CN111181946A - Credible traceability system and method based on block chain and Internet of things - Google Patents

Credible traceability system and method based on block chain and Internet of things Download PDF

Info

Publication number
CN111181946A
CN111181946A CN201911350217.4A CN201911350217A CN111181946A CN 111181946 A CN111181946 A CN 111181946A CN 201911350217 A CN201911350217 A CN 201911350217A CN 111181946 A CN111181946 A CN 111181946A
Authority
CN
China
Prior art keywords
traceability
certificate
base station
mobile
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911350217.4A
Other languages
Chinese (zh)
Other versions
CN111181946B (en
Inventor
梁景雄
陈积明
史治国
潘骏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Original Assignee
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU filed Critical Zhejiang University ZJU
Priority to CN201911350217.4A priority Critical patent/CN111181946B/en
Publication of CN111181946A publication Critical patent/CN111181946A/en
Application granted granted Critical
Publication of CN111181946B publication Critical patent/CN111181946B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3265Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/69Types of network addresses using geographic information, e.g. room number
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/53Network services using third party service providers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The invention discloses a credible traceability system and a credible traceability method based on a block chain and an Internet of things. The system comprises a mobile tracing terminal, a base station, a cloud server and a certificate system; the mobile traceability terminal installs a certificate issued by the certificate system when leaving a factory, connects the nearest base station during circulation, and uploads traceability data to the base station after the verification of the base station; the base station authenticates the terminal through the certificate system and the block chain platform, receives the traceability data after the authentication is passed, carries out signature endorsement on the traceability data, adds the information of the base station to form a complete traceability data packet and uploads the complete traceability data packet to the block chain platform; the cloud server provides a tracing service system and can inquire a complete tracing track; aiming at the risk of counterfeiting of the block chain traceability data, the reliability of the traceability data is guaranteed by introducing the base station to carry out endorsement.

Description

Credible traceability system and method based on block chain and Internet of things
Technical Field
The invention relates to the technical field of Internet of things, block chains and traceability, in particular to a trusted traceability system and method based on the block chains and the Internet of things.
Background
The information tracing of the commodities is always a hot topic of social attention, information such as whether the food production processing source and vaccine transportation reach the standard can effectively guarantee the legitimate rights and interests of consumers, the credible tracing of the commodities has a huge blank all the time, a large amount of data tampering risks exist in the traditional tracing means, and the real reliability of the data cannot be technically guaranteed. The concrete aspects are as follows: 1. the traceability of the paper recording mode has the risk of data tampering, and the paper recording mode is difficult to be kept for a long time. 2. By adopting the RFID technology for wireless sensing and the database recording, the database centralized structure also has the risk of data tampering.
With the development of the technologies of the internet of things and the block chain, the goods credible traceability is provided with opportunities, the automatic data acquisition and flexible and easily-deployed characteristics of the internet of things meet the traceability scene requirements, the distributed non-falsification characteristic of the block chain ensures the reliability and safety of the data, and the combination of the two technologies can greatly promote the landing of the credible traceability technology.
Disclosure of Invention
The invention aims to make up the defects of the current traceability technology, and builds a commodity credible traceability platform based on a block chain and an Internet of things technology. The system introduces three roles of a tracing service software provider, a tracing hardware provider and a network service provider from the architecture to enter a tracing system, and data of the three roles are interconnected and intercommunicated through a block chain platform and a certificate system, are mutually supervised, and maintain the transparency and the credibility of tracing data.
The purpose of the invention is realized by the following technical scheme: the invention provides a credible traceability system based on a block chain and an Internet of things, which comprises a mobile traceability terminal, a communication base station facility for operating a block chain node, a cloud server and a certificate system; the base station group and the cloud server form a distributed block chain platform;
when the mobile traceability terminal leaves a factory, a digital certificate issued by a certificate system is installed, when the mobile traceability terminal is circulated, the mobile traceability terminal is often in the process of continuous movement of geographic positions, the mobile traceability terminal is connected with the nearest base station through the certificate issued by the certificate system in different geographic positions, and traceability data are uploaded to the base station after the mobile traceability terminal is verified by the base station;
the base station is characterized by a fixed position and is not movable; the base station inquires the validity of a certificate of the mobile traceability terminal to be connected through a certificate system, refuses connection if the certificate is invalid, inquires whether the mobile traceability terminal is registered or not from a block chain platform if the certificate is valid, disconnects the connection if the certificate is not registered, successfully verifies if the certificate is registered, receives traceability data uploaded by the mobile traceability terminal, signs the traceability data, and adds self information (base station ID, base station position and current timestamp) of the base station to form a complete traceability data packet to be uploaded to the block chain platform;
the cloud server registers certificate information of the mobile tracing terminal to the blockchain platform, and provides a tracing service system for consumers or managers to inquire tracing data, wherein the tracing data comprises original data uploaded by the mobile tracing terminal, connected base station information and connection time, and a complete tracing track is formed;
the authentication information and the tracing data of the mobile tracing terminal are shared between the cloud server and the base station through the block chain platform.
Further, the certificate system comprises two functions of generating a certificate chain and certificate authentication, the generated certificate chain is characterized in that a secondary CA certificate is generated based on a root CA certificate, then a Server certificate and a Client certificate are respectively issued for the base station and the mobile traceability terminal based on the secondary CA certificate, the certificate is characterized in that a public key file and a private key file are included, and the base station and the mobile traceability terminal store the complete secondary CA certificate and the root CA certificate. The certificate authentication function means that when the mobile traceability terminal is connected with the base station, the Client certificate of the mobile traceability terminal is sent, the base station also sends the Server certificate of the mobile traceability terminal, and the base station and the mobile traceability terminal complete certificate validity verification through a second-level CA certificate and a root CA certificate which are stored locally.
Furthermore, the mobile tracing terminal adopts a universal MCU processor to process multi-path universal sensor signals, is provided with a multi-path universal sensor access interface and a single-path wireless transmission module interface, and can replace and adjust the wireless transmission module and the sensor module according to different application scenes. The tracing mobile terminal and the traced commodity are transported together, various physical information data in the transportation process are measured through the universal sensor, and the data are sent to the nearest base station through the wireless transmission module.
Further, the base station runs distributed block chain nodes, when the mobile traceability terminal is connected with the base station, a digital certificate of the base station is provided for the base station, the base station verifies the validity of the mobile traceability terminal certificate based on a certificate system stored in the local, if the certificate is invalid, connection is refused, if the certificate is valid, the unique ID of the terminal is identified and analyzed based on the digital certificate of the mobile traceability terminal, the base station authenticates equipment by inquiring a block chain account book, when the equipment passing authentication reports data, the base station adds base station information (including the base station ID, the base station geographic position and the current timestamp) into a data packet, signs the traceability information to form a complete traceability data packet, and writes the traceability data packet into the block chain account book through a block chain platform intelligent contract to perform whole network synchronization.
Furthermore, the cloud server also comprises a mobile traceability terminal full-life-cycle management module and a traceability big-data billboard module, wherein the mobile traceability terminal full-life-cycle management module provides the functions of registration, deletion, information modification and query of the mobile traceability terminal; the tracing big data billboard module provides functions of checking the number of mobile tracing terminals, the number of base stations, the writing speed of the block chain and the transaction number of the block chain which are accessed by the system.
Furthermore, the block chain platform is built by adopting an alliance chain and is composed of a base station and a cloud server, distributed block chain nodes and the same intelligent contract are operated on the base station and the server, the block chain platform is managed by the cloud server, the base station nodes can call the intelligent contract to write traceability data into the ledger, the cloud server nodes can call the intelligent contract to register and delete traceability device information to the ledger, and the modification of the ledger can be synchronized into the ledger of the nodes of the whole network.
Furthermore, three roles of a tracing service software provider, a tracing hardware provider and a network service provider are introduced from the architecture to enter a tracing system, the tracing service software provider provides cloud server software, block chain platform software and a certificate system, the tracing hardware provider provides a mobile tracing terminal, the network service provider provides base station construction, interconnection and intercommunication of data of the three roles are achieved through the block chain platform and the certificate system, mutual supervision is achieved, and transparency and credibility of tracing data are maintained.
The invention also provides a credible tracing method based on the block chain and the Internet of things, which comprises the following steps:
(1) issuing a digital certificate to a factory mobile tracing terminal and a base station through a certificate system;
(2) registering certificate information of the mobile tracing terminal to a blockchain platform through a cloud server;
(3) the mobile tracing terminal is connected with the nearest base station through a certificate issued by a certificate system to perform bidirectional authentication in the circulation process;
(4) the base station inquires the validity of the certificate of the mobile traceability terminal through a certificate system, connection is refused if the certificate of the mobile traceability terminal is invalid, if the certificate of the mobile traceability terminal is valid, the base station inquires whether the mobile traceability terminal is registered or not from a block chain platform, if the certificate of the mobile traceability terminal is not registered, the connection is disconnected, if the certificate of the mobile traceability terminal is registered, verification is successful, traceability data uploaded by the mobile traceability terminal is received, signature endorsement is carried out on the traceability data, then information (base station ID, base station position and current timestamp) of the base station is added to form complete traceability data, and the complete traceability data are uploaded to the;
(6) a consumer or a manager can query the tracing data including the original data uploaded by the mobile tracing terminal, the connected base station information and the connection time through a tracing service system provided by the cloud server to form a complete tracing track.
Further, the base station signature endorsement method is that after data of the mobile traceability terminal is received, a base station ID, base station position information and a current timestamp are attached to the end of the data, hash operation is performed on the data through a hash algorithm to obtain an abstract value of the information, a Server certificate private key provided for the base station through a certificate system is used for signing the abstract value, and a signature result is attached to the end of the data to form a completed traceability data packet.
The invention has the beneficial effects that: the invention makes up the defects of the current traceability system, authenticates and endorses the traceability equipment by introducing the base station into the traceability system, and inquires the equipment and chains up the traceability data by the block chain platform, thereby greatly improving the credibility of the traceability data, enriching the variety of the traceability data by the base station position information and the timestamp information, forming a complete traceability geographical track by the traceability data and benefiting consumers and supervision departments. A block chain platform and a certificate system of the system introduce three roles of a tracing service software provider, a tracing hardware provider and a network service provider for cooperation and mutual supervision, and transparency and credibility of tracing data are jointly maintained.
Drawings
FIG. 1 is a block diagram of the system architecture of the present invention;
FIG. 2 is a diagram of the certificate chain architecture of the present invention;
FIG. 3 is a block diagram of the device authentication architecture of the present invention;
FIG. 4 is a device authentication timing diagram of the present invention;
FIG. 5 is a block diagram of a source data uplink architecture in accordance with the present invention.
Detailed Description
The invention is further described with reference to the following figures and specific embodiments.
As shown in fig. 1, the trusted traceability system based on a block chain and an internet of things provided by the present invention includes a mobile traceability terminal, a communication base station facility for operating a block chain node, a cloud server, and a certificate system; the base station group and the cloud server form a distributed block chain platform;
when the mobile traceability terminal leaves a factory, a digital certificate issued by a certificate system is installed, when the mobile traceability terminal is circulated, the mobile traceability terminal is often in the process of continuous movement of geographic positions, the mobile traceability terminal is connected with the nearest base station through the certificate issued by the certificate system in different geographic positions, and traceability data are uploaded to the base station after the mobile traceability terminal is verified by the base station;
the base station is characterized by a fixed position and is not movable; the base station inquires the validity of a certificate of the mobile traceability terminal to be connected through a certificate system, refuses connection if the certificate is invalid, inquires whether the mobile traceability terminal is registered or not from a block chain platform if the certificate is valid, disconnects the connection if the certificate is not registered, successfully verifies if the certificate is registered, receives traceability data uploaded by the mobile traceability terminal, signs the traceability data, and adds self information (base station ID, base station position and current timestamp) of the base station to form a complete traceability data packet to be uploaded to the block chain platform;
the cloud server registers certificate information of the mobile tracing terminal to the blockchain platform, and provides a tracing service system for consumers or managers to inquire tracing data, wherein the tracing data comprises original data uploaded by the mobile tracing terminal, connected base station information and connection time, and a complete tracing track is formed;
the authentication information and the tracing data of the mobile tracing terminal are shared between the cloud server and the base station through the block chain platform.
Further, the certificate system comprises two functions of generating a certificate chain and certificate authentication, the generated certificate chain is characterized in that a secondary CA certificate is generated based on a root CA certificate, then a Server certificate and a Client certificate are respectively issued for the base station and the mobile traceability terminal based on the secondary CA certificate, the certificate is characterized in that a public key file and a private key file are included, and the base station and the mobile traceability terminal store the complete secondary CA certificate and the root CA certificate. The certificate authentication function means that when the mobile traceability terminal is connected with the base station, the Client certificate of the mobile traceability terminal is sent, the base station also sends the Server certificate of the mobile traceability terminal, and the base station and the mobile traceability terminal complete certificate validity verification through a second-level CA certificate and a root CA certificate which are stored locally.
Furthermore, the mobile tracing terminal adopts a universal MCU processor to process multi-path universal sensor signals, is provided with a multi-path universal sensor access interface and a single-path wireless transmission module interface, and can replace and adjust the wireless transmission module and the sensor module according to different application scenes. The tracing mobile terminal and the traced commodity are transported together, various physical information data in the transportation process are measured through the universal sensor, such as temperature and humidity data in the vaccine transportation process, and the data are sent to the nearest base station through the wireless transmission module.
Further, the base station runs distributed block chain nodes, when the mobile traceability terminal is connected with the base station, a digital certificate of the base station is provided for the base station, the base station verifies the validity of the mobile traceability terminal certificate based on a certificate system stored in the local, if the certificate is invalid, connection is refused, if the certificate is valid, the unique ID of the terminal is identified and analyzed based on the digital certificate of the mobile traceability terminal, the base station authenticates equipment by inquiring a block chain account book, when the equipment passing authentication reports data, the base station adds base station information (including the base station ID, the base station geographic position and the current timestamp) into a data packet, signs the traceability information to form a complete traceability data packet, and writes the traceability data packet into the block chain account book through a block chain platform intelligent contract to perform whole network synchronization.
Furthermore, the cloud server also comprises a mobile traceability terminal full-life-cycle management module and a traceability big-data billboard module, wherein the mobile traceability terminal full-life-cycle management module provides the functions of registration, deletion, information modification and query of the mobile traceability terminal; the tracing big data billboard module provides functions of checking the number of mobile tracing terminals, the number of base stations, the writing speed of the block chain and the transaction number of the block chain which are accessed by the system.
Furthermore, the block chain platform is built by adopting an alliance chain and is composed of a base station and a cloud server, distributed block chain nodes and the same intelligent contract are operated on the base station and the server, the block chain platform is managed by the cloud server, the base station nodes can call the intelligent contract to write traceability data into the ledger, the cloud server nodes can call the intelligent contract to register and delete traceability device information to the ledger, and the modification of the ledger can be synchronized into the ledger of the nodes of the whole network.
Furthermore, three roles of a tracing service software provider, a tracing hardware provider and a network service provider are introduced from the architecture to enter a tracing system, the tracing service software provider provides cloud server software, block chain platform software and a certificate system, the tracing hardware provider provides a mobile tracing terminal, the network service provider provides base station construction, interconnection and intercommunication of data of the three roles are achieved through the block chain platform and the certificate system, mutual supervision is achieved, and transparency and credibility of tracing data are maintained.
The invention also provides a credible tracing method based on the block chain and the Internet of things, which comprises the following steps:
(1) issuing a digital certificate to a factory mobile tracing terminal and a base station through a certificate system;
(2) registering certificate information of the mobile tracing terminal to a blockchain platform through a cloud server;
(3) the mobile tracing terminal is connected with the nearest base station through a certificate issued by a certificate system to perform bidirectional authentication in the circulation process;
(4) the base station inquires the validity of the certificate of the mobile traceability terminal through a certificate system, connection is refused if the certificate of the mobile traceability terminal is invalid, if the certificate of the mobile traceability terminal is valid, the base station inquires whether the mobile traceability terminal is registered or not from a block chain platform, if the certificate of the mobile traceability terminal is not registered, the connection is disconnected, if the certificate of the mobile traceability terminal is registered, verification is successful, traceability data uploaded by the mobile traceability terminal is received, signature endorsement is carried out on the traceability data, then information (base station ID, base station position and current timestamp) of the base station is added to form complete traceability data, and the complete traceability data are uploaded to the;
(6) a consumer or a manager can query the tracing data including the original data uploaded by the mobile tracing terminal, the connected base station information and the connection time through a tracing service system provided by the cloud server to form a complete tracing track.
Further, the base station signature endorsement method is that after data of the mobile traceability terminal is received, a base station ID, base station position information and a current timestamp are attached to the end of the data, hash operation is performed on the data through a hash algorithm to obtain an abstract value of the information, a Server certificate private key provided for the base station through a certificate system is used for signing the abstract value, and a signature result is attached to the end of the data to form a completed traceability data packet.
As shown in fig. 2, the digital certificate of the present invention is based on a secondary CA certificate network, the secondary CA certificate is issued by a root certificate, the secondary CA certificate is a cloud Server certificate and is provided to a plurality of network service providers to generate respective Server and Client certificates, and the certificates issued by the respective secondary CA certificates perform mutual authentication through the root certificate. And for the network service provider, generating a Server certificate and a Client certificate through the secondary CA certificate, installing the Server certificate on the base station, and providing the Client certificate for the tracing embedded equipment.
As shown in fig. 3, in the device authentication process, the tracing embedded device will be connected to different communication base stations during the operation process, the base station will extract the device ID based on the device connection digital certificate information, query the device by calling an intelligent contract to determine whether to access the device, the system newly added device is written by calling the intelligent contract by the cloud server, the cloud server provides the full life cycle management function of the tracing device to the outside, and the device information update will be synchronized to each base station through the alliance chain.
As shown in fig. 4, the authentication and traceability data uplink process between the mobile traceability terminal and the base station is performed, the mobile traceability terminal provides its own digital certificate when connecting to the base station, the base station parses the certificate to obtain the device ID, and invokes an intelligent contract to query the device information, and if no device registration information exists, the connection is rejected. The method comprises the steps that equipment information is written in a block chain by calling an intelligent contract through a cloud server equipment management module, when the equipment information is stored in the block chain, a base station is connected with the equipment, the base station provides a digital certificate of the base station to the equipment to finish bidirectional authentication, and when tracing data are reported to the base station by the tracing equipment, the base station adds base station information and a signature in a data packet and calls the intelligent contract to finish uplink of the data. After the data are linked up, a traceability data query module on the cloud server can complete query of traceability data by calling a block chain intelligent contract.
Fig. 5 shows a representation of the time-sequential authentication process of fig. 4 over an architectural topology, the basic process being consistent with that described in fig. 4.
The embodiments described above are intended to facilitate one of ordinary skill in the art in understanding and using the invention. It will be readily apparent to those skilled in the art that various modifications to the above-described embodiments may be made, and the generic principles defined herein may be applied to other embodiments without the use of inventive faculty. Therefore, the present invention is not limited to the above embodiments, and those skilled in the art should make improvements and modifications to the present invention based on the disclosure of the present invention within the protection scope of the present invention.

Claims (9)

1. A credible traceability system based on a block chain and the Internet of things is characterized by comprising a mobile traceability terminal, a communication base station facility for operating a block chain node, a cloud server and a certificate system; the base station group and the cloud server form a distributed block chain platform;
when the mobile traceability terminal leaves a factory, a digital certificate issued by the certificate system is installed, when the mobile traceability terminal is circulated, the mobile traceability terminal is connected with the nearest base station through the certificate issued by the certificate system in different geographic positions, and the traceability data is uploaded to the base station after the mobile traceability terminal is verified by the base station.
The base station inquires the validity of a certificate of the mobile traceability terminal to be connected through a certificate system, refuses connection if the certificate is invalid, inquires whether the mobile traceability terminal is registered or not from the block chain platform if the certificate is valid, disconnects connection if the certificate is not registered, successfully verifies if the certificate is registered, receives traceability data uploaded by the mobile traceability terminal, signs the traceability data, adds information of the base station, including the ID of the base station, the position of the base station and the current timestamp, and forms a complete traceability data packet to be uploaded to the block chain platform.
The cloud server registers the certificate information of the mobile traceability terminal to the blockchain platform, and provides a traceability service system for consumers or managers to inquire traceability data, wherein the traceability data comprises original data uploaded by the mobile traceability terminal, connected base station information and connection time, and a complete traceability track is formed.
The authentication information and the tracing data of the mobile tracing terminal are shared between the cloud server and the base station through the block chain platform.
2. The credible traceability system based on the block chain and the internet of things is characterized in that the certificate system comprises two functions of generating a certificate chain and certificate authentication, the generation of the certificate chain is characterized in that a secondary CA certificate is generated based on a root CA certificate, then a Server certificate and a Client certificate are respectively issued for a base station and a mobile traceability terminal based on the secondary CA certificate, the certificate is characterized in that a public key file and a private key file are contained, and the base station and the mobile traceability terminal store the complete secondary CA certificate and the root CA certificate. The certificate authentication function means that when the mobile traceability terminal is connected with the base station, the Client certificate of the mobile traceability terminal is sent, the base station also sends the Server certificate of the mobile traceability terminal, and the base station and the mobile traceability terminal complete certificate validity verification through a second-level CA certificate and a root CA certificate which are stored locally.
3. The credible traceability system based on the block chain and the internet of things as claimed in claim 1, wherein the mobile traceability terminal adopts a general MCU processor to process multi-path general sensor signals, is equipped with a multi-path general sensor access interface and a single-path wireless transmission module interface, and can replace and adjust the wireless transmission module and the sensor module according to different application scenarios. The tracing mobile terminal and the traced commodity are transported together, various physical information data in the transportation process are measured through the universal sensor, and the data are sent to the nearest base station through the wireless transmission module.
4. The trusted traceability system based on the block chain and the internet of things as claimed in claim 1, wherein the base station runs distributed block chain nodes, when the mobile traceability terminal is connected to the base station, the base station provides a digital certificate of the base station, the base station verifies the validity of the certificate of the mobile traceability terminal based on the certificate system stored locally, if the certificate is invalid, the base station refuses to connect, if the certificate is valid, the unique ID of the terminal is identified and analyzed based on the digital certificate of the mobile traceability terminal, the base station authenticates the device by inquiring a block chain account, when the authenticated device reports data, the base station adds base station information in a data packet, the base station information comprises the ID of the base station, the geographic position of the base station and the current timestamp, signs the traceability information to form a complete source data packet, writes the traceability data packet into the block chain account through a block chain platform intelligent contract, and carrying out whole network synchronization.
5. The trusted traceability system based on the block chain and the internet of things as claimed in claim 1, wherein the cloud server further comprises a mobile traceability terminal full-life-cycle management module and a traceability big-data signboard module, and the mobile traceability terminal full-life-cycle management module provides functions of registration, deletion, information modification and query of the mobile traceability terminal; the tracing big data billboard module provides functions of checking the number of mobile tracing terminals, the number of base stations, the writing speed of the block chain and the transaction number of the block chain which are accessed by the system.
6. The credible traceability system based on the block chain and the internet of things is characterized in that the block chain platform is built by adopting a union chain and is composed of a base station and a cloud server together, distributed block chain nodes and the same intelligent contract are operated on the base station and the server, the block chain platform is managed by the cloud server, the base station nodes can call the intelligent contract to write traceability data into an account book, the cloud server nodes can call the intelligent contract to register and delete traceability device information into the account book, and the modification of the account book can be synchronized into the account book of nodes in the whole network.
7. The trusted traceability system based on the block chain and the internet of things as claimed in claim 1, wherein three roles of a traceability service software provider, a traceability hardware provider and a network service provider are introduced from the architecture to enter a traceability system, the traceability service software provider provides cloud server software, block chain platform software and a certificate system, the traceability hardware provider provides a mobile traceability terminal, the network service provider provides base station construction, and the three roles of data interconnection and intercommunication, mutual supervision and maintenance of transparency and credibility of traceability data are achieved through the block chain platform and the certificate system.
8. A credible tracing method based on a block chain and the Internet of things is characterized by comprising the following steps:
(1) issuing a digital certificate to a factory mobile tracing terminal and a base station through a certificate system;
(2) registering certificate information of the mobile tracing terminal to a blockchain platform through a cloud server;
(3) the mobile tracing terminal is connected with the nearest base station through a certificate issued by a certificate system to perform bidirectional authentication in the circulation process;
(4) the base station inquires the validity of the certificate of the mobile traceability terminal through a certificate system, refuses connection if the certificate is invalid, inquires whether the mobile traceability terminal is registered or not from the block chain platform if the certificate is valid, disconnects connection if the certificate is not registered, successfully verifies if the certificate is registered, receives traceability data uploaded by the mobile traceability terminal, signs the traceability data, adds the information of the base station, including the ID of the base station, the position of the base station and the current timestamp, and forms complete traceability data to be uploaded to the block chain platform;
(6) a consumer or a manager can query the tracing data including the original data uploaded by the mobile tracing terminal, the connected base station information and the connection time through a tracing service system provided by the cloud server to form a complete tracing track.
9. The credible tracing method based on the block chain and the internet of things as claimed in claim 8, wherein the base station signature endorsement method is that after receiving data of the mobile tracing terminal, the base station ID, the base station position information and the current timestamp are attached to the end of the data, the data is subjected to hash operation through a hash algorithm to obtain an abstract value of the information, the abstract value is signed through a Server certificate private key provided by a certificate system for the base station, and a signature result is attached to the end of the data to form a finished tracing data packet.
CN201911350217.4A 2019-12-24 2019-12-24 Credible traceability system and method based on block chain and Internet of things Active CN111181946B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911350217.4A CN111181946B (en) 2019-12-24 2019-12-24 Credible traceability system and method based on block chain and Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911350217.4A CN111181946B (en) 2019-12-24 2019-12-24 Credible traceability system and method based on block chain and Internet of things

Publications (2)

Publication Number Publication Date
CN111181946A true CN111181946A (en) 2020-05-19
CN111181946B CN111181946B (en) 2021-05-18

Family

ID=70650468

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911350217.4A Active CN111181946B (en) 2019-12-24 2019-12-24 Credible traceability system and method based on block chain and Internet of things

Country Status (1)

Country Link
CN (1) CN111181946B (en)

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111899072A (en) * 2020-08-06 2020-11-06 厦门资缘信息科技有限公司 Block chain based product sale method and system
CN112182531A (en) * 2020-10-15 2021-01-05 南京信息工程大学 Cloud-assisted intelligent medical information credibility assessment and interaction method
CN112184262A (en) * 2020-09-28 2021-01-05 北京金山云网络技术有限公司 Method and related device for aggregate tracing
CN112269979A (en) * 2020-10-22 2021-01-26 杭州甘道智能科技有限公司 Washing machine management system and method based on block chain
CN112307501A (en) * 2020-08-20 2021-02-02 青岛海纳云科技控股有限公司 Big data system based on block chain technology, storage method and using method
CN112364389A (en) * 2021-01-12 2021-02-12 支付宝(杭州)信息技术有限公司 Business record time service method based on credible account book database
CN112600707A (en) * 2020-12-14 2021-04-02 四川虹微技术有限公司 Internet of things equipment authentication method and device, electronic equipment and storage medium
CN112738233A (en) * 2020-12-29 2021-04-30 福州数据技术研究院有限公司 Medical data safety sharing method and system based on block chain under multi-party cooperation analysis scene and storage device
CN112887076A (en) * 2021-01-15 2021-06-01 上海天俣可信物联网科技有限公司 Internet of things system based on NB-IoT and blockchain technology and implementation method
CN112884494A (en) * 2021-03-16 2021-06-01 链晟数科(成都)科技有限公司 Method and system for realizing high-credibility inspection detection data of third-party inspection detection mechanism
CN113115315A (en) * 2021-04-02 2021-07-13 青岛科技大学 IOT equipment behavior credible supervision method based on block chain
CN113902384A (en) * 2021-12-09 2022-01-07 广州优刻谷科技有限公司 Tracing method and system based on RFID and intelligent contract
CN114036229A (en) * 2021-11-08 2022-02-11 中国人民解放军92493部队信息技术中心 Data flow tracing method based on block chain
CN114168175A (en) * 2021-12-14 2022-03-11 四川启睿克科技有限公司 Block chain-based cross-manufacturer equipment tracing method and system
CN114244839A (en) * 2021-12-17 2022-03-25 深圳市华高智科技有限公司 Traceability tracking system based on block chain and Internet of things technology
CN114726875A (en) * 2021-01-05 2022-07-08 中国移动通信有限公司研究院 Deviation reporting method, device and related equipment
CN114866595A (en) * 2022-04-02 2022-08-05 深圳力维智联技术有限公司 Connection method, end station data acquisition unit and management platform
CN114884657A (en) * 2022-05-07 2022-08-09 中国计量科学研究院 Whole-course online automatic execution algorithm tracing method and system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015184962A1 (en) * 2014-06-06 2015-12-10 电信科学技术研究院 Method and device for sending road safety message
CN107360001A (en) * 2017-07-26 2017-11-17 阿里巴巴集团控股有限公司 A kind of digital certificate management method, device and system
CN108540198A (en) * 2018-02-01 2018-09-14 北京航空航天大学 The anti-tamper recording method of civil aviaton's flying quality based on block chain technology and device
US20190036906A1 (en) * 2017-07-28 2019-01-31 SmartAxiom, Inc. System and method for iot security
CN109764903A (en) * 2017-11-01 2019-05-17 杭州沃朴物联科技有限公司 A method of activity data in verifying chicken developmental process
CN109800598A (en) * 2018-12-29 2019-05-24 中链科技有限公司 Certificate administration method, apparatus, electronic equipment and storage medium based on block chain
CN110111115A (en) * 2019-04-28 2019-08-09 杭州唐古信息科技有限公司 A kind of Chinese medicine generation pan-fried traceability system based on block chain technology
US20190333030A1 (en) * 2018-04-30 2019-10-31 Bank Of America Corporation Blockchain-based digital token utilization
CN111143872A (en) * 2018-11-02 2020-05-12 英特尔公司 System and apparatus for data confidentiality in distributed ledgers

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015184962A1 (en) * 2014-06-06 2015-12-10 电信科学技术研究院 Method and device for sending road safety message
CN107360001A (en) * 2017-07-26 2017-11-17 阿里巴巴集团控股有限公司 A kind of digital certificate management method, device and system
US20190036906A1 (en) * 2017-07-28 2019-01-31 SmartAxiom, Inc. System and method for iot security
CN109764903A (en) * 2017-11-01 2019-05-17 杭州沃朴物联科技有限公司 A method of activity data in verifying chicken developmental process
CN108540198A (en) * 2018-02-01 2018-09-14 北京航空航天大学 The anti-tamper recording method of civil aviaton's flying quality based on block chain technology and device
US20190333030A1 (en) * 2018-04-30 2019-10-31 Bank Of America Corporation Blockchain-based digital token utilization
CN111143872A (en) * 2018-11-02 2020-05-12 英特尔公司 System and apparatus for data confidentiality in distributed ledgers
CN109800598A (en) * 2018-12-29 2019-05-24 中链科技有限公司 Certificate administration method, apparatus, electronic equipment and storage medium based on block chain
CN110111115A (en) * 2019-04-28 2019-08-09 杭州唐古信息科技有限公司 A kind of Chinese medicine generation pan-fried traceability system based on block chain technology

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘琦: "基于区块链的物联网节点可信计算与隐私保护方法研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
查选: "物联网数据安全传输相关问题研究", 《中国博士学位论文全文数据库 信息科技辑》 *

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111899072B (en) * 2020-08-06 2024-02-02 厦门道至数字信息有限公司 Block chain-based product sales method and system
CN111899072A (en) * 2020-08-06 2020-11-06 厦门资缘信息科技有限公司 Block chain based product sale method and system
CN112307501A (en) * 2020-08-20 2021-02-02 青岛海纳云科技控股有限公司 Big data system based on block chain technology, storage method and using method
CN112184262A (en) * 2020-09-28 2021-01-05 北京金山云网络技术有限公司 Method and related device for aggregate tracing
CN112182531A (en) * 2020-10-15 2021-01-05 南京信息工程大学 Cloud-assisted intelligent medical information credibility assessment and interaction method
CN112269979A (en) * 2020-10-22 2021-01-26 杭州甘道智能科技有限公司 Washing machine management system and method based on block chain
CN112600707A (en) * 2020-12-14 2021-04-02 四川虹微技术有限公司 Internet of things equipment authentication method and device, electronic equipment and storage medium
CN112600707B (en) * 2020-12-14 2023-06-27 四川虹微技术有限公司 Internet of things equipment authentication method and device, electronic equipment and storage medium
CN112738233A (en) * 2020-12-29 2021-04-30 福州数据技术研究院有限公司 Medical data safety sharing method and system based on block chain under multi-party cooperation analysis scene and storage device
CN112738233B (en) * 2020-12-29 2023-07-11 福州数据技术研究院有限公司 Medical data secure sharing method, system and storage device based on block chain under multiparty cooperative analysis scene
CN114726875A (en) * 2021-01-05 2022-07-08 中国移动通信有限公司研究院 Deviation reporting method, device and related equipment
CN112364389A (en) * 2021-01-12 2021-02-12 支付宝(杭州)信息技术有限公司 Business record time service method based on credible account book database
CN112887076A (en) * 2021-01-15 2021-06-01 上海天俣可信物联网科技有限公司 Internet of things system based on NB-IoT and blockchain technology and implementation method
CN112884494A (en) * 2021-03-16 2021-06-01 链晟数科(成都)科技有限公司 Method and system for realizing high-credibility inspection detection data of third-party inspection detection mechanism
CN113115315A (en) * 2021-04-02 2021-07-13 青岛科技大学 IOT equipment behavior credible supervision method based on block chain
CN114036229A (en) * 2021-11-08 2022-02-11 中国人民解放军92493部队信息技术中心 Data flow tracing method based on block chain
CN114036229B (en) * 2021-11-08 2022-07-01 中国人民解放军92493部队信息技术中心 Data flow tracing method based on block chain
CN113902384A (en) * 2021-12-09 2022-01-07 广州优刻谷科技有限公司 Tracing method and system based on RFID and intelligent contract
CN114168175A (en) * 2021-12-14 2022-03-11 四川启睿克科技有限公司 Block chain-based cross-manufacturer equipment tracing method and system
CN114168175B (en) * 2021-12-14 2024-04-16 四川启睿克科技有限公司 Cross-manufacturer equipment tracing method and system based on block chain
CN114244839A (en) * 2021-12-17 2022-03-25 深圳市华高智科技有限公司 Traceability tracking system based on block chain and Internet of things technology
CN114866595A (en) * 2022-04-02 2022-08-05 深圳力维智联技术有限公司 Connection method, end station data acquisition unit and management platform
CN114866595B (en) * 2022-04-02 2024-02-27 深圳力维智联技术有限公司 Connection method, terminal station data collector and management platform
CN114884657A (en) * 2022-05-07 2022-08-09 中国计量科学研究院 Whole-course online automatic execution algorithm tracing method and system
CN114884657B (en) * 2022-05-07 2023-05-02 中国计量科学研究院 Whole-course online automatic execution algorithm tracing method and system

Also Published As

Publication number Publication date
CN111181946B (en) 2021-05-18

Similar Documents

Publication Publication Date Title
CN111181946B (en) Credible traceability system and method based on block chain and Internet of things
Wang et al. An improved authentication scheme for internet of vehicles based on blockchain technology
CN109034833B (en) Product tracing information management system and method based on block chain
CN111970129B (en) Data processing method and device based on block chain and readable storage medium
CN111191283B (en) Beidou positioning information security encryption method and device based on alliance block chain
CN111010376A (en) Master-slave chain-based Internet of things authentication system and method
CN110601851B (en) Method, apparatus, medium, and device for replacing identity credentials in a blockchain network
CN101959183A (en) A kind of mobile subscriber identification code IMSI guard method based on assumed name
CN113194126B (en) Transverse federal learning model construction method based on blockchain
CN103150637A (en) Express receiving terminal real-name management system and implementation method based on bar code technology
CN111092896A (en) Food traceability distributed data synchronization method based on optimized PAXOS
CN113079215B (en) Block chain-based wireless security access method for power distribution Internet of things
CN106600243A (en) Mobile payment method and system based on mixed mode
CN111510298A (en) Cross-domain trusted data exchange method and system based on block chain
CN112311779B (en) Data access control method and device applied to block chain system
CN109858270A (en) A kind of construction method and system of decentralization digital identity
CN113556234A (en) Block chain cross-chain communication method and system
CN113254972A (en) Information security management method based on block chain
CN104394166B (en) The certificate false proof Verification System and method of facing moving terminal under a kind of cloud environment
CN109684411A (en) A kind of law enforcement result-sharing method based on block chain
CN116611840A (en) Distributed data asset circulation traceability system and method based on blockchain
CN102137102B (en) Realizing method of service supporting platform for supporting multiclass information publishing modes
CN116761148A (en) V2X identity management system and authentication method based on blockchain
CN103269371A (en) EPC network DS checking method and system based on Anycast
CN109587121A (en) The management-control method and device of security strategy

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant