CN114826609A - Electronic certificate management method, device and system based on block chain - Google Patents

Electronic certificate management method, device and system based on block chain Download PDF

Info

Publication number
CN114826609A
CN114826609A CN202210356933.9A CN202210356933A CN114826609A CN 114826609 A CN114826609 A CN 114826609A CN 202210356933 A CN202210356933 A CN 202210356933A CN 114826609 A CN114826609 A CN 114826609A
Authority
CN
China
Prior art keywords
certificate
electronic certificate
electronic
template
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210356933.9A
Other languages
Chinese (zh)
Other versions
CN114826609B (en
Inventor
张涛
代平
左思图
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ant Blockchain Technology Shanghai Co Ltd
Original Assignee
Ant Blockchain Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ant Blockchain Technology Shanghai Co Ltd filed Critical Ant Blockchain Technology Shanghai Co Ltd
Priority to CN202210356933.9A priority Critical patent/CN114826609B/en
Publication of CN114826609A publication Critical patent/CN114826609A/en
Application granted granted Critical
Publication of CN114826609B publication Critical patent/CN114826609B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

One or more embodiments of the specification disclose a block chain-based electronic certificate management method, device and system. The method is applied to a certificate issuing platform which accesses a blockchain system, and comprises the following steps: acquiring an electronic certificate template corresponding to a certificate authority and identity information of a certificate acquirer; the electronic certificate template is a template approved by the operation platform; generating an electronic certificate corresponding to the certificate claiming party according to the electronic certificate template and the identity information of the claiming party; and uploading the electronic certificate and the identity information of the acquirer to the blockchain system in a correlated manner, and sending the electronic certificate to a client corresponding to the certificate acquirer so that the certificate acquirer can acquire the electronic certificate through the client.

Description

Electronic certificate management method, device and system based on block chain
Technical Field
The present disclosure relates to the field of blockchain technologies, and in particular, to a method, an apparatus, and a system for managing an electronic certificate based on a blockchain.
Background
The Blockchain (Blockchain) is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. Blockchains are an important concept of bitcoin, which is essentially a decentralized database. In the block chain system, data blocks are combined into a chain data structure in a sequential connection mode according to a time sequence, and a distributed account book which is not falsifiable and counterfeitable is ensured in a cryptographic mode. Because the block chain has the characteristics of decentralization, information non-tamper property, autonomy, independence and the like, the block chain is more and more valued and applied by people.
Disclosure of Invention
In one aspect, one or more embodiments of the present specification provide an electronic certificate management method based on a blockchain, which is applied to a certificate issuing platform, where the certificate issuing platform accesses a blockchain system; the method comprises the following steps: the method comprises the steps of obtaining an electronic certificate template corresponding to a certificate authority and identity information of a certificate acquirer, wherein the electronic certificate template is a template passing verification of an operation platform. And generating an electronic certificate corresponding to the certificate claiming party according to the electronic certificate template and the identity information of the claiming party. And uploading the electronic certificate and the identity information of the acquirer to the blockchain system in a correlated manner, and sending the electronic certificate to a client corresponding to the certificate acquirer so that the certificate acquirer can acquire the electronic certificate through the client.
In another aspect, one or more embodiments of the present specification provide an electronic certificate management method based on a blockchain, which is applied to a client, where the client accesses a blockchain system; the method comprises the following steps: receiving an acquisition request aiming at an electronic certificate sent by a certificate acquirer, wherein the acquisition request carries certificate identification information of the electronic certificate, and the electronic certificate is generated through an electronic certificate template which corresponds to a certificate authority and is approved by the operation platform. And displaying the electronic certificate corresponding to the certificate identification information to the certificate claiming party according to the claiming request. Uploading the pickup event information of the electronic certificate to the blockchain system, so that the pickup event information and the electronic certificate are stored in the blockchain system in an associated manner.
In another aspect, one or more embodiments of the present specification provide an electronic certificate management apparatus based on a blockchain, which is applied to a certificate issuing platform, where the certificate issuing platform accesses a blockchain system; the device comprises: the first acquisition module acquires an electronic certificate template corresponding to the certificate authority and identity information of a certificate acquirer, wherein the electronic certificate template is a template approved by the operation platform. And the first generation module generates the electronic certificate corresponding to the certificate claiming party according to the electronic certificate template and the identity information of the claiming party. And the first chain loading module is used for uploading the electronic certificate and the identity information of the acquirer to the blockchain system in a correlated manner, and sending the electronic certificate to a client corresponding to the certificate acquirer, so that the certificate acquirer can acquire the electronic certificate through the client.
In yet another aspect, one or more embodiments of the present specification provide an electronic certificate management apparatus based on a blockchain, which is applied to a client, where the client accesses a blockchain system; the device comprises: the first receiving module is used for receiving an obtaining request aiming at an electronic certificate sent by a certificate obtaining party, wherein the obtaining request carries obtaining party identity information of the certificate obtaining party, and the electronic certificate is generated through an electronic certificate template which corresponds to a certificate issuing organization and is approved by the operation platform. And the first display module is used for displaying the electronic certificate corresponding to the certificate identification information to the certificate claiming party according to the claiming request. And the second uplink module uploads the picking event information of the electronic certificate to the blockchain system so that the picking event information and the electronic certificate are stored in the blockchain system in an associated manner.
In yet another aspect, one or more embodiments of the present specification provide an electronic certificate management system based on a blockchain, including a certificate issuing platform and an operation platform, where both the certificate issuing platform and the operation platform access the blockchain system. Wherein: and the operation platform is used for auditing the electronic certificate template which is generated by the certificate issuing platform and corresponds to the certificate issuing organization. And if the verification is passed, determining that the certificate authority can use the electronic certificate template to issue the electronic certificate. And the certificate issuing platform acquires the electronic certificate template corresponding to the certificate issuing mechanism and the identity information of the certificate retriever. And generating an electronic certificate corresponding to the certificate claiming party according to the electronic certificate template and the identity information of the claiming party. And uploading the electronic certificate and the identity information of the acquirer to the blockchain system in a correlated manner, and sending the electronic certificate to a client corresponding to the certificate acquirer so that the certificate acquirer can acquire the electronic certificate through the client.
In yet another aspect, one or more embodiments of the present specification provide an electronic certificate management apparatus based on a blockchain, where the apparatus is applied to a certificate issuing platform, where the certificate issuing platform is accessed to a blockchain system; the apparatus includes a processor and a memory electrically connected to the processor, the memory storing a computer program, the processor for invoking and executing the computer program from the memory to implement: the method comprises the steps of obtaining an electronic certificate template corresponding to a certificate authority and identity information of a certificate acquirer, wherein the electronic certificate template is a template passing verification of an operation platform. And generating an electronic certificate corresponding to the certificate claiming party according to the electronic certificate template and the identity information of the claiming party. And uploading the electronic certificate and the identity information of the acquirer to the blockchain system in a correlated manner, and sending the electronic certificate to a client corresponding to the certificate acquirer so that the certificate acquirer can acquire the electronic certificate through the client.
In yet another aspect, one or more embodiments of the present specification provide an electronic certificate management apparatus based on a blockchain, which is applied to a client, where the client accesses a blockchain system; the apparatus includes a processor and a memory electrically connected to the processor, the memory storing a computer program, the processor for invoking and executing the computer program from the memory to implement: receiving an obtaining request aiming at an electronic certificate sent by a certificate obtaining party, wherein the obtaining request carries obtaining party identity information of the certificate obtaining party, and the electronic certificate is generated through an electronic certificate template which corresponds to a certificate issuing organization and is approved by the operation platform. And displaying the electronic certificate corresponding to the certificate identification information to the certificate claiming party according to the claiming request. Uploading the pickup event information of the electronic certificate to the blockchain system, so that the pickup event information and the electronic certificate are stored in the blockchain system in an associated manner.
In another aspect, the present specification provides a storage medium for storing a computer program, where the computer program is executable by a processor to implement the following processes: the method comprises the steps of obtaining an electronic certificate template corresponding to a certificate authority and identity information of a certificate acquirer, wherein the electronic certificate template is a template passing verification of an operation platform. And generating an electronic certificate corresponding to the certificate claiming party according to the electronic certificate template and the identity information of the claiming party. And uploading the electronic certificate and the identity information of the acquirer to the blockchain system in a correlated manner, and sending the electronic certificate to a client corresponding to the certificate acquirer so that the certificate acquirer can acquire the electronic certificate through the client.
In another aspect, the present specification provides a storage medium for storing a computer program, where the computer program is executable by a processor to implement the following processes: receiving an obtaining request aiming at an electronic certificate sent by a certificate obtaining party, wherein the obtaining request carries obtaining party identity information of the certificate obtaining party, and the electronic certificate is generated through an electronic certificate template which corresponds to a certificate issuing organization and is approved by the operation platform. And displaying the electronic certificate corresponding to the certificate identification information to the certificate obtaining party according to the obtaining request. Uploading the pickup event information of the electronic certificate to the blockchain system, so that the pickup event information and the electronic certificate are stored in the blockchain system in an associated manner.
Drawings
In order to more clearly illustrate one or more embodiments or technical solutions in the prior art in the present specification, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in one or more embodiments of the present specification, and other drawings can be obtained by those skilled in the art without inventive efforts.
Fig. 1 is a schematic scene diagram of a block chain-based electronic certificate management system according to an embodiment of the present specification;
fig. 2 is a schematic architecture diagram of a block chain-based electronic certificate management system according to an embodiment of the present specification;
fig. 3 is a schematic flow chart of a block chain-based electronic certificate management method according to an embodiment of the present specification;
fig. 4 is a schematic flow chart diagram of a block chain-based electronic certificate management method according to another embodiment of the present specification;
FIG. 5 is a schematic swim lane diagram of a block chain based electronic certificate management method in accordance with an embodiment of the present description;
FIG. 6 is a schematic swim lane diagram of a block chain based electronic certificate management method in accordance with another embodiment of the present description;
fig. 7 is a schematic block diagram of an electronic certificate management apparatus based on a block chain according to an embodiment of the present specification;
fig. 8 is a schematic block diagram of a block chain-based electronic certificate management apparatus according to another embodiment of the present specification;
fig. 9 is a schematic block diagram of a block chain-based electronic certificate management apparatus according to an embodiment of the present specification.
Detailed Description
One or more embodiments of the present disclosure provide a block chain-based electronic certificate management method, apparatus, and system, so as to solve the problem of a poor electronic certificate management mechanism in the prior art.
In order to make those skilled in the art better understand the technical solutions in one or more embodiments of the present disclosure, the technical solutions in one or more embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in one or more embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all embodiments. All other embodiments that can be derived by a person skilled in the art from one or more of the embodiments of the present disclosure without making any creative effort shall fall within the protection scope of one or more of the embodiments of the present disclosure.
One or more embodiments of the present disclosure provide a block chain-based electronic certificate management method, which is applied to an electronic certificate management system shown in fig. 1, where the electronic certificate management system includes a block chain system, a certificate issuing platform, and an operation platform. The certificate issuing platform and the operation platform are both connected to the blockchain system, the blockchain system comprises a plurality of blockchain nodes, and the certificate issuing platform and the operation platform can be connected to different blockchain nodes respectively. The certificate issuing platform can provide each certificate issuing organization with the certificate element information for generating the electronic certificate template, and when the certificate issuing organization wants to generate the electronic certificate template by using the certificate issuing platform, all or part of the certificate element information provided by the certificate issuing platform and the certificate signature information corresponding to the certificate issuing organization can be selected, so that the electronic certificate template can be generated. Optionally, after the electronic certificate template is generated, the operation platform may audit the electronic certificate template, and after the audit is passed, the certificate issuing authority may issue the electronic certificate to the user using the electronic certificate template, and store the electronic certificate to be issued in the blockchain system. In the process of issuing the electronic certificate, the whole period process from the issuing of the certificate to the receiving of the certificate can be stored in the blockchain system, the process of generating the electronic certificate on the certificate issuing platform, the identity authentication process of a certificate receiving party, the record of receiving the electronic certificate by the certificate receiving party and the like can be traced back through the blockchain system, so that a data whole-process record is formed, and the safety and the reliability of data in the process of issuing the electronic certificate are guaranteed.
Fig. 2 is a schematic structural design diagram of an electronic certificate management system according to an embodiment of the present specification. As shown in fig. 2, the architecture of the electronic certificate management system includes an access layer, an application layer, a core layer, a storage layer, and external dependencies. Wherein:
the access layer provides an access entrance for the user, and can be used for acquiring the identity information of the user, performing identity authentication based on the identity information and the like. One possible way is: and providing an access entrance for the user through the front-end client. The access layer comprises a login module (such as single sign-on (SSO)), an authentication module and a console (or a certificate issuing front end) of a certificate issuing platform. The login module may be used for login operation of a person (e.g., the second operator) with a related authority of the operation platform, for example, the second operator may login the operation platform by providing login information for the operation platform through the SSO interface. The identity authentication module can be used for acquiring identity information of a user (such as a C-end user) and performing identity authentication based on the identity information. The console (or certificate authority front end) of the certificate authority platform may be used by the certificate authority (or authority manager) to register the certificate authority platform by providing registration information, or to log onto the certificate authority platform by providing login information.
The application layer is used for interfacing business scenario applications, and different business scenario customization requirements are realized by using the capability of the core layer. The application layer relates to application functions of an operation platform and a certificate issuing platform, wherein the operation platform realizes the auditing of the electronic certificate template through the application layer, and the certificate issuing platform can realize the management of the electronic certificate template, the management of an electronic certificate, the information management of an signing party (such as a certificate issuing organization and a third party signing party) and the management of certificate element information and the like through the application layer.
The core layer is used for realizing core services of the operation platform, and comprises issuing of an electronic certificate, checking of the electronic certificate, revocation of the electronic certificate and the like, and further comprises management of usage records, authorization records and management records of the electronic certificate.
The storage tier provides the underlying storage Service of the certificate issuing platform and may be implemented using one or more storage services of OSS (object storage), RDS (Relational Database Service), Redis (a key-value Database), and the like. The storage layer may be used to store the claimant identity information of the certificate claimant.
The external dependency mainly includes dependency on DIS (Distributed Input System) service, and the DIS service has Distributed identity and VC (Verifiable Claims) issuing capability. Through DIS service, distributed execution of each action involved in the electronic certificate management flow can be realized, and issuing of VC is realized.
Based on the above architectural design of the electronic certificate management system, the electronic certificate referred to in one or more embodiments of the present specification may be a common certificate, or may be a VC.
Based on the architectural design of the electronic certificate management system shown in fig. 1 and the electronic certificate management system shown in fig. 2, the execution mode of the block chain-based electronic certificate management method is described in detail below.
Fig. 3 is a schematic flowchart of an electronic certificate management method based on a blockchain according to an embodiment of the present disclosure, and as shown in fig. 3, the method is applied to a certificate issuing platform accessing a blockchain system, and includes the following steps S302-S306:
s302, an electronic certificate template corresponding to the certificate issuing organization and the identity information of the receiver of the certificate receiver are obtained, wherein the electronic certificate template is a template passing the verification of the operation platform.
The identity information of the retriever can be prestored in the certificate issuing mechanism or on the certificate issuing platform and is stored in association with the mechanism identity information of the certificate issuing mechanism. The identity information of the claiming party can comprise information which can uniquely identify the certificate claiming party, such as an identity card number, a name, a telephone number, a client account number and the like. The client account is an account used by the certificate retriever to log in the operation platform. The certificate issuing platform can store one or more electronic certificate templates corresponding to one or more certificate issuing organizations, one and the same certificate issuing organization can correspond to one or more electronic certificate templates, and each electronic certificate template is checked by the operation platform.
And S304, generating the electronic certificate corresponding to the certificate retriever according to the electronic certificate template and the identity information of the retriever.
Optionally, the identity information of the claiming party is written into the electronic certificate template, so that the electronic certificate corresponding to the certificate claiming party can be generated. When the identity information of the acquirer is written, the writing success or the writing failure may exist, if the writing is successful, the electronic certificate corresponding to the certificate acquirer is successfully generated, and if the writing is failed, the error information corresponding to the writing failure may be output, where the error information may include at least one of an error reason, an error location, and the like.
Alternatively, there are cases where some electronic certificates do not require writing of the identity information of the acquirer. For the situation, the electronic certificate template and the identity information of the claiming party can be associated, and the electronic certificate corresponding to the certificate claiming party can be generated.
S306, the electronic certificate and the identity information of the claiming party are uploaded to the blockchain system in a correlated mode, and the electronic certificate is sent to the client corresponding to the certificate claiming party, so that the certificate claiming party can claim the electronic certificate through the client.
The electronic certificate and the identity information of the claiming party are uploaded to the blockchain system in an associated manner, and are actually uploaded to blockchain nodes connected with the operation platform. Optionally, if the block chain link point connected to the operation platform is marked as the first block chain node, when the electronic certificate and the identity information of the acquirer are uploaded to the block chain system in a correlated manner, the electronic certificate and the identity information of the acquirer can be sent to the operation platform and then uploaded to the first block chain node connected to the operation platform by the operation platform. Or the certificate issuing platform can also directly upload the electronic certificate and the identity information of the claiming party to the first block chain node.
In one embodiment, a certificate authority requires authority authentication on a certificate authority platform prior to using interaction between the certificate authority platform and an operating platform to effect issuance of an electronic certificate. Specifically, the certificate authority registers account information for logging in the certificate authority platform, and conducts authority validity verification. The certificate issuing platform acquires organization identity information corresponding to the certificate issuing organization, legality verification is conducted on the certificate issuing organization according to the organization identity information, and if the legality verification is passed, the certificate issuing organization can use interaction between the certificate issuing platform and the operation platform to achieve issuing of the electronic certificate. That is, the certificate authority may effect the issuance of electronic certificates through the method steps of S302-S306 described above. The organization identity information may include one or more of a business license number, a Logo (trademark) pattern, an organization name, corporate information, and the like of the organization, among others.
By adopting the technical scheme provided by the embodiment of the application, the certificate authority platform accessed to the blockchain system obtains the electronic certificate template corresponding to the certificate authority and the identity information of the receiving party of the certificate receiving party, generates the electronic certificate corresponding to the certificate receiving party according to the electronic certificate template and the identity information of the receiving party, and then uploads the electronic certificate and the identity information of the receiving party to the blockchain system in a correlated manner, and sends the electronic certificate to the client corresponding to the identity information of the receiving party, so that the certificate receiving party can receive the electronic certificate through the client conveniently. Since the block chaining system has non-tamper property, traceability and security, the electronic certificate can be ensured to be secure by chaining the electronic certificate, and the electronic certificate can be prevented from being tampered, forged and the like. In addition, the electronic certificate template passes verification through the operation platform, for example, the authenticity, the compliance and the like of the electronic certificate template are verified, so that the authenticity and the utility of the issued electronic certificate can be ensured, and a cooperative trust type certificate issuing system through interaction between the certificate issuing organization and the operation platform is realized. Moreover, the certificate issuing organization does not need to develop a website or software with the electronic certificate issuing function, so that the cost for issuing the electronic certificate is reduced.
In one embodiment, the electronic certificate template may be generated by the certificate issuing platform prior to the certificate issuing authority issuing the electronic certificate for the user using the electronic certificate template. The electronic certificate template comprises certificate signature information corresponding to the certificate authority, and the certificate signature information can comprise at least one of first signature information of the certificate authority, second signature information of a third party signing party, certificate validity period and the like. Among them, the first signature information may include one or more of a business license number of a certificate authority, a Logo (trademark) pattern, an organization name, legal information, manager information, and the like. The second signature information may include one or more of a business license number, Logo (trademark) pattern, organization name, legal information, manager information, signature name, and the like of the third party signature. The certificate validity period is a time period of the utility of the electronic certificate.
The method comprises the steps that a plurality of pieces of certificate element information used for generating an electronic certificate template are preset on a certificate issuing platform, and when a certificate issuing organization needs to generate the electronic certificate template through the certificate issuing platform, the certificate element information used for generating the electronic certificate template can be determined firstly, namely, one or more pieces of certificate element information are selected from a plurality of pieces of certificate element information prestored in the certificate issuing platform. Then, certificate signature information corresponding to the certificate authority is acquired. And generating an electronic certificate template corresponding to the certificate authority according to the certificate element information and the certificate signature information.
Wherein the certificate factor information may include one or more of: the certificate format, each element contained in the certificate (such as the certificate name, the certificate content, the certificate payment, the certificate background, the certificate border, etc.), the position information of each element on the certificate, the font size, etc.
Optionally, the certificate element information includes a certificate format. When the electronic certificate template corresponding to the certificate authority is generated according to the certificate element information and the certificate signature information, a basic template conforming to the certificate format can be generated according to the certificate element information, and then the certificate signature information is written into the specified position (such as the position of money falling at the lower right corner) of the basic template, so that the electronic certificate template corresponding to the certificate authority is generated.
In this embodiment, before the certificate authority issues the electronic certificate to the user using the electronic certificate template, the certificate authority generates the electronic certificate template through the certificate authority platform, so that when the electronic certificate is subsequently issued to the user, the electronic certificate can be generated using the electronic certificate template generated in advance, and the generation and issuance efficiency of the electronic certificate is improved. And the certificate issuing organization can select all or part of the certificate element information provided by the certificate issuing platform according to the requirement, so that the electronic certificate template is personalized, and the electronic certificate issued to the user is personalized.
In one embodiment, when the certificate authority generates the electronic certificate template by using the certificate authority platform, the self-defined information for generating the electronic certificate template can be submitted through a front-end interface of the certificate authority platform, so that the certificate authority obtains the self-defined information submitted by the certificate authority. And then, generating an electronic certificate template corresponding to the certificate authority according to the certificate signature information, the certificate element information and/or the custom information.
The self-defined information may include information obtained by self-defining any one or more certificate element information, such as a certificate format, each element (such as a certificate name, certificate content, certificate payment, a certificate background, a certificate border, and the like) included in the certificate, position information, font, and a font number of each element on the certificate, and may also include information obtained by self-defining other information than the certificate element information provided by the certificate issuing platform.
For example, when generating an electronic certificate template using a certificate issuing platform, a certificate issuing authority first selects certificate element information for generating the electronic certificate template from among the certificate element information provided by the certificate issuing platform. And then customizing the selected certificate element information, such as editing the certificate content, changing the font of the certificate content and the like, so as to obtain the customized information for generating the electronic certificate template, and further generating the electronic certificate template corresponding to the certificate issuing authority according to the customized information and the certificate signature information of the certificate issuing authority.
For another example, when the certificate authority generates an electronic certificate template using the certificate authority platform, first, certificate element information for generating the electronic certificate template is selected from the certificate element information provided by the certificate authority platform. And simultaneously, selecting other element information which is not available on the certificate issuing platform, wherein the other element information is self-defined information, and submitting the self-defined information through a front-end interface of the certificate issuing platform, so that the certificate issuing platform generates an electronic certificate template corresponding to the certificate issuing organization according to the certificate signature information, the certificate element information and the self-defined information.
In this embodiment, the certificate authority can use the certificate element information provided by the certificate authority platform, and can also perform customization on the certificate element information, and/or provide other customized information not provided by the certificate authority platform through the front-end interface, so that the certificate authority can generate an electronic certificate template meeting the personalized requirements of the certificate authority through the certificate authority platform, and personalization of the electronic certificate template is improved.
In one embodiment, after the electronic certificate template corresponding to the certificate authority is generated, the electronic certificate template may be sent to the operation platform, so that the operation platform performs auditing on the electronic certificate template; and further acquiring an auditing result of the operation platform on the electronic certificate template, and if the auditing result is passed, determining that the certificate issuing organization can issue the electronic certificate by using the electronic certificate template.
The operation platform checks the electronic certificate template, and the checking result includes whether the electronic certificate template is approved or not, whether the electronic certificate template conforms to a predefined certificate format, whether illegal contents are contained in the certificate contents, and the like. After the operation platform audits the electronic certificate template, the audit result can be sent to the certificate issuing platform. The certificate authority can inquire the auditing result of the corresponding electronic certificate template through the certificate authority platform, and can issue the electronic certificate by using the electronic certificate template under the condition that the auditing result is passed.
Optionally, if the result of the audit of the electronic certificate template by the operation platform is that the electronic certificate template is not approved, a reason for the approval failure may be sent to the certificate issuing platform, for example: the certificate contents contain violations, the certificate signature is incorrectly located, and so on, so that the certificate authority can re-edit the electronic certificate template for reasons of an audit failure.
In this embodiment, the certificate issuing platform sends the electronic certificate template to the operation platform for auditing, so that the electronic certificate template can meet the requirement of the operation platform on the electronic certificate, thereby ensuring the correctness and compliance of the electronic certificate issued to the user.
In one embodiment, if the certificate signature information used to generate the electronic certificate template includes second signature information of the third-party signer, the second signature information of the third-party signer may be generated in advance. Optionally, the signing party identity information of the third party signing party is obtained first, and then the identity authentication operation is performed on the third party signing party according to the signing party identity information. And if the identity authentication of the third party signing party passes, generating second signature information corresponding to the third party signing party.
The signing party identity information may include one or more of a business license number, a Logo (trademark) pattern, an organization name, legal information, administrator information, signing party name, and the like of the third party signing party. And performing identity authentication operation on the third-party signing party based on the signing party identity information, so that whether the third-party signing party is a legal organization/individual and whether the third-party signing party is an organization/individual agreed with the certificate issuing authority can be authenticated, and the legality and the compliance of the electronic certificate template generated by using the second signature information corresponding to the third-party signing party are ensured.
In addition, the second signature information corresponding to the third-party signing party can be prestored in a storage system of the certificate issuing organization, and can also be stored in the certificate issuing platform in association with the organization information of the certificate issuing organization, so that when the electronic certificate template is generated, the second signature information can be directly acquired from the certificate issuing organization or the certificate issuing platform for signing, and the efficiency and the convenience of electronic certificate issuing are improved.
In one embodiment, when the certificate issuing platform generates the electronic certificate template, firstly, an electronic certificate preview template corresponding to the certificate issuing organization is generated according to the certificate element information and the certificate signature information; and then, according to the preview content in the electronic certificate preview template, auditing the electronic certificate preview template. And if the verification is passed, further generating an electronic certificate template based on the electronic certificate preview template.
The examination of the electronic certificate preview template by the certificate issuing platform can include examining whether the electronic certificate preview template conforms to a predefined certificate format, whether the content of the certificate contains illegal content, and the like. If the audit is passed, the electronic certificate template is generated based on the electronic certificate preview template. If the result of the examination of the electronic certificate preview template by the certificate issuing platform is not passed, the reason of the examination failing can be shown to the certificate issuing organization, for example: the certificate contents contain violation content, the certificate signature is incorrectly located, and so on, so that the certificate authority can re-edit the electronic certificate preview template for reasons of an audit failure.
In this embodiment, the certificate issuing platform verifies the electronic certificate preview template, so that the generated electronic certificate template can meet the requirement of the certificate issuing platform on the electronic certificate, thereby ensuring the correctness and compliance of the electronic certificate issued to the user.
In one embodiment, after generating the electronic certificate template corresponding to the certificate authority, the certificate authority may also manage the electronic certificate template. And when the certificate issuing platform receives the management operation aiming at the electronic certificate template, the identity of the user executing the management operation is verified, and if the identity of the user passes the verification, the electronic certificate template is correspondingly managed. The management operation may include modification, deletion, and the like.
For example, when a user with management authority of a certificate authority logs in a certificate authority platform and modifies an electronic certificate template on the certificate authority platform, the certificate authority platform firstly authenticates the user to verify whether the user has the management authority of the electronic certificate template, and if so, the authentication is passed. The certificate issuing platform stores organization information of a certificate issuing organization, a corresponding electronic certificate template, user information authorized to manage the electronic certificate template and the like in advance, and based on the pre-stored information, whether a user has management authority for the electronic certificate template can be verified.
In this embodiment, after the electronic certificate template is generated, the certificate authority can manage the electronic certificate template according to the requirements, so that the management of the electronic certificate template is more flexible, and the requirement of the certificate authority for the continuous change of the electronic certificate can be met.
In one embodiment, after generating the electronic certificate, the certificate authority may revoke the electronic certificate. When the certificate issuing platform receives a revocation request aiming at the electronic certificate, revocation operation is carried out on the electronic certificate, and revocation event information corresponding to the electronic certificate is sent to the operation platform and/or the blockchain system, wherein the revocation event information comprises certificate identification information corresponding to the electronic certificate.
In this embodiment, after the certificate issuing platform revokes the electronic certificate, the revocation event information may be sent to the client to notify the client that the electronic certificate corresponding to the certificate identification information included in the revocation event information is revoked. After receiving the revocation event information, the client can update the certificate state of the corresponding electronic certificate to be revoked, or delete the revoked electronic certificate from the client.
In this embodiment, the certificate issuing platform sends the revocation event information to the operation platform and/or the blockchain system, so that the operation platform and/or the blockchain system can synchronously revoke the pre-stored electronic certificate based on the revocation event information, or change the certificate state of the electronic certificate to be revoked, thereby ensuring that the utility and the certificate state of the electronic certificate stored on the operation platform and/or the blockchain system are accurate.
Fig. 4 is a schematic flow chart of a block chain-based electronic certificate management method according to another embodiment of the present specification, which is applied to a client accessing a block chain system, as shown in fig. 4, and includes the following steps S402-S406:
s402, receiving a request for getting the electronic certificate sent by a certificate getting party, wherein the request for getting the electronic certificate carries certificate identification information of the electronic certificate, and the electronic certificate is generated through an electronic certificate template which corresponds to a certificate issuing organization and is approved by an operation platform.
And S404, displaying the electronic certificate corresponding to the certificate identification information to a certificate claiming party according to the claiming request. Alternatively, the electronic certificate sent by the certificate issuing platform to the client may only display part of the information of the electronic certificate, such as the certificate name of the electronic certificate, the certificate content digest, and the like, before being picked up by the certificate picking-up party. And after receiving a picking request of the certificate picking party, displaying the complete content of the electronic certificate to the certificate picking party.
S406, uploading the getting event information of the electronic certificate to the blockchain system, so that the getting event information and the electronic certificate are stored in the blockchain system in an associated manner.
Wherein the pickup event information may include at least one of a pickup action, a pickup time, and certificate identification information of the picked-up electronic certificate.
In this embodiment, the client may be an application program or an applet embedded in the application program. Alternatively, the client may present, for the certificate acquirer, certificate-related information of the electronic certificate, such as an uncaptured electronic certificate, an acquired electronic certificate, a validity period of the electronic certificate, a certificate status of each electronic certificate (e.g., acquired, uncaptured, revoked, etc.) of the certificate acquirer, and the like, so that the certificate acquirer can obtain the certificate-related information of the corresponding electronic certificate through the client.
In one embodiment, the electronic certificate and the certificate identification information, the organization identity information of the certificate authority and the identity information of the acquirer are stored in the blockchain system in an associated manner, based on which, when the client displays the electronic certificate for the certificate acquirer, the client can simultaneously display the storage information of the electronic certificate in the blockchain system, and the storage information can include one or more items of blockchain information, verification information (such as a hash value) and the like corresponding to the electronic certificate.
By adopting the technical scheme provided by the embodiment of the application, when a client side accessing the block chain system receives an acquisition request aiming at an electronic certificate sent by a certificate acquirer, the electronic certificate is displayed to the certificate acquirer, and acquisition event information of the electronic certificate is uploaded to the block chain system, so that the acquisition event information and the electronic certificate are stored in the block chain system in an associated manner. Since the blockchain system has non-tamper property, traceability and security, the technical scheme stores the receiving event information of the electronic certificate in the blockchain system, and can ensure the security and the accuracy of the receiving event information of the electronic certificate. In addition, the electronic certificate template passes verification through the operation platform, for example, the authenticity, the compliance and the like of the electronic certificate template are verified, so that the authenticity and the utility of the issued electronic certificate can be ensured, and a cooperative trust type certificate issuing system through interaction between the certificate issuing organization and the operation platform is realized. Moreover, the certificate issuing organization does not need to develop a website or software with the electronic certificate issuing function, so that the cost for issuing the electronic certificate is reduced.
In one embodiment, the pickup request is generated by acquiring pickup information corresponding to the electronic certificate. Before receiving a request for getting an electronic certificate sent by a certificate acquirer, a client first receives the electronic certificate sent by a certificate issuing platform, further generates getting information for the electronic certificate, and provides the getting information to the certificate acquirer, so that the certificate acquirer gets the electronic certificate based on the getting information.
In this embodiment, the pickup information may be in the form of a link or a graphic code (such as a two-dimensional code), and the pickup information is associated with a pickup page corresponding to the electronic certificate. The certificate claiming party can enter the claiming page associated with the claiming information by obtaining the claiming information. For example, if the pickup information is a link, the certificate pickup party clicks the link, that is, it is determined that the certificate pickup party has acquired the pickup information, and thus the certificate pickup party enters the pickup page. And if the pickup information is the two-dimensional code, the certificate pickup party scans the two-dimensional code, namely the certificate pickup party is determined to acquire the pickup information, and then the certificate pickup party enters a pickup page.
In this embodiment, the client displays the pickup information when capturing a preset trigger operation of the certificate pickup party on the front-end interface. Therefore, for the certificate retriever, the corresponding electronic certificate can be retrieved only by executing one operation, namely, acquiring the retrieval information provided by the client, so that a plurality of complicated operation actions are omitted for the certificate retriever, and great convenience is provided.
In one embodiment, the client generates the pick-up request in the following two ways:
in the first mode, the certificate acquirer logs in the client first, then acquires the acquisition information corresponding to the electronic certificate, and enters an acquisition page. In this case, since the certificate retriever has previously logged in the client, after acquiring the retrieval information, the generated retrieval request will automatically carry the identity information of the certificate retriever, such as the client account and other personal information (identity number, name, etc.) associated with the client account.
And secondly, the certificate retriever firstly acquires the retrieval information corresponding to the electronic certificate, the client responds to the acquisition operation of the certificate retriever on the retrieval information, and jumps to a retrieval page associated with the retrieval information, and an input inlet of the identity information of the retriever is preset on the retrieval page, so that the certificate retriever provides the identity information of the retriever through the input inlet. And after acquiring the identity information of the claiming party input by the certificate claiming party through the input entrance, generating a claiming request based on the identity information of the claiming party.
And based on the pickup request generated in any mode, the client displays the electronic certificate on a pickup page of the electronic certificate. In this embodiment, when the certificate acquirer acquires the electronic certificate through the client, there are multiple ways to enter the acquisition page, and for the certificate acquirer, the acquisition of the electronic certificate is more flexible and convenient.
In one embodiment, after receiving the electronic certificate sent by the certificate issuing platform, the client may generate a certificate status corresponding to the electronic certificate, and upload the certificate status to the blockchain system. Wherein the certificate status is used for characterizing at least one of whether the electronic certificate is successfully issued, whether the electronic certificate is picked up and whether the electronic certificate is revoked currently.
For example, after receiving the electronic certificate sent by the certificate issuing platform, the certificate status may be updated to a first status, which is used to characterize that the electronic certificate has been issued.
After the electronic certificate is sent to the certificate retriever, the certificate status is updated to a second status, which is used for representing that the electronic certificate has been retrieved.
When revocation event information aiming at the electronic certificate sent by the certificate issuing platform is received, the certificate state is updated to a third state, the third state is used for representing that the electronic certificate is revoked, and the revocation event information comprises certificate identification information corresponding to the electronic certificate.
In one embodiment, after the certificate retriever retrieves the electronic certificate, the electronic certificate can be shared with others. Optionally, the client provides a sharing channel for the certificate retriever, for example, if a sharing key is displayed on a front-end interface of the client, the certificate retriever triggers the sharing key to trigger the client to display a selection interface of the user to be shared, and after the certificate retriever selects the certificate verifier as the user to be shared, the client sends the electronic certificate to the certificate verifier.
Optionally, the client may generate a certificate graphic code (e.g., a two-dimensional code) corresponding to the electronic certificate when receiving a certificate sharing request, sent by the certificate retriever, for sharing the electronic certificate to the certificate verifier. And then sending the certificate graphic code to the certificate checking party according to the identity information of the checking party of the certificate checking party.
The certificate sharing request carries identity information of an inspector of the certificate, and the identity information of the inspector can include information such as a client account of the certificate inspector, an identity card number associated with the client account, and a telephone number. The certificate graphic code corresponding to the electronic certificate is associated with the electronic certificate, and after the certificate checking party identifies the certificate graphic code (such as scanning a two-dimensional code), the corresponding electronic certificate can be acquired.
After the certificate checking party obtains the electronic certificate, the electronic certificate can be checked. The certificate checking party can initiate a checking request for the electronic certificate through the client, and the checking request carries the certificate identification information of the electronic certificate. Alternatively, since the client stores the certificate-related information of the electronic certificate, such as the electronic certificate that is not received, the received electronic certificate, the validity period of the electronic certificate, the certificate status of each electronic certificate that the certificate receiver has (such as received, not received, revoked, and the like), and the like, the client may perform the verification of the electronic certificate based on the verification request and transmit the verification result to the client. Optionally, the operation platform stores the certificate related information of the electronic certificate, so that the client may send the check request to the operation platform, so that the operation platform checks the electronic certificate. Optionally, the blockchain system stores the certificate related information of the electronic certificate, so that the client may forward the ping request to the blockchain system, where the blockchain system is configured to ping the electronic certificate and send a ping result to the client. And the client acquires the checking result sent by the operation platform and/or the block chain system and displays the checking result and/or the electronic certificate to the certificate checking party.
The verification result may include a result of verifying the certificate validity period, the validity, the compliance, the utility, and the like of the electronic certificate.
In addition, after the certificate retriever retrieves the electronic certificate, the retrieved electronic certificate can be checked through the client. The client provides an inspection channel for the certificate retriever, and if an inspection key is displayed on a front-end interface of the client, the certificate retriever clicks the inspection key, so that the client can be triggered to inspect the electronic certificate and return an inspection result.
In this embodiment, after the certificate acquirer acquires the electronic certificate, the electronic certificate can be shared by one key (for example, a sharing key provided by triggering the client interface) to the certificate inspector at any time, or the electronic certificate can be inspected by one key (for example, an inspection key provided by triggering the client interface), and when the certificate inspector needs to inspect the electronic certificate, the client only needs to initiate an inspection request, and the inspection result of the client, the operation platform, and/or the block chain system on the electronic certificate can be obtained, so that great convenience is provided for certificate sharing and certificate inspection.
In one embodiment, the certificate verifying party verifies the electronic certificate shared by the certificate obtaining party, and after the client obtains the verification result corresponding to the electronic certificate, a use record corresponding to the electronic certificate may be generated and uploaded to the blockchain system. Wherein the usage record comprises at least one of a generation record of the certificate graphic code, a checking record of the electronic certificate and a checking result.
In this embodiment, after the electronic certificate is checked, the usage record corresponding to the electronic certificate is uploaded to the blockchain system, so that the usage record of the electronic certificate can be traced and queried through the blockchain system, thereby ensuring data reliability and security of the usage record of the electronic certificate.
In one embodiment, the certificate retriever may encrypt the electronic certificate before sharing the electronic certificate, including encrypting all or part of the certificate content of the electronic certificate. Optionally, the certificate acquirer initiates an encryption request for the electronic certificate through the client, where the encryption request carries the certificate identification information of the electronic certificate, the specified certificate content to be encrypted, and the like. And when the client receives an encryption request aiming at the electronic certificate sent by the certificate retriever, encrypting the specified certificate content in the electronic certificate to obtain the encrypted electronic certificate.
Therefore, the certificate retriever can share the encrypted electronic certificate to the certificate checking party, and thus, the certificate checking party cannot see the encrypted specified certificate content when checking the electronic certificate through the client. For example, the encrypted specified certificate content is presented in a non-sensitive form such as a symbol, a number and the like, so that the security of the sensitive certificate content, the important certificate content and the like on the electronic certificate is ensured.
Fig. 5 is a schematic swim lane diagram of a block chain-based electronic certificate management method according to an embodiment of the present disclosure, which mainly illustrates how a certificate authority generates an electronic certificate through a certificate authority platform and an operation platform, where an authority manager of the certificate authority has authority to generate the electronic certificate through the certificate authority platform and the operation platform, and the certificate authority platform provides a certificate authority front end for each certificate authority, so that the authority manager can log in the certificate authority platform through the certificate authority front end. As shown in fig. 5, the block chain-based electronic certificate management method is applied to the electronic certificate management system shown in fig. 1, and includes the following steps S5.1-S5.11:
and S5.1, registering account information for logging in the certificate issuing platform by the authority manager through the certificate issuing front end, and logging in the certificate issuing platform after the registration is successful.
The account information may include a login account and a password. After the registration is successful, the certificate issuing platform can be logged in and the subsequent steps are executed. Optionally, in the registration process, the certificate authority platform may perform authority authentication on the certificate authority according to the authority identity information provided by the authority manager, for example, perform validity verification on the authority, and if the validity verification passes, determine that the authority manager is successfully registered. The organization identity information may include one or more of a license number of the organization, a Logo (trademark) pattern, an organization name, corporate information, and the like.
And S5.2, the organization manager determines the certificate element information from the certificate issuing platform through the certificate issuing front end.
Wherein the certificate factor information may include one or more of: the certificate format, each element contained in the certificate (such as the certificate name, the certificate content, the certificate payment, the certificate background, the certificate border, etc.), the position information of each element on the certificate, the font size, etc.
In this step, the organization manager can edit the certificate element information after specifying the certificate element information.
And S5.3, uploading certificate signature information to a certificate issuing platform by an organization manager through the certificate issuing front end.
The certificate signature information may include at least one of first signature information of a certificate authority, second signature information of a third party signing party, a certificate validity period, and the like. Among them, the first signature information may include one or more of a business license number of a certificate authority, a Logo (trademark) pattern, an organization name, legal information, manager information, and the like. The second signature information may include one or more of a business license number, Logo (trademark) pattern, organization name, legal information, manager information, signature name, and the like of the third party signature. The certificate validity period is a time period of the utility of the electronic certificate.
And S5.4, generating an electronic certificate template corresponding to the certificate authority by the certificate authority according to the certificate element information and the certificate signature information by the certificate authority platform.
And S5.5, the certificate issuing platform sends an auditing request aiming at the electronic certificate template to the operation platform.
And S5.6, the operation platform checks the electronic certificate template to obtain a checking result.
The operation platform checks the electronic certificate template, and the checking result includes whether the electronic certificate template is approved or not, whether the electronic certificate template conforms to a predefined certificate format, whether illegal contents are contained in the certificate contents, and the like.
And S5.7, the operation platform sends the auditing result to the certificate issuing platform.
And after the certificate issuing platform obtains the auditing result corresponding to the electronic certificate template, the certificate issuing organization can issue the electronic certificate by using the electronic certificate template.
And S5.8, the certificate issuing platform stores the electronic certificate template and the identity information of the certificate issuing organization in an associated mode.
Alternatively, the authority manager may edit the corresponding electronic certificate template stored on the certificate issuing platform, such as editing the certificate element information and/or the certificate signature information on the electronic certificate template. The authority manager may also delete the corresponding electronic certificate template.
And S5.9, an organization manager determines the electronic certificate template from the certificate issuing platform through the certificate issuing front end.
If an electronic certificate template corresponding to the certificate authority is stored on the certificate authority platform, the authority manager can directly determine the electronic certificate template for generating the electronic certificate to be issued. If a plurality of electronic certificate templates corresponding to the certificate authority are stored on the certificate authority platform, the authority manager can select one electronic certificate template from the plurality of electronic certificate templates to generate an electronic certificate to be issued.
And S5.10, the organization manager uploads the identity information of the claiming party of the certificate claiming party to the certificate issuing platform through the certificate issuing front end.
The authority manager can upload the identity information of the receiving party of one or more certificate receiving parties at one time, and the identity information of the receiving party can comprise information which can uniquely identify the certificate receiving party, such as an identity card number, a name, a telephone number, a client account number and the like. The client account is an account used by the certificate retriever to log in the operation platform.
The identity information of the acquirer can be stored in a storage system of the certificate authority in advance, and can also be filled in real time by an authority manager before uploading.
And S5.11, the certificate issuing platform generates the electronic certificate of the certificate claiming party according to the electronic certificate template and the identity information of the claiming party.
And after the certificate issuing platform generates the electronic certificate, the electronic certificate is sent to the client of the certificate acquirer corresponding to the identity information of the acquirer. Optionally, the electronic certificate and the identity information of the acquirer can be uploaded to the operation platform and/or the blockchain system in an associated manner, so that the operation platform and/or the blockchain system can manage the electronic certificate and the associated identity information of the acquirer.
In this embodiment, the certificate issuing platform obtains the electronic certificate template corresponding to the certificate issuing authority and the identity information of the acquirer for the certificate, generates the electronic certificate corresponding to the certificate acquirer according to the electronic certificate template and the identity information of the acquirer, further associates and uploads the electronic certificate and the identity information of the acquirer to the operation platform, and sends the electronic certificate to the client corresponding to the identity information of the acquirer, so that the certificate acquirer can acquire the electronic certificate through the client conveniently. Because the certificate issuing platform and the operation platform are both connected to the blockchain system, and the blockchain system has non-tamper-proof property, traceability and security, the security of the electronic certificate can be ensured, and the electronic certificate is prevented from being tampered, forged and the like. In addition, the electronic certificate template passes verification through the operation platform, for example, the authenticity, the compliance and the like of the electronic certificate template are verified, so that the authenticity and the utility of the issued electronic certificate can be ensured, and a cooperative trust type certificate issuing system through interaction between the certificate issuing organization and the operation platform is realized. Moreover, the certificate issuing organization does not need to develop a website or software with the electronic certificate issuing function, so that the cost for issuing the electronic certificate is reduced.
In addition, in the electronic certificate issuing flow shown in fig. 5, any involved process and any data can be uploaded to the blockchain system for recording, for example, a process of generating an electronic certificate in the certificate issuing platform, an identity authentication process of a certificate acquirer, a record of acquiring the electronic certificate by the certificate acquirer, and the like can be traced back through the blockchain system, so that a data full-flow record is formed, and the safety and reliability of the data in the electronic certificate issuing flow are guaranteed.
Fig. 6 is a schematic swim lane diagram of a block chain-based electronic certificate management method according to another embodiment of the present disclosure, which mainly illustrates how a certificate acquirer acquires and shares an electronic certificate through a client. As shown in fig. 6, the method comprises the following steps S6.1-S6.9:
s6.1, the certificate retriever logs in the client.
In this embodiment, the client may display, for the certificate acquirer, certificate related information of the electronic certificate, such as an uncaptured electronic certificate, an acquired electronic certificate, a certificate status (such as acquired, uncaptured, revoked, and the like) of each electronic certificate possessed by the certificate acquirer, a validity period of the electronic certificate, and the like, so that the certificate acquirer can obtain the certificate related information of the corresponding electronic certificate through the client.
S6.2, the certificate extraction party initiates an extraction request for the electronic certificate through the client.
The receiving request carries certificate identification information of the electronic certificate and identity information of a receiving party.
And S6.3, the client displays the corresponding electronic certificate to the certificate retriever according to the certificate identification information.
The certificate retriever can check the received electronic certificate and the certificate related information of the electronic certificate through a display interface of the client.
And S6.4, the client generates the acquisition event information of the electronic certificate and uploads the acquisition event information to the blockchain system.
Wherein the pickup event information may include at least one of a pickup action, a pickup time, and certificate identification information of the picked-up electronic certificate. And after receiving the pickup event information, the blockchain system stores the pickup event information and the electronic certificate in an associated manner.
Optionally, after the client exposes the corresponding electronic certificate to the certificate acquirer, the certificate status of the local electronic certificate may be updated, for example, to "acquired".
And S6.5, the certificate retriever initiates a sharing request of the electronic certificate through the client.
For example, the certificate acquirer needs to sign a contract with a third-party organization by using an electronic certificate, in this case, the third-party organization needs to check the electronic certificate, and the certificate acquirer can share the electronic certificate with the third-party organization through the client, and the third-party organization is the certificate verifier. The sharing request carries certificate identification information of the electronic certificate to be shared and identity information of an inspector of the certificate.
And S6.6, the client generates a certificate graphic code corresponding to the electronic certificate and sends the certificate graphic code to a certificate checking party.
And S6.7, the certificate checking party initiates a checking request for the electronic certificate through the client.
Wherein the verification request carries certificate identification information of the electronic certificate.
And S6.8, the client checks the electronic certificate and sends the checking result to the certificate checking party.
And S6.9, generating a use record of the electronic certificate by the client, and uploading the use record to the blockchain system.
Wherein the usage record comprises at least one of a generation record of the certificate graphic code, a checking record of the electronic certificate and a checking result. And after receiving the use record of the electronic certificate, the blockchain system stores the use record and the electronic certificate in an associated way.
In this embodiment, the process of checking the electronic certificate may be performed by any one or more of the operation platform, the blockchain system, or the client, and when checking the electronic certificate is performed by any one of the ends, it is necessary that the end stores certificate related information of the electronic certificate in advance, such as an electronic certificate that is not received, an electronic certificate that is received, a certificate status of each electronic certificate that a certificate receiver has (such as received, not received, and revoked), a validity period of the electronic certificate, and so on, so as to check the electronic certificate based on the certificate related information.
By adopting the technical scheme provided by the embodiment, when receiving the request for getting the electronic certificate sent by the certificate getting party, the client displays the electronic certificate to the certificate getting party and uploads the getting event information of the electronic certificate to the block chain system, so that the getting event information and the electronic certificate are stored in the block chain system in an associated manner. Because the certificate issuing platform and the operation platform are both connected to the blockchain system, and the blockchain system has non-tamper-proof property, traceability and security, the event information can be collected to ensure the security of the electronic certificate, and the electronic certificate is prevented from being tampered, forged and the like. In addition, the electronic certificate template passes verification through the operation platform, for example, the authenticity, the compliance and the like of the electronic certificate template are verified, so that the authenticity and the utility of the issued electronic certificate can be ensured, and a cooperative trust type certificate issuing system through interaction between the certificate issuing organization and the operation platform is realized. Moreover, the certificate retriever can share the electronic certificate to the certificate checking party by one key (such as triggering a sharing key provided by a client interface) at any time, and when the certificate checking party needs to check the electronic certificate, the checking result of the electronic certificate by the client, the operation platform and/or the block chain system can be obtained only by initiating a checking request through the client, so that great convenience is provided for certificate sharing and certificate checking.
In summary, particular embodiments of the present subject matter have been described. Other embodiments are within the scope of the following claims. In some cases, the actions recited in the claims can be performed in a different order and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may be advantageous.
Based on the same idea, the block chain-based electronic certificate management method provided in one or more embodiments of the present specification further provides a block chain-based electronic certificate management apparatus.
Fig. 7 is a schematic block diagram of an electronic certificate management apparatus based on a block chain according to an embodiment of the present specification, where, as shown in fig. 7, the electronic certificate management apparatus based on a block chain is applied to a certificate issuing platform, and the certificate issuing platform accesses a block chain system; the device comprises:
the first obtaining module 71 obtains an electronic certificate template corresponding to the certificate authority and identity information of a certificate acquirer; the electronic certificate template is a template approved by the operation platform;
the first generation module 72 generates an electronic certificate corresponding to the certificate acquirer according to the electronic certificate template and the acquirer identity information;
the first cochain module 73 is configured to upload the electronic certificate and the identity information of the acquirer to the blockchain system in an associated manner, and send the electronic certificate to a client corresponding to the identity information of the acquirer, so that the certificate acquirer can acquire the electronic certificate through the client.
In one embodiment, the electronic certificate template includes certificate signature information corresponding to the certificate authority;
the device further comprises:
the first determining module is used for determining certificate element information used for generating the electronic certificate template before the electronic certificate template corresponding to the certificate authority is obtained;
the second acquisition module is used for acquiring the certificate signature information corresponding to the certificate authority; the certificate signature information includes at least one of first signature information of the certificate authority, second signature information of a third party signing party, and a certificate validity period;
and the second generation module is used for generating the electronic certificate template corresponding to the certificate authority according to the certificate element information and the certificate signature information.
In one embodiment, the apparatus further comprises:
the third acquisition module is used for acquiring custom information which is submitted by a certificate authority and used for generating the electronic certificate template before acquiring the electronic certificate template corresponding to the certificate authority;
the second generation module comprises:
and the first generating unit is used for generating the electronic certificate template corresponding to the certificate authority according to the certificate signature information, the certificate element information and/or the custom information.
In one embodiment, the apparatus further comprises:
the first sending module is used for sending the electronic certificate template to the operation platform after the electronic certificate template corresponding to the certificate authority is generated, so that the operation platform can check the electronic certificate template;
the fourth acquisition module is used for acquiring the auditing result of the operation platform on the electronic certificate template;
and the second determination module is used for determining that the certificate authority can use the electronic certificate template to issue the electronic certificate if the verification result is that the electronic certificate passes.
In one embodiment, the apparatus further comprises:
a fifth obtaining module, configured to obtain signing party identity information of the third party signing party before obtaining the certificate signature information corresponding to the certificate authority;
the authentication module is used for carrying out identity authentication operation on the third party signing party according to the identity information of the signing party;
and a third generation module configured to generate the second signature information corresponding to the third party signing party, if the identity authentication for the third party signing party is passed.
In one embodiment, the second generating module comprises:
a second generation unit configured to generate an electronic certificate preview template corresponding to the certificate authority, based on the certificate element information and the certificate signature information;
the auditing unit is used for auditing the electronic certificate preview template according to the preview content in the electronic certificate preview template;
and a third generating unit configured to generate the electronic certificate template based on the electronic certificate preview template if the verification is passed.
In one embodiment, the apparatus further comprises:
the first verification module is used for verifying the identity of a user who executes the management operation when the management operation aiming at the electronic certificate template is received after the electronic certificate template corresponding to the certificate authority is generated; the management operation comprises at least one of a modification operation and a deletion operation;
and the management module is used for correspondingly managing the electronic certificate template if the identity authentication of the user passes.
In one embodiment, the first generating module 72 includes:
the writing-in unit is used for writing the identity information of the claiming party into the electronic certificate template;
a fourth generation unit configured to generate the electronic certificate corresponding to the certificate acquirer if the writing is successful;
the output unit is used for outputting error information corresponding to the write-in failure if the write-in failure occurs; the error information includes at least one of error cause and error position.
In one embodiment, the apparatus further comprises:
a sixth obtaining module, configured to obtain organization identity information corresponding to a certificate authority before obtaining an electronic certificate template corresponding to the certificate authority;
the second verification module is used for verifying the legality of the certificate authority according to the authority identity information;
and the execution module is used for executing the step of acquiring the electronic certificate template corresponding to the certificate authority if the validity verification is passed.
In one embodiment, the apparatus further comprises:
the revocation module is used for performing revocation operation on the electronic certificate when a revocation request for the electronic certificate is received after the electronic certificate and the identity information of the acquirer are uploaded to the blockchain system in an associated mode;
the second sending module is used for sending the revocation event information corresponding to the electronic certificate to an operation platform and/or the block chain system; the revocation event information includes certificate identification information corresponding to the electronic certificate.
By adopting the device provided by the embodiment of the application, the certificate authority platform accessed into the blockchain system obtains the electronic certificate template corresponding to the certificate authority and the identity information of the receiving party of the certificate receiving party, generates the electronic certificate corresponding to the certificate receiving party according to the electronic certificate template and the identity information of the receiving party, and then uploads the electronic certificate and the identity information of the receiving party to the blockchain system in a correlated manner, and sends the electronic certificate to the client corresponding to the identity information of the receiving party, so that the certificate receiving party can receive the electronic certificate through the client conveniently. Since the blockchain system has non-tamper-proof property, traceability and security, the electronic certificate can be ensured to be secure by chain-storing the electronic certificate, thereby preventing the electronic certificate from being tampered and forged. In addition, the electronic certificate template passes verification through the operation platform, for example, the authenticity, the compliance and the like of the electronic certificate template are verified, so that the authenticity and the utility of the issued electronic certificate can be ensured, and a cooperative trust type certificate issuing system through interaction between the certificate issuing organization and the operation platform is realized. Moreover, the certificate issuing organization does not need to develop a website or software with the electronic certificate issuing function, so that the cost for issuing the electronic certificate is reduced.
It should be understood by those skilled in the art that the block chain based electronic certificate management apparatus can be used to implement the block chain based electronic certificate management method described above, wherein the detailed description thereof should be similar to that of the method described above, and in order to avoid complexity, further description thereof is omitted.
Fig. 8 is a schematic block diagram of an electronic certificate management apparatus based on a block chain according to an embodiment of the present specification, and as shown in fig. 8, the electronic certificate management apparatus based on a block chain is applied to a client, and the client accesses to a block chain system; the device comprises:
a first receiving module 81, configured to receive a request for getting an electronic certificate sent by a certificate getting party; the pickup request carries certificate identification information of the electronic certificate; the electronic certificate is generated through an electronic certificate template which corresponds to the certificate authority and passes the auditing of the operation platform;
the first display module 82 is configured to display the electronic certificate corresponding to the certificate identification information to the certificate acquirer according to the acquisition request;
the second uplink module 83 uploads the pickup event information of the electronic certificate to the blockchain system, so that the pickup event information and the electronic certificate are stored in the blockchain system in an associated manner.
In one embodiment, the pickup request is generated by acquiring pickup information corresponding to the electronic certificate;
the device further comprises:
a second receiving module, configured to receive the electronic certificate sent by the certificate issuing platform before receiving a request for getting the electronic certificate sent by a certificate acquirer;
a fourth generation module that generates the pickup information for the electronic certificate; the pickup information is associated with a pickup page corresponding to the electronic certificate;
and the providing module is used for providing the obtaining information to the certificate obtaining party so as to enable the certificate obtaining party to obtain the electronic certificate based on the obtaining information.
In one embodiment, the first receiving module 81 includes:
a skip unit that skips to the pickup page associated with the pickup information in response to the pickup request generated by acquiring the pickup information;
and the first display unit is used for displaying the electronic certificate on the pickup page.
In one embodiment, the apparatus further comprises:
the fifth generation module generates a certificate state corresponding to the electronic certificate; the certificate status is used for representing at least one of whether the electronic certificate is successfully issued, whether the electronic certificate is picked up and whether the electronic certificate is revoked currently;
a third uplink module that uploads the certificate status to the blockchain system.
In one embodiment, the apparatus further comprises:
the updating module updates the certificate state to a first state after receiving the electronic certificate sent by the certificate issuing platform; the first state is used for representing that the electronic certificate is issued; updating the certificate status to a second status after sending the electronic certificate to the certificate taker; the second state is used for representing that the electronic certificate is picked up; updating the certificate status to a third status when revocation event information for the electronic certificate sent by the certificate issuing platform is received; the third state is used for representing that the electronic certificate is revoked; the revocation event information includes certificate identification information corresponding to the electronic certificate.
In one embodiment, the apparatus further comprises:
the sixth generation module is used for generating a certificate graphic code corresponding to the electronic certificate when receiving a certificate sharing request which is sent by the certificate retriever and shares the electronic certificate to the certificate verifier; the certificate sharing request carries identity information of an inspector of the certificate inspector;
and the third sending module is used for sending the certificate graphic code to the certificate checking party according to the identity information of the checking party.
In one embodiment, the apparatus further comprises:
the forwarding module is used for forwarding an inspection request to the block chain system when receiving the inspection request aiming at the electronic certificate sent by the certificate inspector; the block chain system is used for checking the electronic certificate and sending a checking result to the client; the checking request is generated by the certificate checking party by identifying the certificate graphic code;
a seventh obtaining module, configured to obtain the inspection result sent by the blockchain system;
and the second display module is used for displaying the checking result and/or the electronic certificate to the certificate checking party.
In one embodiment, the apparatus further comprises:
a seventh generating module, configured to generate a usage record corresponding to the electronic certificate after obtaining the inspection result sent by the blockchain system; the usage record comprises at least one of a generation record of the certificate graphic code, a checking record of the electronic certificate and a checking result;
and the fourth uplink module uploads the use record to the block chain system.
In one embodiment, the apparatus further comprises:
the encryption module is used for encrypting the specified certificate content in the electronic certificate to obtain the encrypted electronic certificate when receiving an encryption request aiming at the electronic certificate and sent by the certificate acquirer;
the second display module comprises:
and the second display unit is used for displaying the encrypted electronic certificate to the certificate verifier.
By adopting the device provided by the embodiment of the application, when a client side accessing the block chain system receives an acquisition request aiming at an electronic certificate sent by a certificate acquirer, the electronic certificate is displayed to the certificate acquirer, and acquisition event information of the electronic certificate is uploaded to the block chain system, so that the acquisition event information and the electronic certificate are stored in the block chain system in an associated manner. Since the blockchain system has non-tamper property, traceability and security, the technical scheme stores the receiving event information of the electronic certificate in the blockchain system, and can ensure the security and the accuracy of the receiving event information of the electronic certificate. In addition, the electronic certificate template passes verification through the operation platform, for example, the authenticity, the compliance and the like of the electronic certificate template are verified, so that the authenticity and the utility of the issued electronic certificate can be ensured, and a cooperative trust type certificate issuing system through interaction between the certificate issuing organization and the operation platform is realized. Moreover, the certificate issuing organization does not need to develop a website or software with the electronic certificate issuing function, so that the cost for issuing the electronic certificate is reduced.
It should be understood by those skilled in the art that the block chain based electronic certificate management apparatus can be used to implement the block chain based electronic certificate management method described above, wherein the detailed description thereof should be similar to that of the method described above, and in order to avoid complexity, further description thereof is omitted.
Based on the same idea, one or more embodiments of the present specification further provide an electronic certificate management system based on a block chain, including a certificate issuing platform and an operation platform; the certificate issuing platform and the operation platform are both connected to a blockchain system; wherein:
the operation platform is used for auditing the electronic certificate template which is generated by the certificate issuing platform and corresponds to the certificate issuing organization; if the verification is passed, determining that the certificate authority can use the electronic certificate template to issue the electronic certificate;
the certificate issuing platform acquires the electronic certificate template corresponding to the certificate issuing mechanism and the identity information of the acquirer of the certificate acquirer; generating an electronic certificate corresponding to the certificate claiming party according to the electronic certificate template and the identity information of the claiming party; and uploading the electronic certificate and the identity information of the acquirer to the blockchain system in a correlated manner, and sending the electronic certificate to a client corresponding to the identity information of the acquirer so that the certificate acquirer can acquire the electronic certificate through the client.
Based on the same idea, one or more embodiments of the present specification further provide an electronic certificate management apparatus based on a block chain, as shown in fig. 9. The block chain based electronic certificate management apparatus may have a large difference due to different configurations or performances, and may include one or more processors 901 and a memory 902, where one or more stored applications or data may be stored in the memory 902. Memory 902 may be, among other things, transient storage or persistent storage. The application program stored in memory 902 may include one or more modules (not shown), each of which may include a series of computer-executable instructions for a blockchain-based electronic certificate management apparatus. Still further, the processor 901 may be arranged in communication with the memory 902 for executing a series of computer executable instructions in the memory 902 on a blockchain based electronic certificate management device. The blockchain-based electronic certificate management apparatus may also include one or more power supplies 903, one or more wired or wireless network interfaces 904, one or more input-output interfaces 905, one or more keyboards 906.
In this embodiment, the block chain based electronic certificate management apparatus includes a memory, and one or more programs, where one or more programs are stored in the memory, and one or more programs may include one or more modules, and each module may include a series of computer executable instructions for the block chain based electronic certificate management apparatus, and the one or more programs configured to be executed by one or more processors include computer executable instructions for:
acquiring an electronic certificate template corresponding to a certificate authority and identity information of a certificate acquirer; the electronic certificate template is a template approved by the operation platform;
generating an electronic certificate corresponding to the certificate claiming party according to the electronic certificate template and the identity information of the claiming party;
and uploading the electronic certificate and the identity information of the acquirer to the blockchain system in a correlated manner, and sending the electronic certificate to a client corresponding to the identity information of the acquirer, so that the client can acquire the electronic certificate through the blockchain system.
In another embodiment, a blockchain based electronic certificate management apparatus includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer executable instructions for the blockchain based electronic certificate management apparatus, and the one or more programs configured to be executed by the one or more processors include computer executable instructions for:
receiving a pickup request aiming at an electronic certificate sent by a certificate pickup party; the pickup request carries certificate identification information of the electronic certificate; the electronic certificate is generated through an electronic certificate template which corresponds to the certificate authority and passes the auditing of the operation platform;
displaying the electronic certificate corresponding to the certificate identification information to the certificate claiming party according to the claiming request;
uploading the pickup event information of the electronic certificate to the blockchain system, so that the pickup event information and the electronic certificate are stored in the blockchain system in an associated manner.
One or more embodiments of the present specification further provide a storage medium, where the storage medium stores one or more computer programs, where the one or more computer programs include instructions, and when the instructions are executed by an electronic device that includes multiple application programs, the electronic device can execute each process of the above embodiment of the method for managing an electronic certificate based on a block chain, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more software and/or hardware implementations in implementing one or more embodiments of the present description.
One skilled in the art will recognize that one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
One or more embodiments of the present specification are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the specification. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only one or more embodiments of the present disclosure, and is not intended to limit the present disclosure. Various modifications and alterations to one or more embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of one or more embodiments of the present specification should be included in the scope of claims of one or more embodiments of the present specification.

Claims (25)

1. An electronic certificate management method based on a block chain is applied to a certificate issuing platform, and the certificate issuing platform is accessed to a block chain system; the method comprises the following steps:
acquiring an electronic certificate template corresponding to a certificate authority and identity information of a certificate acquirer; the electronic certificate template is a template approved by the operation platform;
generating an electronic certificate corresponding to the certificate claiming party according to the electronic certificate template and the identity information of the claiming party;
and uploading the electronic certificate and the identity information of the acquirer to the blockchain system in a correlated manner, and sending the electronic certificate to a client corresponding to the certificate acquirer so that the certificate acquirer can acquire the electronic certificate through the client.
2. The method of claim 1, the electronic certificate template comprising certificate signing information corresponding to the certificate authority;
before the obtaining of the electronic certificate template corresponding to the certificate authority, the method further includes:
determining certificate element information for generating the electronic certificate template;
acquiring the certificate signature information corresponding to the certificate authority; the certificate signature information includes at least one of first signature information of the certificate authority, second signature information of a third party signing party, and a certificate validity period;
and generating the electronic certificate template corresponding to the certificate authority according to the certificate element information and the certificate signature information.
3. The method of claim 2, prior to obtaining the electronic certificate template corresponding to the certificate authority, further comprising:
acquiring custom information which is submitted by the certificate authority and used for generating the electronic certificate model;
the generating the electronic certificate template corresponding to the certificate authority according to the certificate element information and the certificate signature information includes:
and generating the electronic certificate template corresponding to the certificate authority according to the certificate signature information, the certificate element information and/or the custom information.
4. The method of claim 2 or 3, further comprising, after generating the electronic certificate template for the certificate authority:
sending the electronic certificate template to the operation platform so that the operation platform can check the electronic certificate template;
obtaining the auditing result of the operation platform on the electronic certificate template;
and if the verification result is that the electronic certificate template passes the verification result, determining that the certificate issuing organization can issue the electronic certificate by using the electronic certificate template.
5. The method of claim 2, prior to obtaining the certificate signature information corresponding to the certificate authority, further comprising:
acquiring signing party identity information of the third party signing party;
performing identity authentication operation on the third party signing party according to the signing party identity information;
and if the identity authentication of the third party signing party passes, generating the second signature information corresponding to the third party signing party.
6. The method of claim 2, the generating the electronic certificate template corresponding to the certificate authority according to the certificate element information and the certificate signature information, comprising:
generating an electronic certificate preview template corresponding to the certificate authority according to the certificate element information and the certificate signature information;
according to the preview content in the electronic certificate preview template, auditing the electronic certificate preview template;
and if the verification is passed, generating the electronic certificate template based on the electronic certificate preview template.
7. The method of claim 2, after the generating the electronic certificate template for the certificate authority, further comprising:
when receiving a management operation aiming at the electronic certificate template, carrying out identity verification on a user executing the management operation; the management operation comprises at least one of a modification operation and a deletion operation;
and if the identity authentication aiming at the user passes, correspondingly managing the electronic certificate template.
8. The method of claim 1, wherein generating the electronic certificate corresponding to the certificate retriever according to the electronic certificate template and the identity information of the retriever comprises:
writing the identity information of the claimant into the electronic certificate template;
if the writing is successful, generating the electronic certificate corresponding to the certificate retriever;
if the writing fails, outputting error information corresponding to the writing failure; the error information includes at least one of error cause and error position.
9. The method of claim 1, prior to obtaining the electronic certificate template corresponding to the certificate authority, further comprising:
acquiring organization identity information corresponding to the certificate authority;
according to the identity information of the organization, carrying out validity verification on the certificate authority;
and if the validity verification is passed, executing a step of acquiring the electronic certificate template corresponding to the certificate authority.
10. The method according to claim 1, further comprising, after generating the electronic certificate corresponding to the certificate retriever according to the electronic certificate template and the identity information of the retriever:
when a revocation request for the electronic certificate is received, performing a revocation operation on the electronic certificate;
sending revocation event information corresponding to the electronic certificate to an operation platform and/or the blockchain system; the revocation event information includes certificate identification information corresponding to the electronic certificate.
11. An electronic certificate management method based on a block chain is applied to a client, and the client is accessed to a block chain system; the method comprises the following steps:
receiving a pickup request aiming at an electronic certificate sent by a certificate pickup party; the pickup request carries certificate identification information of the electronic certificate; the electronic certificate is generated through an electronic certificate template which corresponds to the certificate authority and passes the auditing of the operation platform;
displaying the electronic certificate corresponding to the certificate identification information to the certificate claiming party according to the claiming request;
uploading the pickup event information of the electronic certificate to the blockchain system, so that the pickup event information and the electronic certificate are stored in the blockchain system in an associated manner.
12. The method according to claim 11, wherein the pickup request is generated by acquiring pickup information corresponding to the electronic certificate;
before the receiving of the request for getting the electronic certificate sent by the certificate getting party, the method further includes:
receiving the electronic certificate sent by the certificate issuing platform;
generating the pickup information for the electronic certificate; the pickup information is associated with a pickup page corresponding to the electronic certificate;
and providing the pickup information to the certificate pickup party so that the certificate pickup party picks up the electronic certificate based on the pickup information.
13. The method according to claim 12, wherein the displaying the electronic certificate corresponding to the certificate identification information to the certificate claiming party according to the claiming request includes:
in response to the pickup request generated by acquiring the pickup information, jumping to the pickup page associated with the pickup information;
and displaying the electronic certificate on the pickup page.
14. The method of claim 11, further comprising:
generating a certificate state corresponding to the electronic certificate; the certificate status is used for representing at least one of whether the electronic certificate is successfully issued, whether the electronic certificate is picked up and whether the electronic certificate is revoked currently;
uploading the certificate status to the blockchain system.
15. The method of claim 14, further comprising:
updating the certificate status to a first status after receiving the electronic certificate sent by the certificate issuing platform; the first state is used for representing that the electronic certificate is issued;
updating the certificate status to a second status after sending the electronic certificate to the certificate taker; the second state is used for representing that the electronic certificate is picked up;
updating the certificate status to a third status when revocation event information for the electronic certificate sent by the certificate issuing platform is received; the third state is used for representing that the electronic certificate is revoked; the revocation event information includes certificate identification information corresponding to the electronic certificate.
16. The method of claim 11, further comprising:
when a certificate sharing request which is sent by the certificate retriever and shares the electronic certificate to the certificate checking party is received, generating a certificate graphic code corresponding to the electronic certificate; the certificate sharing request carries identity information of an inspector of the certificate inspector;
and sending the certificate graphic code to the certificate checking party according to the identity information of the checking party.
17. The method of claim 16, further comprising:
when an inspection request for the electronic certificate sent by the certificate inspector is received, forwarding the inspection request to the blockchain system; the block chain system is used for checking the electronic certificate and sending a checking result to the client; the checking request is generated by the certificate checking party by identifying the certificate graphic code;
obtaining the checking result sent by the block chain system;
and displaying the checking result and/or the electronic certificate to the certificate checking party.
18. The method of claim 17, after obtaining the ping result sent by the blockchain system, further comprising:
generating a use record corresponding to the electronic certificate; the usage record comprises at least one of a generation record of the certificate graphic code, a checking record of the electronic certificate and a checking result;
uploading the usage record to the blockchain system.
19. The method of claim 17, further comprising:
when an encryption request aiming at the electronic certificate sent by the certificate acquirer is received, encrypting the specified certificate content in the electronic certificate to obtain the encrypted electronic certificate;
the displaying the inspection result and/or the electronic certificate to the certificate verifier includes:
and displaying the encrypted electronic certificate to the certificate verifying party.
20. An electronic certificate management device based on a block chain is applied to a certificate issuing platform, and the certificate issuing platform is accessed to a block chain system; the device comprises:
the first acquisition module is used for acquiring an electronic certificate template corresponding to a certificate authority and identity information of a certificate acquirer; the electronic certificate template is a template approved by the operation platform;
the first generation module generates an electronic certificate corresponding to the certificate claiming party according to the electronic certificate template and the identity information of the claiming party;
and the first chain loading module is used for uploading the electronic certificate and the identity information of the acquirer to the blockchain system in a correlated manner, and sending the electronic certificate to a client corresponding to the certificate acquirer, so that the certificate acquirer can acquire the electronic certificate through the client.
21. An electronic certificate management device based on a block chain is applied to a client, and the client is accessed to a block chain system; the device comprises:
the first receiving module is used for receiving a receiving request aiming at the electronic certificate sent by a certificate receiving party; the pickup request carries certificate identification information of the electronic certificate; the electronic certificate is generated through an electronic certificate template which corresponds to the certificate authority and passes the auditing of the operation platform;
the first display module is used for displaying the electronic certificate corresponding to the certificate identification information to the certificate claiming party according to the claiming request;
and the second uplink module uploads the picking event information of the electronic certificate to the blockchain system so that the picking event information and the electronic certificate are stored in the blockchain system in an associated manner.
22. An electronic certificate management system based on a block chain comprises a certificate issuing platform and an operation platform; the certificate issuing platform and the operation platform are both connected to a blockchain system; wherein:
the operation platform is used for auditing the electronic certificate template which is generated by the certificate issuing platform and corresponds to the certificate issuing organization; if the verification is passed, determining that the certificate authority can use the electronic certificate template to issue the electronic certificate;
the certificate issuing platform acquires the electronic certificate template corresponding to the certificate issuing mechanism and the identity information of the acquirer of the certificate acquirer; generating an electronic certificate corresponding to the certificate claiming party according to the electronic certificate template and the identity information of the claiming party; and uploading the electronic certificate and the identity information of the acquirer to the blockchain system in a correlated manner, and sending the electronic certificate to a client corresponding to the certificate acquirer so that the certificate acquirer can acquire the electronic certificate through the client.
23. An electronic certificate management device based on a block chain is applied to a certificate issuing platform, and the certificate issuing platform is accessed to a block chain system; the apparatus includes a processor and a memory electrically connected to the processor, the memory storing a computer program, the processor for invoking and executing the computer program from the memory to implement:
acquiring an electronic certificate template corresponding to a certificate authority and identity information of a certificate acquirer; the electronic certificate template is a template approved by the operation platform;
generating an electronic certificate corresponding to the certificate claiming party according to the electronic certificate template and the identity information of the claiming party;
and uploading the electronic certificate and the identity information of the acquirer to the blockchain system in a correlated manner, and sending the electronic certificate to a client corresponding to the certificate acquirer so that the certificate acquirer can acquire the electronic certificate through the client.
24. An electronic certificate management device based on a block chain is applied to a client, and the client is accessed to a block chain system; the apparatus includes a processor and a memory electrically connected to the processor, the memory storing a computer program, the processor for invoking and executing the computer program from the memory to implement:
receiving a pickup request aiming at an electronic certificate sent by a certificate pickup party; the pickup request carries certificate identification information of the electronic certificate; the electronic certificate is generated through an electronic certificate template which corresponds to the certificate authority and passes the auditing of the operation platform;
displaying the electronic certificate corresponding to the certificate identification information to the certificate claiming party according to the claiming request;
uploading the pickup event information of the electronic certificate to the blockchain system, so that the pickup event information and the electronic certificate are stored in the blockchain system in an associated manner.
25. A storage medium storing a computer program executable by a processor to implement the following:
acquiring an electronic certificate template corresponding to a certificate authority and identity information of a certificate acquirer; the electronic certificate template is a template approved by the operation platform;
generating an electronic certificate corresponding to the certificate claiming party according to the electronic certificate template and the identity information of the claiming party;
and uploading the electronic certificate and the identity information of the acquirer to the blockchain system in a correlated manner, and sending the electronic certificate to a client corresponding to the certificate acquirer so that the certificate acquirer can acquire the electronic certificate through the client.
CN202210356933.9A 2022-04-06 2022-04-06 Electronic certificate management method, device and system based on blockchain and storage medium Active CN114826609B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210356933.9A CN114826609B (en) 2022-04-06 2022-04-06 Electronic certificate management method, device and system based on blockchain and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210356933.9A CN114826609B (en) 2022-04-06 2022-04-06 Electronic certificate management method, device and system based on blockchain and storage medium

Publications (2)

Publication Number Publication Date
CN114826609A true CN114826609A (en) 2022-07-29
CN114826609B CN114826609B (en) 2024-03-26

Family

ID=82532414

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210356933.9A Active CN114826609B (en) 2022-04-06 2022-04-06 Electronic certificate management method, device and system based on blockchain and storage medium

Country Status (1)

Country Link
CN (1) CN114826609B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881290A (en) * 2018-07-17 2018-11-23 深圳前海微众银行股份有限公司 Digital certificate application method, system and storage medium based on block chain
US20190140848A1 (en) * 2017-11-07 2019-05-09 Spinbackup Inc. Decentralized Access Control for Cloud Services
CN109903043A (en) * 2019-01-17 2019-06-18 平安科技(深圳)有限公司 Method for secure transactions, device, equipment and storage medium based on block chain
CN110766579A (en) * 2019-10-22 2020-02-07 深圳技术大学 Online education management verification system and method based on block chain platform
CN111490873A (en) * 2020-03-25 2020-08-04 上海物融智能科技有限公司 Block chain-based certificate information processing method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190140848A1 (en) * 2017-11-07 2019-05-09 Spinbackup Inc. Decentralized Access Control for Cloud Services
CN108881290A (en) * 2018-07-17 2018-11-23 深圳前海微众银行股份有限公司 Digital certificate application method, system and storage medium based on block chain
CN109903043A (en) * 2019-01-17 2019-06-18 平安科技(深圳)有限公司 Method for secure transactions, device, equipment and storage medium based on block chain
CN110766579A (en) * 2019-10-22 2020-02-07 深圳技术大学 Online education management verification system and method based on block chain platform
CN111490873A (en) * 2020-03-25 2020-08-04 上海物融智能科技有限公司 Block chain-based certificate information processing method and system

Also Published As

Publication number Publication date
CN114826609B (en) 2024-03-26

Similar Documents

Publication Publication Date Title
CN108898389B (en) Content verification method and device based on block chain and electronic equipment
US20240169457A1 (en) Systems and methods for executing and delivering electronic documents
US10637665B1 (en) Blockchain-based digital identity management (DIM) system
CN105991287B (en) A kind of generation of signed data and finger print identifying requesting method and device
US11636218B2 (en) System and method for securing electronic document execution and authentication
CN109784922B (en) Electronic contract signing method, electronic contract signing device, computer equipment and storage medium
CN109978688A (en) The access control method and its contract generator and server of distributed common recognition system
CN113793151A (en) Block chain-based data evidence storing method and device and electronic equipment
CN109981287B (en) Code signing method and storage medium thereof
CN111475836A (en) File management method and device based on alliance block chain
CN110674531B (en) Residential information management method, device, server and medium based on block chain
CN112733178A (en) Cross-chain trust method, device, equipment and medium based on digital certificate authentication
CN112448946A (en) Log auditing method and device based on block chain
CN114666168A (en) Decentralized identity certificate verification method and device, and electronic equipment
KR20200055178A (en) Management server and method of digital signature for electronic document
CN114266680A (en) Block chain-based electronic contract signing method, device and system
CN109388923B (en) Program execution method and device
CN113704734A (en) Distributed digital identity-based method for realizing certificate verification and related device
CN103559430B (en) application account management method and device based on Android system
CN113779637B (en) Attribute data processing method, attribute data processing device, attribute data processing equipment and attribute data processing medium
CN114826609B (en) Electronic certificate management method, device and system based on blockchain and storage medium
van den Broek et al. Securely derived identity credentials on smart phones via self-enrolment
CN112507370A (en) Electronic license verification method based on block chain network
CN113836521B (en) Decentralized identity-based multiple identity management method and device
CN115941199B (en) Identity information verification method, apparatus, device, storage medium and program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant