而解决当前以证书颁发机构为中心的数字证书签发流程所造成的安全隐患,并且提升了数字证书服务的抗拒服务攻击(DoS)的能力。In summary, the method provided by the second embodiment of the present invention realizes the recording and management of the digital certificate through the decentralized blockchain platform, and improves the transparency and auditability of the entire issuance process of the digital certificate. The tamper-proof modification will solve the security risks caused by the current digital certificate issuance process centered on the certificate authority, and improve the ability of the digital certificate service to resist service attacks (DoS).
以上所述仅为本发明的较佳实施例而已,并不用以限制发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The above is only the preferred embodiment of the present invention, and is not intended to limit the invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention. within.

Claims (10)

  1. 一种基于区块链平台的数字证书颁发系统,其特征在于,所述系统包括区块链预言机服务器以及部署在区块链上的智能合约:A digital certificate issuance system based on a blockchain platform, characterized in that the system comprises a blockchain oracle server and a smart contract deployed on the blockchain:
    所述智能合约,用于通过其包含的智能合约接口接收证书请求数据,并将所述证书请求数据发送至所述区块链预言机服务器;所述证书请求数据包含需求者身份信息、需求者公钥以及证书颁发机构信息;The smart contract is configured to receive certificate request data through a smart contract interface included therein, and send the certificate request data to the blockchain oracle server; the certificate request data includes a demander identity information, a demander Public key and certificate authority information;
    所述区块链预言机服务器,用于调用身份认证机构的web服务接口,将所述需求者身份信息发送至所述身份认证机构进行身份验证,并将身份认证机构反馈的身份验证结果发送至所述智能合约;The blockchain oracle server is configured to invoke a web service interface of the identity authentication authority, send the demander identity information to the identity authentication authority for identity verification, and send the identity verification result fed back by the identity authentication authority to the The smart contract;
    若所述身份验证结果为身份验证通过,则所述区块链预言机服务器还用于调用证书颁发机构的web服务接口,请求所述证书颁发机构将包含所述证书颁发机构信息、所述需求者身份信息及所述需求者公钥的数字证书进行签发;If the authentication result is authenticated, the blockchain oracle server is further configured to invoke a certificate authority's web service interface, requesting the certificate authority to include the certificate authority information, the requirement The identity information and the digital certificate of the public key of the demander are issued;
    所述智能合约,还用于利用区块链的分布式帐本技术将已签发的所述数字证书的元数据存储至区块链上;其中,所述元数据包括证书基本信息、证书状态信息、需求者公钥、证书哈希值。The smart contract is further configured to store metadata of the issued digital certificate to a blockchain by using a distributed ledger technology of a blockchain; wherein the metadata includes certificate basic information and certificate status information. , the requester public key, the certificate hash value.
  2. 如权利要求1所述的系统,其特征在于:The system of claim 1 wherein:
    所述智能合约,还用于通过所述智能合约接口接收证书查询请求数据,并根据所述证书查询请求数据从所述区块链上查找相应证书,将查找结果通过智能合约接口发送至查询方。The smart contract is further configured to receive the certificate query request data by using the smart contract interface, and search for a corresponding certificate from the blockchain according to the certificate query request data, and send the search result to the query party through the smart contract interface. .
  3. 如权利要求2所述的系统,其特征在于,所述证书查询请求数据包括证书序列号以及证书哈希值。The system of claim 2 wherein said certificate query request data comprises a certificate serial number and a certificate hash value.
  4. 如权利要求1所述的系统,其特征在于:The system of claim 1 wherein:
    所述智能合约,还用于通过所述智能合约接口接收吊销已签发的证书请求数据,并根据所述吊销已签发的证书请求数据从所述区块链上查找到相应证书进行吊销。The smart contract is further configured to receive, by using the smart contract interface, revocation of the issued certificate request data, and revoke the corresponding certificate from the blockchain according to the revocation of the issued certificate request data.
  5. 如权利要求4所述的系统,其特征在于,所述吊销已签发的证书请求数据包括证书序列号以及证书序列号的签名。The system of claim 4 wherein said revocation of issued certificate request data comprises a certificate serial number and a signature of a certificate serial number.
  6. 一种基于区块链的证书验证方法,其特征在于,所述方法包括:A blockchain-based certificate verification method, the method comprising:
    智能合约通过其包含的智能合约接口接收证书请求数据,并将所述证书请求数据发送至所述区块链预言机服务器;所述证书请求数据包含需求者身份信息、需求者公钥以及证书颁发机构信息;The smart contract receives certificate request data through the smart contract interface it contains and sends the certificate request data to the blockchain oracle server; the certificate request data includes demander identity information, a demander public key, and a certificate issuance Institutional information;
    区块链预言机服务器调用身份认证机构的web服务接口,将所述需求者身份信息发送至所述身份认证机构进行身份验证,并将身份认证机构反馈的身份验证结果发送至所述智能合约;The blockchain predictor server invokes a web service interface of the identity certification authority, sends the demander identity information to the identity authentication authority for identity verification, and sends the identity verification result fed back by the identity authentication authority to the smart contract;
    若所述身份验证结果为身份验证通过,则所述区块链预言机服务器调用证书颁发机构的web服务接口,请求所述证书颁发机构将包含所述证书颁发机构信息、所述需求者身份信息及所述需求者公钥的数字证书进行签发;If the authentication result is authenticated, the blockchain predictor server invokes a web service interface of the certificate authority, and requests the certificate authority to include the certificate authority information and the demander identity information. And issuing a digital certificate of the public key of the demander;
    所述智能合约利用区块链的分布式帐本技术将已签发的所述数字证书的元数据存储至区块链上;其中,所述元数据包括证书基本信息、证书状态信息、需求者公钥、证书哈希值。The smart contract uses the distributed ledger technology of the blockchain to store the metadata of the issued digital certificate to the blockchain; wherein the metadata includes certificate basic information, certificate status information, and a demander Key, certificate hash value.
  7. 如权利要求6所述的方法,其特征在于,所述方法还包括:The method of claim 6 wherein the method further comprises:
    所述智能合约通过所述智能合约接口接收证书查询请求数据,并根据所述证书查询请求数据从所述区块链上查找相应证书,将查找结果通过智能合约接口发送至查询方。The smart contract receives the certificate query request data through the smart contract interface, and searches for the corresponding certificate from the blockchain according to the certificate query request data, and sends the search result to the query party through the smart contract interface.
  8. 如权利要求7所述的方法,其特征在于,所述证书查询请求数据包括证书序列号以及证书哈希值。The method of claim 7, wherein the certificate query request data comprises a certificate serial number and a certificate hash value.
  9. 如权利要求6所述的方法,其特征在于,所述方法还包括:The method of claim 6 wherein the method further comprises:
    所述智能合约通过所述智能合约接口接收吊销已签发的证书请求数据,并根据所述吊销已签发的证书请求数据从所述区块链上查找到相应证书进行吊销。The smart contract receives the reissued certificate request data through the smart contract interface, and revokes the corresponding certificate from the blockchain according to the revocation of the issued certificate request data.
  10. 如权利要求9所述的方法,其特征在于,所述吊销已签发的证书请求数据包括证书序列号以及证书序列号的签名。The method of claim 9 wherein said revoking issued certificate request data comprises a certificate serial number and a signature of a certificate serial number.
PCT/CN2019/082901 2018-04-17 2019-04-16 Block chain platform based digital certificate issuing system and method WO2019201246A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810343448.1 2018-04-17
CN201810343448.1A CN108768657A (en) 2018-04-17 2018-04-17 A kind of digital certificate based on block platform chain issues system and method

Publications (1)

Publication Number Publication Date
WO2019201246A1 true WO2019201246A1 (en) 2019-10-24

Family

ID=64010669

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/082901 WO2019201246A1 (en) 2018-04-17 2019-04-16 Block chain platform based digital certificate issuing system and method

Country Status (2)

Country Link
CN (1) CN108768657A (en)
WO (1) WO2019201246A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112153124A (en) * 2020-09-11 2020-12-29 北京天德科技有限公司 Block chain and intelligent contract system cooperation layer design
WO2021244211A1 (en) * 2020-06-03 2021-12-09 腾讯科技(深圳)有限公司 Blockchain message processing method and apparatus, computer and readable storage medium

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768657A (en) * 2018-04-17 2018-11-06 深圳技术大学(筹) A kind of digital certificate based on block platform chain issues system and method
CN109493020B (en) * 2018-11-08 2022-02-11 众安信息技术服务有限公司 Block chain based secure transaction method and device
CN109635585B (en) * 2018-12-07 2021-06-08 深圳市智税链科技有限公司 Method, proxy node and medium for querying transaction information in blockchain network
CN109886043B (en) * 2019-02-11 2020-12-29 上海点融信息科技有限责任公司 Method and apparatus for generating organizational credentials for blockchain participants
ES2882677T3 (en) 2019-02-28 2021-12-02 Advanced New Technologies Co Ltd System and method to generate digital brands
US10735204B2 (en) 2019-02-28 2020-08-04 Alibaba Group Holding Limited System and method for generating digital marks
CN110771095B (en) * 2019-02-28 2023-06-30 创新先进技术有限公司 System and method for implementing blockchain-based digital certificates
EP3715981A1 (en) * 2019-03-27 2020-09-30 Siemens Aktiengesellschaft Method and control system for controlling an execution of transactions
CN110135992A (en) * 2019-05-14 2019-08-16 北京智签科技有限公司 The acquisition methods and acquisition device of block chain network Fabric-CA digital certificate
CN110474903B (en) * 2019-08-15 2022-04-01 广州蚁比特区块链科技有限公司 Trusted data acquisition method and device and block link point
CN110601858B (en) * 2019-09-27 2021-05-28 腾讯科技(深圳)有限公司 Certificate management method and device
CN110598482B (en) * 2019-09-30 2023-09-15 腾讯科技(深圳)有限公司 Digital certificate management method, device, equipment and storage medium based on blockchain
CN110855445B (en) * 2019-11-08 2022-05-13 腾讯科技(深圳)有限公司 Block chain-based certificate management method and device and storage equipment
CN110866069B (en) * 2019-11-13 2020-12-22 北京海益同展信息科技有限公司 Identity management metadata processing method and system based on block chain
CN111222170A (en) * 2019-12-24 2020-06-02 广州速易证科技有限公司 Public chain-based block chain electronic version certificate system and certificate storing process and verification method thereof
CN111176668B (en) * 2019-12-30 2022-04-22 蚂蚁区块链科技(上海)有限公司 Predicter deployment method, device, electronic equipment and storage medium
CN111917734B (en) * 2020-07-12 2023-03-10 中信银行股份有限公司 Method and device for managing public key, electronic equipment and computer readable storage medium
CN111709675A (en) * 2020-08-18 2020-09-25 南京朵睿咪信息科技有限公司 Online authentication examination management system based on block chain
CN114205086A (en) * 2020-08-31 2022-03-18 华为技术有限公司 Block chain-based digital certificate processing method and device
CN113541961A (en) * 2021-07-16 2021-10-22 国家市场监督管理总局信息中心 Mandatory verification information supervision method and device
CN113722696B (en) * 2021-07-28 2024-02-06 微易签(杭州)科技有限公司 Method, system, device and medium for issuing electronic signature certificate based on blockchain
CN113628052A (en) * 2021-08-18 2021-11-09 杭州云象网络技术有限公司 Block chain asset and contract processing method, system and device based on prediction machine
CN113643006B (en) * 2021-10-13 2022-02-11 江苏荣泽信息科技股份有限公司 Online electronic license obtaining system and method based on block chain
CN114465797B (en) * 2022-02-08 2023-09-05 南京第三极区块链科技有限公司 Distributed equipment certificate distribution system based on blockchain and application method thereof
CN114465817B (en) * 2022-03-22 2023-06-16 暨南大学 Digital certificate system and method based on TEE predictor clusters and blockchain
CN116055066A (en) * 2023-03-31 2023-05-02 北京微芯感知科技有限公司 CA system based on block chain and predictor

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106301792A (en) * 2016-08-31 2017-01-04 江苏通付盾科技有限公司 Ca authentication management method based on block chain, Apparatus and system
US20170149819A1 (en) * 2015-11-25 2017-05-25 International Business Machines Corporation Resisting replay attacks efficiently in a permissioned and privacy- preserving blockchain network
CN106789090A (en) * 2017-02-24 2017-05-31 陈晶 Public key infrastructure system and semi-random participating certificate endorsement method based on block chain
CN107623572A (en) * 2017-09-27 2018-01-23 济南浪潮高新科技投资发展有限公司 A kind of method of digital certificate granting on block chain
CN108768657A (en) * 2018-04-17 2018-11-06 深圳技术大学(筹) A kind of digital certificate based on block platform chain issues system and method

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9960920B2 (en) * 2016-01-26 2018-05-01 Stampery Inc. Systems and methods for certification of data units and/or certification verification
CN106385315B (en) * 2016-08-30 2019-05-17 北京三未信安科技发展有限公司 A kind of digital certificate management method and system
CN106529946A (en) * 2016-11-01 2017-03-22 北京金股链科技有限公司 Method for realizing user identity digitalization based on block chain
CN106850200B (en) * 2017-01-25 2019-10-22 中钞信用卡产业发展有限公司杭州区块链技术研究院 A kind of safety method, system and the terminal of digital cash of the use based on block chain
CN107425981B (en) * 2017-06-12 2020-11-03 湖南岳麓山数据科学与技术研究院有限公司 Block chain-based digital certificate management method and system
CN107769925B (en) * 2017-09-15 2020-06-19 山东大学 Public key infrastructure system based on block chain and certificate management method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170149819A1 (en) * 2015-11-25 2017-05-25 International Business Machines Corporation Resisting replay attacks efficiently in a permissioned and privacy- preserving blockchain network
CN106301792A (en) * 2016-08-31 2017-01-04 江苏通付盾科技有限公司 Ca authentication management method based on block chain, Apparatus and system
CN106789090A (en) * 2017-02-24 2017-05-31 陈晶 Public key infrastructure system and semi-random participating certificate endorsement method based on block chain
CN107623572A (en) * 2017-09-27 2018-01-23 济南浪潮高新科技投资发展有限公司 A kind of method of digital certificate granting on block chain
CN108768657A (en) * 2018-04-17 2018-11-06 深圳技术大学(筹) A kind of digital certificate based on block platform chain issues system and method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021244211A1 (en) * 2020-06-03 2021-12-09 腾讯科技(深圳)有限公司 Blockchain message processing method and apparatus, computer and readable storage medium
CN112153124A (en) * 2020-09-11 2020-12-29 北京天德科技有限公司 Block chain and intelligent contract system cooperation layer design

Also Published As

Publication number Publication date
CN108768657A (en) 2018-11-06

Similar Documents

Publication Publication Date Title
WO2019201246A1 (en) Block chain platform based digital certificate issuing system and method
US10230526B2 (en) Out-of-band validation of domain name system records
CN109508563B (en) Block chain-based electronic file authenticity guarantee method
US9853819B2 (en) Blockchain-supported, node ID-augmented digital record signature method
CN109829326B (en) Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain
EP3031169B1 (en) Document verification with id augmentation
CN110061851A (en) A kind of across trust domain authentication method and system of decentralization
US20210194702A1 (en) Identity authentication method and system, as well as computing device and storage medium
CN108696358B (en) Digital certificate management method and device, readable storage medium and service terminal
US11700132B2 (en) Systems and methods for secure event and log management
JP2021512569A (en) Blockchain data processing method, management side, client side, converter and medium
US10200199B2 (en) Strengthened entity identity for digital record signature infrastructure
CN109886036B (en) Domain name distributed authentication method and device based on block chain and block chain network
CN106910051A (en) A kind of DNS resource record notarization method and system based on alliance's chain
CN108810007B (en) Internet of things security architecture
Yao et al. PBCert: Privacy-preserving blockchain-based certificate status validation toward mass storage management
RU2010100880A (en) CREATION AND VERIFICATION OF CERTIFICATE OF DOCUMENTS PROTECTED CRYPTOGRAPHICALLY
CN113824563B (en) Cross-domain identity authentication method based on block chain certificate
CN114465817B (en) Digital certificate system and method based on TEE predictor clusters and blockchain
CN111031074B (en) Authentication method, server and client
Wang et al. Blockzone: A blockchain-based dns storage and retrieval scheme
CN109918451A (en) Data base management method and system based on block chain
TW202217701A (en) Distributed ledger-based methods and systems for certificate authentication
Konsta et al. Clouseau: Blockchain-based data integrity for HDFS clusters
WO2022206432A1 (en) Method and apparatus for querying ledger data in fabric blockchain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19788004

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19788004

Country of ref document: EP

Kind code of ref document: A1