Public key infrastructure system based on block chain, and certificate management method thereof

A technology of public key infrastructure and certificate management, applied in the field of public key infrastructure system and its certificate management, it can solve the problems of complicated client certificate verification process, insecure public key infrastructure, and high communication overhead, so as to avoid CA single Point failure, high safety, and the effect of improving efficiency

Active Publication Date: 2018-03-06
SHANDONG UNIV
View PDF7 Cites 44 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in this patent, 1. The certificate is stored in the blockchain system outside the public key infrastructure, but not all blockchain systems are trustworthy, which will lead to the insecurity of the entire public key infrastructure; 2. The certificate Issuing operations require multiple CAs to cooperate with each other for joint signatures, which has high communication overhead and low efficiency; 3. Each block needs to store a complete certificate revocation list to ensure the correctness of certificate revocation information, which leads to huge 4. The client certificate verification process is complicated, and the certificate itself, the records in the blockchain and the certificate revocation list must be verified, which is inefficient

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Public key infrastructure system based on block chain, and certificate management method thereof
  • Public key infrastructure system based on block chain, and certificate management method thereof
  • Public key infrastructure system based on block chain, and certificate management method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0070] The blockchain-based public key infrastructure system includes user u (User), several CAs, several blockchain maintainers BLM, blockchain, and Client. Several CAs including CA 1 、CA 2 、CA 3 …CA i …CA n , CA i Generate its public-private key pair for CA i public key, for CA i private key and publish its public key on its website (or other secure location) so that user u verifies the CA i public key of

[0071] User u sends a signature request to k CAs, 3≤t≤k≤n, k and t are preset parameters of the blockchain-based public key infrastructure system, k is used for certificate issuance and renewal, and t is used for certificate Revocation, t is any t of k CAs. Larger k and t mean higher security. k CAs verify the identity of user u, sign them separately, and give feedback to user u; user u merges the signature into the certificate issuance transaction CI, and finally obtains the signed certificate issuance transaction CI_signed, and sends it to the blockc...

Embodiment 2

[0077] The certificate management method of the blockchain-based public key infrastructure system described in Embodiment 1, such as figure 1 shown, including the following steps:

[0078] (1) Send request: user u generates its public-private key pair (PK u ,SK u ); the domain name is A.com; several CAs include CA 1 、CA 2 、CA 3 …CA i …CA n , from which user u selects 7 CAs as its certificate authority, including CA 1 ,CA 2 ,...,CA 7 ;

[0079] User u creates transaction CI: Such as figure 2 As shown, TX_ID refers to the identification of the current transaction CI, NULL refers to the identification of the preceding transaction CI (the reason why it is set to NULL is because this transaction is a certificate issuance transaction), and 20190809 indicates that the certificate expires on August 9, 2019 day (including August 9, 2019); Indicates the threshold mechanism, that is, 5 of the 7 CAs can revoke the certificate;

[0080] User u sends transaction CI and u...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a public key infrastructure system based on a block chain, and a certificate management method thereof. The public key infrastructure system comprises a user u, a plurality ofCAs, a plurality of block chain maintainers BLM, a block chain and a client, the user u sends a signature request to the plurality of CAs, the plurality of CAs separately perform signature and feed back the same to the user u; the user u merges the signatures in a singed certificate issue affair and sends the same to the block chain maintainers BLM; the block chain maintainers BLM verify and store the signatures in candidate blocks of the block chain, and send proves of existence of the singed certificate issue affair CI-signed to the user u; and the client requests a certificate from the user u, the user u replies the domain name and the block chain maintainers BLM, and the client sends a query and verification request to the block chain maintainers BLM to query the state of the certificate and make response. By adoption of the public key infrastructure system, simple, convenient and efficient management of the certificates are achieved, and the problem of single point fault of CA can be avoided.

Description

technical field [0001] The invention discloses a blockchain-based public key infrastructure system and a certificate management method thereof, belonging to the technical field of blockchain. Background technique [0002] As we all know, Public Key Infrastructure (PKI) plays a vital role in the field of cyberspace security. For example, SSL / TLS, a security protocol based on public key cryptography, is used to ensure Web communication security. PKI solves many security issues such as identity authentication, information integrity and information non-repudiation in network communication, and provides reliable and safe services for network applications such as e-commerce, e-government, online banking and online securities. As the core of PKI, the certificate issuing authority (Certificate Authority, CA), its security is particularly important. Recently, traditional PKI has faced serious vulnerability problems due to the attacks of issuing fraudulent certificates against the d...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32H04L29/06
CPCH04L9/3247H04L9/3263H04L9/3268H04L63/0823
Inventor 万志国管章双
Owner SHANDONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap