Block chain based CA authentication and management method, device and system

A CA authentication and management method technology, applied in the direction of user identity/authority verification, etc., can solve the problems of affecting the verification process results, occupying the user's local storage space, increasing the amount of user operations, etc., to simplify user operations, save user space, improve safety effect

Active Publication Date: 2017-01-04
JIANGSU PAYEGIS TECH CO LTD
View PDF4 Cites 112 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the root CA certificate built into the browser by the user is easily attacked by hackers, resulting in low security of the root CA certificate, and once the root CA certificate is maliciously tampered with, it will affect the result of the entire verification process
[0004] It can be seen that the existing verification method requires the user to save the root CA certificate in advance, which not only increases the user's operation load, occupies the user's local storage space, but also makes it difficult to guarantee the security of the root CA certificate, which in turn leads to the entire verification process. The accuracy of the process is reduced

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Block chain based CA authentication and management method, device and system
  • Block chain based CA authentication and management method, device and system
  • Block chain based CA authentication and management method, device and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] This embodiment is mainly used to implement certificate issuing management operations. Specifically, issuing certificates involves the process of generating root CA certificates, the process of applying for certificates from lower-level CAs to higher-level CAs, and the process of customers applying for certificates from CA institutions, which are described below:

[0060] (1) The certificate generation process of the root CA authority:

[0061] Since the root CA is the most trusted certificate authority, and the certificate of the root CA is a self-signed certificate without the certification of the superior CA, the certificate of the root CA can be trusted for a long time and hardly needs to be changed. Therefore, in the embodiment of the present invention, the root CA certificate is hard-coded into the genesis block. Since the rest of the blocks are built after the genesis block, the operation of each node on the blockchain cannot affect the genesis block. The block ...

Embodiment 2

[0085] This embodiment is mainly used to implement certificate revocation management operations. Specifically, revoking a certificate involves the operation of the upper-level CA organization to revoke the certificate issued by the lower-level CA organization, and the operation of the CA organization to revoke the certificate issued by the CA organization for the client. Since the procedures of the two types of revocation operations are similar, the following mainly introduces the first Class undo operation:

[0086] The upper-level CA agency searches the blockchain for the transaction records of transactions initiated by the CA agency to its lower-level CA agencies, finds the latest transaction, and takes out the signed certificate contained in it. Among them, if the certificate can be taken out from the latest transaction, it means that there is a revocable certificate, otherwise, it returns directly. If there is a revocable certificate, the upper-level CA institution initi...

Embodiment 3

[0091] This embodiment is mainly used to implement query (verification) certificate management operations. Among them, the verification of the certificate is usually verified by the user who has information interaction with the certificate owner (such as the website server). The verification process not only needs to verify whether the certificate owned by the certificate owner is valid, but also verifies the certificate authority layer by layer. certificate. Specifically, the main steps of the verification process are as follows:

[0092] Step 1. The user terminal accesses the website server, and the website server sends the certificate owned by the website server to the user terminal.

[0093] Step 2: The user terminal sends a certificate query request to any network node in the blockchain network, and the network node receives and processes the certificate query request.

[0094] Among them, the network node that receives and processes the certificate query request can be...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a block chain based CA authentication and management method, device and system, which can at least resolve the problem that in an existing CA authentication method, the security of the root CA certificate is difficult to guarantee, resulting in the low accuracy of verification. The block chain further comprises a genesis block and a regular block with the former used to store the root CA certificate. The method comprises: receiving the certificate applying transaction sent by the to-be-authenticated node in the block chain network and containing an unsigned certificate; obtaining the unsigned certificate contained in the certificate applying transaction and generating a signed certificate based on the unsigned certificate; and sending the certificate awarding transaction containing the signed certificate to the to-be-authenticated node in the block chain network.

Description

technical field [0001] The present invention relates to the technical field of network communication, in particular to a block chain-based CA authentication management method, device and system. Background technique [0002] A digital certificate is a certification document issued by an authority to prove a user's identity on a network. The process of issuing a digital certificate can also be called a Certification Authority (CA) process. The traditional certificate issuing system includes the root CA and the multi-level CAs under the root CA. The root CA is the most trusted certificate issuing authority in the certificate issuing system and can issue certificates independently. The root CA generates certificates through self-signing and does not require Certificates are issued by other CA organizations. CA institutions at other levels can issue certificates to them by their superior CA institutions, and can also issue certificates to their subordinate CA institutions and t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32
Inventor 汪德嘉郭宇王少凡姜中正
Owner JIANGSU PAYEGIS TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap