WO2020019912A1 - 数字证书管理方法、装置、计算机设备和存储介质 - Google Patents
数字证书管理方法、装置、计算机设备和存储介质 Download PDFInfo
- Publication number
- WO2020019912A1 WO2020019912A1 PCT/CN2019/092220 CN2019092220W WO2020019912A1 WO 2020019912 A1 WO2020019912 A1 WO 2020019912A1 CN 2019092220 W CN2019092220 W CN 2019092220W WO 2020019912 A1 WO2020019912 A1 WO 2020019912A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- certificate
- digital certificate
- authentication
- transaction
- transaction record
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0637—Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Definitions
- the present application relates to the field of computer technology, and in particular, to a method, a device, a computer device, and a storage medium for digital certificate management.
- a digital certificate is a document used to prove the identity of a network node on the network.
- a network node can apply for a digital certificate to an authoritative certification center, and the authoritative certification center issues a digital certificate to the network node after performing identity authentication.
- the generation and storage of digital certificates are concentrated in authoritative certification centers. If the authoritative certification center is hijacked, the digital certificate generated or stored by the authoritative certification center is unreliable, resulting in low network security.
- the embodiments of the present application provide a digital certificate management method, a device, a computer device, and a storage medium, which can be used to solve the problem of low network security in related technologies.
- the technical solution includes:
- a digital certificate management method is provided.
- the method is executed by a computer device.
- the method includes: receiving a digital certificate generation request sent by a certificate application node, wherein the digital certificate generation request carries identity authentication information;
- the identity authentication information is sent to each consensus authentication center for authentication, and an authentication result obtained by each of the consensus authentication centers according to the identity authentication information is obtained; and the corresponding one of the certificate application nodes is determined according to the authentication result of each of the consensus authentication centers.
- Identity authentication result when the identity authentication result is passed, generating a target digital certificate corresponding to the certificate application node according to the digital certificate generation request; writing the target digital certificate as a transaction resource to the consensus authentication Blockchain corresponding to the center.
- a digital certificate management device configured to include a generation request receiving module configured to receive a digital certificate generation request sent by a certificate application node, where the digital certificate generation request carries identity authentication information; a consensus authentication module, Configured to send the identity authentication information to each consensus authentication center for authentication, and obtain an authentication result obtained by each consensus authentication center performing authentication according to the identity authentication information; an identity authentication result obtaining module, configured to obtain the authentication result according to each of the consensus The authentication result of the certification center determines the identity authentication result corresponding to the certificate application node; a certificate generation module is configured to generate a target corresponding to the certificate application node according to the digital certificate generation request when the identity authentication result is passed authentication A digital certificate; a writing module, configured to write the target digital certificate as a transaction resource to a blockchain corresponding to the consensus authentication center.
- a computer device including a memory and a processor.
- the memory stores a computer program, and when the computer program is executed by the processor, the processor causes the processor to perform the steps of the digital certificate management method. .
- a computer-readable storage medium stores a computer program.
- the processor causes the processor to perform the steps of the digital certificate management method.
- a computer program product is provided, and when the computer program product is executed, it is used to execute the digital certificate management method described above.
- the identity information of the certificate application node is verified through multiple authentication centers, and then the identity authentication result of the certificate application node is determined according to the authentication results corresponding to each consensus authentication center, and a digital certificate is generated when the identity authentication result is passed.
- the digital certificate is written into the blockchain corresponding to each consensus authentication center as a transaction resource. Since the authentication result of the identity is based on the authentication results of multiple authentication centers, compared with the verification performed by only one authentication center, the verification Higher accuracy.
- digital certificates are written into the blockchain instead of being stored in a certain certification center. It is difficult for other illegal nodes to modify or revoke digital certificates in the blockchain, which can ensure the security of digital certificates and improve network security.
- FIG. 1 is a schematic diagram of an application environment provided by an embodiment of the present application.
- FIG. 2 is a flowchart of a method for managing a digital certificate according to an embodiment of the present application
- FIG. 3 is a schematic diagram of a digital certificate according to an embodiment of the present application.
- FIG. 4 is a flowchart of writing a target digital certificate as a transaction resource to a blockchain corresponding to a consensus authentication center according to an embodiment of the present application
- FIG. 5 is a flowchart of a digital certificate management method according to an embodiment of the present application.
- FIG. 6 is a flowchart of a digital certificate management method according to an embodiment of the present application.
- FIG. 7 is a schematic diagram of a transaction chain according to an embodiment of the present application.
- FIG. 8 is a flowchart of a digital certificate management method according to an embodiment of the present application.
- FIG. 9 is a schematic diagram of managing a digital certificate provided in an embodiment of the present application.
- FIG. 10 is a structural block diagram of a digital certificate management apparatus according to an embodiment of the present application.
- FIG. 11 is a structural block diagram of a write module according to an embodiment of the present application.
- FIG. 12 is a structural block diagram of a digital certificate management apparatus according to an embodiment of the present application.
- FIG. 13 is a block diagram of an internal structure of a computer device according to an embodiment of the present application.
- first, second, and the like used in this application may be used herein to describe various elements, but unless specifically stated, these elements are not limited by these terms. These terms are only used to distinguish the first element from another element.
- first account may be referred to as the second account, and similarly, the second account may be referred to as the first account.
- Digital certificate It is used to identify the identity of the communicating party in network communication. It can be a combination of at least one of numbers, letters, and symbols. Digital certificates are usually issued by authoritative CA (Certificate Authority) organizations. Exemplarily, the CA institution is a CFCA (China Financial Certification Authority) center.
- Authentication center An authoritative and impartial computer node that undertakes authentication services and issues digital certificates to confirm node identity in the network.
- Blockchain Used to store transaction records for a certain transaction resource.
- the transaction record includes 3 elements: transaction resources, transfer account, transfer account.
- the transaction resource is a digital certificate.
- the account (transferred account or transferred account) can also be called an address, and the address can be obtained by the public key through a one-way cryptographic hash algorithm.
- a hash algorithm is a one-way function that accepts input of arbitrary length to generate a fingerprint digest.
- the algorithm used when generating the address from the public key is the Secure Hash Algorithm (SHA) algorithm or the RACE Integration Primitives Evaluation Message Digest (RIPEMD) algorithm. For example, it can be the SHA256 or RIPEMD160 algorithm.
- Blockchain technology also known as distributed ledger technology
- BT Blockchain technology
- distributed ledger technology is an Internet database technology, which is characterized by decentralization, openness and transparency, allowing everyone to participate in database records.
- Blockchain technology is to use block chain data structure to verify and store data, use distributed node consensus algorithm to generate and update data, use cryptography to ensure the security of data transmission and access, and use intelligence composed of automated script code. Contracts are a distributed infrastructure and computing method for programming and manipulating data.
- FIG. 1 is an application environment diagram of a digital certificate management method according to an embodiment of the present application. As shown in FIG. 1, the application environment includes a certificate application node and at least two certification centers.
- the certificate application node is used to apply for a digital certificate.
- the certificate application node sends a digital certificate application request to the certification center.
- the certificate application node can be an independent physical server or terminal, or a server cluster composed of multiple physical servers, and can be a cloud server that provides basic cloud computing services such as cloud servers, cloud databases, cloud storage, and CDNs.
- the at least two authentication centers are used to perform consensus authentication on the certificate application node. Any one of the at least two authentication centers has a function of performing data interaction with the certificate application node, for example, receiving a digital certificate application request sent by the certificate application node, and returning a digital certificate to the certificate application node.
- the number of certification centers can be set according to actual needs. In the embodiment of the present application, only the above-mentioned at least two authentication centers including the authentication center 1, the authentication center 2, the authentication center 3, and the authentication center 4 are used as an example for description. Among them, the authentication center 1 is configured to implement the foregoing function of performing data interaction with the certificate application node.
- Each certification center can be an independent physical server or terminal, or a server cluster composed of multiple physical servers, and can be a cloud server that provides basic cloud computing services such as cloud servers, cloud databases, cloud storage, and CDNs.
- Each certification center can use the network to connect for consensus authentication.
- the certificate application node and the certification center can be connected through the network.
- each of the above authentication centers is a node belonging to the same blockchain. It can be understood that the blockchain can also include other nodes, and the certificate application node can also be a node in the blockchain.
- FIG. 2 is a flowchart of a digital certificate management method according to an embodiment of the present application.
- the method is mainly applied to a computer device (such as the authentication center 1 in the implementation environment shown in FIG. 1) for illustration.
- the method may specifically include the following steps:
- S202 Receive a digital certificate generation request sent by a certificate application node, where the digital certificate generation request carries identity authentication information.
- a certificate application node is a computer node that needs to apply for a digital certificate.
- the certificate application node may be a computer node owned by an entity (individual or organization) having communication requirements. For example, when an enterprise needs to establish a website, it needs to apply for a digital certificate corresponding to the website. At this time, the enterprise server that needs to apply for a digital certificate can send a digital certificate generation request to the certification center.
- a digital certificate generation request is used to request the generation of a digital certificate.
- the digital certificate generation request carries the identity information of the certificate application node.
- the identity authentication information is used to authenticate the identity of the certificate requesting node.
- the identity authentication information is business license information corresponding to an enterprise that manages the certificate application node or ID information corresponding to an individual user who manages the certificate application node.
- the digital certificate generation request may also carry the public key of the certificate application node.
- the public key (Private Key) and private key (Private Key) are a key pair obtained through an algorithm.
- the public key is the public key in the key pair, and the private key is the non-public key.
- Public keys are often used to encrypt session keys or verify digital signatures.
- the certificate application node When a digital certificate needs to be applied, the certificate application node generates a key pair, stores the private key of the key pair, and sends the public key to the certification center, so that the certification center writes the public key into the digital certificate.
- the certificate requesting node can use the private key to sign the transmitted information, and the node receiving the signed information can use the public key of the digital certificate to verify the information sent by the certificate requesting node and confirm that the received information is sent by the certificate requesting node.
- Information
- S204 Send identity authentication information to each consensus authentication center for authentication, and obtain an authentication result obtained by each consensus authentication center performing authentication according to the identity authentication information.
- a certification center is an authoritative and fair computer node that undertakes authentication services in the network and issues digital certificates to confirm node identity.
- a consensus certification center is a certification center used for consensus certification.
- the authentication center 1 is also a consensus authentication center.
- the number of consensus authentication centers can be set as needed.
- the consensus algorithm used when performing consensus authentication may be PBFT (Practical Byzantine Fault Tolerance, a practical Byzantine fault tolerance algorithm).
- Consensus refers to the process in which multiple participating nodes reach a consensus on certain data, behaviors, or processes through multiple nodes under preset rules.
- the sending of the identity authentication information may be implemented by a peer-to-peer (P2P) technology, and the authentication center 1 sends the identity authentication information to each consensus authentication center in a P2P manner.
- P2P peer-to-peer
- the authentication center 1 can broadcast the identity authentication information in the blockchain, and the consensus authentication center that has received the identity authentication information can also continue to broadcast the identity authentication information so that each consensus authentication center can receive To authentication information.
- each consensus authentication center After each consensus authentication center receives the identity authentication information, it can compare the received identity authentication information with the identity authentication information of the certificate application node stored in advance or send the identity authentication information to a trust source that stores the identity authentication information. Make a comparison to confirm whether the received identity information is consistent with the stored identity information. When the identity information is the same, it is confirmed that the received identity information is authentic, and the authentication result corresponding to the consensus authentication center is passed; otherwise, the authentication result is not passed .
- the trust source may be a node that issues identity authentication information, such as a node corresponding to a personal identity card issued by a public security agency.
- the identity authentication result may be authenticated or failed.
- the identity authentication result is calculated by combining the authentication results of the consensus authentication centers.
- the computer device determines the identity authentication result according to at least one of the first number and the second number.
- the first number refers to the number of consensus authentication centers whose authentication results are passed.
- the second number refers to the number of consensus authentication centers whose authentication result is failed.
- the computer device determines that the identity authentication result is passed when the first quantity and the second quantity meet at least one of the following conditions: the first quantity is greater than the second quantity, the first quantity reaches a first preset threshold, and the first quantity The ratio with the total number of consensus authentication centers reaches a second preset threshold, and the ratio between the first number and the total number of nodes in the blockchain reaches a third preset threshold. Specific values corresponding to the first preset threshold, the second preset threshold, and the third preset threshold may be set as required.
- the authentication result of the identity authentication is that the first number accounts for 3/4 of the total number of consensus authentication centers. It is assumed that the authentication results corresponding to authentication centers 1 to 4 are passed, passed, passed, and not. If it passes, the first number is 3, and the second number is 1, then the ratio of the first number to the total number of consensus authentication centers is equal to 3/4, which meets the above conditions. At this time, the identity authentication result is passed authentication.
- Digital certificate is used to identify the identity of the correspondent in network communication.
- the digital certificate is a file digitally signed by a certificate authority.
- the digital certificate can contain the identity information of the certificate requesting node.
- the digital certificate may further include at least one of the following information: the information of the certificate issuer, the public key of the certificate application node, the validity period of the digital certificate, the signature hash algorithm for digital signature, and the digital signature.
- the digital signature is a message digest obtained by computing the digital certificate according to the signature hash algorithm agreed by the two parties. When any one of the digital certificates is changed, the corresponding digital signature will be changed accordingly, so that it can be identified whether the digital certificate has been changed.
- FIG. 3 shows a schematic diagram of a digital certificate provided by an embodiment of the present application.
- the digital certificate includes information of a certificate issuer, a public key of a certificate application node, information of a certificate application node that is a certificate owner, and validity period information. , Digital signature signature hash algorithm, and digital signature.
- the computer device writes the target digital certificate as a transaction resource into a blockchain corresponding to each consensus authentication center, and the blockchain stores a transaction record of the digital certificate.
- S210 may include the following sub-steps:
- S402 Generate a first certificate transaction record, wherein the transaction resources of the first certificate transaction record are the target digital certificate, the transfer account in the first certificate transaction record is a preset initial account, and the receiving account in the first certificate transaction record is The certificate issuing account corresponding to the digital certificate generation request receiving node.
- a transaction record is a record of the transactions that have been made for a transaction resource.
- the certificate transaction record may include the transfer account of the transaction resources and the receiving account that received the transaction resources in the transaction.
- the transaction record includes the digital certificate itself or the identification corresponding to the digital certificate.
- the preset initial account is set in advance, and it is used to indicate that before the current transaction, the transaction resource is an initial resource that has not been traded.
- the specific value of the preset initial account can be set as needed, for example, it can be a string of all zeros, and the number of characters in the string can be set as needed.
- the transfer account since the target digital certificate is the target digital certificate deposited for the first time, the transfer account may be a preset initial account, which indicates that the transaction resource is an initial transaction resource.
- the digital certificate generation request receiving node is also the execution subject of each step in the embodiment of the present application, that is, the authentication center 1.
- the certificate issuing account corresponding to the digital certificate generation request receiving node may be any account owned by the certification center 1, and the type of the account is a certificate issuing account type.
- the type of the receiving account is a certificate issuing account type, it means that the digital certificate is in the issuing state and is a valid digital certificate.
- the generated first certificate transaction record is equivalent to a UTXO (Unspent Transaction Output) transaction.
- UTXO Unspent Transaction Output
- the first certificate transaction record When the first certificate transaction record is generated, a corresponding first transaction identifier is generated for identifying the first certificate transaction.
- UTXO transactions it includes transaction inputs (inputs) and transaction outputs (outputs).
- Each transaction has a transaction input, that is, the source of the transaction resource, and a transaction output, that is, the destination of the transaction resource.
- the account corresponding to the transaction input is called a transfer account, and the transaction output The corresponding account is called the receiving account.
- the computer device when generating the first certificate transaction record, may further generate a first transaction identifier corresponding to the first certificate transaction record, and the computer device may feedback the first transaction identifier to the certificate application node, so that the certificate application node can target the target. Digital certificate for verification.
- the computer device After the computer device generates the first certificate transaction record, it writes the first certificate transaction record into a block of the blockchain corresponding to the consensus authentication center, so that the first certificate transaction record is stored in the block.
- the first certificate transaction record is broadcast, so that a node in the blockchain also stores the first certificate transaction record in the block.
- the private certificate can be used to sign the first certificate transaction record and broadcast the signed first certificate transaction record.
- the technical solution provided in the embodiment of the present application verifies the identity information of the certificate application node through multiple authentication centers, and then determines the identity authentication result of the certificate application node according to the authentication results corresponding to each consensus authentication center. And generate a digital certificate when the identity authentication result is passed.
- the digital certificate is written as a transaction resource in the blockchain corresponding to each consensus authentication center. Since the identity authentication result is based on the authentication results of multiple authentication centers, compared with Since the verification is performed by only one certification center, the accuracy of the verification is higher.
- digital certificates are written into the blockchain instead of being stored in a certain certification center. It is difficult for other illegal nodes to modify or revoke digital certificates in the blockchain, which can ensure the security of digital certificates and improve network security.
- the digital certificate management method further includes the following steps:
- the operation performed on the target digital certificate may be a revocation operation or an update operation.
- the operation request is used to request an operation on the target digital certificate.
- the operation request may include a digital certificate update request or a digital certificate revocation request.
- the operation request is triggered by the certificate application node or other nodes.
- the certificate application node may send a digital certificate update request.
- the certificate application node may send a digital certificate revocation request.
- the certification center finds that the certificate application node has deceived in obtaining the target digital certificate, the staff of the certification center can initiate a revocation operation in the certification center, and the certification center triggers a digital certificate revocation request according to the revocation operation and requests the revocation Digital certificate.
- the receiving account type refers to the type of the receiving account in the transaction record generated according to the operation performed on the digital certificate.
- the type of the receiving account can be a certificate recovery account type or an account issuing account type.
- the certificate recovery account type indicates that the digital certificate is in a revoked state, that is, the digital certificate has been revoked and is an invalid digital certificate.
- the certificate issuance account type indicates that the digital certificate has been issued, that is, in the issuing state, and is a valid digital certificate.
- the types of receiving accounts corresponding to different operation types are different.
- the operation type of the operation request is an update operation type
- it is determined that the target type is a certificate issuing account type.
- the operation type of the operation request is a revocation operation type
- it is determined that the target type is a certificate recovery account type.
- the computer device presets a correspondence relationship between the account type and the account. For example, for a certificate issue account type, the corresponding account is 00001, and for a certificate recovery account type, the corresponding account is 0002. After obtaining the type of the receiving account, the computer device determines, according to the foregoing correspondence relationship, an account of the type of the receiving account as the receiving account in the second certificate transaction record.
- the outgoing account in the second certificate transaction record may be the receiving account in the previous transaction record of the second certificate transaction record.
- the transfer account in the second certificate transaction record is the first account.
- the transaction input corresponding to the previous transaction record of the second certificate transaction record may also be used to identify the input of the transaction, that is, the transfer account may be represented by the transaction ID corresponding to the previous transaction record.
- the first operation of writing a digital certificate into the blockchain is called an insert operation.
- the insert operation is used as a transaction to form a transaction record and write it to the blockchain. It is not tamperable, so when the digital certificate is to be renewed or revoked later, the operation on the digital certificate can also be regarded as a transaction, and a corresponding transaction record is formed according to the type of operation and stored in the blockchain. In this way, if you want to query the status of the digital certificate, you can determine whether the digital certificate has been updated or revoked according to the account type corresponding to the latest transaction record.
- the computer device when generating the first certificate transaction record, may further generate a first transaction identifier corresponding to the first certificate transaction record, and the computer device may feedback the first transaction identifier to the certificate application node, so that the certificate application node can target the target. Digital certificate for verification.
- the technical solution provided in the embodiment of the present application further generates a transaction record according to the operation when a digital certificate is operated on a node, and records the transaction record in the blockchain.
- the type of the receiving account in the transaction record corresponds to the type of operation, and the digital certificate can be verified subsequently according to the type of the receiving account.
- the digital certificate management method may further include the following steps:
- the verification request is used to request verification of the target digital certificate, and the verification request may be sent by an interaction node that interacts with the certificate application node.
- the interactive node needs to log in to the website corresponding to the certificate application node, it can obtain the target digital certificate from the certificate application node and send a verification request to the certification center.
- the verification request carries a first transaction identifier corresponding to the first certificate transaction record.
- the certification center When the first certificate transaction record is generated, the certification center generates a first transaction identifier corresponding to the first certificate transaction record, and sends the first transaction identifier to the certificate application node. If a node subsequently needs to verify the target digital certificate, The first transaction identifier may be obtained from a certificate application node.
- the verification request carries a second transaction identifier corresponding to the second certificate transaction record.
- the certification center When the second certificate transaction record is generated, the certification center generates a second transaction identifier corresponding to the second certificate transaction record, and sends the second transaction identifier to the certificate application node. If a node subsequently needs to verify the target digital certificate, The second transaction ID may be obtained from a certificate application node.
- the latest transaction record is the latest transaction record among the transaction records corresponding to the target digital certificate.
- the computer device may obtain the transaction chain corresponding to the target digital certificate according to the first transaction identifier, and then use the transaction record at the end of the transaction chain as the latest transaction record.
- the transaction records corresponding to the target digital certificate are connected back and forth to form a transaction chain.
- the transaction records in the transaction chain are arranged in the order of the transaction time. That is, the earlier the transaction time corresponding to the transaction record, the earlier the position of the transaction record in the transaction chain; the later the transaction time corresponding to the transaction record, the later the position of the transaction record in the transaction chain.
- the transaction record at the end of the transaction chain is the transaction record with the latest transaction time.
- the verification request may also carry a second transaction identifier, and the transaction chain corresponding to the target digital certificate may be obtained according to the second transaction identifier, and then the transaction record at the end of the transaction chain is used as the latest transaction record.
- FIG. 7 illustrates a schematic diagram of a transaction chain provided by an embodiment of the present application.
- the transaction record with the transaction ID of 1001 # is the record corresponding to the operation of writing the digital certificate into the blockchain
- 1001 # is the parent transaction of 2001 #
- 2001 # is the parent transaction of 3001 #.
- the transaction record may include the digital certificate itself or the identification corresponding to the digital certificate.
- the computer device after the computer device obtains the latest transaction record, it is determined whether the verification result corresponding to the target digital certificate is passed or failed according to the receiving account type in the latest transaction record.
- the computer device may determine the operation status of the target digital certificate by the type of the receiving account in the latest transaction record, and then determine whether the verification result corresponding to the target digital certificate is a verification pass or a verification failure according to the operation status.
- the operation status of the digital certificate in the blockchain can be one of the inserted status, the updated status, and the revoked status.
- the digital certificate corresponding to the inserted state is inserted into the blockchain as a newly generated initial digital certificate.
- the digital certificate corresponding to the update status is a digital certificate obtained after the initial digital certificate is updated, that is, the certificate has been updated.
- the digital certificate corresponding to the revocation status is a digital certificate that has been revoked.
- the receiving account type corresponding to the latest transaction record is a certificate recovery account type
- the verification result corresponding to the target digital certificate is Verification failed.
- the receiving account type corresponding to the latest transaction record is a certificate issuing account type
- determine the operation status of the digital certificate in the blockchain is inserted or updated. At this time, the digital certificate is valid, and the verification result corresponding to the target digital certificate is determined For verification success.
- other nodes may also verify the identity information of the digital certificate generation request receiving node.
- the digital certificate of the method is necessarily invalid; when the receiving node of the digital certificate generation request is reliable, it is necessary to further verify whether the digital certificate is valid.
- the verification process of verifying the identity information of the receiving node of the digital certificate generation request is explained below.
- the digital certificate management method may further include the following steps:
- the root certificate is a certificate issued by the certification center to itself, and is the starting point of the trust chain.
- the root certificate is stored in the genesis block of the blockchain.
- the genesis block is the first block of the blockchain to reduce the possibility of tampering with the root certificate.
- the root certificate is used to verify the digital certificate issued by the certificate authority.
- the public key in the root certificate can be used to verify the digital signature in the digital certificate to confirm the legality and validity of the digital certificate. Issued for CA agency.
- the root certificate can also be stored in the blockchain.
- the root check result can be a successful check or a failed check.
- the computer device may obtain the public key in the root certificate and verify the digital signature of the target digital certificate. If the digital signature verification is confirmed to pass, the verification is successful, and if the digital signature verification is not passed, the verification fails.
- the root verification result is verification failure
- it is confirmed that the verification result corresponding to the target digital certificate is verification failure, and there is no need to continue to verify the target digital certificate.
- the root verification result is verification success, then Enter the step of obtaining the latest transaction record corresponding to the target digital certificate from the blockchain, and continue to verify the target digital certificate.
- FIG. 9 shows a flowchart of a digital certificate management method provided by an embodiment of the present application.
- the method may include the following steps:
- the certificate application node sends a digital certificate generation request to the certification center 1, and the digital certificate generation request carries identity authentication information.
- the authentication center 1 sends identity authentication information to the authentication center 2, the authentication center 3, and the authentication center 4 for consensus authentication.
- the authentication center 1 When the identity authentication result is passed according to the consensus authentication result, the authentication center 1 generates a target digital certificate and a corresponding first transaction record, stores the first transaction record in the latest block in the blockchain, and saves the target.
- the digital certificate and the first transaction ID are returned to the certificate application node.
- the interactive node When the interactive node interacts with the certificate application node, it sends a digital certificate acquisition request to the certificate application node.
- the certificate application node returns the target digital certificate and the first transaction ID to the interactive node.
- the interactive node sends a verification request to the authentication center 4.
- the verification request carries the first transaction identifier and the target digital certificate.
- the certification center 4 obtains the root certificate from the genesis block, and verifies the target digital certificate according to the root certificate to obtain the root verification result.
- the authentication center 4 obtains the receiving account type of the latest transaction record in the transaction chain corresponding to the target digital certificate according to the first transaction ID, and determines the verification according to the receiving account type of the latest transaction record. result. For example, if the account type is reclaimed, it means that the target digital certificate has been revoked and the verification result is failed.
- nodes in the blockchain can receive the verification request and perform the verification, as long as the interactive node considers it trustworthy.
- the interactive node can also be a node in the blockchain. In this way, the interactive node also obtains the root certificate and transaction records from the locally stored blockchain data for verification.
- FIG. 10 shows a block diagram of a digital certificate management apparatus according to an embodiment of the present application.
- the device has functions for implementing the above method examples, and the functions may be implemented by hardware, or may be implemented by hardware executing corresponding software.
- the device may include a generation request receiving module 1002, a consensus authentication module 1004, an identity authentication result obtaining module 1006, a certificate generation module 1008, and a writing module 1010.
- a generation request receiving module 1002 is configured to receive a digital certificate generation request sent by a certificate application node, where the digital certificate generation request carries identity authentication information.
- the consensus authentication module 1004 is configured to send identity authentication information to each consensus authentication center for authentication, and obtain an authentication result obtained by each consensus authentication center according to the identity authentication information.
- the identity authentication result obtaining module 1006 is configured to determine the identity authentication result corresponding to the certificate application node according to the authentication result of each consensus authentication center.
- the certificate generation module 1008 is configured to generate a target digital certificate corresponding to the certificate application node according to the digital certificate generation request when the identity authentication result is passed.
- the writing module 1010 is configured to write the target digital certificate as a transaction resource to the blockchain corresponding to the consensus authentication center when the identity authentication result is passed.
- the technical solution provided in the embodiment of the present application verifies the identity information of the certificate application node through multiple authentication centers, and then determines the identity authentication result of the certificate application node according to the authentication results corresponding to each consensus authentication center. And generate a digital certificate when the identity authentication result is passed.
- the digital certificate is written as a transaction resource in the blockchain corresponding to each consensus authentication center. Since the identity authentication result is based on the authentication results of multiple authentication centers, compared with Since the verification is performed by only one certification center, the accuracy of the verification is higher.
- digital certificates are written into the blockchain instead of being stored in a certain certification center. It is difficult for other illegal nodes to modify or revoke digital certificates in the blockchain, which can ensure the security of digital certificates and improve network security.
- the writing module 1010 includes:
- a first record generating unit 1010A is configured to generate a first certificate transaction record, wherein a transaction resource of the first certificate transaction record is a target digital certificate, a transfer account in the first certificate transaction record is a preset initial account, and the first certificate
- the receiving account in the transaction record is the certificate issuing account corresponding to the receiving node of the digital certificate generation request.
- the first writing unit 1010B is configured to write a first certificate transaction record to a blockchain corresponding to the consensus authentication center.
- the digital certificate management apparatus further includes:
- the operation request receiving module 1202 is configured to receive an operation request for operating a target digital certificate.
- the account type determining module 1204 is configured to determine a receiving account type of the receiving target digital certificate according to the operation type of the operation request.
- a second transaction record generating module 1206 is configured to generate a second certificate transaction record and write the second certificate transaction record to the blockchain, wherein the transaction resource of the second certificate transaction record is the target digital certificate and the second certificate transaction record
- the receiving account in is the second account corresponding to the receiving account type.
- the account type determination module 1204 is configured to: when the operation type of the operation request is an update operation type, determine that the receiving account type is a certificate issuing account type.
- the account type determination module 1204 is configured to: when the operation type of the operation request is a revocation operation type, determine that the receiving account type is a certificate recovery account type.
- the digital certificate management apparatus further includes:
- a verification request receiving module is configured to receive a verification request for verifying a target digital certificate.
- the transaction record acquisition module is used to obtain the latest transaction record corresponding to the target digital certificate from the blockchain.
- the verification result determination module is configured to determine a verification result corresponding to the target digital certificate according to a receiving account type corresponding to the latest transaction record.
- the verification result determination module is configured to: when the receiving account type corresponding to the latest transaction record is a certificate recovery account type, determine that the target digital certificate has been revoked, and the verification result corresponding to the target digital certificate is verification failure.
- the verification result determination module is configured to: when the receiving account type corresponding to the latest transaction record is a certificate issuing account type, determine that the verification result corresponding to the target digital certificate is successful verification.
- the verification request carries a first transaction identifier corresponding to the first certificate transaction record, and the first transaction identifier is sent by the digital certificate generation request receiving node to the certificate requesting node, and then by the certificate request node.
- the certificate request node sends it to the verification request sending node.
- the transaction record acquisition module is configured to acquire the transaction chain corresponding to the target digital certificate according to the first transaction identifier, and use the transaction record at the end of the transaction chain as the latest transaction record, wherein the transaction chain is arranged in order according to the transaction time.
- the apparatus further includes:
- the certificate obtaining module is configured to obtain the root certificate corresponding to the target digital certificate from the blockchain according to the verification request, and the root certificate is used to verify the identity information of the receiving node of the digital certificate generation request.
- a verification module is configured to verify the target digital certificate according to the root certificate to obtain a root verification result.
- the transaction record obtaining module is further configured to execute the step of obtaining the latest transaction record corresponding to the target digital certificate from the blockchain when the root verification result is successful verification.
- FIG. 13 illustrates an internal structure diagram of a computer device according to an embodiment of the present application.
- the computer equipment may specifically be the certification center in FIG. 1.
- the computer device includes the computer device including a processor, a memory, a network interface, and an input device connected through a system bus.
- the memory includes a non-volatile storage medium and an internal memory.
- the non-volatile storage medium of the computer device stores an operating system and a computer program.
- the processor can implement a digital certificate management method.
- a computer program can also be stored in the internal memory, and when the computer program is executed by the processor, the processor can execute the digital certificate management method.
- the input device of a computer device may be a touch layer covered on a display screen, or a button, a trackball, or a touchpad provided on the computer equipment housing, or an external keyboard, a touchpad, or a mouse.
- FIG. 13 is only a block diagram of a part of the structure related to the solution of the application, and does not constitute a limitation on the computer equipment to which the solution of the application is applied.
- the specific computer equipment may Include more or fewer parts than shown in the figure, or combine certain parts, or have a different arrangement of parts.
- a computer program is stored in the memory, and the computer program is loaded and executed by the processor to implement the digital certificate management method in the foregoing method embodiment.
- a computer-readable storage medium stores a computer program, and the computer program is loaded and executed by a processor of a computer device to implement the numbers in the foregoing method embodiments. Certificate management method.
- any reference to the memory, storage, database or other media used in the embodiments provided in this application may include non-volatile and / or volatile memory.
- Non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
- Volatile memory can include random access memory (RAM) or external cache memory.
- RAM is available in various forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Synchlink DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
Claims (16)
- 一种数字证书管理方法,所述方法由计算机设备执行,所述方法包括:接收证书申请节点发送的数字证书生成请求,所述数字证书生成请求携带身份认证信息;将所述身份认证信息发送到各个共识认证中心进行认证,获取各个所述共识认证中心根据所述身份认证信息进行认证得到的认证结果;根据各个所述共识认证中心的认证结果确定所述证书申请节点对应的身份认证结果;当所述身份认证结果为通过认证时,根据所述数字证书生成请求生成所述证书申请节点对应的目标数字证书;将所述目标数字证书作为交易资源写入至所述共识认证中心对应的区块链。
- 根据权利要求1所述的方法,其中,所述将所述目标数字证书作为交易资源写入至所述共识认证中心对应的区块链包括:生成第一证书交易记录,其中,所述第一证书交易记录的交易资源为所述目标数字证书,所述第一证书交易记录中的转出账户为预设初始账户,所述第一证书交易记录中的接收账户为数字证书生成请求接收节点对应的证书发行账户;将所述第一证书交易记录写入至所述共识认证中心对应的区块链。
- 根据权利要求1所述的方法,其中,所述将所述目标数字证书作为交易资源写入至所述共识认证中心对应的区块链之后,还包括:接收用于对所述目标数字证书进行操作的操作请求;根据所述操作请求的操作类型,确定接收所述目标数字证书的接收账户类型;生成第二证书交易记录,将所述第二证书交易记录写入至所述区块链,其中,所述第二证书交易记录的交易资源为所述目标数字证书,所述第二证书交易记录中的接收账户为所述接收账户类型对应的第二账户。
- 根据权利要求3所述的方法,其中,所述根据所述操作请求的操作类型确定接收所述目标数字证书的接收账户类型,包括:当所述操作请求的操作类型为更新操作类型时,确定所述接收账户类型为 证书发行账户类型。
- 根据权利要求3所述的方法,其中,所述根据所述操作请求的操作类型确定接收所述目标数字证书的接收账户类型包括:当所述操作请求的操作类型为撤销操作类型时,确定所述接收账户类型为证书回收账户类型。
- 根据权利要求1至5任一项所述的方法,其中,所述将所述目标数字证书作为交易资源写入至所述各个共识认证中心对应的区块链之后,还包括:接收用于对所述目标数字证书进行校验的校验请求;从所述区块链中获取所述目标数字证书对应的最新交易记录;根据所述最新交易记录中的接收账户类型,确定所述目标数字证书对应的校验结果。
- 根据权利要求6所述的方法,其中,所述根据所述最新交易记录中的接收账户类型确定所述目标数字证书对应的校验结果,包括:当所述最新交易记录中的接收账户类型为证书回收账户类型时,确定所述目标数字证书已被撤销,所述目标数字证书对应的校验结果为校验失败。
- 根据权利要求6所述的方法,其中,所述根据所述最新交易记录中的接收账户类型确定所述目标数字证书对应的校验结果,包括:当所述最新交易记录中的接收账户类型为证书发行账户类型时,确定所述目标数字证书对应的校验结果为校验成功。
- 根据权利要求6所述的方法,其中,所述校验请求携带所述第一证书交易记录对应的第一交易标识,所述第一交易标识是由数字证书生成请求接收节点发送至所述证书申请节点,再由所述证书申请节点发送至校验请求发送节点的。
- 根据权利要求9所述的方法,其中,所述从所述区块链中获取所述目标数字证书对应的最新交易记录,包括:根据所述第一交易标识获取所述目标数字证书对应的交易链,将所述交易链末端的交易记录作为所述最新交易记录,其中,所述交易链按照交易时间依次排列。
- 根据权利要求6所述的方法,其中,所述从所述区块链中获取所述目标数字证书对应的最新交易记录之前,还包括:根据所述校验请求从所述区块链中获取所述目标数字证书对应的根证书,所述根证书用于校验所述数字证书生成请求接收节点的身份信息;根据所述根证书对所述目标数字证书进行校验,得到根验证结果;当所述根校验结果为校验成功时,执行所述从所述区块链中获取所述目标数字证书对应的最新交易记录的步骤。
- 一种数字证书管理装置,所述装置包括:生成请求接收模块,用于接收证书申请节点发送的数字证书生成请求,所述数字证书生成请求携带身份认证信息;共识认证模块,用于将所述身份认证信息发送到各个所述共识认证中心进行认证,获取各个所述共识认证中心根据所述身份认证信息进行认证得到的认证结果;身份认证结果得到模块,用于根据各个所述共识认证中心的认证结果确定所述证书申请节点对应的身份认证结果;证书生成模块,用于当所述身份认证结果为通过认证时,根据所述数字证书生成请求生成所述证书申请节点对应的目标数字证书;写入模块,用于当所述身份认证结果为通过认证时,将所述目标数字证书作为交易资源写入至所述共识认证中心对应的区块链。
- 根据权利要求12所述的装置,其中,所述写入模块包括:第一记录生成单元,用于生成第一证书交易记录,其中,所述第一证书交易记录的交易资源为所述目标数字证书,所述第一证书交易记录中的转出账户为预设初始账户,所述第一证书交易记录中的接收账户为数字证书生成请求接收节点对应的证书发行账户;第一写入单元,用于将所述第一证书交易记录写入至所述共识认证中心对应的区块链。
- 根据权利要求12所述的装置,其特征在于,所述装置还包括:操作请求接收模块,用于接收用于对所述目标数字证书进行操作的操作请求;账户类型确定模块,用于根据所述操作请求的操作类型确定接收所述目标数字证书的接收账户类型;第二交易记录生成模块,用于生成第二证书交易记录,将所述第二交易记 录写入至所述区块链,其中,所述第二证书交易记录的交易资源为所述目标数字证书,所述第二证书交易记录中的接收账户为所述接收账户类型对应的第二账户。
- 一种计算机设备,其特征在于,包括存储器和处理器,所述存储器中存储有计算机程序,所述计算机程序被所述处理器执行时,使得所述处理器执行权利要求1至11中任一项权利要求所述数字证书管理方法的步骤。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时,使得所述处理器执行权利要求1至11中任一项权利要求所述数字证书管理方法的步骤。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2020568339A JP7093428B2 (ja) | 2018-07-24 | 2019-06-21 | 電子証明書の管理方法、装置、コンピュータ装置及びコンピュータプログラム |
SG11202010947UA SG11202010947UA (en) | 2018-07-24 | 2019-06-21 | Digital certificate management method and apparatus, computer device, and storage medium |
KR1020207031634A KR102440626B1 (ko) | 2018-07-24 | 2019-06-21 | 디지털 인증서 관리 방법, 장치, 컴퓨터 기기 및 저장 매체 |
US17/003,812 US11349674B2 (en) | 2018-07-24 | 2020-08-26 | Digital certificate management method and apparatus, computer device, and storage medium |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810821687.3A CN109067543B (zh) | 2018-07-24 | 2018-07-24 | 数字证书管理方法、装置、计算机设备和存储介质 |
CN201810821687.3 | 2018-07-24 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/003,812 Continuation US11349674B2 (en) | 2018-07-24 | 2020-08-26 | Digital certificate management method and apparatus, computer device, and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020019912A1 true WO2020019912A1 (zh) | 2020-01-30 |
Family
ID=64835260
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2019/092220 WO2020019912A1 (zh) | 2018-07-24 | 2019-06-21 | 数字证书管理方法、装置、计算机设备和存储介质 |
Country Status (6)
Country | Link |
---|---|
US (1) | US11349674B2 (zh) |
JP (1) | JP7093428B2 (zh) |
KR (1) | KR102440626B1 (zh) |
CN (1) | CN109067543B (zh) |
SG (1) | SG11202010947UA (zh) |
WO (1) | WO2020019912A1 (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111275555A (zh) * | 2020-02-24 | 2020-06-12 | 中国工商银行股份有限公司 | 区块链交易处理方法、交易节点以及区块链系统 |
CN112862487A (zh) * | 2021-03-03 | 2021-05-28 | 青岛海链数字科技有限公司 | 一种数字证书认证方法、设备及存储介质 |
CN114389827A (zh) * | 2020-10-19 | 2022-04-22 | 中国移动通信有限公司研究院 | 一种机卡绑定方法、装置、设备及计算机可读存储介质 |
CN114584317A (zh) * | 2022-03-03 | 2022-06-03 | 杭州复杂美科技有限公司 | 一种区块链广播数据验证方法、设备及存储介质 |
Families Citing this family (45)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109067543B (zh) | 2018-07-24 | 2020-04-14 | 腾讯科技(深圳)有限公司 | 数字证书管理方法、装置、计算机设备和存储介质 |
CN108964924B (zh) * | 2018-07-24 | 2020-06-05 | 腾讯科技(深圳)有限公司 | 数字证书校验方法、装置、计算机设备和存储介质 |
CN109327528B (zh) * | 2018-10-31 | 2020-10-20 | 创新先进技术有限公司 | 一种基于区块链的节点管理方法和装置 |
CN111401672B (zh) * | 2019-01-02 | 2023-11-28 | 中国移动通信有限公司研究院 | 一种基于区块链的合法性校验方法、设备及系统 |
CN109981588B (zh) * | 2019-02-27 | 2021-08-10 | 四川享宇金信金融科技有限公司 | 一种基于区块链的数据交易业务处理方法及系统 |
EP3590226B1 (en) | 2019-02-28 | 2021-06-16 | Advanced New Technologies Co., Ltd. | System and method for generating digital marks |
JP6853364B2 (ja) * | 2019-02-28 | 2021-03-31 | アドバンスド ニュー テクノロジーズ カンパニー リミテッド | ブロックチェーンベースのデジタル証明書を実装するためのシステム及び方法 |
CN111641504A (zh) * | 2019-03-01 | 2020-09-08 | 湖南天河国云科技有限公司 | 一种基于比特币体系的区块链的数字证书应用方法及系统 |
CN110086608B (zh) * | 2019-03-21 | 2022-03-25 | 深圳壹账通智能科技有限公司 | 用户认证方法、装置、计算机设备及计算机可读存储介质 |
CN110020869B (zh) * | 2019-04-19 | 2020-08-07 | 阿里巴巴集团控股有限公司 | 用于生成区块链授权信息的方法、装置及系统 |
US10790973B2 (en) | 2019-04-19 | 2020-09-29 | Alibaba Group Holding Limited | Blockchain authorization information generation |
CN111988145B (zh) * | 2019-05-24 | 2023-08-04 | 阿里巴巴集团控股有限公司 | 业务认证及副证申请的处理方法、装置、系统及电子设备 |
US11411746B2 (en) * | 2019-05-24 | 2022-08-09 | Centrality Investments Limited | Systems, methods, and storage media for permissioned delegation in a computing environment |
US10951417B2 (en) | 2019-07-12 | 2021-03-16 | Advanced New Technologies Co., Ltd. | Blockchain-based transaction verification |
CN110458560B (zh) * | 2019-07-12 | 2021-10-12 | 创新先进技术有限公司 | 用于进行交易验证的方法及装置 |
CN110490588A (zh) * | 2019-08-23 | 2019-11-22 | 深圳前海环融联易信息科技服务有限公司 | 身份证书管理方法、装置、计算机设备及存储介质 |
CN110544095A (zh) * | 2019-09-03 | 2019-12-06 | 腾讯科技(深圳)有限公司 | 区块链网络的交易处理方法及区块链网络 |
CN110674532B (zh) * | 2019-09-12 | 2021-08-03 | 北京优炫软件股份有限公司 | 证据文件防篡改方法及装置 |
CN110601851B (zh) * | 2019-09-12 | 2021-06-04 | 腾讯科技(深圳)有限公司 | 在区块链网络中更换身份证书的方法、装置、介质和设备 |
CN110598375B (zh) * | 2019-09-20 | 2021-03-16 | 腾讯科技(深圳)有限公司 | 一种数据处理方法、装置及存储介质 |
CN110620776B (zh) * | 2019-09-24 | 2021-11-26 | 腾讯科技(深圳)有限公司 | 一种数据转移信息传输方法及其装置 |
CN110958118B (zh) * | 2019-10-12 | 2021-09-28 | 深圳赛安特技术服务有限公司 | 证书认证管理方法、装置、设备及计算机可读存储介质 |
CN110851857B (zh) * | 2019-10-14 | 2022-07-01 | 上海唯链信息科技有限公司 | 一种在区块链上实现身份背书的方法及装置 |
CN111125665A (zh) * | 2019-12-04 | 2020-05-08 | 中国联合网络通信集团有限公司 | 认证方法及设备 |
CN113055176B (zh) * | 2019-12-26 | 2023-03-24 | 中国电信股份有限公司 | 终端认证方法和系统、终端设备、p2p验证平台和介质 |
CN111556035B (zh) * | 2020-04-20 | 2022-04-19 | 中国工商银行股份有限公司 | 多认证节点的联盟链系统及方法 |
KR20210140962A (ko) * | 2020-05-14 | 2021-11-23 | 삼성에스디에스 주식회사 | 블록체인 데이터 기록 방법 및 그 장치 |
CN111666554B (zh) * | 2020-06-03 | 2023-09-12 | 泰康保险集团股份有限公司 | 一种证书认证方法、装置、设备及存储介质 |
CN111541552B (zh) | 2020-07-08 | 2021-06-22 | 支付宝(杭州)信息技术有限公司 | 区块链一体机及其节点自动加入方法、装置 |
CN111541724B (zh) | 2020-07-08 | 2021-06-29 | 支付宝(杭州)信息技术有限公司 | 区块链一体机及其节点自动加入方法、装置 |
CN111917734B (zh) * | 2020-07-12 | 2023-03-10 | 中信银行股份有限公司 | 公钥的管理方法、装置、电子设备及计算机可读存储介质 |
CN111814129B (zh) * | 2020-08-28 | 2021-06-04 | 支付宝(杭州)信息技术有限公司 | 数字凭证的失效和验证方法及装置 |
CN114157428A (zh) * | 2020-09-04 | 2022-03-08 | 中国移动通信集团重庆有限公司 | 一种基于区块链的数字证书管理方法和系统 |
CN112398658A (zh) * | 2020-11-13 | 2021-02-23 | 浙江数秦科技有限公司 | 一种分布式数字证书管理方法和系统、设备及存储介质 |
CN112332980B (zh) * | 2020-11-13 | 2023-04-14 | 浙江数秦科技有限公司 | 一种数字证书签发和验签方法、设备及存储介质 |
CN112561763A (zh) * | 2020-12-23 | 2021-03-26 | 北京航空航天大学 | 基于区块链的电子证照政务办理系统及方法 |
CN112734407B (zh) * | 2020-12-30 | 2024-06-04 | 银盛支付服务股份有限公司 | 一种金融支付渠道数字证书管理的方法 |
CN113037505B (zh) * | 2021-05-31 | 2021-09-07 | 北京连琪科技有限公司 | 一种可信Web应用的实现方法及系统 |
AU2022285487A1 (en) * | 2021-06-04 | 2023-12-14 | Map My Skills Limited | Method and apparatus for issuing or invalidating digital attribute certificates |
CN113453170B (zh) * | 2021-06-29 | 2022-04-05 | 重庆邮电大学 | 一种基于区块链技术的车联网的分布式认证方法 |
CN114172666A (zh) * | 2021-12-10 | 2022-03-11 | 北京泰尔英福科技有限公司 | 基于区块链标识的数字证书多级处理方法及装置 |
CN114900311B (zh) * | 2022-04-06 | 2024-06-04 | 平安国际智慧城市科技股份有限公司 | 一种监测数据管理方法、装置、设备和存储介质 |
KR102439879B1 (ko) * | 2022-04-28 | 2022-09-02 | 주식회사 잇다헬스케어 | 블록체인 기반의 신원 인증용 시스템 및 그에 관한 동작방법 |
CN114884963B (zh) * | 2022-06-20 | 2023-11-03 | 中国工商银行股份有限公司 | 数字证书的管理方法和管理装置 |
CN115021938A (zh) * | 2022-06-27 | 2022-09-06 | 中国银行股份有限公司 | 安全数字证书应用方法及装置 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105701372A (zh) * | 2015-12-18 | 2016-06-22 | 布比(北京)网络技术有限公司 | 一种区块链身份构建及验证方法 |
CN107508680A (zh) * | 2017-07-26 | 2017-12-22 | 阿里巴巴集团控股有限公司 | 数字证书管理方法、装置及电子设备 |
US20180097635A1 (en) * | 2016-09-30 | 2018-04-05 | Entrust, Inc. | Methods and apparatus for providing blockchain participant identity binding |
CN109067543A (zh) * | 2018-07-24 | 2018-12-21 | 腾讯科技(深圳)有限公司 | 数字证书管理方法、装置、计算机设备和存储介质 |
Family Cites Families (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS6063055A (ja) | 1983-09-16 | 1985-04-11 | 小林製薬株式会社 | 発香性石こう成形体の改良された連続成形方法 |
JPH1165417A (ja) | 1997-08-27 | 1999-03-05 | Omron Corp | 仮想ペット飼育装置、方法及びプログラム記録媒体 |
JP2950502B2 (ja) | 1997-10-20 | 1999-09-20 | 株式会社エス・エヌ・ケイ | 育成シミュレーションゲーム機及びこれを用いたゲームシステム |
JP4048611B2 (ja) | 1998-07-08 | 2008-02-20 | カシオ計算機株式会社 | 電子ペット飼育装置及び記録媒体 |
JP2000189668A (ja) | 1998-12-25 | 2000-07-11 | Casio Comput Co Ltd | 通信機能付き電子機器及び通信制御プログラムを記憶した記憶媒体 |
KR20050110260A (ko) | 2004-05-18 | 2005-11-23 | (주)유니원커뮤니케이션즈 | 유전자 정보에 근거한 사이버 애완동물 시스템 |
JP5385126B2 (ja) | 2007-03-08 | 2014-01-08 | 株式会社キャメロット | 画面操作システム、画面操作方法及びネットワークサービスの提供方法 |
JP5521577B2 (ja) * | 2010-01-27 | 2014-06-18 | 株式会社リコー | 周辺機器、ネットワークシステム、通信処理方法、及び通信処理制御プログラム |
US10628578B2 (en) * | 2013-03-15 | 2020-04-21 | Imagine Communications Corp. | Systems and methods for determining trust levels for computing components using blockchain |
US20190349347A1 (en) * | 2013-10-17 | 2019-11-14 | Arm Ip Limited | Registry apparatus, agent device, application providing apparatus and corresponding methods |
JP2015217297A (ja) | 2015-04-08 | 2015-12-07 | 株式会社 ディー・エヌ・エー | ゲームを提供するシステム、方法、及びプログラム |
KR101637854B1 (ko) * | 2015-10-16 | 2016-07-08 | 주식회사 코인플러그 | 블록체인을 기반으로 하는 공인인증서 발급시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 발급방법 및 블록체인을 기반으로 하는 공인인증서 인증시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 인증방법 |
WO2017171165A1 (ko) * | 2015-12-14 | 2017-10-05 | (주)코인플러그 | 블록체인을 기반으로 하는 공인인증서 발급시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 발급방법 |
KR101661933B1 (ko) | 2015-12-16 | 2016-10-05 | 주식회사 코인플러그 | 블록체인을 기반으로 하는 공인인증서 인증시스템 및 이를 이용한 인증방법 |
CN106301792B (zh) * | 2016-08-31 | 2019-10-18 | 江苏通付盾科技有限公司 | 基于区块链的ca认证管理方法、装置及系统 |
CN106384236B (zh) | 2016-08-31 | 2019-07-16 | 江苏通付盾科技有限公司 | 基于区块链的ca认证管理方法、装置及系统 |
US20180082290A1 (en) * | 2016-09-16 | 2018-03-22 | Kountable, Inc. | Systems and Methods that Utilize Blockchain Digital Certificates for Data Transactions |
KR101908712B1 (ko) * | 2016-10-05 | 2018-10-16 | 한전케이디엔주식회사 | 블록체인을 이용한 스마트 그리드 시스템의 보안 방법 |
US10666424B1 (en) * | 2016-10-20 | 2020-05-26 | Massachusetts Mutual Life Insurance Company | Systems and methods for trigger based synchronized updates in a distributed records environment |
CN107079036A (zh) * | 2016-12-23 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | 注册及授权方法、装置及系统 |
US10382485B2 (en) * | 2016-12-23 | 2019-08-13 | Vmware, Inc. | Blockchain-assisted public key infrastructure for internet of things applications |
US10810290B2 (en) * | 2017-03-05 | 2020-10-20 | Ronald H Minter | Robust method and an apparatus for authenticating a client in non-face-to-face online interactions based on a combination of live biometrics, biographical data, blockchain transactions and signed digital certificates |
JP6340107B1 (ja) * | 2017-04-10 | 2018-06-06 | アイビーシー株式会社 | 電子証明システム |
US10123202B1 (en) * | 2017-07-11 | 2018-11-06 | Verizon Patent And Licensing Inc. | System and method for virtual SIM card |
CN107360001B (zh) * | 2017-07-26 | 2021-12-14 | 创新先进技术有限公司 | 一种数字证书管理方法、装置和系统 |
US20190140848A1 (en) * | 2017-11-07 | 2019-05-09 | Spinbackup Inc. | Decentralized Access Control for Cloud Services |
WO2019094611A1 (en) * | 2017-11-08 | 2019-05-16 | Averon Us, Inc. | Identity-linked authentication through a user certificate system |
JP7121810B2 (ja) * | 2018-05-15 | 2022-08-18 | ケルビン ゼロ インコーポレーテッド | 安全なブロックチェーントランザクションおよびサブネットワークのためのシステム、方法、デバイス及び端末 |
-
2018
- 2018-07-24 CN CN201810821687.3A patent/CN109067543B/zh active Active
-
2019
- 2019-06-21 KR KR1020207031634A patent/KR102440626B1/ko active IP Right Grant
- 2019-06-21 SG SG11202010947UA patent/SG11202010947UA/en unknown
- 2019-06-21 JP JP2020568339A patent/JP7093428B2/ja active Active
- 2019-06-21 WO PCT/CN2019/092220 patent/WO2020019912A1/zh active Application Filing
-
2020
- 2020-08-26 US US17/003,812 patent/US11349674B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105701372A (zh) * | 2015-12-18 | 2016-06-22 | 布比(北京)网络技术有限公司 | 一种区块链身份构建及验证方法 |
US20180097635A1 (en) * | 2016-09-30 | 2018-04-05 | Entrust, Inc. | Methods and apparatus for providing blockchain participant identity binding |
CN107508680A (zh) * | 2017-07-26 | 2017-12-22 | 阿里巴巴集团控股有限公司 | 数字证书管理方法、装置及电子设备 |
CN109067543A (zh) * | 2018-07-24 | 2018-12-21 | 腾讯科技(深圳)有限公司 | 数字证书管理方法、装置、计算机设备和存储介质 |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111275555A (zh) * | 2020-02-24 | 2020-06-12 | 中国工商银行股份有限公司 | 区块链交易处理方法、交易节点以及区块链系统 |
CN111275555B (zh) * | 2020-02-24 | 2023-08-22 | 中国工商银行股份有限公司 | 区块链交易处理方法、交易节点以及区块链系统 |
CN114389827A (zh) * | 2020-10-19 | 2022-04-22 | 中国移动通信有限公司研究院 | 一种机卡绑定方法、装置、设备及计算机可读存储介质 |
CN112862487A (zh) * | 2021-03-03 | 2021-05-28 | 青岛海链数字科技有限公司 | 一种数字证书认证方法、设备及存储介质 |
CN114584317A (zh) * | 2022-03-03 | 2022-06-03 | 杭州复杂美科技有限公司 | 一种区块链广播数据验证方法、设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
KR102440626B1 (ko) | 2022-09-05 |
CN109067543A (zh) | 2018-12-21 |
CN109067543B (zh) | 2020-04-14 |
JP7093428B2 (ja) | 2022-06-29 |
KR20200136481A (ko) | 2020-12-07 |
US20200396089A1 (en) | 2020-12-17 |
SG11202010947UA (en) | 2020-12-30 |
US11349674B2 (en) | 2022-05-31 |
JP2021526341A (ja) | 2021-09-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020019912A1 (zh) | 数字证书管理方法、装置、计算机设备和存储介质 | |
US20200382326A1 (en) | Digital certificate verification method and apparatus, computer device, and storage medium | |
US11159526B2 (en) | System and method for decentralized-identifier authentication | |
US11533164B2 (en) | System and method for blockchain-based cross-entity authentication | |
US10917246B2 (en) | System and method for blockchain-based cross-entity authentication | |
US11196745B2 (en) | Blockchain-based account management | |
WO2021000337A1 (en) | System and method for mapping decentralized identifiers to real-world entities | |
JP2023503607A (ja) | 自動デジタル証明書検証のための方法およびデバイス | |
US11863689B1 (en) | Security settlement using group signatures | |
CN115242471A (zh) | 信息传输方法、装置、电子设备及计算机可读存储介质 | |
Schmid | Right to Sign: Safeguarding data immutability in Blockchain systems with cryptographic signatures over a broad range of available consensus finding scenarios |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19840822 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 20207031634 Country of ref document: KR Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2020568339 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19840822 Country of ref document: EP Kind code of ref document: A1 |