[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN113672959A - Traceable paperless office trace retention method based on block chain - Google Patents

Traceable paperless office trace retention method based on block chain Download PDF

Info

Publication number
CN113672959A
CN113672959A CN202110978776.0A CN202110978776A CN113672959A CN 113672959 A CN113672959 A CN 113672959A CN 202110978776 A CN202110978776 A CN 202110978776A CN 113672959 A CN113672959 A CN 113672959A
Authority
CN
China
Prior art keywords
certificate
block chain
partition
user
blockchain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110978776.0A
Other languages
Chinese (zh)
Other versions
CN113672959B (en
Inventor
梁玲
李军锋
廖敏
张振杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Productivity Promotion Center
Original Assignee
Chongqing Productivity Promotion Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Productivity Promotion Center filed Critical Chongqing Productivity Promotion Center
Priority to CN202110978776.0A priority Critical patent/CN113672959B/en
Publication of CN113672959A publication Critical patent/CN113672959A/en
Application granted granted Critical
Publication of CN113672959B publication Critical patent/CN113672959B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Economics (AREA)
  • Data Mining & Analysis (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of computers, in particular to a traceable paperless office trace reserving method based on a block chain, which comprises the steps of dividing all nodes in a block chain network into M sets, taking each set as a region with independent communication resources, calculation resources and storage resources, and selecting N nodes from each region to form a distributed private key storage region; the invention adds the partition block chain, ensures decentralization, simultaneously adopts a voting mechanism to restrict the effectiveness of the partitions and the node effectiveness, avoids invalid nodes or partitions and node or partition attacks, and can ensure the retention of user operation traces and provide assistance for subsequent tracing.

Description

Traceable paperless office trace retention method based on block chain
Technical Field
The invention relates to the technical field of computers, in particular to a traceable paperless office trace retention method based on a block chain.
Background
The scientific Research Project Management System (RPMS) is widely applied to effectively realize organizational targets and construct important ideas, modes and technologies of the core competitiveness of scientific research units. The traditional scientific Research Project Management System (RPMS) divides the management functions of scientific research project management into 9 knowledge fields of integrated management, range management, time management, cost management, quality management, human resource management, communication management, risk management and purchasing management by a project center, an information center and a report center
The blockchain technology is a novel distributed infrastructure and a computing paradigm for generating, storing, operating and verifying data through a blockchain structure, a consensus algorithm and an intelligent contract, and a novel trust mechanism constructed by the blockchain technology is helpful for promoting the conversion of the internet technology from information internet to value internet. The account book data in the block chain is stored and verified in a public transaction record and multi-node consensus confirmation mode, so that great challenges are brought to identity management and privacy protection in the system.
The blockchain system provides the advantages of flexible distributed co-processing, and also provides great challenges to the identity management of the participants. In a traditional centralized transaction system, transactions are verified and confirmed by a central institution, and the contents of a transaction ledger are not disclosed. In the blockchain transaction system, in order to achieve the goal of decentralization, a design idea similar to b-money is mostly adopted, all transaction records are published, and a multi-party consensus confirmation mode is adopted by a specific node in a network to carry out endorsement verification on the transaction. The public Key infrastructure of PKI (public Key infrastructure) provides the functions of identifying user identity, creating and distributing certificate, maintaining and canceling certificate, distributing and maintaining encryption Key, etc. by using public Key encryption and X.509 technique, and can attain the goal of encrypting communication and verifying identity.
Most of the existing scientific Research Project Management Systems (RPMS) adopt a single sign-on or traditional PKI authentication mode, and users generally log in through a simple user name and password mode, so that the following main problems exist:
1. single point failure problem: the CA at the core is vulnerable to attack and, once controlled, the CA root certificate, as well as the certificates that the CA has issued, are no longer trusted.
2. multi-CA mutual trust difficult problem: the user certificate can only be verified by the root certificate of the CA, different CAs cannot be verified mutually, and the applicability of the existing CA mutual trust solution is limited.
In conventional PKI practice, the method for solving the CA mutual trust problem is:
1. authoritative CA list
There is a high demand on the relying party and the maintenance cost of the authority list itself is high.
CA Cross-certification
When the number of the CA is small, the problem of mutual trust of the CA can be well solved, but when a large number of CAs perform cross authentication pairwise, a complex mesh structure is formed, and the certificate strategy is subjected to multiple mapping, so that the use of the certificate is greatly limited.
3. Bridge CA
The scheme is similar to the trust relationship of the industry association medium in real life, the defect of pairwise cross authentication can be avoided when the number of the CAs is large, but the selection of the bridge CA operator is a difficult problem, and the credibility of the bridge CA operator directly determines the reliability of the mutual trust relationship.
On the other hand, the direct use of blockchains lacks a key factor that can identify fraudulent activities, i.e., a user authentication system. The authentication process is often accomplished by using multiple identity authentication systems, where the person being authenticated needs to provide two or more pieces of information (e.g., password digits), what they are using (e.g., computers and smart phones), or what their body parts (e.g., fingerprints, etc.) to complete the authentication. In a scientific Research Project Management System (RPMS), the certification and the operation trace of the certified user in the system are very important for the whole life cycle of project management. The safety and the credibility in the operation process of the user provide powerful guarantee and strong support for scientific research, project management and the output and the transformation of future achievements.
The traditional data tracing scheme is based on a centralized platform, is not suitable for a distributed environment, is difficult to realize safe and credible tracing once a central node is attacked, and even cannot realize identity authentication and user login. Many schemes based on the block chain technology do not consider differences among nodes, differences of user operations, correctness of data acquisition and particularity of scientific research project management, so that user habits and operation traces are not kept correctly and completely, and accurate tracing cannot be realized.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a traceable paperless office trace reservation method based on a block chain, wherein all nodes in a block chain network are divided into M sets, each set is used as a region with independent communication resources, calculation resources and storage resources, N nodes are selected from each region to form a distributed private key storage region, and the trace reservation process comprises the following steps:
the block chain network is provided with a master block chain link point group and a partition block chain link point group, nodes in the master block chain link point group are composed of self-owned nodes and seed nodes from all partitions, and a registration center, a certificate management center and a key management center which are related to user authentication are deployed in the master block chain link point group;
the block chain network authenticates the user applying for registration, the authenticated user becomes a registered user, and after the identity verification passes, user authority is set for each user according to the user identity;
the scientific research data ownership person encrypts the scientific research data by using the public key, then adds a timestamp and broadcasts the encrypted scientific research data in the response partition; when acquiring an owner or a manager and needing to submit data to a superior department after authorization, the partition block chain node sends a submission request to the primary block chain node, and a user with management authority decrypts the data submitted in the partition block chain by using a private key and stores the decrypted data in a data storage area of the primary block chain node;
when the registered user operates the data, the trace is stored according to the specified data structure and is broadcasted in the partition block chain.
Further, based on that an Activiti workflow engine arbitrarily selects an area not lower than 2/3M in each link of project declaration management, a private key of a PKI/CA authentication system is divided into corresponding unit numbers and transmitted to the selected aggregation area; further dividing each unit into K subunits in the region and transmitting the K subunits to K nodes; the register center RA applies for signing and issuing a digital certificate to the certificate management center after receiving the authentication application of the user node; and the certificate management center generates a digital certificate, and the key management center randomly selects K server nodes from M aggregation areas of the distributed private key storage area to call the key division unit to recover the CA private key.
Further, the process of authenticating the blockchain partition and each partition user after the partition includes:
dynamically setting seed nodes in the partitioning process, wherein each partition must ensure a unique seed node, and when the seed node fails, any node in the partition is selected as a new seed node by the partition;
when the above 2/3 valid nodes of all registered nodes in the blockchain network pass through the same node, the partition request can be submitted to the blockchain network;
the user node initiates a certificate application request to a certain partition of the blockchain, and when the request is successful, in the process of using the certificate, the certificate is submitted to a relying party for verification to obtain blockchain information.
Furthermore, a certificate requested by the user node to a certain partition of the blockchain adopts an international standard X.509 format, an identifier is added in the extension item and used for identifying the blockchain network to which the certificate belongs and the corresponding partition, and a private key corresponding to the certificate is stored at the user side.
Further, the user node can select to apply for a personal anonymous certificate or a personal real-name certificate in the certificate requesting process, does not need to submit other information when applying for the personal anonymous certificate, is directly issued by the blockchain partition, and is only synchronized to other nodes in the partition; when the application is a personal real-name certificate, information for verifying the identity of the personal real-name certificate needs to be submitted, and the partition initiates a certificate application to the blockchain network.
Furthermore, a verification node in the area block network collects a certificate application request of a user and verifies the validity of a certificate according to information submitted by the user; the verification node takes the legal certificate information and the certificate states of all the current unincorporated blocks as records in a block chain, and respectively generates a new block in a block chain partition and a block chain network by using a common identification mechanism in the block chain according to anonymous and real-name applications; for the real-name application, the verification node issues the new block to the block chain network and synchronizes to other partitions and nodes, and for the anonymous application, the new block is synchronized to other nodes only in the partitions and is not distributed across the partitions.
Further, the verifying node takes the legal certificate information and the certificate status of all the current unincorporated blocks as records in the block chain, generates a new block and synchronizes the new block.
Further, the personal anonymous certificate in the blockchain network is uniformly revoked after the life cycle of the blockchain network is expired; and the personal real-name certificate initiates an application from the partition to the blockchain network, obtains the updated digital certificate and distributes the updated digital certificate to other partitions, wherein the request comprises the digital certificate to be updated by the user, the newly generated digital certificate and information required by the verification certificate, and the newly generated certificate and the original certificate have the same DN item.
Further, after the user gives the certificate to the relying party, the relying party verifies the validity and validity of the certificate, namely the certificate is searched in the block chain and the certificate is legal if the latest state of the certificate shows that the certificate is normal; when the relying party does not have the block chain information requested to be inquired locally, a certificate inquiry request can be initiated to the block chain network, and the request comprises the certificate information to be inquired; and feeding back a query result to the relying party by the nodes in the block chain, wherein the query result comprises the latest state information of the certificate to be checked.
Furthermore, when traces are stored according to the specified data structure, the block of the specified data structure comprises a block head and a block body, the block head comprises a version number, a previous block hash address, a timestamp, a random number and a target block hash address, and the block body comprises a current block hash address, an operator ID, an operation timestamp, an operation object, an operation, a current link and a current partition.
The invention has the advantages that:
1) the invention adds the partition block chain, ensures decentralization, and simultaneously adopts a voting mechanism to restrict the effectiveness of the partitions and the node effectiveness, thereby avoiding invalid nodes or partitions and avoiding nodes or partitions from being attacked;
2) the invention designs an operation trace retaining process which can ensure the retention of the operation trace of the user and provide assistance for subsequent tracing.
3) The invention designs a method for tracing the source of the data credibility, which realizes the construction and the source tracing of a user data attachment chain through modular design.
Drawings
FIG. 1 is a block chain network and partition diagram of the present invention;
FIG. 2 is a block chain partition authentication process according to the present invention;
FIG. 3 is a flow chart of the operation trace preservation according to the present invention;
FIG. 4 is a data trusted traceability process of the present invention;
FIG. 5 is a data structure of a block with trace preservation according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a traceable paperless office trace reserving method based on a block chain, which comprises the following steps of dividing all nodes in a block chain network into M sets, taking each set as an area with independent communication resources, calculation resources and storage resources, selecting N nodes in each area to form a distributed private key storage area, wherein the trace reserving process comprises the following steps:
the block chain network is provided with a master block chain link point group and a partition block chain link point group, nodes in the master block chain link point group are composed of self-owned nodes and seed nodes from all partitions, and a registration center, a certificate management center and a key management center which are related to user authentication are deployed in the master block chain link point group;
the block chain network authenticates the user applying for registration, the authenticated user becomes a registered user, and after the identity verification passes, user authority is set for each user according to the user identity;
the scientific research data ownership person encrypts the scientific research data by using the public key, then adds a timestamp and broadcasts the encrypted scientific research data in the response partition; when acquiring an owner or a manager and needing to submit data to a superior department after authorization, the partition block chain node sends a submission request to the primary block chain node, and a user with management authority decrypts the data submitted in the partition block chain by using a private key and stores the decrypted data in a data storage area of the primary block chain node;
when the registered user operates the data, the trace is stored according to the specified data structure and is broadcasted in the partition block chain.
Example 1
Fig. 1 shows a blockchain network and a partition diagram, in this embodiment, a blockchain is divided into A, B, C, D, E, F six partitions, each partition includes a plurality of nodes, and the nodes may be terminal devices such as computer devices, and as shown in fig. 2, the process of partitioning the blockchain and authenticating a user includes: the 7 processes of block chain partitioning, voting mechanism, certificate application, certificate issuance, certificate update, certificate revoking and certificate verification specifically include the following steps:
s101: block chain partitioning
According to the classification and evaluation results of the academics of the enterprise scale and the colleges and universities, nodes are set in the selected units, the nodes are partitioned, and seed nodes are dynamically set in the partitions; each partition must keep a unique seed node, and when the seed node fails, any node is selected by the partition as a new seed node;
s102: voting mechanism
The operations of partition authentication, verification and the like need to be further scrutinized by all the valid nodes above the registration node 2/3 of the partition through the block chain network which can be submitted later.
S103: certificate application
Before logging in a scientific research system, a user firstly applies for a certificate to the scientific research management system, the certificate can adopt an international standard X.509 format, an identifier is added in an extension item and used for identifying a blockchain network to which the certificate belongs and a partition corresponding to the blockchain network, and a private key corresponding to the certificate is stored at the user side.
The certificate user initiates a certificate application request to the blockchain partition, where the request includes the user's digital certificate and information needed to verify the certificate. If the certificate entity user applies for the personal anonymous certificate, other information is not required to be submitted, and the personal anonymous certificate is directly issued by the blockchain partition; if the certificate entity user applies for the personal real-name certificate, information for verifying the identity of the user needs to be submitted, and the partition initiates a certificate application to the blockchain network.
S104: certificate signing and issuing
The verification node collects a certificate application request of a user and verifies the validity of a certificate according to information submitted by the user; the verification node takes the legal certificate information and the certificate states of all the current unincorporated blocks as records in a block chain, and respectively generates a new block in a block chain partition and a block chain network by using a common identification mechanism in the block chain according to anonymous and real-name applications; for the real-name application, the verification node issues the new block to the block chain network and synchronizes to other partitions and nodes, and for the anonymous application, the new block is synchronized to other nodes only in the partitions and is not distributed across the partitions.
S105: certificate revoke
The personal anonymous certificate is uniformly revoked according to the life cycle set by the blockchain network, and the revocation is handled in the corresponding blockchain subarea without application. The personal real-name user submits a certificate revoking request, wherein the request comprises certificate information of the user and information for verifying the identity of the user (such as signature information of the user); the verification node collects a certificate revoking request of the user and verifies the identity of the user according to information submitted by the user; and the verifying node takes the legal certificate information and the certificate status of all the current unincorporated blocks as records in the block chain, generates a new block and synchronizes the new block.
S106: certificate updating
a. The personal anonymous user does not need to update the certificate, and the certificate is uniformly cancelled after the life cycle set by the blockchain network is expired and needs to be applied again.
b. When a personal real-name user needs to update the certificate, the user needs to generate a new digital certificate, and the newly generated certificate has the same dn (distinguishd name) item as the original certificate.
c. The certificate user initiates a certificate updating request to the blockchain partition, the partition initiates an application to the blockchain network, and the request is obtained and then distributed to other partitions, wherein the request comprises a digital certificate to be updated by the user, a newly generated digital certificate and information required by a verification certificate.
S107: certificate usage
During the certificate use process (for example, in the existing security protocols such as TLS and IPSec), the certificate user needs to submit the certificate to the relying party, and after receiving the certificate, the relying party needs to check the validity and validity of the certificate.
a. If the relying party stores the complete blockchain information, the certificate and the status of the certificate can be looked up in the blockchain: if the latest state of the certificate shows that the certificate is normal, the certificate is legal.
b. If the relying party does not have local blockchain information, a certificate inquiry request can be sent to the blockchain network, and the request contains the certificate information to be inquired; and feeding back a query result to the relying party by the nodes in the block chain, wherein the query result comprises the latest state information of the certificate to be checked.
Example 2
The embodiment further illustrates an operation trace retaining process, that is, all operation behaviors of a user are retained in a block chain partition, so that tampering and node failure of a single partition are avoided, and a malicious behavior can be found for tracing, as shown in fig. 3, specifically including:
s201: operation recording module
And completely recording all operations of the user after the user passes the authentication, including but not limited to a timestamp, operator information (user information, login equipment information and the like), operation object information, operations, pre-operation content, post-operation results and the like.
S202: partition broadcast module
And realizing the partition broadcasting of the user operation record and broadcasting to all effective nodes in the partition.
S203: network broadcasting module
And realizing network broadcasting of user operation records and broadcasting to other partitions and nodes thereof in the block chain network.
S204: copy module
The ensure operation records copy availability and at least 3 copy numbers.
Example 3
In this embodiment, taking scientific research data as an example, tracing the data in the scientific research project management process to construct a safe, complete and credible full life cycle chain, which is divided into:
s301: scientific research data acquisition module
S302: scientific research data preprocessing module
S303: scientific research data feature extraction module
S304: scientific research data block chain construction module
S305: scientific research data partitioning and block indexing module
S306: scientific research data analysis module
S307: scientific research data storage module
The trace-retaining data structure includes a block header and a block body, the block header includes a version number, a previous block address, a timestamp, a random number, and a target hash, the block body includes a hash (referring to a current data hash), an operator ID, an operation timestamp, an operation object, an operation, a current link, and a current partition, and a specific structure is shown in fig. 5. Taking the change of an operator to a certain link in a project implementation process as an example, a current partition is a project, the current link is a process link in project declaration management, and the process link comprises project declaration, department review, supervisor review, expert review, result issue and the like, a user with authority in a specific project can set the links included in the project by himself, and an operation trace block is formed according to the data structure of fig. 5 for storage.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (10)

1. A traceable paperless office trace reserving method based on a block chain is characterized in that all nodes in a block chain network are divided into M sets, each set is used as a region with independent communication resources, computing resources and storage resources, N nodes are selected from each region to form a distributed private key storage region, and the trace reserving process comprises the following steps:
the block chain network is provided with a master block chain link point group and a partition block chain link point group, nodes in the master block chain link point group are composed of self-owned nodes and seed nodes from all partitions, and a registration center, a certificate management center and a key management center which are related to user authentication are deployed in the master block chain link point group;
the block chain network authenticates the user applying for registration, the authenticated user becomes a registered user, and after the identity verification passes, user authority is set for each user according to the user identity;
the scientific research data ownership person encrypts the scientific research data by using the public key, then adds a timestamp and broadcasts the encrypted scientific research data in the response partition; when acquiring an owner or a manager and needing to submit data to a superior department after authorization, the partition block chain node sends a submission request to the primary block chain node, and a user with management authority decrypts the data submitted in the partition block chain by using a private key and stores the decrypted data in a data storage area of the primary block chain node;
when the registered user operates the data, the trace is stored according to the specified data structure and is broadcasted in the partition block chain.
2. The traceable paperless office trace preservation method based on the blockchain as claimed in claim 1, wherein an area not lower than 2/3M is selected at will in each link of project declaration management based on an Activiti workflow engine, and a private key of a PKI/CA authentication system is divided into corresponding unit numbers and transmitted to the selected collection area; further dividing each unit into K subunits in the region and transmitting the K subunits to K nodes; the register center RA applies for signing and issuing a digital certificate to the certificate management center after receiving the authentication application of the user node; and the certificate management center generates a digital certificate, and the key management center randomly selects K server nodes from M aggregation areas of the distributed private key storage area to call the key division unit to recover the CA private key.
3. The traceable paperless office trace preservation method based on the blockchain according to claim 1, wherein the process of authenticating each partition user after the partition and the partition of the blockchain comprises:
dynamically setting seed nodes in the partitioning process, wherein each partition must ensure a unique seed node, and when the seed node fails, any node in the partition is selected as a new seed node by the partition;
when the above 2/3 valid nodes of all registered nodes in the blockchain network pass through the same node, the partition request can be submitted to the blockchain network;
the user node initiates a certificate application request to a certain partition of the blockchain, and when the request is successful, in the process of using the certificate, the certificate is submitted to a relying party for verification to obtain blockchain information.
4. The traceable paperless office trace preservation method based on the blockchain as claimed in claim 3, wherein the certificate requested by the user node to a partition of the blockchain adopts an international standard x.509 format, an identifier is added to the extension item for identifying the blockchain network to which the certificate belongs and the partition corresponding to the network, and a private key corresponding to the certificate is stored at the user side.
5. The traceable paperless office trace retention method based on the blockchain as claimed in claim 3, wherein the user node can select to apply for a personal anonymous certificate or a personal real-name certificate in the process of requesting the certificate, does not need to submit other information when applying for the personal anonymous certificate, is directly issued by the blockchain partition, and is only synchronized to other nodes in the partition; when the application is a personal real-name certificate, information for verifying the identity of the personal real-name certificate needs to be submitted, and the partition initiates a certificate application to the blockchain network.
6. The traceable paperless office trace reservation method based on the block chain as claimed in claim 5, wherein a certification application request of a user is collected by a certification node in the area block network, and the legality of a certificate is verified according to information submitted by the user; the verification node takes the legal certificate information and the certificate states of all the current unincorporated blocks as records in a block chain, and respectively generates a new block in a block chain partition and a block chain network by using a common identification mechanism in the block chain according to anonymous and real-name applications; for the real-name application, the verification node issues the new block to the block chain network and synchronizes to other partitions and nodes, and for the anonymous application, the new block is synchronized to other nodes only in the partitions and is not distributed across the partitions.
7. The method as claimed in claim 6, wherein the verifying node takes the legal certificate information and certificate status of all unincorporated blocks as records in the blockchain, generates a new block and synchronizes them.
8. The traceable paperless office trace preservation method based on blockchain according to claim 5, wherein the personal anonymous certificate in the blockchain network is uniformly revoked after the life cycle of the blockchain network is expired; and the personal real-name certificate initiates an application from the partition to the blockchain network, obtains the updated digital certificate and distributes the updated digital certificate to other partitions, wherein the request comprises the digital certificate to be updated by the user, the newly generated digital certificate and information required by the verification certificate, and the newly generated certificate and the original certificate have the same DN item.
9. The traceable paperless office trace preservation method based on the blockchain as claimed in claim 3, wherein after the user gives the certificate to the relying party, the relying party verifies the validity and validity of the certificate, namely, the certificate is searched in the blockchain, and the certificate is legal if the latest state of the certificate shows that the certificate is normal; when the relying party does not have the block chain information requested to be inquired locally, a certificate inquiry request can be initiated to the block chain network, and the request comprises the certificate information to be inquired; and feeding back a query result to the relying party by the nodes in the block chain, wherein the query result comprises the latest state information of the certificate to be checked.
10. The traceable paperless office trace preservation method based on the blockchain as claimed in claim 3, wherein when the trace is preserved according to the specified data structure, the block of the specified data structure comprises a block header and a block body, wherein the block header comprises a version number, a previous block hash address, a timestamp, a random number and a target block hash address, and the block body comprises a current block hash address, an operator ID, an operation timestamp, an operation object, an operation, a current link and a current partition.
CN202110978776.0A 2021-08-25 2021-08-25 Traceable paperless office trace reservation method based on blockchain Active CN113672959B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110978776.0A CN113672959B (en) 2021-08-25 2021-08-25 Traceable paperless office trace reservation method based on blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110978776.0A CN113672959B (en) 2021-08-25 2021-08-25 Traceable paperless office trace reservation method based on blockchain

Publications (2)

Publication Number Publication Date
CN113672959A true CN113672959A (en) 2021-11-19
CN113672959B CN113672959B (en) 2024-06-28

Family

ID=78545909

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110978776.0A Active CN113672959B (en) 2021-08-25 2021-08-25 Traceable paperless office trace reservation method based on blockchain

Country Status (1)

Country Link
CN (1) CN113672959B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150539A (en) * 2018-07-24 2019-01-04 深圳前海益链网络科技有限公司 A kind of Distributed CA System based on block chain, method and device
CN110602079A (en) * 2019-09-05 2019-12-20 广州怀恩科技有限公司 Scientific research data uploading and storing method based on block chain technology hierarchical control
CN111092896A (en) * 2019-12-23 2020-05-01 北京工商大学 Food traceability distributed data synchronization method based on optimized PAXOS
CN111428254A (en) * 2020-03-24 2020-07-17 财付通支付科技有限公司 Key storage method, device, equipment and storage medium
US20200267163A1 (en) * 2008-04-25 2020-08-20 Kelce S. Wilson Blockchain for Documents Having Legal Evidentiary Value

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200267163A1 (en) * 2008-04-25 2020-08-20 Kelce S. Wilson Blockchain for Documents Having Legal Evidentiary Value
CN109150539A (en) * 2018-07-24 2019-01-04 深圳前海益链网络科技有限公司 A kind of Distributed CA System based on block chain, method and device
CN110602079A (en) * 2019-09-05 2019-12-20 广州怀恩科技有限公司 Scientific research data uploading and storing method based on block chain technology hierarchical control
CN111092896A (en) * 2019-12-23 2020-05-01 北京工商大学 Food traceability distributed data synchronization method based on optimized PAXOS
CN111428254A (en) * 2020-03-24 2020-07-17 财付通支付科技有限公司 Key storage method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN113672959B (en) 2024-06-28

Similar Documents

Publication Publication Date Title
US11924358B2 (en) Method for issuing digital certificate, digital certificate issuing center, and medium
CN109377198B (en) Signing system based on multi-party consensus of alliance chain
AU2017335659B2 (en) Methods and apparatus for providing blockchain participant identity binding
CN108429759B (en) Decentralized storage safety implementation method
CN110288480B (en) Private transaction method and device for blockchain
US20190372965A1 (en) Template-based distributed certificate issuance in a multi-tenant environment
CN113507458B (en) Cross-domain identity authentication method based on block chain
EP3788523A1 (en) System and method for blockchain-based cross-entity authentication
US7844816B2 (en) Relying party trust anchor based public key technology framework
EP3966997B1 (en) Methods and devices for public key management using a blockchain
Ayuninggati et al. Supply chain management, certificate management at the transportation layer security in charge of security
CN111884815A (en) Block chain-based distributed digital certificate authentication system
US20170147808A1 (en) Tokens for multi-tenant transaction database identity, attribute and reputation management
CN111797159A (en) Information management and access control in a database
US9009464B2 (en) Anonymous register system and method thereof
US20140136838A1 (en) Entity network translation (ent)
CN109146479B (en) Data encryption method based on block chain
CN113676334B (en) Block chain-based distributed edge equipment identity authentication system and method
CN108696348A (en) A kind of method, apparatus, system and electronic equipment for realizing CA mutual trusts
JP2023503607A (en) Method and device for automatic digital certificate verification
CN112749417A (en) Electronic academic certificate data protection and sharing system based on block chain
CN111444492A (en) Digital identity verification method based on medical block chain
CN113271207A (en) Escrow key using method and system based on mobile electronic signature, computer equipment and storage medium
EP3817320B1 (en) Blockchain-based system for issuing and validating certificates
CN114598463B (en) Data authentication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant