摘要
可信的数字身份是解决网络信息安全问题的一项关键技术,通过引入区块链技术分布式、不可篡改、透明可追溯等特性,提出一种基于联盟链的分布式数字证书管理系统,利用公开账本实现证书注册、发布、更新、认证、废除全生命周期管理。通过公开性和不可篡改性,将联盟链证书和证书状态元组交易发布至链上,公钥作为唯一的证书身份标识,并利用RSA动态累加器实现证书公钥的快速认证,Kademila分布式哈希表实现证书公钥的快速搜索。在分布式系统中实现数字证书“互联互通”“一证通用”,极大地提高了证书管理的透明性、防伪造性和权威性。
Trusted digital identity is a key technology to safeguard network information security.By introducing such features of blockchain technology as distributed,tamper-resistant,transparent and traceable,this paper proposes a distributed digital certificate management system based on consortium blockchain,which realizes the full life cycle management of certificate registration,issuance,updating,authentication and revocation by using public account books.Being public and tamper-resistant,this system can ensure the authority and creditability of the certificate by releasing alliance chain certificate and certificate status tuple transactions onto chains and using the public key as the unique certificate identification.Besides,the system can realize rapid authentication of certificate public keys by RSA dynamic accumulator,and rapid search of certificate public keys by using Kademila distributed hash table.In the distributed system,the"interconnectivity"and"one for all"functions of digital certificates is realized,which greatly improves the transparency,anti-counterfeiting and authority of certificate management.
作者
唐敏璐
孟茹
TANG Minlu;MENG Ru(Information System Management and Consulting Department,Shanghai Computer Software Technology Development Center,Shanghai 201112,China;KOAL Software Co.,Ltd.,Shanghai 201112,China)
出处
《信息安全与通信保密》
2022年第9期91-100,共10页
Information Security and Communications Privacy
关键词
可信数字身份
分布式数字证书
区块链技术
联盟链技术
trusted digital identity
distributed digital certificate
blockchain technology
consortium blockchain technology
