| CPC H04L 9/30 (2013.01) [H04L 9/3236 (2013.01); H04L 9/3263 (2013.01)] | 17 Claims |
|
1. A computer-implemented method of managing public key infrastructure using a blockchain network, comprising:
at a certification authority, generating a digital certificate for a first entity, the first entity having a first public key, by:
creating a certification transaction, wherein the certification transaction includes a digital signature from a certificate authority, a first output to an address based on a second public key, and a second output having an information field that contains the first public key;
determining a certification transaction identifier from a hash of the certification transaction; and
propagating the certification transaction on the blockchain network,
wherein the digital certificate includes the first public key and the certification transaction identifier; and
at a computing device, verifying the digital certificate by:
obtaining a copy of the certification transaction from a blockchain based on the certification transaction identifier in the digital certificate;
determining that the first output is an unspent transaction output, wherein determining that the first output is an unspent transaction output includes verifying that the first output of the certification transaction is present in an unspent transaction output pool of the blockchain network and thus has not been used in any subsequent transaction;
determining that the first public key contained in the second output in the certification transaction matches a public key in the digital certificate; and
in response to the determination that the first output is an unspent transaction output and to the determination that the first public key matches the public key in the digital certificate, verifying the digital certificate as valid.
|