Nothing Special   »   [go: up one dir, main page]

CN107231351B - Electronic certificate management method and related equipment - Google Patents

Electronic certificate management method and related equipment Download PDF

Info

Publication number
CN107231351B
CN107231351B CN201710381234.9A CN201710381234A CN107231351B CN 107231351 B CN107231351 B CN 107231351B CN 201710381234 A CN201710381234 A CN 201710381234A CN 107231351 B CN107231351 B CN 107231351B
Authority
CN
China
Prior art keywords
certificate
electronic certificate
account
electronic
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710381234.9A
Other languages
Chinese (zh)
Other versions
CN107231351A (en
Inventor
鲁静
张建冬
宋斌
向万红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yuanguang Software Co Ltd
Original Assignee
Yuanguang Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yuanguang Software Co Ltd filed Critical Yuanguang Software Co Ltd
Priority to CN201710381234.9A priority Critical patent/CN107231351B/en
Publication of CN107231351A publication Critical patent/CN107231351A/en
Application granted granted Critical
Publication of CN107231351B publication Critical patent/CN107231351B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a management method of electronic certificates and related equipment. The method comprises the following steps: the electronic equipment responds to the received processing instruction to process the electronic certificate; and broadcasting the encrypted processing record in a blockchain network, so that the node of the blockchain network stores the encrypted processing record in a blockchain of the blockchain network. By the scheme, distributed management of the electronic certificate is realized, storage reliability of the electronic certificate is improved, risks of tampering or leakage of certificate information are reduced, and information safety and credibility of the electronic certificate are effectively guaranteed.

Description

Electronic certificate management method and related equipment
Technical Field
The present application relates to the field of certificate electronization, and in particular, to a method and related device for managing electronic certificates.
Background
The certificate such as ID card, driver's license, etc. is a legal document for individuals to engage in social activities and enterprise production and management, and is an essential tool in modern life. Because the traditional paper certificate not only causes resource waste, the repeatability certificate becomes a normal state, more importantly, the certificate counterfeiting phenomenon is difficult to stop, and the trust crisis is caused, but also a series of problems of unsmooth certificate information sharing, easy loss, easy damage and the like exist. Therefore, along with the development of information technology, the electronic certificate comes along with the transport, which solves the waste caused by repeated submission of the paper certificate to a certain extent, saves the social cost, improves the office efficiency of the government, and relieves the problem of difficult certificate handling and use of people.
At present, the management mode of electronic certificates mainly adopts a centralized sharing mode, operations such as manufacturing, storage, information inquiry, exchange and sharing of the electronic certificates are completed by a central database, and an owner of the database masters the access and updating rights of the database. If a problem occurs in the central database, all the stored electronic certificates cannot be accessed or operated. Meanwhile, the current central database does not effectively control the confidentiality of the certificate information or purposefully appoints authorization, namely, the certificate information is disclosed to all office organizations, so that the information of a certificate holder is not effectively confidential, and the risk of attack and tampering and privacy disclosure is high, so that the reliability of the certificate is discounted.
Disclosure of Invention
The method mainly solves the technical problem of providing the management method and the related equipment of the electronic certificate, realizing the distributed management of the electronic certificate, improving the storage reliability of the electronic certificate, reducing the risk of tampering or leakage of certificate information, and effectively ensuring the information safety and the reliability of the electronic certificate.
In order to solve the above problem, a first aspect of the present application provides a method for managing an electronic certificate, the method including: the electronic equipment responds to the received processing instruction to process the electronic certificate; encrypting the processing record of the electronic certificate, and broadcasting the encrypted processing record in a block chain network, so that the node of the block chain network stores the encrypted processing record in a block chain of the block chain network.
In order to solve the above problem, a second aspect of the present application provides a method for managing an electronic certificate, the method including: the electronic equipment sends a request to other nodes of the block chain network; wherein the request is for requesting processing of an electronic certificate; synchronizing the blocks into a blockchain when a blockchain network generates blocks storing encrypted processing records of the electronic certificate, wherein the encrypted processing records are formed by the other nodes in response to the request for processing the electronic certificate; and decrypting the encrypted processing record information to obtain the decrypted processing record of the electronic certificate.
In order to solve the above-mentioned problems, a third aspect of the present application provides an electronic device including a memory, a processor, and a communication circuit; the communication circuit is used for realizing communication with other equipment; the processor is configured to perform the method described above.
In order to solve the above problem, a fourth aspect of the present application provides a non-volatile storage medium storing processor-executable computer instructions for performing the above method.
In the scheme, the processing record of the electronic certificate is stored in the block chain of the block chain network, distributed management of the electronic certificate is realized, and efficient data sharing is realized.
Drawings
Fig. 1 is a block chain architecture diagram of a block chain network according to an embodiment of the present invention;
fig. 2 is a block diagram of an embodiment of a blockchain network of the present application;
fig. 3 is a schematic structural diagram of an embodiment of a blockchain network according to the present application;
fig. 4 is a flowchart illustrating a node identity authentication method in an embodiment of a blockchain network of the present application;
FIG. 5 is a schematic flow chart diagram illustrating a method for managing electronic certificates according to an embodiment of the present application;
FIG. 6 is a schematic flow chart diagram illustrating another embodiment of a method for managing electronic certificates according to the present application;
FIG. 7 is a schematic flow chart diagram illustrating a method for managing electronic certificates according to yet another embodiment of the present application;
fig. 8 is a schematic structural diagram of an embodiment of an electronic device according to the present application.
Detailed Description
The following describes in detail the embodiments of the present application with reference to the drawings attached hereto.
In the following description, for purposes of explanation and not limitation, specific details are set forth such as particular system structures, interfaces, techniques, etc. in order to provide a thorough understanding of the present application.
The terms "system" and "network" are often used interchangeably herein. The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
The block chain technology is a novel distributed data organization method and an operation mode which are developed along with digital encryption currencies such as bitcoin and the like. The method is characterized in that: decentralization enables the data to realize distributed collective maintenance, and greatly improves the efficiency of data operation, management and maintenance; and (3) consensus, wherein the nodes are based on a set of consensus mechanism, the whole block chain is maintained together through competition calculation, any node fails, and other nodes can still work normally. Meanwhile, the block chain carrying the asymmetric encryption technology has high safety and traceability, and can effectively prevent data leakage or illegal tampering. The application provides the management of electronic certificates by using a block chain technology, such as certificate issuing, certificate receiving, certificate checking, user identity authentication and the like.
To facilitate understanding of the blockchain network of the present application, the blockchain technique employed in the present application is first exemplified. In one embodiment, the electronic device runs the blockchain technique to become a node of the blockchain network, and the blockchain technique is configured as shown in fig. 1 and includes a technology layer 11, a service layer 12, and a user layer 13.
The technical layer 11 uses the Ether Fang public chain platform to perform block packaging on the electronic certificate information and the processing records to form a block chain. It is understood that the technology layer 11 is not limited to running the etherhouse public chain, and other public chains that can implement blockchain technology, such as bitcoin public chain, can be run in other application examples.
The service layer 12 is based on the technology layer 11 and implements services such as membership services, block chain services, and electronic certificate services. The electronic certificate service comprises services such as identity authentication, certificate issuing, certificate receiving and checking, and the like, and it can be understood that the block chain technology can provide different electronic certificate services according to a logged account.
The user layer 13 is primarily represented as a user interface of the electronic device running the blockchain technique to enable user interaction with information of other nodes in the blockchain network.
The embodiment is based on an ether house technology platform, so that the number of bytes of processing records of a block chain network is less, a hash algorithm is faster, and a more efficient PoW + PoS consensus mechanism is added, so that the generation time of a new block is reduced to 16.6 s. The mode of combining the membership account, the full node and the cloud storage ensures that data protection is safer, and the privacy safety of the user is fully ensured.
Specifically, the block package may be as shown in fig. 2. The block 20 of the block chain includes a block head (Header)21 and a block Body (Body) 22. The block 22 stores at least one electronic certificate processing record 221 and a Hash value (Hash)222 obtained by performing Hash operation on the processing record. The block header 21 is packaged with information such as a current version number 211, a previous block address 212, a target hash value 213 of the current block, a solution random number 214 of a PoW (workload proof) consensus process of the current block, a Merkle root (Merkle-root)215, and a timestamp 216. Wherein, the current version number 211 is used for marking the relevant version information of software and protocol; the previous block address 212, which may also be referred to as a previous block hash value, by which each block is concatenated end-to-end to form a chain of blocks; the solution random number 214 is a value of the answer to record the decrypted block-related mathematical question; the Merkle root 215 is calculated by hashing each other step by step the hash values of all the processing records in the block 22, and is used for checking whether a processing record exists in the block; the timestamp 216 is used to record the time when the block 20 was generated. It is understood that the structure of the block may be adjusted according to the block chain technique, for example, the above solution random number does not exist without using the Pow consensus mechanism.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a block chain network according to an embodiment of the present application. The blockchain network is a multi-node network system formed by using blockchain technology. In this embodiment, the blockchain network 30 includes a plurality of nodes 31 (also referred to as blockchain nodes) that run blockchain techniques to participate in the same blockchain. The node 31 may be any electronic device, such as a mobile phone, a computer, a tablet computer, and the like.
The blockchain network 30 is used to manage electronic certificates. In particular, each node 31 in the blockchain network 30 can perform related processing on electronic certificates, wherein different nodes 31 can have different processing rights for electronic certificates. Moreover, the related information of the processed electronic certificate is stored in a block (as shown in fig. 2) of the local block chain of each node 31 in the block chain network 30, so that each node 11 stores the processing record of the electronic certificate, i.e. stores the electronic certificate information obtained after processing, thereby realizing distributed storage of the electronic certificate.
In this embodiment, the electronic certificates are processed differently according to the nodes, and the plurality of nodes 31 are divided into a certification node 31a, a normal node 31b, and a verification node 31 c. And different processing of the electronic certificate by the node is determined according to different account identities registered by the node. The issuing node 31a is logged in by an issuing institution account, and can also be called as a verification structure device, and is used for making and updating the electronic certificate; the common node 31b is logged in by a common account, which may also be called a common account device, and is used for requesting to make or update an electronic certificate and obtaining a corresponding electronic certificate; the pinging node 31c, which is registered by a pinging authority, also referred to as a pinging authority device, is used to ping electronic documents. In one implementation, the certifying authority is a governmental agency, and the certifying authority may be a governmental agency or some organization or business. In addition, the nodes 31a, 31b, and 31c may all be lightweight nodes of the blockchain, or at least the certification node 31a may be a full node.
The blockchain network 30 also includes database nodes 32 for storing a provisioning database providing certificate information needed to make or update certificates for the certifying node, and a management node 33. In a practical application, the setting database is a government service database, compared with the existing three-party certification authority, the certificate information source is the government service database, and the data source is more credible. The management node 33 is used for identity management and identity authentication of the node 31 user. The identity authentication is used for the new node 11 to register into the blockchain network, and the specific method may refer to fig. 4, and includes:
s41: an electronic device sends an account registration request to a management device.
For example, an electronic device receives account registration information input by a user to request participation in the blockchain, wherein the account registration information includes an account name (provided that the user logs in the blockchain network after successful registration) requesting registration and identity information of the user of the electronic device, such as an identification number, a passport number, a social security number, and the like, which can prove the identity of the user. The account name and the user identity information may be the same information, that is, the registration information may only include the user identity information. The electronic device generates an account registration request including the identity information of the user of the electronic device according to the account registration information, and sends the account registration request to the management device (i.e., the management node 32).
S42: and the management equipment performs identity authentication on the electronic equipment user according to the identity information in the account registration request. If the authentication is not passed, S43 is executed, and if the authentication is passed, S44 is executed.
For example, the management device first verifies the authenticity of the user identity, specifically, if the identity information in the received account registration request is compared with the identity information in the preset identity database, if the preset identity database is stored with the matched identity information, the management device performs repeated registration verification, otherwise, the management device determines that the authentication is not passed. The verification of whether to repeatedly register specifically comprises the following steps: and generating a unique identity identifier of the whole network according to user information (such as name, unit, city, country and other information representing the identity of the user) and judging whether the equipment user is a new user or not according to the identity identifier. In this embodiment, the HASH algorithm, specifically, SHA3, maximum 2128, and the like, may be used to generate the network-wide unique id. Since the same input will produce the same HASH output, the outputs produced by different inputs will certainly be different. The management equipment is provided with a database for storing the whole-network unique identity of the authentication, so that the management equipment can compare the whole-network unique identity generated according to the user information with the whole-network unique identity stored in the database to judge whether the user is a new user or an old user, if the user does not find the stored whole-network unique identity, the user is determined to be a new user, and if the user is determined to be an old user, the user is determined not to be authenticated.
S43: the management device returns a registration failure message to the electronic device.
Further, the registration failure message may also indicate that the failure reason is that the authentication is different.
S44: the management device sends a registration success message to the electronic device.
Furthermore, the management device may also write the identity information in the registration request, for example, the above-mentioned network-wide unique identity into the setting management database, so as to uniformly manage the identities of the users participating in the blockchain. Of course, the user identity information is not necessarily stored in the setting management database, but may also be encrypted by using the public key of the user and/or the public key of the user itself and stored in the block chain network, so that only the user itself and the electronic device may obtain the identity information of the user by using the private key thereof.
S45: the electronic equipment receives the registration success message of the management equipment and obtains a block chain address generated by the block chain network according to the identity information of the electronic equipment user and a group of public keys and private keys.
In another embodiment, the identity authentication method may not include the steps S41-S44, where after the user identity information is directly authenticated by a human, the device logged in by the authenticator or the electronic device sends a registration request, and further obtains a blockchain address and a set of public and private keys generated by the blockchain network according to the identity information of the user of the electronic device.
S46: the electronic device broadcasts the public key obtained by the management device and stores the private key and the block chain address obtained by the management device.
For example, after receiving the registration success message, the electronic device runs a related algorithm in the blockchain technology itself or generates a blockchain address for the electronic device by another node of the blockchain network, as the blockchain address of the registered account; and a related algorithm in the native runtime blockchain technique generates a set of public and private keys as the public and private keys of the registered account. Specifically, the blockchain address may be, but not limited to, obtained by performing a setting operation (hash operation) on the user identity information, such as the above-mentioned network-wide unique id. The public key can be, but is not limited to, a set algorithm calculation performed on the blockchain address, or directly the blockchain address. The private key can be, but is not limited to, calculated by performing a set algorithm on the public key. Then, the electronic device broadcasts the public key to the blockchain network, so that the nodes 31 in the network all receive and store the public key of the account registered by the user. And the electronic device saves the private key and the block chain address in the local, or the private key can be sent to a set trusted node for storage so as to backup. At this point, account registration is complete. The public key of the account can be obtained by inquiring the block chain address of any account in the network through the block chain node, but the private key can be obtained only by logging in the corresponding account node.
In specific applications, the public and private keys are used differently according to different types of the registered account, for example, the public and private keys of a common account are respectively used for encryption and decryption of account certificate processing records; the public and private keys of the certificate issuing organization are used for verifying the digital signature of the certificate issuing organization; the public and private keys of the inspection structure are used for encrypting and decrypting the inspection information.
It will be appreciated that the database node 32 and the management node 33 described above are nodes accessible to the node 31, but not necessarily block-link points, i.e. the nodes 32, 33 do not necessarily participate in a block chain. Of course, the nodes 32 and/or 33 may also be blockchain nodes, e.g., may be full nodes of a blockchain. In addition, the above-mentioned nodes are distinguished according to the account registered by the node, so that the same electronic device can be used as different nodes according to different registered accounts, and the same electronic device can be used as a plurality of nodes at the same time, for example, the same electronic device can be used as the database node 32 and the certification node 31a at the same time.
The specific way the blockchain network manages electronic certificates is as described in the examples below.
Referring to fig. 5, fig. 5 is a flowchart illustrating an embodiment of a method for managing electronic certificates according to the present application. In this embodiment, the method is executed by an electronic device serving as the above block chain node 31, and specifically includes:
s51: the first electronic device processes the electronic certificate in response to the received processing instruction.
For example, the first electronic device receives a manufacturing request instruction, an updating request instruction, or a checking request instruction, which are input by the second electronic device serving as another blockchain node or a user, and performs corresponding operations such as manufacturing an electronic certificate, updating the electronic certificate, calling out the electronic certificate, and the like according to the instruction.
S52: the first electronic equipment encrypts the processing record of the electronic certificate and broadcasts the encrypted processing record in the block chain network.
After the electronic certificate is processed, the first electronic device acquires a processing record of the electronic certificate, the processing record is used for indicating the processing content of the time, and the processed electronic certificate can be directly taken as the processing record. Then, the first electronic device encrypts the processing record, and in this embodiment, the asymmetric encryption algorithm is used for encryption. For example, the processing record needs to be subsequently fed back to the block link point requesting processing or the block link point designated by the user, so that the first electronic device encrypts the processing record by using the account public key of the node needing to be fed back, so that the node receiving the feedback decrypts the processing record according to the account private key of the node receiving the feedback to obtain the unencrypted processing record.
Each blockchain node in the blockchain network receives the encrypted processing record or only the accounting node (the blockchain node capable of accounting the accounting right) in the blockchain network receives the encrypted processing record, and because the encrypted processing record can be decrypted only by the block chain node requesting processing or the block chain node appointed by the user, other block chain nodes in the network cannot be decrypted to obtain the original processing record, thereby ensuring the confidentiality of the processing record. The block chain node capable of receiving the processing record encapsulates the encrypted processing record set received in the current time period in the local block as shown in fig. 2, and competes for the accounting right of the block through a consensus mechanism, such as a Pow consensus mechanism. When the blockchain node obtains accounting rights, the block is broadcast to the blockchain network. Verifying the validity of the block by other block chain nodes of the block chain network, discarding the block by all the block chain nodes of the block chain network when the block chain network does not recognize the validity of the block, and competing the accounting right again to generate a new block; when the blockchain network recognizes blockiness, all blockchain nodes of the blockchain network synchronize the block or blockhead to its blockchain. If the node is a light node, synchronizing the block head on the current blockchain, and if the node is a full node, synchronizing the whole block on the current blockchain. At this time, the encrypted processing record is stored in the block chain of the block chain network. After the processing record is stored in the block chain, the block chain link point can search for the corresponding processing record stored in the corresponding block by using the block identification and the hash value of the corresponding processing record, and further obtain the electronic certificate information.
It will be appreciated that when other blockchain nodes of the blockchain network process the electronic certificate and broadcast the encrypted process record as described in the above paragraphs S51-S52, the first electronic device may also compete for billing rights and store the encrypted process record in the blockchain as described in the above paragraph.
S53: the second electronic device synchronizes the block to the blockchain when the blockchain network generates a block storing the encrypted processing record of the electronic certificate.
The encrypted processing record is formed by the other node processing the electronic certificate in response to the request, that is, the first electronic device executes the processing of S5 and broadcasts the result to the blockchain network. When the node in the blockchain network that obtains the accounting rights generates a chunk and broadcasts the chunk, the second electronic device receives the chunk and synchronizes it in the local blockchain, as described in S52.
For example, the second electronic device sends a request to the first electronic device; wherein the request is for requesting processing of the electronic certificate. After the first electronic device executes the above-mentioned steps S51-S52, the node in the blockchain network that obtains the accounting right generates a block storing the encrypted processing record of the electronic certificate and broadcasts the block. The second electronic device receives the block stored with the encrypted processing record broadcasted by the node for obtaining the accounting right, and synchronizes the block in the local block chain when the validity of the block is approved by the block chain network. Certainly, if the second electronic device obtains the accounting right, the second electronic device receives the encrypted processing record of the electronic certificate broadcast by the first electronic device, encapsulates the encrypted processing record in a block after determining that the accounting right is obtained, then broadcasts the block in which the encrypted processing record is stored, and links the block in the local block chain when the block chain network approves the validity of the block.
S54: and the second electronic equipment decrypts the encrypted processing record information to obtain the decrypted processing record of the electronic certificate.
To ensure the reliability of the processing record, the second electronic device performs S54 after the encrypted processing record has been stored in the blockchain of the blockchain network. For example, when the second electronic device approves the validity of the block in which the encrypted processing record is stored, the encrypted processing record is extracted from the block, the block is synchronized into the block chain, then the extracted encrypted processing record is decrypted by using the own account private key, and if the decryption is successful, the processing record is determined to be fed back to the second electronic device, and the original processing record is obtained.
Further, in order to ensure the reliability of the processing, the processing record further uses a digital signature of the first electronic device, that is, the processing record is encrypted by using an account private key of the first electronic device, for example, the processing record is encrypted by using an account private key of the first electronic device and an account public key of the second electronic device, or the processing record is secondarily encrypted by using the account private key of the first electronic device and the account public key of the second electronic device sequentially and respectively. Correspondingly, the second electronic device decrypts the processing record by using the combination of the account public key of the first electronic device and the account private key of the second electronic device, or sequentially and respectively uses the account public key of the first electronic device and the account private key of the second electronic device for secondary decryption. If the decryption is successful, the processing record is fed back to the electronic device, and the processing record has the digital signature of the first electronic device account, and is processed by the first electronic device account, and the processing record is not tampered.
Still further, the method may further comprise performing an identity authentication step by the node 11 as illustrated in fig. 4.
In the embodiment, the processing record of the electronic certificate is stored in the block chain of the block chain network, distributed management of the electronic certificate is realized, and efficient data sharing is realized.
Please refer to fig. 6 and fig. 6 are schematic flowcharts of another embodiment of a method for managing electronic certificates according to the present application. In this embodiment, the method is executed by an electronic device serving as the above block chain node 31, specifically, by a certificate issuing authority device serving as a certificate issuing node 31a and a general account device serving as a general node 31b, and specifically includes:
s61: the ordinary account device sends a request for making or updating the electronic certificate to a certificate authority device in the blockchain network.
Wherein the production request includes a certificate type and user identity information of the general account device (i.e. identity information of an owner of the electronic certificate), and the certificate type can be any certificate type such as an identity card, a driving license, a property card, a wedding license and the like. The update request comprises the user identity information of the common account equipment (namely the identity information of the owner of the electronic certificate) and information to be updated, such as a certificate issuing organization code and the like of the electronic certificate, the user public key and the issuer information, of the electronic certificate, wherein the information to be updated is information of a new electronic certificate and can comprise the information of a validity period, the certificate type and the like.
S62: the certificate issuing agency equipment receives a manufacturing request or an updating request of the electronic certificate sent by the common account equipment, and processes according to the received request.
For example, when the certificate issuing mechanism device receives a manufacturing request, the setting database is accessed to search for certificate information matched with the user identity information and the certificate type in the manufacturing request, and if the certificate information is found, an electronic certificate is generated according to the certificate information and a user input instruction. If not, sending a manufacture failure message to the common account equipment, and ending the process. Further, the production failure message may include the reason for its failure because the related certificate information was not found.
As another example, the certificate authority device receives an update request including the certificate type, the blockchain address of the account to which the general account device is logged (for user identity information as the general account device), the certificate authority code, and the certificate information to be updated encrypted by the user public key. The certificate issuing mechanism judges that the updating request accords with the updating condition, specifically, the certificate information of the user is inquired according to the user identity information of the common account equipment, if the existing electronic certificate matched with the certificate type to be updated is not found, the updating request is determined not to accord with the updating condition, an updating failure message is sent to the common account equipment, and the process is ended; if the existing electronic certificate matched with the certificate type to be updated is found, comparing whether the information of the user public key, the certificate issuing organization mechanism code, the validity period and the like in the existing electronic certificate is consistent with the information in the updating request, if so, indicating that the existing electronic certificate is in an updated state, and sending an updating failure message to the common account equipment, and ending the process; if the certificate information is inconsistent with the certificate information, determining that the updating request accords with the updating condition, accessing a set database to search the certificate information matched with the updating request, if the certificate information is searched, generating a new electronic certificate according to the certificate information and a user input instruction, and realizing updating of the electronic certificate. If not, sending a manufacture failure message to the common account equipment, and ending the process.
S63: and the certificate issuing authority equipment encrypts the electronic certificate by using the account private key of the certificate issuing authority equipment and the account public key of the common account equipment and broadcasts the electronic certificate in the block chain network.
In this embodiment, the issuing authority device encrypts the processed electronic certificate by using the digital signature of the issuing authority account and the user seal of the general account device. Specifically, the processing record is encrypted by using the combination of an account private key of the certificate issuing institution equipment and an account public key of the common account equipment; or the processing record is encrypted for the second time by respectively utilizing the account private key of the certificate issuing mechanism equipment and the account public key of the common account equipment in sequence; or the processing record is encrypted by using an account private key of the certificate issuing institution to obtain a signature, and the signature and the processing record are encrypted by using an account public key of the common account equipment to obtain the encrypted electronic certificate. The certificate issuing agency equipment broadcasts the encrypted electronic certificate in the block chain network.
S64: when a blockchain network generates a block storing the encrypted electronic certificate, the common account device synchronizes the block to a blockchain.
As described in the above S52-S53, the nodes of the blockchain network receive the encrypted electronic certificate, and generate and broadcast the block storing the encrypted electronic certificate by using the consensus mechanism, and further synchronize in the blockchain after the block authentication is passed, which is not described herein again. Further, when other block chain nodes receive the encrypted electronic certificate, the user identity information of the common account equipment is confirmed, and after the confirmation, the block in which the encrypted electronic certificate is stored is generated and broadcasted by using a consensus mechanism.
S65: and the common account equipment decrypts the encrypted electronic certificate by using the own account private key and the account public key of the certificate issuing institution equipment to obtain the unencrypted electronic certificate.
For example, the ordinary account device acquires an encrypted electronic certificate from a received block when it is determined that the block is valid. The common account equipment decrypts the encrypted electronic certificate by using the combination of the account public key of the certificate issuing mechanism equipment and the account private key of the common account equipment; or the encrypted electronic certificate is decrypted for the second time by respectively utilizing the account public key of the certificate issuing mechanism equipment and the account private key of the common account equipment in sequence; if the decryption is successful, the encrypted electronic certificate is fed back to the electronic certificate, and the encrypted electronic certificate is provided with a digital signature of the equipment account of the certificate issuing organization and is processed by the certificate issuing organization, so that the received electronic certificate is ensured not to be tampered. And the ordinary account equipment obtains the unencrypted electronic certificate to realize certificate collection.
For another example, the general account device decrypts the encrypted electronic certificate for the first time by using the account private key of the general account device, if the decryption is successful, the processing record is fed back to the general account device, and continues to decrypt the decrypted digital signature part by using the account public key of the certificate issuing mechanism device for the second time, and if the decrypted digital signature part for the second time is consistent with the electronic certificate part decrypted for the first time, the electronic certificate processed by the certificate issuing mechanism is determined, so that the received electronic certificate is ensured not to be tampered. And the common account equipment acquires the electronic certificate part after the first decryption to realize certificate collection.
Referring to fig. 7, fig. 7 is a schematic flowchart illustrating a method for managing electronic certificates according to another embodiment of the present application. In this embodiment, the method is executed by an electronic device serving as the above block chain node 31, specifically, by an inspection mechanism device serving as the inspection node 31c and a general account device serving as the general node 31b, and specifically includes:
s71: the checking agency device sends a checking request of the electronic certificate to the common account device in the block chain network.
Wherein the request for verification may include the certificate type of the electronic certificate and may further include the verification authority information.
S72: the common account device receives the checking request sent by the checking organization device and calls out the electronic certificate requesting checking when the checking request is determined to be allowed.
For example, pinging authority devices employ remote pinging. The checking mechanism device directly sends a checking request to the ordinary account device, and the ordinary account device prompts the checking request to the user and sends a checking failure message to the checking mechanism device after receiving a checking rejection instruction input by the user. After receiving the checking permission instruction input by the user, the common account device calls the electronic certificate requested to be checked from the block chain or the local database according to the certificate type requested to be checked, and further calls the electronic certificate encrypted by the account private key of the certificate issuing institution device, namely the digital signature of the certificate issuing institution.
As another example, the ping mechanism device employs offline ping. The general account equipment generates an identification code such as a two-dimensional code or a bar code containing a self identification according to the input instruction of a user, the checking mechanism equipment scans the identification code to generate a checking request and sends the checking request to the general account equipment, at the moment, the general account equipment directly confirms the allowed checking request and calls out the electronic certificate requesting for checking from a block chain or a local database according to the certificate type requesting for checking. Wherein, the certificate type information can be loaded in the identification code by the common account device according to the user input or be added into the generated checking request after being scanned by the checking mechanism device.
S73: and the common account equipment encrypts the electronic certificate by using the account public key of the checking mechanism equipment and broadcasts the electronic certificate in the block chain network.
In this embodiment, the common account device is used to encrypt the digital signed electronic certificate of the issuing authority. Specifically, for example, the common account device encrypts the called digital signature of the certificate authority by using the account public key of the checking authority device, or encrypts the called digital signature of the certificate authority and the unencrypted electronic certificate by using the account public key of the checking authority device, so as to obtain the encrypted electronic certificate. The general account device broadcasts the encrypted electronic certificate in the blockchain network.
S74: when a blockchain network generates a block in which the encrypted electronic certificate is stored, the inspection authority device synchronizes the block to the blockchain.
As described in the above S52-S53, the nodes of the blockchain network receive the encrypted electronic certificate, and generate and broadcast the block storing the encrypted electronic certificate by using the consensus mechanism, and further synchronize in the blockchain after the block authentication is passed, which is not described herein again. Further, when other block chain nodes receive the encrypted electronic certificate, the user identity information of the common account equipment is confirmed, and after the confirmation, the block in which the encrypted electronic certificate is stored is generated and broadcasted by using a consensus mechanism.
S75: and the checking mechanism equipment decrypts the encrypted electronic certificate by using the account private key of the checking mechanism equipment to obtain the unencrypted electronic certificate.
For example, the certifying authority device upon determining that the received block is valid, retrieves the encrypted electronic certificate from the block. The checking organization equipment sequentially and respectively utilizes the account private key of the checking organization equipment, the account public key of the issuing organization equipment and the account private key of the common account equipment to carry out secondary decryption on the encrypted electronic certificate; if the decryption is successful, the encrypted electronic certificate is fed back to the electronic certificate, and the encrypted electronic certificate is provided with a digital signature of the equipment account of the certificate issuing organization and is processed by the certificate issuing organization, so that the received electronic certificate is ensured not to be tampered. And the checking mechanism equipment obtains the unencrypted electronic certificate and applies the set template to check the electronic certificate.
For another example, the checking organization device decrypts the encrypted electronic certificate for the first time by using the account private key of the checking organization device, if the decryption is successful, the processing record is fed back to the checking organization device, the decrypted digital signature part is decrypted for the second time by using the account public key of the certificate issuing organization device, and if the decrypted digital signature part for the second time is consistent with the electronic certificate part decrypted for the first time, the electronic certificate processed by the certificate issuing organization is determined, so that the received electronic certificate is ensured not to be tampered. The checking mechanism device obtains the electronic certificate part after the first decryption, and checks the electronic certificate by applying the set template.
The checking mode realizes the checking of the certificate of the equipment user at any time and any place, and can greatly save the cost of social interaction and business activities.
The application also provides a management method of the electronic certificate, which comprises the step of executing the main body execution of any one of the above embodiment methods.
The implementation method realizes the distributed management of the centerless electronic certificate based on the block chain technology, has the characteristics of no center, no cost and no threshold, and can be used for the whole-process electronization of issuing, management and application of various certificates. The user certificate making, checking and updating information is subjected to multi-point backup in a distributed database, so that the certificate reliability is improved; a timestamp is added to ensure the timeliness and the continuity of the data; the file hash generated by the certificate is stored in the block chain through asymmetric encryption, the file is uploaded to the cloud, the certificate safety is improved, the functions of electronic certificate existence certification, process certification and auditing certification are achieved, the authentication flow is greatly simplified, the certificate handling and acceptance efficiency is improved, the cost is reduced, and the certificate credibility is increased. In the specific application, the method can be used for a government department to send the electronic certificate to citizens to replace a paper certificate, and the non-falsifiable certificate sending, certificate receiving, certificate checking and updating records are stored through the block chain, so that social subjects can be built, maintained and supervised together, the public right of awareness and supervision is met, and the objectivity and the credibility of the electronic certificate are enhanced. The certificate issuing organ, the market main body, the third party organ and the common user can conveniently join the block chain network to carry out business transaction and government approval with high credibility, low cost and high efficiency, and the application field is very wide.
Referring to fig. 8, fig. 8 is a schematic structural diagram of an embodiment of an electronic device according to the present application. In this embodiment, the electronic device 80 is the node 31 in the block chain network shown in fig. 3. The electronic device 80 includes a memory 81, a processor 82, and a communication circuit 83. Wherein the various components of the electronic device 80 may be coupled together by a bus or the processor of the base station 80 may be connected to other components one-to-one, respectively.
The communication circuit 83 is used for enabling communication with other electronic devices, such as other nodes 31 in a blockchain network, and may specifically include a transmitter and a receiver.
The memory 81 is used for storing computer instructions executed by the processor 82, data of the processor 82 in the process and a local block chain, wherein the memory 81 comprises a nonvolatile storage part for storing the computer instructions.
The processor 82 controls the operation of the electronic device 80, and the processor 82 may also be referred to as a Central Processing Unit (CPU). The processor 82 may be an integrated circuit chip having signal processing capabilities. The processor 82 may also be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In the present embodiment, the processor 82 performs at least one of the following two operations by calling the computer instructions stored in the memory 81.
In a first aspect: the processor 82 is configured to:
processing the electronic certificate in response to processing instructions received by the communication circuit 83;
encrypting the processing record of the electronic certificate, and controlling the communication circuit 83 to broadcast the encrypted processing record in the blockchain network, so that the node of the blockchain network stores the encrypted processing record in the blockchain of the blockchain network.
Optionally, when the electronic device is used as a certificate authority device, the processor 82 is specifically configured to: receiving a manufacturing request of the electronic certificate sent by a common account device through a communication circuit 83, wherein the manufacturing request comprises a certificate type and user identity information of the common account device; searching certificate information matched with the manufacturing request from a set database, and generating an electronic certificate by the searched certificate information; and encrypting the electronic certificate by using the own account private key and the account public key of the common account equipment and controlling the communication circuit 83 to broadcast the encrypted electronic certificate so that the node of the blockchain network for obtaining the accounting right stores the encrypted electronic certificate in the blockchain of the blockchain network, and the common account equipment decrypts the electronic certificate by using the own account private key and the account public key of the certificate issuing equipment.
Optionally, when the electronic device is used as a certificate authority device, the processor 82 is specifically configured to: receiving an update request of the electronic certificate sent by a common account device through a communication circuit 83, wherein the update request includes user identity information of the common account device and information to be updated of the electronic certificate; if the updating request is judged to accord with the updating condition, searching new certificate information matched with the updating request from a set database, and updating the electronic certificate according to the searched new certificate information; and encrypting the electronic certificate by using the own account private key and the account public key of the common account equipment and controlling the communication circuit 83 to broadcast the encrypted electronic certificate so that the node of the blockchain network for obtaining the accounting right stores the encrypted electronic certificate in the blockchain of the blockchain network, and the common account equipment decrypts the electronic certificate by using the own account private key and the account public key of the certificate issuing equipment.
Optionally, when the electronic device is used as a general account device, the processor 82 is specifically configured to: receiving an inspection request transmitted from an inspection organization device through the communication circuit 83; calling out the electronic certificate requesting for checking when the checking request is determined to be allowed; and encrypting the electronic certificate by using the account public key of the checking mechanism equipment and controlling the communication circuit 83 to broadcast the encrypted electronic certificate so that the node of the block chain network for obtaining the accounting right stores the encrypted electronic certificate in the block chain of the block chain network, and the checking mechanism equipment decrypts by using the account private key of the checking mechanism equipment to obtain the electronic certificate.
Optionally, the processor 82 is further configured to: receiving encrypted data broadcasted by other nodes of the block chain network through a communication circuit 83, and storing the encrypted data in a block of a memory 81, wherein the encrypted data is obtained by encrypting the processing record of the electronic certificate by other nodes; upon obtaining the accounting right, the control communication circuit 83 broadcasts the tile to the blockchain network; the block or block header is linked to the block chain of memory 81 when the block chain network recognizes the block validity.
Optionally, the processor 82 is further configured to: the control communication circuit 83 sends an account registration request to the management device, where the account registration request includes identity information of the electronic device user, and is provided to the management device to perform identity authentication on the electronic device user according to the identity information; receiving a registration success message of the management device through a communication circuit 83, and obtaining a block chain address generated by the block chain network according to the identity information of the electronic device user and a group of public keys and private keys; the control communication circuit 83 broadcasts the public key obtained by the management apparatus and stores the private key and the blockchain address obtained by the management apparatus in the memory 81.
In a second aspect, the processor 82 is configured to:
the control communication circuit 83 sends a request to the other nodes of the blockchain network; wherein the request is for requesting processing of an electronic certificate;
synchronizing the blocks into a blockchain of a memory 81 when a blockchain network generates blocks storing encrypted processing records of the electronic certificate, wherein the encrypted processing records are formed by the other nodes in response to the request for processing the electronic certificate;
and decrypting the encrypted processing record information to obtain the decrypted processing record of the electronic certificate.
Optionally, when the electronic device is a general account device, the processor 82 controls the communication circuit 83 to send a request to other nodes of the blockchain network, including: the control communication circuit 83 sends a making request or an updating request of the electronic certificate to the certificate issuing mechanism equipment in the block chain network, so that the certificate issuing mechanism equipment makes or updates the electronic certificate according to the making request or the updating request, encrypts the made or updated electronic certificate by using an account private key of the certificate issuing mechanism equipment and an account public key of the common account equipment, and broadcasts the encrypted electronic certificate in the block chain network; the processor 82 decrypts the encrypted electronic document information to obtain a decrypted electronic document, including: and decrypting the encrypted electronic certificate by using the own account private key and the account public key of the certificate issuing institution device to obtain the unencrypted electronic certificate.
Optionally, when the electronic device is acting as a ping mechanism device, the processor 82 controls the communication circuit 83 to send requests to other nodes of the blockchain network including: the control communication circuit 83 sends an inspection request of the electronic certificate to the common account equipment in the block chain network, so that the common account equipment calls the electronic certificate according to the inspection request, encrypts the called electronic certificate by using an account public key of the inspection mechanism equipment, and broadcasts the encrypted electronic certificate in the block chain network; the processor 82 decrypts the encrypted electronic document information to obtain a decrypted electronic document, including: and decrypting the encrypted electronic certificate by using the own account private key to obtain the unencrypted electronic certificate.
Further, the processor 82 of the electronic device 80 may be configured to perform the methods of the above embodiments.
The present application also provides an embodiment of a non-volatile storage medium storing processor-executable computer instructions for performing the method in the above-described embodiment. Specifically, the storage medium may be specifically the memory 81 shown in fig. 8.
According to the scheme, the processing record of the electronic certificate is stored in the block chain of the block chain network, distributed management of the electronic certificate is achieved, efficient data sharing is achieved, the block chain is decentralized, the block chain is maintained among the block chain nodes based on a consensus mechanism, failure of part of nodes does not affect loss of network data, and the nodes cannot tamper with data, so that storage reliability of the electronic certificate is improved, information safety and reliability of the electronic certificate are effectively improved, the processing record of the electronic certificate is stored in the block chain after being encrypted, only the nodes capable of being decrypted correctly can obtain the processing record, accordingly, risk of information leakage of the certificate is reduced, and safety and reliability of the electronic certificate are further improved.
Specifically, the scheme can realize the following beneficial effects:
(1) the distributed database of the cross organization is used for replacing a central database, point-to-point certificate issuing, verification and verification are carried out, records are reserved, the process is transparent and traceable, certificate making, verification and updating records of the certificate are all stored on a block chain, the process is public, the result cannot be tampered, and the third-party moral risk commonly existing in the existing electronic certificate management is effectively avoided;
(2) the certificate information is stored in the block chain through encryption, multi-point backup is carried out, the certificate is uploaded to the cloud, data safety is guaranteed, safety is higher, and privacy of individuals or enterprises is effectively prevented from being revealed;
(3) by adopting a distributed database architecture, the information circulation of relevant authentication departments is realized under the condition of not changing the existing government service system, the construction cost and the management difficulty of an electronic certificate platform are reduced, and the management efficiency is improved;
(4) the authentication result is called at any time and any place, so that repeated authentication and resource waste are avoided;
(5) user identity information is established on a main chain of the block chain, a side chain is used for other electronic certificates, and the main chain and the side chain are anchored in two directions. The main chain is used for carrying out identity verification, the side chains corresponding to different electronic certificates are anchored, the checking efficiency is higher compared with that of a single chain, the bidirectional anchoring technology of the side chains enables the credit of a user to be transmitted in the whole network, and the credit investigation system can be further established along with the accumulation of certificate processing records;
(6) the construction management cost is low, and the operability is better. The block chain core is decentralized, so that data concentration of cross departments and cross regions is avoided, the existing service system of a government department is not required to be changed, and the mobility of information among the departments is improved;
(7) and zero running of the network user certificate service is realized. The common user, the certificate issuing mechanism and the checking mechanism respectively carry out related certificate service through own client sides. A user sends a certificate receiving and sending (checking) request to a certificate issuing mechanism, a certificate processing record is encrypted by a public key and a private key after verification and then uploaded to a block chain, and a holder (verification mechanism) completes one certificate information transaction after deblocking verification;
(8) greatly promoting the paperless work and reducing the certificate manufacturing cost;
(9) the presence of the implementation proves that: the electronic certificate is signed by a certificate issuing mechanism, and issuing processing records are stored on a block chain, so that the electronic certificate can be proved to be legally existed at a certain moment, the phenomenon of certificate counterfeiting is completely eradicated, and the reliability of the certificate is improved.
(10) And (3) implementation procedural certification: the block chain stores the certificate issuing, the certificate using, the verification and the updating record which can not be tampered, a time stamp is added, the updated version can be connected with the original version, and the continuity is guaranteed;
(11) implementation of auditability certification: the electronic certificate data source is a government database, an electronic file generated by the certificate is stored in a block chain through Hash, the file is uploaded to the cloud, the data security is high, the certificate use record can be traced, and more credible data support can be provided for an audit department.
(12) And (3) realizing credit certification: the main chain is used for identity authentication, the side chain is used for authenticating other various certificates (wedding certificates, real estate, academic calendar, business licenses, health licenses and the like), and the side chain and the main chain are anchored in two directions, so that the certificate information can flow freely, application data can be accumulated, and credit investigation services can be provided step by step.
In the description above, for purposes of explanation and not limitation, specific details are set forth such as particular system structures, interfaces, techniques, etc. in order to provide a thorough understanding of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.

Claims (10)

1. A method of managing electronic certificates, the method comprising:
the electronic equipment responds to the received processing instruction to process the electronic certificate;
encrypting the processing record of the electronic certificate, and broadcasting the encrypted processing record in a block chain network, so that the node of the block chain network stores the encrypted processing record in a block chain of the block chain network;
wherein encrypting the processing record of the electronic certificate comprises:
encrypting the processing record of the electronic certificate by using an account private key of the electronic certificate and an account public key corresponding to the device sending the processing instruction;
the account private key and the account public key are generated by the management device after the user identity authentication of the corresponding account is passed, and the user identity authentication step comprises: the management equipment compares the user identity information in the account registration request with identity information in a preset identity database, if the preset identity database stores matched identity information, hash processing is carried out on the user identity information to obtain a current unique identity identifier of the whole network, and if the current unique identity identifier of the whole network does not exist in the unique identity identifier database of the whole network, the user identity authentication is determined to be passed.
2. The method of claim 1, wherein when the electronic device is acting as a certificate authority device:
the processing of the electronic certificate in response to the received processing instruction includes:
receiving a manufacturing request of an electronic certificate sent by a common account device, wherein the manufacturing request comprises a certificate type and user identity information of the common account device;
searching certificate information matched with the manufacturing request from a set database, and generating an electronic certificate by the searched certificate information;
the encrypting the processing record of the electronic certificate and broadcasting the encrypted processing record in a blockchain network so that a node of the blockchain network stores the encrypted processing record in a blockchain of the blockchain network includes:
and encrypting and broadcasting the electronic certificate by using the own account private key and the account public key of the common account equipment, so that the encrypted electronic certificate is stored in the block chain of the block chain network by the node of the block chain network for obtaining the accounting right, and the common account equipment decrypts by using the own account private key and the account public key of the certificate issuing equipment to obtain the electronic certificate.
3. The method of claim 1 or 2, wherein when the electronic device is acting as a certificate authority device:
the processing of the electronic certificate in response to the received processing instruction includes:
receiving an updating request of the electronic certificate sent by a common account device, wherein the updating request comprises user identity information of the common account device and information to be updated of the electronic certificate;
if the updating request is judged to accord with the updating condition, searching new certificate information matched with the updating request from a set database, and updating the electronic certificate according to the searched new certificate information;
the encrypting the processing record of the electronic certificate and broadcasting the encrypted processing record in a blockchain network so that a node of the blockchain network stores the encrypted processing record in a blockchain of the blockchain network includes:
and encrypting and broadcasting the electronic certificate by using the own account private key and the account public key of the common account equipment, so that the encrypted electronic certificate is stored in the block chain of the block chain network by the node of the block chain network for obtaining the accounting right, and the common account equipment decrypts by using the own account private key and the account public key of the certificate issuing equipment to obtain the electronic certificate.
4. The method of claim 1, wherein when the electronic device is acting as a generic account device:
the processing of the electronic certificate in response to the received processing instruction includes:
receiving an inspection request sent by inspection mechanism equipment;
calling out the electronic certificate requesting for checking when the checking request is determined to be allowed;
the encrypting the processing record of the electronic certificate and broadcasting the encrypted processing record in a blockchain network so that a node of the blockchain network stores the encrypted processing record in a blockchain of the blockchain network includes:
and encrypting and broadcasting the electronic certificate by using the account public key of the checking mechanism equipment so that the node of the block chain network for obtaining the accounting right stores the encrypted electronic certificate in the block chain of the block chain network, and the checking mechanism equipment decrypts by using the account private key of the checking mechanism equipment to obtain the electronic certificate.
5. The method of claim 1, further comprising:
receiving encrypted data broadcasted by other nodes of the block chain network and storing the encrypted data in a local block, wherein the encrypted data is obtained by encrypting the processing record of the electronic certificate by the other nodes;
upon obtaining accounting rights, broadcasting the blocks to a blockchain network;
when the blockchain network accepts the validity of the block, the block or the block head is linked to the local blockchain.
6. The method of claim 1, further comprising:
sending an account registration request to a management device, wherein the account registration request contains identity information of the electronic device user, and the account registration request is provided for the management device to perform identity authentication on the electronic device user according to the identity information;
receiving a registration success message of a management device, and acquiring a block chain address generated by the block chain network according to the identity information of the electronic device user and a group of public keys and private keys;
and broadcasting the public key obtained by the management equipment, and storing the private key and the block chain address obtained by the management equipment.
7. A method of managing electronic certificates, the method comprising:
the electronic equipment sends a request to other nodes of the block chain network; wherein the request is for requesting processing of an electronic certificate;
synchronizing the blocks into a blockchain when a blockchain network generates blocks storing encrypted processing records of the electronic certificate, wherein the encrypted processing records are formed by the other nodes in response to the request for processing the electronic certificate;
decrypting the encrypted processing record information to obtain the decrypted processing record of the electronic certificate;
wherein the decrypting the encrypted processing record information comprises:
decrypting the encrypted processing record information by using an account private key of the electronic certificate and an account public key corresponding to equipment for processing the electronic certificate;
the account private key and the account public key are generated by the management device after the user identity authentication of the corresponding account is passed, and the user identity authentication step comprises: the management equipment compares the user identity information in the account registration request with identity information in a preset identity database, if the preset identity database stores matched identity information, hash processing is carried out on the user identity information to obtain a current unique identity identifier of the whole network, and if the current unique identity identifier of the whole network does not exist in the unique identity identifier database of the whole network, the user identity authentication is determined to be passed.
8. The method of claim 7, wherein when the electronic device is acting as a generic account device:
the sending requests to other nodes of the blockchain network includes:
sending a making request or an updating request of the electronic certificate to certificate issuing mechanism equipment in a block chain network so that the certificate issuing mechanism equipment makes or updates the electronic certificate according to the making request or the updating request, encrypting the made or updated electronic certificate by using an account private key of the certificate issuing mechanism equipment and an account public key of common account equipment, and broadcasting the encrypted electronic certificate in the block chain network; and is
The decrypting the encrypted electronic certificate information to obtain the decrypted electronic certificate comprises the following steps:
decrypting the encrypted electronic certificate by using the own account private key and the account public key of the certificate issuing institution equipment to obtain the unencrypted electronic certificate; and/or
When the electronic device is used as an inspection mechanism device:
the sending requests to other nodes of the blockchain network includes:
sending an inspection request of the electronic certificate to common account equipment in a block chain network so that the common account equipment calls the electronic certificate according to the inspection request, encrypting the called electronic certificate by using an account public key of inspection mechanism equipment, and broadcasting the encrypted electronic certificate in the block chain network; and is
The decrypting the encrypted electronic certificate information to obtain the decrypted electronic certificate comprises the following steps:
and decrypting the encrypted electronic certificate by using the own account private key to obtain the unencrypted electronic certificate.
9. An electronic device comprising a memory, a processor, and communication circuitry;
the communication circuit is used for realizing communication with other equipment;
the processor is configured to perform the method of any one of claims 1 to 8.
10. A computer readable storage medium having stored thereon computer instructions executable by a processor to perform the method of any one of claims 1 to 8.
CN201710381234.9A 2017-05-25 2017-05-25 Electronic certificate management method and related equipment Active CN107231351B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710381234.9A CN107231351B (en) 2017-05-25 2017-05-25 Electronic certificate management method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710381234.9A CN107231351B (en) 2017-05-25 2017-05-25 Electronic certificate management method and related equipment

Publications (2)

Publication Number Publication Date
CN107231351A CN107231351A (en) 2017-10-03
CN107231351B true CN107231351B (en) 2021-01-08

Family

ID=59934328

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710381234.9A Active CN107231351B (en) 2017-05-25 2017-05-25 Electronic certificate management method and related equipment

Country Status (1)

Country Link
CN (1) CN107231351B (en)

Families Citing this family (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102017218736A1 (en) * 2017-10-19 2019-04-25 Bundesdruckerei Gmbh Bidirectional linked blockchain structure
CN107967597A (en) * 2017-11-28 2018-04-27 中国工商银行股份有限公司 Electronic identification processing, storage method and device and electronic identification processing system
US10642967B2 (en) * 2017-11-28 2020-05-05 American Express Travel Related Services Company, Inc. Single sign-on solution using blockchain
CN108009445B (en) * 2017-11-30 2021-05-11 成都蓝海贝信息技术有限公司 Semi-centralized trusted data management system
DE102018200100A1 (en) * 2018-01-04 2019-07-04 Bundesdruckerei Gmbh Personal document block chain structure
CN108305072B (en) * 2018-01-04 2021-02-26 上海点融信息科技有限责任公司 Method, apparatus, and computer storage medium for deploying a blockchain network
WO2019143731A1 (en) 2018-01-19 2019-07-25 Visa International Service Association Event communication and verification through a blockchain network
CN110084068B (en) * 2018-01-26 2023-09-29 阿里巴巴集团控股有限公司 Block chain system and data processing method for block chain system
CN108259622B (en) * 2018-02-07 2020-12-22 福建南威软件有限公司 Cross-region sharing method for electronic license data
CN108334792B (en) * 2018-02-13 2022-08-19 中国银行股份有限公司 Financial industry foreign aid information sharing method and device
CN108388989A (en) * 2018-02-26 2018-08-10 深圳智乾区块链科技有限公司 Transaction methods, system and computer readable storage medium
CN108449336A (en) * 2018-03-16 2018-08-24 浙江创邻科技有限公司 Data traceability based on block chain and strong encryption method, apparatus, medium and system
CN108615152B (en) * 2018-04-25 2021-05-18 合肥惠科金扬科技有限公司 Transaction device based on block chain
CN108596764B (en) * 2018-04-25 2021-05-18 合肥惠科金扬科技有限公司 Transaction method, system and terminal device based on block chain
CN108833133B (en) * 2018-04-27 2021-12-28 广州西麦科技股份有限公司 Network configuration management method and device based on cloud computing network and storage medium
CN108615195B (en) * 2018-04-28 2021-12-07 腾讯科技(深圳)有限公司 Resource transfer information transmission method and device, storage medium and electronic device
CN108616539B (en) * 2018-05-03 2019-08-20 东莞市翔实信息科技有限公司 A kind of method and system of block chain transaction record access
CN108734465B (en) * 2018-05-11 2021-05-11 中国联合网络通信集团有限公司 Ore digging method, ore digging device and block chain system
CN110555297B (en) * 2018-06-01 2021-06-15 本无链科技(深圳)有限公司 Method and system for managing certificates through block chain
CN108881231A (en) * 2018-06-21 2018-11-23 郑州云海信息技术有限公司 The method, apparatus and storage medium of synchronous account information in a kind of group system
CN108846744B (en) * 2018-06-27 2021-09-24 中国银行股份有限公司 Housing asset management system based on block chain
CN109242405B (en) * 2018-06-28 2023-08-22 平安科技(深圳)有限公司 Government affair processing method and device, computer equipment and readable storage medium
CN108880995B (en) * 2018-07-10 2020-08-04 成都知链技术转移有限公司 Block chain-based unfamiliar social network user information and message pushing encryption method
CN110705973B (en) * 2018-07-10 2023-05-16 深圳市红砖坊技术有限公司 Common identification method applied to miner nodes in blockchain system and blockchain system
CN108875411A (en) * 2018-07-11 2018-11-23 成都理工大学 The storage of Intelligent bracelet data and sharing method based on block chain
CN109067521A (en) * 2018-07-27 2018-12-21 天津大学 A kind of public key distribution method based on block chain
CN109190329A (en) * 2018-08-14 2019-01-11 深圳市元征科技股份有限公司 Certificate information management method, system and block chain node device and storage medium
CN109189962B (en) * 2018-08-17 2021-12-21 福建南威软件有限公司 License service implementation system based on block chain
CN109255010A (en) * 2018-09-05 2019-01-22 明涛(保定)信息技术服务有限公司 A kind of block chain patent arrangement process
CN110932859B (en) * 2018-09-20 2021-06-15 北大方正集团有限公司 User information processing method, device and equipment and readable storage medium
CN109359479B (en) * 2018-09-21 2019-12-31 北京非对称区块链科技有限公司 Certificate generation and verification method, device, storage medium and electronic equipment
CN111079197B (en) * 2018-10-10 2021-07-09 腾讯科技(深圳)有限公司 Audit result data storage method and device, electronic equipment and medium
CN109684864A (en) * 2018-11-05 2019-04-26 众安信息技术服务有限公司 A kind of certificate processing method and system based on block chain
CN109583912A (en) * 2018-11-14 2019-04-05 阿里巴巴集团控股有限公司 Trade company's authentication method and device based on block chain
CN109327481B (en) * 2018-12-17 2021-12-14 北京信息科技大学 Block chain-based unified online authentication method and system for whole network
CN109685383B (en) * 2018-12-29 2022-04-12 姜茂清 Electronic certificate application management system based on Internet
CN109800598A (en) * 2018-12-29 2019-05-24 中链科技有限公司 Certificate administration method, apparatus, electronic equipment and storage medium based on block chain
CN109474439A (en) * 2019-01-02 2019-03-15 广州市中智软件开发有限公司 A kind of electronics license based on block chain is credible to be signed and issued, is called and application method
CN111625532A (en) * 2019-02-28 2020-09-04 百度在线网络技术(北京)有限公司 Data blood relationship processing method and device, computer equipment and storage medium
CN109918874B (en) * 2019-03-14 2022-09-02 度小满科技(北京)有限公司 Physical information storage method and device and physical information searching method and device
CN110378667A (en) * 2019-06-19 2019-10-25 深圳壹账通智能科技有限公司 Personal profession skill growth monitoring method and device, storage medium, electronic equipment
CN110750812A (en) * 2019-09-25 2020-02-04 周羽 Block chain-based method and system for issuing paper-electricity integrated certificate and storage medium
CN110750576A (en) * 2019-09-25 2020-02-04 周羽 Block chain-based paper-electricity integrated certificate query method and system and storage medium
CN110765490A (en) * 2019-10-31 2020-02-07 北京海益同展信息科技有限公司 Method and apparatus for processing information
CN111080199A (en) * 2019-11-30 2020-04-28 航天科技控股集团股份有限公司 Product warehousing management system
CN110798489A (en) * 2020-01-06 2020-02-14 成都四方伟业软件股份有限公司 Data approval method and system based on block chain
CN111159303A (en) * 2020-01-07 2020-05-15 杭州宇链科技有限公司 Method for reducing block chain data storage cost
CN111523152B (en) * 2020-05-11 2021-08-03 毕红伟 Block chain-based electronic certificate management method, management network and electronic equipment
CN114066546A (en) * 2020-07-30 2022-02-18 阿里巴巴集团控股有限公司 Data processing method, network system and electronic equipment
CN112087521B (en) * 2020-09-17 2021-12-17 山东诺蓝信息科技有限公司 Block chain link point authority control method based on big data and block chain system
CN113221165B (en) * 2021-05-11 2022-04-22 支付宝(杭州)信息技术有限公司 User element authentication method and device based on block chain
CN113379574A (en) * 2021-05-21 2021-09-10 海南师范大学 Certificate management system and method for online education management platform

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106230592A (en) * 2016-07-15 2016-12-14 海智(天津)大数据服务有限公司 A kind of ELA electronics license node network system and control method
CN106453222A (en) * 2016-07-15 2017-02-22 海智(天津)大数据服务有限公司 ELA electronic license node network system-based electronic license management method
CN106503589A (en) * 2016-10-26 2017-03-15 北京瑞卓喜投科技发展有限公司 The method of calibration of block chain Transaction Information correctness, apparatus and system
CN106682530A (en) * 2017-01-10 2017-05-17 杭州电子科技大学 Method and device for medical information sharing privacy protection based on blockchain technology

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160012465A1 (en) * 2014-02-08 2016-01-14 Jeffrey A. Sharp System and method for distributing, receiving, and using funds or credits and apparatus thereof
US20170116693A1 (en) * 2015-10-27 2017-04-27 Verimatrix, Inc. Systems and Methods for Decentralizing Commerce and Rights Management for Digital Assets Using a Blockchain Rights Ledger

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106230592A (en) * 2016-07-15 2016-12-14 海智(天津)大数据服务有限公司 A kind of ELA electronics license node network system and control method
CN106453222A (en) * 2016-07-15 2017-02-22 海智(天津)大数据服务有限公司 ELA electronic license node network system-based electronic license management method
CN106503589A (en) * 2016-10-26 2017-03-15 北京瑞卓喜投科技发展有限公司 The method of calibration of block chain Transaction Information correctness, apparatus and system
CN106682530A (en) * 2017-01-10 2017-05-17 杭州电子科技大学 Method and device for medical information sharing privacy protection based on blockchain technology

Also Published As

Publication number Publication date
CN107231351A (en) 2017-10-03

Similar Documents

Publication Publication Date Title
CN107231351B (en) Electronic certificate management method and related equipment
WO2022042301A1 (en) Data processing method and apparatus, smart device and storage medium
CN110602138B (en) Data processing method and device for block chain network, electronic equipment and storage medium
CN108235806B (en) Method, device and system for safely accessing block chain, storage medium and electronic equipment
US11159307B2 (en) Ad-hoc trusted groups on a blockchain
CN110516474B (en) User information processing method and device in blockchain network, electronic equipment and storage medium
CN106789090B (en) Public key infrastructure system based on block chain and semi-random combined certificate signature method
CN101981889B (en) Secure communications in computer cluster systems
WO2019080933A1 (en) Block chain transaction privacy protection method and system
CN111651794B (en) Electronic data management method, device and storage medium based on alliance chain
CN110535648B (en) Electronic certificate generation and verification and key control method, device, system and medium
CN114329529A (en) Asset data management method and system based on block chain
CN109450843B (en) SSL certificate management method and system based on block chain
Abraham et al. Revocable and offline-verifiable self-sovereign identities
CN112152778B (en) Node management method and device and electronic equipment
CN110855445B (en) Block chain-based certificate management method and device and storage equipment
WO2023071751A1 (en) Authentication method and communication apparatus
CN112396421A (en) Identity authentication system and method based on block chaining-through card
JP6742558B2 (en) Certification system and certification program
Kumar et al. Design of peer-to-peer protocol with sensible and secure IoT communication for future internet architecture
CN109995737B (en) Decentralized digital certificate management method and device, node and system
CN112749417A (en) Electronic academic certificate data protection and sharing system based on block chain
CN112235260A (en) Anonymous data storage method, device, equipment and storage medium
CN114760071B (en) Zero-knowledge proof based cross-domain digital certificate management method, system and medium
CN115396096A (en) Encryption and decryption method and protection system for secret file based on national cryptographic algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant