Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

PKI certificate cross-domain authentication method based on blockchain

An authentication method and block chain technology, applied in the field of block chain-based PKI certificate cross-domain authentication, can solve problems such as difficult effective management, difficulty for third parties to obtain recognition from all institutions, and low risk, so as to improve real-time performance and security performance, good scalability, and improved update efficiency

Active Publication Date: 2021-11-19
NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
View PDF9 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Among them, the risk of simple cross-certification is small, the deployment is flexible but difficult to manage effectively, and it is easy to form a complex network structure when there are many participating members (trust systems), which is not suitable for large-scale PKI / CA cross-domain construction
[0004] The trust list needs to be maintained by a trusted third party. Some organizations use this method on a small scale in the construction of domestic government affairs extranets. However, at the level of unified trust services, it is difficult for the selected third party to be recognized by all organizations, and it has not been popularized.
[0005] The bridge CA (BCA) is similar to the trust list in terms of trust relationship. It is difficult to select a third party (bridge) trusted by all parties. At present, the only successful bridge CA is the US Federal Bridge CA, which is difficult to apply in the separate government extranet and business fields.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • PKI certificate cross-domain authentication method based on blockchain
  • PKI certificate cross-domain authentication method based on blockchain
  • PKI certificate cross-domain authentication method based on blockchain

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0023] refer to figure 1 As shown, the present invention discloses a blockchain-based PKI certificate cross-domain authentication method. figure 2 It shows the whole lifecycle management of certificates based on blockchain. The whole life cycle of a certificate mainly includes: certificate application, verification and issuance, status update, revocation, etc. This embodiment uses the commonly used X.509 certificate as an example to illustrate, and the main items of the X.509 certificate are shown in Attached Table 1.

[0024] Attached Table 1 Main Contents of X.509 Certificate

[0025]

[0026] The method of the present invention transfers the cross-domain trust transfer part in the traditional PKI to the block chain, and provides the upper-level CA certificate chain download and user certificate revocation number information through the block chain, abandons the problem of too large CRL list, and improves the real-time performance of certificate update. With the help o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a PKI certificate cross-domain authentication method based on a blockchain. The method comprises the following steps: when a user initiates a cross-domain access request through a client end, a certificate is shown to an authentication server; the authentication server initiates a request to the blockchain for verifying whether each certificate in a certificate chain is revoked or not according to attribute fields of the shown certificate; a smart contract searches whether each certificate is valid in a BCRL (blockchain certificate revocation list), obtains a whole certificate chain, verifies whether the certificate chain is valid step by step from a root-of-trust certificate of a relying party, and signs and issues a user access token if each certificate is not revoked and the certificate chain verification is passed. Through the method provided by the invention, a complex topological structure in cross authentication is solved, a certificate chain trust path can be quickly constructed based on a multi-node tampering-free trust anchor of the blockchain, and the security of PKI certificate cross-domain authentication is improved.

Description

technical field [0001] The invention belongs to the technical field of communication security, and in particular relates to a blockchain-based PKI certificate cross-domain authentication method. Background technique [0002] At present, cross-domain authentication of PKI (Public Key Infrastructure) certificates mainly includes three methods: simple cross-certification, trust list, and bridge CA (certificate authority). [0003] Among them, the risk of simple cross-certification is small, the deployment is flexible but it is difficult to manage effectively, and it is easy to form a complex network structure when there are many participating members (trust systems), which is not suitable for large-scale PKI / CA cross-domain construction. [0004] The trust list needs to be maintained by a trusted third party. Some organizations use this method on a small scale in the construction of domestic government extranets. However, at the level of unified trust services, it is difficult ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/60G06F21/62G06F21/64
CPCG06F21/602G06F21/6218G06F21/64
Inventor 董贵山陈宇翔郝尧白健张兆雷彭海洋
Owner NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com