CN108306887B - Block chain-based Internet of things security and data privacy protection system - Google Patents

Block chain-based Internet of things security and data privacy protection system Download PDF

Info

Publication number
CN108306887B
CN108306887B CN201810111633.8A CN201810111633A CN108306887B CN 108306887 B CN108306887 B CN 108306887B CN 201810111633 A CN201810111633 A CN 201810111633A CN 108306887 B CN108306887 B CN 108306887B
Authority
CN
China
Prior art keywords
internet
things
equipment
data
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810111633.8A
Other languages
Chinese (zh)
Other versions
CN108306887A (en
Inventor
徐正伟
凌从礼
滕建龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201810111633.8A priority Critical patent/CN108306887B/en
Publication of CN108306887A publication Critical patent/CN108306887A/en
Application granted granted Critical
Publication of CN108306887B publication Critical patent/CN108306887B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

The invention discloses an Internet of things safety and data privacy protection system based on a block chain, which comprises an Internet of things safety engine corresponding to Internet of things equipment and a block chain network communicated with the Internet of things safety engine. The access session channel is established between the access initiator application program or the Internet of things equipment and the accessed Internet of things equipment through a block chain network, the paid acquisition of data use right and node accounting are completed through the block chain network according to the data stored by the Internet of things security engine and the corresponding digital rights and interests requirement, and the Internet of things security engine can automatically perform data encryption and decryption and data transaction packaging. The invention not only realizes the uniform key distribution mechanism of the Internet of things equipment based on the blockchain network, effectively realizes the authorized use and trust mechanism establishment of the Internet of things equipment, but also utilizes the blockchain network to protect the data privacy and the data rights and interests, and greatly improves the privacy protection safety of the Internet of things equipment data.

Description

Block chain-based Internet of things security and data privacy protection system
Technical Field
The invention relates to the technical field of Internet of things, in particular to a block chain-based Internet of things security and data privacy protection system.
Background
At present, the internet of things has become an important component of the internet, the number of devices of the internet of things in the world keeps increasing at a high speed, in the future, due to the fact that any person, group, community, organization, object, product, data, service, process and activity are interconnected through the internet of things, personal data privacy and business confidentiality in the internet of things become important short boards restricting the development of the internet of things, the current research and solution about the safety and privacy technology of the internet of things do not play a good role in guarantee, and the potential safety hazard of the internet of things causes more and more worry.
Although various types of internet of things security and data privacy solutions exist in the industry at present, the solutions do not provide support of a unified key distribution mechanism well, and a solution with good universality cannot be found for abuse and privacy violation of device data of the internet of things.
Disclosure of Invention
The invention aims to provide a block chain-based Internet of things security and data privacy protection system, and aims to improve the equipment access security and the data privacy protection level of the Internet of things.
In order to achieve the purpose, the invention provides an internet of things security and data privacy protection system based on a block chain network, which comprises an internet of things security engine corresponding to an internet of things device and the block chain network communicated with the internet of things security engine, wherein the internet of things security engine is a hardware device or a module which can automatically perform data encryption and decryption and data transaction packaging and is positioned at the communication boundary of the internet of things device, an access initiator internet of things device and an access target internet of things device perform authentication and security consensus channel establishment through the block chain network, and data use right paid acquisition and node bookkeeping are completed through the block chain network according to data stored by the internet of things security engine and corresponding digital right requirements.
The system comprises a software and hardware design framework for realizing data generated by transaction Internet of things equipment, wherein a block chain network is used as a platform for ensuring the data right of the Internet of things equipment and performing transaction accounting in the framework, an Internet of things security engine is used as hardware for ensuring the data quantitative transaction of the Internet of things equipment, and the data rights and interests are the data right and data value custom measurement realized based on encryption currency.
The system comprises an access terminal and an accessed terminal, wherein:
the access terminal comprises an application program on a block chain network, access initiator Internet of things equipment and an Internet of things security engine corresponding to the access initiator Internet of things equipment, and the access terminal comprises access party Internet of things equipment and an Internet of things security engine corresponding to the access party Internet of things equipment;
when the access terminal is an application program on the blockchain network, the blockchain network performs application program identity authentication through login certificate issuance and login certificate verification;
when the access terminal is an access initiator Internet of things device and an Internet of things security engine corresponding to the access initiator Internet of things device, the Internet of things security engine carries out access validity verification on the blockchain network, if the digital identity of the initiating access node is stored in the blockchain network, the verification requirement is met, and approval for establishing a session channel with the access terminal is obtained;
and the accessed terminal performs matching according to the access key sent by the accessed terminal, and if the matching requirement is met, the accessed terminal and the accessed terminal establish a session channel.
The network topology of the system comprises two forms, wherein one form is that the Internet of things security engine equipment or module is used as a local network security main node to manage each Internet of things equipment in the network; and the other one is that the internet of things security engine equipment or module is integrated on each piece of internet of things equipment and is independently communicated with the block chain network, and each piece of internet of things equipment has the functions of access authentication, data processing, node accounting and the like by integrating the internet of things security engine equipment or module.
The digital identities are specifically as follows:
the digital identity of the Internet of things security engine is a private digital identity of the Internet of things security engine in the block chain network, which is obtained by uniquely identifying the Internet of things security engine through an MAC address, a digital certificate and a hardware wallet of the Internet of things security engine;
the digital identity of the Internet of things equipment is used as the unique identity of the Internet of things equipment through the digital identity of the correspondingly connected security engine equipment and the ID of the equipment;
the digital identity of the Internet of things equipment integrated with the Internet of things security engine module is used as the unique identity of the Internet of things equipment through the MAC address, the digital certificate and the hardware wallet of the security engine module.
The hardware wallet is a memory used for storing a private key of an internet of things security engine, the private key is a product based on the combination of an MAC address and the biological characteristics of a setter, authentication service is performed on a blockchain network after encryption, and a security terminal key is initially set, changed and used through the hardware wallet.
The block chain network also comprises a verification node and a billing node, and the access terminal performs transaction confirmation through the block chain network aiming at the data acquisition request of the access terminal; the access terminal gives a certain digital right to the accessed terminal, if the accessed terminal agrees to the transaction, the access terminal obtains the data use right of the accessed terminal and pays the certain digital right, and the transaction information of the access terminal and the accessed terminal which finish the data transaction is recorded by the block chain network accounting node and is used as a certificate for acquiring the data legality; when a transaction is received at a verification node, an endorsement check associated with the transaction chain code is invoked as part of a transaction verification process to determine the validity of the transaction.
The management mechanism of the internet of things security engine on the internet of things equipment is as follows: the security engine management system is divided into internal equipment and external equipment, wherein the internal equipment refers to Internet of things equipment managed by the same security engine, and the external equipment refers to Internet of things equipment outside the security engine management; performing block chain transaction authentication on the first communication of the internal equipment, writing the equipment name, the equipment ID, the access authority and the like into a block chain network account block, and simultaneously storing the equipment name, the equipment ID, the access authority and the like in the local, wherein the subsequent communication only needs to perform the equipment name and the equipment ID authentication in local data; for external equipment, a block chain channel authentication system is adopted, channel addition and authentication are carried out for the first communication, and the subsequent communication is carried out for inquiring and authenticating the channel in a block chain network; the management mechanism only has external equipment and does not have internal equipment for the Internet of things equipment integrated with the Internet of things security engine module.
The data recording format definition is carried out on the Internet of things equipment managed by the Internet of things security engine, format recording is carried out on operation data, monitoring data, overhaul data and the like, and classified storage can be carried out.
A block chain-based Internet of things security and data privacy protection method is realized based on the system and comprises the following steps:
when the access terminal comes from the internet of things equipment, then:
1) the access initiator Internet of things equipment sends an access request data packet to an Internet of things security engine corresponding to the equipment;
2) the access terminal Internet of things security engine inquires whether the equipment registration record exists locally or not according to the request data, verifies the validity of the equipment, and forwards the request to corresponding internal equipment if the equipment registration record exists in the local area;
3) and the access terminal Internet of things security engine inquires an access channel in the block chain network according to the request data, then carries out legal verification, and forwards the data to a security engine where the channel is located, namely the access terminal Internet of things security engine, if the access terminal is legal equipment in the authentication channel.
4) After receiving the response request, the visited Internet of things security engine locally queries and forwards the Internet of things equipment and forwards data to the designated Internet of things equipment;
5) the accessed side Internet of things equipment responds according to the request and returns response data to the access side security engine according to the access path, and the access side security engine sends the response data to the Internet of things equipment requested by the access side and obtains the corresponding data rights and interests given by the access side.
When the access terminal is called by an application program from the blockchain network, the following steps are carried out:
1) inquiring an access channel in a block chain network, then carrying out validity verification, and if an access party is a legal subject in an authentication channel, forwarding a request to a security engine or an integrated module where the channel is located, namely an access party Internet of things security engine;
2) and after receiving the response request, the Internet of things security engine of the accessed party locally inquires and forwards the Internet of things equipment and forwards data and the wallet address to the accessed party.
According to the block chain-based Internet of things security and data privacy protection system, an access initiator and an accessed party perform access session channel establishment through a block chain network, and paid acquisition of data use right and node accounting are completed through the block chain network according to data stored by an Internet of things security engine and corresponding digital rights and interests requirements, so that a unified key distribution mechanism of Internet of things equipment based on the block chain network is realized, authorized use and trust mechanism establishment of the Internet of things equipment are effectively realized, data privacy protection is performed by using the block chain network, the privacy protection security of the Internet of things equipment data is greatly improved, and non-repudiation of directional transaction and transaction records can be realized for part of users intending to trade the Internet of things equipment data.
Drawings
Fig. 1 is a schematic diagram of an application environment according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart illustrating an embodiment of a block chain-based IOT security and data privacy protection system according to the present invention;
FIG. 3 is a schematic logical architecture diagram of an embodiment of an IOT security engine of the present invention;
fig. 4 shows five network topologies of the system for protecting the security of the internet of things and the data privacy based on the block chain.
Detailed Description
Fig. 1 is a schematic diagram of an alternative application environment of an embodiment of the present invention.
In this embodiment, the system for securing internet of things and protecting data privacy based on a block chain includes an internet of things security engine and a block chain network in communication with the internet of things security engine. As shown in fig. 1, the present invention can be applied to an application environment including, but not limited to, an internet of things security engine a, an internet of things security engine B, and a block chain C. The internet of things security engine A, B is a hardware device at the communication boundary of the internet of things device, which can be designed according to the reserved security rules and automatically perform data encryption and decryption and data transaction encapsulation.
The internet of things security engine A, B is used for digital identification of internet of things devices, encryption and decryption of device data, and data transaction encapsulation, and the blockchain network C is a blockchain network used for access authentication of internet of things devices and data transaction control, and may include a plurality of nodes, such as transaction verification nodes, accounting nodes, and the like. The internet of things security engine A, B communicates with the blockchain network C through a wired or wireless network.
The invention provides a block chain-based Internet of things security and data privacy protection method.
Referring to fig. 2, fig. 2 is a schematic flowchart of an embodiment of a block chain-based internet of things security and data privacy protection method according to the present invention.
In this embodiment, the block chain-based internet of things security and data privacy protection method includes:
the access Internet of things equipment sends an access request data packet to a security engine where the access Internet of things equipment is located;
and the access party Internet of things security engine inquires whether the equipment registration record exists locally or not according to the request data, verifies the validity of the equipment, and forwards the request if the equipment registration record is internal communication.
And the access party Internet of things security engine inquires an access channel in the block chain network according to the request data, and then carries out legal verification and a security engine where the data forwarding channel is located.
And after receiving the response request, the Internet of things security engine of the accessed party locally inquires and forwards the Internet of things equipment and forwards data to the specified Internet of things equipment.
And the access party Internet of things equipment responds according to the request and returns response data to the access party security engine according to the access path, and the access party security engine exerts the response data to the request Internet of things equipment.
Referring to fig. 3, which is a schematic diagram of an alternative hardware architecture of the security engine of the internet of things in fig. 1, in this embodiment, in the logic mechanism diagram implemented by the security engine a of the internet of things, the device mainly has several functions:
the unique identity identification is carried out on the security engine equipment of the Internet of things through the encryption of a block chain network private key through the MAC address of the security engine equipment, a digital certificate and a hardware wallet, and the self identity authentication and management of the equipment are carried out. The MAC address of the security engine equipment, the digital certificate and the hardware wallet jointly form the basis of the security engine of the Internet of things.
The internet of things equipment management mechanism for the internet of things security engine management comprises internal communication and external communication, wherein the internal equipment refers to internet of things equipment managed by the same security engine, and the external equipment refers to internet of things equipment outside the security engine management. For internal communication, the equipment first communication is subjected to block chain transaction authentication, the equipment name, information, equipment distinguishing code and the like are written into a block chain network account book block and are stored locally, and the subsequent communication only needs to be carried out by authenticating the equipment name and the distinguishing code in local data. For external communication, equipment needs to inquire about a block chain network through an engine, a block chain channel authentication system is adopted, channel adding and authentication are carried out for the first communication, and then the channel is inquired and authenticated in the block chain network for the later communication.
And defining a data recording format for the Internet of things equipment managed by the Internet of things security engine, such as format recording of operation data, monitoring data, overhaul data and the like. Meanwhile, the data of each device is set for digital rights, so that the data is stored locally and set for data use, transaction and the like.
The hardware wallet is a memory used for storing a private key of the internet of things security terminal, the private key is a product based on the combination of a unique physical address and a fingerprint of a setter, authentication service is provided in a block chain network after encryption, and the security terminal key is initially set, changed and used through the hardware wallet.
Referring to fig. 4(a) is a first topology structure diagram of the system for protecting security of internet of things and data privacy based on a block chain in fig. 1, in this embodiment, an internet of things security engine n' serves as a core security node of a network net1 formed by an internet of things device 1 to an internet of things device n, stores block authentication information of all devices of the net1, is responsible for identity authentication of communication between the outside and an internet of things device in the network net1, encryption of data sent outside by the internet of things device in the network net1, and stores digital rights paid by the outside for requesting data of the internet of things device in the network net 1.
The internet of things security engine m' is used as a core security node of the network net2 formed by the internet of things device 1 to the internet of things device m, stores block authentication information of the internet of things device of the network net2, and is responsible for identity authentication of communication between the outside and the internet of things device of the network net2, encryption of data sent outside by the internet of things device of the network net2, and storage of digital rights paid by the outside for requesting data of the internet of things device of the network net 2.
When the internet of things equipment in the net1 network accesses the internet of things equipment in the net2, the internet of things security engine n ' is responsible for initiating access to the internet of things security engine m ' through the blockchain network, and the internet of things security engine m ' performs identity validity verification of the accessed equipment, encryption of access data output and accounting of corresponding digital rights and interests. And vice versa.
Referring to fig. 4(b) of the second topology structure diagram of the system for protecting security and data privacy of internet of things based on a block chain in fig. 1, in this embodiment, each internet of things device in the network net1 integrates an internet of things security engine module, stores block authentication information of the corresponding device, and is independently responsible for identity authentication of external communication with the corresponding internet of things device, encryption of externally sent data, and storage of digital rights paid by external access to the data of the corresponding internet of things device.
Each piece of internet-of-things equipment in the network net2 is integrated with an internet-of-things security engine module, stores block authentication information of corresponding equipment, is independently responsible for identity authentication of communication between the outside and the corresponding internet-of-things equipment, encryption of externally sent data and storage of digital rights paid by external access to the corresponding internet-of-things equipment data.
When the internet of things device n in the net1 network accesses the internet of things device m in the net2, the internet of things security engine n ' is responsible for initiating access to the internet of things security engine m ' through the blockchain network, and the internet of things security engine m ' performs identity validity verification of the accessed device, encryption of access data output and accounting of corresponding digital rights and interests. And vice versa.
Referring to fig. 4(c) as a third topology structure diagram of the system for protecting internet of things security and data privacy based on the block chain in fig. 1, in this embodiment, each internet of things device in the network net1 is connected to one internet of things security engine module, stores block authentication information of the corresponding device, and is independently responsible for identity authentication of external communication with the corresponding internet of things device, encryption of externally sent data, and storage of digital rights paid by external access to the data of the corresponding internet of things device.
The internet of things security engine m' is used as a core security node of the network net2 formed by the internet of things devices 1 to m, stores block authentication information of all devices in the network net2, and is responsible for identity authentication of communication between the outside and the internet of things devices in the network net2, encryption of data sent outside by the internet of things devices in the network net2, and storage of digital rights paid by the outside for requesting data of the internet of things devices in the network net 2.
When the internet of things device 1 in the net1 network accesses the internet of things device m in the net2, the internet of things security engine 1 ' is responsible for initiating access to the internet of things security engine m ' through the blockchain network, and the internet of things security engine m ' performs identity validity verification of the accessed device, encryption of access data output and accounting of corresponding digital rights and interests.
Referring to fig. 4(d) as a fourth topology structure diagram of the system for securing internet of things and protecting data privacy based on the blockchain in fig. 1, in the present embodiment, the application App1 is a legal access entry authenticated by the blockchain network.
The internet of things security engine m' is used as a core security node of the network net2 formed by the internet of things devices 1 to m, stores block authentication information of the internet of things devices in the network net2, is responsible for identity authentication of communication between the outside and the internet of things devices in the network net2, encryption of data sent outside by the internet of things devices in the network net2, and stores digital rights paid by the outside for requesting the data of the internet of things devices in the network net 2.
When the application program App1 accesses any Internet of things device in the net2, access is initiated to the Internet of things security engine m 'through the blockchain network, and the Internet of things security engine m' performs identity validity verification of the accessed device, encryption of access data output and accounting of corresponding digital rights.
Referring to fig. 4(e) in a fifth topological structure diagram of the system for securing and protecting data privacy of internet of things based on a blockchain in fig. 1, in the present embodiment, the application App1 is a legal access entry authenticated by the blockchain network.
Each piece of internet-of-things equipment in the network net2 is integrated with an internet-of-things security engine module, stores block authentication information of corresponding equipment, is independently responsible for identity authentication of communication between the outside and the corresponding internet-of-things equipment, encryption of externally sent data and storage of digital rights paid by external access to the corresponding internet-of-things equipment data.
When the application program App1 accesses the Internet of things device m in the net2, access is initiated to the Internet of things security engine m 'through the blockchain network, and the Internet of things security engine m' performs identity validity verification of the accessed device, encryption of access data output and accounting of corresponding digital rights.

Claims (8)

1. The Internet of things safety and data privacy protection system based on the block chain is characterized by comprising an Internet of things safety engine corresponding to Internet of things equipment and a block chain network communicated with the Internet of things safety engine, wherein the Internet of things safety engine is a hardware device or a module which can automatically perform data encryption and decryption and data transaction packaging and is positioned at a communication boundary of the Internet of things equipment, an access initiator Internet of things equipment and an access target Internet of things equipment perform authentication and safety consensus channel establishment through the block chain network, and the paid acquisition of data use right and node bookkeeping are completed through the block chain network according to data stored by the Internet of things safety engine and corresponding digital rights and interests requirements;
the system comprises an access terminal and an accessed terminal, wherein:
the access terminal comprises an application program on a block chain network, access initiator Internet of things equipment and an Internet of things security engine corresponding to the access initiator Internet of things equipment, and the access terminal comprises access party Internet of things equipment and an Internet of things security engine corresponding to the access party Internet of things equipment;
when the access terminal is an application program on the blockchain network, the blockchain network performs application program identity authentication through login certificate issuance and login certificate verification;
when the access terminal is an access initiator Internet of things device and an Internet of things security engine corresponding to the access initiator Internet of things device, the Internet of things security engine carries out access validity verification on the blockchain network, if the digital identity of the initiating access node is stored in the blockchain network, the verification requirement is met, and approval for establishing a session channel with the access terminal is obtained;
the accessed terminal carries out matching according to the access key sent by the accessed terminal, and if the matching requirement is met, a session channel is established between the accessed terminal and the accessed terminal;
the network topology of the system comprises two forms, wherein one form is that the Internet of things security engine equipment or module is used as a local network security main node to manage each Internet of things equipment in the network; and the other one is that the Internet of things security engine equipment or module is integrated on each piece of Internet of things equipment and is independently communicated with the block chain network, and each piece of Internet of things equipment has the functions of access authentication, data processing and node accounting by integrating the Internet of things security engine equipment or module.
2. The system for securing internet of things and protecting data privacy based on blockchain as claimed in claim 1, wherein the system includes a software and hardware design architecture for implementing data generated by transaction internet of things devices, wherein the blockchain network is used as a platform for securing right of internet of things device data and performing transaction accounting in the architecture, and the internet of things security engine is used as a hardware device for guaranteeing quantitative transaction of internet of things device data.
3. The system of claim 1, wherein the digital identities are as follows:
the digital identity of the Internet of things security engine is a private digital identity of the Internet of things security engine in the block chain network, which is obtained by uniquely identifying the Internet of things security engine through an MAC address, a digital certificate and a hardware wallet of the Internet of things security engine;
the digital identity of the equipment of the Internet of things is used as the unique identity of the equipment of the Internet of things through the combination of the digital identity of the correspondingly connected security engine and the ID of the equipment;
the digital identity of the Internet of things equipment integrated with the Internet of things security engine module is used as the unique identity of the Internet of things equipment through the MAC address, the digital certificate and the hardware wallet of the security engine module.
4. The system as claimed in claim 3, wherein the hardware wallet is a memory for storing private key of security engine of internet of things, the private key is a product of combining MAC address and biometric feature of setter, and the private key is encrypted and then used for authentication service in the blockchain network, and the key of the security terminal is initially set, changed and used through the hardware wallet.
5. The system for internet of things security and data privacy protection based on the blockchain as claimed in claim 1, further comprising a verification node and a billing node in the blockchain network, wherein the access terminal performs transaction confirmation through the blockchain network for a data acquisition request of the access terminal; the access terminal gives a certain digital right to the accessed terminal, if the accessed terminal agrees to the transaction, the access terminal obtains the data use right of the accessed terminal and pays the certain digital right, and the transaction information of the access terminal and the accessed terminal which finish the data transaction is recorded by the block chain network accounting node and is used as a certificate for acquiring the data legality; when a transaction is received at a verification node, an endorsement check associated with the transaction chain code is invoked as part of a transaction verification process to determine the validity of the transaction.
6. The system of claim 1, wherein a management mechanism of an internet of things security engine on the internet of things device is as follows: the security engine management system is divided into internal equipment and external equipment, wherein the internal equipment refers to Internet of things equipment managed by the same security engine, and the external equipment refers to Internet of things equipment outside the security engine management; performing block chain transaction authentication on the first communication of the internal equipment, writing the equipment name, the equipment ID and the access authority into a block chain network account block, and simultaneously storing the equipment name, the equipment ID and the access authority in the local, wherein the subsequent communication only needs to perform equipment name and equipment ID authentication in local data; for external equipment, a block chain channel authentication system is adopted, authentication and channel addition are carried out on first communication, and the subsequent communication is carried out on a channel in a block chain network through inquiry and authentication; the management mechanism only has external equipment and does not have internal equipment for the Internet of things equipment integrated with the Internet of things security engine module.
7. The system for internet of things security and data privacy protection based on the blockchain as claimed in claim 1, wherein data recording format definition is performed on internet of things devices managed by an internet of things security engine, format recording is performed on operation data, monitoring data and overhaul data, and classified storage is possible.
8. A block chain based internet of things security and data privacy protection method, which is implemented based on the system of any one of claims 1-7, and comprises:
when the access terminal comes from the internet of things equipment, then:
1) the access initiator Internet of things equipment sends an access request data packet to an Internet of things security engine corresponding to the equipment;
2) the access terminal Internet of things security engine inquires whether the equipment registration record exists locally or not according to the request data, verifies the validity of the equipment, and forwards the request to corresponding internal equipment if the equipment registration record exists in the local area;
3) the access terminal Internet of things security engine inquires an access channel in the block chain network according to the request data, then carries out legal verification, and if the accessed party is legal equipment in the authentication channel, forwards the data to the security engine where the channel is located, namely the accessed party Internet of things security engine;
4) after receiving the response request, the visited Internet of things security engine locally queries and forwards the Internet of things equipment and forwards data to the designated Internet of things equipment;
5) the accessed side Internet of things equipment makes a response according to the request and returns response data to the access side security engine according to the access path, and the access side security engine sends the response data to the Internet of things equipment requested by the access side and obtains the corresponding data rights and interests given by the access side;
when the access terminal is called by an application program from the blockchain network, the following steps are carried out:
1) inquiring an access channel in a block chain network, then carrying out validity verification, and if an access party is a legal subject in an authentication channel, forwarding a request to a security engine or an integrated module where the channel is located, namely an access party Internet of things security engine;
2) and after receiving the response request, the Internet of things security engine of the accessed party locally inquires and forwards the Internet of things equipment and forwards data and the wallet address to the accessed party.
CN201810111633.8A 2018-02-05 2018-02-05 Block chain-based Internet of things security and data privacy protection system Active CN108306887B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810111633.8A CN108306887B (en) 2018-02-05 2018-02-05 Block chain-based Internet of things security and data privacy protection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810111633.8A CN108306887B (en) 2018-02-05 2018-02-05 Block chain-based Internet of things security and data privacy protection system

Publications (2)

Publication Number Publication Date
CN108306887A CN108306887A (en) 2018-07-20
CN108306887B true CN108306887B (en) 2020-07-21

Family

ID=62864168

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810111633.8A Active CN108306887B (en) 2018-02-05 2018-02-05 Block chain-based Internet of things security and data privacy protection system

Country Status (1)

Country Link
CN (1) CN108306887B (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110825918B (en) * 2018-07-23 2023-01-13 中国移动通信有限公司研究院 Method and device for acquiring and storing digital certificate
CN108765160A (en) * 2018-07-24 2018-11-06 孔德键 The network trading method and internet trading system of compound judgement
CN108694585A (en) * 2018-07-24 2018-10-23 孔德键 The internet trading system of compound authentication
CN109190337A (en) * 2018-07-26 2019-01-11 伦哲 A kind of method and system of the media content storage and retrieval based on block chain technology
CN109063097B (en) * 2018-07-27 2020-06-23 广州天高软件科技有限公司 Data comparison and consensus method based on block chain
CN109242681B (en) * 2018-08-21 2020-11-20 京东数字科技控股有限公司 Asset data storage method, device, equipment and system
CN109359991A (en) * 2018-09-30 2019-02-19 北京奇虎科技有限公司 Cut-in method, device and the calculating equipment of internet of things equipment
CN111064693B (en) * 2018-10-16 2023-02-24 青岛海链数字科技有限公司 Block chain-based household appliance Internet of things user privacy protection method
TWI702552B (en) * 2018-10-25 2020-08-21 林貫文 System for creating digital identities and processing digital assets authorization and transaction using distributed ledger technology
CN109474597A (en) * 2018-11-19 2019-03-15 中链科技有限公司 A kind of distributed message based on block chain sends and receives method and device
CN109844787A (en) * 2018-11-27 2019-06-04 区链通网络有限公司 A kind of hardware wallet, transaction system and storage medium based on block chain
CN109741800A (en) * 2018-12-20 2019-05-10 李秦豫 The method for security protection of medical data intranet and extranet interaction based on block chain technology
US11159945B2 (en) * 2018-12-31 2021-10-26 T-Mobile Usa, Inc. Protecting a telecommunications network using network components as blockchain nodes
CN109769024A (en) * 2019-01-18 2019-05-17 东喜和仪(珠海市)数据科技有限公司 Internet of Things construction method and device based on data trade block chain
CN110022315B (en) * 2019-03-26 2021-06-29 创新先进技术有限公司 Weight management method, device and equipment in block chain type account book
CN110266807A (en) * 2019-06-28 2019-09-20 中兴通讯股份有限公司 Internet of things data processing method and processing device
CN110266501B (en) * 2019-07-08 2022-02-11 中国联合网络通信集团有限公司 Block chain node device and block chain network system
CN110619526A (en) * 2019-09-19 2019-12-27 阿里巴巴集团控股有限公司 Business service providing method, device, equipment and system based on block chain
CN111552215B (en) * 2020-05-22 2022-02-11 中国联合网络通信集团有限公司 Internet of things equipment safety protection method and system
CN111740973A (en) * 2020-06-16 2020-10-02 深圳市迈科龙电子有限公司 Intelligent defense system and method for block chain service and application
CN112529579A (en) * 2020-06-24 2021-03-19 杨刘琴 Information flow analysis method, system and platform based on block chain and mobile internet
CN112235418A (en) * 2020-11-30 2021-01-15 江西云本数字科技有限公司 Cross-block-chain stable access authentication system and method
CN112464190A (en) * 2020-12-17 2021-03-09 深圳市飞思捷跃科技有限公司 Block chain-based high-availability high-safety method for Internet of things platform
CN112560104B (en) * 2021-01-17 2022-07-19 金网络(北京)电子商务有限公司 Data storage method and safety information platform based on cloud computing and block chain
CN114710492B (en) * 2022-03-31 2023-12-22 蚂蚁区块链科技(上海)有限公司 Method and device for establishing direct connection channel, electronic equipment and storage medium
CN115174234B (en) * 2022-07-08 2023-08-29 慧之安信息技术股份有限公司 Block chain-based Internet of things identifier management method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106778343A (en) * 2016-12-12 2017-05-31 武汉优聘科技有限公司 It is a kind of that the data sharing method of private data is related to based on block chain
CN107609848A (en) * 2017-11-06 2018-01-19 张婷 A kind of IPR licensing method and system based on Internet of Things

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106778343A (en) * 2016-12-12 2017-05-31 武汉优聘科技有限公司 It is a kind of that the data sharing method of private data is related to based on block chain
CN107609848A (en) * 2017-11-06 2018-01-19 张婷 A kind of IPR licensing method and system based on Internet of Things

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Blockchain-based secure firmware update for embedded devices in an Internet of Things environment;Boohyung Lee, Jong-Hyouk Lee;《The Journal of Supercomputing》;20171231;第1152-1167页 *
区块链技术在物联网中的应用分析;张建强,张高毓;《电信科学》;20171210(第Z1期);第104-110页 *
基于区块链的物联网访问控制简化模型构建;梅颖;《中国传媒大学学报自然科学版》;20171031;第24卷(第5期);第7-11页 *

Also Published As

Publication number Publication date
CN108306887A (en) 2018-07-20

Similar Documents

Publication Publication Date Title
CN108306887B (en) Block chain-based Internet of things security and data privacy protection system
CN110121873B (en) Access token management method, terminal and server
US11055802B2 (en) Methods and apparatus for implementing identity and asset sharing management
US20190294817A1 (en) Method and system for managing access to personal data by means of a smart contract
CN109361688B (en) Evidence storing method and system based on 5G architecture and block chain
CN100542092C (en) Distributed access control method in multistage securities
US20210377258A1 (en) Attributed network enabled by search and retreival of privity data from a registry and packaging of the privity data into a digital registration certificate for attributing the data of the attributed network
Li et al. Providing privacy-aware incentives in mobile sensing systems
CN108009878A (en) A kind of information processing method and its device
CN112789823B (en) Block chain-based competitive election network system and competitive election method
CN104184713A (en) Terminal identification method, machine identification code registration method, and corresponding system and equipment
CN107209659A (en) Mobile authentication in mobile virtual network
US20190141048A1 (en) Blockchain identification system
CN105518689B (en) Method and system relating to user authentication for accessing a data network
RU2008141288A (en) AUTHENTICATION FOR COMMERCIAL TRANSACTION WITH THE MOBILE MODULE
CN101321064A (en) Information system access control method and apparatus based on digital certificate technique
CN112685790B (en) Block chain data security and privacy protection method
US20230071022A1 (en) Zero-knowledge proof-based certificate service method using blockchain network, certification support server using same, and user terminal using same
WO2019056971A1 (en) Authentication method and device
CN109670825B (en) Digital asset real name registration system based on certificate association
CN107733652A (en) For sharing the method for unlocking and system and lock of the vehicles
CN104657856A (en) Position certification based intelligent mobile client payment method and server system
CN109685664A (en) One kind being based on the associated digital asset real name register system of assets mandatory system
KR101066693B1 (en) Method for securing an electronic certificate
TWI759908B (en) The method of generating the authorization allow list and the information security system using it

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant