CN109450843B - A blockchain-based SSL certificate management method and system - Google Patents
A blockchain-based SSL certificate management method and system Download PDFInfo
- Publication number
- CN109450843B CN109450843B CN201811083408.4A CN201811083408A CN109450843B CN 109450843 B CN109450843 B CN 109450843B CN 201811083408 A CN201811083408 A CN 201811083408A CN 109450843 B CN109450843 B CN 109450843B
- Authority
- CN
- China
- Prior art keywords
- ssl certificate
- block chain
- web server
- certificate
- ssl
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
本发明公开了一种基于区块链的SSL证书管理方法及系统,属于区块链技术领域。所述方法包括如下步骤:S1:Web服务器生成SSL证书,所述证书包括公钥和私钥;S2:Web服务器在域名增加记录条目,将所述SSL证书发送到区块链中保存;S3:客户端向Web服务器请求SSL证书,所述客户端将收到的SSL证书中的公钥作为键值到区块链上获取对应的SSL证书;S4:所述客户端对所述SSL证书进行校验,若验证通过,则客户端与Web服务器建立加密通信,否则,提示连接有风险。本发明通过结合非对称加密和区块链技术,既能够提高履历信息查询的共享效率,又能从技术上保证信息的隐私性和安全性,且自己生成证书,大大降低成本。
The invention discloses a blockchain-based SSL certificate management method and system, belonging to the technical field of blockchain. The method includes the following steps: S1: The Web server generates an SSL certificate, and the certificate includes a public key and a private key; S2: The Web server adds a record entry to a domain name, and sends the SSL certificate to a blockchain for storage; S3: The client requests an SSL certificate from the Web server, and the client uses the public key in the received SSL certificate as a key to obtain a corresponding SSL certificate on the blockchain; S4: the client verifies the SSL certificate If the verification is passed, the client establishes encrypted communication with the Web server; otherwise, it prompts that the connection is risky. By combining asymmetric encryption and block chain technology, the invention can not only improve the sharing efficiency of historical information query, but also technically ensure the privacy and security of information, and generate certificates by itself, thus greatly reducing costs.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a block chain-based SSL certificate management method and system.
Background
SSL certificates are one type of digital certificate, similar to electronic copies of driver's licenses, passports, and business licenses. Because it is configured on a server, it is also called SSL server certificate. The SSL certificate complies with SSL protocol, is issued by a trusted digital certificate authority CA after the identity of the server is verified, and has the functions of server identity verification and data transmission encryption. The SSL certificate implements a data transmission encryption function by establishing an SSL Secure channel (SSL) between the client browser and the Web server, wherein a security protocol is designed and developed by Netscape Communication. The security protocol is mainly used for providing authentication of the user and the server; encrypting and hiding the transmitted data; ensuring that data is not altered in transit, i.e., the integrity of the data, has now become a standard for globalization in this field.
As the SSL technology is established in all main browser and WEB server programs, the function can be activated only by installing a server certificate, namely, the SSL protocol can be activated through the SSL technology, the encrypted transmission of data information between a client and a server is realized, the leakage of the data information can be prevented, the safety of information transmission between two parties is ensured, and a user can verify whether a website accessed by the user is real and reliable through the server certificate.
Digital signature, also known as Digital identification, signature (Digital ID), provides a method for identity verification on the internet, which is a Digital information file used for marking and proving the identity of both parties of network communication, and the concept is similar to that of a driver's license or an identity card in daily life. The digital signature is mainly used for safe online electronic transaction activities such as sending a safe e-mail, accessing a safe site, online bidding and bidding, online signing, online ordering, safe online document transmission, online office, online payment, online tax payment, online shopping and the like.
In the prior art, SSL certificates are issued by a digital Certificate Authority (CA), and an applicant first creates a CSR file and then submits the CSR to the CA, and the CA generates an SSL certificate based on the CSR and sends the SSL certificate to the applicant. One drawback of this approach is that the SSL certificate is held by a small number of CA authorities, resulting in it being too centralized, which may present a security risk and a high price for current SSL certificates.
Blockchains, a technology that has recently been compared, are decentralized systems, utilize blockchain data structures to verify and store data, utilize distributed node consensus algorithms to generate and update data, utilize cryptography to secure data transmission and access, utilize intelligent contracts composed of automated script code to program and manipulate data, a completely new distributed infrastructure and computing paradigm. Therefore, the blockchain is a new technology with the characteristics of distribution, non-falsification, traceability and the like, has an excellent effect of storing individual history information, can improve the sharing efficiency of history information inquiry, and can technically ensure the privacy and the safety of the information.
Disclosure of Invention
In order to solve the problems in the prior art, embodiments of the present invention provide a block chain-based SSL certificate management method and system, so as to overcome the problems in the prior art that an SSL certificate is issued by a digital Certificate Authority (CA), which results in over-centralization of the SSL certificate, which results in security risk, and the current SSL certificate is expensive.
In order to solve the technical problems, the invention adopts the technical scheme that:
in one aspect, a block chain-based SSL certificate management method is provided, where the method includes the following steps:
s1: the method comprises the steps that a Web server generates an SSL certificate, wherein the certificate comprises a public key and a private key;
s2: adding a record entry in a domain name by the Web server, and sending the SSL certificate to a block chain for storage;
s3: a client requests an SSL certificate from a Web server, and the client takes a public key in the received SSL certificate as a key value to a block chain to obtain the corresponding SSL certificate;
s4: and the client verifies the SSL certificate, if the SSL certificate passes the verification, the client establishes encrypted communication with the Web server, otherwise, the client prompts that the connection is risky.
Further, the step S1 specifically includes:
s1.1: a Web server generates a public and private key pair;
s1.2: preparing a field to be signed, wherein the field comprises a public key, a domain name to be bound by the SSL certificate, the effective time limit of the SSL certificate and a signature algorithm;
s1.3: signing the field to be signed by using a private key to obtain the signed field;
s1.4: and combining the field to be signed and the signed field to form an SSL certificate.
Further, the step S2 specifically includes:
s2.1: a record entry is newly added to the domain name by the Web server, wherein the record type is txt, the host record name is _ pubkey.owner, and the record value is a public key of the SSL certificate;
s2.2: and forming a group of key values by the SSL certificate and the public key of the SSL certificate, and sending the key values to the block chain for storage by using the private key.
Further, the step S2 further includes:
and after the SSL certificate is sent to the block chain, the block chain verifies the SSL certificate, if the SSL certificate passes the block chain, the SSL certificate is stored on the block chain, otherwise, the SSL certificate is discarded.
Further, the verifying the SSL certificate by the node in the blockchain specifically includes:
verifying whether the validity period of the SSL certificate is valid, verifying whether the signature of the SSL certificate is valid, and inquiring whether the record value of the host record _ pubkey.
Further, the step S4 specifically includes:
the client checks whether the SSL certificate acquired on the block chain is consistent with the SSL certificate sent by the Web server, if not, the connection is prompted to be risky, if so, the SSL certificate sent by the Web server is checked, if the verification is passed, the client establishes encrypted communication with the Web server, otherwise, the connection is prompted to be risky.
Further, the verifying the SSL certificate sent by the Web server specifically includes:
the client checks whether the domain name in the SSL certificate is the domain name of the website to be accessed, whether the validity period is valid or not, and whether the signature is valid or not is verified according to a signature algorithm.
In another aspect, a block chain-based SSL certificate management system is provided, the system including:
the Web server is used for generating an SSL certificate, the certificate comprises a public key and a private key, and the Web server is also used for adding a record entry in the domain name and sending the SSL certificate to the block chain for storage;
the client is used for requesting the SSL certificate to the Web server, taking a public key in the received SSL certificate as a key value to a block chain to obtain the corresponding SSL certificate, and verifying the SSL certificate, if the verification is passed, the client establishes encrypted communication with the Web server, otherwise, the connection is prompted to be risky;
and the block chain is used for storing the SSL certificate.
Further, the Web server includes:
the generation module is used for generating a public and private key pair;
the field preparation module is used for preparing a field to be signed, and comprises a public key, a domain name to be bound by the SSL certificate, the effective time limit of the SSL certificate and a signature algorithm;
the signature module is used for signing the field to be signed by using a private key and acquiring the signed field;
and the synthesis module is used for combining the field to be signed and the signed field to form the SSL certificate.
Further, the Web server further includes:
an adding module, configured to add a record entry in a domain name, where the record type is txt, the host record name is _ pubkey.owner, and the record value is a public key of the SSL certificate;
and the sending module is used for forming a group of key values by the SSL certificate and the public key of the SSL certificate, and sending the key values to the block chain for storage by using the private key.
Further, the block chain includes:
and the verification node is used for verifying the SSL certificate after the SSL certificate is sent to the block chain, if the SSL certificate passes the block chain, the SSL certificate is stored on the block chain, and otherwise, the SSL certificate is discarded.
Further, the client includes:
and the verification module is used for verifying whether the SSL certificate acquired on the block chain is consistent with the SSL certificate sent by the Web server or not, prompting that the connection is risky if the SSL certificate acquired on the block chain is inconsistent with the SSL certificate sent by the Web server, verifying the SSL certificate sent by the Web server if the SSL certificate acquired on the block chain is consistent with the SSL certificate sent by the Web server, establishing encryption communication between the client and the Web server if the SSL certificate passes verification, and prompting that the connection.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
1. according to the SSL certificate management method and system based on the block chain, the SSL certificate is generated by the Web server without being issued by a digital Certificate Authority (CA), so that the high price of the SSL certificate issued by the CA is avoided, and the cost is greatly reduced.
2. According to the block chain-based SSL certificate management method and system provided by the embodiment of the invention, by combining the asymmetric encryption and the block chain technology, the sharing efficiency of history information inquiry can be improved, and the privacy and the safety of information can be technically ensured.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flow diagram of a block chain based SSL certificate management method according to an example embodiment;
FIG. 2 is a flowchart illustrating a Web server generating SSL certificates in accordance with an illustrative embodiment;
FIG. 3 is a flowchart illustrating step S2, according to an exemplary embodiment;
fig. 4 is a schematic structural diagram illustrating a block chain-based SSL certificate management system according to an exemplary embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
Fig. 1 is a flowchart illustrating a block chain based SSL certificate management method according to an exemplary embodiment, and referring to fig. 1, the method includes the following steps:
s1: the Web server generates an SSL certificate, which includes a public key and a private key.
Specifically, in the embodiment of the present invention, the SSL certificate is not required to be issued by a CA of a third party, but is issued by the Web server itself, so that the high cost of the CA of the third party is avoided. In addition, the structure of the SSL certificate in the embodiment of the present invention also changes, and the SSL certificate includes, in addition to the public key and the private key, a domain name, a validity time limit, a signature algorithm, a signature, and the like, where the validity time limit includes a validity start time and a validity end time.
S2: and adding a record entry in the domain name by the Web server, and sending the SSL certificate to the block chain for storage.
Specifically, if a domain name is not the owner who created the certificate and linked up, the client (including the browser) accessing the website may be replaced by the attacker with his own certificate on the blockchain, and then eavesdropping on the data. In order to ensure that the domain name can only be created by a domain name owner and linked up, in the embodiment of the invention, a linked up verification mechanism is added, that is, a record entry is added to the domain name by the Web server, when the Web server (owner) sends the SSL certificate to the blockchain, after receiving the information, the node of the blockchain verifies the SSL certificate according to the added record entry, if the information passes, the SSL certificate is stored in the blockchain, otherwise, the SSL certificate is discarded.
Further, verifying the SSL certificate by the node in the blockchain specifically includes:
verifying whether the validity period of the SSL certificate is valid, verifying whether the signature of the SSL certificate is valid, inquiring whether the record value of the host record _ pubkey.
S3: the client requests the SSL certificate from the Web server, and the client takes the public key in the received SSL certificate as a key value to a block chain to obtain the corresponding SSL certificate.
Specifically, the client sends a request to the Web server, the Web server sends the SSL certificate of the client to the client, and the client uses the public key in the received SSL certificate as a key to the block chain to obtain the SSL certificate corresponding to the key.
S4: and the client verifies the SSL certificate, if the SSL certificate passes the verification, the client establishes encrypted communication with the Web server, otherwise, the client prompts that the connection is risky.
Further, the client checks whether the SSL certificate acquired from the block chain is consistent with the SSL certificate sent by the Web server, if not, the connection is prompted to be risky, if so, the SSL certificate sent by the Web server is checked, if the verification is passed, the client establishes encrypted communication with the Web server, otherwise, the connection is prompted to be risky.
Further, the verifying the SSL certificate sent by the Web server specifically includes:
the client checks whether the domain name in the SSL certificate is the domain name of the website to be accessed, whether the validity period is valid or not, and whether the signature is valid or not is verified according to a signature algorithm.
Specifically, the check of the above items may be performed based on a record entry added to the domain name by the Web server.
Here, it should be noted that the establishing, by the client, encrypted communication with the Web server specifically includes: the client encrypts the asymmetric encryption key to be communicated by using a public key in the SSL certificate and then sends the encrypted key to the Web server, the Web server decrypts the encrypted key by using a private key of the Web server after receiving the encrypted key, and then the communication between the client and the Web server is carried out by using the key, so that the privacy and the safety of information are ensured.
Fig. 2 is a flowchart illustrating the Web server generating an SSL certificate according to an exemplary embodiment, and with reference to fig. 2, the steps are as follows:
s1.1: and the Web server generates a public and private key pair.
Specifically, the Web server generates a public-private key pair, which is the above-mentioned public key and private key. In the embodiment of the invention, an asymmetric encryption algorithm is selected, and an ED25519 algorithm is specifically selected. The algorithm has the advantages of high encryption and decryption speed, short generation time and higher safety. It should be noted here that the public key and the private key are a pair, and if the public key is used to encrypt data, only the corresponding private key is used to decrypt the data; if the data is encrypted with a private key, it can only be decrypted with the corresponding public key. Since two different keys are used for encryption and decryption, this algorithm is called an asymmetric encryption algorithm. The basic process of realizing confidential information exchange by the asymmetric encryption algorithm is as follows: the first party generates a pair of keys and discloses one of the keys as a public key to the other party, the second party obtaining the public key encrypts the confidential information by using the key and then sends the encrypted information to the first party, and the first party decrypts the encrypted information by using the other private key (namely, a private key) stored by the first party.
S1.2: and preparing fields to be signed, including a public key, a domain name to be bound by the SSL certificate, the validity time limit of the SSL certificate and a signature algorithm.
Specifically, the validity period of the SSL certificate includes a validity start time and a validity end time. The signature algorithm selected in the embodiment of the invention is the ED25519 algorithm.
S1.3: and signing the field to be signed by using a private key, and acquiring the signed field.
Specifically, the private key generated in the above steps is used to sign the field to be signed, and the signed field is obtained.
S1.4: and combining the field to be signed and the signed field to form an SSL certificate.
Fig. 3 is a flowchart illustrating step S2 according to an exemplary embodiment, and referring to fig. 3, the step S2 specifically includes:
s2.1: and adding a record entry in the domain name by the Web server, wherein the record type is txt, the host record name is _ pubkey.
Specifically, before the chain of the manufactured certificate, the Web server (i.e., the domain name owner) adds a new record entry to the domain name, where the record type is txt, the host record name is _ pubkey. Thus, when the Web server (i.e. domain name owner) sends the SSL certificate to the blockchain, after receiving the information, the nodes of the blockchain verify the SSL certificate according to the added record entry, and if the information passes the record entry, the SSL certificate is stored in the blockchain, otherwise, the SSL certificate is discarded.
S2.2: and forming a group of key values by the SSL certificate and the public key of the SSL certificate, and sending the key values to the block chain for storage by using the private key.
Specifically, the SSL certificate and the public key of the SSL certificate form a set of key values, and the key values are sent to the block chain for storage by using the private key. The block chain can then be queried for the corresponding SSL certificate based on the public key (i.e., the key value).
Example 2
Fig. 4 is a schematic structural diagram of a block chain-based SSL certificate management system according to an exemplary embodiment, and referring to fig. 4, the system includes:
the Web server is used for generating an SSL certificate, the certificate comprises a public key and a private key, and the Web server is also used for adding a record entry in the domain name and sending the SSL certificate to the block chain for storage;
the client is used for requesting the SSL certificate to the Web server, taking a public key in the received SSL certificate as a key value to a block chain to obtain the corresponding SSL certificate, and verifying the SSL certificate, if the verification is passed, the client establishes encrypted communication with the Web server, otherwise, the connection is prompted to be risky;
and the block chain is used for storing the SSL certificate.
Further, the Web server includes:
the generating module is used for generating a public and private key pair, wherein the public and private key pair is the public key and the private key;
the field preparation module is used for preparing a field to be signed, and comprises a public key, a domain name to be bound by the SSL certificate, the effective time limit of the SSL certificate and a signature algorithm;
the signature module is used for signing the field to be signed by using a private key and acquiring the signed field;
and the synthesis module is used for combining the field to be signed and the signed field to form the SSL certificate.
Further, the Web server further includes:
an adding module, configured to add a record entry in a domain name, where the record type is txt, the host record name is _ pubkey.owner, and the record value is a public key of the SSL certificate;
and the sending module is used for forming a group of key values by the SSL certificate and the public key of the SSL certificate, and sending the key values to the block chain for storage by using the private key.
Further, the block chain includes:
and the verification node is used for verifying the SSL certificate after the SSL certificate is sent to the block chain, if the SSL certificate passes the block chain, the SSL certificate is stored on the block chain, and otherwise, the SSL certificate is discarded.
Specifically, the verification node verifies whether the validity period of the SSL certificate is valid, verifies whether the signature of the SSL certificate is valid, and queries whether the record value of the host record _ pubkey.
The block chain is further configured to obtain, according to a key value (i.e., a public key) sent by the client, an SSL certificate corresponding to the key value on the block chain.
Further, the client includes:
and the verification module is used for verifying whether the SSL certificate acquired on the block chain is consistent with the SSL certificate sent by the Web server or not, prompting that the connection is risky if the SSL certificate acquired on the block chain is inconsistent with the SSL certificate sent by the Web server, verifying the SSL certificate sent by the Web server if the SSL certificate acquired on the block chain is consistent with the SSL certificate sent by the Web server, establishing encryption communication between the client and the Web server if the SSL certificate passes verification, and prompting that the connection.
Specifically, the verification module is further configured to verify the SSL certificate sent by the Web server, and specifically includes:
the client checks whether the domain name in the SSL certificate is the domain name of the website to be accessed, whether the validity period is valid or not, and whether the signature is valid or not is verified according to a signature algorithm.
In summary, the technical solution provided by the embodiment of the present invention has the following beneficial effects:
1. according to the SSL certificate management method and system based on the block chain, the SSL certificate is generated by the Web server without being issued by a digital Certificate Authority (CA), so that the high price of the SSL certificate issued by the CA is avoided, and the cost is greatly reduced.
2. According to the block chain-based SSL certificate management method and system provided by the embodiment of the invention, by combining the asymmetric encryption and the block chain technology, the sharing efficiency of history information inquiry can be improved, and the privacy and the safety of information can be technically ensured.
It should be noted that: the SSL certificate management system based on the block chain provided in the foregoing embodiment is only illustrated by dividing the functional modules when triggering the certificate management service, and in practical applications, the function distribution may be completed by different functional modules according to needs, that is, the internal structure of the system is divided into different functional modules, so as to complete all or part of the functions described above. In addition, the block chain based SSL certificate management system provided in the above embodiments and the block chain based SSL certificate management method embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments and are not described herein again.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (10)
1. A block chain-based SSL certificate management method is characterized by comprising the following steps:
s1: the method comprises the steps that a Web server generates an SSL certificate, wherein the certificate comprises a public key and a private key;
s2: adding a record entry in a domain name by the Web server, and sending the SSL certificate to a block chain for storage;
s3: a client requests an SSL certificate from a Web server, and the client takes a public key in the received SSL certificate as a key value to a block chain to obtain the corresponding SSL certificate;
s4: the client verifies the SSL certificate, if the SSL certificate passes the verification, the client establishes encrypted communication with the Web server, otherwise, the client prompts that the connection is risky;
wherein, the step S1 specifically includes:
s1.1: a Web server generates a public and private key pair;
s1.2: preparing a field to be signed, wherein the field comprises a public key, a domain name to be bound by the SSL certificate, the effective time limit of the SSL certificate and a signature algorithm;
s1.3: signing the field to be signed by using a private key to obtain the signed field;
s1.4: and combining the field to be signed and the signed field to form an SSL certificate.
2. The block chain-based SSL certificate management method according to claim 1, wherein the step S2 specifically includes:
s2.1: a record entry is newly added to the domain name by the Web server, wherein the record type is txt, the host record name is _ pubkey.owner, and the record value is a public key of the SSL certificate;
s2.2: and forming a group of key values by the SSL certificate and the public key of the SSL certificate, and sending the key values to the block chain for storage by using the private key.
3. The block chain based SSL certificate management method according to claim 1 or 2, wherein the step S2 further includes:
and after the SSL certificate is sent to the block chain, the block chain verifies the SSL certificate, if the SSL certificate passes the block chain, the SSL certificate is stored on the block chain, otherwise, the SSL certificate is discarded.
4. The block chain based SSL certificate management method of claim 3, wherein the verifying SSL certificate by the node in the block chain specifically comprises:
verifying whether the validity period of the SSL certificate is valid, verifying whether the signature of the SSL certificate is valid, and inquiring whether the record value of the host record _ pubkey.
5. The block chain-based SSL certificate management method according to claim 1, wherein the step S4 specifically includes:
the client checks whether the SSL certificate acquired on the block chain is consistent with the SSL certificate sent by the Web server, if not, the connection is prompted to be risky, if so, the SSL certificate sent by the Web server is checked, if the verification is passed, the client establishes encrypted communication with the Web server, otherwise, the connection is prompted to be risky.
6. The block chain-based SSL certificate management method of claim 5, wherein the verifying the SSL certificate sent by the Web server specifically comprises:
the client checks whether the domain name in the SSL certificate is the domain name of the website to be accessed, whether the validity period is valid or not, and whether the signature is valid or not is verified according to a signature algorithm.
7. A block chain based SSL certificate management system, the system comprising:
the Web server is used for generating an SSL certificate, the certificate comprises a public key and a private key, and the Web server is also used for adding a record entry in the domain name and sending the SSL certificate to the block chain for storage;
the client is used for requesting the SSL certificate to the Web server, taking a public key in the received SSL certificate as a key value to a block chain to obtain the corresponding SSL certificate, and verifying the SSL certificate, if the verification is passed, the client establishes encrypted communication with the Web server, otherwise, the connection is prompted to be risky;
a block chain for storing the SSL certificate;
the Web server includes:
the generation module is used for generating a public and private key pair;
the field preparation module is used for preparing a field to be signed, and comprises a public key, a domain name to be bound by the SSL certificate, the effective time limit of the SSL certificate and a signature algorithm;
the signature module is used for signing the field to be signed by using a private key and acquiring the signed field;
and the synthesis module is used for combining the field to be signed and the signed field to form the SSL certificate.
8. The block chain based SSL certificate management system of claim 7, wherein the Web server further comprises:
an adding module, configured to add a record entry in a domain name, where the record type is txt, the host record name is _ pubkey.owner, and the record value is a public key of the SSL certificate;
and the sending module is used for forming a group of key values by the SSL certificate and the public key of the SSL certificate, and sending the key values to the block chain for storage by using the private key.
9. The blockchain-based SSL certificate management system according to claim 7 or 8, wherein the blockchain comprises:
and the verification node is used for verifying the SSL certificate after the SSL certificate is sent to the block chain, if the SSL certificate passes the block chain, the SSL certificate is stored on the block chain, and otherwise, the SSL certificate is discarded.
10. The block chain based SSL certificate management system of claim 7, wherein the client comprises:
and the verification module is used for verifying whether the SSL certificate acquired on the block chain is consistent with the SSL certificate sent by the Web server or not, prompting that the connection is risky if the SSL certificate acquired on the block chain is inconsistent with the SSL certificate sent by the Web server, verifying the SSL certificate sent by the Web server if the SSL certificate acquired on the block chain is consistent with the SSL certificate sent by the Web server, establishing encryption communication between the client and the Web server if the SSL certificate passes verification, and prompting that the connection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811083408.4A CN109450843B (en) | 2018-09-14 | 2018-09-14 | A blockchain-based SSL certificate management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811083408.4A CN109450843B (en) | 2018-09-14 | 2018-09-14 | A blockchain-based SSL certificate management method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109450843A CN109450843A (en) | 2019-03-08 |
| CN109450843B true CN109450843B (en) | 2021-06-15 |
Family
ID=65532882
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811083408.4A Active CN109450843B (en) | 2018-09-14 | 2018-09-14 | A blockchain-based SSL certificate management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109450843B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111756678B (en) * | 2019-03-29 | 2023-03-28 | 华为技术有限公司 | Information verification method, device and equipment |
| CN110866288B (en) * | 2019-11-18 | 2023-01-10 | 广州安加互联科技有限公司 | Data protection method, system and terminal based on block chain |
| CN111209262B (en) * | 2020-01-10 | 2023-06-16 | 浪潮通信信息系统有限公司 | Large-scale distributed secure storage system based on block chain |
| CN111507719B (en) * | 2020-04-22 | 2023-04-28 | 北京众享比特科技有限公司 | A method and system for dynamically updating consortium chain verification nodes in a centralized manner |
| CN112787823B (en) * | 2021-01-27 | 2023-01-13 | 上海发电设备成套设计研究院有限责任公司 | Intelligent detection equipment identity authentication method, system and device based on block chain |
| CN112861106B (en) * | 2021-02-26 | 2023-01-10 | 卓尔智联(武汉)研究院有限公司 | Digital certificate processing method and system, electronic device and storage medium |
| CN113254731A (en) * | 2021-06-30 | 2021-08-13 | 支付宝(杭州)信息技术有限公司 | Block link point connection method and device and electronic equipment |
| CN113704742B (en) * | 2021-09-23 | 2024-04-26 | 北京国民安盾科技有限公司 | Method and system for preventing device verification from leaking user privacy |
| CN115021938B (en) * | 2022-06-27 | 2024-10-11 | 中国银行股份有限公司 | Secure digital certificate application method and apparatus |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106385315A (en) * | 2016-08-30 | 2017-02-08 | 北京三未信安科技发展有限公司 | Digital certificate management method and system |
| CN106559211A (en) * | 2016-11-22 | 2017-04-05 | 中国电子科技集团公司第三十研究所 | Secret protection intelligence contract method in a kind of block chain |
| CN106651331A (en) * | 2016-12-22 | 2017-05-10 | 飞天诚信科技股份有限公司 | Digital currency-based electronic transaction method and system |
| CN106972931A (en) * | 2017-02-22 | 2017-07-21 | 中国科学院数据与通信保护研究教育中心 | A kind of method of certificate transparence in PKI |
| WO2017171165A1 (en) * | 2015-12-14 | 2017-10-05 | (주)코인플러그 | System for issuing public certificate on basis of block chain, and method for issuing public certificate on basis of block chain by using same |
| CN107769925A (en) * | 2017-09-15 | 2018-03-06 | 山东大学 | Public key infrastructure system and its certificate management method based on block chain |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160275461A1 (en) * | 2015-03-20 | 2016-09-22 | Rivetz Corp. | Automated attestation of device integrity using the block chain |
| WO2017147696A1 (en) * | 2016-02-29 | 2017-09-08 | Troy Jacob Ronda | Systems and methods for distributed identity verification |
-
2018
- 2018-09-14 CN CN201811083408.4A patent/CN109450843B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017171165A1 (en) * | 2015-12-14 | 2017-10-05 | (주)코인플러그 | System for issuing public certificate on basis of block chain, and method for issuing public certificate on basis of block chain by using same |
| CN106385315A (en) * | 2016-08-30 | 2017-02-08 | 北京三未信安科技发展有限公司 | Digital certificate management method and system |
| CN106559211A (en) * | 2016-11-22 | 2017-04-05 | 中国电子科技集团公司第三十研究所 | Secret protection intelligence contract method in a kind of block chain |
| CN106651331A (en) * | 2016-12-22 | 2017-05-10 | 飞天诚信科技股份有限公司 | Digital currency-based electronic transaction method and system |
| CN106972931A (en) * | 2017-02-22 | 2017-07-21 | 中国科学院数据与通信保护研究教育中心 | A kind of method of certificate transparence in PKI |
| CN107769925A (en) * | 2017-09-15 | 2018-03-06 | 山东大学 | Public key infrastructure system and its certificate management method based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109450843A (en) | 2019-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2022204148B2 (en) | Methods and apparatus for providing blockchain participant identity binding | |
| CN109450843B (en) | A blockchain-based SSL certificate management method and system | |
| US20210367795A1 (en) | Identity-Linked Authentication Through A User Certificate System | |
| CN109687963B (en) | Anti-quantum computing alliance chain transaction method and system based on public key pool | |
| AU2017223133B2 (en) | Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys | |
| US8843415B2 (en) | Secure software service systems and methods | |
| EP2915279B1 (en) | Method and system for protected exchange of data | |
| CN114666064B (en) | Digital asset management method, device, storage medium and equipment based on blockchain | |
| Win et al. | Privacy enabled digital rights management without trusted third party assumption | |
| JP2023540739A (en) | A method for secure, traceable, and privacy-preserving digital currency transfers with anonymity revocation on a distributed ledger | |
| CN113225302A (en) | Data sharing system and method based on proxy re-encryption | |
| US20020144120A1 (en) | Method and apparatus for constructing digital certificates | |
| CN115396096B (en) | Encryption and decryption method and protection system for secret files based on national secret algorithm | |
| CN115720137B (en) | Information management system, method and device | |
| CN112950356B (en) | Personal loan processing method, system, equipment and medium based on digital identity | |
| CN115760124A (en) | Blockchain-based contract trust digital signature method and device | |
| Sejwani et al. | Implementation of x. 509 certificate for online applications | |
| Goodrich et al. | Notarized federated ID management and authentication | |
| CN118886059A (en) | A privacy protection method and system for government approval data based on alliance chain and homomorphic encryption | |
| Lam¹ et al. | Check for updates Using Blockchain to Control Access to Cloud Data | |
| CN120342664A (en) | Electronic bill processing method, device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240306 Address after: Room 1179, W Zone, 11th Floor, Building 1, No. 158 Shuanglian Road, Qingpu District, Shanghai, 201702 Patentee after: Shanghai Zhongan Information Technology Service Co.,Ltd. Country or region after: China Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Patentee before: ZHONGAN INFORMATION TECHNOLOGY SERVICE Co.,Ltd. Country or region before: China |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240415 Address after: Room 1179, W Zone, 11th Floor, Building 1, No. 158 Shuanglian Road, Qingpu District, Shanghai, 201702 Patentee after: Shanghai Zhongan Information Technology Service Co.,Ltd. Country or region after: China Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Patentee before: ZHONGAN INFORMATION TECHNOLOGY SERVICE Co.,Ltd. Country or region before: China |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 3F-24, Group A, Qianhai Shenzhen Hong Kong Innovation Center, No. 4008 Menghai Avenue, Nanshan Street, Qianhai Shenzhen Hong Kong Cooperation Zone, Shenzhen, Guangdong Province 518054 Patentee after: Zhong'an Xinke (Shenzhen) Co.,Ltd. Country or region after: China Address before: Room 1179, W Zone, 11th Floor, Building 1, No. 158 Shuanglian Road, Qingpu District, Shanghai, 201702 Patentee before: Shanghai Zhongan Information Technology Service Co.,Ltd. Country or region before: China |