CN111010376A - Master-slave chain-based Internet of things authentication system and method - Google Patents

Master-slave chain-based Internet of things authentication system and method Download PDF

Info

Publication number
CN111010376A
CN111010376A CN201911194864.0A CN201911194864A CN111010376A CN 111010376 A CN111010376 A CN 111010376A CN 201911194864 A CN201911194864 A CN 201911194864A CN 111010376 A CN111010376 A CN 111010376A
Authority
CN
China
Prior art keywords
internet
things
authentication
equipment
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911194864.0A
Other languages
Chinese (zh)
Other versions
CN111010376B (en
Inventor
王心妍
秦龙
蒋炜
郭少勇
李东
亓峰
远方
王丰宁
马圳江
朱贝贝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Beijing University of Posts and Telecommunications
Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Beijing University of Posts and Telecommunications
Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Beijing University of Posts and Telecommunications, Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201911194864.0A priority Critical patent/CN111010376B/en
Publication of CN111010376A publication Critical patent/CN111010376A/en
Application granted granted Critical
Publication of CN111010376B publication Critical patent/CN111010376B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The embodiment of the invention provides an Internet of things authentication system and method based on a master-slave chain, wherein the system comprises: the system comprises a main chain module and a slave chain module, wherein the main chain module is arranged on a block chain cloud layer and is used for detecting authentication information sent by the slave chain module in an authentication request, feeding back a detection result to the slave chain module and storing the detection result; the slave chain module is arranged in the Internet of things domain, the slave chain module in the Internet of things domain is in communication connection with the corresponding server in the main chain module respectively, the slave chain module is used for storing credible authentication information of the Internet of things equipment and authentication information of the equipment in the Internet of things domain, the credible authentication information of the Internet of things equipment is used for authenticating the Internet of things equipment when the equipment in the Internet of things domain is accessed, and the authentication information of the equipment in other Internet of things domains is used for authenticating the Internet of things equipment when cross-domain access is performed. By adopting the system, the requirements of the Internet of things equipment during intra-domain authentication and cross-domain authentication can be met, and the authentication efficiency of the system is improved.

Description

Master-slave chain-based Internet of things authentication system and method
Technical Field
The invention relates to the technical field of remote access security of the Internet of things, in particular to an Internet of things authentication system and method based on a master-slave chain.
Background
The 'everything interconnection' highly developed by the internet of things can provide ubiquitous connection and ubiquitous business and represents the future development trend of information social infrastructure. In order to meet the ubiquitous connection and ubiquitous service requirements and break the trust problem encountered by data sharing of chimney-type isolated systems in the Internet of things industry, the Internet of things is undergoing a series of changes, and on the architecture level, the architecture of the Internet of things is not a vertical integrated structure from an application system to a terminal, but is a level structure taking an Internet of things platform, an Internet of things terminal system and the like as the core. Under the trend, how to guarantee the credible authentication of the terminal of the internet of things with the scale of hundred million between multiple systems or multiple domains becomes a current core problem.
At present, the most common authentication method is similar to an identity certificate, but the method is easy to be attacked by cloning. Many scholars propose to use a block chain to realize the credible authentication of the equipment of the internet of things so as to improve the safety credibility of the system of the internet of things.
However, the simple addition of the block chain structure leads to the disadvantages of increased time consumption and low throughput of trusted authentication, and the disadvantages are more obviously exposed in the context of the huge application of the internet of things.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the invention provides an Internet of things authentication system based on a master-slave chain.
The embodiment of the invention provides an Internet of things authentication system based on a master-slave chain, which comprises: a master chain module, a slave chain module, wherein,
the main chain module is arranged on the block chain cloud layer and used for detecting the authentication information sent by the secondary chain module in the authentication request, feeding back a detection result to the secondary chain module and storing the detection result;
the chain module sets up in the thing networking intra-area from, each thing networking intra-area from the chain module respectively with the server communication connection that corresponds in the main chain module, from the authentication information that the chain module is used for the credible authentication information of storage thing networking equipment and the equipment in this thing networking area of other thing networking, the credible authentication information of thing networking equipment is used for right when visiting in the domain the thing networking equipment is authenticated, the authentication information in this thing networking area of other thing networking area is used for when visiting across the domain the thing networking equipment is authenticated.
The embodiment of the invention provides an Internet of things authentication method based on the system, which comprises the following steps:
when the internet of things authentication system detects an access request of internet of things equipment, judging whether the type of the access request is intra-domain access or cross-domain access according to an access object corresponding to the access request;
acquiring a corresponding authentication flow according to the type of the access request;
and authenticating the Internet of things equipment according to the authentication flow.
In one embodiment, the method further comprises:
the method comprises the steps that an Internet of things device of the Internet of things authentication system generates a secret key, encrypts an access application according to the secret key, and sends the access application to a slave chain;
the slave chain of the Internet of things authentication system inquires whether an authentication record contains the Internet of things equipment according to the access application, and when the authentication record does not contain the Internet of things equipment, the slave chain feeds back rejection information to the Internet of things equipment;
when the authentication record contains the Internet of things equipment, sending equipment information of the Internet of things equipment to a main chain of the Internet of things authentication system;
the main chain of the Internet of things authentication system detects whether the Internet of things equipment is registered according to the equipment information;
when the Internet of things equipment is unregistered, a slave chain of the Internet of things authentication system generates a certificate and sends the certificate to the Internet of things equipment, so that the Internet of things equipment completes an access request;
and the main chain of the Internet of things authentication system performs consensus accounting on the Internet of things equipment information.
In one embodiment, the method further comprises:
when the Internet of things equipment of the Internet of things authentication system accesses a target system of a second Internet of things domain from a first Internet of things domain, the Internet of things equipment sends a cross-chain authentication request to a second slave chain in the second Internet of things domain;
a second slave chain of the Internet of things authentication system analyzes the cross-chain authentication request, generates random numbers and respectively sends the random numbers to the main chain and the Internet of things equipment;
the main chain of the internet of things authentication system and the internet of things equipment analyze and calculate the random number, and send a calculation result to the second slave chain;
a second slave chain of the IOT authentication system compares the main chain with the calculation results of the IOT equipment, and when the calculation results are the same, the IOT equipment is judged to be credible authentication equipment, and the second IOT domain is connected with the IOT equipment;
a second networking domain of the Internet of things authentication system generates a certificate and sends the certificate to Internet of things equipment, so that the Internet of things equipment can access the target system;
and the main chain of the Internet of things authentication system performs consensus accounting on the Internet of things equipment information.
In one embodiment, the method further comprises:
the structure of information when information is sent between the main chain and the slave chain is the same as the structure of mutual information between the slave chain and the internet of things equipment, and the structure of the information is a preset unified message structure model.
In one embodiment, the method further comprises:
the unified message structure model consists of a header and a packet;
the header comprises address information, information type, information integrity, information identifier, information timestamp, information check code and remark information;
the packet includes the content of the information.
In one embodiment, the method further comprises:
when the main chain of the internet of things authentication system and the slave chain of the internet of things authentication system carry out information interaction, a component of a coordination network is called to support the information interaction between the main chain and the slave chain.
In one embodiment, the method further comprises:
and when detecting that an information sending accident occurs in the authentication process, returning authentication failure information to the equipment of the Internet of things.
According to the system and the method for authenticating the internet of things based on the master-slave chain, provided by the embodiment of the invention, the identity of the internet of things equipment in the access process is authenticated through the master chain module of the block chain cloud layer and the slave chain module in the field of the internet of things, and a credible authentication flow is constructed and formed according to the framework, so that the requirements of the internet of things equipment in the field authentication and the cross-domain authentication are met, and the authentication efficiency of the system is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a structural diagram of an internet of things authentication system based on a master-slave chain in an embodiment of the present invention;
fig. 2 is a flowchart of an internet of things authentication method based on a master-slave chain in the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic structural diagram of an internet of things authentication system based on a master-slave chain according to an embodiment of the present invention, and as shown in fig. 1, an internet of things authentication system based on a master-slave chain according to an embodiment of the present invention includes: a master chain module 101 and a slave chain module 102 communicatively coupled to the master chain module 101.
The main chain module 101 is arranged on the upper layer of the authentication system, the upper layer is a block chain cloud layer, the main chain module 101 is mainly used for detecting authentication information sent by the slave chain module, feeding back a detection result to the slave chain module and storing the detection result, the main chain can be an alliance chain with blocks linearly arranged according to a time sequence, can be realized by an ether house or a super account book, can be used as a trusted authentication of equipment cross-chain and a trusted sharing platform of cross-chain interaction, and nodes of the trusted alliance chain are constructed and maintained by public trusted institutions such as governments, banks and the like. The information stored in each tile server in the main chain may include: block head: the hash value of the block, the hash value of the previous block, the merkle tree root, the signature of the block constructor and the timestamp; zone block body: corresponding side-chain block digest, device authentication record, etc.
In addition, the slave chain module 102 is disposed at a lower layer of the authentication system, the slave chain modules in each internet of things domain are respectively in communication connection with the corresponding servers in the master chain module, and generally, only one slave chain is included in one internet of things domain, the trusted authentication information of the internet of things device and the authentication information of other devices in the internet of things domain are stored in the slave chain module, the trusted authentication information of the internet of things device is used for authenticating the internet of things device when the internet of things domain accesses, and the authentication information of other devices in the internet of things domain is used for authenticating the internet of things device when the internet of things domain accesses across domains.
The structure of the slave chain is the same as that of the main chain, the side chain is also a alliance chain, the block head is the same as that of the main chain, and the hash value of the block, the hash value of the last block, the merkle tree root, the signature of the block constructor and the timestamp are stored; the block body records credible authentication information of the Internet of things equipment and authentication information of other domain equipment in the domain. Each side chain book records information of various devices, and is used for device authentication as comparison.
In addition, a block of slave chain modules is constructed from slave link points, communicating with the master chain; due to the diversity of the physical entities from the chain nodes, the chain nodes are divided into communication nodes, verification nodes and candidate nodes. The communication nodes are used for communicating with the main chain, the verification nodes are used for identifying and constructing the secondary chain blocks, and the candidate nodes are not involved in identifying and are mainly used for forwarding data and storing the identifying results.
By adopting the master-slave chain-based internet of things authentication system provided by the embodiment, the identity of the internet of things equipment in the access process can be authenticated through the master chain module of the block chain cloud layer and the slave chain module in the internet of things domain, and a credible authentication flow is constructed and formed according to the framework, so that the requirements of the internet of things equipment in intra-domain authentication and cross-domain authentication are met, and the authentication efficiency of the system is improved
Based on the internet of things authentication system based on the master-slave chain shown in fig. 1, the present embodiment also provides an internet of things authentication method, as shown in fig. 2, the method mainly includes the following steps:
step S201, when the Internet of things authentication system detects an access request of the Internet of things equipment, judging whether the type of the access request is intra-domain access or cross-domain access according to an access object corresponding to the access request.
Specifically, when the internet of things equipment in the internet of things authentication system accesses and is connected with other systems in the internet of things authentication system, whether the type of the access request is intra-domain access or cross-domain access can be judged according to the access object of the internet of things equipment, for example, the intelligent equipment t of the system a in the internet of things domain 1 is intra-domain access, and the system c of the internet of things domain 2 is cross-domain access from the internet of things domain 1.
Step S202, obtaining the corresponding authentication process according to the type of the access request.
Specifically, after the type of an access request of the internet of things equipment in the internet of things authentication system is determined, a corresponding authentication process is obtained according to the type of the access request, namely when the access request is intra-domain access, the internet of things equipment is authenticated according to the intra-domain access authentication process of the internet of things authentication system; and when the access request is cross-domain access, authenticating the Internet of things equipment according to a cross-domain access authentication process of the Internet of things authentication system.
And step S203, authenticating the Internet of things equipment according to the authentication process.
Specifically, the internet equipment is authenticated according to the authentication process of the internet of things authentication system to the source of the access request of the corresponding type, so that the authentication result of the internet of things authentication system is obtained.
According to the Internet of things authentication method provided by the embodiment of the invention, the Internet of things equipment corresponding to different types of access requests is authenticated based on the Internet of things authentication system, so that the requirements of the Internet of things equipment during intra-domain authentication and cross-domain authentication are met, and the authentication efficiency of the system is improved.
On the basis of the above embodiment, in the internet of things authentication method, when the type of the access request is intra-domain access, the authentication process further includes:
the method comprises the steps that an Internet of things device of the Internet of things authentication system generates a secret key, encrypts an access application according to the secret key, and sends the access application to a slave chain;
the slave chain of the Internet of things authentication system inquires whether an authentication record contains the Internet of things equipment according to the access application, and when the authentication record does not contain the Internet of things equipment, the slave chain feeds back rejection information to the Internet of things equipment;
when the authentication record contains the Internet of things equipment, sending equipment information of the Internet of things equipment to a main chain of the Internet of things authentication system;
the main chain of the Internet of things authentication system detects whether the Internet of things equipment is registered according to the equipment information;
when the Internet of things equipment is unregistered, a slave chain of the Internet of things authentication system generates a certificate and sends the certificate to the Internet of things equipment, so that the Internet of things equipment completes an access request;
and the main chain of the Internet of things authentication system performs consensus accounting on the Internet of things equipment information.
In the embodiment of the invention, the internet of things equipment in one system of the internet of things authentication system in the internet of things domain wants to access other internet of things equipment in the domain, and must be authenticated by the block chain of the domain, wherein the authentication process comprises the steps that the internet of things equipment of the internet of things authentication system generates a secret key, encrypts an access application according to the secret key and sends the access application to the slave chain; the slave chain of the IOT authentication system inquires whether the authentication record contains IOT equipment according to the access application, and when the authentication record does not contain the IOT equipment, the slave chain feeds back rejection information to the IOT equipment; when the authentication record contains the Internet of things equipment, equipment information of the Internet of things equipment is sent to a main chain of the Internet of things authentication system; the main chain of the Internet of things authentication system detects whether the Internet of things equipment is registered or not according to the equipment information; when the IOT equipment is unregistered, a slave chain of the IOT authentication system generates a certificate and sends the certificate to the IOT equipment, so that the IOT equipment can complete an access request; and the main chain of the Internet of things authentication system performs consensus accounting on the Internet of things equipment information.
The authentication process may take the intelligent device t of the system a in the domain 1 of the internet of things as an example to access the system b across systems, and the specific authentication process includes:
(1) and applying for access. The Internet of things equipment t firstly generates a secret key by itself, and the secret key comprises a public key PKtWith the private key SKtThen, an access application is initiated and the application is sent to a side chain corresponding to the family community by using a private key encryption application of the application, wherein the sent information content is as follows:
Figure BDA0002294436210000071
where re represents the registration request, from represents system a, to represents system b, inf represents the information of the internet of things device t, timestamp represents the time of initiating the request, and Sig (.) represents the signature algorithm.
(2) After the side-chain receives the request, the data is parsed using the PKtAnalyzing re and inf, identifying that the message is a request for applying for access, firstly comparing the device information of the internet of things with all the device information of the internet of things in the account book, judging whether the device information is legal, if the account book contains the device information, inquiring the authentication record of the device in the side chain at the moment, and judging whether the request of the device is a legal request (because the request may be the device in another domain which is fake as the device in the cost domain).
If the device information is not found, the device is not the device of the local domain, and the side chain returns rejection information
Figure BDA0002294436210000072
And (4) providing the internet of things equipment t,.
When the authentication records contain the Internet of things equipment, equipment information of the Internet of things equipment is sent to a main chain of an Internet of things authentication system, if the Internet of things equipment cannot be inquired in the main chain, the side chain identifies the Internet of things equipment, and after the whole network identification is completed, a certificate similar to a digital certificate is generated for the Internet of things t as follows:
Figure BDA0002294436210000081
wherein expire represents the validity period of the digital certificate; then, the public key PK of the equipment of the Internet of thingstFrom, to, inf and DCt are stored in the ledger, the format of the ledger is (PK)t,DCtInf, unknown, timestamp), unknown indicates that the transaction status is indeterminate.
(3) The side chain returns an authentication result to the Internet of things equipment t
Figure BDA0002294436210000082
Wherein, Ack is a response frame, which indicates to t that the trusted authentication request has been accepted; and sending information to the backbone to register the device authentication record on the backbone for credentialing, the message format being:
Figure BDA0002294436210000083
(4) main chain node resolution Re1->mcAnd a consensus is made that (PK)1,PKt,DCtInf, timemap) is added into the main chain block account book, after the main block chain finishes the consensus accounting, response information is returned to the side chain to show that the main chain consensus is successful, and the format of the response information is
Figure BDA0002294436210000084
At this time, the unknown state of the transaction in the side-chain account book is changed into the unknown state, which means that the transaction is determined. The authentication process is now complete.
And the Internet of things equipment t uses the digital certificate to access the system b, the system b sends back the slave chain after receiving the digital certificate of the Internet of things and compares the digital certificate with the digital certificate recorded by the slave chain, and after the comparison is correct, the Internet of things equipment t can be successfully accessed into the system b.
The embodiment of the invention authenticates the internet of things equipment requested in the domain based on the internet of things authentication system, meets the requirement of the internet of things equipment during the authentication in the domain, and improves the authentication efficiency of the system.
On the basis of the above embodiment, in the internet of things authentication method, when the type of the access request is intra-domain access, the authentication process further includes:
when the Internet of things equipment of the Internet of things authentication system accesses a target system of a second Internet of things domain from a first Internet of things domain, the Internet of things equipment sends a cross-chain authentication request to a second slave chain in the second Internet of things domain;
a second slave chain of the Internet of things authentication system analyzes the cross-chain authentication request, generates random numbers and respectively sends the random numbers to the main chain and the Internet of things equipment;
the main chain of the internet of things authentication system and the internet of things equipment analyze and calculate the random number, and send a calculation result to the second slave chain;
a second slave chain of the IOT authentication system compares the main chain with the calculation results of the IOT equipment, and when the calculation results are the same, the IOT equipment is judged to be credible authentication equipment, and the second IOT domain is connected with the IOT equipment;
a second networking domain of the Internet of things authentication system generates a certificate and sends the certificate to Internet of things equipment, so that the Internet of things equipment can access the target system;
and the main chain of the Internet of things authentication system performs consensus accounting on the Internet of things equipment information.
In the embodiment of the invention, under a distributed internet of things scene, some internet of things devices can move into the internet of things domain to interact with internet of things devices in other domains, in order to ensure credibility, the internet of things devices need to perform possible authentication on side chains of other domains, and data interaction can be performed only by acquiring a digital certificate, wherein the authentication process comprises the following steps: when the Internet of things equipment of the Internet of things authentication system accesses a target system of a second Internet of things domain from a first Internet of things domain, the Internet of things equipment sends a cross-chain authentication request to a second slave chain in the second Internet of things domain; a second slave chain of the Internet of things authentication system analyzes the cross-chain authentication request, generates random numbers and respectively sends the random numbers to the main chain and the Internet of things equipment; the main chain of the internet of things authentication system and the internet of things equipment analyze and calculate the random number, and send the calculation result to the second slave chain; the second slave chain of the IOT authentication system compares the calculation results of the main chain and the IOT equipment, and when the calculation results are the same, the IOT equipment is judged to be credible authentication equipment, and the second IOT domain is connected with the IOT equipment; a second networking domain of the Internet of things authentication system generates a certificate and sends the certificate to the Internet of things equipment, so that the Internet of things equipment can access the target system; and the main chain of the Internet of things authentication system performs consensus accounting on the Internet of things equipment information.
The authentication process may take, as an example, a system c in which the internet of things device t accesses the internet of things domain two from the internet of things domain one across domains, where the specific authentication process includes:
(1) and applying for cross-chain authentication. The Internet of things equipment is transferred from the Internet of things domain to the Internet of things domain II and accesses the system c, then a cross-chain authentication request is initiated to the side chain II where the family community II is located, and the request format is as follows:
Figure BDA0002294436210000091
wherein, DC1->tThe side chain I is a digital certificate sent to the Internet of things t, and is used for proving that the Internet of things equipment t is equipment of the Internet of things domain I in a cross-domain authentication request; to represents the system to be accessed, which in this example is system c.
(2) The two pairs of RQ of the side chain are analyzed, a cross-domain authentication request is identified, a random number M is generated and respectively sent to the main chain and the Internet of things equipment t, and the data format sent to the main chain is
Figure BDA0002294436210000101
The data format returned to the Internet of things equipment t is
Figure BDA0002294436210000102
Where re is the calculation request.
(3) The main chain and the internet of things equipment analyze the message and obtain a random number M, and at the moment, both the main chain and the internet of things equipment calculate M, wherein the calculation formula is as follows:
Figure BDA0002294436210000103
performing Hash calculation on a random number M by using a digital certificate issued to the Internet of things equipment t by using the side chain 1, and returning a calculation result end to the side chain B by using a public key signature of the side chain B; the returned result of the Internet of things equipment t has a format of
Figure BDA0002294436210000104
The return result format of the main chain is
Figure BDA0002294436210000105
(4) After the results were received for side chain B, the results were compared.
If the results are equal, the internet of things device is the credible authentication device in the internet of things domain, and is allowed to access the internet of things domain 2, and performs data interaction and other operations with the internet of things domain 2; at the moment, a digital certificate of the Internet of things equipment t is generated
Figure BDA0002294436210000106
And will DC2->tRespectively sent to the Internet of things equipment t and the main chain, DC2->tThe method is used for proving that the intelligent device t is authenticated in the physical network domain 2; because the system c is the system to be accessed, the digital certificate which can access the system c is returned to the intelligent device t, and the information format is as follows:
Figure BDA0002294436210000107
the format of the information returned to the main chain is
Figure BDA0002294436210000108
Side chain 2 will (PK)t,DCt->cInf, limit, unknown, timetag) is written into the ledger.
If the results are not equal, the digital certificate or other information of the internet of things device t is incorrect, namely the digital certificate or other information is not credible, and the side chain returns rejection information to the internet of things device t.
(5) As for the initial access chain of the internet-of-things equipment, the main chain receives the authentication information of the side chain B, performs consensus and writes the information into the account book, returns the side chain Back information, and modifies the unknown state into the unknown state by the side chain B.
Like cross-system access within a domain, the internet of things device t uses a digital certificate DCt->cAnd accessing the system c, sending the digital certificate of the Internet of things back to the slave chain in the domain of the Internet of things after the system c receives the digital certificate of the Internet of things, comparing the digital certificate with the digital certificate recorded by the slave chain, and enabling the equipment t of the Internet of things to access the system c successfully after the comparison is correct.
The embodiment of the invention authenticates the cross-domain request Internet of things equipment based on the Internet of things authentication system, meets the requirement of the Internet of things equipment during cross-domain authentication, and improves the authentication efficiency of the system.
On the basis of the above embodiment, the internet of things authentication method further includes:
the structure of information when information is sent between the main chain and the slave chain is the same as the structure of mutual information between the slave chain and the internet of things equipment, and the structure of the information is a preset unified message structure model.
In the embodiment of the invention, because the information interaction of the internet of things authentication system is the information transmission between the main chain and the auxiliary chain and the information transmission between the auxiliary chain and the internet of things equipment, in order to enable different messages to be identified more quickly, the efficiency of information analysis is increased, the communication between the chains or between the chains and the internet of things equipment is carried out through standard affairs, and the structure of the information interaction is set to be a uniform information structure model.
According to the embodiment of the invention, the information interaction structure is set as the uniform information structure model, so that the information analysis efficiency is increased, and the authentication efficiency is improved.
On the basis of the above embodiment, the internet of things authentication method further includes:
the unified message structure model consists of a header and a packet;
the header comprises address information, information type, information integrity, information identifier, information timestamp, information check code and remark information;
the packet includes the content of the information.
In the embodiment of the present invention, the unified message structure model is composed of a header and a packet, where the header may include eight parts, such as address information, information type, information integrity, information identifier, information timestamp, information check code, remark information, and specifically:
source: the network address of the transaction initiator occupies 16 bits.
Destination: the network address of the transaction receiver occupies 16 bits.
Type: indicating the type of transaction, which may be authentication, query, etc.
Packet length: the number of bits occupied by a packet is represented, and can be used for judging whether the information acceptance is complete or not.
Sequence: an identifier unique to each piece of information.
Timestamp: the timestamp generated by this information.
CRC: the checksum of the header + packet field may be used by the receiver to check the correctness of the message.
Remark: and (4) remarking information.
The Packet includes the content of the information, i.e. the information to be transmitted, and there are 4 types of information in the authentication process:
Figure BDA0002294436210000121
Figure BDA0002294436210000122
Figure BDA0002294436210000123
Figure BDA0002294436210000124
the symbols represent the following meanings: PKM、SKMPublic and private keys, PK, representing the backbone, respectivelyi、SKiThe public key and the private key respectively representing the side chain i, and the same principle, PKt、SKtAnd also represents the public key and the private key of the internet of things device t. Sig*() An algorithm for signing information using x is indicated. the timestamp is the timestamp, i.e. the time when the piece of information was generated.
The information format of the side chain to the main chain is shown in (1), (2) the format of the main chain to send messages to the side chain, (3) the information format of the side chain to be sent by the equipment of the internet of things, and (4) the information format of the side chain to be returned to the equipment of the internet of things.
The embodiment of the invention sets the information interaction structure as a uniform information structure model and specifies the structure of the model, thereby increasing the information analysis efficiency and improving the authentication efficiency.
On the basis of the above embodiment, the internet of things authentication method further includes:
when the main chain of the internet of things authentication system and the slave chain of the internet of things authentication system carry out information interaction, a component of a coordination network is called to support the information interaction between the main chain and the slave chain.
In the embodiment of the invention, the internet of things authentication system supports cross-link communication by using components of a coordination network. It is a network between the master and slave chains that combines the communication nodes of the slave chain with the nodes of the master chain. The coordination network is independent. Nodes in the network communicate with each other to maintain routing information and authentication information for the slave and master chains in the model. Each blockchain system accesses the coordinated network through a repeater node.
The embodiment of the invention arranges the coordination network between the main chain and the slave chain of the authentication system of the internet of things, because the communication between the main chain and the slave chain is not as simple as the intra-chain communication. Different networks, information models and logic structures between the main chain and the slave chain increase the difficulty of cross-chain communication, and in order to overcome the difficulty, a coordination network is arranged between the main chain and the slave chain of the authentication system of the internet of things.
On the basis of the above embodiment, the internet of things authentication method further includes:
and when detecting that an information sending accident occurs in the authentication process, returning authentication failure information to the equipment of the Internet of things.
In the embodiment of the invention, during a transaction, communication among cross-chains, communication among different entities and even communication in a chain may cause sending accidents such as information transmission interruption due to some reasons (such as damage of facilities and the like), although the occurrence possibility is very little, in order to reduce negative effects caused by the situation as much as possible, a time threshold is set, if information is not returned to a message sending node within a certain time, the message sending node resends the message (because the problem of network transmission delay is possible), if returned information is not received for three times, the message is judged to be incapable of being transmitted, and authentication failure information is returned to the equipment of the internet of things. Trusted access is in progress for a period of time.
According to the embodiment of the invention, the information sending accident is detected in the authentication system of the Internet of things, and the authentication failure information is returned, so that the user can know the condition of the information sending accident.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (8)

1. An internet of things authentication system based on a master-slave chain is characterized by comprising: a master chain module, a slave chain module, wherein,
the main chain module is arranged on the block chain cloud layer and used for detecting the authentication information sent by the secondary chain module in the authentication request, feeding back a detection result to the secondary chain module and storing the detection result;
the chain module sets up in the thing networking intra-area from, each thing networking intra-area from the chain module respectively with the server communication connection that corresponds in the main chain module, from the authentication information that the chain module is used for the credible authentication information of storage thing networking equipment and the equipment in this thing networking area of other thing networking, the credible authentication information of thing networking equipment is used for right when visiting in the domain the thing networking equipment is authenticated, the authentication information in this thing networking area of other thing networking area is used for when visiting across the domain the thing networking equipment is authenticated.
2. An internet of things authentication method based on the system of claim 1, comprising:
when the internet of things authentication system detects an access request of internet of things equipment, judging whether the type of the access request is intra-domain access or cross-domain access according to an access object corresponding to the access request;
acquiring a corresponding authentication flow according to the type of the access request;
and authenticating the Internet of things equipment according to the authentication flow.
3. The internet of things authentication method of claim 2, wherein when the type of the access request is intra-domain access, the authentication process comprises:
the method comprises the steps that an Internet of things device of the Internet of things authentication system generates a secret key, encrypts an access application according to the secret key, and sends the access application to a slave chain;
the slave chain of the Internet of things authentication system inquires whether an authentication record contains the Internet of things equipment according to the access application, and when the authentication record does not contain the Internet of things equipment, the slave chain feeds back rejection information to the Internet of things equipment;
when the authentication record contains the Internet of things equipment, sending equipment information of the Internet of things equipment to a main chain of the Internet of things authentication system;
the main chain of the Internet of things authentication system detects whether the Internet of things equipment is registered according to the equipment information;
when the Internet of things equipment is unregistered, a slave chain of the Internet of things authentication system generates a certificate and sends the certificate to the Internet of things equipment, so that the Internet of things equipment completes an access request;
and the main chain of the Internet of things authentication system performs consensus accounting on the Internet of things equipment information.
4. The internet of things authentication method of claim 2, wherein when the type of the access request is cross-domain access, the authentication process comprises:
when the Internet of things equipment of the Internet of things authentication system accesses a target system of a second Internet of things domain from a first Internet of things domain, the Internet of things equipment sends a cross-chain authentication request to a second slave chain in the second Internet of things domain;
a second slave chain of the Internet of things authentication system analyzes the cross-chain authentication request, generates random numbers and respectively sends the random numbers to the main chain and the Internet of things equipment;
the main chain of the internet of things authentication system and the internet of things equipment analyze and calculate the random number, and send a calculation result to the second slave chain;
a second slave chain of the IOT authentication system compares the main chain with the calculation results of the IOT equipment, and when the calculation results are the same, the IOT equipment is judged to be credible authentication equipment, and the second IOT domain is connected with the IOT equipment;
a second networking domain of the Internet of things authentication system generates a certificate and sends the certificate to Internet of things equipment, so that the Internet of things equipment can access the target system;
and the main chain of the Internet of things authentication system performs consensus accounting on the Internet of things equipment information.
5. The internet of things authentication method as claimed in any one of claims 3 and 4, further comprising:
the structure of information when information is sent between the main chain and the slave chain is the same as the structure of mutual information between the slave chain and the internet of things equipment, and the structure of the information is a preset unified message structure model.
6. The internet of things authentication method of claim 5, further comprising:
the unified message structure model consists of a header and a packet;
the header comprises address information, information type, information integrity, information identifier, information timestamp, information check code and remark information;
the packet includes the content of the information.
7. The internet of things authentication method as claimed in any one of claims 3 and 4, further comprising:
when the main chain of the internet of things authentication system and the slave chain of the internet of things authentication system carry out information interaction, a component of a coordination network is called to support the information interaction between the main chain and the slave chain.
8. The internet of things authentication method of any one of claim 2, further comprising:
and when detecting that an information sending accident occurs in the authentication process, returning authentication failure information to the equipment of the Internet of things.
CN201911194864.0A 2019-11-28 2019-11-28 Master-slave chain-based Internet of things authentication system and method Active CN111010376B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911194864.0A CN111010376B (en) 2019-11-28 2019-11-28 Master-slave chain-based Internet of things authentication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911194864.0A CN111010376B (en) 2019-11-28 2019-11-28 Master-slave chain-based Internet of things authentication system and method

Publications (2)

Publication Number Publication Date
CN111010376A true CN111010376A (en) 2020-04-14
CN111010376B CN111010376B (en) 2022-01-21

Family

ID=70113463

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911194864.0A Active CN111010376B (en) 2019-11-28 2019-11-28 Master-slave chain-based Internet of things authentication system and method

Country Status (1)

Country Link
CN (1) CN111010376B (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111970370A (en) * 2020-08-26 2020-11-20 电子科技大学 Communication equipment system-oriented multilayer block chain protocol expansion system and method
CN112019349A (en) * 2020-08-28 2020-12-01 南京工程学院 Cross-domain authentication method for power internet of things based on cross-chain technology
CN112333218A (en) * 2021-01-10 2021-02-05 广州技象科技有限公司 Internet of things access authentication method, device, equipment and storage medium
CN112636977A (en) * 2020-12-23 2021-04-09 四川虹微技术有限公司 Internet of things equipment management method, registration method, device and system and electronic equipment
CN112769762A (en) * 2020-12-22 2021-05-07 广州技象科技有限公司 Distributed efficient Internet of things equipment access method
CN112967423A (en) * 2021-02-01 2021-06-15 德施曼机电(中国)有限公司 Method, system, equipment and storage medium for unlocking coded lock
CN113343196A (en) * 2021-06-01 2021-09-03 永旗(北京)科技有限公司 Internet of things security authentication method
CN113518124A (en) * 2021-06-24 2021-10-19 西南林业大学 Internet of things equipment authentication method based on cellular block chain network
CN113972991A (en) * 2020-07-23 2022-01-25 南京理工大学 Cross-domain identity authentication method based on multistage alliance chain
CN114158107A (en) * 2021-11-26 2022-03-08 北京邮电大学 Wireless trusted cooperative processing method and system
CN114268493A (en) * 2021-12-21 2022-04-01 联想(北京)有限公司 Cross-domain access method on block chain and server
CN114374700A (en) * 2022-01-10 2022-04-19 之江实验室 Master-slave multi-chain based trusted identity management method supporting wide area collaboration
CN114553883A (en) * 2022-03-02 2022-05-27 北京中科锐链科技有限公司 Cloud edge terminal cooperative data acquisition and privacy protection method and system based on block chain
CN115622716A (en) * 2022-12-19 2023-01-17 湖南天河国云科技有限公司 Internet of things equipment identity authentication method based on block chain

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101399671A (en) * 2008-11-18 2009-04-01 中国科学院软件研究所 Cross-domain authentication method and system thereof
CN108737370A (en) * 2018-04-05 2018-11-02 西安电子科技大学 A kind of cross-domain Verification System of Internet of Things based on block chain and method
CN109981689A (en) * 2019-04-29 2019-07-05 清华大学 Cross-domain logical is isolated by force and safety access control method and device under scenes of internet of things
CN110288345A (en) * 2019-06-26 2019-09-27 深圳市网心科技有限公司 Across chain communication means, device, main chain node and storage medium
CN110311958A (en) * 2019-06-14 2019-10-08 柳州市蓝海数链科技有限公司 A kind of block chain network system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101399671A (en) * 2008-11-18 2009-04-01 中国科学院软件研究所 Cross-domain authentication method and system thereof
CN108737370A (en) * 2018-04-05 2018-11-02 西安电子科技大学 A kind of cross-domain Verification System of Internet of Things based on block chain and method
CN109981689A (en) * 2019-04-29 2019-07-05 清华大学 Cross-domain logical is isolated by force and safety access control method and device under scenes of internet of things
CN110311958A (en) * 2019-06-14 2019-10-08 柳州市蓝海数链科技有限公司 A kind of block chain network system
CN110288345A (en) * 2019-06-26 2019-09-27 深圳市网心科技有限公司 Across chain communication means, device, main chain node and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杜瑞忠等: "物联网中基于智能合约的访问控制方法", 《计算机研究与发展》 *

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113972991A (en) * 2020-07-23 2022-01-25 南京理工大学 Cross-domain identity authentication method based on multistage alliance chain
CN111970370A (en) * 2020-08-26 2020-11-20 电子科技大学 Communication equipment system-oriented multilayer block chain protocol expansion system and method
CN111970370B (en) * 2020-08-26 2021-06-22 电子科技大学 Communication equipment system-oriented multilayer block chain protocol expansion system and method
CN112019349A (en) * 2020-08-28 2020-12-01 南京工程学院 Cross-domain authentication method for power internet of things based on cross-chain technology
CN112019349B (en) * 2020-08-28 2022-12-13 南京工程学院 Cross-chain technology-based cross-domain authentication method for power internet of things
CN112769762A (en) * 2020-12-22 2021-05-07 广州技象科技有限公司 Distributed efficient Internet of things equipment access method
CN112769762B (en) * 2020-12-22 2022-02-25 广州技象科技有限公司 Distributed efficient Internet of things equipment access method
CN112636977A (en) * 2020-12-23 2021-04-09 四川虹微技术有限公司 Internet of things equipment management method, registration method, device and system and electronic equipment
CN112333218A (en) * 2021-01-10 2021-02-05 广州技象科技有限公司 Internet of things access authentication method, device, equipment and storage medium
CN112333218B (en) * 2021-01-10 2021-04-02 广州技象科技有限公司 Internet of things access authentication method, device, equipment and storage medium
CN112967423A (en) * 2021-02-01 2021-06-15 德施曼机电(中国)有限公司 Method, system, equipment and storage medium for unlocking coded lock
CN113343196A (en) * 2021-06-01 2021-09-03 永旗(北京)科技有限公司 Internet of things security authentication method
CN113518124A (en) * 2021-06-24 2021-10-19 西南林业大学 Internet of things equipment authentication method based on cellular block chain network
CN113518124B (en) * 2021-06-24 2022-04-01 西南林业大学 Internet of things equipment authentication method based on cellular block chain network
CN114158107A (en) * 2021-11-26 2022-03-08 北京邮电大学 Wireless trusted cooperative processing method and system
CN114158107B (en) * 2021-11-26 2023-08-01 北京邮电大学 Wireless trusted co-processing method and system
CN114268493A (en) * 2021-12-21 2022-04-01 联想(北京)有限公司 Cross-domain access method on block chain and server
CN114268493B (en) * 2021-12-21 2023-07-21 联想(北京)有限公司 Cross-domain access method and server on block chain
CN114374700A (en) * 2022-01-10 2022-04-19 之江实验室 Master-slave multi-chain based trusted identity management method supporting wide area collaboration
CN114374700B (en) * 2022-01-10 2024-05-03 之江实验室 Trusted identity management method supporting wide area collaboration based on master-slave multiple chains
CN114553883A (en) * 2022-03-02 2022-05-27 北京中科锐链科技有限公司 Cloud edge terminal cooperative data acquisition and privacy protection method and system based on block chain
CN115622716A (en) * 2022-12-19 2023-01-17 湖南天河国云科技有限公司 Internet of things equipment identity authentication method based on block chain

Also Published As

Publication number Publication date
CN111010376B (en) 2022-01-21

Similar Documents

Publication Publication Date Title
CN111010376B (en) Master-slave chain-based Internet of things authentication system and method
CN110958110B (en) Block chain private data management method and system based on zero knowledge proof
CN113194469B (en) 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain
CN112583596B (en) Complete cross-domain identity authentication method based on block chain technology
CN112583917B (en) CSCP-based hybrid chain construction method
US20230316273A1 (en) Data processing method and apparatus, computer device, and storage medium
CN110930153B (en) Block chain privacy data management method and system based on hidden third party account
CN104184713A (en) Terminal identification method, machine identification code registration method, and corresponding system and equipment
CN113328997B (en) Alliance chain crossing system and method
US20180124048A1 (en) Data transmission method, authentication method, and server
US20230006840A1 (en) Methods and devices for automated digital certificate verification
CN113469371B (en) Federal learning method and apparatus
CN112491829B (en) MEC platform identity authentication method and device based on 5G core network and blockchain
US20220094542A1 (en) Methods and devices for public key management using a blockchain
CN112311779B (en) Data access control method and device applied to block chain system
CN113343196A (en) Internet of things security authentication method
CN116137006A (en) Block chain crossing method, device and readable storage medium
CN108075895B (en) Node permission method and system based on block chain
CN102255904A (en) Communication network and terminal authentication method thereof
CN112836199A (en) Tool and method for realizing unified authentication
CN112118292A (en) Method, apparatus, network node and storage medium for cross-link communication
US10057252B1 (en) System for secure communications
CN116074061A (en) Data processing method and device for rail transit, electronic equipment and storage medium
CN112104701B (en) Method, device, network node and storage medium for cross-link communication
CN112104607B (en) Method, device, network node and storage medium for cross-link communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant