CN108696356A - A kind of digital certificate delet method, apparatus and system based on block chain - Google Patents

A kind of digital certificate delet method, apparatus and system based on block chain Download PDF

Info

Publication number
CN108696356A
CN108696356A CN201710218253.XA CN201710218253A CN108696356A CN 108696356 A CN108696356 A CN 108696356A CN 201710218253 A CN201710218253 A CN 201710218253A CN 108696356 A CN108696356 A CN 108696356A
Authority
CN
China
Prior art keywords
block
digital certificate
backup
identification information
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710218253.XA
Other languages
Chinese (zh)
Other versions
CN108696356B (en
Inventor
阎军智
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201710218253.XA priority Critical patent/CN108696356B/en
Priority to PCT/CN2018/078888 priority patent/WO2018184447A1/en
Publication of CN108696356A publication Critical patent/CN108696356A/en
Application granted granted Critical
Publication of CN108696356B publication Critical patent/CN108696356B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3265Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a kind of digital certificate delet method, apparatus and system based on block chain, any backup node being applied in block chain, the method includes:According to itself for the information of each of each block preservation backup digital certificate, if invalid for each of block preservation backup digital certificate, the deletion message of the identification information comprising the block is sent to each verification node, when each verification node being made to determine that each digital certificate is invalid in the block of itself identification information, the block body of the block is deleted.Due in embodiments of the present invention, if backup node judges invalid for each of a certain block preservation backup digital certificate, the deletion message of the identification information comprising the block is sent to each verification node, when each verification node being made to determine that each digital certificate is invalid in the block of itself identification information, delete the block body of the block, storage and the computing resource for having saved verification node, improve the operational efficiency of verification node.

Description

A kind of digital certificate delet method, apparatus and system based on block chain
Technical field
The present invention relates to technical field of network security more particularly to a kind of digital certificate delet method based on block chain, Apparatus and system.
Background technology
Digital certificate is a kind of file for proving user identity on network issued by authoritative institution, issues number The process of certificate is referred to as Certificate Authority (Certification Authority, CA) process.Existing Public Key Infrastructure In (Public Key Infrastructure, PKI) technology, CA is the starting point trusted, if it is possible to a CA is controlled, then Digital certificate can be arbitrarily signed and issued using the CA mechanisms, therefore, the CA in core is easily attacked.Once some CA quilt It destroys, then all digital certificates that the CA is signed and issued are all no longer safe, cannot be used continuously.In addition to this, digital certificate relies on Installation or preset CA root digital certificates are also possible to be attacked in advance for side, will if root digital certificate is maliciously tampered Influence entire digital certificate authentication process, in some instances it may even be possible to which fictitious users digital certificate is identified as to legal customer digital certificate.
The block chain technology of rising in recent years, sequentially in time by the block of digital certificate with the connected side of sequence Formula carries out chain type storage, and generates the corresponding credible tree (Merkle) of the block according to each area digital certificate in the block is stored in Value prevents the digital certificate stored in the block to be tampered for carrying out verification to the digital certificate stored in the block.Simultaneously Each of block chain verification node stores all digital certificates in the block chain, and simultaneously to generation and call number certificate Request verified, the CA nodes at center are not present, even if some verification nodes break down or attacked if can protect Demonstrate,prove the correctness of digital certificate.
However, can include all historical figures certificates but there are one prodigious problem in block chain, in block chain, with The passage of time, the digital certificate stored in block chain can constantly increase, and the data volume of entire block chain storage can be increasingly Greatly, it needs storage and the computing resource of verification node also more and more, brings serious burden to verification node, influence verification section The experience of the operation and user of point.
Invention content
The present invention provides a kind of digital certificate delet method, apparatus and system based on block chain, to solve existing skill There are data volume during digital certificate store is increasing in art, the storage for verifying node and computing resource are needed increasingly Height, influence verify node operation and user experience the problem of.
Include multiple verification nodes in the block chain the invention discloses a kind of digital certificate delet method of block chain With at least one backup node, the delet method is applied to any backup node in block chain, the method includes:
According to itself for the information of each of each block preservation backup digital certificate, determine for block preservation Whether each backup digital certificate is invalid;
If it is determined that it is invalid for each of block preservation backup digital certificate, it verifies and saves to each of block chain Point sends the deletion message of the identification information comprising the block, and each verification node is made to judge in the block of itself identification information Whether each digital certificate is invalid, and when each digital certificate is invalid in the block for determining the identification information, deletes this The block body of the block of identification information.
Further, described according to the information for itself being directed to each of each block preservation backup digital certificate, determine needle To the block preserve each of backup digital certificate whether include in vain:
According to itself for the information of each of each block preservation backup digital certificate, determine for block preservation Whether the term of validity of each backup digital certificate expired and/or whether the state of backup digital certificate is to revoke;
If preserving each backup digital certificate for the block as the term of validity is expired and/or the shape of backup digital certificate State is to revoke, and it is invalid for each of block preservation backup digital certificate to determine.
Further, if each digital certificate preserved in each block of each of described block chain verification node It is converted using preset algorithm, it is described to send the identification information comprising the block to each of block chain verification node After deleting message, the method further includes:
Itself is sent to each verification node for each of the block preservation of identification information backup digital certificate.
Include multiple verifications in the block chain the invention discloses a kind of digital certificate delet method based on block chain Node and at least one backup node, the delet method are applied to any verification node in block chain, the method includes:
The deletion message for the identification information comprising block that backup node is sent in block chain is received, wherein the deletion disappears Breath is information of the backup node according to its own for each of each block preservation backup digital certificate in block chain, is determined For the invalid rear transmission of each of block preservation backup digital certificate;
Judge whether each digital certificate is invalid in the block for the identification information that itself is preserved;
If it is determined that each digital certificate is invalid in the block of the identification information, the block body of the block is deleted.
Further, described if each digital certificate preserved to each block is converted using preset algorithm After the deletion message for receiving the identification information comprising block that backup node is sent in block chain, the method further includes:
It is standby for each of the block preservation of the identification information to receive the backup node that the backup node is sent Part digital certificate;
In the block for judging the identification information that itself is preserved each digital certificate whether it is invalid before, it is described Method further includes:
Each backup digital certificate is converted using the preset algorithm;
For each digital certificate preserved in the block of the identification information, each digital certificate itself preserved is judged Digital certificate Corresponding matching after whether being converted with the backup digital certificate;
If so, carrying out subsequent step.
Further, the whether invalid packet of each digital certificate in the block of the identification information for judging itself preservation It includes:
Obtain the term of validity and status information of each digital certificate in the block of the identification information of itself preservation;
Judge whether the term of validity of each digital certificate in the block of the identification information expired and/or state of digital certificate Whether it is to revoke;
If each digital certificate is that the term of validity is expired and/or the state of digital certificate is to hang in the block of the identification information Pin, determines that each digital certificate is invalid in the block of the identification information.
The invention discloses a kind of, and the digital certificate based on block chain deletes device, includes multiple verifications in the block chain Node and at least one backup node, any backup node deleted device and be applied in block chain, described device include:
Determining module determines needle for the information according to itself for each of each block preservation backup digital certificate It is whether invalid to each of block preservation backup digital certificate;
Sending module, be used for if it is determined that for the block preserve each of backup digital certificate it is invalid, to block chain Each of verification node send comprising the block identification information deletion message, so that each verification node is judged itself mark Whether invalid know each digital certificate in the block of information, and each digital certificate is equal in the block for determining the identification information When invalid, the block body of the block of the identification information is deleted.
Further, the determining module is specifically used for according to itself for each of each block preservation backup number The information of certificate determines whether the term of validity for being directed to each of block preservation backup digital certificate is expired and/or backup is digital Whether the state of certificate is to revoke;If being that the term of validity is expired and/or standby for each of block preservation backup digital certificate The state of part digital certificate is to revoke, and it is invalid for each of block preservation backup digital certificate to determine.
Further, the sending module, if being additionally operable to each block of each of described block chain verification node Each digital certificate of middle preservation is converted using preset algorithm, itself is preserved for the block of the identification information Each backup digital certificate is sent to each verification node.
The invention discloses a kind of, and the digital certificate based on block chain deletes device, includes multiple verifications in the block chain Node and at least one backup node, any verification node deleted device and be applied in block chain, described device include:
Receiving module, the deletion message for receiving the identification information comprising block that backup node is sent in block chain, The wherein described message of deleting is that the backup node in block chain backs up number according to its own for each of each block preservation The information of certificate determines and preserves the invalid rear transmission of each backup digital certificate for the block;
Judgment module, whether each digital certificate is invalid in the block for judging the identification information that itself is preserved;
Removing module is used to if it is determined that each digital certificate is invalid in the block of the identification information, delete the block Block body.
Further, the receiving module, if being additionally operable to use each digital certificate that each block preserves default Algorithm converted, receive what the backup node that the backup node is sent was preserved for the block of the identification information Each backup digital certificate;
Described device further includes:
Matching module, for being converted to each backup digital certificate using the preset algorithm;For institute State each digital certificate preserved in the block of identification information, judge itself preserve each digital certificate whether with the backup Digital certificate Corresponding matching after digital certificate transformation;If matching result is yes, judgment module is triggered.
Further, the judgment module is specifically used in the block for obtaining the identification information that itself is preserved per number The term of validity and status information of word certificate;Judge whether the term of validity of each digital certificate in the block of the identification information is expired And/or whether the state of digital certificate is to revoke;If each digital certificate is that the term of validity is expired in the block of the identification information And/or the state of digital certificate is to revoke, and determines that each digital certificate is invalid in the block of the identification information.
The invention discloses a kind of digital certificate deletion systems based on block chain, and the deletion system includes at least one Above application deletes device and multiple above applications in the base of verification node in the digital certificate based on block chain of backup node Device is deleted in the digital certificate of block chain.
The invention discloses a kind of digital certificate delet method, apparatus and system based on block chain, in the block chain Including multiple verification nodes and at least one backup node, the delet method is applied to any backup node in block chain, The method includes:According to itself for the information of each of each block preservation backup digital certificate, determines and be directed to the block Whether each of preservation backup digital certificate is invalid;If it is determined that for each of the block preservation equal nothing of backup digital certificate Effect sends the deletion message of the identification information comprising the block to each of block chain verification node, makes each verification node Judge whether each digital certificate is invalid in the block of itself identification information, and every in the block for determining the identification information When a digital certificate is invalid, the block body of the block of the identification information is deleted.Due in embodiments of the present invention, if backup It is invalid for each of a certain block preservation backup digital certificate that node judges, is sent to each of block chain verification node The deletion message for including the identification information of the block makes each verification node judge in the block of itself identification information per number Whether word certificate is invalid, and when each digital certificate is invalid in the block for determining the identification information, deletes the mark and believes The block body of the block of breath, reduces the memory space occupied in data certificate storing process, has saved the storage of verification node And computing resource, improve the experience of the operational efficiency and user of verification node.
Description of the drawings
Fig. 1 is a kind of block chain configuration diagram provided by the invention;
Fig. 2 is that a kind of digital certificate based on block chain that the embodiment of the present invention 1 provides deletes process schematic;
Fig. 3 is that a kind of storage organization for verification node digital certificate that the embodiment of the present invention 1 and embodiment 4 provide shows It is intended to;
Fig. 4 is that a kind of digital certificate based on block chain that the embodiment of the present invention 4 provides deletes process schematic;
Fig. 5 is that a kind of digital certificate based on block chain that the embodiment of the present invention 7 provides deletes apparatus structure schematic diagram;
Fig. 6 is that a kind of digital certificate based on block chain that the embodiment of the present invention 8 provides deletes apparatus structure schematic diagram;
Fig. 7 is a kind of digital certificate deletion system structural schematic diagram based on block chain that the embodiment of the present invention 9 provides.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts Embodiment shall fall within the protection scope of the present invention.
Fig. 1 be a kind of block chain configuration diagram provided by the invention, in the block chain comprising multiple verification nodes with At least one backup node, each node of verifying is for verifying user to the generation request of digital certificate and user to digital certificate The update of state is asked.Each verification node is sequentially generated new block according to preset time sequencing, and according to digital certificate Generated time in digital certificate store to corresponding block, will be additionally operable to according to user to the update of digital certificate status request pair The state of the digital certificate of storage is updated.Backup node is used for each block for verification node, and backup is stored in the area Each digital certificate of block, and the update of digital certificate status is asked to being demonstrate,proved for the number that each block backs up according to user The state of book is updated.
Embodiment 1:
Fig. 2 is that a kind of digital certificate based on block chain provided in an embodiment of the present invention deletes process schematic, the process Including:
S201:According to itself for the information of each of each block preservation backup digital certificate, determines and be directed to the block Whether each of preservation backup digital certificate is invalid.
A kind of digital certificate delet method based on block chain provided in an embodiment of the present invention is applied to appointing in block chain One backup node, the backup node can be the equipment such as the PC machine with operation and store function, server.
In embodiments of the present invention, each to verify each of node because if do not changed maliciously in block chain The digital certificate preserved in corresponding block is identical, and backup node protects each block that node is each verified in block chain The digital certificate deposited is backed up, that is, is directed to each area digital certificate in the block that verification node preserves and is backed up, backed up In node the corresponding backup digital certificate of each digital certificate in the block is preserved for each block.
Specifically, backup node is determined according to the information for itself being directed to each of each block preservation backup digital certificate It is whether invalid for each of block preservation backup digital certificate, wherein the information of backup digital certificate can be the number The term of validity of certificate.
Such as:Backup node preserves backup digital certificate 1, backup digital certificate 2 for block A, is preserved for block B There are backup digital certificate 3, backup digital certificate 4.Current time on March 29th, 2017, for block A backup nodes according to backup It determines that the term of validity of backup digital certificate 1 is expired, backs up the term of validity on July 1, -2016 years on the 1st July in 2015 of digital certificate 1 Digital certificate 1 is invalid, according to the term of validity on 2 1st, 1 on the 1st 2 months 2016 of backup digital certificate 2, determines that backup is digital The term of validity of certificate 2 is expired, and backup digital certificate 2 is invalid, backup digital certificate 1, the backup digital certificate preserved for block A 2 is invalid, and it is invalid for each of block A preservations backup digital certificate to determine;For block B backup nodes according to backup number Determine that the term of validity of backup digital certificate 3 is expired, backup number the term of validity on July 5, -2016 years on the 5th July in 2015 of word certificate 3 Word certificate 3 is invalid, according to the term of validity on May 1, -2017 years on the 1st May in 2016 of backup digital certificate 4, determines that backup number is demonstrate,proved The term of validity of book 4 is not out of date, and backup digital certificate 4 is effective, and the backup digital certificate 4 preserved for block B is effective, and determination is directed to There is effective backup digital certificate in each of block B preservations backup digital certificate.
S202:If it is determined that it is invalid for each of block preservation backup digital certificate, to each of block chain The deletion message that node sends the identification information comprising the block is verified, each verification node is made to judge itself identification information Whether each digital certificate is invalid in block, and when each digital certificate is invalid in the block for determining the identification information, Delete the block body of the block of the identification information.
Each block in block chain is made of block head and block body, preserved in block head the block generation when Between, the cryptographic Hash of the upper block before the time that father's block cryptographic Hash, the i.e. block generate is every according to what is preserved in the block The Merkle values that a digital certificate determines preserve each digital certificate for being recorded in the block in block body.Fig. 3 is the present invention A kind of storage organization schematic diagram for verification node digital certificate that embodiment provides verifies node sequentially in time successively Invasive generation block, block 2 ... block n are stored, wherein each block is made of block head and block body, is preserved in each block body There is each digital certificate for being stored in the block.
Specifically, if backup node determination is invalid for each of block preservation backup digital certificate, illustrate It can be deleted for each of block preservation backup digital certificate, it includes the area to be sent to each of block chain verification node The deletion message of the identification information of block, if in the verification each block of node the digital certificate that preserves preserved with backup node it is standby Part digital certificate is identical, and verification node can directly delete the block body of the block of itself identification information, but in order to protect The accuracy deleted digital certificate is demonstrate,proved, mistake is avoided to delete effective digital certificate, needs to carry out digital certificate in user When verification, the effective digital certificate that can not be deleted by the mistake damages the equity of user, in the embodiment of the present invention After middle verification node receives the deletion message of the identification information comprising the block, judge every in the block of itself identification information Whether a digital certificate is invalid, and when each digital certificate is invalid in the block for determining the identification information, deletes the mark Know the block body of the block of information.
Such as:Backup node is invalid for each of block A preservations backup digital certificate, then explanation is directed to block A Each of preservation backup digital certificate can be deleted, and it includes block A identification informations to be sent to each of block chain verification node 00001 deletion message passes through identification information 00001 after verification node receives the deletion message comprising identification information 00001 Whether the block A for identifying the identification information that itself is preserved, it is invalid to verify in itself block A each digital certificate, if oneself Each digital certificate is invalid in body block A, deletes the block body of block A.
Due in embodiments of the present invention, being demonstrate,proved if backup node judgement backs up number for each of a certain block preservation Book is invalid, and the deletion message of the identification information comprising the block is sent to each of block chain verification node, makes each test Card node judges whether each digital certificate is invalid in the block of itself identification information, and in the area for determining the identification information When each digital certificate is invalid in block, the block body of the block of the identification information is deleted, data certificate storing process is reduced The memory space of middle occupancy has saved storage and the computing resource of verification node, has improved the operational efficiency and use of verification node The experience at family.
Embodiment 2:
In order to more accurately determine for whether each of each block preservation backup digital certificate is invalid, in above-mentioned reality On the basis of applying example, in embodiments of the present invention, it is described according to itself for each block preserve each of backup digital certificate Information, determine for the block preserve each of backup digital certificate whether include in vain:
According to itself for the information of each of each block preservation backup digital certificate, determine for block preservation Whether the term of validity of each backup digital certificate expired and/or whether the state of backup digital certificate is to revoke;
If preserving each backup digital certificate for the block as the term of validity is expired and/or the shape of backup digital certificate State is to revoke, and it is invalid for each of block preservation backup digital certificate to determine.
In embodiments of the present invention, the information for backing up digital certificate includes:The term of validity and backup number of backup digital certificate The status information of the status information of word certificate, wherein Backup Data certificate includes:It signs and issues, revoke, hang up, restore, backup section Point can by identifying the status information of backup digital certificate, the state of determination backup digital certificate whether be revoke, specifically, Identification to backup digital certificate status information is that the prior art no longer repeats.Backup node can be according to itself for every Whether the term of validity of each of a block preservation backup digital certificate is expired, determines for each of block preservation backup number Whether word certificate is invalid;It of courses, it can also be according to itself for the shape of each of each block preservation backup digital certificate Whether state is to revoke, and is determined for whether each of block preservation backup digital certificate is invalid.
Preferably, can simultaneously according to itself for each block preserve each of backup digital certificate the term of validity whether Whether expired and backup digital certificate state is to revoke, and determine is for each of each block preservation backup digital certificate It is no invalid.If the term of validity for being satisfied by the backup digital certificate for each of block preservation backup digital certificate is expired And/or the state of the backup digital certificate is to revoke, it is invalid for each of block preservation backup digital certificate to determine. In the embodiment of the present invention, for each backup digital certificate, if the term of validity of the backup digital certificate is expired or this is standby The state of part digital certificate is to revoke, it is determined that the backup digital certificate is invalid.
Such as:Backup node preserves backup digital certificate 5, backup digital certificate 6 for block C, wherein backup number The term of validity of certificate 5 is on July 5, -2016 years on the 5th July in 2015, and state is not revoke, and the term of validity of backup digital certificate 6 is On July 5, -2017 years on the 5th July in 2016, state are to revoke, and current time is on March 29th, 2017, backup digital certificate 5 The term of validity is expired, and the state of backup digital certificate 6 is to revoke, and determines for each of the block C preservations equal nothing of backup digital certificate Effect.
Embodiment 3:
Node is verified caused by the certificate of backup node is maliciously tampered in order to prevent to the digital certificate that itself preserves Mistake is deleted, on the basis of the various embodiments described above, in embodiments of the present invention, if each of described block chain verification section The each digital certificate preserved in each block of point is converted using preset algorithm, described to be tested to each of block chain After demonstrate,proving the deletion message that node sends the identification information comprising the block, the method further includes:
Itself is sent to each verification node for each of the block preservation of identification information backup digital certificate.
In order to ensure each to verify the digital certificate data safety of node preservation in block chain, each of block chain is tested Card node can be become each digital certificate preserved in each block using preset algorithm according to advance setting It changes.Such as:Verification node carries out hash operations, each block to each digital certificate that each block preserves using hashing algorithm Preserve each digital certificate after carrying out hash operations.In embodiments of the present invention, if verification node preserves each block Each digital certificate converted using preset algorithm, backup node be directed to block chain in each block back up the block Each digital certificate before being converted using preset algorithm of middle preservation.
Specifically, if each digital certificate preserved in each block of each of block chain verification node uses in advance If algorithm be changed, backup node according to itself for each block preserve each of backup digital certificate information, really Surely be directed to the block preserve each backup digital certificate it is invalid after, include to be somebody's turn to do to block chain each of verification node transmission After the deletion message of the identification information of block, also by itself for each of block preservation of identification information backup number card Book is sent to each verification node, and verification node receives the deletion message of the identification information comprising the block of backup node transmission After backup digital certificate, itself mark is determined according to the identification information with each of block preservation for the identification information Know the block of information, and number is backed up in each of the block preservation using preset algorithm by backup node for the identification information Certificate is converted, by judge itself identification information block preserve each digital certificate whether with the backup number Digital certificate Corresponding matching after certificate transformation, so that it is determined that backup node is standby for each of the block preservation of the identification information Whether part digital certificate is correct.
Such as:The each digital certificate preserved in each block of each of block chain verification node uses hashing algorithm It being changed, each of block E preservations that it is 00005 for identification information that backup node, which is determined, backup digital certificate is invalid, After backup node each verifies the deletion message that node transmission includes identification information 00005 into block chain, and itself is directed to Each of the block E preservations that identification information is 00005 backup digital certificate is sent to each of block chain and verifies node.
Verification node receives the deletion message comprising identification information 00005 and is protected for the block of identification information 00005 After each of depositing backup digital certificate, identify that self identification information is 00005 block E according to identification information 00005, using pre- If hashing algorithm by backup node for identification information 00005 block preserve each of backup digital certificate carry out hash fortune Calculate, judge each digital certificate preserved in itself block E whether with the backup digital certificate Corresponding matching after hash operations, If so, determining that backup node is correct for each of block E preservations backup digital certificate.
Embodiment 4:
Fig. 4 is that a kind of digital certificate based on block chain provided in an embodiment of the present invention deletes process schematic, the process Including:
S401:The deletion message for the identification information comprising block that backup node is sent in block chain is received, wherein described It is letter of the backup node according to its own for each of each block preservation backup digital certificate in block chain to delete message Breath determines and preserves the invalid rear transmission of each backup digital certificate for the block.
A kind of digital certificate delet method based on block chain provided in an embodiment of the present invention is applied to appointing in block chain One verification node, which can be the equipment such as the PC machine with operation and store function, server.
In embodiments of the present invention, each to verify each of node because if do not changed maliciously in block chain The digital certificate preserved in corresponding block is identical, and backup node protects each block that node is each verified in block chain The digital certificate deposited is backed up, that is, is directed to each area digital certificate in the block that verification node preserves and is backed up, backed up In node the corresponding backup digital certificate of each digital certificate in the block is preserved for each block.Backup node is according to certainly Body is determined for the information of each of each block preservation backup digital certificate for the digital card of each of block preservation backup Whether book is invalid, if invalid for backup digital certificate each of is preserved in the block, is each verified into block chain Node sends the deletion message of the identification information comprising the block.
Such as:Backup node preserves backup digital certificate 1, backup digital certificate 2, current time 2017 for block A On March 29, for block A backup nodes according to term of validity July 1-2016 years on the 1st July in 2015 of backup digital certificate 1 Day, determine that the term of validity of backup digital certificate 1 is expired, backup digital certificate 1 is invalid, according to the term of validity of backup digital certificate 2 On 2 1st, 1 on the 1st 2 months 2016, determine that the term of validity of backup digital certificate 2 is expired, backup digital certificate 2 is invalid, needle Backup digital certificate 1, the backup digital certificate 2 preserved to block A is invalid, determines for each of block A preservations backup number Word certificate is invalid, and the deletion that the identification information 00001 comprising block A is sent to each of block chain verification node disappears Breath.
Specifically, backup node is standby for each of each block preservation according to its own in verification node reception block chain The information of part digital certificate, determine for the block preserve each backup digital certificate in vain after, transmission includes the area The deletion message of the identification information of block.
S402:Judge whether each digital certificate is invalid in the block for the identification information that itself is preserved.
Specifically, after verifying the deletion message that node receives the identification information comprising block that backup node is sent, sentence Whether each digital certificate is invalid in the block of the disconnected identification information itself preserved, wherein verification node can be according to number The term of validity of certificate judges whether the digital certificate is effective.
Such as:Verification node receives the deletion message of the identification information 00001 comprising block of backup node transmission, knows The block A that other self identification information is 00001, block A preserve digital certificate 1, digital certificate 2, current time in March, 2017 29, verification node determined having for digital certificate 1 according to the term of validity on July 1, -2016 years on the 1st July in 2015 of digital certificate 1 The effect phase is expired, and digital certificate 1 is invalid, according to the term of validity on 2 1st, 1 on the 1st 2 months 2016 of digital certificate 2, determines number The term of validity of word certificate 2 is expired, and digital certificate 2 is invalid, and digital certificate 1, the digital certificate 2 preserved for block A is invalid, really It is invalid to determine each digital certificate in the block A that identification information is 00001.
S403:If it is determined that each digital certificate is invalid in the block of the identification information, the block body of the block is deleted.
Each block in block chain is made of block head and block body, preserved in block head the block generation when Between, the cryptographic Hash of the upper block before the time that father's block cryptographic Hash, the i.e. block generate is every according to what is preserved in the block The Merkle values that a digital certificate determines preserve each digital certificate for being recorded in the block in block body.Fig. 3 is the present invention A kind of storage organization schematic diagram for verification node digital certificate that embodiment provides verifies node sequentially in time successively Invasive generation block, block 2 ... block n are stored, wherein each block is made of block head and block body, is preserved in each block body There is each digital certificate for being stored in the block.
Specifically, if verification node determines that each digital certificate is invalid in the block of the identification information, illustrates this Each digital certificate can be deleted in block, delete block body of the block for digital certificate;If it is true to verify node There are at least one effective digital certificate in the block of the fixed identification information, then illustrate the number there are unsuppressible-suppression in the block Word certificate abandons the deletion message that the backup node is sent, does not do any processing to the block.
Such as:Verification node determines that each digital certificate is invalid in the block A that identification information is 00001, then deletes area Block A is used for the block body of digital certificate.
Since in embodiments of the present invention, verification node is preserved according to its own for each block according to backup node Each information of backup digital certificate judges for the invalid rear packet sent of each of a certain block preservation backup digital certificate The deletion message of identification information containing the block, after determining in the block of itself identification information that each digital certificate is invalid, The block body for deleting the block of the identification information, reduces the memory space occupied in data certificate storing process, has saved Storage and computing resource, the experience of the operational efficiency and user that improve.
Embodiment 5:
The mistake of the digital certificate preserved in order to prevent to itself caused by the certificate of backup node is maliciously tampered is deleted, On the basis of the various embodiments described above, in embodiments of the present invention, if used each digital certificate that each block preserves Preset algorithm is converted, the deletion message for receiving the identification information comprising block that backup node is sent in block chain Afterwards, the method further includes:
It is standby for each of the block preservation of the identification information to receive the backup node that the backup node is sent Part digital certificate;
In the block for judging the identification information that itself is preserved each digital certificate whether it is invalid before, it is described Method further includes:
Each backup digital certificate is converted using the preset algorithm;
For each digital certificate preserved in the block of the identification information, each digital certificate itself preserved is judged Digital certificate Corresponding matching after whether being converted with the backup digital certificate;
If so, carrying out subsequent step.
In order to ensure each to verify the digital certificate data safety of node preservation in block chain, verification node can basis Advance setting is converted each digital certificate that each block preserves using preset algorithm using preset algorithm, Such as:Verification node carries out hash operations to each digital certificate preserved in each block using hashing algorithm, for each Block preserves each digital certificate after carrying out hash operations.In embodiments of the present invention, if verification node is to each block The each digital certificate preserved is converted using preset algorithm, and backup node is directed to each block backup in block chain should Each digital certificate before what is preserved in block converted using preset algorithm, and preserve each digital certificate Information.
Specifically, if verification node becomes each digital certificate preserved in each block using preset algorithm Change, what verification node received that backup node in block chain sends saves comprising after block-identified deletion message, receiving the backup The backup node that point is sent is for each of the block preservation of identification information backup digital certificate.
In addition, the backup digital certificate that backup node is preserved for the block of the identification information in order to prevent is maliciously usurped Change, verification node in the block for judging the mark that itself is preserved each digital certificate whether in vain before, also need to judge Whether each backup digital certificate that backup node is sent is correct, specifically, verification node uses preset algorithm to institute It states each backup digital certificate to be converted, be demonstrate,proved by judging itself for number each of is preserved in the block of the identification information Book, i.e., the digital certificate after being converted using preset algorithm, if the number after being converted with the backup digital certificate is demonstrate,proved Book Corresponding matching, if Corresponding matching, it is determined that each backup that the backup node is preserved for the block of the identification information Digital certificate is not tampered with, and backup node is correct for each of the block preservation of identification information backup digital certificate.At this time Because backup node it is determined that each of to preserve backup digital certificate in the block of the identification information invalid, then verifies node The block body of the block of the identification information can also be deleted, but because the reliability for the backup certificate that backup node preserves is not It is very high, it is each in the block of itself identification information of the verification node verification in order to further ensure the safety of digital certificate Whether digital certificate is invalid.
If verification node converts each backup digital certificate using preset algorithm, judge that itself is directed to The each digital certificate preserved in the block of the identification information, i.e., the digital certificate after being converted using preset algorithm, no Digital certificate Corresponding matching after capable of being converted with the backup digital certificate then illustrates that the backup node is directed to the identification information Block preserve in each backup digital certificate that there are at least one backup digital certificates to be tampered, in order to ensure itself preservation Digital certificate correctness, avoid the digital certificate of the effective unsuppressible-suppression of deletion of mistake, verification node from abandoning described standby The deletion message that part node is sent, does not do any processing to the block of the identification information.
Embodiment 6:
In order to accurately determine, whether each digital certificate is invalid in itself block, on the basis of the various embodiments described above On, in embodiments of the present invention, the whether equal nothing of each digital certificate in the block of the identification information for judging itself preservation Effect includes:
Obtain the term of validity and status information of each digital certificate in the block of the identification information of itself preservation;
Judge whether the term of validity of each digital certificate in the block of the identification information expired and/or state of digital certificate Whether it is to revoke;
If each digital certificate is that the term of validity is expired and/or the state of digital certificate is to hang in the block of the identification information Pin, determines that each digital certificate is invalid in the block of the identification information.
In embodiments of the present invention, the information of digital certificate includes:The term of validity of digital certificate and the state of digital certificate The status information of information, wherein data certificate includes:It signs and issues, revoke, hang up, restore, verification node can be by identifying number The status information of word certificate determines whether the state of digital certificate is to revoke, specifically, the identification to digital certificate status information It is that the prior art is no longer repeated.If not being directed to verification node to preset, verification node in each block to preserving Each digital certificate converted using preset algorithm, in block of the verification node according to the identification information itself preserved The information of each digital certificate identifies and each of preserves having for not transformed each digital certificate in the block of the identification information The effect phase, verification node can in the block according to the identification information itself preserved each digital certificate the term of validity whether mistake Phase determines whether each digital certificate is invalid in the block of the identification information;It of courses, what can also be preserved according to itself should Whether the state of each digital certificate is to revoke in the block of identification information, determines each number in the block of the identification information Whether certificate is invalid.
Preferably, the term of validity of each digital certificate is in the block for the identification information that can be preserved simultaneously according to itself Whether no expired and digital certificate state is to revoke, and determines each whether equal nothing of digital certificate in the block of the identification information Effect.If the term of validity for being satisfied by the digital certificate for each digital certificate in the block of the identification information is expired and/or should The state of digital certificate is to revoke, and determines that each digital certificate is invalid in the block of the identification information.In the embodiment of the present invention In, for each digital certificate, if it is to revoke that the term of validity of the digital certificate, which is expired or the digital certificate state, Then determine that the digital certificate is invalid.
Such as:The identification information for the block that the deletion message that backup node is sent includes is 00003, verification node itself mark Know and preserve digital certificate 5, digital certificate 6 in the block C that information is 00003, the wherein term of validity of digital certificate 5 is 2015 July 5-2016 years on the 5th July, state are not revoke, and the term of validity of digital certificate 6 is July 5-2017 years on the 5th July in 2016 Day, state is to revoke, and current time is on March 29th, 2017, and the term of validity of digital certificate 5 is expired, the certificate shape of digital certificate 6 State is to revoke, and determines that each digital certificate is invalid in the block C that self identification information is 00003.
In addition, if in order to ensure each to verify the digital certificate data safety of node preservation in block chain, for testing Card node is preset, and verification node converts each digital certificate preserved in each block using preset algorithm, Because the term of validity of digital certificate is recorded in digital certificate, verification node cannot identify that the block of the identification information preserves The term of validity of digital certificate after transformation, per number in the block in order to make the identification information that verification node judges that itself is preserved Whether word certificate is invalid, in embodiments of the present invention, if verification node is for each of backup node transmission backup number Certificate judges that itself is converted with the backup digital certificate for each digital certificate preserved in the block of the identification information Digital certificate Corresponding matching afterwards, verification node are directed to the mark according to the backup node that the backup node received is sent The status information for knowing each of the block preservation of information backup digital certificate and each digital certificate itself preserved, judges itself Whether each digital certificate is invalid in the block of the identification information preserved.
Specifically, verification node according to the state of each digital certificate in the block of the identification information whether be revoke with/ Or each of receive backup digital certificate the term of validity it is whether expired, determine each digital certificate in the block of the identification information It is whether invalid.If in the block of the identification information each digital certificate be satisfied by the digital certificate state be revoke and/ Or it is that the term of validity is expired each of to receive backup digital certificate, determines the equal nothing of each digital certificate in the block of the identification information Effect.In embodiments of the present invention, for each digital certificate, if the status information of the digital certificate is to revoke, or with the number The backup digital certificate of word certificate Corresponding matching is that the term of validity is expired, it is determined that the digital certificate is invalid.
Such as:The each digital certificate preserved in each block of each of block chain verification node uses hashing algorithm It being changed, each of block E preservations that it is 00005 for identification information that backup node, which is determined, backup digital certificate is invalid, After backup node each verifies the deletion message that node transmission includes identification information 00005 into block chain, and itself is directed to Each of the block E preservations that identification information is 00005 backup digital certificate is sent to each of block chain and verifies node.
Verification node receives the deletion message comprising identification information 00005 and is protected for the block of identification information 00005 After each of depositing backup digital certificate, identify that self identification information is 00005 block E according to identification information 00005, using pre- If hashing algorithm by backup node for identification information 00005 block preserve each of backup digital certificate carry out hash fortune Calculate, judge each digital certificate preserved in itself block E whether with the backup digital certificate Corresponding matching after hash operations, If Corresponding matching, determine that the backup node is not tampered with for each of block E preservations backup digital certificate, it is each to back up Digital certificate is correct, the status information according to the digital certificate 8 preserved in itself block E be revoke, the state of digital certificate 9 letter For breath not revoke, the term of validity with the backup digital certificate 8 of 8 Corresponding matching of digital certificate is in July, -2017 on July 5th, 2016 5 days, with the term of validity of the backup digital certificate 9 of 9 Corresponding matching of digital certificate be -2016 years on the 5th Augusts of August in 2015 5 days, when The preceding time is on March 29th, 2017, determines that the status information of digital certificate 8 is to revoke, the backup with 9 Corresponding matching of digital certificate The term of validity of digital certificate 9 is expired, determines that each digital certificate preserved in itself block E is invalid.
Embodiment 7:
Fig. 5 is that a kind of digital certificate based on block chain provided in an embodiment of the present invention deletes apparatus structure schematic diagram, should Device includes:
Determining module 51 is determined for the information according to itself for each of each block preservation backup digital certificate It is whether invalid for each of block preservation backup digital certificate;
Sending module 52, be used for if it is determined that for the block preserve each of backup digital certificate it is invalid, to block Each of chain verifies the deletion message that node sends the identification information comprising the block, and each verification node is made to judge that itself should Whether each digital certificate is invalid in the block of identification information, and each digital certificate in the block for determining the identification information When invalid, the block body of the block of the identification information is deleted.
The determining module 51 is specifically used for the letter for each of each block preservation backup digital certificate according to itself Breath, determine for the block each of preserve backup digital certificate whether the term of validity expired and/or the shape of backup digital certificate Whether state is to revoke;If it is that the term of validity is expired and/or backup number is demonstrate,proved to be directed to each of block preservation backup digital certificate The state of book is to revoke, and it is invalid for each of block preservation backup digital certificate to determine.
The sending module 52, if being additionally operable to preserve in each block of each of described block chain verification node Each digital certificate is converted using preset algorithm, each backup that itself is preserved for the block of the identification information Digital certificate is sent to each verification node.
In embodiments of the present invention, the digital certificate based on block chain as shown in Figure 5 deletes device, is applied to block chain In any backup node, wherein in the block chain include multiple verification nodes and at least one backup node.
Embodiment 8:
Fig. 6 is that a kind of digital certificate based on block chain provided in an embodiment of the present invention deletes apparatus structure schematic diagram, should Device includes:
Receiving module 61, the deletion for receiving the identification information comprising block that backup node is sent in block chain disappear Breath, wherein the message of deleting is that the backup node in block chain is directed to each of each block preservation backup number according to its own The information of word certificate determines and preserves the invalid rear transmission of each backup digital certificate for the block;
Judgment module 62, each whether equal nothing of digital certificate in the block for judging the identification information that itself is preserved Effect;
Removing module 63 is used to if it is determined that each digital certificate is invalid in the block of the identification information, delete the area The block body of block.
The receiving module 61, if be additionally operable to each digital certificate that each block is preserved using preset algorithm into Row transformation receives each backup that the backup node that the backup node is sent is preserved for the block of the identification information Digital certificate;
Described device further includes:
Matching module 64, for being converted to each backup digital certificate using the preset algorithm;For The each digital certificate preserved in the block of the identification information judges whether each digital certificate that itself is preserved is standby with this Digital certificate Corresponding matching after part digital certificate transformation;If matching result is yes, judgment module is triggered.
The judgment module 62 is specifically used for each digital certificate in the block for obtaining the identification information that itself is preserved The term of validity and status information;Judge whether the term of validity of each digital certificate in the block of the identification information is expired and/or digital Whether the state of certificate is to revoke;If each digital certificate is that the term of validity is expired and/or digital in the block of the identification information The state of certificate is to revoke, and determines that each digital certificate is invalid in the block of the identification information.
In embodiments of the present invention, the digital certificate as shown in FIG. 6 based on block chain deletes device, is applied to block chain In any verification node, wherein in the block chain include multiple verification nodes and at least one backup node.
Embodiment 9:
Fig. 7 is a kind of digital certificate deletion system structural schematic diagram based on block chain provided in an embodiment of the present invention, should Deletion system includes that at least one digital certificate based on block chain applied to backup node 71 deletes device and multiple applications Device is deleted in the digital certificate based on block chain of verification node 72.
The invention discloses a kind of digital certificate delet method, apparatus and system based on block chain, in the block chain Including multiple verification nodes and at least one backup node, the delet method is applied to any backup node in block chain, The method includes:According to itself for the information of each of each block preservation backup digital certificate, determines and be directed to the block Whether each of preservation backup digital certificate is invalid;If it is determined that for each of the block preservation equal nothing of backup digital certificate Effect sends the deletion message of the identification information comprising the block to each of block chain verification node, makes each verification node Judge whether each digital certificate is invalid in the block of itself identification information, and every in the block for determining the identification information When a digital certificate is invalid, the block body of the block of the identification information is deleted.Due in embodiments of the present invention, if backup It is invalid for each of a certain block preservation backup digital certificate that node judges, is sent to each of block chain verification node The deletion message for including the identification information of the block makes each verification node judge in the block of itself identification information per number Whether word certificate is invalid, and when each digital certificate is invalid in the block for determining the identification information, deletes the mark and believes The block body of the block of breath, reduces the memory space occupied in data certificate storing process, has saved the storage of verification node And computing resource, improve the experience of the operational efficiency and user of verification node.
For systems/devices embodiment, since it is substantially similar to the method embodiment, so the comparison of description is simple Single, the relevent part can refer to the partial explaination of embodiments of method.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.Moreover, the application can be used in one or more wherein include computer usable program code computer The computer program production implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The application is with reference to method, the flow of equipment (system) and computer program product according to the embodiment of the present application Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment of the application has been described, created once a person skilled in the art knows basic Property concept, then additional changes and modifications can be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the application range.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art God and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (13)

1. a kind of digital certificate delet method based on block chain, comprising multiple verification nodes and at least one in the block chain Backup node, which is characterized in that the delet method is applied to any backup node in block chain, the method includes:
According to itself for the information of each of each block preservation backup digital certificate, determine for each of block preservation Whether backup digital certificate is invalid;
If it is determined that it is invalid for each of block preservation backup digital certificate, to each of block chain verification node hair The deletion message for sending the identification information comprising the block makes each verification node judge each in the block of itself identification information Whether digital certificate is invalid, and when each digital certificate is invalid in the block for determining the identification information, deletes the mark The block body of the block of information.
2. the method as described in claim 1, which is characterized in that described to be directed to each backup that each block preserves according to itself The information of digital certificate, determine for the block preserve each of backup digital certificate whether include in vain:
According to itself for the information of each of each block preservation backup digital certificate, determine for each of block preservation Whether the term of validity of backup digital certificate expired and/or whether the state of backup digital certificate is to revoke;
If it is that the term of validity is expired and/or the state of backup digital certificate is each of to preserve backup digital certificate for the block It revokes, it is invalid for each of block preservation backup digital certificate to determine.
3. the method as described in claim 1, which is characterized in that if each area of each of described block chain verification node The each digital certificate preserved in block is converted using preset algorithm, described to be sent to each of block chain verification node Including after the deletion message of the identification information of the block, the method further includes:
Itself is sent to each verification node for each of the block preservation of identification information backup digital certificate.
4. a kind of digital certificate delet method based on block chain, comprising multiple verification nodes and at least one in the block chain Backup node, which is characterized in that the delet method is applied to any verification node in block chain, the method includes:
The deletion message for receiving the identification information comprising block that backup node is sent in block chain, wherein the deletion message is According to its own for the information of each of each block preservation backup digital certificate, determination is directed to backup node in block chain The invalid rear transmission of each of block preservation backup digital certificate;
Judge whether each digital certificate is invalid in the block for the identification information that itself is preserved;
If it is determined that each digital certificate is invalid in the block of the identification information, the block body of the block is deleted.
5. method as claimed in claim 4, which is characterized in that if used each digital certificate that each block preserves pre- If algorithm converted, it is described receive block chain in backup node send the identification information comprising block deletion message Afterwards, the method further includes:
It receives the backup node that the backup node is sent and is directed to each of the block preservation of identification information backup number Word certificate;
In the block for judging the identification information that itself is preserved each digital certificate whether it is invalid before, the method Further include:
Each backup digital certificate is converted using the preset algorithm;
For each digital certificate preserved in the block of the identification information, judge itself preserve each digital certificate whether Digital certificate Corresponding matching after being converted with the backup digital certificate;
If so, carrying out subsequent step.
6. the method as described in right 4 or 5, which is characterized in that every in the block of the identification information for judging itself preservation A digital certificate whether include in vain:
Obtain the term of validity and status information of each digital certificate in the block of the identification information of itself preservation;
Judge whether the term of validity of each digital certificate in the block of the identification information expired and/or whether is state of digital certificate To revoke;
If each digital certificate is that the term of validity is expired and/or the state of digital certificate is to revoke in the block of the identification information, Determine that each digital certificate is invalid in the block of the identification information.
7. a kind of digital certificate based on block chain deletes device, which is characterized in that described device includes:
Determining module, for the information according to itself for each of each block preservation backup digital certificate, determining be directed to should Whether each of block preservation backup digital certificate is invalid;
Sending module, be used for if it is determined that for the block preserve each of backup digital certificate it is invalid, into block chain Each verification node sends the deletion message of the identification information comprising the block, and each verification node is made to judge that itself mark is believed Whether each digital certificate is invalid in the block of breath, and each digital certificate is invalid in the block for determining the identification information When, delete the block body of the block of the identification information.
8. device as claimed in claim 7, which is characterized in that the determining module is specifically used for according to itself for each The information of each of block preservation backup digital certificate, determines the term of validity for each of block preservation backup digital certificate Whether whether expired and/or backup digital certificate state is to revoke;If for each of block preservation backup number card Book is that the term of validity is expired and/or the state of backup digital certificate is to revoke, and determines that preserve each backup for the block digital Certificate is invalid.
9. device as claimed in claim 7, which is characterized in that the sending module, if be additionally operable in the block chain The each digital certificate preserved in each block of each verification node is converted using preset algorithm, itself is directed to institute It states each of the block preservation of identification information backup digital certificate and is sent to each verification node.
10. a kind of digital certificate based on block chain deletes device, which is characterized in that described device includes:
Receiving module, the deletion message for receiving the identification information comprising block that backup node is sent in block chain, wherein The message of deleting is that the backup node in block chain is directed to each of each block preservation backup digital certificate according to its own Information, determine and preserve the invalid rear transmission of each backup digital certificate for the block;
Judgment module, whether each digital certificate is invalid in the block for judging the identification information that itself is preserved;
Removing module is used to if it is determined that each digital certificate is invalid in the block of the identification information, delete the area of the block Block.
11. device as claimed in claim 10, which is characterized in that the receiving module, if being additionally operable to protect each block The each digital certificate deposited is converted using preset algorithm, is received the backup node that the backup node is sent and is directed to Each of the block preservation of identification information backup digital certificate;
Described device further includes:
Matching module, for being converted to each backup digital certificate using the preset algorithm;For the mark Know each digital certificate preserved in the block of information, judges whether each digital certificate that itself is preserved is digital with the backup Digital certificate Corresponding matching after certificate transformation;If matching result is yes, judgment module is triggered.
12. device as claimed in claim 10, which is characterized in that the judgment module is specifically used for obtaining what itself was preserved The term of validity and status information of each digital certificate in the block of the identification information;Judge in the block of the identification information per number Whether the term of validity of word certificate is expired and/or whether state of digital certificate is to revoke;If every in the block of the identification information A digital certificate is that the term of validity is expired and/or the state of digital certificate is to revoke, and is determined in the block of the identification information per number Word certificate is invalid.
13. a kind of digital certificate deletion system based on block chain, which is characterized in that the deletion system include it is at least one such as Claim 7-9 any one of them be applied to backup node digital certificate based on block chain delete device and it is multiple such as The digital certificate based on block chain that claim 10-12 any one of them is applied to verification node deletes device.
CN201710218253.XA 2017-04-05 2017-04-05 Block chain-based digital certificate deleting method, device and system Active CN108696356B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710218253.XA CN108696356B (en) 2017-04-05 2017-04-05 Block chain-based digital certificate deleting method, device and system
PCT/CN2018/078888 WO2018184447A1 (en) 2017-04-05 2018-03-13 Blockchain-based digital certificate deletion method, device and system, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710218253.XA CN108696356B (en) 2017-04-05 2017-04-05 Block chain-based digital certificate deleting method, device and system

Publications (2)

Publication Number Publication Date
CN108696356A true CN108696356A (en) 2018-10-23
CN108696356B CN108696356B (en) 2020-08-18

Family

ID=63711997

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710218253.XA Active CN108696356B (en) 2017-04-05 2017-04-05 Block chain-based digital certificate deleting method, device and system

Country Status (2)

Country Link
CN (1) CN108696356B (en)
WO (1) WO2018184447A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981586A (en) * 2019-02-27 2019-07-05 北京柏链基石科技有限公司 A kind of vertex ticks method and device
CN110264187A (en) * 2019-01-23 2019-09-20 腾讯科技(深圳)有限公司 Data processing method, device, computer equipment and storage medium
CN110598482A (en) * 2019-09-30 2019-12-20 腾讯科技(深圳)有限公司 Block chain-based digital certificate management method, device, equipment and storage medium
CN111027974A (en) * 2019-12-12 2020-04-17 腾讯科技(深圳)有限公司 Identification code verification method, device, equipment and storage medium
CN111737766A (en) * 2020-08-03 2020-10-02 南京金宁汇科技有限公司 Method for judging validity of digital certificate signature data in block chain
WO2020259352A1 (en) * 2019-06-26 2020-12-30 华为技术有限公司 Data processing method, node, and blockchain system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109493044A (en) * 2018-11-08 2019-03-19 深圳壹账通智能科技有限公司 Block chain block delet method, device and terminal device
CN111783133B (en) * 2020-06-02 2023-06-30 广东科学技术职业学院 Network resource management method based on block chain technology

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103491100A (en) * 2013-09-30 2014-01-01 中国科学院计算技术研究所 System for establishing token association relationship between multiple parties
CN104202159A (en) * 2014-09-28 2014-12-10 网易有道信息技术(北京)有限公司 Key distributing method and equipment
CN106385315A (en) * 2016-08-30 2017-02-08 北京三未信安科技发展有限公司 Digital certificate management method and system
CN106504091A (en) * 2016-10-27 2017-03-15 上海亿账通区块链科技有限公司 The method and device that concludes the business on block chain
US20170091726A1 (en) * 2015-09-07 2017-03-30 NXT-ID, Inc. Low bandwidth crypto currency transaction execution and synchronization method and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150206106A1 (en) * 2014-01-13 2015-07-23 Yaron Edan Yago Method for creating, issuing and redeeming payment assured contracts based on mathemematically and objectively verifiable criteria
CN105790954B (en) * 2016-03-02 2019-04-09 布比(北京)网络技术有限公司 A kind of method and system constructing electronic evidence

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103491100A (en) * 2013-09-30 2014-01-01 中国科学院计算技术研究所 System for establishing token association relationship between multiple parties
CN104202159A (en) * 2014-09-28 2014-12-10 网易有道信息技术(北京)有限公司 Key distributing method and equipment
US20170091726A1 (en) * 2015-09-07 2017-03-30 NXT-ID, Inc. Low bandwidth crypto currency transaction execution and synchronization method and system
CN106385315A (en) * 2016-08-30 2017-02-08 北京三未信安科技发展有限公司 Digital certificate management method and system
CN106504091A (en) * 2016-10-27 2017-03-15 上海亿账通区块链科技有限公司 The method and device that concludes the business on block chain

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110264187A (en) * 2019-01-23 2019-09-20 腾讯科技(深圳)有限公司 Data processing method, device, computer equipment and storage medium
CN110264187B (en) * 2019-01-23 2021-06-04 腾讯科技(深圳)有限公司 Data processing method and device, computer equipment and storage medium
US11574290B2 (en) 2019-01-23 2023-02-07 Tencent Technology (Shenzhen) Company Limited Data processing method and apparatus, computer device, and storage medium
US11935015B2 (en) 2019-01-23 2024-03-19 Tencent Technology (Shenzhen) Company Limited Data processing method and apparatus, computer device, and storage medium
CN109981586A (en) * 2019-02-27 2019-07-05 北京柏链基石科技有限公司 A kind of vertex ticks method and device
WO2020259352A1 (en) * 2019-06-26 2020-12-30 华为技术有限公司 Data processing method, node, and blockchain system
CN110598482A (en) * 2019-09-30 2019-12-20 腾讯科技(深圳)有限公司 Block chain-based digital certificate management method, device, equipment and storage medium
CN110598482B (en) * 2019-09-30 2023-09-15 腾讯科技(深圳)有限公司 Digital certificate management method, device, equipment and storage medium based on blockchain
CN111027974A (en) * 2019-12-12 2020-04-17 腾讯科技(深圳)有限公司 Identification code verification method, device, equipment and storage medium
CN111737766A (en) * 2020-08-03 2020-10-02 南京金宁汇科技有限公司 Method for judging validity of digital certificate signature data in block chain

Also Published As

Publication number Publication date
CN108696356B (en) 2020-08-18
WO2018184447A1 (en) 2018-10-11

Similar Documents

Publication Publication Date Title
CN108696356A (en) A kind of digital certificate delet method, apparatus and system based on block chain
US10880306B2 (en) Verification information update
CN106230851B (en) Data security method and system based on block chain
CN108111314B (en) Method and equipment for generating and verifying digital certificate
CN106899410B (en) A kind of method and device of equipment identities certification
CN104980477B (en) Data access control method and system under cloud storage environment
CN109309565A (en) A kind of method and device of safety certification
CN108416589A (en) Connection method, system and the computer readable storage medium of block chain node
CN105516948B (en) A kind of apparatus control method and device
CN109819443A (en) Authentication registration method, apparatus and system based on block chain
CN109257334A (en) A kind of data chain loading system, method and storage medium based on block chain
CN105933374B (en) A kind of mobile terminal data backup method, system and mobile terminal
CN109308421A (en) A kind of information tamper resistant method, device, server and computer storage medium
CN109921902A (en) A kind of key management method, safety chip, service server and information system
CN109831311A (en) A kind of server validation method, system, user terminal and readable storage medium storing program for executing
EP3552131A1 (en) Password security
CN109756460A (en) A kind of anti-replay-attack method and device
CN110362984A (en) Method and device for operating service system by multiple devices
CN110334531A (en) Management method, host node, system, storage medium and the device of virtual machine key
CN110347745A (en) Time service authentication method, device and the equipment of a kind of piece of chain type account book
CN112651742A (en) Supervision-capable distributed confidential transaction system and method
CN105578464B (en) A kind of WLAN certificate identification method, the apparatus and system of enhancing
CN115348107A (en) Internet of things equipment secure login method and device, computer equipment and storage medium
CN108881104A (en) The method and apparatus that a kind of pair of application program is verified
CN111935191B (en) Password resetting method, system and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant