CN111884815A - Block chain-based distributed digital certificate authentication system - Google Patents
Block chain-based distributed digital certificate authentication system Download PDFInfo
- Publication number
- CN111884815A CN111884815A CN202010789275.3A CN202010789275A CN111884815A CN 111884815 A CN111884815 A CN 111884815A CN 202010789275 A CN202010789275 A CN 202010789275A CN 111884815 A CN111884815 A CN 111884815A
- Authority
- CN
- China
- Prior art keywords
- certificate
- key
- block chain
- user
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000011084 recovery Methods 0.000 claims abstract description 6
- 238000012795 verification Methods 0.000 claims description 18
- 238000004891 communication Methods 0.000 claims description 6
- 238000009825 accumulation Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 4
- 230000007246 mechanism Effects 0.000 claims description 4
- 230000008520 organization Effects 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 17
- 238000000034 method Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000004888 barrier function Effects 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a distributed digital certificate authentication system based on a block chain, which comprises: the client is responsible for registering the user identity, submitting a request of the user about certificate signing, updating, revoking and recovering after the registration is finished, and storing the certificate, the encryption key pair and the accumulated evidence value of the user; the certificate management center provides certificate signing and management functions, sends key generation and recovery requests to the key management center on behalf of the client, and signs a certificate for the user; the key management center KM is responsible for managing keys; and the block chain adopts a lightweight certificate chaining mode, forms a transaction list including a certificate state tuple including the user identity, the state, the key type, the signature value and the accumulated evidence value and releases the transaction list on the block chain, and stores the complete certificate in a local database by utilizing a K-V database. The invention greatly improves the usability under the condition of meeting the safety characteristic of the block chain.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a block chain-based distributed digital certificate authentication system.
Background
The blockchain technology is provided as a distributed encryption electronic currency transaction system, through the derivation of three main stages of bitcoin, ether house and intelligent contract, the blockchain technology 3.0 is already applied to various fields such as food traceability, medical dispute, judicial identification and the like as a decentralized distributed system, the core is to maintain a public and difficultly-tampered distributed accounting book by utilizing a plurality of technologies such as Hash algorithm, digital signature, network transmission protocol and the like, the problems of data inconsistency, asynchronization and incapability of verification, data easiness in tampering and the like in a centralized mode are solved, and the maintenance cost of cooperation of participants is effectively reduced while the trust risk is reduced.
In the current centralized public key infrastructure PKI/CA technology, a third party authoritative and trusted CA center is used for issuing and authenticating a digital certificate, and an OCSP (online charging process) and LDAP (blacklist issuing system) are used for supporting a user to inquire the certificate state in real time.
However, as the background of digital certificate applications changes, centralized digital certificate systems expose a number of problems. The traditional PKI/CA technology depends on a centralized certificate issuing directory and a blacklist directory, the number of digital certificate issuing and authentication is increased explosively in the background of distributed big data and the Internet of things, and the traditional centralized management mode cannot meet business requirements and is high in maintenance cost.
Disclosure of Invention
Based on the centralized digital certificate system, a plurality of problems are exposed, the invention provides a distributed digital certificate authentication system based on a block chain. The usability is greatly improved under the condition of meeting the safety characteristic of the block chain.
In order to achieve the above object, the invention adopts the following technical scheme:
a blockchain-based distributed digital certificate authentication system, comprising:
the client is responsible for user identity registration and the registration is finishedThen, the client is responsible for submitting the request of the user on certificate issuance, updating, revocation and recovery, and storing the certificate and the encryption key pair (pk) of the userf,skf) And accumulating the evidence values;
the system comprises a certificate management Center (CA) which provides certificate issuing and management functions, issues key generation and recovery requests to the key management center on behalf of a client and issues a certificate for a user;
the key management center KM is responsible for key management;
and the block chain adopts a lightweight certificate chaining mode, forms a transaction sheet including a certificate state tuple including user identity, state, key type, signature value and accumulated evidence value (id, command, key, value, omega) and distributes the transaction sheet on the block chain, and stores the complete certificate in a local database by using a K-V database.
In a preferred embodiment of the present invention, when the client is responsible for user identity registration, the client is responsible for user identity registration by using one of fingerprint identification and PIN code login.
In a preferred embodiment of the present invention, the certificate management Center (CA) is used as a master node and an endorsement node of each organization of the blockchain network, and is responsible for verifying the validity of the certificate issuing proposal and updating the state of the certificate account book, and the plurality of certificate management Centers (CA) maintain a certificate account book together, that is, once the certificate is issued on the blockchain, the validity of the certificate is approved by the participating certificate management Center (CA) center.
In a preferred embodiment of the present invention, the key management center KM is responsible for key management, i.e. for generating an encryption key pair for a user and sending the key pair to a client using a digital envelope.
In a preferred embodiment of the invention, the encryption key pair is used for the transmission of encrypted communications or for the updating and revocation of the signature key pair.
In a preferred embodiment of the present invention, the key certificate management center adopts a 1024-bit or 2048-bit RSA key length (requiring support of an encryption engine) and supports an ECC cryptographic algorithm.
In a preferred embodiment of the present invention, the blockchain employs a multi-chain parallel consensus mechanism.
In a preferred embodiment of the present invention, the blockchain ordering service is provided by a Kafka cluster and Order ordering service node, and provides a subscribeable topic for each participating master node; each topic is a channel, each channel contains a certificate of an industry, a participating host node subscribing to the channel can receive a corresponding block, each participating host node can subscribe to one or more channels according to a management policy and can only access transactions on the subscribed channels.
In a preferred embodiment of the present invention, the block chain uses an accumulator DHT table to realize fast verification and search of a block certificate, and the principle is that when a new block is formed by issuing a certificate, a public key pk of the certificate is used as a unique identifier, the unique identifier is added to the accumulator to return a corresponding accumulated evidence value ω, and a state tuple of the accumulator including a user identity, a public key, an accumulated evidence value, and a block height (id, pk, ω, bid) is stored in a distributed hash table DHT; when the client side carries out certificate authentication, the user identity, the public key and the evidence value (id, pk, omega) are submitted for accumulation verification, if the accumulated evidence value passes the verification, the certificate is issued to the block chain, and the block position where the certificate is stored can be quickly found out by returning the corresponding block height bid.
Due to the adoption of the technical scheme, the device has the advantages that,
the certificate management center of the invention is the core of a digital certificate authentication system, provides certificate signing and management functions, and sends a key generation and recovery request to the key management center on behalf of a client to sign a certificate for a user. At the center of the CA of the present invention. An open and non-falsifiable data platform is provided for realizing 'certificate interconnection and intercommunication', the problems that certificate issuing catalogues and blacklist catalogues are inconsistent in data, asynchronous and cannot be verified, data are easy to falsifie and the like in a centralized mode are solved by using technical means, and the maintenance cost of cooperation of participants is effectively reduced while the trust risk is reduced.
The key management center of the invention is mainly responsible for the management of keys, including the management of key generation, distribution, updating, backup/recovery, archiving, destruction and the like. In the digital certificate authentication system based on the blockchain, a key management center is responsible for generating an encryption key pair for a user and sending the key pair to a client in a digital envelope mode. The encryption key pair may be used for both transmission of encrypted communications and renewal and revocation of the signature key pair.
The key certificate management center of the invention adopts 1024-bit or 2048-bit RSA key length (needing the support of an encryption machine) and simultaneously supports an ECC cryptographic algorithm. Since the key management system needs to communicate with the client and should be secure during the communication, the key management center adopts the SPKM secure communication protocol to communicate data with the client.
The block chain of the invention adopts a multi-chain parallel consensus mechanism, and the distributed characteristic of the block chain requires the consensus mechanism to keep the effective operation of the system, and the consensus process means that a plurality of participating main nodes reach the consistency of the occurrence sequence, the legality and the account book state of the uplink data. In the invention, a plurality of CA centers are used as a main node and an endorsement node of each organization of a block chain network and are responsible for updating the endorsement and the account book state of the certificate uplink operation, and the CA centers become the main operators of a certificate issuing platform in essence. The national management department is used as a super node of the system and supports the management and monitoring of the full life cycle of the certificate, so that the system not only can play the role of opening the block chain technology, but also can support the effective control and supervision of the national management department.
The whole block chain sorting service is provided by Kafka clusters and Order sorting service nodes, and a subject which can be subscribed is provided for each participating main node. Each topic is a channel, each channel containing a certificate for an industry. The participating master nodes subscribing to the channel may receive the corresponding block, and each participating master node may subscribe to one or more channels according to the management policy and may only access transactions on the subscribed channels. The mode enables the certificate issued by the block chain to support the function common to all industries, namely 'universal for one certificate', meets the effective data separation and supervision of the certificate of all industries, breaks through the industry barrier of the certificate use, lightens the management burden of a CA center, reduces the enterprise cost of the certificate use, and fully exerts the advantages of the block chain technology.
The data on the bitcoin blockchain grows linearly, approximately 0.1353 GB/day, and if estimated from this growth rate, the bitcoin blockchain data (excluding the data index) will reach approximately 6 TB. With the increase of data volume, the burden of the client for certificate authentication and search is increased, and the cost for synchronizing the whole certificate book is higher and higher, which becomes an important technical barrier affecting the uplink of the certificate.
The invention adopts an accumulator DHT table to realize rapid verification and search of a block certificate, and the principle is that when a certificate is issued to form a new block, a public key pk of the certificate is used as a unique identifier, the unique identifier is added into an accumulator to return a corresponding accumulated evidence value omega, and a state tuple of the accumulator including a user identity, a public key, the accumulated evidence value and a block height (id, pk, omega, bid) is stored in a distributed hash table DHT. When the client side carries out certificate authentication, the user identity, the public key and the evidence value (id, pk, omega) are submitted for accumulation verification, if the accumulated evidence value passes the verification, the certificate is issued to the block chain, and the block position where the certificate is stored can be quickly found out by returning the corresponding block height bid.
The invention provides a distributed digital certificate authentication system based on a block chain, wherein a plurality of CA centers and government administration departments are used as main nodes of various organizations of the block chain and jointly maintain a public, difficultly-tampered and distributed certificate account book, and a user can inquire and authenticate the state of a held certificate in real time through the public certificate chain. The whole life cycle of the certificate supports the supervision and the audit of government administrative departments, and the transparency, the forgery prevention and the authority of certificate management are greatly improved.
Drawings
FIG. 1 is a schematic diagram of node deployment in a blockchain network according to the present invention.
Fig. 2 is a diagram comparing the block chain issued certificate and the conventional certificate format.
Fig. 3 is a schematic diagram of the lightweight certificate uplink according to the present invention.
Fig. 4 is a diagram illustrating a certificate registration process according to the present invention.
Fig. 5 is a schematic diagram of a certificate update process according to the present invention.
Fig. 6 is a schematic diagram of a certificate authentication process according to the present invention.
Fig. 7 is a diagram illustrating a certificate revocation process according to the present invention.
Detailed Description
The invention is further described below in conjunction with the appended drawings and detailed description.
Referring to fig. 1 to 4, a block chain-based distributed digital certificate authentication system includes:
identity registration
The user registers identity at the client by using various authentication modes such as fingerprint identification, PIN code, dynamic short message and the like, and once the identity authentication is passed, each user is allocated with a block chain wallet. The blockchain wallet is responsible for storing user certificates, encryption key pairs (pk)f,skf) Signing key pair (pk)n,skn) And the accumulated evidence values omega,.
Signature Key Pair (pk)n,skn) For identity authentication, σn=sig(sknId) binding the user identity and the public key by using a signature algorithm;
encryption key pair (pk)f,skf) For encrypted communications, while being usable to issue new keys and to revoke old keys when signing key security is compromised, for storage in a secure blockchain wallet;
certificate issuing
User local generation of signature key pair (pk)n,skn) The CA certificate management center submits a user identity id and a signature public key pk to a KM key management centernApplying for an encryption key pair, the KM center generates the encryption key pair (pk) by using a hardware encryptorf,skf) And the encrypted data is transmitted to the client for safe storage through the encryption mode of the digital envelope. The CA center submits a certificate issuing application to the blockchain to form a certificate issuing transaction list, and an intelligent contract is called to perform the following operations:
-traversing the accumulator distributed hash table (id, pk, ω, bid) to verify if the user has a corresponding public key and block on the chain;
-if the user identity is not registered, verifying whether the certificate issuing operation was initiated by the user himself, verifying ver (pk) using a signature algorithmn,σn,id)=1;
-if the verification is passed, the intelligent contract calls the accumulate new members algorithm AddMemWit (id, pk, ω)0)→(ω1,W0) Calculating new evidence omega generated by adding identity to accumulator1And accumulator state value W0. If the verification is not passed, the certificate issuing transaction order is discarded.
-the participating CA centre endorses the transaction, links in order the digital certificate and the tuple of certificate status (id, register, keytype, values, ω), indicating that the certificate has been issued successfully once it is issued on the blockchain. The id represents the user identity, the register represents that the certificate is in a registration state, the keytype represents that the key type comprises a signature key and an encryption key, the value represents that sigma (sig, id) binds the user identity and a public key by using a signature algorithm, and omega represents an evidence value in an accumulator corresponding to the certificate public key.
Referring to fig. 5, the certificate update flow is as follows
If the signature certificate of the user encounters security threat, the user performs certificate updating operation, and the essence is to sign the public key pknUpdates and issues new certificates. The specific operation is as follows:
first, the client locally generates a new signature key pair
And using a locally stored encryption key pair (pk)f,skf) And carrying out updating operation on the new signature key pair. Using old private keys
For new public key
Signing sigma with user identity id1And use ofNew private key
Signing a user identity id2,
The CA center verifies the updated operation and identity by using signature verification algorithm, and verifies ver (pk) for the updated identity of the certificateold,σ1,(id,pknew) 1, then verifying whether the identity of the new key is the original identity ver (pk) of the usernew,σ2,id)=1。
If the verification is passed, the CA center submits a certificate updating request to generate a corresponding transaction order, and the intelligent contract calls an accumulator DHT table. Firstly, it is verified whether the identity is registered on the chain, if so, the accumulation of new public key is carried out
Updating the accumulated evidence value ω2And accumulator state W1。
The CA center carries out endorsement operation on the certificate update transaction sheet and updates the certificate and a new certificate state tuple
And sequencing the uplink, and then signing and updating the certificate.
Referring to fig. 6, the certificate authentication process is as follows:
data on the bitcoin block chain linearly increases, the burden of certificate authentication and search performed by a client increases with the increase of data volume, the cost for synchronizing the whole certificate book is higher and higher, and the method becomes an important technical barrier for influencing the chain on the certificate. The system adopts the DHT table of the accumulator, and realizes the rapid authentication of the digital certificate by taking the public key pk of the certificate as the unique identifier on the premise of not traversing the whole block chain. The method comprises the following specific operations:
the client end provides a certificate authentication request, and submits the user identity, the signature public key and the accumulated evidence value (id, p)knω) to the accumulator DHT table.
First, traverse the DHT to find out the corresponding accumulator state tuple (id, pk)nω, bid), call accumulator validation algorithm VerifyMemWit (pk)n,ω,W,aux)→0/1。
If the verification is passed, the public key is proved to be issued on the chain, the corresponding block is quickly traversed according to the block height bid, and the certificate authentication operation is completed when the corresponding block certificate is displayed.
Referring to fig. 7, the certificate revocation process is as follows
In the blockchain technology, the certificate is permanently kept undeletable once uploaded to the chain, so in the system, certificate revocation is performed by using an updated certificate state tuple (id, revoke, keytype, values, ω). The specific operation is as follows:
the client applies for certificate revocation, submits user identity, signature public key, accumulated evidence value and signature (id, pk) of the operationn,ω,value=sig(sknId)) to a certificate authority.
CA center passes signature verification algorithm ver (pk)n,σnAnd id) is 1, and whether the certificate revocation operation is initiated by the principal is verified. And if the verification is passed, submitting a certificate revocation application to the blockchain to generate a corresponding transaction sheet.
First, traverse the DHT to find out the corresponding accumulator state tuple (id, pk)nω, bid), call accumulator validation algorithm VerifyMemWit (pk)n,ω,W,aux)→0/1。
If the verification is passed, the public key is proved to be published on the chain, and the DelMemWit (id, pk) algorithm is deleted by calling the accumulator evidencen,ω2)→(ω1,W0) Deleting the accumulated value omega of the public key in the accumulator2And updates the accumulator state to W0。
The CA center endorses the certificate revocation transaction list, sorts and chains new certificate state tuples (id, revoke, keytype, values, omega), and traverses to a certificate state commod (revoke) when the certificate is used subsequently, which indicates that the certificate is revoked.
Claims (9)
1. A block chain based distributed digital certificate authentication system, comprising:
the client is responsible for registering the user identity, submitting a request of the user about certificate signing, updating, abolishing and recovering after the registration is finished, and storing the certificate, the encryption key pair and the accumulated evidence value of the user;
the certificate management center provides certificate issuing and management functions, sends key generation and recovery requests to the key management center on behalf of the client, and issues certificates for users;
the key management center KM is responsible for key management;
and the block chain adopts a lightweight certificate chain-up mode, forms a transaction list including a certificate state tuple including a user identity, a state, a key type, a signature value and an accumulated evidence value and releases the transaction list on the block chain, and stores the complete certificate in a local database by utilizing a K-V database.
2. The system according to claim 1, wherein when the client is responsible for user identity registration, the client is responsible for user identity registration by one of fingerprint recognition and PIN code login.
3. The system according to claim 1, wherein the Certificate Authority (CA) is responsible for verifying the validity of the certificate issuance proposal and updating the status of the certificate account book as a master node and an endorsement node of each organization of the blockchain network, and the plurality of Certificate Authority (CA) centers maintain a certificate account book together, that is, once the certificate is issued on the blockchain, the validity of the certificate is approved by the Certificate Authority (CA) centers.
4. The system as claimed in claim 1, wherein the key management center KM is responsible for key management, namely for generating an encryption key pair for the user and sending the key pair to the client by using a digital envelope.
5. The blockchain-based distributed digital certificate authentication system as claimed in claim 4, wherein the encryption key pair is used for transmission of encrypted communications or for renewal and revocation of a signing key pair.
6. The system of claim 5, wherein the key certificate management center employs a 1024-bit or 2048-bit RSA key length (requiring support of an encryptor) while supporting an ECC cryptographic algorithm.
7. The blockchain-based distributed digital certificate authentication system as claimed in claim 1, wherein the blockchain employs a multi-chain parallel consensus mechanism.
8. The blockchain-based distributed digital certificate authentication system as claimed in claim 7, wherein the blockchain ordering service is provided by a Kafka cluster, Order ordering service node, providing a subscribetable topic for each participating master node; each topic is a channel, each channel contains a certificate of an industry, a participating host node subscribing to the channel can receive a corresponding block, each participating host node can subscribe to one or more channels according to a management policy and can only access transactions on the subscribed channels.
9. The system of claim 8, wherein the block chain employs an accumulator DHT table to perform fast verification and search on a block certificate, and the principle is that when a certificate is issued to form a new block, a public key pk of the certificate is used as a unique identifier, the public key pk is added to an accumulator to return a corresponding accumulated evidence value ω, and a state tuple of the accumulator including a user identity, a public key, an accumulated evidence value, and a block height (id, pk, ω, bid) is stored in the distributed hash table DHT; when the client side carries out certificate authentication, the user identity, the public key and the evidence value (id, pk, omega) are submitted for accumulation verification, if the accumulated evidence value passes the verification, the certificate is issued to the block chain, and the block position where the certificate is stored can be quickly found out by returning the corresponding block height bid.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010789275.3A CN111884815A (en) | 2020-08-07 | 2020-08-07 | Block chain-based distributed digital certificate authentication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010789275.3A CN111884815A (en) | 2020-08-07 | 2020-08-07 | Block chain-based distributed digital certificate authentication system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111884815A true CN111884815A (en) | 2020-11-03 |
Family
ID=73211031
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010789275.3A Pending CN111884815A (en) | 2020-08-07 | 2020-08-07 | Block chain-based distributed digital certificate authentication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111884815A (en) |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112115205A (en) * | 2020-11-23 | 2020-12-22 | 腾讯科技(深圳)有限公司 | Cross-chain trust method, device, equipment and medium based on digital certificate authentication |
| CN112437089A (en) * | 2020-11-26 | 2021-03-02 | 交控科技股份有限公司 | Train control system key management method and device based on block chain |
| CN112565294A (en) * | 2020-12-23 | 2021-03-26 | 杭州天谷信息科技有限公司 | Identity authentication method based on block chain electronic signature |
| CN113193963A (en) * | 2021-05-06 | 2021-07-30 | 金陵科技学院 | Anonymous authentication and key exchange method based on one-way accumulator |
| CN113204752A (en) * | 2021-06-01 | 2021-08-03 | 京东科技控股股份有限公司 | Identity verification method based on block chain, client and server |
| CN113239335A (en) * | 2021-05-13 | 2021-08-10 | 福建中科星泰数据科技有限公司 | Block chain personnel information management system and method based on Baas |
| CN113342850A (en) * | 2021-05-28 | 2021-09-03 | 昆明理工大学 | Block diagram-based alliance network model and application thereof |
| CN113673893A (en) * | 2021-08-27 | 2021-11-19 | 杭州协能科技股份有限公司 | Retirement power battery management method and system |
| CN113746916A (en) * | 2021-09-01 | 2021-12-03 | 北京泰尔英福网络科技有限责任公司 | Block chain-based third-party service providing method, system and related node |
| CN113850607A (en) * | 2021-11-29 | 2021-12-28 | 中国信息通信研究院 | Data cross-chain transfer method and system based on distributed identity |
| CN114050899A (en) * | 2022-01-11 | 2022-02-15 | 深圳市永达电子信息股份有限公司 | Full life cycle monitoring method and system based on certificate distribution |
| CN114172747A (en) * | 2022-02-10 | 2022-03-11 | 亿次网联(杭州)科技有限公司 | Method and system for group members to obtain authentication certificate based on digital certificate |
| CN114186288A (en) * | 2021-12-07 | 2022-03-15 | 北京工业大学 | PKI certificate system model based on block chain and certificate management method |
| CN114237673A (en) * | 2021-12-31 | 2022-03-25 | 北京易华录信息技术股份有限公司 | Method, device and system for updating client certificate |
| CN114760073A (en) * | 2022-06-13 | 2022-07-15 | 湖南华菱电子商务有限公司 | Block chain based storage commodity distribution method and device, electronic equipment and medium |
| CN114900316A (en) * | 2022-05-05 | 2022-08-12 | 深圳市合创智能信息有限公司 | Block chain-based rapid identity authentication method and system for Internet of things equipment |
| CN114944941A (en) * | 2022-04-24 | 2022-08-26 | 北京交通大学 | Block chain-based Internet of things service distributed access control method |
| CN115118429A (en) * | 2022-03-22 | 2022-09-27 | 西安电子科技大学 | Verifiable and fully editable block chain system, method, equipment and terminal |
| CN115225279A (en) * | 2022-06-29 | 2022-10-21 | 江苏安凰领御科技有限公司 | Digital certificate system based on block chain and processing method thereof |
| CN115225346A (en) * | 2022-06-29 | 2022-10-21 | 北京邮电大学 | A data storage system for credit reporting big data |
| CN115412253A (en) * | 2022-08-01 | 2022-11-29 | 云南大学 | Digital certificate preparation method based on block chain technology |
| CN115618418A (en) * | 2021-07-15 | 2023-01-17 | 杭州云象网络技术有限公司 | Method and system for newly adding state of alliance chain certificate |
| CN116015828A (en) * | 2022-12-18 | 2023-04-25 | 南京理工大学 | Block chain-based industrial Internet of things secure data sharing method |
| CN116029823A (en) * | 2022-06-28 | 2023-04-28 | 中国电信股份有限公司 | Data transaction method, device, equipment and readable medium based on blockchain technology |
| CN116415307A (en) * | 2023-06-06 | 2023-07-11 | 中国电子科技集团公司第二十八研究所 | Distributed trusted data service system and method |
| CN117768245A (en) * | 2024-02-22 | 2024-03-26 | 暨南大学 | A full-link data security protection method and system |
| CN118585518A (en) * | 2024-08-07 | 2024-09-03 | 北京网藤科技有限公司 | A consortium chain slimming method and system based on smart contracts |
| WO2025060003A1 (en) * | 2023-09-21 | 2025-03-27 | Oppo广东移动通信有限公司 | Communication method and device |
| CN119743295A (en) * | 2024-12-16 | 2025-04-01 | 福建亿榕信息技术有限公司 | A two-way identity authentication method and system based on delegation mechanism in Hongmeng ecosystem |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108369697A (en) * | 2015-10-16 | 2018-08-03 | 科因普拉格株式会社 | Recognized certificate based on block chain signs and issues system and method and recognized certificate Verification System and method based on block chain |
| US20180227293A1 (en) * | 2015-08-03 | 2018-08-09 | Coinplug Inc. | Certificate issuing system based on block chain |
| WO2020138525A1 (en) * | 2018-12-26 | 2020-07-02 | 서강대학교 산학협력단 | Method for distributed authentication of device in internet-of-things blockchain environment, and system for distributed authentication of device using same |
| CN111478769A (en) * | 2020-03-18 | 2020-07-31 | 西安电子科技大学 | A distributed trusted identity authentication method, system, storage medium and terminal |
-
2020
- 2020-08-07 CN CN202010789275.3A patent/CN111884815A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180227293A1 (en) * | 2015-08-03 | 2018-08-09 | Coinplug Inc. | Certificate issuing system based on block chain |
| CN108369697A (en) * | 2015-10-16 | 2018-08-03 | 科因普拉格株式会社 | Recognized certificate based on block chain signs and issues system and method and recognized certificate Verification System and method based on block chain |
| WO2020138525A1 (en) * | 2018-12-26 | 2020-07-02 | 서강대학교 산학협력단 | Method for distributed authentication of device in internet-of-things blockchain environment, and system for distributed authentication of device using same |
| CN111478769A (en) * | 2020-03-18 | 2020-07-31 | 西安电子科技大学 | A distributed trusted identity authentication method, system, storage medium and terminal |
Cited By (44)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112115205A (en) * | 2020-11-23 | 2020-12-22 | 腾讯科技(深圳)有限公司 | Cross-chain trust method, device, equipment and medium based on digital certificate authentication |
| CN112115205B (en) * | 2020-11-23 | 2021-02-02 | 腾讯科技(深圳)有限公司 | Cross-chain trust method, device, device and medium based on digital certificate authentication |
| CN112437089A (en) * | 2020-11-26 | 2021-03-02 | 交控科技股份有限公司 | Train control system key management method and device based on block chain |
| CN112565294A (en) * | 2020-12-23 | 2021-03-26 | 杭州天谷信息科技有限公司 | Identity authentication method based on block chain electronic signature |
| CN112565294B (en) * | 2020-12-23 | 2023-04-07 | 杭州天谷信息科技有限公司 | Identity authentication method based on block chain electronic signature |
| CN113193963A (en) * | 2021-05-06 | 2021-07-30 | 金陵科技学院 | Anonymous authentication and key exchange method based on one-way accumulator |
| CN113193963B (en) * | 2021-05-06 | 2022-08-30 | 金陵科技学院 | Anonymous authentication and key exchange method based on one-way accumulator |
| CN113239335A (en) * | 2021-05-13 | 2021-08-10 | 福建中科星泰数据科技有限公司 | Block chain personnel information management system and method based on Baas |
| CN113342850A (en) * | 2021-05-28 | 2021-09-03 | 昆明理工大学 | Block diagram-based alliance network model and application thereof |
| CN113342850B (en) * | 2021-05-28 | 2024-03-19 | 昆明理工大学 | Block diagram-based alliance network model and application thereof |
| CN113204752B (en) * | 2021-06-01 | 2024-09-20 | 京东科技控股股份有限公司 | Identity verification method based on block chain, client and server |
| CN113204752A (en) * | 2021-06-01 | 2021-08-03 | 京东科技控股股份有限公司 | Identity verification method based on block chain, client and server |
| CN115618418A (en) * | 2021-07-15 | 2023-01-17 | 杭州云象网络技术有限公司 | Method and system for newly adding state of alliance chain certificate |
| CN113673893A (en) * | 2021-08-27 | 2021-11-19 | 杭州协能科技股份有限公司 | Retirement power battery management method and system |
| CN113746916A (en) * | 2021-09-01 | 2021-12-03 | 北京泰尔英福网络科技有限责任公司 | Block chain-based third-party service providing method, system and related node |
| CN113850607A (en) * | 2021-11-29 | 2021-12-28 | 中国信息通信研究院 | Data cross-chain transfer method and system based on distributed identity |
| CN113850607B (en) * | 2021-11-29 | 2022-02-11 | 中国信息通信研究院 | Method and system for data cross-chain transfer based on distributed identity |
| CN114186288A (en) * | 2021-12-07 | 2022-03-15 | 北京工业大学 | PKI certificate system model based on block chain and certificate management method |
| CN114237673A (en) * | 2021-12-31 | 2022-03-25 | 北京易华录信息技术股份有限公司 | Method, device and system for updating client certificate |
| CN114050899B (en) * | 2022-01-11 | 2022-07-12 | 深圳市永达电子信息股份有限公司 | Full life cycle monitoring method and system based on certificate distribution |
| CN114050899A (en) * | 2022-01-11 | 2022-02-15 | 深圳市永达电子信息股份有限公司 | Full life cycle monitoring method and system based on certificate distribution |
| CN114172747A (en) * | 2022-02-10 | 2022-03-11 | 亿次网联(杭州)科技有限公司 | Method and system for group members to obtain authentication certificate based on digital certificate |
| CN115118429A (en) * | 2022-03-22 | 2022-09-27 | 西安电子科技大学 | Verifiable and fully editable block chain system, method, equipment and terminal |
| CN114944941B (en) * | 2022-04-24 | 2023-03-17 | 北京交通大学 | A blockchain-based distributed access control method for Internet of Things services |
| CN114944941A (en) * | 2022-04-24 | 2022-08-26 | 北京交通大学 | Block chain-based Internet of things service distributed access control method |
| CN114900316A (en) * | 2022-05-05 | 2022-08-12 | 深圳市合创智能信息有限公司 | Block chain-based rapid identity authentication method and system for Internet of things equipment |
| CN114900316B (en) * | 2022-05-05 | 2023-12-08 | 深圳市兴海物联科技有限公司 | Block chain-based quick identity authentication method and system for Internet of things equipment |
| CN114760073B (en) * | 2022-06-13 | 2022-08-19 | 湖南华菱电子商务有限公司 | Block chain-based warehouse commodity distribution method and device, electronic equipment and medium |
| CN114760073A (en) * | 2022-06-13 | 2022-07-15 | 湖南华菱电子商务有限公司 | Block chain based storage commodity distribution method and device, electronic equipment and medium |
| CN116029823A (en) * | 2022-06-28 | 2023-04-28 | 中国电信股份有限公司 | Data transaction method, device, equipment and readable medium based on blockchain technology |
| CN115225346B (en) * | 2022-06-29 | 2024-05-10 | 北京邮电大学 | Data evidence storage system oriented to credit investigation big data field |
| CN115225346A (en) * | 2022-06-29 | 2022-10-21 | 北京邮电大学 | A data storage system for credit reporting big data |
| CN115225279A (en) * | 2022-06-29 | 2022-10-21 | 江苏安凰领御科技有限公司 | Digital certificate system based on block chain and processing method thereof |
| CN115412253A (en) * | 2022-08-01 | 2022-11-29 | 云南大学 | Digital certificate preparation method based on block chain technology |
| CN116015828A (en) * | 2022-12-18 | 2023-04-25 | 南京理工大学 | Block chain-based industrial Internet of things secure data sharing method |
| CN116415307A (en) * | 2023-06-06 | 2023-07-11 | 中国电子科技集团公司第二十八研究所 | Distributed trusted data service system and method |
| CN116415307B (en) * | 2023-06-06 | 2023-09-01 | 中国电子科技集团公司第二十八研究所 | A distributed trusted data service system and method |
| WO2025060003A1 (en) * | 2023-09-21 | 2025-03-27 | Oppo广东移动通信有限公司 | Communication method and device |
| CN117768245B (en) * | 2024-02-22 | 2024-05-10 | 暨南大学 | A full-link data security protection method and system |
| CN117768245A (en) * | 2024-02-22 | 2024-03-26 | 暨南大学 | A full-link data security protection method and system |
| US12362926B1 (en) | 2024-02-22 | 2025-07-15 | Jinan University | Full-link data security protection method and system |
| CN118585518A (en) * | 2024-08-07 | 2024-09-03 | 北京网藤科技有限公司 | A consortium chain slimming method and system based on smart contracts |
| CN119743295A (en) * | 2024-12-16 | 2025-04-01 | 福建亿榕信息技术有限公司 | A two-way identity authentication method and system based on delegation mechanism in Hongmeng ecosystem |
| CN119743295B (en) * | 2024-12-16 | 2025-12-26 | 福建亿榕信息技术有限公司 | A two-way identity authentication method and system based on delegation mechanism under the HarmonyOS ecosystem |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111884815A (en) | Block chain-based distributed digital certificate authentication system | |
| CN112003889B (en) | Distributed cross-link system and cross-link information interaction and system access control method | |
| CN113014392B (en) | Block chain-based digital certificate management method, system, equipment and storage medium | |
| CN107196966B (en) | Identity authentication method and system based on block chain multi-party trust | |
| EP3520356B1 (en) | Methods and apparatus for providing blockchain participant identity binding | |
| CN110769035B (en) | Block chain asset issuing method, platform, service node and storage medium | |
| CN108429759B (en) | Decentralized storage safety implementation method | |
| JP7592633B2 (en) | METHOD AND APPARATUS FOR PUBLIC KEY MANAGEMENT USING BLOCKCHAIN | |
| CA3121771C (en) | Information masking using certificate authority | |
| CN101286842B (en) | Method for distributing key using public key cryptographic technique and on-line updating of the public key | |
| US20140136838A1 (en) | Entity network translation (ent) | |
| WO2019080933A1 (en) | Block chain transaction privacy protection method and system | |
| CN113824563A (en) | Cross-domain identity authentication method based on block chain certificate | |
| US20210192012A1 (en) | Right holder terminal, user terminal, right holder program, user program, content utilization system, and content utilization method | |
| CN111163109B (en) | Block chain center-removing type node anti-counterfeiting method | |
| JPWO2020010279A5 (en) | ||
| CN108462696B (en) | Decentralized block chain intelligent identity authentication system | |
| CN111586049A (en) | A lightweight key authentication method and device for mobile Internet | |
| CN111866042B (en) | Method and device for synchronizing telecommunication account number change | |
| CN112565294B (en) | Identity authentication method based on block chain electronic signature | |
| CN110378151A (en) | A kind of score management method of education block chain that supporting national secret algorithm | |
| WO2021154157A1 (en) | Blockchain-based data exchange | |
| CN112287040A (en) | Rights and interests combination method and device based on block chain | |
| CN112398658A (en) | Distributed digital certificate management method, system, equipment and storage medium | |
| CN113051341A (en) | User data storage system and method based on multiple block chains |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201103 |