CN108696356A - A kind of digital certificate delet method, apparatus and system based on block chain - Google Patents
A kind of digital certificate delet method, apparatus and system based on block chain Download PDFInfo
- Publication number
- CN108696356A CN108696356A CN201710218253.XA CN201710218253A CN108696356A CN 108696356 A CN108696356 A CN 108696356A CN 201710218253 A CN201710218253 A CN 201710218253A CN 108696356 A CN108696356 A CN 108696356A
- Authority
- CN
- China
- Prior art keywords
- block
- digital certificate
- backup
- identification information
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a kind of digital certificate delet method, apparatus and system based on block chain, any backup node being applied in block chain, the method includes:According to itself for the information of each of each block preservation backup digital certificate, if invalid for each of block preservation backup digital certificate, the deletion message of the identification information comprising the block is sent to each verification node, when each verification node being made to determine that each digital certificate is invalid in the block of itself identification information, the block body of the block is deleted.Due in embodiments of the present invention, if backup node judges invalid for each of a certain block preservation backup digital certificate, the deletion message of the identification information comprising the block is sent to each verification node, when each verification node being made to determine that each digital certificate is invalid in the block of itself identification information, delete the block body of the block, storage and the computing resource for having saved verification node, improve the operational efficiency of verification node.
Description
Technical field
The present invention relates to technical field of network security more particularly to a kind of digital certificate delet method based on block chain,
Apparatus and system.
Background technology
Digital certificate is a kind of file for proving user identity on network issued by authoritative institution, issues number
The process of certificate is referred to as Certificate Authority (Certification Authority, CA) process.Existing Public Key Infrastructure
In (Public Key Infrastructure, PKI) technology, CA is the starting point trusted, if it is possible to a CA is controlled, then
Digital certificate can be arbitrarily signed and issued using the CA mechanisms, therefore, the CA in core is easily attacked.Once some CA quilt
It destroys, then all digital certificates that the CA is signed and issued are all no longer safe, cannot be used continuously.In addition to this, digital certificate relies on
Installation or preset CA root digital certificates are also possible to be attacked in advance for side, will if root digital certificate is maliciously tampered
Influence entire digital certificate authentication process, in some instances it may even be possible to which fictitious users digital certificate is identified as to legal customer digital certificate.
The block chain technology of rising in recent years, sequentially in time by the block of digital certificate with the connected side of sequence
Formula carries out chain type storage, and generates the corresponding credible tree (Merkle) of the block according to each area digital certificate in the block is stored in
Value prevents the digital certificate stored in the block to be tampered for carrying out verification to the digital certificate stored in the block.Simultaneously
Each of block chain verification node stores all digital certificates in the block chain, and simultaneously to generation and call number certificate
Request verified, the CA nodes at center are not present, even if some verification nodes break down or attacked if can protect
Demonstrate,prove the correctness of digital certificate.
However, can include all historical figures certificates but there are one prodigious problem in block chain, in block chain, with
The passage of time, the digital certificate stored in block chain can constantly increase, and the data volume of entire block chain storage can be increasingly
Greatly, it needs storage and the computing resource of verification node also more and more, brings serious burden to verification node, influence verification section
The experience of the operation and user of point.
Invention content
The present invention provides a kind of digital certificate delet method, apparatus and system based on block chain, to solve existing skill
There are data volume during digital certificate store is increasing in art, the storage for verifying node and computing resource are needed increasingly
Height, influence verify node operation and user experience the problem of.
Include multiple verification nodes in the block chain the invention discloses a kind of digital certificate delet method of block chain
With at least one backup node, the delet method is applied to any backup node in block chain, the method includes:
According to itself for the information of each of each block preservation backup digital certificate, determine for block preservation
Whether each backup digital certificate is invalid;
If it is determined that it is invalid for each of block preservation backup digital certificate, it verifies and saves to each of block chain
Point sends the deletion message of the identification information comprising the block, and each verification node is made to judge in the block of itself identification information
Whether each digital certificate is invalid, and when each digital certificate is invalid in the block for determining the identification information, deletes this
The block body of the block of identification information.
Further, described according to the information for itself being directed to each of each block preservation backup digital certificate, determine needle
To the block preserve each of backup digital certificate whether include in vain:
According to itself for the information of each of each block preservation backup digital certificate, determine for block preservation
Whether the term of validity of each backup digital certificate expired and/or whether the state of backup digital certificate is to revoke;
If preserving each backup digital certificate for the block as the term of validity is expired and/or the shape of backup digital certificate
State is to revoke, and it is invalid for each of block preservation backup digital certificate to determine.
Further, if each digital certificate preserved in each block of each of described block chain verification node
It is converted using preset algorithm, it is described to send the identification information comprising the block to each of block chain verification node
After deleting message, the method further includes:
Itself is sent to each verification node for each of the block preservation of identification information backup digital certificate.
Include multiple verifications in the block chain the invention discloses a kind of digital certificate delet method based on block chain
Node and at least one backup node, the delet method are applied to any verification node in block chain, the method includes:
The deletion message for the identification information comprising block that backup node is sent in block chain is received, wherein the deletion disappears
Breath is information of the backup node according to its own for each of each block preservation backup digital certificate in block chain, is determined
For the invalid rear transmission of each of block preservation backup digital certificate;
Judge whether each digital certificate is invalid in the block for the identification information that itself is preserved;
If it is determined that each digital certificate is invalid in the block of the identification information, the block body of the block is deleted.
Further, described if each digital certificate preserved to each block is converted using preset algorithm
After the deletion message for receiving the identification information comprising block that backup node is sent in block chain, the method further includes:
It is standby for each of the block preservation of the identification information to receive the backup node that the backup node is sent
Part digital certificate;
In the block for judging the identification information that itself is preserved each digital certificate whether it is invalid before, it is described
Method further includes:
Each backup digital certificate is converted using the preset algorithm;
For each digital certificate preserved in the block of the identification information, each digital certificate itself preserved is judged
Digital certificate Corresponding matching after whether being converted with the backup digital certificate;
If so, carrying out subsequent step.
Further, the whether invalid packet of each digital certificate in the block of the identification information for judging itself preservation
It includes:
Obtain the term of validity and status information of each digital certificate in the block of the identification information of itself preservation;
Judge whether the term of validity of each digital certificate in the block of the identification information expired and/or state of digital certificate
Whether it is to revoke;
If each digital certificate is that the term of validity is expired and/or the state of digital certificate is to hang in the block of the identification information
Pin, determines that each digital certificate is invalid in the block of the identification information.
The invention discloses a kind of, and the digital certificate based on block chain deletes device, includes multiple verifications in the block chain
Node and at least one backup node, any backup node deleted device and be applied in block chain, described device include:
Determining module determines needle for the information according to itself for each of each block preservation backup digital certificate
It is whether invalid to each of block preservation backup digital certificate;
Sending module, be used for if it is determined that for the block preserve each of backup digital certificate it is invalid, to block chain
Each of verification node send comprising the block identification information deletion message, so that each verification node is judged itself mark
Whether invalid know each digital certificate in the block of information, and each digital certificate is equal in the block for determining the identification information
When invalid, the block body of the block of the identification information is deleted.
Further, the determining module is specifically used for according to itself for each of each block preservation backup number
The information of certificate determines whether the term of validity for being directed to each of block preservation backup digital certificate is expired and/or backup is digital
Whether the state of certificate is to revoke;If being that the term of validity is expired and/or standby for each of block preservation backup digital certificate
The state of part digital certificate is to revoke, and it is invalid for each of block preservation backup digital certificate to determine.
Further, the sending module, if being additionally operable to each block of each of described block chain verification node
Each digital certificate of middle preservation is converted using preset algorithm, itself is preserved for the block of the identification information
Each backup digital certificate is sent to each verification node.
The invention discloses a kind of, and the digital certificate based on block chain deletes device, includes multiple verifications in the block chain
Node and at least one backup node, any verification node deleted device and be applied in block chain, described device include:
Receiving module, the deletion message for receiving the identification information comprising block that backup node is sent in block chain,
The wherein described message of deleting is that the backup node in block chain backs up number according to its own for each of each block preservation
The information of certificate determines and preserves the invalid rear transmission of each backup digital certificate for the block;
Judgment module, whether each digital certificate is invalid in the block for judging the identification information that itself is preserved;
Removing module is used to if it is determined that each digital certificate is invalid in the block of the identification information, delete the block
Block body.
Further, the receiving module, if being additionally operable to use each digital certificate that each block preserves default
Algorithm converted, receive what the backup node that the backup node is sent was preserved for the block of the identification information
Each backup digital certificate;
Described device further includes:
Matching module, for being converted to each backup digital certificate using the preset algorithm;For institute
State each digital certificate preserved in the block of identification information, judge itself preserve each digital certificate whether with the backup
Digital certificate Corresponding matching after digital certificate transformation;If matching result is yes, judgment module is triggered.
Further, the judgment module is specifically used in the block for obtaining the identification information that itself is preserved per number
The term of validity and status information of word certificate;Judge whether the term of validity of each digital certificate in the block of the identification information is expired
And/or whether the state of digital certificate is to revoke;If each digital certificate is that the term of validity is expired in the block of the identification information
And/or the state of digital certificate is to revoke, and determines that each digital certificate is invalid in the block of the identification information.
The invention discloses a kind of digital certificate deletion systems based on block chain, and the deletion system includes at least one
Above application deletes device and multiple above applications in the base of verification node in the digital certificate based on block chain of backup node
Device is deleted in the digital certificate of block chain.
The invention discloses a kind of digital certificate delet method, apparatus and system based on block chain, in the block chain
Including multiple verification nodes and at least one backup node, the delet method is applied to any backup node in block chain,
The method includes:According to itself for the information of each of each block preservation backup digital certificate, determines and be directed to the block
Whether each of preservation backup digital certificate is invalid;If it is determined that for each of the block preservation equal nothing of backup digital certificate
Effect sends the deletion message of the identification information comprising the block to each of block chain verification node, makes each verification node
Judge whether each digital certificate is invalid in the block of itself identification information, and every in the block for determining the identification information
When a digital certificate is invalid, the block body of the block of the identification information is deleted.Due in embodiments of the present invention, if backup
It is invalid for each of a certain block preservation backup digital certificate that node judges, is sent to each of block chain verification node
The deletion message for including the identification information of the block makes each verification node judge in the block of itself identification information per number
Whether word certificate is invalid, and when each digital certificate is invalid in the block for determining the identification information, deletes the mark and believes
The block body of the block of breath, reduces the memory space occupied in data certificate storing process, has saved the storage of verification node
And computing resource, improve the experience of the operational efficiency and user of verification node.
Description of the drawings
Fig. 1 is a kind of block chain configuration diagram provided by the invention;
Fig. 2 is that a kind of digital certificate based on block chain that the embodiment of the present invention 1 provides deletes process schematic;
Fig. 3 is that a kind of storage organization for verification node digital certificate that the embodiment of the present invention 1 and embodiment 4 provide shows
It is intended to;
Fig. 4 is that a kind of digital certificate based on block chain that the embodiment of the present invention 4 provides deletes process schematic;
Fig. 5 is that a kind of digital certificate based on block chain that the embodiment of the present invention 7 provides deletes apparatus structure schematic diagram;
Fig. 6 is that a kind of digital certificate based on block chain that the embodiment of the present invention 8 provides deletes apparatus structure schematic diagram;
Fig. 7 is a kind of digital certificate deletion system structural schematic diagram based on block chain that the embodiment of the present invention 9 provides.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts
Embodiment shall fall within the protection scope of the present invention.
Fig. 1 be a kind of block chain configuration diagram provided by the invention, in the block chain comprising multiple verification nodes with
At least one backup node, each node of verifying is for verifying user to the generation request of digital certificate and user to digital certificate
The update of state is asked.Each verification node is sequentially generated new block according to preset time sequencing, and according to digital certificate
Generated time in digital certificate store to corresponding block, will be additionally operable to according to user to the update of digital certificate status request pair
The state of the digital certificate of storage is updated.Backup node is used for each block for verification node, and backup is stored in the area
Each digital certificate of block, and the update of digital certificate status is asked to being demonstrate,proved for the number that each block backs up according to user
The state of book is updated.
Embodiment 1:
Fig. 2 is that a kind of digital certificate based on block chain provided in an embodiment of the present invention deletes process schematic, the process
Including:
S201:According to itself for the information of each of each block preservation backup digital certificate, determines and be directed to the block
Whether each of preservation backup digital certificate is invalid.
A kind of digital certificate delet method based on block chain provided in an embodiment of the present invention is applied to appointing in block chain
One backup node, the backup node can be the equipment such as the PC machine with operation and store function, server.
In embodiments of the present invention, each to verify each of node because if do not changed maliciously in block chain
The digital certificate preserved in corresponding block is identical, and backup node protects each block that node is each verified in block chain
The digital certificate deposited is backed up, that is, is directed to each area digital certificate in the block that verification node preserves and is backed up, backed up
In node the corresponding backup digital certificate of each digital certificate in the block is preserved for each block.
Specifically, backup node is determined according to the information for itself being directed to each of each block preservation backup digital certificate
It is whether invalid for each of block preservation backup digital certificate, wherein the information of backup digital certificate can be the number
The term of validity of certificate.
Such as:Backup node preserves backup digital certificate 1, backup digital certificate 2 for block A, is preserved for block B
There are backup digital certificate 3, backup digital certificate 4.Current time on March 29th, 2017, for block A backup nodes according to backup
It determines that the term of validity of backup digital certificate 1 is expired, backs up the term of validity on July 1, -2016 years on the 1st July in 2015 of digital certificate 1
Digital certificate 1 is invalid, according to the term of validity on 2 1st, 1 on the 1st 2 months 2016 of backup digital certificate 2, determines that backup is digital
The term of validity of certificate 2 is expired, and backup digital certificate 2 is invalid, backup digital certificate 1, the backup digital certificate preserved for block A
2 is invalid, and it is invalid for each of block A preservations backup digital certificate to determine;For block B backup nodes according to backup number
Determine that the term of validity of backup digital certificate 3 is expired, backup number the term of validity on July 5, -2016 years on the 5th July in 2015 of word certificate 3
Word certificate 3 is invalid, according to the term of validity on May 1, -2017 years on the 1st May in 2016 of backup digital certificate 4, determines that backup number is demonstrate,proved
The term of validity of book 4 is not out of date, and backup digital certificate 4 is effective, and the backup digital certificate 4 preserved for block B is effective, and determination is directed to
There is effective backup digital certificate in each of block B preservations backup digital certificate.
S202:If it is determined that it is invalid for each of block preservation backup digital certificate, to each of block chain
The deletion message that node sends the identification information comprising the block is verified, each verification node is made to judge itself identification information
Whether each digital certificate is invalid in block, and when each digital certificate is invalid in the block for determining the identification information,
Delete the block body of the block of the identification information.
Each block in block chain is made of block head and block body, preserved in block head the block generation when
Between, the cryptographic Hash of the upper block before the time that father's block cryptographic Hash, the i.e. block generate is every according to what is preserved in the block
The Merkle values that a digital certificate determines preserve each digital certificate for being recorded in the block in block body.Fig. 3 is the present invention
A kind of storage organization schematic diagram for verification node digital certificate that embodiment provides verifies node sequentially in time successively
Invasive generation block, block 2 ... block n are stored, wherein each block is made of block head and block body, is preserved in each block body
There is each digital certificate for being stored in the block.
Specifically, if backup node determination is invalid for each of block preservation backup digital certificate, illustrate
It can be deleted for each of block preservation backup digital certificate, it includes the area to be sent to each of block chain verification node
The deletion message of the identification information of block, if in the verification each block of node the digital certificate that preserves preserved with backup node it is standby
Part digital certificate is identical, and verification node can directly delete the block body of the block of itself identification information, but in order to protect
The accuracy deleted digital certificate is demonstrate,proved, mistake is avoided to delete effective digital certificate, needs to carry out digital certificate in user
When verification, the effective digital certificate that can not be deleted by the mistake damages the equity of user, in the embodiment of the present invention
After middle verification node receives the deletion message of the identification information comprising the block, judge every in the block of itself identification information
Whether a digital certificate is invalid, and when each digital certificate is invalid in the block for determining the identification information, deletes the mark
Know the block body of the block of information.
Such as:Backup node is invalid for each of block A preservations backup digital certificate, then explanation is directed to block A
Each of preservation backup digital certificate can be deleted, and it includes block A identification informations to be sent to each of block chain verification node
00001 deletion message passes through identification information 00001 after verification node receives the deletion message comprising identification information 00001
Whether the block A for identifying the identification information that itself is preserved, it is invalid to verify in itself block A each digital certificate, if oneself
Each digital certificate is invalid in body block A, deletes the block body of block A.
Due in embodiments of the present invention, being demonstrate,proved if backup node judgement backs up number for each of a certain block preservation
Book is invalid, and the deletion message of the identification information comprising the block is sent to each of block chain verification node, makes each test
Card node judges whether each digital certificate is invalid in the block of itself identification information, and in the area for determining the identification information
When each digital certificate is invalid in block, the block body of the block of the identification information is deleted, data certificate storing process is reduced
The memory space of middle occupancy has saved storage and the computing resource of verification node, has improved the operational efficiency and use of verification node
The experience at family.
Embodiment 2:
In order to more accurately determine for whether each of each block preservation backup digital certificate is invalid, in above-mentioned reality
On the basis of applying example, in embodiments of the present invention, it is described according to itself for each block preserve each of backup digital certificate
Information, determine for the block preserve each of backup digital certificate whether include in vain:
According to itself for the information of each of each block preservation backup digital certificate, determine for block preservation
Whether the term of validity of each backup digital certificate expired and/or whether the state of backup digital certificate is to revoke;
If preserving each backup digital certificate for the block as the term of validity is expired and/or the shape of backup digital certificate
State is to revoke, and it is invalid for each of block preservation backup digital certificate to determine.
In embodiments of the present invention, the information for backing up digital certificate includes:The term of validity and backup number of backup digital certificate
The status information of the status information of word certificate, wherein Backup Data certificate includes:It signs and issues, revoke, hang up, restore, backup section
Point can by identifying the status information of backup digital certificate, the state of determination backup digital certificate whether be revoke, specifically,
Identification to backup digital certificate status information is that the prior art no longer repeats.Backup node can be according to itself for every
Whether the term of validity of each of a block preservation backup digital certificate is expired, determines for each of block preservation backup number
Whether word certificate is invalid;It of courses, it can also be according to itself for the shape of each of each block preservation backup digital certificate
Whether state is to revoke, and is determined for whether each of block preservation backup digital certificate is invalid.
Preferably, can simultaneously according to itself for each block preserve each of backup digital certificate the term of validity whether
Whether expired and backup digital certificate state is to revoke, and determine is for each of each block preservation backup digital certificate
It is no invalid.If the term of validity for being satisfied by the backup digital certificate for each of block preservation backup digital certificate is expired
And/or the state of the backup digital certificate is to revoke, it is invalid for each of block preservation backup digital certificate to determine.
In the embodiment of the present invention, for each backup digital certificate, if the term of validity of the backup digital certificate is expired or this is standby
The state of part digital certificate is to revoke, it is determined that the backup digital certificate is invalid.
Such as:Backup node preserves backup digital certificate 5, backup digital certificate 6 for block C, wherein backup number
The term of validity of certificate 5 is on July 5, -2016 years on the 5th July in 2015, and state is not revoke, and the term of validity of backup digital certificate 6 is
On July 5, -2017 years on the 5th July in 2016, state are to revoke, and current time is on March 29th, 2017, backup digital certificate 5
The term of validity is expired, and the state of backup digital certificate 6 is to revoke, and determines for each of the block C preservations equal nothing of backup digital certificate
Effect.
Embodiment 3:
Node is verified caused by the certificate of backup node is maliciously tampered in order to prevent to the digital certificate that itself preserves
Mistake is deleted, on the basis of the various embodiments described above, in embodiments of the present invention, if each of described block chain verification section
The each digital certificate preserved in each block of point is converted using preset algorithm, described to be tested to each of block chain
After demonstrate,proving the deletion message that node sends the identification information comprising the block, the method further includes:
Itself is sent to each verification node for each of the block preservation of identification information backup digital certificate.
In order to ensure each to verify the digital certificate data safety of node preservation in block chain, each of block chain is tested
Card node can be become each digital certificate preserved in each block using preset algorithm according to advance setting
It changes.Such as:Verification node carries out hash operations, each block to each digital certificate that each block preserves using hashing algorithm
Preserve each digital certificate after carrying out hash operations.In embodiments of the present invention, if verification node preserves each block
Each digital certificate converted using preset algorithm, backup node be directed to block chain in each block back up the block
Each digital certificate before being converted using preset algorithm of middle preservation.
Specifically, if each digital certificate preserved in each block of each of block chain verification node uses in advance
If algorithm be changed, backup node according to itself for each block preserve each of backup digital certificate information, really
Surely be directed to the block preserve each backup digital certificate it is invalid after, include to be somebody's turn to do to block chain each of verification node transmission
After the deletion message of the identification information of block, also by itself for each of block preservation of identification information backup number card
Book is sent to each verification node, and verification node receives the deletion message of the identification information comprising the block of backup node transmission
After backup digital certificate, itself mark is determined according to the identification information with each of block preservation for the identification information
Know the block of information, and number is backed up in each of the block preservation using preset algorithm by backup node for the identification information
Certificate is converted, by judge itself identification information block preserve each digital certificate whether with the backup number
Digital certificate Corresponding matching after certificate transformation, so that it is determined that backup node is standby for each of the block preservation of the identification information
Whether part digital certificate is correct.
Such as:The each digital certificate preserved in each block of each of block chain verification node uses hashing algorithm
It being changed, each of block E preservations that it is 00005 for identification information that backup node, which is determined, backup digital certificate is invalid,
After backup node each verifies the deletion message that node transmission includes identification information 00005 into block chain, and itself is directed to
Each of the block E preservations that identification information is 00005 backup digital certificate is sent to each of block chain and verifies node.
Verification node receives the deletion message comprising identification information 00005 and is protected for the block of identification information 00005
After each of depositing backup digital certificate, identify that self identification information is 00005 block E according to identification information 00005, using pre-
If hashing algorithm by backup node for identification information 00005 block preserve each of backup digital certificate carry out hash fortune
Calculate, judge each digital certificate preserved in itself block E whether with the backup digital certificate Corresponding matching after hash operations,
If so, determining that backup node is correct for each of block E preservations backup digital certificate.
Embodiment 4:
Fig. 4 is that a kind of digital certificate based on block chain provided in an embodiment of the present invention deletes process schematic, the process
Including:
S401:The deletion message for the identification information comprising block that backup node is sent in block chain is received, wherein described
It is letter of the backup node according to its own for each of each block preservation backup digital certificate in block chain to delete message
Breath determines and preserves the invalid rear transmission of each backup digital certificate for the block.
A kind of digital certificate delet method based on block chain provided in an embodiment of the present invention is applied to appointing in block chain
One verification node, which can be the equipment such as the PC machine with operation and store function, server.
In embodiments of the present invention, each to verify each of node because if do not changed maliciously in block chain
The digital certificate preserved in corresponding block is identical, and backup node protects each block that node is each verified in block chain
The digital certificate deposited is backed up, that is, is directed to each area digital certificate in the block that verification node preserves and is backed up, backed up
In node the corresponding backup digital certificate of each digital certificate in the block is preserved for each block.Backup node is according to certainly
Body is determined for the information of each of each block preservation backup digital certificate for the digital card of each of block preservation backup
Whether book is invalid, if invalid for backup digital certificate each of is preserved in the block, is each verified into block chain
Node sends the deletion message of the identification information comprising the block.
Such as:Backup node preserves backup digital certificate 1, backup digital certificate 2, current time 2017 for block A
On March 29, for block A backup nodes according to term of validity July 1-2016 years on the 1st July in 2015 of backup digital certificate 1
Day, determine that the term of validity of backup digital certificate 1 is expired, backup digital certificate 1 is invalid, according to the term of validity of backup digital certificate 2
On 2 1st, 1 on the 1st 2 months 2016, determine that the term of validity of backup digital certificate 2 is expired, backup digital certificate 2 is invalid, needle
Backup digital certificate 1, the backup digital certificate 2 preserved to block A is invalid, determines for each of block A preservations backup number
Word certificate is invalid, and the deletion that the identification information 00001 comprising block A is sent to each of block chain verification node disappears
Breath.
Specifically, backup node is standby for each of each block preservation according to its own in verification node reception block chain
The information of part digital certificate, determine for the block preserve each backup digital certificate in vain after, transmission includes the area
The deletion message of the identification information of block.
S402:Judge whether each digital certificate is invalid in the block for the identification information that itself is preserved.
Specifically, after verifying the deletion message that node receives the identification information comprising block that backup node is sent, sentence
Whether each digital certificate is invalid in the block of the disconnected identification information itself preserved, wherein verification node can be according to number
The term of validity of certificate judges whether the digital certificate is effective.
Such as:Verification node receives the deletion message of the identification information 00001 comprising block of backup node transmission, knows
The block A that other self identification information is 00001, block A preserve digital certificate 1, digital certificate 2, current time in March, 2017
29, verification node determined having for digital certificate 1 according to the term of validity on July 1, -2016 years on the 1st July in 2015 of digital certificate 1
The effect phase is expired, and digital certificate 1 is invalid, according to the term of validity on 2 1st, 1 on the 1st 2 months 2016 of digital certificate 2, determines number
The term of validity of word certificate 2 is expired, and digital certificate 2 is invalid, and digital certificate 1, the digital certificate 2 preserved for block A is invalid, really
It is invalid to determine each digital certificate in the block A that identification information is 00001.
S403:If it is determined that each digital certificate is invalid in the block of the identification information, the block body of the block is deleted.
Each block in block chain is made of block head and block body, preserved in block head the block generation when
Between, the cryptographic Hash of the upper block before the time that father's block cryptographic Hash, the i.e. block generate is every according to what is preserved in the block
The Merkle values that a digital certificate determines preserve each digital certificate for being recorded in the block in block body.Fig. 3 is the present invention
A kind of storage organization schematic diagram for verification node digital certificate that embodiment provides verifies node sequentially in time successively
Invasive generation block, block 2 ... block n are stored, wherein each block is made of block head and block body, is preserved in each block body
There is each digital certificate for being stored in the block.
Specifically, if verification node determines that each digital certificate is invalid in the block of the identification information, illustrates this
Each digital certificate can be deleted in block, delete block body of the block for digital certificate;If it is true to verify node
There are at least one effective digital certificate in the block of the fixed identification information, then illustrate the number there are unsuppressible-suppression in the block
Word certificate abandons the deletion message that the backup node is sent, does not do any processing to the block.
Such as:Verification node determines that each digital certificate is invalid in the block A that identification information is 00001, then deletes area
Block A is used for the block body of digital certificate.
Since in embodiments of the present invention, verification node is preserved according to its own for each block according to backup node
Each information of backup digital certificate judges for the invalid rear packet sent of each of a certain block preservation backup digital certificate
The deletion message of identification information containing the block, after determining in the block of itself identification information that each digital certificate is invalid,
The block body for deleting the block of the identification information, reduces the memory space occupied in data certificate storing process, has saved
Storage and computing resource, the experience of the operational efficiency and user that improve.
Embodiment 5:
The mistake of the digital certificate preserved in order to prevent to itself caused by the certificate of backup node is maliciously tampered is deleted,
On the basis of the various embodiments described above, in embodiments of the present invention, if used each digital certificate that each block preserves
Preset algorithm is converted, the deletion message for receiving the identification information comprising block that backup node is sent in block chain
Afterwards, the method further includes:
It is standby for each of the block preservation of the identification information to receive the backup node that the backup node is sent
Part digital certificate;
In the block for judging the identification information that itself is preserved each digital certificate whether it is invalid before, it is described
Method further includes:
Each backup digital certificate is converted using the preset algorithm;
For each digital certificate preserved in the block of the identification information, each digital certificate itself preserved is judged
Digital certificate Corresponding matching after whether being converted with the backup digital certificate;
If so, carrying out subsequent step.
In order to ensure each to verify the digital certificate data safety of node preservation in block chain, verification node can basis
Advance setting is converted each digital certificate that each block preserves using preset algorithm using preset algorithm,
Such as:Verification node carries out hash operations to each digital certificate preserved in each block using hashing algorithm, for each
Block preserves each digital certificate after carrying out hash operations.In embodiments of the present invention, if verification node is to each block
The each digital certificate preserved is converted using preset algorithm, and backup node is directed to each block backup in block chain should
Each digital certificate before what is preserved in block converted using preset algorithm, and preserve each digital certificate
Information.
Specifically, if verification node becomes each digital certificate preserved in each block using preset algorithm
Change, what verification node received that backup node in block chain sends saves comprising after block-identified deletion message, receiving the backup
The backup node that point is sent is for each of the block preservation of identification information backup digital certificate.
In addition, the backup digital certificate that backup node is preserved for the block of the identification information in order to prevent is maliciously usurped
Change, verification node in the block for judging the mark that itself is preserved each digital certificate whether in vain before, also need to judge
Whether each backup digital certificate that backup node is sent is correct, specifically, verification node uses preset algorithm to institute
It states each backup digital certificate to be converted, be demonstrate,proved by judging itself for number each of is preserved in the block of the identification information
Book, i.e., the digital certificate after being converted using preset algorithm, if the number after being converted with the backup digital certificate is demonstrate,proved
Book Corresponding matching, if Corresponding matching, it is determined that each backup that the backup node is preserved for the block of the identification information
Digital certificate is not tampered with, and backup node is correct for each of the block preservation of identification information backup digital certificate.At this time
Because backup node it is determined that each of to preserve backup digital certificate in the block of the identification information invalid, then verifies node
The block body of the block of the identification information can also be deleted, but because the reliability for the backup certificate that backup node preserves is not
It is very high, it is each in the block of itself identification information of the verification node verification in order to further ensure the safety of digital certificate
Whether digital certificate is invalid.
If verification node converts each backup digital certificate using preset algorithm, judge that itself is directed to
The each digital certificate preserved in the block of the identification information, i.e., the digital certificate after being converted using preset algorithm, no
Digital certificate Corresponding matching after capable of being converted with the backup digital certificate then illustrates that the backup node is directed to the identification information
Block preserve in each backup digital certificate that there are at least one backup digital certificates to be tampered, in order to ensure itself preservation
Digital certificate correctness, avoid the digital certificate of the effective unsuppressible-suppression of deletion of mistake, verification node from abandoning described standby
The deletion message that part node is sent, does not do any processing to the block of the identification information.
Embodiment 6:
In order to accurately determine, whether each digital certificate is invalid in itself block, on the basis of the various embodiments described above
On, in embodiments of the present invention, the whether equal nothing of each digital certificate in the block of the identification information for judging itself preservation
Effect includes:
Obtain the term of validity and status information of each digital certificate in the block of the identification information of itself preservation;
Judge whether the term of validity of each digital certificate in the block of the identification information expired and/or state of digital certificate
Whether it is to revoke;
If each digital certificate is that the term of validity is expired and/or the state of digital certificate is to hang in the block of the identification information
Pin, determines that each digital certificate is invalid in the block of the identification information.
In embodiments of the present invention, the information of digital certificate includes:The term of validity of digital certificate and the state of digital certificate
The status information of information, wherein data certificate includes:It signs and issues, revoke, hang up, restore, verification node can be by identifying number
The status information of word certificate determines whether the state of digital certificate is to revoke, specifically, the identification to digital certificate status information
It is that the prior art is no longer repeated.If not being directed to verification node to preset, verification node in each block to preserving
Each digital certificate converted using preset algorithm, in block of the verification node according to the identification information itself preserved
The information of each digital certificate identifies and each of preserves having for not transformed each digital certificate in the block of the identification information
The effect phase, verification node can in the block according to the identification information itself preserved each digital certificate the term of validity whether mistake
Phase determines whether each digital certificate is invalid in the block of the identification information;It of courses, what can also be preserved according to itself should
Whether the state of each digital certificate is to revoke in the block of identification information, determines each number in the block of the identification information
Whether certificate is invalid.
Preferably, the term of validity of each digital certificate is in the block for the identification information that can be preserved simultaneously according to itself
Whether no expired and digital certificate state is to revoke, and determines each whether equal nothing of digital certificate in the block of the identification information
Effect.If the term of validity for being satisfied by the digital certificate for each digital certificate in the block of the identification information is expired and/or should
The state of digital certificate is to revoke, and determines that each digital certificate is invalid in the block of the identification information.In the embodiment of the present invention
In, for each digital certificate, if it is to revoke that the term of validity of the digital certificate, which is expired or the digital certificate state,
Then determine that the digital certificate is invalid.
Such as:The identification information for the block that the deletion message that backup node is sent includes is 00003, verification node itself mark
Know and preserve digital certificate 5, digital certificate 6 in the block C that information is 00003, the wherein term of validity of digital certificate 5 is 2015
July 5-2016 years on the 5th July, state are not revoke, and the term of validity of digital certificate 6 is July 5-2017 years on the 5th July in 2016
Day, state is to revoke, and current time is on March 29th, 2017, and the term of validity of digital certificate 5 is expired, the certificate shape of digital certificate 6
State is to revoke, and determines that each digital certificate is invalid in the block C that self identification information is 00003.
In addition, if in order to ensure each to verify the digital certificate data safety of node preservation in block chain, for testing
Card node is preset, and verification node converts each digital certificate preserved in each block using preset algorithm,
Because the term of validity of digital certificate is recorded in digital certificate, verification node cannot identify that the block of the identification information preserves
The term of validity of digital certificate after transformation, per number in the block in order to make the identification information that verification node judges that itself is preserved
Whether word certificate is invalid, in embodiments of the present invention, if verification node is for each of backup node transmission backup number
Certificate judges that itself is converted with the backup digital certificate for each digital certificate preserved in the block of the identification information
Digital certificate Corresponding matching afterwards, verification node are directed to the mark according to the backup node that the backup node received is sent
The status information for knowing each of the block preservation of information backup digital certificate and each digital certificate itself preserved, judges itself
Whether each digital certificate is invalid in the block of the identification information preserved.
Specifically, verification node according to the state of each digital certificate in the block of the identification information whether be revoke with/
Or each of receive backup digital certificate the term of validity it is whether expired, determine each digital certificate in the block of the identification information
It is whether invalid.If in the block of the identification information each digital certificate be satisfied by the digital certificate state be revoke and/
Or it is that the term of validity is expired each of to receive backup digital certificate, determines the equal nothing of each digital certificate in the block of the identification information
Effect.In embodiments of the present invention, for each digital certificate, if the status information of the digital certificate is to revoke, or with the number
The backup digital certificate of word certificate Corresponding matching is that the term of validity is expired, it is determined that the digital certificate is invalid.
Such as:The each digital certificate preserved in each block of each of block chain verification node uses hashing algorithm
It being changed, each of block E preservations that it is 00005 for identification information that backup node, which is determined, backup digital certificate is invalid,
After backup node each verifies the deletion message that node transmission includes identification information 00005 into block chain, and itself is directed to
Each of the block E preservations that identification information is 00005 backup digital certificate is sent to each of block chain and verifies node.
Verification node receives the deletion message comprising identification information 00005 and is protected for the block of identification information 00005
After each of depositing backup digital certificate, identify that self identification information is 00005 block E according to identification information 00005, using pre-
If hashing algorithm by backup node for identification information 00005 block preserve each of backup digital certificate carry out hash fortune
Calculate, judge each digital certificate preserved in itself block E whether with the backup digital certificate Corresponding matching after hash operations,
If Corresponding matching, determine that the backup node is not tampered with for each of block E preservations backup digital certificate, it is each to back up
Digital certificate is correct, the status information according to the digital certificate 8 preserved in itself block E be revoke, the state of digital certificate 9 letter
For breath not revoke, the term of validity with the backup digital certificate 8 of 8 Corresponding matching of digital certificate is in July, -2017 on July 5th, 2016
5 days, with the term of validity of the backup digital certificate 9 of 9 Corresponding matching of digital certificate be -2016 years on the 5th Augusts of August in 2015 5 days, when
The preceding time is on March 29th, 2017, determines that the status information of digital certificate 8 is to revoke, the backup with 9 Corresponding matching of digital certificate
The term of validity of digital certificate 9 is expired, determines that each digital certificate preserved in itself block E is invalid.
Embodiment 7:
Fig. 5 is that a kind of digital certificate based on block chain provided in an embodiment of the present invention deletes apparatus structure schematic diagram, should
Device includes:
Determining module 51 is determined for the information according to itself for each of each block preservation backup digital certificate
It is whether invalid for each of block preservation backup digital certificate;
Sending module 52, be used for if it is determined that for the block preserve each of backup digital certificate it is invalid, to block
Each of chain verifies the deletion message that node sends the identification information comprising the block, and each verification node is made to judge that itself should
Whether each digital certificate is invalid in the block of identification information, and each digital certificate in the block for determining the identification information
When invalid, the block body of the block of the identification information is deleted.
The determining module 51 is specifically used for the letter for each of each block preservation backup digital certificate according to itself
Breath, determine for the block each of preserve backup digital certificate whether the term of validity expired and/or the shape of backup digital certificate
Whether state is to revoke;If it is that the term of validity is expired and/or backup number is demonstrate,proved to be directed to each of block preservation backup digital certificate
The state of book is to revoke, and it is invalid for each of block preservation backup digital certificate to determine.
The sending module 52, if being additionally operable to preserve in each block of each of described block chain verification node
Each digital certificate is converted using preset algorithm, each backup that itself is preserved for the block of the identification information
Digital certificate is sent to each verification node.
In embodiments of the present invention, the digital certificate based on block chain as shown in Figure 5 deletes device, is applied to block chain
In any backup node, wherein in the block chain include multiple verification nodes and at least one backup node.
Embodiment 8:
Fig. 6 is that a kind of digital certificate based on block chain provided in an embodiment of the present invention deletes apparatus structure schematic diagram, should
Device includes:
Receiving module 61, the deletion for receiving the identification information comprising block that backup node is sent in block chain disappear
Breath, wherein the message of deleting is that the backup node in block chain is directed to each of each block preservation backup number according to its own
The information of word certificate determines and preserves the invalid rear transmission of each backup digital certificate for the block;
Judgment module 62, each whether equal nothing of digital certificate in the block for judging the identification information that itself is preserved
Effect;
Removing module 63 is used to if it is determined that each digital certificate is invalid in the block of the identification information, delete the area
The block body of block.
The receiving module 61, if be additionally operable to each digital certificate that each block is preserved using preset algorithm into
Row transformation receives each backup that the backup node that the backup node is sent is preserved for the block of the identification information
Digital certificate;
Described device further includes:
Matching module 64, for being converted to each backup digital certificate using the preset algorithm;For
The each digital certificate preserved in the block of the identification information judges whether each digital certificate that itself is preserved is standby with this
Digital certificate Corresponding matching after part digital certificate transformation;If matching result is yes, judgment module is triggered.
The judgment module 62 is specifically used for each digital certificate in the block for obtaining the identification information that itself is preserved
The term of validity and status information;Judge whether the term of validity of each digital certificate in the block of the identification information is expired and/or digital
Whether the state of certificate is to revoke;If each digital certificate is that the term of validity is expired and/or digital in the block of the identification information
The state of certificate is to revoke, and determines that each digital certificate is invalid in the block of the identification information.
In embodiments of the present invention, the digital certificate as shown in FIG. 6 based on block chain deletes device, is applied to block chain
In any verification node, wherein in the block chain include multiple verification nodes and at least one backup node.
Embodiment 9:
Fig. 7 is a kind of digital certificate deletion system structural schematic diagram based on block chain provided in an embodiment of the present invention, should
Deletion system includes that at least one digital certificate based on block chain applied to backup node 71 deletes device and multiple applications
Device is deleted in the digital certificate based on block chain of verification node 72.
The invention discloses a kind of digital certificate delet method, apparatus and system based on block chain, in the block chain
Including multiple verification nodes and at least one backup node, the delet method is applied to any backup node in block chain,
The method includes:According to itself for the information of each of each block preservation backup digital certificate, determines and be directed to the block
Whether each of preservation backup digital certificate is invalid;If it is determined that for each of the block preservation equal nothing of backup digital certificate
Effect sends the deletion message of the identification information comprising the block to each of block chain verification node, makes each verification node
Judge whether each digital certificate is invalid in the block of itself identification information, and every in the block for determining the identification information
When a digital certificate is invalid, the block body of the block of the identification information is deleted.Due in embodiments of the present invention, if backup
It is invalid for each of a certain block preservation backup digital certificate that node judges, is sent to each of block chain verification node
The deletion message for including the identification information of the block makes each verification node judge in the block of itself identification information per number
Whether word certificate is invalid, and when each digital certificate is invalid in the block for determining the identification information, deletes the mark and believes
The block body of the block of breath, reduces the memory space occupied in data certificate storing process, has saved the storage of verification node
And computing resource, improve the experience of the operational efficiency and user of verification node.
For systems/devices embodiment, since it is substantially similar to the method embodiment, so the comparison of description is simple
Single, the relevent part can refer to the partial explaination of embodiments of method.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, the application can be used in one or more wherein include computer usable program code computer
The computer program production implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The application is with reference to method, the flow of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided
Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real
The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to
Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or
The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment of the application has been described, created once a person skilled in the art knows basic
Property concept, then additional changes and modifications can be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the application range.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
God and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (13)
1. a kind of digital certificate delet method based on block chain, comprising multiple verification nodes and at least one in the block chain
Backup node, which is characterized in that the delet method is applied to any backup node in block chain, the method includes:
According to itself for the information of each of each block preservation backup digital certificate, determine for each of block preservation
Whether backup digital certificate is invalid;
If it is determined that it is invalid for each of block preservation backup digital certificate, to each of block chain verification node hair
The deletion message for sending the identification information comprising the block makes each verification node judge each in the block of itself identification information
Whether digital certificate is invalid, and when each digital certificate is invalid in the block for determining the identification information, deletes the mark
The block body of the block of information.
2. the method as described in claim 1, which is characterized in that described to be directed to each backup that each block preserves according to itself
The information of digital certificate, determine for the block preserve each of backup digital certificate whether include in vain:
According to itself for the information of each of each block preservation backup digital certificate, determine for each of block preservation
Whether the term of validity of backup digital certificate expired and/or whether the state of backup digital certificate is to revoke;
If it is that the term of validity is expired and/or the state of backup digital certificate is each of to preserve backup digital certificate for the block
It revokes, it is invalid for each of block preservation backup digital certificate to determine.
3. the method as described in claim 1, which is characterized in that if each area of each of described block chain verification node
The each digital certificate preserved in block is converted using preset algorithm, described to be sent to each of block chain verification node
Including after the deletion message of the identification information of the block, the method further includes:
Itself is sent to each verification node for each of the block preservation of identification information backup digital certificate.
4. a kind of digital certificate delet method based on block chain, comprising multiple verification nodes and at least one in the block chain
Backup node, which is characterized in that the delet method is applied to any verification node in block chain, the method includes:
The deletion message for receiving the identification information comprising block that backup node is sent in block chain, wherein the deletion message is
According to its own for the information of each of each block preservation backup digital certificate, determination is directed to backup node in block chain
The invalid rear transmission of each of block preservation backup digital certificate;
Judge whether each digital certificate is invalid in the block for the identification information that itself is preserved;
If it is determined that each digital certificate is invalid in the block of the identification information, the block body of the block is deleted.
5. method as claimed in claim 4, which is characterized in that if used each digital certificate that each block preserves pre-
If algorithm converted, it is described receive block chain in backup node send the identification information comprising block deletion message
Afterwards, the method further includes:
It receives the backup node that the backup node is sent and is directed to each of the block preservation of identification information backup number
Word certificate;
In the block for judging the identification information that itself is preserved each digital certificate whether it is invalid before, the method
Further include:
Each backup digital certificate is converted using the preset algorithm;
For each digital certificate preserved in the block of the identification information, judge itself preserve each digital certificate whether
Digital certificate Corresponding matching after being converted with the backup digital certificate;
If so, carrying out subsequent step.
6. the method as described in right 4 or 5, which is characterized in that every in the block of the identification information for judging itself preservation
A digital certificate whether include in vain:
Obtain the term of validity and status information of each digital certificate in the block of the identification information of itself preservation;
Judge whether the term of validity of each digital certificate in the block of the identification information expired and/or whether is state of digital certificate
To revoke;
If each digital certificate is that the term of validity is expired and/or the state of digital certificate is to revoke in the block of the identification information,
Determine that each digital certificate is invalid in the block of the identification information.
7. a kind of digital certificate based on block chain deletes device, which is characterized in that described device includes:
Determining module, for the information according to itself for each of each block preservation backup digital certificate, determining be directed to should
Whether each of block preservation backup digital certificate is invalid;
Sending module, be used for if it is determined that for the block preserve each of backup digital certificate it is invalid, into block chain
Each verification node sends the deletion message of the identification information comprising the block, and each verification node is made to judge that itself mark is believed
Whether each digital certificate is invalid in the block of breath, and each digital certificate is invalid in the block for determining the identification information
When, delete the block body of the block of the identification information.
8. device as claimed in claim 7, which is characterized in that the determining module is specifically used for according to itself for each
The information of each of block preservation backup digital certificate, determines the term of validity for each of block preservation backup digital certificate
Whether whether expired and/or backup digital certificate state is to revoke;If for each of block preservation backup number card
Book is that the term of validity is expired and/or the state of backup digital certificate is to revoke, and determines that preserve each backup for the block digital
Certificate is invalid.
9. device as claimed in claim 7, which is characterized in that the sending module, if be additionally operable in the block chain
The each digital certificate preserved in each block of each verification node is converted using preset algorithm, itself is directed to institute
It states each of the block preservation of identification information backup digital certificate and is sent to each verification node.
10. a kind of digital certificate based on block chain deletes device, which is characterized in that described device includes:
Receiving module, the deletion message for receiving the identification information comprising block that backup node is sent in block chain, wherein
The message of deleting is that the backup node in block chain is directed to each of each block preservation backup digital certificate according to its own
Information, determine and preserve the invalid rear transmission of each backup digital certificate for the block;
Judgment module, whether each digital certificate is invalid in the block for judging the identification information that itself is preserved;
Removing module is used to if it is determined that each digital certificate is invalid in the block of the identification information, delete the area of the block
Block.
11. device as claimed in claim 10, which is characterized in that the receiving module, if being additionally operable to protect each block
The each digital certificate deposited is converted using preset algorithm, is received the backup node that the backup node is sent and is directed to
Each of the block preservation of identification information backup digital certificate;
Described device further includes:
Matching module, for being converted to each backup digital certificate using the preset algorithm;For the mark
Know each digital certificate preserved in the block of information, judges whether each digital certificate that itself is preserved is digital with the backup
Digital certificate Corresponding matching after certificate transformation;If matching result is yes, judgment module is triggered.
12. device as claimed in claim 10, which is characterized in that the judgment module is specifically used for obtaining what itself was preserved
The term of validity and status information of each digital certificate in the block of the identification information;Judge in the block of the identification information per number
Whether the term of validity of word certificate is expired and/or whether state of digital certificate is to revoke;If every in the block of the identification information
A digital certificate is that the term of validity is expired and/or the state of digital certificate is to revoke, and is determined in the block of the identification information per number
Word certificate is invalid.
13. a kind of digital certificate deletion system based on block chain, which is characterized in that the deletion system include it is at least one such as
Claim 7-9 any one of them be applied to backup node digital certificate based on block chain delete device and it is multiple such as
The digital certificate based on block chain that claim 10-12 any one of them is applied to verification node deletes device.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710218253.XA CN108696356B (en) | 2017-04-05 | 2017-04-05 | Block chain-based digital certificate deleting method, device and system |
PCT/CN2018/078888 WO2018184447A1 (en) | 2017-04-05 | 2018-03-13 | Blockchain-based digital certificate deletion method, device and system, and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710218253.XA CN108696356B (en) | 2017-04-05 | 2017-04-05 | Block chain-based digital certificate deleting method, device and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108696356A true CN108696356A (en) | 2018-10-23 |
CN108696356B CN108696356B (en) | 2020-08-18 |
Family
ID=63711997
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710218253.XA Active CN108696356B (en) | 2017-04-05 | 2017-04-05 | Block chain-based digital certificate deleting method, device and system |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108696356B (en) |
WO (1) | WO2018184447A1 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981586A (en) * | 2019-02-27 | 2019-07-05 | 北京柏链基石科技有限公司 | A kind of vertex ticks method and device |
CN110264187A (en) * | 2019-01-23 | 2019-09-20 | 腾讯科技(深圳)有限公司 | Data processing method, device, computer equipment and storage medium |
CN110598482A (en) * | 2019-09-30 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain-based digital certificate management method, device, equipment and storage medium |
CN111027974A (en) * | 2019-12-12 | 2020-04-17 | 腾讯科技(深圳)有限公司 | Identification code verification method, device, equipment and storage medium |
CN111737766A (en) * | 2020-08-03 | 2020-10-02 | 南京金宁汇科技有限公司 | Method for judging validity of digital certificate signature data in block chain |
WO2020259352A1 (en) * | 2019-06-26 | 2020-12-30 | 华为技术有限公司 | Data processing method, node, and blockchain system |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109493044A (en) * | 2018-11-08 | 2019-03-19 | 深圳壹账通智能科技有限公司 | Block chain block delet method, device and terminal device |
CN111783133B (en) * | 2020-06-02 | 2023-06-30 | 广东科学技术职业学院 | Network resource management method based on block chain technology |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103491100A (en) * | 2013-09-30 | 2014-01-01 | 中国科学院计算技术研究所 | System for establishing token association relationship between multiple parties |
CN104202159A (en) * | 2014-09-28 | 2014-12-10 | 网易有道信息技术(北京)有限公司 | Key distributing method and equipment |
CN106385315A (en) * | 2016-08-30 | 2017-02-08 | 北京三未信安科技发展有限公司 | Digital certificate management method and system |
CN106504091A (en) * | 2016-10-27 | 2017-03-15 | 上海亿账通区块链科技有限公司 | The method and device that concludes the business on block chain |
US20170091726A1 (en) * | 2015-09-07 | 2017-03-30 | NXT-ID, Inc. | Low bandwidth crypto currency transaction execution and synchronization method and system |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150206106A1 (en) * | 2014-01-13 | 2015-07-23 | Yaron Edan Yago | Method for creating, issuing and redeeming payment assured contracts based on mathemematically and objectively verifiable criteria |
CN105790954B (en) * | 2016-03-02 | 2019-04-09 | 布比(北京)网络技术有限公司 | A kind of method and system constructing electronic evidence |
-
2017
- 2017-04-05 CN CN201710218253.XA patent/CN108696356B/en active Active
-
2018
- 2018-03-13 WO PCT/CN2018/078888 patent/WO2018184447A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103491100A (en) * | 2013-09-30 | 2014-01-01 | 中国科学院计算技术研究所 | System for establishing token association relationship between multiple parties |
CN104202159A (en) * | 2014-09-28 | 2014-12-10 | 网易有道信息技术(北京)有限公司 | Key distributing method and equipment |
US20170091726A1 (en) * | 2015-09-07 | 2017-03-30 | NXT-ID, Inc. | Low bandwidth crypto currency transaction execution and synchronization method and system |
CN106385315A (en) * | 2016-08-30 | 2017-02-08 | 北京三未信安科技发展有限公司 | Digital certificate management method and system |
CN106504091A (en) * | 2016-10-27 | 2017-03-15 | 上海亿账通区块链科技有限公司 | The method and device that concludes the business on block chain |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110264187A (en) * | 2019-01-23 | 2019-09-20 | 腾讯科技(深圳)有限公司 | Data processing method, device, computer equipment and storage medium |
CN110264187B (en) * | 2019-01-23 | 2021-06-04 | 腾讯科技(深圳)有限公司 | Data processing method and device, computer equipment and storage medium |
US11574290B2 (en) | 2019-01-23 | 2023-02-07 | Tencent Technology (Shenzhen) Company Limited | Data processing method and apparatus, computer device, and storage medium |
US11935015B2 (en) | 2019-01-23 | 2024-03-19 | Tencent Technology (Shenzhen) Company Limited | Data processing method and apparatus, computer device, and storage medium |
CN109981586A (en) * | 2019-02-27 | 2019-07-05 | 北京柏链基石科技有限公司 | A kind of vertex ticks method and device |
WO2020259352A1 (en) * | 2019-06-26 | 2020-12-30 | 华为技术有限公司 | Data processing method, node, and blockchain system |
CN110598482A (en) * | 2019-09-30 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain-based digital certificate management method, device, equipment and storage medium |
CN110598482B (en) * | 2019-09-30 | 2023-09-15 | 腾讯科技(深圳)有限公司 | Digital certificate management method, device, equipment and storage medium based on blockchain |
CN111027974A (en) * | 2019-12-12 | 2020-04-17 | 腾讯科技(深圳)有限公司 | Identification code verification method, device, equipment and storage medium |
CN111737766A (en) * | 2020-08-03 | 2020-10-02 | 南京金宁汇科技有限公司 | Method for judging validity of digital certificate signature data in block chain |
Also Published As
Publication number | Publication date |
---|---|
CN108696356B (en) | 2020-08-18 |
WO2018184447A1 (en) | 2018-10-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108696356A (en) | A kind of digital certificate delet method, apparatus and system based on block chain | |
US10880306B2 (en) | Verification information update | |
CN106230851B (en) | Data security method and system based on block chain | |
CN108111314B (en) | Method and equipment for generating and verifying digital certificate | |
CN106899410B (en) | A kind of method and device of equipment identities certification | |
CN104980477B (en) | Data access control method and system under cloud storage environment | |
CN109309565A (en) | A kind of method and device of safety certification | |
CN108416589A (en) | Connection method, system and the computer readable storage medium of block chain node | |
CN105516948B (en) | A kind of apparatus control method and device | |
CN109819443A (en) | Authentication registration method, apparatus and system based on block chain | |
CN109257334A (en) | A kind of data chain loading system, method and storage medium based on block chain | |
CN105933374B (en) | A kind of mobile terminal data backup method, system and mobile terminal | |
CN109308421A (en) | A kind of information tamper resistant method, device, server and computer storage medium | |
CN109921902A (en) | A kind of key management method, safety chip, service server and information system | |
CN109831311A (en) | A kind of server validation method, system, user terminal and readable storage medium storing program for executing | |
EP3552131A1 (en) | Password security | |
CN109756460A (en) | A kind of anti-replay-attack method and device | |
CN110362984A (en) | Method and device for operating service system by multiple devices | |
CN110334531A (en) | Management method, host node, system, storage medium and the device of virtual machine key | |
CN110347745A (en) | Time service authentication method, device and the equipment of a kind of piece of chain type account book | |
CN112651742A (en) | Supervision-capable distributed confidential transaction system and method | |
CN105578464B (en) | A kind of WLAN certificate identification method, the apparatus and system of enhancing | |
CN115348107A (en) | Internet of things equipment secure login method and device, computer equipment and storage medium | |
CN108881104A (en) | The method and apparatus that a kind of pair of application program is verified | |
CN111935191B (en) | Password resetting method, system and device and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |