CN107895111A - Internet of things equipment supply chain trust systems management method, computer program, computer - Google Patents
Internet of things equipment supply chain trust systems management method, computer program, computer Download PDFInfo
- Publication number
- CN107895111A CN107895111A CN201710941351.6A CN201710941351A CN107895111A CN 107895111 A CN107895111 A CN 107895111A CN 201710941351 A CN201710941351 A CN 201710941351A CN 107895111 A CN107895111 A CN 107895111A
- Authority
- CN
- China
- Prior art keywords
- internet
- things equipment
- block chain
- things
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention belongs to Internet of Things, block chain, cyberspace security technology area, disclose a kind of internet of things equipment supply chain trust systems management method, computer program, computer, the internet of things equipment production phase, internet of things equipment manufacturer is interacted with internet of things equipment, and necessary information is write into internet of things equipment;Internet of things equipment transactional stage, complete the migration of trusting relationship between internet of things equipment and the different owners;Internet of things equipment is deployed in business network by internet of things equipment deployment phase, the internet of things equipment owner.Secure communication of the present invention between internet of things equipment and internet of things equipment provides support;When memory space shared by block chain is larger, server carries out capacity relaxation to the block chain in internet of things equipment network.The present invention realizes the authentication between keeper and multiple internet of things equipment, and realizes that internet of things equipment is trusted each other;Support multiple Admin Administration's difference internet of things equipment;The calculating of internet of things equipment and storage overhead are relatively low.
Description
Technical field
The invention belongs to Internet of Things, block chain, cyberspace security technology area, more particularly to a kind of internet of things equipment to supply
Answer chain trust systems management method, computer program, computer.
Background technology
Currently, global new round scientific and technological revolution and industry transformation continue deeply, and international industry general layout accelerates remodeling, innovates into
To lead the first power of development.This wheel change in, information technology be global development input most concentrate, innovate it is most active,
Field most widely used, radiation induced effect is maximum, it is the competition highland of global technology innovation, leads a new round to change
Leading force.Block chain technology be a kind of concentrated-distributed data storage being widely recognized as, point-to-point transmission, common recognition mechanism, plus
The technological frame that the technologies such as close algorithm are integrated, turned into recent years the international organization such as the United Nations, International Monetary Fund with
And the focus that many national government researchs discuss, industrial circle also invest more one after another.Industry item based on block chain technology
Mesh emerges in an endless stream, and successively generates bit coin (BitCoin), Lay spy coin (Litecoin), point point coin (Peercoin), ether mill
(Ethereum) many items in commerce such as.On the basis of bit coin PoW (Proof of Work) common recognition mechanism, industry is made again
Determine many new common recognition mechanism, such as PoS (Proof of Stake), DPos (Delegated Proof of Stake),
PBFT (Practical Byzantine Fault Tolerance), Ripple etc., common recognition mechanism has further promoted block chain
The development of industry.Before and after 2014, industry starts to recognize the important value of block chain technology, and use it for digital cash it
Outer field, such as distributed identity authentication, distributed domain name system, distributed knowledge property right protection.The framework of block chain 2.0
Core concept is using block chain as a programmable distributed basis of credit facility, with past bit coin block chain as one
Individual ideal money support platform is distinguished.The framework of block chain 2.0 attempts to create the technology platform that can be shared and carried to developer
Serviced for BaaS (Blockchain as a Service), be greatly enhanced transactions velocity, reduce resource consumption, and support
A variety of common recognition algorithms such as PoW, PoS and DPoS, make the exploitation of Distributed Application (DAPP) become to be more prone to.Currently, block chain
Application extended to the multiple fields such as Internet of Things, intelligence manufacture, supply chain management, digital asset transaction, will be cloud computing, big
The development of the generation information technologies such as data, mobile Internet brings new opportunity, has the ability to trigger the technological innovation of a new round
And industry transformation.Environment of internet of things has the features such as internet of things equipment quantity size is huge, and internet of things equipment is resource-constrained.Together
When, in the life cycle of internet of things equipment, it is necessary to internet of things equipment manufacturer, dealer, buying side, user and other
Internet of things equipment carries out information exchange.During interacting, communicating pair is firmly believed that interactive other side is can
With the entity being trusted, the problem of being the foundation and migration for being related to trusting relationship.Single internet of things equipment and other realities
Trusting relationship between body is not changeless, with the conversion of internet of things equipment ownership in internet of things equipment supply chain,
The migration that the trusting relationship of internet of things equipment and other inter-entity will also respond.Therefore, how efficiently to be set in Internet of Things
The foundation and migration of trusting relationship are realized in standby supply chain, credibility and security of the internet of things equipment in supply chain will be influenceed
And the running efficiency of internet of things equipment supply chain.Traditional Trust Establishment mode has two kinds, and one kind is to be based on symmetric cryptography body
System, distribute the mode of session key;Another kind is to be based on asymmetric cryptosystem, establishes PKI mode.First way is not
Suitable for the scene of extensive internet of things equipment supply chain management, because due to internet of things equipment substantial amounts, session key
Management will be very difficult, in fact, due to the increase with internet of things equipment, it is necessary to which index will be presented in the number of keys of management
Level increases, and this can cause the network bandwidth in system largely to be taken, and storage and the processing expense of server significantly increase.And will
After internet of things equipment launches use, their active links between central server would become hard to ensure, it means that once
The link between internet of things equipment subnet and central server is cut off, secure communication is also will be unable between internet of things equipment;Second
Kind mode is not suitable for the scene of extensive internet of things equipment supply chain management yet, because low-power consumption and the light weight of internet of things equipment
Level calculates the computing cost that the more difficult satisfaction of demand frequently carries out encryption and decryption using public-key cryptosystem, if each Internet of Things is set
It is standby be server or other internet of things equipment communicated before will go to access a credible CA to obtain to other entities
Trusting relationship, its electricity will be consumed with traffic load by this process, and in fact this consumption is possible to what is avoided;And
Using this mechanism, when temporary interruption occurs in the communication between internet of things equipment and ca authentication center, internet of things equipment
It will be unable to continue to complete the foundation of trusting relationship between server, between internet of things equipment and internet of things equipment;In addition, when letter
When the relation of appointing shifts, based on public-key cryptosystem, the mode for establishing PKI is difficult to carry out the regulation and adaptation of lightweight, thing
In reality, if buying side and seller be not in same PKI systems, then they must have a side to specifically communicate and
The PKI systems that add where the opposing party or a new PKI system for including both sides is established, and the cost so done, nothing
By being financial cost, or management cost is all high.
In summary, the problem of prior art is present be:Current internet of things equipment supply chain Trust Establishment mode is present
The management of session key will be very difficult;Active link between central server would become hard to ensure;Internet of things equipment
Low-power consumption calculates demand with lightweight can not meet frequently using the computing cost of public-key cryptosystem progress encryption and decryption, and when letter
When the relation of appointing shifts, based on public-key cryptosystem, the mode for establishing PKI is difficult to carry out the regulation and adaptation of lightweight.This
Invention solves the problems, such as extensive internet of things equipment session key management;Because equipment can be in local search block chain, this
Sample had both made to be that link between server is cut off after equipment launches use, can also pass through between equipment and read storage
Block chain in local realizes the foundation trusted.
The content of the invention
The problem of existing for prior art, the invention provides a kind of internet of things equipment supply chain trust systems manager
Method, computer program, computer.
The present invention is achieved in that a kind of internet of things equipment supply chain trust systems management method, the Internet of Things is set
Standby supply chain trust systems management method includes:
Step 1, the trusting relationship between different entities is managed as technology carrier using block chain;
Step 2, when the ownership of internet of things equipment changes, internet of things equipment is realized by agreement (Fig. 4) interaction
Trust transfer between different entities;
Step 3, internet of things equipment owning side are interacted with communication protocol (Fig. 5) with internet of things equipment;
Step 4, the block chain being stored in by each inquiring about in local storage space between different internet of things equipment are established
Trust, and the trusting relationship by being established in this step (confirms the other side of communication also on block chain, and it is public to obtain other side
Key) shared session key communicated;
Step 5, internet of things equipment owner pass through the business network that is formed to the internet of things equipment by deployed operation
In send/launch new internet of things equipment, and the server possessed by internet of things equipment owner and be sent/launch
Internet of things equipment carries out agreement (Fig. 7) interaction and the internet of things equipment that is sent/launches reach in business network after and industry
Original other internet of things equipment interact two stages to realize that the internet of things equipment for being sent/launching reaches in business network
The capacity pine of internet of things equipment memory space all in business network after its function is realized in business network and by deployment operation
Relax.
Further, specifically included in the step 1 using block chain as technology carrier:Central server produces block
Caused block chain is write internet of things equipment by chain, central server, and each is disposed in the internet of things equipment to put into operation
There is the copy of a block chain in portion;Each internet of things equipment corresponds to a block in block chain.
Further, the ownership that transformation refers specifically to internet of things equipment occurs for the ownership of internet of things equipment in the step 2
By belonging to an entity through consultation, negotiation, trading activity is transferred to another entity.
Further, the different entities described in the step 2 include internet of things equipment manufacturer or production internet of things equipment
Responsible party, internet of things equipment buying side and internet of things equipment.
Further, the trust transfer described in the step 2 refers to by consulting, the Internet of Things that negotiation or trading activity trigger
Conversion of the net equipment ownership between different entities.
Further, the specific protocol interaction in the step 2 specifically includes:
Step 1, server send trusting relationship migration instruction to internet of things equipment;
Step 2, internet of things equipment reply server, and whether inquiry server confirms to carry out trusting relationship migration;
Step 3, server reply internet of things equipment, inform that internet of things equipment confirms to carry out trusting relationship migration, and inform
The identity of the next owner of internet of things equipment.
Further, being interacted with specific communication protocol and internet of things equipment in the step 3 specifically includes three kinds
Different situations:
(1) internet of things equipment is not launched in service network, is write block chain by wired or wireless communication by server
The storage of internet of things equipment;
(2) occupy major amount of internet of things equipment and use has been put into, single internet of things equipment need to be increased;Server with
The internet of things equipment newly added interacts, and the internet of things equipment newly added put into operation after with other internet of things equipment carry out
Communication;Other internet of things equipment receive more new block chain after the necessary information of interaction, supplement newest block;Server with
The interaction that the internet of things equipment newly added is carried out includes:
1) server informs that the internet of things equipment newly added will write block chain in its memory space;
2) internet of things equipment is confirmed whether to need to write block chain to server;
3) server confirms write-in block chain, and writes block chain to internet of things equipment memory space;Server continues to write
Enter the memory space for needing the token of other internet of things equipment supplement new blocks to the internet of things equipment newly added;
(3) occupy major amount of internet of things equipment and use has been put into, single internet of things equipment need to be increased, specific bag
Include:
If the effector of server thinks, there is k insincere internet of things equipment, to obtain this k internet of things equipment
Or new block is produced, in the new block to this k internet of things equipment generation, trusted identifier symbol is set to insincere;It is new by k
Block is connected to behind former block chain;Internet of things equipment newly to add is obtained or generated by new block, and block is connected to block
Behind chain, the interaction that server is carried out with the internet of things equipment newly added includes:
1) server informs that the internet of things equipment newly added will write block chain in its memory space;
2) internet of things equipment is confirmed whether to need to write block chain to server;
3) server confirms write-in block chain, and writes block chain to internet of things equipment memory space.Server continues to write
Enter the memory space for needing the token of other internet of things equipment supplement new blocks to the internet of things equipment newly added.
Further, the maintenance and management of the trusting relationship in the step 3 specifically includes:Internet of things equipment owner's energy
Enough know whether internet of things equipment returns oneself all by block chain, if credible;And entered by the specific fields on block chain
Interaction go to realize the secure communication between internet of things equipment.
Further, communication link is established in the step 4 to specifically include:
Step 1, internet of things equipment A send shared session key to internet of things equipment B, and internet of things equipment B public key adds
It is close, while the message signed by internet of things equipment A is sent to ensure authenticity;
Step 2, internet of things equipment B reply the message with shared session key to internet of things equipment A, and message is
It is made up of random number and identity, carries out response;
Step 3, it is random that internet of things equipment A replys two sent with shared session key to internet of things equipment B
Several XOR results, carries out response;
Step 4, the session key between internet of things equipment A and internet of things equipment B have been shared, and secure connection has been built
It is vertical, transmit data with session key.
Further, server is held in the step 5 to carry out communication with the internet of things equipment newly added and specifically include:
Step 1, server inform that the internet of things equipment newly added will write block chain in its memory space;
Step 2, internet of things equipment are confirmed whether to need to write block chain to server;
Step 3, server confirms write-in block chain, and writes block chain to internet of things equipment memory space;
Step 4, internet of things equipment are replied and have received block chain;
Step 5, server send the instruction for needing other internet of things equipment to carry out capacity relaxation and appearance to internet of things equipment
Memory space of the amount relaxation token to the internet of things equipment newly added;
The internet of things equipment newly added carries out communication with other internet of things equipment and specifically included:
Step 1, internet of things equipment A send shared session key to internet of things equipment B, and internet of things equipment B public key adds
It is close, while the message signed by internet of things equipment A is sent to ensure authenticity;
Step 2, internet of things equipment B reply the message with shared session key to internet of things equipment A, and message is
It is made up of random number and identity, carries out response;
Step 3, the capacity that internet of things equipment A is sent to internet of things equipment A to internet of things equipment B transmission servers relax
Instruction and capacity relaxation token, internet of things equipment B carries out capacity loose operations;
Step 4, internet of things equipment B are replied to internet of things equipment A, have been received that capacity relaxation instruction with
Token;
Step 5, internet of things equipment A transmit new block chain to internet of things equipment B;
Step 6, internet of things equipment B are replied to internet of things equipment A and be have received new block chain.
Another object of the present invention is to provide a kind of thing of the internet of things equipment supply chain trust systems management method
Networked devices supply chain trust systems management system, it is characterised in that the internet of things equipment supply chain trust systems management system
System includes internet of things equipment manufacturer's trust management server, the side's of buying trust management server, internet of things equipment;
Equipment manufacturers' trust management server, the management of the trust for realizing the equipment to equipment manufacturers' production,
Including carrying out necessary information exchange with internet of things equipment, primary data is stored in, completes the work such as trust transfer.
The side's of buying trust management server, for realizing the generation to block chain, safeguard and renewal and equipment manager
The generation and maintenance of administrative relationships between equipment, and capacity relaxation is carried out to internet of things equipment in good time.
Internet of things equipment, for the carrying of service logic, mutual trust is established by block chain, designed by this patent
Interaction protocol realize communication with server and miscellaneous equipment.
The internet of things equipment manufacturer's trust management server includes:
Initialization module, necessary information is write into thing for the necessary stage when producing internet of things equipment or after production
Networked devices;
Trust transfer module, for completing trust transfer;
Communication module, communication internet of things equipment is carried out with other entities such as internet of things equipment, buying side;
Buying side's trust management server includes:
Block chain management module, for being managed to the block chain of internet of things equipment, including generation, safeguard and update;
Personnel management module, for manage internet of things equipment Administrator Info be managed, including assign, inquiry with
Renewal;
Trust management module, the belief system for the service network to being made up of internet of things equipment are managed as a whole, bag
Inquiry block chain is included with the credibility of clear and definite internet of things equipment, inquiry block chain is with clear and definite internet of things equipment and the trust of keeper
Relation, inquiry occurrences in human life management module is with clear and definite keeper and the trusting relationship of system.
The internet of things equipment includes:
Functional module, for being that an internet of things equipment is worth to meet module that practical application request should possess
Direct embodiment;
Block chain management module, for being responsible for safeguarding the module with more new block chain;
Communication module, for the module to be communicated with server or other internet of things equipment.
Another object of the present invention is to provide a kind of computer program performed by computer, the computer program makes
Obtain the Overall Steps that computer performs any means.
Another object of the present invention is to provide a kind of execution internet of things equipment supply chain trust systems management method
Computer.
The present invention realizes the authentication between keeper and multiple internet of things equipment, then realizes between internet of things equipment
Trust each other, and use authentication proposed by the present invention and Trust Establishment mode can effectively solve for each pair keeper with
The number of keys brought of mode that session key is distributed between internet of things equipment is in keeper and the increase of internet of things equipment quantity
The problem of exponential growth, if internet of things equipment and trusted third party in the case of also significantly reducing by the way of the PKI
Communication between server, or even can tolerate between internet of things equipment with leading in the case of trusted third party server lost contact
Cross inquiry block chain and independently establish trusting relationship, this is that traditional scheme can not accomplish;In addition, the present invention realizes support
Multiple Admin Administration's difference internet of things equipment, each a part of internet of things equipment of Admin Administration, substantially increase enterprise and exist
The flexibility that personnel divide the work in arrangement, improves traditional simple mode by all internet of things equipment of Admin Administration.
Under traditional mode, if meeting the different internet of things equipment of each Self management of multiple keepers, it will appear in internet of things equipment
Substantial amounts, in the case that keeper personnel are numerous between internet of things equipment, even keeper trusts pass each other
System is difficult to set up, and links up situation about can not carry out in time.Using Trust Establishment mode proposed by the present invention, although internet of things equipment
Adhere to different Admin Administrations separately, may also be known each other not to the utmost between keeper, but keeper can lead to internet of things equipment
Cross inquiry block chain and determine the trust attribute of any one keeper or internet of things equipment in system, and may then determine whether can
To be interacted with the member;In addition, the present invention is realized when the ownership of internet of things equipment changes, can be according to thing
The transforming relationship of networked devices ownership realizes the migration of internet of things equipment trusting relationship, and this is that traditional technical scheme is not examined
Consider or less consideration;It is smaller (embodiment, embodiment 6) The invention also achieves the storage overhead of internet of things equipment;
It is and less (most between internet of things equipment using the present invention with the communication interaction of server after internet of things equipment deployment operation
Interaction be with embodiment, what the mode described in embodiment 4 was completed.), most of trust management work is locally logical
Inquiry block chain is crossed to complete.
Brief description of the drawings
Fig. 1 is internet of things equipment supply chain trust systems management method flow chart provided in an embodiment of the present invention.
Fig. 2 is the implementation process figure of internet of things equipment supply chain trust systems management method provided in an embodiment of the present invention.
Fig. 3 is the structural representation of each block on block chain in embodiment 1 provided in an embodiment of the present invention.
Fig. 4 is the interaction schematic diagram that trusting relationship migrates in embodiment 2 provided in an embodiment of the present invention.
Fig. 5 is the communication process schematic diagram that block chain updates in embodiment 3 (2) provided in an embodiment of the present invention.
Fig. 6 is that trusting relationship is established between internet of things equipment in embodiment 4 provided in an embodiment of the present invention, shares session key
Interaction schematic diagram.
Fig. 7 is the communication process schematic diagram that capacity relaxes in embodiment 5 provided in an embodiment of the present invention.
Fig. 8 is the module composition signal of internet of things equipment manufacturer's trust management server provided in an embodiment of the present invention
Figure.
Fig. 9 is the module composition schematic diagram of trust management server in buying side's provided in an embodiment of the present invention.
Figure 10 is internet of things equipment in internet of things equipment supply chain trust systems management system provided in an embodiment of the present invention
Module composition schematic diagram.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to
Limit the present invention.
The application principle of the present invention is explained in detail below in conjunction with the accompanying drawings.
As shown in figure 1, internet of things equipment supply chain trust systems management method provided in an embodiment of the present invention is including following
Step:
S101:Manufacturer, which manufactures internet of things equipment, will realize that Trust Establishment data write internet of things equipment;
S102:When transaction occurs, the ownership of internet of things equipment needs to be transitioned into buying side, internet of things equipment by manufacturer
The entity trusted needs to be changed into buying side by manufacturer;
S103:The internet of things equipment of purchase is deployed in business network by buying side.
The application principle of the present invention is further described below in conjunction with the accompanying drawings.
As shown in Fig. 2 internet of things equipment supply chain trust systems manager provided in an embodiment of the present invention includes following step
Suddenly:
Step 1, internet of things equipment production, manufacturer manufacture internet of things equipment, and will realize number necessary to Trust Establishment
According to write-in internet of things equipment;It is manufacturer and internet of things equipment to participate in entity;
Step 2, transaction/trust transfer, when transaction occurs, the ownership of internet of things equipment is needed by manufacturer's transition
To buying side, this also means that the entity that internet of things equipment is trusted needs to be changed into buying side by manufacturer;Entity is production
Business, buying side and internet of things equipment;
Step 3, internet of things equipment deployment, the internet of things equipment of purchase is deployed to the mistake gone in business network by buying side
Journey;It is buying side and internet of things equipment to participate in entity, and after internet of things equipment deployment, internet of things equipment enters the rank for producing value
Section, is user service.
The application principle of the present invention is further described with reference to specific embodiment.
Embodiment 1, data storage method and data structure.Particular content is as follows:
(1) master-plan
In the ROM of internet of things equipment, storage:Internet of things equipment ID, internet of things equipment itself KR, security code.
In the SSD of internet of things equipment, storage:The top public key of the internet of things equipment owner, security code are other.
In the RAM of internet of things equipment, storage:The top public key of the owner, block chain.
The structure of each block is as shown in Figure 3 in block chain.
Each field in block is described as follows:
Internet of things equipment ID:The unique identifier of internet of things equipment.
Keeper ID:Support more internet of things equipment of multiple Admin Administrations.
Keeper's public key:Public private key pair is distributed for each keeper, and keeper's public key is write in block.The field
Trust for being established between internet of things equipment and keeper.
Internet of things equipment public key:Public private key pair is distributed for each internet of things equipment, and internet of things equipment public key is write
In corresponding block.The field, which is used for establishing between internet of things equipment and internet of things equipment, trusts.
Prev Hash:The hash value of a upper block, characteristic can not be distorted for being provided for block chain.
It is whether credible:1Bit is only needed to represent.The position 1 represents that internet of things equipment is credible, sets to 0 expression internet of things equipment
It is insincere at present.
Security code:The field is optional, if enabled, fake certification service can be provided for internet of things equipment.
KRRepresent private key;Unique mark internet of things equipment owner manufacturer identity is capable of in the top public key expression of the owner,
And the public key in by the public private key pair of other manufacturers accreditation, typically by the PKI Establishings independently of the present invention, but can also root
According to actual conditions by other Establishings;The security code deposited in internet of things equipment SSD is optional, and and if only if, and manufacturer needs
This (security code) should be just considered as when fake certification service is provided necessary;False proof code field in block chain block is by taking
The security code being engaged in device reading SSD obtains;The other information deposited in internet of things equipment SSD by internet of things equipment actual functional capability
Determined with application deployment requirements.
(2) internet of things equipment manufacturer link
When the ownership of internet of things equipment belongs to internet of things equipment manufacturer, it is not necessary to block chain is configured, because
Internet of things equipment actual deployment need not be gone to business subnet for internet of things equipment manufacturer, simply produce internet of things equipment,
And internet of things equipment is sold to buying side.
Now, the data storage method in internet of things equipment is as follows:
In the ROM of internet of things equipment, storage:Internet of things equipment ID, internet of things equipment itself KR。
In the SSD of internet of things equipment, storage:The top public key of manufacturer, security code are other.
Due to being disappeared after the content power-off in RAM, and internet of things equipment manufacturer is not to use internet of things equipment function,
Internet of things equipment is deployed to the user gone in business network, so the content stored in RAM is to internet of things equipment manufacturer
For be unessential.
[the top public key of manufacturer] is read in into internal memory automatically after internet of things equipment start, now block chain is sky.
KRRepresent private key;The top public key of manufacturer represents to be capable of unique mark manufacturer's identity, and is recognized by other manufacturers
Can public private key pair in public key;The security code deposited in internet of things equipment SSD is optional, and and if only if, and manufacturer needs to carry
This (security code) should be just considered as when being serviced for fake certification necessary;The other information deposited in internet of things equipment SSD by
Manufacturer internet of things equipment dispatch from the factory the stage actual demand determine.
(3) buying side's link
Buying side, which needs internet of things equipment being deployed in practical application, to be gone, it is necessary to dispose block in internet of things equipment
Chain.Data storage method now in internet of things equipment is as follows.
In the ROM of internet of things equipment, storage:Internet of things equipment ID, internet of things equipment itself KR。
In the SSD of internet of things equipment, storage:The top public key in buying side, security code are other.
In the RAM of internet of things equipment, storage:The top public key in buying side, block chain.
KRRepresent private key;The top public key in buying side represents to be capable of manufacturer of unique mark buying side identity, by other manufacturers
Public key in the public private key pair of accreditation;The security code deposited in internet of things equipment SSD is optional, and and if only if, and manufacturer needs
This (security code) should be just considered as when fake certification service is provided necessary;The other information deposited in internet of things equipment SSD
Determined by buying root according to the practical business demand of oneself.
Embodiment 2, trusting relationship migration.Particular content is as follows:
Trust transfer occurs when internet of things equipment ownership changes, and is primarily referred to as manufacturer and goes out internet of things equipment
Buying side is sold to.The interaction of trusting relationship migration is as shown in Figure 4.
The specific interaction content of agreement shown in Fig. 4 is as follows:
①:{ internet of things equipment ID, NA, transfer identifier, { △1}sig}。
②:{ internet of things equipment ID, NB, transfer identifier }KP- manufacturers。
③:{NA NB, KP- buying sides, { △2}sig}KP- internet of things equipment。
Wherein, NA, NBIt is random number;" KP- buying sides " represents the public key of buying side;△1Represent that (Internet of Things is set Hash
Standby ID, NA, transfer identifier), i.e., to { internet of things equipment ID, NA, transfer identifier } and carry out Hash processing;△2Expression Hash (KP- buying sides), i.e., toKP- buying sides } carry out Hash processing;{△}SigRepresent with manufacturer
Private key is signed to △;{α}KP- manufacturersα is encrypted with the public key of manufacturer for expression;Transfer identifier is one special
Field, for indicating the function to be realized of this interaction (trust transfer), meanwhile, this field also supports the extension of function, thing
Networked devices manufacturer can combine own service demand and carry out secure interactive with internet of things equipment in the form of the agreement, only need
Will in message 1., message 2. in transfer identifier field is substituted for the other fields for meeting particular traffic requirements, and to message
3. middle KP- buyings square cards for learning characters section makes the specific modification for meeting own service demand.Using the framework of agreement shown in Fig. 4, thing
Networked devices manufacturer can be carried out between internet of things equipment it is diversified interact, control internet of things equipment realize its function.
In agreement, message is sent from internet of things equipment manufacturer to internet of things equipment first, informs that internet of things equipment is carried out
Trusting relationship migrates, and specifically includes:The identifier internet of things equipment ID of internet of things equipment, random number NA, transfer identifier, and
Field after being signed to the cryptographic Hash of these three fields.
Then internet of things equipment is replied internet of things equipment manufacturer, inquires whether it confirms trusting relationship to be carried out
Migration, the content of this message specifically include internet of things equipment ID, random number NB, transfer identifier.This message is not in plain text
Transmission, but be transmitted after being encrypted with the public key of manufacturer.
2. manufacturer receives message that internet of things equipment is sent after, the message that is received with the private key decryption of oneself confirms thing
Networked devices are in presence.Then internet of things equipment manufacturer calculates(XOR) is used as and replies to Internet of Things
The first character section of net equipment, using the public key KP- buying sides of buying side as second field to be replied, then with oneself
Private key calculates the digital signature of the cryptographic Hash of the first two field as the 3rd field, finally with the public key of internet of things equipment by this
Three fields are sent after being encrypted.
Manufacturer can have multiple pathways to obtain buying side's public key, if manufacturer is in a PKI system together with buying side
In system, then can be with by CA acquisition buying side's public keys;Buying side can also be communicated with manufacturer, inform manufacturer certainly
Oneself public key.Agreement can provide safe verification process, complete the migration of trusting relationship.Attacker can not pretend to be manufacturer to take advantage of
Deceive internet of things equipment, can not also pretend to be internet of things equipment to cheat manufacturer, also can not to message 3. in buying side public key carry out
Replace, trusting relationship is transferred to other entities beyond buying side.It is specific as follows:
If attacker attempts to pretend to be manufacturer server to be communicated with internet of things equipment, control internet of things equipment is completed
The migration of trusting relationship, then it will be unable to decrypt message, and 2. middle internet of things equipment replies to the packet of manufacturer;If attack
The person of hitting attempts to pretend to be internet of things equipment to cheat manufacturer server, and it will be unable to decryption message ③Zhong manufacturers and is sent to Internet of Things
The packet of equipment;If attacker attempt to message 3. in buying side's public key be replaced, it will be unable to forge outbound message
In 3.
The function that agreement is completed is to have updated the top public key of the owner stored in internet of things equipment SSD.So far, next time opens
When dynamic, the side's of buying public key can be read in internal memory by internet of things equipment, and the owner that it is identified just is changed into buying side from manufacturer
.
Embodiment 3, need internet of things equipment being deployed in service network after buying side's buying to internet of things equipment.Portion
Administration's internet of things equipment means to first have to block chain writing internet of things equipment internal memory, because this is the carrier trusted.Now again
It has been divided into two kinds of situations, it is different corresponding to solving the problems, such as.
(1) the applicable situation of embodiment is that now high-volume internet of things equipment is not yet launched still in base.Will be this
In the case of block chain write into internet of things equipment internal memory, block chain can be generated by server block chain management module, and by taking
Business device communication module is responsible for block chain writing internet of things equipment internal memory.
Each field in block chain block is understood with reference to Fig. 3.
Internet of things equipment ID:Directly read from internet of things equipment ROM;
Keeper ID:Buying can be that internet of things equipment specifies keeper according to the staffing situation of oneself;
Keeper's public key:Buying side is that each keeper distributes public private key pair, and public key is write in block, with checking
Keeper's identity;
Internet of things equipment public key:Public private key pair is distributed for every internet of things equipment, and public key is write in block;
Prev Hash:The field is inserted after block corresponding to a upper internet of things equipment is carried out into Hash processing;
It is whether credible:When initial, all internet of things equipment are all credible, by the position 1;
Security code:The field is optional, can provide Antiforge inquiry service when enabling for internet of things equipment.
(2) the applicable situation of embodiment is that use has been put into high-volume internet of things equipment, need to increase single Internet of Things and set
It is standby.Block chain is write into new internet of things equipment internal memory in this case, and ensure Internet of Things after new internet of things equipment dispensing
In all internet of things equipment among block chain keep synchronous, it is necessary to be stored in current newest block in new internet of things equipment
Chain, and carry the token of central server hair (by the customizing messages of central server private key signature).The internet of things equipment is thrown
After putting use, it is communicated with other internet of things equipment in Internet of Things.Other internet of things equipment receive information and confirmed
The block chain in oneself internal memory is updated after its authenticity.
Fig. 5 gives the communication process that block chain updates under (2).
Now need to be divided into two kinds of situations again and take in.
1) all internet of things equipment for continuing to assume to have been put into operation at present are still credible.In this case, it is new to add
The block chain that the node that enters carries only than other nodes block chain more than a block, and except that block, other parts
It is just as.
The internet of things equipment of this stylish addition is communicated (formula that floods broadcast) with other internet of things equipment, other Internet of Things
Equipment receives more new block chain after information, supplements newest block.
Now the process of interaction 1 can be in Fig. 5:
1. server → internet of things equipment 1:
{ internet of things equipment ID, NA, block chain write-in identifier, { △1}sig}
2. server ← internet of things equipment 1:
{ internet of things equipment ID, NB, block chain write-in identifier }KP- servers
3. server → internet of things equipment 1:
{New block chain, increase block number, { △2}sig, { △3}sig}KP- internet of things equipment 1
The content of message 2 can be:
{ new block, increase block-identified symbol, increase block number, { △3}sig}
In (1), " increase block number " in message 2 is 1.
The N in the above-mentioned description to interacting 1A, NBFor random number;" KP- servers " represents the public key of server;△1Represent
Hash (internet of things equipment ID, NA, block chain write-in identifier), i.e., to { internet of things equipment ID, NA, block chain write-in identifier }
Carry out Hash processing;△2Expression Hash (New block chain), i.e., toNew block chain } carry out at Hash
Reason;△3Hash (new block, increasing block-identified symbol, increase block number) is represented, i.e., to { new block, increase are block-identified
Symbol, increase block number } carry out Hash processing;{△}SigExpression is signed with the private key of server to △;{α}KP- serversTable
Show and α is encrypted with the public key of server;Block chain write-in identifier in interaction 1 is a special field, is used to refer to
The bright function to be realized of this interaction (write-in block chain);The block-identified symbol of increase in message 2 is used for indicating that this message will
The function (increasing new block on the basis of original block chain) of realization.
" new block " in message 2 is that internet of things equipment 1 is last in " the new block chain " preserved after completing interaction 1
One block.Internet of things equipment 1 takes out " new block " and from friendship after interaction 1 is completed from the block chain for being stored in itself
Mutual 1 message 3. in extract " increase block number ", { △3}sig, construct message 2 and broadcasted.
Message 2 is to ensure the communication of internet of things equipment in this way using the broadcast mode do not encrypted
With the less demand of computing cost.But low communication load means that confidentiality is not strong enough with computing cost, attacker can look into
See the value of each field in the full content in message 2, including " new block ".Generally, it is this to attack not structure
Into threat because as shown in Figure 3 in block the value of each field by system outside entity know can not be to the security of system
Cause directly to influence.But if enterprise prepare by message 2 be encrypted and completely can with because message 2 is thing
Communication between networked devices, enterprise only need with reference to embodiment 4 (trusting between internet of things equipment) will as shown in Figure 4 in it is each
Bar message 2 replaces with the interaction in embodiment 4.The block chain renewal that this modification allows between internet of things equipment operates
Also confidentiality is provided with, but the lightweight communication of internet of things equipment and the demand of computing cost can be had influence on to a certain extent.
2) continue to assume insincere node be present, it is necessary to enter to insincere node among running internet of things equipment at present
Row processing.Specifically include:
If control centre thinks there is k insincere nodes, i.e., to generate new block to this k node, " be by it
No trusted bit " is set to 0, and then this k new block is connected to behind former block chain.Internet of things equipment generation newly to launch again
New block, the block is connected to behind block chain.Communicated after internet of things equipment deployment with other nodes, make other nodes
Supplement block.
Block total number in block chain caused by this is stylish is [former block counts]+k+1.
Now the process of interaction 1 can be in Fig. 5:
1. server → internet of things equipment 1:
{ internet of things equipment ID, NA, block chain write-in identifier, { △1}sig}
2. server ← internet of things equipment 1:
{ internet of things equipment ID, NB, block chain write-in identifier }KP- servers
3. server → internet of things equipment 1:
{New block chain, increase block number, { △2}sig, { △3}sig}KP- internet of things equipment 1
The content of message 2 can be:
{ new block, increase block-identified symbol, increase block number, { △3}sig}
" increase block number " in message 2 is k+1.Wherein k observes to launch new internet of things equipment moment server
Insincere node (internet of things equipment) number.
" new block " in message 2 is that internet of things equipment 1 is last in " the new block chain " preserved after completing interaction 1
K+1 block.Internet of things equipment 1 takes out " new block " and from interaction after interaction 1 is completed from the block chain for being stored in itself
1 message 3. in extract " increase block number ", { △3}sig, construct message 2 and broadcasted.
Embodiment 4, the Trust Establishment between internet of things equipment, is specifically included:
The foundation of trusting relationship only needs the block checked successively in block chain from back to front between internet of things equipment,
If block exists on block chain corresponding to the internet of things equipment, and whether its " trusted bit " is 1, then it is considered that the thing
Networked devices are to exist and believable.As shown in Figure 6, it is assumed that internet of things equipment A needs to carry out safe lead to internet of things equipment B
Believe, now internet of things equipment A only needs to read internet of things equipment B public key from block chain, passes through specific interaction protocol and B
Establish communication link.Interaction in Fig. 6 specifically can be described as follows.
1. internet of things equipment A → internet of things equipment B:
{A,B,{Key}KP_B,NA,{△}Sig_A}
2. internet of things equipment A ← internet of things equipment B:
{B,A,NA,NB}Key
3. internet of things equipment A → internet of things equipment B:
4. internet of things equipment A ← → internet of things equipment B:
{Data}Key
Wherein, NA, NBIt is random number;△ represents Hash (A, B, { Key }KP_B,NA), i.e., to { A, B, { Key }KP_B,NA}
Carry out Hash processing;{α}KP_Bα is encrypted with B public key for expression;{α}Sig_AExpression is signed with A private key to α;
Key securely communicates session key used between internet of things equipment A and internet of things equipment B;Data represents that Internet of Things is set
The standby data interacted between A and internet of things equipment B;{Data}KeyData are encrypted with session key Key for expression.
Between internet of things equipment during Trust Establishment, A inquiry block chains, B public key is got, and generate a meeting
Talk about key Key.Session key Key is encrypted with B public key by A, and in structural map 6 1. message is sent to B;B receives rear complete
Into challenge responses process, and in structural map 6 2. message is sent to internet of things equipment A;2. internet of things equipment A receives message after
Confirm that both sides have shared session key Key, now, it completes the challenge responses that internet of things equipment B is initiated, and construction message is 3. concurrent
Send, it is possible to interaction 4. in B carry out safety data interaction.
In introduction to Fig. 6 agreement, message 1. in A, B is used for the identity of the side of being transmitted and recipient, with
Machine number NAFor resisting Replay Attack, signature value { △ }Sig_AFor making recipient verify the authenticity of message;Message 2. in B,
A is used for identifying the identity of sender and recipient, NAFor completing the challenge responses of internet of things equipment A initiations, NBFor ensuring to disappear
Breath 2. in the information that is encrypted be not message 1. in transmit with plaintext version, introducing NBEliminate known plain text attack can
Energy.In addition, NBAlso challenge responses have been initiated to internet of things equipment A.These information after session key by with being transferred to A;Disappear
The 3. middle internet of things equipment A completion messages challenge responses that 2. middle internet of things equipment B is initiated are ceased, calculate NAWith NBXOR and then plus
Close return.
Interaction random number in embodiment 4 ensures to resist Replay Attack, with digital signature and session key
To ensure the authenticity of information source, and ensure the confidentiality of sensitive information with session key and public key encryption.
Embodiment 5, capacity relaxation, is specifically included:
With new node be continuously added and original node may be changed into insincere from credible, then be changed into can from insincere
Letter, the length of block chain can constantly increase.Now an internet of things equipment may correspond to multiple blocks, and only one of which is
Effectively (last one).The waste of memory space is caused, capacity relaxation need to be carried out.
A new internet of things equipment is launched by capacity relaxation need of work control centre, and this internet of things equipment carries control
Capacity relaxation instruction and the new block chain that center processed is assigned, are deployed in business subnet.
Internet of things equipment is communicated in business subnet with other internet of things equipment, assigns capacity relaxation instruction.Receive
The internet of things equipment of instruction changes the block chain in oneself internal memory, and the instruction is delivered into other Internet of Things that it can relate to
Net equipment.
Using this recursive mode, all internet of things equipment in business subnet can complete the renewal of block chain,
Realize the relaxation of memory size.
The communication process of capacity relaxation can represent as shown in Figure 7.
The detailed description of interaction 1 can be in Fig. 7:
1. server → internet of things equipment 1:
{ internet of things equipment ID, NA, block chain write-in identifier, { △1}sig}
2. server ← internet of things equipment 1:
{ internet of things equipment ID, NB, block chain write-in identifier }KP- servers
3. server → internet of things equipment 1:
{New block chain, full 0 field, { △2}sig, full 0 field }KP- internet of things equipment 1
4. server ← internet of things equipment 1:
{ internet of things equipment ID, Nc}KP- servers
5. server → internet of things equipment 1:
{ internet of things equipment ID, Nc, capacity relaxation identifier, { △3}sig}KP- internet of things equipment 1
The N in the description to Fig. 7 interactions 1A, NB, NcIt is random number;" KP- servers " represents the public key of server;△1
Represent Hash (internet of things equipment ID, NA, block chain write-in identifier), i.e., to { internet of things equipment ID, NA, block chain write-in mark
Symbol } carry out Hash processing;△2Expression Hash (New block chain), i.e., toNew block chain } carry out Hash
Processing;△3Hash (capacity relaxation identifier) is represented, i.e., Hash processing is carried out to { capacity relaxation identifier };{△}SigRepresent
△ is signed with the private key of server;{α}KP- serversα is encrypted with the public key of server for expression;" block chain writes
Identifier " is a special field, for indicating the function to be realized of this interaction (write-in block chain);" capacity relaxation mark
Know symbol " it is used for indicating the function (capacity relaxation) of needing to complete in ensuing interaction (interaction 2) to internet of things equipment 1.
In the figure 7 interact 1 message 3. in have two " full 0 fields ", this be in order to interaction 1 form progress it is compatible and
Formulate.
Assuming that internet of things equipment 1 is communicated with internet of things equipment 2 first after interaction 1 is completed, then interaction 2 in Fig. 7
Being described in detail to be:
1. 1 → internet of things equipment of internet of things equipment 2:
{ID2,ID1,{Key}KP- internet of things equipment 2,Nonce1,{△1}Sig_1}
2. 1 ← internet of things equipment of internet of things equipment 2:
{ID1,ID2,Nonce1,Nonce2}Key
3. 1 → internet of things equipment of internet of things equipment 2:
{ capacity relaxation identifier, Nonce2, { △2}sig_Server}Key
4. 1 ← internet of things equipment of internet of things equipment 2:
{ Nonce2, Nonce3 }Key
5. 1 → internet of things equipment of internet of things equipment 2:
{ new block chain, Nonce3 }Key
6. 1 ← internet of things equipment of internet of things equipment 2:
{Nonce3}Key
To Nonce1 in the description of Fig. 7 interactions 2, Nonce2, Nonce3 are random number;ID1 is the body of internet of things equipment 1
Part mark, ID2 are the identity of internet of things equipment 2, and KP- internet of things equipment 2 is the public key of internet of things equipment 2;Key is Internet of Things
The session key for needing to establish is securely communicated between net equipment 1 and internet of things equipment 2;{Key}KP- internet of things equipment 2Represent to use
Key is encrypted the public key of internet of things equipment 2;△1Represent Hash (ID2, ID1, { Key }KP- internet of things equipment 2, Nonce1), i.e., pair
{ID2,ID1,{Key}KP- internet of things equipment 2, Nonce1 } and carry out Hash processing;{△}Sig_1Expression is with the private key of internet of things equipment 1 to △
It is digitally signed;{△}Key△ is encrypted with session key Key for expression;" new block chain " is represented in internet of things equipment 1
The block chain of middle storage, the block chain that internet of things equipment 1 obtains at server in Fig. 7 interaction 1;" capacity relaxes
Identifier " is used for indicating the function to be realized of this interaction (capacity relaxation).
Due in the interaction 2 shown in Fig. 7 " new block chain " than shared by original block chain for being stored in internet of things equipment 2
Internal memory is small, therefore after interaction 2 is completed, internet of things equipment 2 is the capacity loose operations for completing local block chain.Internet of Things
Equipment 1 is communicated with other internet of things equipment that they can communicate respectively again with internet of things equipment 2, interacts 2
Process, you can more internet of things equipment are completed with capacity relaxation.By the way of the interaction of this recurrence, the property in network
Networked devices can complete capacity relaxation.
Embodiment 6, storage overhead analysis, is specifically included:
Because the memory space of internet of things equipment is valuable, therefore need to analyze the storage overhead of block chain.Can be Fig. 2
Each field distribution length of middle block is as follows.
Internet of things equipment ID:4Byte;Keeper ID:2Byte;Keeper KU:128Byte;Internet of things equipment KU:
128Byte;Prev Hash:64Byte;It is whether credible:1bit;Security code:4Byte;It is total:330Byte+1bit.
Assuming that to dispose 1000 internet of things equipment in a service network, then block chain total size now is:
The ÷ 1024=322.12KB of (330Byte+1bit) × 1000.
In fact, the scale for the service network being made up of 1000 internet of things equipment is considerable, now in internet of things equipment
The storage overhead for depositing middle block chain is 322.12KB, and this is that can be realized with low cost for current storage chip
's.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
All any modification, equivalent and improvement made within refreshing and principle etc., should be included in the scope of the protection.
Claims (10)
- A kind of 1. internet of things equipment supply chain trust systems management method, it is characterised in that the internet of things equipment supply chain letter System management method is appointed to include:Step 1, the trusting relationship between different entities is managed as technology carrier using block chain;Step 2, when the ownership of internet of things equipment changes, realize internet of things equipment in different realities by protocol interaction Trust transfer between body;Step 3, internet of things equipment owning side are interacted with communication protocol and internet of things equipment;Step 4, the block chain being stored in by each inquiring about in local storage space between different internet of things equipment establish letter Appoint, and session key is shared by this trusting relationship and communicated;Step 5, internet of things equipment owner in the business network that is formed to the internet of things equipment by deployed operation by sending Send/launch new internet of things equipment, and the server possessed by internet of things equipment owner and the Internet of Things for being sent/launching Net equipment carries out protocol interaction and the internet of things equipment that is sent/launches reach in business network after with business network Central Plains The other internet of things equipment having interact two stages to realize that the internet of things equipment for being sent/launching is reached in business network And realize that the capacity of internet of things equipment memory space all in business network after its function relaxes by deployment operation.
- 2. internet of things equipment supply chain trust systems management method as claimed in claim 1, it is characterised in that the step 1 It is middle to be specifically included using block chain as technology carrier:Central server produces block chain, and central server is by caused block Chain writes internet of things equipment, and each is had the copy of a block chain by disposing inside the internet of things equipment to put into operation;Often One internet of things equipment corresponds to a block in block chain.
- 3. internet of things equipment supply chain trust systems management method as claimed in claim 1, it is characterised in that the step 2 Including:(1) ownership of the internet of things equipment described in occurs transformation and refers specifically to the ownership of internet of things equipment by belonging to an entity Through consultation, negotiate, trading activity is transferred to another entity;(2) different entities described in include internet of things equipment manufacturer or produce the responsible party of internet of things equipment, and Internet of Things is set Standby buying side and internet of things equipment;(3) trust transfer described in refers to that by consulting the internet of things equipment ownership that negotiation or trading activity trigger is in different realities Conversion between body;(4) the specific protocol interaction in the step 2 specifically includes:Step 1, server send trusting relationship migration instruction to internet of things equipment;Step 2, internet of things equipment reply server, and whether inquiry server confirms to carry out trusting relationship migration;Step 3, server reply internet of things equipment, inform that internet of things equipment confirms to carry out trusting relationship migration, and inform Internet of Things The identity of the next owner of net equipment.
- 4. internet of things equipment supply chain trust systems management method as claimed in claim 1, it is characterised in that the step 3 In interacted with specific communication protocol from internet of things equipment and specifically include three kinds of different situations:(1) internet of things equipment is not launched in service network, and block chain is write into Internet of Things by wired or wireless communication by server The storage of net equipment;(2) occupy major amount of internet of things equipment and use has been put into, single internet of things equipment need to be increased;Server adds with new The internet of things equipment entered interacts, and the internet of things equipment newly added put into operation after led to other internet of things equipment Letter;Other internet of things equipment receive more new block chain after the necessary information of interaction, supplement newest block;Server with it is new The interaction that the internet of things equipment of addition is carried out includes:1) server informs that the internet of things equipment newly added will write block chain in its memory space;2) internet of things equipment is confirmed whether to need to write block chain to server;3) server confirms write-in block chain, and writes block chain to internet of things equipment memory space;Server, which continues to write to, to be needed The token of other internet of things equipment supplement new blocks is wanted to the memory space of the internet of things equipment newly added;(3) occupy major amount of internet of things equipment and use has been put into, increase single internet of things equipment, specifically include:If the effector of server is thought there is k insincere internet of things equipment, this k internet of things equipment is obtained or produced Raw new block, in the new block to this k internet of things equipment generation, trusted identifier symbol is set to insincere;By k new block It is connected to behind former block chain;Internet of things equipment newly to add is obtained or generated by new block, and block is connected to block chain Below, the interaction that server is carried out with the internet of things equipment newly added includes:1) server informs that the internet of things equipment newly added will write block chain in its memory space;2) internet of things equipment is confirmed whether to need to write block chain to server;3) server confirms write-in block chain, and writes block chain to internet of things equipment memory space;Server, which continues to write to, to be needed The token of other internet of things equipment supplement new blocks is wanted to the memory space of the internet of things equipment newly added.
- 5. internet of things equipment supply chain trust systems management method as claimed in claim 1, it is characterised in that the step 3 In the maintenance and management of trusting relationship specifically include:The internet of things equipment owner can know internet of things equipment by block chain Whether return oneself all, if credible;And interact to realize between internet of things equipment by the specific fields on block chain Secure communication.
- 6. internet of things equipment supply chain trust systems management method as claimed in claim 1, it is characterised in that the step 4 In establish communication link and specifically include:Step 1, internet of things equipment A send shared session key, internet of things equipment B public key encryption to internet of things equipment B , while the message signed by internet of things equipment A is sent to ensure authenticity;Step 2, internet of things equipment B reply the message with shared session key to internet of things equipment A, message be by with Machine number and identity composition, carry out response;Step 3, two random numbers that internet of things equipment A is sent to internet of things equipment B replies with shared session key XOR result, carry out response;Step 4, the session key between internet of things equipment A and internet of things equipment B have been shared, secure connection it has been established that with Session key transmits data.
- 7. internet of things equipment supply chain trust systems management method as claimed in claim 1, it is characterised in that the step 5 Middle appearance server carries out communication with the internet of things equipment newly added and specifically included:Step 1, server inform that the internet of things equipment newly added will write block chain in its memory space;Step 2, internet of things equipment are confirmed whether to need to write block chain to server;Step 3, server confirms write-in block chain, and writes block chain to internet of things equipment memory space;Step 4, internet of things equipment are replied and have received block chain;Step 5, server send the instruction for needing other internet of things equipment to carry out capacity relaxation and capacity pine to internet of things equipment Memory space of the relaxation token to the internet of things equipment newly added;The internet of things equipment newly added carries out communication with other internet of things equipment and specifically included:Step 1, internet of things equipment A send shared session key, internet of things equipment B public key encryption to internet of things equipment B , while the message signed by internet of things equipment A is sent to ensure authenticity;Step 2, internet of things equipment B reply the message with shared session key to internet of things equipment A, message be by with Machine number and identity composition, carry out response;Step 3, internet of things equipment A are sent to the finger of internet of things equipment A capacity relaxation to internet of things equipment B transmission servers Order carries out capacity loose operations with capacity relaxation token, internet of things equipment B;Step 4, internet of things equipment B are replied to internet of things equipment A, have been received that instruction and the token of capacity relaxation;Step 5, internet of things equipment A transmit new block chain to internet of things equipment B;Step 6, internet of things equipment B are replied to internet of things equipment A and be have received new block chain.
- A kind of 8. internet of things equipment supply chain letter of internet of things equipment supply chain trust systems management method as claimed in claim 1 Appoint system management system, it is characterised in that the internet of things equipment supply chain trust systems management system includes internet of things equipment Manufacturer's trust management server, the side's of buying trust management server, internet of things equipment;Equipment manufacturers' trust management server, the management of the trust for realizing the equipment to equipment manufacturers' production, including Necessary information exchange is carried out with internet of things equipment, is stored in primary data, completes trust transfer;The side's of buying trust management server, for realizing the generation to block chain, safeguard with renewal and equipment manager with setting The generation and maintenance of administrative relationships between standby, and capacity relaxation is carried out to internet of things equipment in good time;Internet of things equipment, for the carrying of service logic, mutual trust is established by block chain;The internet of things equipment manufacturer's trust management server includes:Initialization module, necessary information is write into Internet of Things for the necessary stage when producing internet of things equipment or after production Equipment;Trust transfer module, for completing trust transfer;Communication module, with internet of things equipment, communicated for the side of buying;Buying side's trust management server includes:Block chain management module, for being managed to the block chain of internet of things equipment, including generation, safeguard and update;Personnel management module, for manage internet of things equipment Administrator Info be managed, including assign, inquiry with more Newly;Trust management module, the belief system for the service network to being made up of internet of things equipment is managed as a whole, including is looked into Block chain is ask to close with the trust of clear and definite internet of things equipment and keeper with the credibility of clear and definite internet of things equipment, inquiry block chain System, inquiry occurrences in human life management module is with clear and definite keeper and the trusting relationship of system;The internet of things equipment includes:Functional module, for meet module that practical application request should possess, being the straight of internet of things equipment value Junctor shows;Block chain management module, for being responsible for safeguarding the module with more new block chain;Communication module, for the module to be communicated with server or other internet of things equipment.
- 9. a kind of computer program performed by computer, it is characterised in that the computer program causes computer right of execution Profit requires the Overall Steps of any means in 1~8.
- A kind of 10. meter of internet of things equipment supply chain trust systems management method described in any one in perform claim requirement 1~8 Calculation machine.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710941351.6A CN107895111B (en) | 2017-10-11 | 2017-10-11 | Internet of things equipment supply chain trust system management method, computer program and computer |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710941351.6A CN107895111B (en) | 2017-10-11 | 2017-10-11 | Internet of things equipment supply chain trust system management method, computer program and computer |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107895111A true CN107895111A (en) | 2018-04-10 |
CN107895111B CN107895111B (en) | 2021-06-11 |
Family
ID=61803509
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710941351.6A Active CN107895111B (en) | 2017-10-11 | 2017-10-11 | Internet of things equipment supply chain trust system management method, computer program and computer |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107895111B (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108377272A (en) * | 2018-05-09 | 2018-08-07 | 深圳市有方科技股份有限公司 | A kind of method and system of management internet-of-things terminal |
CN108737419A (en) * | 2018-05-22 | 2018-11-02 | 北京航空航天大学 | Trusted identities life cycle management device and method based on block chain |
CN108810007A (en) * | 2018-06-26 | 2018-11-13 | 东北大学秦皇岛分校 | A kind of Internet of Things security architecture |
CN108881287A (en) * | 2018-07-18 | 2018-11-23 | 电子科技大学 | A kind of Internet of things node identity identifying method based on block chain |
CN108989022A (en) * | 2018-06-08 | 2018-12-11 | 中国科学院计算技术研究所 | A kind of smart item shared key method for building up and system based on block chain |
CN109104311A (en) * | 2018-08-06 | 2018-12-28 | 腾讯科技(深圳)有限公司 | Device management method, device, medium and electronic equipment based on block chain |
CN109617989A (en) * | 2018-12-28 | 2019-04-12 | 浙江省公众信息产业有限公司 | For loading method, apparatus, system and the computer-readable medium of distribution |
CN110267270A (en) * | 2019-05-07 | 2019-09-20 | 国网浙江省电力有限公司电力科学研究院 | A kind of substation's inner sensor terminal access Border Gateway authentication intelligence contract |
CN110750595A (en) * | 2019-10-16 | 2020-02-04 | 西安交通大学 | Double-layer Internet of things architecture based on credit degree-block chain |
CN111031085A (en) * | 2018-10-09 | 2020-04-17 | 励智识别技术有限公司 | Communication method and device between Internet of things device and remote computer system |
CN111083131A (en) * | 2019-12-10 | 2020-04-28 | 南瑞集团有限公司 | Lightweight identity authentication method for power Internet of things sensing terminal |
WO2020168585A1 (en) * | 2019-02-20 | 2020-08-27 | 中国互联网络信息中心 | Blockchain hybrid consensus based domain name information maintenance system |
CN111741062A (en) * | 2020-05-12 | 2020-10-02 | 成都芯域矩阵科技有限公司 | Electronic equipment local area management system based on block chain technology |
CN112464190A (en) * | 2020-12-17 | 2021-03-09 | 深圳市飞思捷跃科技有限公司 | Block chain-based high-availability high-safety method for Internet of things platform |
CN112948784A (en) * | 2021-03-23 | 2021-06-11 | 中国信息通信研究院 | Internet of things terminal identity authentication method, computer storage medium and electronic equipment |
CN112955884A (en) * | 2018-11-01 | 2021-06-11 | 惠普发展公司,有限责任合伙企业 | Infrastructure device registration |
CN112948784B (en) * | 2021-03-23 | 2024-05-14 | 中国信息通信研究院 | Internet of things terminal identity authentication method, computer storage medium and electronic equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103532963A (en) * | 2013-10-22 | 2014-01-22 | 中国联合网络通信集团有限公司 | IOT (Internet of Things) based equipment authentication method, device and system |
CN104618317A (en) * | 2014-07-30 | 2015-05-13 | 江苏物泰信息科技有限公司 | Trust based Internet of Things data security system |
CN105075307A (en) * | 2013-02-25 | 2015-11-18 | 高通股份有限公司 | Emergency mode for iot devices |
US20170064699A1 (en) * | 2015-08-24 | 2017-03-02 | Sprint Communications Company L.P. | Hardware-trusted orthogonal frequency division multiplex (ofdm) access to a shared common public radio interface (cpri) |
CN107077568A (en) * | 2014-11-17 | 2017-08-18 | 英特尔公司 | symmetric key and trust chain |
-
2017
- 2017-10-11 CN CN201710941351.6A patent/CN107895111B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105075307A (en) * | 2013-02-25 | 2015-11-18 | 高通股份有限公司 | Emergency mode for iot devices |
CN103532963A (en) * | 2013-10-22 | 2014-01-22 | 中国联合网络通信集团有限公司 | IOT (Internet of Things) based equipment authentication method, device and system |
CN104618317A (en) * | 2014-07-30 | 2015-05-13 | 江苏物泰信息科技有限公司 | Trust based Internet of Things data security system |
CN107077568A (en) * | 2014-11-17 | 2017-08-18 | 英特尔公司 | symmetric key and trust chain |
US20170064699A1 (en) * | 2015-08-24 | 2017-03-02 | Sprint Communications Company L.P. | Hardware-trusted orthogonal frequency division multiplex (ofdm) access to a shared common public radio interface (cpri) |
Non-Patent Citations (2)
Title |
---|
XINGHUA LI 等: "A Lightweight Anonymous Authentication Protocol Using k-Pseudonym Set in Wireless Networks", 《2015 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM)》 * |
赵阔 等: "区块链技术驱动下的物联网安全研究综述", 《信息网络安全》 * |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108377272A (en) * | 2018-05-09 | 2018-08-07 | 深圳市有方科技股份有限公司 | A kind of method and system of management internet-of-things terminal |
CN108377272B (en) * | 2018-05-09 | 2021-02-02 | 深圳市有方科技股份有限公司 | Method and system for managing terminal of Internet of things |
CN108737419A (en) * | 2018-05-22 | 2018-11-02 | 北京航空航天大学 | Trusted identities life cycle management device and method based on block chain |
CN108989022A (en) * | 2018-06-08 | 2018-12-11 | 中国科学院计算技术研究所 | A kind of smart item shared key method for building up and system based on block chain |
CN108810007A (en) * | 2018-06-26 | 2018-11-13 | 东北大学秦皇岛分校 | A kind of Internet of Things security architecture |
CN108810007B (en) * | 2018-06-26 | 2020-11-17 | 东北大学秦皇岛分校 | Internet of things security architecture |
CN108881287A (en) * | 2018-07-18 | 2018-11-23 | 电子科技大学 | A kind of Internet of things node identity identifying method based on block chain |
CN110493039A (en) * | 2018-08-06 | 2019-11-22 | 腾讯科技(深圳)有限公司 | Device management method and equipment management system based on block chain |
CN109104311A (en) * | 2018-08-06 | 2018-12-28 | 腾讯科技(深圳)有限公司 | Device management method, device, medium and electronic equipment based on block chain |
CN111031085B (en) * | 2018-10-09 | 2024-03-26 | 励智识别技术有限公司 | Communication method and device between Internet of things equipment and remote computer system |
CN111031085A (en) * | 2018-10-09 | 2020-04-17 | 励智识别技术有限公司 | Communication method and device between Internet of things device and remote computer system |
CN112955884B (en) * | 2018-11-01 | 2024-02-06 | 惠普发展公司,有限责任合伙企业 | Device for authentication, method for registering a device in a network |
CN112955884A (en) * | 2018-11-01 | 2021-06-11 | 惠普发展公司,有限责任合伙企业 | Infrastructure device registration |
CN109617989A (en) * | 2018-12-28 | 2019-04-12 | 浙江省公众信息产业有限公司 | For loading method, apparatus, system and the computer-readable medium of distribution |
CN109617989B (en) * | 2018-12-28 | 2021-11-26 | 浙江省公众信息产业有限公司 | Method, apparatus, system, and computer readable medium for load distribution |
WO2020168585A1 (en) * | 2019-02-20 | 2020-08-27 | 中国互联网络信息中心 | Blockchain hybrid consensus based domain name information maintenance system |
US11930113B2 (en) | 2019-02-20 | 2024-03-12 | China Internet Network Information Center | Blockchain hybrid consensus-based system for maintaining domain name information |
CN110267270B (en) * | 2019-05-07 | 2022-07-12 | 国网浙江省电力有限公司电力科学研究院 | Identity authentication method for sensor terminal access edge gateway in transformer substation |
CN110267270A (en) * | 2019-05-07 | 2019-09-20 | 国网浙江省电力有限公司电力科学研究院 | A kind of substation's inner sensor terminal access Border Gateway authentication intelligence contract |
CN110750595A (en) * | 2019-10-16 | 2020-02-04 | 西安交通大学 | Double-layer Internet of things architecture based on credit degree-block chain |
CN111083131A (en) * | 2019-12-10 | 2020-04-28 | 南瑞集团有限公司 | Lightweight identity authentication method for power Internet of things sensing terminal |
CN111741062A (en) * | 2020-05-12 | 2020-10-02 | 成都芯域矩阵科技有限公司 | Electronic equipment local area management system based on block chain technology |
CN112464190A (en) * | 2020-12-17 | 2021-03-09 | 深圳市飞思捷跃科技有限公司 | Block chain-based high-availability high-safety method for Internet of things platform |
CN112948784A (en) * | 2021-03-23 | 2021-06-11 | 中国信息通信研究院 | Internet of things terminal identity authentication method, computer storage medium and electronic equipment |
CN112948784B (en) * | 2021-03-23 | 2024-05-14 | 中国信息通信研究院 | Internet of things terminal identity authentication method, computer storage medium and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN107895111B (en) | 2021-06-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107895111A (en) | Internet of things equipment supply chain trust systems management method, computer program, computer | |
Zaghloul et al. | Bitcoin and blockchain: Security and privacy | |
Li et al. | A blockchain privacy protection scheme based on ring signature | |
Desai et al. | A hybrid blockchain architecture for privacy-enabled and accountable auctions | |
CN109558517B (en) | Multi-party secure election system based on block chain | |
CN107395349A (en) | A kind of block chain network cryptographic key distribution method based on self-certified public key system | |
CN108494830A (en) | A kind of Internet of Things using block chain | |
CN110971390A (en) | Fully homomorphic encryption method for intelligent contract privacy protection | |
CN109245894B (en) | Distributed cloud storage system based on intelligent contracts | |
CN103259650A (en) | Fair and rational multi-secret sharing method for honest participants | |
CN106161415B (en) | A kind of information processing method and mobile gunz perception application platform | |
CN108830711A (en) | A kind of energy internet business account book management method and system based on block chain | |
CN110111102A (en) | A kind of virtual traffic card system and distribution method of commerce based on block chain technology | |
CN111931215B (en) | Data management method and device and storage medium | |
Xu et al. | When quantum information technologies meet blockchain in web 3.0 | |
CN106296196A (en) | Digital cash transaction signature method and system and digital cash transaction system thereof | |
CN113127910B (en) | Controllable anonymous voting system based on block chain and decentralization traceable attribute signature | |
Li et al. | Metaopera: A cross-metaverse interoperability protocol | |
CN109995737A (en) | The digital certificate management method and device of decentralization, node, system | |
Li et al. | Astraea: Anonymous and secure auditing based on private smart contracts for donation systems | |
CN110945833B (en) | Method and system for multi-mode identification network privacy protection and identity management | |
Islam | A privacy-preserving transparent central bank digital currency system based on consortium blockchain and unspent transaction outputs | |
Bilal et al. | Blockchain technology: Opportunities & challenges | |
Rahmadika et al. | A blockchain approach for the future renewable energy transaction | |
CN115244526A (en) | Method and system for decentralized transaction communication protocols |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |