CN111181946A - Credible traceability system and method based on block chain and Internet of things - Google Patents
Credible traceability system and method based on block chain and Internet of things Download PDFInfo
- Publication number
- CN111181946A CN111181946A CN201911350217.4A CN201911350217A CN111181946A CN 111181946 A CN111181946 A CN 111181946A CN 201911350217 A CN201911350217 A CN 201911350217A CN 111181946 A CN111181946 A CN 111181946A
- Authority
- CN
- China
- Prior art keywords
- traceability
- certificate
- base station
- mobile
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/69—Types of network addresses using geographic information, e.g. room number
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/53—Network services using third party service providers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention discloses a credible traceability system and a credible traceability method based on a block chain and an Internet of things. The system comprises a mobile tracing terminal, a base station, a cloud server and a certificate system; the mobile traceability terminal installs a certificate issued by the certificate system when leaving a factory, connects the nearest base station during circulation, and uploads traceability data to the base station after the verification of the base station; the base station authenticates the terminal through the certificate system and the block chain platform, receives the traceability data after the authentication is passed, carries out signature endorsement on the traceability data, adds the information of the base station to form a complete traceability data packet and uploads the complete traceability data packet to the block chain platform; the cloud server provides a tracing service system and can inquire a complete tracing track; aiming at the risk of counterfeiting of the block chain traceability data, the reliability of the traceability data is guaranteed by introducing the base station to carry out endorsement.
Description
Technical Field
The invention relates to the technical field of Internet of things, block chains and traceability, in particular to a trusted traceability system and method based on the block chains and the Internet of things.
Background
The information tracing of the commodities is always a hot topic of social attention, information such as whether the food production processing source and vaccine transportation reach the standard can effectively guarantee the legitimate rights and interests of consumers, the credible tracing of the commodities has a huge blank all the time, a large amount of data tampering risks exist in the traditional tracing means, and the real reliability of the data cannot be technically guaranteed. The concrete aspects are as follows: 1. the traceability of the paper recording mode has the risk of data tampering, and the paper recording mode is difficult to be kept for a long time. 2. By adopting the RFID technology for wireless sensing and the database recording, the database centralized structure also has the risk of data tampering.
With the development of the technologies of the internet of things and the block chain, the goods credible traceability is provided with opportunities, the automatic data acquisition and flexible and easily-deployed characteristics of the internet of things meet the traceability scene requirements, the distributed non-falsification characteristic of the block chain ensures the reliability and safety of the data, and the combination of the two technologies can greatly promote the landing of the credible traceability technology.
Disclosure of Invention
The invention aims to make up the defects of the current traceability technology, and builds a commodity credible traceability platform based on a block chain and an Internet of things technology. The system introduces three roles of a tracing service software provider, a tracing hardware provider and a network service provider from the architecture to enter a tracing system, and data of the three roles are interconnected and intercommunicated through a block chain platform and a certificate system, are mutually supervised, and maintain the transparency and the credibility of tracing data.
The purpose of the invention is realized by the following technical scheme: the invention provides a credible traceability system based on a block chain and an Internet of things, which comprises a mobile traceability terminal, a communication base station facility for operating a block chain node, a cloud server and a certificate system; the base station group and the cloud server form a distributed block chain platform;
when the mobile traceability terminal leaves a factory, a digital certificate issued by a certificate system is installed, when the mobile traceability terminal is circulated, the mobile traceability terminal is often in the process of continuous movement of geographic positions, the mobile traceability terminal is connected with the nearest base station through the certificate issued by the certificate system in different geographic positions, and traceability data are uploaded to the base station after the mobile traceability terminal is verified by the base station;
the base station is characterized by a fixed position and is not movable; the base station inquires the validity of a certificate of the mobile traceability terminal to be connected through a certificate system, refuses connection if the certificate is invalid, inquires whether the mobile traceability terminal is registered or not from a block chain platform if the certificate is valid, disconnects the connection if the certificate is not registered, successfully verifies if the certificate is registered, receives traceability data uploaded by the mobile traceability terminal, signs the traceability data, and adds self information (base station ID, base station position and current timestamp) of the base station to form a complete traceability data packet to be uploaded to the block chain platform;
the cloud server registers certificate information of the mobile tracing terminal to the blockchain platform, and provides a tracing service system for consumers or managers to inquire tracing data, wherein the tracing data comprises original data uploaded by the mobile tracing terminal, connected base station information and connection time, and a complete tracing track is formed;
the authentication information and the tracing data of the mobile tracing terminal are shared between the cloud server and the base station through the block chain platform.
Further, the certificate system comprises two functions of generating a certificate chain and certificate authentication, the generated certificate chain is characterized in that a secondary CA certificate is generated based on a root CA certificate, then a Server certificate and a Client certificate are respectively issued for the base station and the mobile traceability terminal based on the secondary CA certificate, the certificate is characterized in that a public key file and a private key file are included, and the base station and the mobile traceability terminal store the complete secondary CA certificate and the root CA certificate. The certificate authentication function means that when the mobile traceability terminal is connected with the base station, the Client certificate of the mobile traceability terminal is sent, the base station also sends the Server certificate of the mobile traceability terminal, and the base station and the mobile traceability terminal complete certificate validity verification through a second-level CA certificate and a root CA certificate which are stored locally.
Furthermore, the mobile tracing terminal adopts a universal MCU processor to process multi-path universal sensor signals, is provided with a multi-path universal sensor access interface and a single-path wireless transmission module interface, and can replace and adjust the wireless transmission module and the sensor module according to different application scenes. The tracing mobile terminal and the traced commodity are transported together, various physical information data in the transportation process are measured through the universal sensor, and the data are sent to the nearest base station through the wireless transmission module.
Further, the base station runs distributed block chain nodes, when the mobile traceability terminal is connected with the base station, a digital certificate of the base station is provided for the base station, the base station verifies the validity of the mobile traceability terminal certificate based on a certificate system stored in the local, if the certificate is invalid, connection is refused, if the certificate is valid, the unique ID of the terminal is identified and analyzed based on the digital certificate of the mobile traceability terminal, the base station authenticates equipment by inquiring a block chain account book, when the equipment passing authentication reports data, the base station adds base station information (including the base station ID, the base station geographic position and the current timestamp) into a data packet, signs the traceability information to form a complete traceability data packet, and writes the traceability data packet into the block chain account book through a block chain platform intelligent contract to perform whole network synchronization.
Furthermore, the cloud server also comprises a mobile traceability terminal full-life-cycle management module and a traceability big-data billboard module, wherein the mobile traceability terminal full-life-cycle management module provides the functions of registration, deletion, information modification and query of the mobile traceability terminal; the tracing big data billboard module provides functions of checking the number of mobile tracing terminals, the number of base stations, the writing speed of the block chain and the transaction number of the block chain which are accessed by the system.
Furthermore, the block chain platform is built by adopting an alliance chain and is composed of a base station and a cloud server, distributed block chain nodes and the same intelligent contract are operated on the base station and the server, the block chain platform is managed by the cloud server, the base station nodes can call the intelligent contract to write traceability data into the ledger, the cloud server nodes can call the intelligent contract to register and delete traceability device information to the ledger, and the modification of the ledger can be synchronized into the ledger of the nodes of the whole network.
Furthermore, three roles of a tracing service software provider, a tracing hardware provider and a network service provider are introduced from the architecture to enter a tracing system, the tracing service software provider provides cloud server software, block chain platform software and a certificate system, the tracing hardware provider provides a mobile tracing terminal, the network service provider provides base station construction, interconnection and intercommunication of data of the three roles are achieved through the block chain platform and the certificate system, mutual supervision is achieved, and transparency and credibility of tracing data are maintained.
The invention also provides a credible tracing method based on the block chain and the Internet of things, which comprises the following steps:
(1) issuing a digital certificate to a factory mobile tracing terminal and a base station through a certificate system;
(2) registering certificate information of the mobile tracing terminal to a blockchain platform through a cloud server;
(3) the mobile tracing terminal is connected with the nearest base station through a certificate issued by a certificate system to perform bidirectional authentication in the circulation process;
(4) the base station inquires the validity of the certificate of the mobile traceability terminal through a certificate system, connection is refused if the certificate of the mobile traceability terminal is invalid, if the certificate of the mobile traceability terminal is valid, the base station inquires whether the mobile traceability terminal is registered or not from a block chain platform, if the certificate of the mobile traceability terminal is not registered, the connection is disconnected, if the certificate of the mobile traceability terminal is registered, verification is successful, traceability data uploaded by the mobile traceability terminal is received, signature endorsement is carried out on the traceability data, then information (base station ID, base station position and current timestamp) of the base station is added to form complete traceability data, and the complete traceability data are uploaded to the;
(6) a consumer or a manager can query the tracing data including the original data uploaded by the mobile tracing terminal, the connected base station information and the connection time through a tracing service system provided by the cloud server to form a complete tracing track.
Further, the base station signature endorsement method is that after data of the mobile traceability terminal is received, a base station ID, base station position information and a current timestamp are attached to the end of the data, hash operation is performed on the data through a hash algorithm to obtain an abstract value of the information, a Server certificate private key provided for the base station through a certificate system is used for signing the abstract value, and a signature result is attached to the end of the data to form a completed traceability data packet.
The invention has the beneficial effects that: the invention makes up the defects of the current traceability system, authenticates and endorses the traceability equipment by introducing the base station into the traceability system, and inquires the equipment and chains up the traceability data by the block chain platform, thereby greatly improving the credibility of the traceability data, enriching the variety of the traceability data by the base station position information and the timestamp information, forming a complete traceability geographical track by the traceability data and benefiting consumers and supervision departments. A block chain platform and a certificate system of the system introduce three roles of a tracing service software provider, a tracing hardware provider and a network service provider for cooperation and mutual supervision, and transparency and credibility of tracing data are jointly maintained.
Drawings
FIG. 1 is a block diagram of the system architecture of the present invention;
FIG. 2 is a diagram of the certificate chain architecture of the present invention;
FIG. 3 is a block diagram of the device authentication architecture of the present invention;
FIG. 4 is a device authentication timing diagram of the present invention;
FIG. 5 is a block diagram of a source data uplink architecture in accordance with the present invention.
Detailed Description
The invention is further described with reference to the following figures and specific embodiments.
As shown in fig. 1, the trusted traceability system based on a block chain and an internet of things provided by the present invention includes a mobile traceability terminal, a communication base station facility for operating a block chain node, a cloud server, and a certificate system; the base station group and the cloud server form a distributed block chain platform;
when the mobile traceability terminal leaves a factory, a digital certificate issued by a certificate system is installed, when the mobile traceability terminal is circulated, the mobile traceability terminal is often in the process of continuous movement of geographic positions, the mobile traceability terminal is connected with the nearest base station through the certificate issued by the certificate system in different geographic positions, and traceability data are uploaded to the base station after the mobile traceability terminal is verified by the base station;
the base station is characterized by a fixed position and is not movable; the base station inquires the validity of a certificate of the mobile traceability terminal to be connected through a certificate system, refuses connection if the certificate is invalid, inquires whether the mobile traceability terminal is registered or not from a block chain platform if the certificate is valid, disconnects the connection if the certificate is not registered, successfully verifies if the certificate is registered, receives traceability data uploaded by the mobile traceability terminal, signs the traceability data, and adds self information (base station ID, base station position and current timestamp) of the base station to form a complete traceability data packet to be uploaded to the block chain platform;
the cloud server registers certificate information of the mobile tracing terminal to the blockchain platform, and provides a tracing service system for consumers or managers to inquire tracing data, wherein the tracing data comprises original data uploaded by the mobile tracing terminal, connected base station information and connection time, and a complete tracing track is formed;
the authentication information and the tracing data of the mobile tracing terminal are shared between the cloud server and the base station through the block chain platform.
Further, the certificate system comprises two functions of generating a certificate chain and certificate authentication, the generated certificate chain is characterized in that a secondary CA certificate is generated based on a root CA certificate, then a Server certificate and a Client certificate are respectively issued for the base station and the mobile traceability terminal based on the secondary CA certificate, the certificate is characterized in that a public key file and a private key file are included, and the base station and the mobile traceability terminal store the complete secondary CA certificate and the root CA certificate. The certificate authentication function means that when the mobile traceability terminal is connected with the base station, the Client certificate of the mobile traceability terminal is sent, the base station also sends the Server certificate of the mobile traceability terminal, and the base station and the mobile traceability terminal complete certificate validity verification through a second-level CA certificate and a root CA certificate which are stored locally.
Furthermore, the mobile tracing terminal adopts a universal MCU processor to process multi-path universal sensor signals, is provided with a multi-path universal sensor access interface and a single-path wireless transmission module interface, and can replace and adjust the wireless transmission module and the sensor module according to different application scenes. The tracing mobile terminal and the traced commodity are transported together, various physical information data in the transportation process are measured through the universal sensor, such as temperature and humidity data in the vaccine transportation process, and the data are sent to the nearest base station through the wireless transmission module.
Further, the base station runs distributed block chain nodes, when the mobile traceability terminal is connected with the base station, a digital certificate of the base station is provided for the base station, the base station verifies the validity of the mobile traceability terminal certificate based on a certificate system stored in the local, if the certificate is invalid, connection is refused, if the certificate is valid, the unique ID of the terminal is identified and analyzed based on the digital certificate of the mobile traceability terminal, the base station authenticates equipment by inquiring a block chain account book, when the equipment passing authentication reports data, the base station adds base station information (including the base station ID, the base station geographic position and the current timestamp) into a data packet, signs the traceability information to form a complete traceability data packet, and writes the traceability data packet into the block chain account book through a block chain platform intelligent contract to perform whole network synchronization.
Furthermore, the cloud server also comprises a mobile traceability terminal full-life-cycle management module and a traceability big-data billboard module, wherein the mobile traceability terminal full-life-cycle management module provides the functions of registration, deletion, information modification and query of the mobile traceability terminal; the tracing big data billboard module provides functions of checking the number of mobile tracing terminals, the number of base stations, the writing speed of the block chain and the transaction number of the block chain which are accessed by the system.
Furthermore, the block chain platform is built by adopting an alliance chain and is composed of a base station and a cloud server, distributed block chain nodes and the same intelligent contract are operated on the base station and the server, the block chain platform is managed by the cloud server, the base station nodes can call the intelligent contract to write traceability data into the ledger, the cloud server nodes can call the intelligent contract to register and delete traceability device information to the ledger, and the modification of the ledger can be synchronized into the ledger of the nodes of the whole network.
Furthermore, three roles of a tracing service software provider, a tracing hardware provider and a network service provider are introduced from the architecture to enter a tracing system, the tracing service software provider provides cloud server software, block chain platform software and a certificate system, the tracing hardware provider provides a mobile tracing terminal, the network service provider provides base station construction, interconnection and intercommunication of data of the three roles are achieved through the block chain platform and the certificate system, mutual supervision is achieved, and transparency and credibility of tracing data are maintained.
The invention also provides a credible tracing method based on the block chain and the Internet of things, which comprises the following steps:
(1) issuing a digital certificate to a factory mobile tracing terminal and a base station through a certificate system;
(2) registering certificate information of the mobile tracing terminal to a blockchain platform through a cloud server;
(3) the mobile tracing terminal is connected with the nearest base station through a certificate issued by a certificate system to perform bidirectional authentication in the circulation process;
(4) the base station inquires the validity of the certificate of the mobile traceability terminal through a certificate system, connection is refused if the certificate of the mobile traceability terminal is invalid, if the certificate of the mobile traceability terminal is valid, the base station inquires whether the mobile traceability terminal is registered or not from a block chain platform, if the certificate of the mobile traceability terminal is not registered, the connection is disconnected, if the certificate of the mobile traceability terminal is registered, verification is successful, traceability data uploaded by the mobile traceability terminal is received, signature endorsement is carried out on the traceability data, then information (base station ID, base station position and current timestamp) of the base station is added to form complete traceability data, and the complete traceability data are uploaded to the;
(6) a consumer or a manager can query the tracing data including the original data uploaded by the mobile tracing terminal, the connected base station information and the connection time through a tracing service system provided by the cloud server to form a complete tracing track.
Further, the base station signature endorsement method is that after data of the mobile traceability terminal is received, a base station ID, base station position information and a current timestamp are attached to the end of the data, hash operation is performed on the data through a hash algorithm to obtain an abstract value of the information, a Server certificate private key provided for the base station through a certificate system is used for signing the abstract value, and a signature result is attached to the end of the data to form a completed traceability data packet.
As shown in fig. 2, the digital certificate of the present invention is based on a secondary CA certificate network, the secondary CA certificate is issued by a root certificate, the secondary CA certificate is a cloud Server certificate and is provided to a plurality of network service providers to generate respective Server and Client certificates, and the certificates issued by the respective secondary CA certificates perform mutual authentication through the root certificate. And for the network service provider, generating a Server certificate and a Client certificate through the secondary CA certificate, installing the Server certificate on the base station, and providing the Client certificate for the tracing embedded equipment.
As shown in fig. 3, in the device authentication process, the tracing embedded device will be connected to different communication base stations during the operation process, the base station will extract the device ID based on the device connection digital certificate information, query the device by calling an intelligent contract to determine whether to access the device, the system newly added device is written by calling the intelligent contract by the cloud server, the cloud server provides the full life cycle management function of the tracing device to the outside, and the device information update will be synchronized to each base station through the alliance chain.
As shown in fig. 4, the authentication and traceability data uplink process between the mobile traceability terminal and the base station is performed, the mobile traceability terminal provides its own digital certificate when connecting to the base station, the base station parses the certificate to obtain the device ID, and invokes an intelligent contract to query the device information, and if no device registration information exists, the connection is rejected. The method comprises the steps that equipment information is written in a block chain by calling an intelligent contract through a cloud server equipment management module, when the equipment information is stored in the block chain, a base station is connected with the equipment, the base station provides a digital certificate of the base station to the equipment to finish bidirectional authentication, and when tracing data are reported to the base station by the tracing equipment, the base station adds base station information and a signature in a data packet and calls the intelligent contract to finish uplink of the data. After the data are linked up, a traceability data query module on the cloud server can complete query of traceability data by calling a block chain intelligent contract.
Fig. 5 shows a representation of the time-sequential authentication process of fig. 4 over an architectural topology, the basic process being consistent with that described in fig. 4.
The embodiments described above are intended to facilitate one of ordinary skill in the art in understanding and using the invention. It will be readily apparent to those skilled in the art that various modifications to the above-described embodiments may be made, and the generic principles defined herein may be applied to other embodiments without the use of inventive faculty. Therefore, the present invention is not limited to the above embodiments, and those skilled in the art should make improvements and modifications to the present invention based on the disclosure of the present invention within the protection scope of the present invention.
Claims (9)
1. A credible traceability system based on a block chain and the Internet of things is characterized by comprising a mobile traceability terminal, a communication base station facility for operating a block chain node, a cloud server and a certificate system; the base station group and the cloud server form a distributed block chain platform;
when the mobile traceability terminal leaves a factory, a digital certificate issued by the certificate system is installed, when the mobile traceability terminal is circulated, the mobile traceability terminal is connected with the nearest base station through the certificate issued by the certificate system in different geographic positions, and the traceability data is uploaded to the base station after the mobile traceability terminal is verified by the base station.
The base station inquires the validity of a certificate of the mobile traceability terminal to be connected through a certificate system, refuses connection if the certificate is invalid, inquires whether the mobile traceability terminal is registered or not from the block chain platform if the certificate is valid, disconnects connection if the certificate is not registered, successfully verifies if the certificate is registered, receives traceability data uploaded by the mobile traceability terminal, signs the traceability data, adds information of the base station, including the ID of the base station, the position of the base station and the current timestamp, and forms a complete traceability data packet to be uploaded to the block chain platform.
The cloud server registers the certificate information of the mobile traceability terminal to the blockchain platform, and provides a traceability service system for consumers or managers to inquire traceability data, wherein the traceability data comprises original data uploaded by the mobile traceability terminal, connected base station information and connection time, and a complete traceability track is formed.
The authentication information and the tracing data of the mobile tracing terminal are shared between the cloud server and the base station through the block chain platform.
2. The credible traceability system based on the block chain and the internet of things is characterized in that the certificate system comprises two functions of generating a certificate chain and certificate authentication, the generation of the certificate chain is characterized in that a secondary CA certificate is generated based on a root CA certificate, then a Server certificate and a Client certificate are respectively issued for a base station and a mobile traceability terminal based on the secondary CA certificate, the certificate is characterized in that a public key file and a private key file are contained, and the base station and the mobile traceability terminal store the complete secondary CA certificate and the root CA certificate. The certificate authentication function means that when the mobile traceability terminal is connected with the base station, the Client certificate of the mobile traceability terminal is sent, the base station also sends the Server certificate of the mobile traceability terminal, and the base station and the mobile traceability terminal complete certificate validity verification through a second-level CA certificate and a root CA certificate which are stored locally.
3. The credible traceability system based on the block chain and the internet of things as claimed in claim 1, wherein the mobile traceability terminal adopts a general MCU processor to process multi-path general sensor signals, is equipped with a multi-path general sensor access interface and a single-path wireless transmission module interface, and can replace and adjust the wireless transmission module and the sensor module according to different application scenarios. The tracing mobile terminal and the traced commodity are transported together, various physical information data in the transportation process are measured through the universal sensor, and the data are sent to the nearest base station through the wireless transmission module.
4. The trusted traceability system based on the block chain and the internet of things as claimed in claim 1, wherein the base station runs distributed block chain nodes, when the mobile traceability terminal is connected to the base station, the base station provides a digital certificate of the base station, the base station verifies the validity of the certificate of the mobile traceability terminal based on the certificate system stored locally, if the certificate is invalid, the base station refuses to connect, if the certificate is valid, the unique ID of the terminal is identified and analyzed based on the digital certificate of the mobile traceability terminal, the base station authenticates the device by inquiring a block chain account, when the authenticated device reports data, the base station adds base station information in a data packet, the base station information comprises the ID of the base station, the geographic position of the base station and the current timestamp, signs the traceability information to form a complete source data packet, writes the traceability data packet into the block chain account through a block chain platform intelligent contract, and carrying out whole network synchronization.
5. The trusted traceability system based on the block chain and the internet of things as claimed in claim 1, wherein the cloud server further comprises a mobile traceability terminal full-life-cycle management module and a traceability big-data signboard module, and the mobile traceability terminal full-life-cycle management module provides functions of registration, deletion, information modification and query of the mobile traceability terminal; the tracing big data billboard module provides functions of checking the number of mobile tracing terminals, the number of base stations, the writing speed of the block chain and the transaction number of the block chain which are accessed by the system.
6. The credible traceability system based on the block chain and the internet of things is characterized in that the block chain platform is built by adopting a union chain and is composed of a base station and a cloud server together, distributed block chain nodes and the same intelligent contract are operated on the base station and the server, the block chain platform is managed by the cloud server, the base station nodes can call the intelligent contract to write traceability data into an account book, the cloud server nodes can call the intelligent contract to register and delete traceability device information into the account book, and the modification of the account book can be synchronized into the account book of nodes in the whole network.
7. The trusted traceability system based on the block chain and the internet of things as claimed in claim 1, wherein three roles of a traceability service software provider, a traceability hardware provider and a network service provider are introduced from the architecture to enter a traceability system, the traceability service software provider provides cloud server software, block chain platform software and a certificate system, the traceability hardware provider provides a mobile traceability terminal, the network service provider provides base station construction, and the three roles of data interconnection and intercommunication, mutual supervision and maintenance of transparency and credibility of traceability data are achieved through the block chain platform and the certificate system.
8. A credible tracing method based on a block chain and the Internet of things is characterized by comprising the following steps:
(1) issuing a digital certificate to a factory mobile tracing terminal and a base station through a certificate system;
(2) registering certificate information of the mobile tracing terminal to a blockchain platform through a cloud server;
(3) the mobile tracing terminal is connected with the nearest base station through a certificate issued by a certificate system to perform bidirectional authentication in the circulation process;
(4) the base station inquires the validity of the certificate of the mobile traceability terminal through a certificate system, refuses connection if the certificate is invalid, inquires whether the mobile traceability terminal is registered or not from the block chain platform if the certificate is valid, disconnects connection if the certificate is not registered, successfully verifies if the certificate is registered, receives traceability data uploaded by the mobile traceability terminal, signs the traceability data, adds the information of the base station, including the ID of the base station, the position of the base station and the current timestamp, and forms complete traceability data to be uploaded to the block chain platform;
(6) a consumer or a manager can query the tracing data including the original data uploaded by the mobile tracing terminal, the connected base station information and the connection time through a tracing service system provided by the cloud server to form a complete tracing track.
9. The credible tracing method based on the block chain and the internet of things as claimed in claim 8, wherein the base station signature endorsement method is that after receiving data of the mobile tracing terminal, the base station ID, the base station position information and the current timestamp are attached to the end of the data, the data is subjected to hash operation through a hash algorithm to obtain an abstract value of the information, the abstract value is signed through a Server certificate private key provided by a certificate system for the base station, and a signature result is attached to the end of the data to form a finished tracing data packet.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911350217.4A CN111181946B (en) | 2019-12-24 | 2019-12-24 | Credible traceability system and method based on block chain and Internet of things |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911350217.4A CN111181946B (en) | 2019-12-24 | 2019-12-24 | Credible traceability system and method based on block chain and Internet of things |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111181946A true CN111181946A (en) | 2020-05-19 |
CN111181946B CN111181946B (en) | 2021-05-18 |
Family
ID=70650468
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911350217.4A Active CN111181946B (en) | 2019-12-24 | 2019-12-24 | Credible traceability system and method based on block chain and Internet of things |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111181946B (en) |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111899072A (en) * | 2020-08-06 | 2020-11-06 | 厦门资缘信息科技有限公司 | Block chain based product sale method and system |
CN112182531A (en) * | 2020-10-15 | 2021-01-05 | 南京信息工程大学 | Cloud-assisted intelligent medical information credibility assessment and interaction method |
CN112184262A (en) * | 2020-09-28 | 2021-01-05 | 北京金山云网络技术有限公司 | Method and related device for aggregate tracing |
CN112269979A (en) * | 2020-10-22 | 2021-01-26 | 杭州甘道智能科技有限公司 | Washing machine management system and method based on block chain |
CN112307501A (en) * | 2020-08-20 | 2021-02-02 | 青岛海纳云科技控股有限公司 | Big data system based on block chain technology, storage method and using method |
CN112364389A (en) * | 2021-01-12 | 2021-02-12 | 支付宝(杭州)信息技术有限公司 | Business record time service method based on credible account book database |
CN112600707A (en) * | 2020-12-14 | 2021-04-02 | 四川虹微技术有限公司 | Internet of things equipment authentication method and device, electronic equipment and storage medium |
CN112738233A (en) * | 2020-12-29 | 2021-04-30 | 福州数据技术研究院有限公司 | Medical data safety sharing method and system based on block chain under multi-party cooperation analysis scene and storage device |
CN112887076A (en) * | 2021-01-15 | 2021-06-01 | 上海天俣可信物联网科技有限公司 | Internet of things system based on NB-IoT and blockchain technology and implementation method |
CN112884494A (en) * | 2021-03-16 | 2021-06-01 | 链晟数科(成都)科技有限公司 | Method and system for realizing high-credibility inspection detection data of third-party inspection detection mechanism |
CN113115315A (en) * | 2021-04-02 | 2021-07-13 | 青岛科技大学 | IOT equipment behavior credible supervision method based on block chain |
CN113902384A (en) * | 2021-12-09 | 2022-01-07 | 广州优刻谷科技有限公司 | Tracing method and system based on RFID and intelligent contract |
CN114036229A (en) * | 2021-11-08 | 2022-02-11 | 中国人民解放军92493部队信息技术中心 | Data flow tracing method based on block chain |
CN114168175A (en) * | 2021-12-14 | 2022-03-11 | 四川启睿克科技有限公司 | Block chain-based cross-manufacturer equipment tracing method and system |
CN114244839A (en) * | 2021-12-17 | 2022-03-25 | 深圳市华高智科技有限公司 | Traceability tracking system based on block chain and Internet of things technology |
CN114726875A (en) * | 2021-01-05 | 2022-07-08 | 中国移动通信有限公司研究院 | Deviation reporting method, device and related equipment |
CN114866595A (en) * | 2022-04-02 | 2022-08-05 | 深圳力维智联技术有限公司 | Connection method, end station data acquisition unit and management platform |
CN114884657A (en) * | 2022-05-07 | 2022-08-09 | 中国计量科学研究院 | Whole-course online automatic execution algorithm tracing method and system |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015184962A1 (en) * | 2014-06-06 | 2015-12-10 | 电信科学技术研究院 | Method and device for sending road safety message |
CN107360001A (en) * | 2017-07-26 | 2017-11-17 | 阿里巴巴集团控股有限公司 | A kind of digital certificate management method, device and system |
CN108540198A (en) * | 2018-02-01 | 2018-09-14 | 北京航空航天大学 | The anti-tamper recording method of civil aviaton's flying quality based on block chain technology and device |
US20190036906A1 (en) * | 2017-07-28 | 2019-01-31 | SmartAxiom, Inc. | System and method for iot security |
CN109764903A (en) * | 2017-11-01 | 2019-05-17 | 杭州沃朴物联科技有限公司 | A method of activity data in verifying chicken developmental process |
CN109800598A (en) * | 2018-12-29 | 2019-05-24 | 中链科技有限公司 | Certificate administration method, apparatus, electronic equipment and storage medium based on block chain |
CN110111115A (en) * | 2019-04-28 | 2019-08-09 | 杭州唐古信息科技有限公司 | A kind of Chinese medicine generation pan-fried traceability system based on block chain technology |
US20190333030A1 (en) * | 2018-04-30 | 2019-10-31 | Bank Of America Corporation | Blockchain-based digital token utilization |
CN111143872A (en) * | 2018-11-02 | 2020-05-12 | 英特尔公司 | System and apparatus for data confidentiality in distributed ledgers |
-
2019
- 2019-12-24 CN CN201911350217.4A patent/CN111181946B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015184962A1 (en) * | 2014-06-06 | 2015-12-10 | 电信科学技术研究院 | Method and device for sending road safety message |
CN107360001A (en) * | 2017-07-26 | 2017-11-17 | 阿里巴巴集团控股有限公司 | A kind of digital certificate management method, device and system |
US20190036906A1 (en) * | 2017-07-28 | 2019-01-31 | SmartAxiom, Inc. | System and method for iot security |
CN109764903A (en) * | 2017-11-01 | 2019-05-17 | 杭州沃朴物联科技有限公司 | A method of activity data in verifying chicken developmental process |
CN108540198A (en) * | 2018-02-01 | 2018-09-14 | 北京航空航天大学 | The anti-tamper recording method of civil aviaton's flying quality based on block chain technology and device |
US20190333030A1 (en) * | 2018-04-30 | 2019-10-31 | Bank Of America Corporation | Blockchain-based digital token utilization |
CN111143872A (en) * | 2018-11-02 | 2020-05-12 | 英特尔公司 | System and apparatus for data confidentiality in distributed ledgers |
CN109800598A (en) * | 2018-12-29 | 2019-05-24 | 中链科技有限公司 | Certificate administration method, apparatus, electronic equipment and storage medium based on block chain |
CN110111115A (en) * | 2019-04-28 | 2019-08-09 | 杭州唐古信息科技有限公司 | A kind of Chinese medicine generation pan-fried traceability system based on block chain technology |
Non-Patent Citations (2)
Title |
---|
刘琦: "基于区块链的物联网节点可信计算与隐私保护方法研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
查选: "物联网数据安全传输相关问题研究", 《中国博士学位论文全文数据库 信息科技辑》 * |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111899072B (en) * | 2020-08-06 | 2024-02-02 | 厦门道至数字信息有限公司 | Block chain-based product sales method and system |
CN111899072A (en) * | 2020-08-06 | 2020-11-06 | 厦门资缘信息科技有限公司 | Block chain based product sale method and system |
CN112307501A (en) * | 2020-08-20 | 2021-02-02 | 青岛海纳云科技控股有限公司 | Big data system based on block chain technology, storage method and using method |
CN112184262A (en) * | 2020-09-28 | 2021-01-05 | 北京金山云网络技术有限公司 | Method and related device for aggregate tracing |
CN112182531A (en) * | 2020-10-15 | 2021-01-05 | 南京信息工程大学 | Cloud-assisted intelligent medical information credibility assessment and interaction method |
CN112269979A (en) * | 2020-10-22 | 2021-01-26 | 杭州甘道智能科技有限公司 | Washing machine management system and method based on block chain |
CN112600707A (en) * | 2020-12-14 | 2021-04-02 | 四川虹微技术有限公司 | Internet of things equipment authentication method and device, electronic equipment and storage medium |
CN112600707B (en) * | 2020-12-14 | 2023-06-27 | 四川虹微技术有限公司 | Internet of things equipment authentication method and device, electronic equipment and storage medium |
CN112738233A (en) * | 2020-12-29 | 2021-04-30 | 福州数据技术研究院有限公司 | Medical data safety sharing method and system based on block chain under multi-party cooperation analysis scene and storage device |
CN112738233B (en) * | 2020-12-29 | 2023-07-11 | 福州数据技术研究院有限公司 | Medical data secure sharing method, system and storage device based on block chain under multiparty cooperative analysis scene |
CN114726875A (en) * | 2021-01-05 | 2022-07-08 | 中国移动通信有限公司研究院 | Deviation reporting method, device and related equipment |
CN112364389A (en) * | 2021-01-12 | 2021-02-12 | 支付宝(杭州)信息技术有限公司 | Business record time service method based on credible account book database |
CN112887076A (en) * | 2021-01-15 | 2021-06-01 | 上海天俣可信物联网科技有限公司 | Internet of things system based on NB-IoT and blockchain technology and implementation method |
CN112884494A (en) * | 2021-03-16 | 2021-06-01 | 链晟数科(成都)科技有限公司 | Method and system for realizing high-credibility inspection detection data of third-party inspection detection mechanism |
CN113115315A (en) * | 2021-04-02 | 2021-07-13 | 青岛科技大学 | IOT equipment behavior credible supervision method based on block chain |
CN114036229A (en) * | 2021-11-08 | 2022-02-11 | 中国人民解放军92493部队信息技术中心 | Data flow tracing method based on block chain |
CN114036229B (en) * | 2021-11-08 | 2022-07-01 | 中国人民解放军92493部队信息技术中心 | Data flow tracing method based on block chain |
CN113902384A (en) * | 2021-12-09 | 2022-01-07 | 广州优刻谷科技有限公司 | Tracing method and system based on RFID and intelligent contract |
CN114168175A (en) * | 2021-12-14 | 2022-03-11 | 四川启睿克科技有限公司 | Block chain-based cross-manufacturer equipment tracing method and system |
CN114168175B (en) * | 2021-12-14 | 2024-04-16 | 四川启睿克科技有限公司 | Cross-manufacturer equipment tracing method and system based on block chain |
CN114244839A (en) * | 2021-12-17 | 2022-03-25 | 深圳市华高智科技有限公司 | Traceability tracking system based on block chain and Internet of things technology |
CN114866595A (en) * | 2022-04-02 | 2022-08-05 | 深圳力维智联技术有限公司 | Connection method, end station data acquisition unit and management platform |
CN114866595B (en) * | 2022-04-02 | 2024-02-27 | 深圳力维智联技术有限公司 | Connection method, terminal station data collector and management platform |
CN114884657A (en) * | 2022-05-07 | 2022-08-09 | 中国计量科学研究院 | Whole-course online automatic execution algorithm tracing method and system |
CN114884657B (en) * | 2022-05-07 | 2023-05-02 | 中国计量科学研究院 | Whole-course online automatic execution algorithm tracing method and system |
Also Published As
Publication number | Publication date |
---|---|
CN111181946B (en) | 2021-05-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111181946B (en) | Credible traceability system and method based on block chain and Internet of things | |
Wang et al. | An improved authentication scheme for internet of vehicles based on blockchain technology | |
CN109034833B (en) | Product tracing information management system and method based on block chain | |
CN111970129B (en) | Data processing method and device based on block chain and readable storage medium | |
CN111191283B (en) | Beidou positioning information security encryption method and device based on alliance block chain | |
CN111010376A (en) | Master-slave chain-based Internet of things authentication system and method | |
CN110601851B (en) | Method, apparatus, medium, and device for replacing identity credentials in a blockchain network | |
CN101959183A (en) | A kind of mobile subscriber identification code IMSI guard method based on assumed name | |
CN113194126B (en) | Transverse federal learning model construction method based on blockchain | |
CN103150637A (en) | Express receiving terminal real-name management system and implementation method based on bar code technology | |
CN111092896A (en) | Food traceability distributed data synchronization method based on optimized PAXOS | |
CN113079215B (en) | Block chain-based wireless security access method for power distribution Internet of things | |
CN106600243A (en) | Mobile payment method and system based on mixed mode | |
CN111510298A (en) | Cross-domain trusted data exchange method and system based on block chain | |
CN112311779B (en) | Data access control method and device applied to block chain system | |
CN109858270A (en) | A kind of construction method and system of decentralization digital identity | |
CN113556234A (en) | Block chain cross-chain communication method and system | |
CN113254972A (en) | Information security management method based on block chain | |
CN104394166B (en) | The certificate false proof Verification System and method of facing moving terminal under a kind of cloud environment | |
CN109684411A (en) | A kind of law enforcement result-sharing method based on block chain | |
CN116611840A (en) | Distributed data asset circulation traceability system and method based on blockchain | |
CN102137102B (en) | Realizing method of service supporting platform for supporting multiclass information publishing modes | |
CN116761148A (en) | V2X identity management system and authentication method based on blockchain | |
CN103269371A (en) | EPC network DS checking method and system based on Anycast | |
CN109587121A (en) | The management-control method and device of security strategy |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |