Methods and devices for public key management using a blockchain
US-2022094542-A1 · Mar 24, 2022 · US
Certificate in blockchain network, storage medium, and computer device
US11849052B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11849052-B2 |
| Application number | US-202117154701-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 21, 2021 |
| Priority date | Sep 12, 2019 |
| Publication date | Dec 19, 2023 |
| Grant date | Dec 19, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for replacing an identity certificate in a blockchain network includes a service subnet, a consensus subnet, and a routing layer used for isolating the service subnet from the consensus subnet. The method includes: receiving a root certificate replacement notification transmitted by a certificate authentication center; obtaining a public key corresponding to the certificate authentication center; verifying the root certificate replacement notification by using the obtained public key; forwarding the root certificate replacement notification to a consensus node in the consensus subnet after the validation succeeds, so that the consensus node records the root certificate replacement notification into a latest data block after a consensus on the root certificate replacement notification is reached; and requesting, when the data block is received, the certificate authentication center to replace an identity certificate. A new identity certificate obtained through requesting is authenticated with a new root certificate of the certificate authentication center.
First claim
Opening claim text (preview).
What is claimed is: 1. A method performed by a system for replacing an identity certificate in a blockchain network, the blockchain network comprising a service subnet, a consensus subnet, and a routing layer used for isolating the service subnet from the consensus subnet, the method comprising: generating, by a certificate authentication center, a new root certificate; receiving, by a routing node, a root certificate replacement notification transmitted by the certificate authentication center; obtaining, by the routing node, a public key corresponding to the certificate authentication center from an old root certificate of the certificate authentication center; verifying, by the routing node, the root certificate replacement notification by using the public key corresponding to the certificate authentication center; forwarding, by the routing node, the root certificate replacement notification to a consensus node in the consensus subnet after verifying the root certificate replacement notification; recording, by the consensus node, the root certificate replacement notification into a latest data block after a consensus on the root certificate replacement notification is reached by the consensus node; synchronizing, by the routing node, with the consensus node to receive the latest data block; requesting, by the routing node, after the latest data block is received, the certificate authentication center to replace an old identity certificate of the routing node; after requesting, obtaining from the certificate authentication center, a new identity certificate, the new identity certificate signed with the new root certificate of the certificate authentication center; synchronizing, by the routing node, the latest data block to a service node in the service subnet; parsing, by the service node, the root certificate replacement notification from the latest data block; requesting, by the service node, the certificate authentication center to replace an old identity certificate of the service node; establishing, by the service node, a test connection to the routing node according to the new identity certificate corresponding to the service node; establishing, by the service node, when the test connection succeeds, a connection to the routing node by using the new identity certificate corresponding to the service node; and establishing, by the service node, when the test connection fails, a connection to the routing node by continuously using the old identity certificate of the service node as a valid proof of its identity before an expiration time of the old root certificate. 2. The method according to claim 1 , wherein the new root certificate of the certificate authentication center is generated through the following operations: receiving, by the certificate authentication center, a root certificate replacement instruction; marking, by the certificate authentication center, an existing root certificate as the old root certificate according to the instruction; and generating, by the certificate authentication center, the new root certificate, the generated new root certificate being used for issuing or replacing an identity certificate of a node in the blockchain network by the certificate authentication center. 3. The method according to claim 1 , wherein the root certificate replacement notification comprises a hash value of root certificate replacement information, the hash value is signed with a private key corresponding to the certificate authentication center, and the verifying the root certificate replacement notification by using the public key corresponding to the certificate authentication center comprises: verifying a signature of the hash value of the root certificate replacement information by using the public key corresponding to the certificate authentication center to obtain the hash value of the root certificate replacement information, the hash value being obtained by performing calculation on the root certificate replacement information by using a preset algorithm by the certificate authentication center; calculating a hash value of the root certificate replacement information by using the preset algorithm; and determining that the verification succeeds when the hash value obtained by verifying the signature of the hash value of the root certificate replacement information is equal to the hash value obtained by calculation. 4. The method according to claim 1 , further comprising: extracting the root certificate replacement notification from the latest data block when the latest data block is received; obtaining an expiration time of the root certificate of the certificate authentication center from the root certificate replacement notification; and marking a locally stored root certificate of the certificate authentication center as the old root certificate, and setting an expiration time of the old root certificate according to the obtained expiration time. 5. The method according to claim 4 , further comprising: downloading the new root certificate generated by the certificate authentication center from the certificate authentication center; and verifying, when a blockchain data request transmitted by a service node in the service subnet is received, identity of the service node according to the new root certificate of the certificate authentication center. 6. The method according to claim 5 , further comprising: verifying, when the blockchain data request transmitted by the service node in the service subnet is received before the expiration time, the identity of the service node according to the old root certificate of the certificate authentication center or the downloaded new root certificate of the certificate authentication center. 7. The method according to claim 1 , wherein requesting the certificate authentication center to replace an old identity certificate comprises: sending a certificate replacement request to the certificate authentication center before an expiration time of the old root certificate of the certificate authentication center, the certificate replacement request carrying an old identity certificate of the routing node; performing, by using the certificate authentication center, identity verification on the routing node according to the old identity certificate of the routing node, obtaining certificate content of the old identity certificate of the routing node after the verification succeeds, and obtaining a new identity certificate corresponding to the routing node after signing the certificate content according to the new root certificate of the certificate authentication center; and receiving the new identity certificate corresponding to the routing node returned by the certificate authentication center. 8. The method according to claim 1 , wherein requesting, by the service node, the certificate authentication center to replace an old identity certificate comprises: obtaining, by the service node, an expiration time of the root certificate of the certificate authentication center from the root certificate replacement notification, and sending a certificate replacement request carrying an old identity certificate of the service node to the certificate authentication center before the expiration time; and performing, by the certificate authentication center under instruction of the certificate replacement request, identity verification on the service node according to the old identity certificate of the service node, obtaining certificate content of the old identity certificate of the service node after the verification succeeds, obtaining a new identity certificate corresponding to the service node after signing the certificate content according to the new root certificate
Assignees
Inventors
Classifications
- H04L9/3268Primary
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
using cryptographic hash functions · CPC title
using hash chains, e.g. blockchains or hash trees · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11849052B2 cover?
- A method for replacing an identity certificate in a blockchain network includes a service subnet, a consensus subnet, and a routing layer used for isolating the service subnet from the consensus subnet. The method includes: receiving a root certificate replacement notification transmitted by a certificate authentication center; obtaining a public key corresponding to the certificate authenticat…
- Who is the assignee on this patent?
- Tencent Tech Shenzhen Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3268. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 19 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).