CN113301039A - Internet of things equipment security management system based on block chain intelligent contract - Google Patents

Internet of things equipment security management system based on block chain intelligent contract Download PDF

Info

Publication number
CN113301039A
CN113301039A CN202110557767.4A CN202110557767A CN113301039A CN 113301039 A CN113301039 A CN 113301039A CN 202110557767 A CN202110557767 A CN 202110557767A CN 113301039 A CN113301039 A CN 113301039A
Authority
CN
China
Prior art keywords
internet
things
equipment
gateway
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110557767.4A
Other languages
Chinese (zh)
Other versions
CN113301039B (en
Inventor
郝晓雨
谢婧黎
左乙然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Tengbei Future Technology Co ltd
Original Assignee
Chongqing Tengbei Future Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Tengbei Future Technology Co ltd filed Critical Chongqing Tengbei Future Technology Co ltd
Priority to CN202110557767.4A priority Critical patent/CN113301039B/en
Publication of CN113301039A publication Critical patent/CN113301039A/en
Application granted granted Critical
Publication of CN113301039B publication Critical patent/CN113301039B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/75Information technology; Communication
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y20/00Information sensed or collected by the things
    • G16Y20/40Information sensed or collected by the things relating to personal data, e.g. biometric data, records or preferences
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to an Internet of things equipment security management system based on a block chain intelligent contract, which comprises: the block chain is used for storing the intelligent contracts; the management platform of the internet of things is used for acquiring access service information carried by the corresponding internet of things gateway when the internet of things gateway submits equipment login information of the internet of things equipment, and judging the access service validity of the current internet of things gateway according to the access service information of the current internet of things gateway and an intelligent contract stored in a block chain; and then receiving the submitted equipment login information of the Internet of things equipment when the access service of the current Internet of things gateway is legal, and judging the equipment information legality of the current Internet of things equipment according to the equipment login information of the Internet of things equipment and the intelligent contract stored in the block chain. The Internet of things equipment safety management system can verify equipment validity and reduce business burden of an Internet of things gateway and an Internet of things platform so as to avoid data loss and login access service abnormity of the system.

Description

Internet of things equipment security management system based on block chain intelligent contract
Technical Field
The invention relates to the technical field of Internet of things and block chains, in particular to an Internet of things equipment security management system based on a block chain intelligent contract.
Background
The Internet of things realizes dynamic acquisition, intelligent processing, seamless interaction and cooperative sharing of physical world information through sensing of the physical world, and interconnection and intercommunication of structures and objects, and objects and people. The identity of the internet of things equipment is used for uniquely identifying physical and logical entities in the internet of things within a certain range, so that the network or application can perform related control and management on the target object and acquire, process, transmit and exchange related information based on the physical and logical entities.
The blockchain system is a distributed ledger architecture in which a set of mutually untrusted nodes can agree on a common view that is indelible, tamper-resistant, and only append ledgers. The basic form of ledger includes a list of transactions between users. The user can send new transactions to the blockchain network, which will eventually be appended to the ledger by a randomly selected dedicated node (called miner) if they are valid. Advanced forms of ledgers may also include programs called intelligent contracts. The smart contracts are associated with states that are also stored in the ledger. The user may interact with the intelligent contract using the transaction and may modify the contract state.
With the application of the internet of things in smart homes, smart medical treatment, smart cities, environment monitoring and the like, the life of people is inseparable from the internet of things. However, the internet of things brings convenience to people and has certain safety problems. In order to solve the security problem of the internet of things, a chinese patent with publication number CN110300102A discloses "a block chain-based internet of things security access system", which includes an agent server, a certificate and key management center, and a block chain network, where the agent server and the certificate and key management center are connected to the block chain network as special nodes, the agent server provides a receiving and sending agent for a certificate, a key, and a token of an internet of things smart device, and the certificate and key management center performs authentication management on the certificate, the key, and the token accessed by the internet of things smart device and a user application terminal.
The internet of things security access system in the existing scheme is also an internet of things device security management system, and realizes the security access and the security communication of the internet of things device by adopting a block chain mode and combining a certificate and key management center authentication mode and a proxy server side proxy mode. However, the applicant finds that when the internet of things device logs in, the device login information needs to be verified through the internet of things gateway or the internet of things platform, and in order to avoid that an illegal device attacks the internet of things platform, the legitimacy of the internet of things device needs to be verified. The existing method for verifying the legitimacy of the internet of things equipment is to process a security verification logic through an internet of things gateway or an internet of things platform, when each piece of internet of things equipment logs in, key information of a unique code of the internet of things equipment is analyzed, and the key information and units for storing legal equipment information, such as a platform database, a cache database and the like, are inquired and confirmed. The method invisibly increases the service burden of the Internet of things gateway and the Internet of things platform, and if a large amount of illegal equipment submits login information all the time, the stable operation of the Internet of things gateway and the Internet of things platform is difficult to ensure, so that the problems of data loss, abnormal login access service and the like easily occur in the system, and the equipment management effect of the system is poor. Therefore, the applicant thinks of designing an internet of things equipment security management system which can verify equipment validity and reduce service burden of an internet of things gateway and an internet of things platform.
Disclosure of Invention
Aiming at the defects of the prior art, the technical problems to be solved by the invention are as follows: how to provide an thing networking equipment safety control system that can verify equipment legitimacy and can reduce thing networking gateway and thing networking platform business burden to can avoid the system to appear the data loss and log in the problem of access service anomaly, thereby can promote the equipment safety control effect of system.
In order to solve the technical problems, the invention adopts the following technical scheme:
thing networking equipment security management system based on block chain intelligent contract includes:
the intelligent contract comprises equipment legal information of legal Internet of things equipment and gateway legal information of a legal Internet of things gateway;
the management platform of the internet of things is used for acquiring access service information carried by the corresponding internet of things gateway when the internet of things gateway submits equipment login information of the internet of things equipment, and judging the access service validity of the current internet of things gateway according to the access service information of the current internet of things gateway and an intelligent contract stored in a block chain; and then receiving the submitted equipment login information of the Internet of things equipment when the access service of the current Internet of things gateway is legal, and judging the equipment information legality of the current Internet of things equipment according to the equipment login information of the Internet of things equipment and the intelligent contract stored in the block chain.
Preferably, the device legal information includes the following information of the legal internet of things device: generating a timestamp by the unique authorization number of the user, the unique gateway number and the unique gateway number; the gateway legal information comprises the following information of a legal Internet of things gateway: the unique authorization number of the user, the unique authorization number of the equipment, the valid deadline timestamp and the data submission timestamp; the access service information comprises the following information corresponding to the gateway of the internet of things: generating a timestamp by the unique authorization number of the user, the unique gateway number and the unique gateway number; the equipment login information comprises the following information corresponding to the Internet of things equipment: a device unique authorization number, a validity expiration timestamp, and a data commit timestamp.
Preferably, the internet of things management platform judges the validity of the device information of the internet of things device through the following steps:
a1: retrieving data objects corresponding to the user unique authorization number and the equipment unique authorization number of the current Internet of things equipment in an intelligent contract of the block chain: if the corresponding data object is retrieved, entering the next step; otherwise, step A3 is entered.
A2: converting the validity deadline timestamp of the current Internet of things equipment into a time format, and then comparing the validity deadline timestamp with the current time: if the valid deadline timestamp is greater than the current time, the equipment information of the current Internet of things equipment is legal; otherwise, step A3 is entered.
A3: the equipment information of the current Internet of things equipment is illegal.
Preferably, when the internet of things management platform judges the access service validity of the internet of things gateway, the data object corresponding to the user unique authorization number, the gateway unique number and the gateway unique number generation timestamp of the current internet of things gateway is retrieved in the intelligent contract of the block chain: if the corresponding data object is retrieved, the access service of the current gateway of the Internet of things is legal; otherwise, the access service of the current gateway of the internet of things is illegal.
Preferably, the method further comprises the following steps: the platform database is used for storing a legal unique user authorization number;
the internet of things management platform is further used for writing gateway legal information into an intelligent contract of the block chain, and specifically comprises the following steps:
b1: acquiring a user unique authorization number, a gateway unique number and a gateway unique number of a current Internet of things gateway through a set gateway information synchronization interface to generate a timestamp;
b2: searching and judging whether a user unique authorization number of the current Internet of things gateway exists in a platform database: if yes, entering the next step; otherwise, go to step B4;
b3: storing a user unique authorization number, a gateway unique number and a gateway unique number generation timestamp of the current Internet of things gateway in a block chain in a key value pair mode to serve as gateway legal information of the current Internet of things gateway;
b4: and finishing the writing of the legal information of the gateway.
Preferably, the internet of things management platform is further configured to write device legal information in an intelligent contract of the block chain, and specifically includes:
c1: acquiring a user unique authorization number, a device unique authorization number and an effective deadline timestamp of the current Internet of things device through a set device information synchronization interface;
c2: searching and judging whether a user unique authorization number of the current Internet of things equipment exists in a platform database: if yes, entering the next step; otherwise, go to step C4;
c3: acquiring a current data submission timestamp, and storing the data submission timestamp, a user unique authorization number, an equipment unique authorization number and a valid deadline timestamp in a block chain in a key value pair mode to be used as equipment legal information of current Internet of things equipment;
c4: and finishing the writing of the legal information of the equipment.
Preferably, the intelligent contract of the block chain further comprises equipment anti-counterfeiting information;
the management platform of the internet of things is also used for judging whether other internet of things equipment which is logged in repeatedly exists according to the equipment login information of the current internet of things equipment and an intelligent contract stored in the block chain when the equipment information of the internet of things equipment is legal: if other internet of things equipment which logs in repeatedly exists, sending corresponding prompt information for logging in repeatedly; otherwise, writing corresponding equipment anti-counterfeiting information in the intelligent contract of the block chain.
Preferably, when the management platform of the internet of things writes in the information for preventing the equipment from being faked in the intelligent contract of the block chain: the login timestamp of the current Internet of things equipment is obtained, and then the login timestamp, the unique user authorization number, the unique equipment authorization number and the unique gateway number of the current Internet of things equipment are stored in a block chain in a key value pair mode and serve as the equipment anti-counterfeiting information of the current Internet of things equipment.
Preferably, the method further comprises the following steps: a platform database for storing execution statements; the execution statement is obtained by meeting syntax translation of a touchDB query Selector for an intelligent contract retrieval strategy; corresponding incidence relations are formed between the execution statement and the user unique authorization number of the third party unit, the third party unit unique number and the intelligent contract retrieval strategy code;
the Internet of things management platform is further used for acquiring the user unique authorization number and the intelligent contract retrieval strategy code of the third party unit, and retrieving and judging whether an execution statement corresponding to the user unique authorization number and the intelligent contract retrieval strategy code of the current third party unit exists in the platform database; and then when corresponding execution statements exist, acquiring the execution statements meeting the requirement of the touchDB for inquiring the Selector grammar, and transmitting the unique authorization number of the user as a parameter into the intelligent contract so as to retrieve the block chain data in the intelligent contract through a corresponding intelligent contract retrieval strategy.
Preferably, the internet of things management platform is further configured to formulate an intelligent contract retrieval strategy and obtain a corresponding intelligent contract retrieval strategy code; then, translating the intelligent contract retrieval strategy into an execution statement meeting the requirement of the touchDB for inquiring the Selector grammar and storing the execution statement into a platform database; finally, establishing an association relation between the execution statement and the unique authorization number of the user, the unique number of the third party unit and the intelligent contract retrieval strategy code; the intelligent contract retrieval strategy comprises retrieval object attributes, retrieval object subfields and retrieval result sorting rules of block chain data.
Compared with the prior art, the Internet of things equipment safety management system has the following beneficial effects:
1. in the invention, the access service legality of the Internet of things gateway is authenticated, so that an illegal Internet of things gateway cannot submit data to the Internet of things management platform, and then an illegal device cannot attack the Internet of things management platform through the illegal gateway, thereby not only reducing the service burden of the Internet of things gateway and the Internet of things management platform, but also avoiding the problems of data loss and abnormal login access service of the system.
2. According to the invention, the legal data and the storage safety of the data submitted by the equipment can be ensured by storing the legal information of the equipment and the legal information of the gateway through the block chain, so that the data cannot be illegally tampered or damaged, the problems of data loss and the like caused by single node faults are avoided, and the equipment safety management effect of the system can be improved.
3. In the invention, the existing business logic of inquiring legal equipment data by using the gateway of the Internet of things and then judging is improved into the judgment by using a block chain intelligent contract strategy, so that the burden of the gateway of the Internet of things and a management platform of the Internet of things is lightened, and the interaction frequency of the gateway of the Internet of things, a platform database and cache is also reduced, thereby being more beneficial to improving the equipment safety management effect of the system.
4. In the invention, any authorized third party unit can inquire real Internet of things equipment data in real time, and the original Internet of things equipment manufacturer and the Internet of things platform operator do not need to carry out authority configuration on the Internet of things platform and open an inquiry interface to the third party unit, thereby reducing the use pressure of the Internet of things management platform. Meanwhile, the workload of managers of original Internet of things equipment manufacturers and Internet of things platform operators is reduced, various performance certification materials do not need to be sorted, and the authenticity of data is ensured; the configurable interface function is provided, and a user can complete data query rule formulation in the intelligent contract through simple configuration.
Drawings
For purposes of promoting a better understanding of the objects, aspects and advantages of the invention, reference will now be made in detail to the present invention as illustrated in the accompanying drawings, in which:
fig. 1 is a logic block diagram of an internet of things device security management system according to a first embodiment;
fig. 2 is a logic block diagram of the internet of things device security management system according to the second embodiment;
FIG. 3 is a diagram illustrating a mapping relationship between data fields according to a third embodiment;
fig. 4 is a flowchart of the operation of the internet of things device security management system in the third embodiment.
Detailed Description
The following is further detailed by the specific embodiments:
the first embodiment is as follows:
the embodiment of the invention discloses an Internet of things equipment security management system based on a block chain intelligent contract.
How fig. 1 shows, thing networking equipment safety management system based on intelligent contract of block chain includes:
the block chain is used for storing an intelligent contract, and the intelligent contract comprises equipment legal information of legal Internet of things equipment and gateway legal information of a legal Internet of things gateway;
the management platform of the internet of things is used for acquiring access service information carried by the corresponding internet of things gateway when the internet of things gateway submits equipment login information of the internet of things equipment, and judging the access service validity of the current internet of things gateway according to the access service information of the current internet of things gateway and an intelligent contract stored in a block chain; and then receiving the submitted equipment login information of the Internet of things equipment when the access service of the current Internet of things gateway is legal, and judging the equipment information legality of the current Internet of things equipment according to the equipment login information of the Internet of things equipment and the intelligent contract stored in the block chain. Specifically, the intelligent contract is stored in the block chain in advance, the internet of things management platform establishes data connection with the block chain, and the stored intelligent contract is called from the block chain to judge the access service validity of the internet of things gateway and the equipment information validity of the internet of things equipment.
In a specific implementation process, the equipment legal information comprises the following information of the legal Internet of things equipment: generating a timestamp by the unique authorization number of the user, the unique gateway number and the unique gateway number; the legal gateway information comprises the following information of a legal Internet of things gateway: the unique authorization number of the user, the unique authorization number of the equipment, the valid deadline timestamp and the data submission timestamp; the access service information comprises the following information corresponding to the gateway of the Internet of things: generating a timestamp by the unique authorization number of the user, the unique gateway number and the unique gateway number; the equipment login information comprises the following information corresponding to the Internet of things equipment: a device unique authorization number, a validity expiration timestamp, and a data commit timestamp. The legality of the gateway of the Internet of things and the equipment of the Internet of things is authenticated mainly through six types of core data, namely a user unique authorization number, a gateway unique number generation timestamp, an equipment unique authorization number, a validity deadline timestamp and a data submission timestamp.
In a specific implementation process, the management platform of the internet of things judges the equipment information validity of the equipment of the internet of things through the following steps:
a1: retrieving data objects corresponding to the user unique authorization number and the equipment unique authorization number of the current Internet of things equipment in an intelligent contract of the block chain: if the corresponding data object is retrieved, entering the next step; otherwise, go to step A3;
a2: converting the validity expiration timestamp of the current internet of things device into a time format (including date + time, with precision of milliseconds), and then comparing the validity expiration timestamp with the current time: if the valid deadline timestamp is greater than the current time, the equipment information of the current Internet of things equipment is legal; otherwise, go to step A3;
a3: the equipment information of the current Internet of things equipment is illegal.
In a specific implementation process, when the internet of things management platform judges the access service validity of the internet of things gateway, retrieving a data object corresponding to a user unique authorization number, a gateway unique number and a gateway unique number generation timestamp of the current internet of things gateway in an intelligent contract of a block chain: if the corresponding data object is retrieved, the access service of the current gateway of the Internet of things is legal; otherwise, the access service of the current gateway of the internet of things is illegal.
In the specific implementation process, the method further comprises the following steps: the platform database is used for storing a legal unique user authorization number; the internet of things management platform is further used for writing in gateway legal information in an intelligent contract of the block chain, and specifically comprises the following steps:
b1: and acquiring a user unique authorization number, a gateway unique number and a gateway unique number of the current Internet of things gateway through a set gateway information synchronization interface to generate a timestamp.
B2: searching and judging whether a user unique authorization number of the current Internet of things gateway exists in a platform database: if yes, entering the next step; otherwise, step B4 is entered.
B3: and storing the user unique authorization number, the gateway unique number and the gateway unique number generation timestamp of the current Internet of things gateway in a block chain in a key value pair mode to serve as the gateway legal information of the current Internet of things gateway. In this embodiment, the gateway legal information is stored in a subfield form, and the json serialized character string is stored.
B4: and finishing the writing of the legal information of the gateway.
In a specific implementation process, the internet of things management platform is further configured to write device legal information in an intelligent contract of the block chain, and specifically includes:
c1: and acquiring the unique user authorization number, the unique equipment authorization number and the valid deadline timestamp of the current Internet of things equipment through the set equipment information synchronization interface.
C2: searching and judging whether a user unique authorization number of the current Internet of things equipment exists in a platform database: if yes, entering the next step; otherwise, go to step C4.
C3: and acquiring a current data submission timestamp, and storing the data submission timestamp, the user unique authorization number, the equipment unique authorization number and the valid deadline timestamp in a block chain in a key value pair mode to be used as equipment legal information of the current Internet of things equipment. In this embodiment, the device legal information is stored in a subfield form, and the json serialized character string is stored.
C4: and finishing the writing of the legal information of the equipment.
During actual equipment management, the internet of things gateway serves as a data transmission medium of the internet of things equipment and the internet of things management platform, namely the internet of things gateway receives equipment login information sent by the internet of things equipment and submits the information to the internet of things management platform for authentication. In the invention, the access service legality of the Internet of things gateway is authenticated, so that an illegal Internet of things gateway cannot submit data to the Internet of things management platform, and then an illegal device cannot attack the Internet of things management platform through the illegal gateway, thereby not only reducing the service burden of the Internet of things gateway and the Internet of things management platform, but also avoiding the problems of data loss and abnormal login access service of the system. Secondly, the legal data and the storage safety of the data submitted by the equipment can be ensured by storing the legal information of the equipment and the legal information of the gateway through the block chain, so that the data cannot be illegally tampered or damaged, the problems of data loss and the like caused by single-node faults are avoided, and the equipment safety management effect of the system can be improved. In addition, the existing business logic of inquiring and judging legal equipment data by using the Internet of things gateway is improved into judgment by using a block chain intelligent contract strategy, so that the burden of the Internet of things gateway and an Internet of things management platform is reduced, the interaction frequency of the Internet of things gateway, a platform database and cache is reduced, and the equipment safety management effect of the system is improved.
Example two:
on the basis of the first embodiment, the embodiment further discloses an anti-counterfeiting function of the internet of things equipment security management system.
When actual equipment is managed, an illegal organization falsely uses existing legal equipment information, and uses a communication protocol to connect with the gateway of the Internet of things so as to launch attack. Therefore, existing legal equipment for successful login is basically managed and stored by the gateway of the internet of things, and can be stored through a database, a cache and the like, and partial storage or the defect that the reliability degree of a single node is not high exists, so that data loss is likely to be caused by single node failure and network attack. Distributed storage is also used, but the storage is only responsible for storing information of legal logged-in equipment, all judgment and verification logics are also centralized on the internet of things gateway to be executed, and the workload is still large.
In view of the above problems, the present embodiment discloses the following solutions:
as shown in fig. 2, the intelligent contract of the block chain of the internet of things device security management system further includes device anti-counterfeiting information;
the management platform of the internet of things is also used for judging whether other internet of things equipment repeatedly logged in exists according to the equipment login information of the current internet of things equipment and an intelligent contract stored in the block chain when the equipment information of the internet of things equipment is legal: if other internet of things equipment which logs in repeatedly exists, sending corresponding prompt information for logging in repeatedly; otherwise, writing corresponding equipment anti-counterfeiting information in the intelligent contract of the block chain.
According to the invention, the repeated login prompt information can be sent out when the equipment of the Internet of things repeatedly logs in, so that a manager can be reminded to check whether the illegal equipment attacks the system or not in time. Secondly, the legal data and the storage safety of the data submitted by the equipment can be ensured by storing the legal information of the equipment and the legal information of the gateway through the block chain, so that the data cannot be illegally tampered or damaged, the problems of data loss and the like caused by single-node faults are avoided, and the equipment safety management effect of the system can be improved. In addition, the existing business logic of inquiring and judging legal equipment data by using the Internet of things gateway is improved into judgment by using a block chain intelligent contract strategy, so that the burden of the Internet of things gateway and an Internet of things management platform is reduced, the interaction frequency of the Internet of things gateway, a platform database and cache is reduced, and the equipment safety management effect of the system is improved.
In the specific implementation process, when the management platform of the internet of things writes in the anti-counterfeiting information of the equipment in the intelligent contract of the block chain: the login timestamp of the current Internet of things equipment is obtained, and then the login timestamp, the unique user authorization number, the unique equipment authorization number and the unique gateway number of the current Internet of things equipment are stored in a block chain in a key value pair mode and serve as the equipment anti-counterfeiting information of the current Internet of things equipment. The method mainly authenticates the legality of the gateway of the Internet of things and the equipment of the Internet of things through four types of core data, namely a login timestamp, a user unique authorization number, an equipment unique authorization number and a gateway unique number.
Example three:
on the basis of the first embodiment, the embodiment further discloses a data sharing function of the internet of things equipment security management system.
During actual equipment management, the internet of things equipment manufacturers need to provide certification data of performance of the internet of things equipment manufacturers for third-party units to check during financing and sales. At present, the conventional sales contract is provided to prove that the illegal conditions such as counterfeiting, altering and the like exist, and the reflected data is not true. Secondly, the third party unit can add extra load to the platform of the internet of things by checking the authorization data. In addition, interface logic provided for a third party unit needs to be customized and developed, and the viewing data dimensions of different objects are different.
In view of the above problems, the present embodiment discloses the following solutions:
as shown in fig. 3 and 4, the internet of things management platform is further configured to formulate an intelligent contract retrieval policy and obtain a corresponding intelligent contract retrieval policy code; then, translating the intelligent contract retrieval strategy into an execution statement meeting the requirement of the touchDB for inquiring the Selector grammar and storing the execution statement into a platform database; finally, establishing an association relation between the execution statement and the unique authorization number of the user, the unique number of the third party unit and the intelligent contract retrieval strategy code; the intelligent contract retrieval strategy comprises retrieval object attributes, retrieval object subfields and retrieval result ordering rules of the block chain data.
Thing networking equipment safety management system still includes: a platform database for storing execution statements; the execution statement is an intelligent contract retrieval strategy which is obtained by meeting syntax translation of a touchDB query Selector; and the execution statement and the user unique authorization number of the third party unit, the third party unit unique number and the intelligent contract retrieval strategy code have corresponding association relation.
The Internet of things management platform is also used for acquiring the user unique authorization number and the intelligent contract retrieval strategy code of the third party unit, and retrieving and judging whether an execution statement corresponding to the user unique authorization number and the intelligent contract retrieval strategy code of the current third party unit exists in the platform database; and then when corresponding execution statements exist, acquiring the execution statements meeting the requirement of the touchDB for inquiring the Selector grammar, and transmitting the unique authorization number of the user as a parameter into the intelligent contract so as to retrieve the block chain data in the intelligent contract through a corresponding intelligent contract retrieval strategy.
According to the invention, the storage safety of legal data and the data submitted by the equipment is ensured, so that the data cannot be illegally tampered or damaged, the problems of data loss and the like caused by single-node faults are avoided, and the equipment safety management effect of the system can be improved. In addition, any authorized third party unit can inquire real Internet of things equipment data in real time, permission configuration and an inquiry interface opening from an original Internet of things equipment manufacturer and an Internet of things platform operator to the Internet of things platform of the third party unit are not needed, and the use pressure of the Internet of things management platform is reduced. Meanwhile, the workload of managers of original Internet of things equipment manufacturers and Internet of things platform operators is reduced, various performance certification materials do not need to be sorted, and the authenticity of data is ensured; the configurable interface function is provided, and a user can complete data query rule formulation in the intelligent contract through simple configuration.
The foregoing is merely an example of the present invention, and common general knowledge in the field of known specific structures and characteristics is not described herein in any greater extent than that known in the art at the filing date or prior to the priority date of the application, so that those skilled in the art can now appreciate that all of the above-described techniques in this field and have the ability to apply routine experimentation before this date can be combined with one or more of the present teachings to complete and implement the present invention, and that certain typical known structures or known methods do not pose any impediments to the implementation of the present invention by those skilled in the art. It should be noted that, for those skilled in the art, without departing from the structure of the present invention, several changes and modifications can be made, which should also be regarded as the protection scope of the present invention, and these will not affect the effect of the implementation of the present invention and the practicability of the patent. The scope of the claims of the present application shall be determined by the contents of the claims, and the description of the embodiments and the like in the specification shall be used to explain the contents of the claims.

Claims (10)

1. Thing networking equipment safety management system based on block chain intelligent contract, its characterized in that includes:
the intelligent contract comprises equipment legal information of legal Internet of things equipment and gateway legal information of a legal Internet of things gateway;
the management platform of the internet of things is used for acquiring access service information carried by the corresponding internet of things gateway when the internet of things gateway submits equipment login information of the internet of things equipment, and judging the access service validity of the current internet of things gateway according to the access service information of the current internet of things gateway and an intelligent contract stored in a block chain; and then receiving the submitted equipment login information of the Internet of things equipment when the access service of the current Internet of things gateway is legal, and judging the equipment information legality of the current Internet of things equipment according to the equipment login information of the Internet of things equipment and the intelligent contract stored in the block chain.
2. The system for internet of things device security management based on blockchain intelligent contracts of claim 1, wherein:
the equipment legal information comprises the following information of legal Internet of things equipment: generating a timestamp by the unique authorization number of the user, the unique gateway number and the unique gateway number; the gateway legal information comprises the following information of a legal Internet of things gateway: the unique authorization number of the user, the unique authorization number of the equipment, the valid deadline timestamp and the data submission timestamp; the access service information comprises the following information corresponding to the gateway of the internet of things: generating a timestamp by the unique authorization number of the user, the unique gateway number and the unique gateway number; the equipment login information comprises the following information corresponding to the Internet of things equipment: a device unique authorization number, a validity expiration timestamp, and a data commit timestamp.
3. The system for security management of devices of the internet of things based on the blockchain intelligent contract according to claim 2, wherein the management platform of the internet of things judges the validity of the device information of the devices of the internet of things by:
a1: retrieving data objects corresponding to the user unique authorization number and the equipment unique authorization number of the current Internet of things equipment in an intelligent contract of the block chain: if the corresponding data object is retrieved, entering the next step; otherwise, go to step A3;
a2: converting the validity deadline timestamp of the current Internet of things equipment into a time format, and then comparing the validity deadline timestamp with the current time: if the valid deadline timestamp is greater than the current time, the equipment information of the current Internet of things equipment is legal; otherwise, go to step A3;
a3: the equipment information of the current Internet of things equipment is illegal.
4. The system for security management of internet of things equipment based on a blockchain intelligent contract according to claim 2, wherein when the internet of things management platform judges the validity of the access service of the internet of things gateway, the internet of things management platform searches the intelligent contract of the blockchain for a data object corresponding to the user unique authorization number, the gateway unique number and the gateway unique number generation timestamp of the current internet of things gateway: if the corresponding data object is retrieved, the access service of the current gateway of the Internet of things is legal; otherwise, the access service of the current gateway of the internet of things is illegal.
5. The system for internet of things device security management based on blockchain intelligent contracts of claim 2, further comprising: the platform database is used for storing a legal unique user authorization number;
the internet of things management platform is further used for writing gateway legal information into an intelligent contract of the block chain, and specifically comprises the following steps:
b1: acquiring a user unique authorization number, a gateway unique number and a gateway unique number of a current Internet of things gateway through a set gateway information synchronization interface to generate a timestamp;
b2: searching and judging whether a user unique authorization number of the current Internet of things gateway exists in a platform database: if yes, entering the next step; otherwise, go to step B4;
b3: storing a user unique authorization number, a gateway unique number and a gateway unique number generation timestamp of the current Internet of things gateway in a block chain in a key value pair mode to serve as gateway legal information of the current Internet of things gateway;
b4: and finishing the writing of the legal information of the gateway.
6. The system for internet of things device security management based on blockchain intelligent contracts of claim 5, wherein: the internet of things management platform is further used for writing equipment legal information into an intelligent contract of the block chain, and specifically comprises the following steps:
c1: acquiring a user unique authorization number, a device unique authorization number and an effective deadline timestamp of the current Internet of things device through a set device information synchronization interface;
c2: searching and judging whether a user unique authorization number of the current Internet of things equipment exists in a platform database: if yes, entering the next step; otherwise, go to step C4;
c3: acquiring a current data submission timestamp, and storing the data submission timestamp, a user unique authorization number, an equipment unique authorization number and a valid deadline timestamp in a block chain in a key value pair mode to be used as equipment legal information of current Internet of things equipment;
c4: and finishing the writing of the legal information of the equipment.
7. The internet of things equipment security management system based on the blockchain intelligent contract, as recited in claim 2, wherein the blockchain intelligent contract further comprises equipment anti-counterfeiting information;
the management platform of the internet of things is also used for judging whether other internet of things equipment which is logged in repeatedly exists according to the equipment login information of the current internet of things equipment and an intelligent contract stored in the block chain when the equipment information of the internet of things equipment is legal: if other internet of things equipment which logs in repeatedly exists, sending corresponding prompt information for logging in repeatedly; otherwise, writing corresponding equipment anti-counterfeiting information in the intelligent contract of the block chain.
8. The system for internet of things device security management based on blockchain intelligent contracts of claim 7, wherein: when the management platform of the internet of things writes equipment anti-counterfeiting information in the intelligent contract of the block chain: the login timestamp of the current Internet of things equipment is obtained, and then the login timestamp, the unique user authorization number, the unique equipment authorization number and the unique gateway number of the current Internet of things equipment are stored in a block chain in a key value pair mode and serve as the equipment anti-counterfeiting information of the current Internet of things equipment.
9. The system for internet of things device security management based on blockchain intelligent contracts of claim 1, further comprising: a platform database for storing execution statements; the execution statement is obtained by meeting syntax translation of a touchDB query Selector for an intelligent contract retrieval strategy; corresponding incidence relations are formed between the execution statement and the user unique authorization number of the third party unit, the third party unit unique number and the intelligent contract retrieval strategy code;
the Internet of things management platform is further used for acquiring the user unique authorization number and the intelligent contract retrieval strategy code of the third party unit, and retrieving and judging whether an execution statement corresponding to the user unique authorization number and the intelligent contract retrieval strategy code of the current third party unit exists in the platform database; and then when corresponding execution statements exist, acquiring the execution statements meeting the requirement of the touchDB for inquiring the Selector grammar, and transmitting the unique authorization number of the user as a parameter into the intelligent contract so as to retrieve the block chain data in the intelligent contract through a corresponding intelligent contract retrieval strategy.
10. The system for internet of things device security management based on blockchain intelligent contracts of claim 9, wherein: the Internet of things management platform is further used for formulating an intelligent contract retrieval strategy and acquiring a corresponding intelligent contract retrieval strategy code; then, translating the intelligent contract retrieval strategy into an execution statement meeting the requirement of the touchDB for inquiring the Selector grammar and storing the execution statement into a platform database; finally, establishing an association relation between the execution statement and the unique authorization number of the user, the unique number of the third party unit and the intelligent contract retrieval strategy code; the intelligent contract retrieval strategy comprises retrieval object attributes, retrieval object subfields and retrieval result sorting rules of block chain data.
CN202110557767.4A 2021-05-21 2021-05-21 Internet of things equipment security management system based on block chain intelligent contract Active CN113301039B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110557767.4A CN113301039B (en) 2021-05-21 2021-05-21 Internet of things equipment security management system based on block chain intelligent contract

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110557767.4A CN113301039B (en) 2021-05-21 2021-05-21 Internet of things equipment security management system based on block chain intelligent contract

Publications (2)

Publication Number Publication Date
CN113301039A true CN113301039A (en) 2021-08-24
CN113301039B CN113301039B (en) 2023-04-07

Family

ID=77323654

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110557767.4A Active CN113301039B (en) 2021-05-21 2021-05-21 Internet of things equipment security management system based on block chain intelligent contract

Country Status (1)

Country Link
CN (1) CN113301039B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107528856A (en) * 2017-09-27 2017-12-29 福建实达电脑设备有限公司 Internet of Things mist end equipment based on block chain platform access authentication method beyond the clouds
CN109167822A (en) * 2018-08-14 2019-01-08 众安信息技术服务有限公司 A kind of internet of things equipment control method and system based on block chain
CN111447066A (en) * 2020-02-19 2020-07-24 江苏荣泽信息科技股份有限公司 Thing networking platform based on block chain
AU2020104272A4 (en) * 2020-12-23 2021-03-11 Hunan Tian He Guo Yun Technology Co., Ltd. Blockchain-based industrial internet data security monitoring method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107528856A (en) * 2017-09-27 2017-12-29 福建实达电脑设备有限公司 Internet of Things mist end equipment based on block chain platform access authentication method beyond the clouds
CN109167822A (en) * 2018-08-14 2019-01-08 众安信息技术服务有限公司 A kind of internet of things equipment control method and system based on block chain
CN111447066A (en) * 2020-02-19 2020-07-24 江苏荣泽信息科技股份有限公司 Thing networking platform based on block chain
AU2020104272A4 (en) * 2020-12-23 2021-03-11 Hunan Tian He Guo Yun Technology Co., Ltd. Blockchain-based industrial internet data security monitoring method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
RANDA ALMADHOUN: "A User Authentication Scheme of IoT Devices using Blockchain-Enabled Fog Nodes", 《2018 IEEE/ACS 15TH INTERNATIONAL CONFERENCE ON COMPUTER SYSTEMS AND APPLICATIONS (AICCSA)》 *
沈海波等: "面向物联网的基于智能合约的认证和授权方案", 《计算机应用与软件》 *

Also Published As

Publication number Publication date
CN113301039B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
CN108615148B (en) A kind of preposition method of commerce of secured assets and system based on block chain technology
US7478236B2 (en) Method of validating certificate by certificate validation server using certificate policies and certificate policy mapping in public key infrastructure
CN102946384B (en) User authentication method and equipment
CN108173850A (en) A kind of identity authorization system and identity identifying method based on block chain intelligence contract
KR20020001190A (en) Apparatus for extended firewall protecting internal resources in network system
CN107122674B (en) Access method of oracle database applied to operation and maintenance auditing system
CN104363207B (en) Multiple-factor strengthens safely authorization and identification method
CN110401655A (en) Access control right management system based on user and role
CN101242267A (en) A trusted network connection method for enhancing security
EA007089B1 (en) System and method for the transmission, storage and retrieval of authenticated documents
CN113259311B (en) Decentralized identity authentication system based on block chain
CN101242401A (en) A trusted network connection system for security enhancement
CN107832602B (en) Unified electronic seal system based on identification
US11777732B2 (en) Token node locking
CN106161348A (en) A kind of method of single-sign-on, system and terminal
CN106657014A (en) Data accessing method, device and system
CN1601954A (en) Moving principals across security boundaries without service interruption
CN101084664B (en) Method and system for providing and utilizing a network trusted context, and data server
CN105610855A (en) Method and device for login verification of cross-domain system
CN113301039B (en) Internet of things equipment security management system based on block chain intelligent contract
KR20210132526A (en) Authentication and Policy Management Methods Using Layer Blockchain
CN115987697A (en) Multi-level information data sharing method and system based on event subscription mechanism
Khalil et al. IoT-MAAC: Multiple attribute access control for IoT environments
CN113794721A (en) Government organization, financial institution and enterprise security direct connection method
CN113630255A (en) Lightweight bidirectional authentication method and system based on SRAM PUF

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant