CN116112215A - Remote proving method, device, electronic equipment and storage medium based on alliance chain - Google Patents

Remote proving method, device, electronic equipment and storage medium based on alliance chain Download PDF

Info

Publication number
CN116112215A
CN116112215A CN202211617501.5A CN202211617501A CN116112215A CN 116112215 A CN116112215 A CN 116112215A CN 202211617501 A CN202211617501 A CN 202211617501A CN 116112215 A CN116112215 A CN 116112215A
Authority
CN
China
Prior art keywords
node
network access
transaction
attribute certificate
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211617501.5A
Other languages
Chinese (zh)
Inventor
张建标
张兆乾
刘燕辉
李铮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
Original Assignee
Beijing University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology filed Critical Beijing University of Technology
Priority to CN202211617501.5A priority Critical patent/CN116112215A/en
Publication of CN116112215A publication Critical patent/CN116112215A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

The invention provides a remote proving method, a device, an electronic device and a storage medium based on a alliance chain, wherein the remote proving method based on the alliance chain comprises the following steps: the external node sends an attribute certificate application package to a third party trusted authority; the external node receives an attribute certificate of a third-party trusted authority, wherein the attribute certificate is generated by the third-party trusted authority according to an attribute certificate application package; the external node sends a network access request to a consensus node in the alliance chain system, wherein the network access request comprises an attribute certificate; if the consensus node verifies that the network access request passes the validity, the external node becomes a trusted node in the alliance chain system. Through the mode, the invention provides the alliance chain-oriented trusted networking method, which can strictly control the access of an alliance chain system and ensure the privacy of the external node computing environment configuration.

Description

Remote proving method, device, electronic equipment and storage medium based on alliance chain
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a remote certification method and apparatus based on a federation chain, an electronic device, and a storage medium.
Background
Along with popularization of the application scenes of the blockchain, more and more fields adopt alliance chains supporting intelligent contracts to realize various scene services. And new requirements are put forward on the security level protection of the information system under new situation of new age, and trusted computing technology support is needed for important information systems so as to ensure the security of the important information systems.
In order to strengthen the requirements of the network security level protection from one level to four levels on the trust, the trust verification needs to be listed in each level and the trust verification requirements of each link are proposed step by step. The federation chain acts as an important information system for which the requirements for trust verification must be met.
Remote attestation is the core of building a trusted network. However, current remote attestation models are only directed to a network with centers and are not suitable for use in decentralised scenarios. Decentralised distributed network environments, such as federation chains, etc., the computing nodes still cannot implement remote attestation.
Disclosure of Invention
The invention provides a remote proof method, a device, electronic equipment and a storage medium based on a alliance chain, which are used for solving the defect that the alliance chain cannot realize remote proof in the prior art.
The invention provides a remote proving method based on a alliance chain, which comprises the following steps: the external node sends an attribute certificate application package to a third party trusted authority; the external node receives an attribute certificate of a third-party trusted authority, wherein the attribute certificate is generated by the third-party trusted authority according to an attribute certificate application package; the external node sends a network access request to a consensus node in the alliance chain system, wherein the network access request comprises an attribute certificate; if the consensus node verifies that the network access request passes the validity, the external node becomes a trusted node in the alliance chain system.
According to the remote proving method based on the alliance chain, after the external node joins the alliance chain system, the method further comprises the following steps: any trusted node in the coalition chain system creates a transaction; wherein the transaction includes creating an AIK certificate of a trusted node of the transaction, creating component metric values of a current computing environment of the trusted node of the transaction, and transaction data; the trusted node for creating the transaction broadcasts the transaction in the coalition chain system; other nodes in the alliance chain system verify the format of the transaction and forward the transaction; the consensus node in the alliance chain system obtains the transaction and verifies the content of the transaction; if the verification is passed, the transaction is approved.
According to the remote proving method based on the alliance chain, if the common node verifies that the network access request and the legitimacy pass, the external node becomes a trusted node in the alliance chain system, and the remote proving method comprises the following steps: the consensus node verifies the validity of the attribute certificate provided by the external node and determines the issuer and the validity period of the attribute certificate; the consensus node verifies whether the attribute contained in the attribute certificate provided by the external node meets the network access requirement, wherein the attribute set of the network access requirement is required to be a subset of the attribute set in the attribute certificate; the consensus node verifies whether the attribute values of the respective attributes provided in the attribute certificate provided by the external node agree with the metric values provided by the external node.
According to the remote proving method based on the alliance chain, after the external node joins the alliance chain system, the method further comprises the following steps: any common node in the alliance chain system creates an online transaction block; the network access transaction block comprises AIK certificates of the common node of the network access transaction block and measurement values of all components in the current computing environment of the common node of the network access transaction block; the consensus node for creating the network-access transaction block broadcasts in the network-access transaction block alliance chain system; the trusted node in the alliance chain system verifies the network access transaction block; if the verification is passed, receiving an online transaction block, and updating the local account book based on the online transaction block.
According to the remote proving method based on the alliance chain, the trusted node in the alliance chain system verifies the network access transaction block, which comprises the following steps: the trusted node verifies the format of the network access transaction block; the trusted node verifies the identity of the consensus node creating the network access transaction block; the trusted node verifies the integrity of the computing environment of the consensus node that created the online transaction block.
According to the remote proving method based on the alliance chain, the attribute certificate application package comprises an identification key, an AIK public key, an EK certificate of a TPCM of an external node, configuration information of each part of a computing environment, a metric value and a metric storage log of the configuration information.
According to the remote proving method based on the alliance chain, the network access request further comprises an AIK certificate and measurement values of all parts of the current computing environment of the external node.
The invention also provides a remote proving device based on the alliance chain, which comprises: the external node module is used for sending an attribute certificate application package to the third-party trusted authority; receiving an attribute certificate of a third party trusted authority, wherein the attribute certificate is generated by the third party trusted authority according to an attribute certificate application package and sent to a consensus node in a alliance chain system, and the network access request comprises the attribute certificate; and the consensus node module is used for enabling the external node to be a trusted node in the alliance chain system when the passing of the validity of the network access request is verified.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes any of the remote attestation methods based on the alliance chains when executing the program.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements any of the federation chain-based remote attestation methods described above.
The invention provides a remote proving method, a device, electronic equipment and a storage medium based on a alliance chain, wherein the remote proving method based on the alliance chain comprises the following steps: the external node sends an attribute certificate application package to a third party trusted authority; the external node receives an attribute certificate of a third-party trusted authority, wherein the attribute certificate is generated by the third-party trusted authority according to an attribute certificate application package; the external node sends a network access request to a consensus node in the alliance chain system, wherein the network access request comprises an attribute certificate; if the consensus node verifies that the network access request passes the validity, the external node becomes a trusted node in the alliance chain system. Through the mode, the invention provides the alliance chain-oriented trusted networking method, which can strictly control the access of an alliance chain system and ensure the privacy of the external node computing environment configuration.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow diagram of one embodiment of a federated-chain-based remote attestation method of the present invention;
FIG. 2 is a schematic diagram of an embodiment of a federated chain system of the present invention;
FIG. 3 is a schematic diagram of a remote attestation apparatus based on a federated chain of the present invention
Fig. 4 is a schematic structural diagram of an embodiment of the electronic device of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention provides a remote proving method based on a alliance chain, referring to fig. 1-2, fig. 1 is a flow chart of an embodiment of the remote proving method based on the alliance chain. FIG. 2 is a schematic diagram of an embodiment of a federated chain system of the present invention. In this embodiment, the remote attestation method based on the federation chain includes steps S110 to S140, and the steps are specifically as follows:
s110: the external node sends an attribute certificate application package to the third party trusted authority.
As shown in fig. 2, the federation chain system includes a consensus node and a plurality of trusted nodes, and the plurality of trusted nodes may be divided into a plurality of organizations, each organization may include a plurality of interconnected nodes, and each organization is connected to the consensus node respectively.
Wherein a consensus node in the federated chain system may connect a third party trusted authority (Certification Authority, CA) outside the federated chain system. The external node can become a trusted node in the alliance chain system after network access verification.
In a federated chain system, to achieve active trusted control, the consensus node needs to have a trusted computing platform, where the guard components include trusted platform control modules (Trusted Platform Control Module, TPCM), trusted software bases (Trusted Software Base, TSB), and so on.
The consensus node is acted by a trusted node with TPCM, and TSB is built in the node for node network access verification, transaction collection, transaction verification, construction block, verification block and the like.
The trusted node is located within an organization with the attribute certificates issued by the TPCM and the external CA. The trusted node is used for locally storing alliance chain account book data, constructing transactions, verifying blocks and the like. The trusted node may become a consensus node.
The external node needs to send an attribute certificate application package to the third party trusted authority for verification. Optionally, the attribute certificate application package includes an identification key, an AIK public key, an EK certificate (cryptographic module certificate) of the TPCM of the external node, configuration information of each component of the computing environment, and metric values and metric storage logs thereof. The metrics include, but are not limited to, TPCM information, hardware information, BIOS, operating system kernel, operating system, necessary application information, etc.
The EK certificate is called an endorsement certificate, and only one EK certificate can be provided for one TCM lifetime, and the EK certificate is the unique identification of the TCM chip.
The AIK certificate is issued by the CA, and the AIK certificate is mainly used for proving that the related AIK key is generated in the TCM and is bound with the EK key of the TCM, wherein the AIK key is generated by the EK key. The AIK certificate can only be used for signing, can not be used for encryption and decryption, and can only be used for signing of information in the TCM, so as to prevent an attacker from carrying out AIK cracking.
S120: the external node receives an attribute certificate of a third party trusted authority.
The attribute certificate is generated by a third party trusted authority according to an attribute certificate application package.
Outside the federated chain system, an external CA generates AIK certificates and attribute certificates for the compute nodes. One attribute certificate contains an attribute set mapped by a node computing environment, wherein the attribute set contains a plurality of computing environment attributes, all other attributes except for a trusted root attribute corresponding to the TPCM have attribute values, and the attribute values are measured by the TPCM to obtain measurement values of a computing component corresponding to the attribute.
In the attribute certificate, different components are mapped to corresponding attributes according to a component configuration information-attribute mapping table. The attribute has a dependency relationship according to the trusted chain, specifically:
(TPCM attribute→bios attribute key pair);
(BIOS attribute→operating system kernel attribute key pair);
(operating System kernel Property→operating System Property Key pair);
(operating System Attribute → (application Attribute 1 Key pair, application Attribute 2 Key pair, …, application Attribute n Key pair))
Where "key-value pair" means "attribute-attribute value". And each group of components corresponding to the previous attribute are represented to measure the components corresponding to the next attribute, so that the measurement value of the component corresponding to the next attribute is obtained. In the last group, all applications are in a side-by-side relationship, measured by the operating system.
In this embodiment, the attribute includes an attribute name and an attribute value, where the attribute name corresponds to a component in the computing environment and the attribute value corresponds to a metric value of the component; the attribute value in the attribute certificate is used as a reference value for determining the integrity of the node computing environment. The attribute value is firstly obtained by the CA through the consistency judgment of the measurement value and the stored measurement log of the computing environment.
Specifically, the step of generating the attribute certificate by the third party trusted authority may include:
(1) Verifying the validity of certificate information sent by an external node, and if the certificate information is valid, generating an AIK certificate;
(2) And obtaining an attribute set of the node computing environment according to configuration information of each part of the computing environment sent by the external node and a local 'component configuration information-attribute' mapping table, and assigning a metric value of each attribute using part in the attribute set.
(3) Constructing an attribute certificate, signing the attribute certificate by using a local private key, encrypting the AIK certificate and the attribute certificate by using an AIK public key of a node, and transmitting the AIK certificate and the attribute certificate to the node together with a component configuration information-attribute mapping table I;
(4) The external node decrypts the AIK private key to obtain an AIK certificate and an attribute certificate.
The AIK certificate is used for verifying the identity of the node TPCM, the attribute certificate is used for verifying the integrity of the node computing environment, and the attribute value can be used as a reference value of the current node computing environment.
S130: the external node sends a network access request to a consensus node in the federated chain system, wherein the network access request includes an attribute certificate.
Optionally, the network access request further includes an AIK certificate, and a metric value of each component of the current computing environment of the external node.
The external node will provide AIK certificates, attribute certificates, and metrics of the various components of the current computing environment for the federated chain system to verify according to the federated chain system requirements. If the external node does not have the attribute required to be provided by the alliance chain system, the CA can be applied for updating the attribute certificate again.
And the consensus node in the alliance chain system receives the network access request of the outsourcing node and judges whether the external node has legal identity or not by verifying the validity of the AIK certificate. If the verification fails, the network access is refused.
S140: if the consensus node verifies that the network access request passes the validity, the external node becomes a trusted node in the alliance chain system.
In some embodiments, the step of the consensus node verifying the network access request specifically includes:
(1) The consensus node verifies the validity of the attribute certificate provided by the external node and determines the issuer and the validity period of the attribute certificate; wherein the attribute certificate must be issued by the CA and the age not expired.
(2) The consensus node verifies whether the attribute contained in the attribute certificate provided by the external node meets the network access requirement, wherein the attribute set of the network access requirement is required to be a subset of the attribute set in the attribute certificate;
(3) The consensus node verifies whether the attribute values of the respective attributes provided in the attribute certificate provided by the external node agree with the metric values provided by the external node.
If the verification is passed, the subsequent steps are carried out, otherwise, the network access is refused.
Optionally, the consensus node in the alliance chain system creates an online transaction, wherein the online transaction comprises an AIK certificate of an external node, an attribute certificate and a measurement value of each component of the current computing environment; alternatively, the consensus node in the federated chain system creates a block containing the network entry transactions described above. The AIK certificate of the consensus node, the metrics of the various components in the current computing environment are contained in the block. The consensus node broadcasts the block in the federated chain system.
According to the remote proving method based on the alliance chain, the steps after the external node joins the alliance chain system further comprise:
any trusted node in the coalition chain system creates a transaction; wherein the transaction includes creating an AIK certificate of a trusted node of the transaction, creating component metric values of a current computing environment of the trusted node of the transaction, and transaction data; the trusted node for creating the transaction broadcasts the transaction in the coalition chain system; other nodes in the alliance chain system verify the format of the transaction and forward the transaction; the consensus node in the alliance chain system obtains the transaction and verifies the content of the transaction; if the verification is passed, the transaction is approved.
The computing nodes join the federated chain system and interact with other nodes by building transactions. One node requires an authentication procedure at the time of the transaction. Authentication no longer requires participation of the CA. The consensus node gathers the transaction and performs the following verification:
(1) And verifying whether the transaction format is correct.
(2) And verifying the identity of the node, acquiring an AIK certificate from the account book, comparing the AIK certificate with the AIK certificate in the transaction, and if the AIK certificate is consistent with the AIK certificate, indicating that the identity is effective.
(3) And verifying the integrity of the node computing environment, acquiring an attribute certificate from the account book, comparing the attribute certificate with the measurement values of all parts of the node computing environment in the transaction, and if the attribute certificate is consistent with the measurement values of all the parts of the node computing environment, indicating that the node computing environment is effective.
If the verification passes, the subsequent flow is carried out, otherwise, the transaction is refused.
According to the remote proving method based on the alliance chain, the steps after the external node joins the alliance chain system further comprise:
any common node in the alliance chain system creates an online transaction block; the network access transaction block comprises AIK certificates of the common node of the network access transaction block and measurement values of all components in the current computing environment of the common node of the network access transaction block; the consensus node for creating the network-access transaction block broadcasts in the network-access transaction block alliance chain system; the trusted node in the alliance chain system verifies the network access transaction block; if the verification is passed, receiving an online transaction block, and updating the local account book based on the online transaction block.
The step of verifying the network access transaction block by the trusted node in the alliance chain system specifically comprises the following steps:
(1) The trusted node verifies the format of the access transaction block.
(2) The trusted node verifies the identity of the consensus node creating the network access transaction block; and acquiring the AIK certificate of the consensus node from the alliance chain account book, comparing the AIK certificate with the AIK certificate of the consensus node in the block, and if the AIK certificates are consistent, indicating that the identity of the consensus node is effective.
(3) The trusted node verifies the integrity of the computing environment of the consensus node that created the online transaction block. And acquiring the attribute certificate of the consensus node from the alliance chain account book, judging whether the attribute value of each component of the computing environment of the consensus node in the attribute certificate is consistent with the measurement value of each component of the computing environment of the consensus node in the block, and if so, indicating that the computing environment of the consensus node is credible.
(4) Each transaction is validated.
If the verification passes, the block is accepted, the local account book is updated, and otherwise, the block is refused.
In summary, the present embodiment provides a remote attestation method based on a federation chain, including: the external node sends an attribute certificate application package to a third party trusted authority; the external node receives an attribute certificate of a third-party trusted authority, wherein the attribute certificate is generated by the third-party trusted authority according to an attribute certificate application package; the external node sends a network access request to a consensus node in the alliance chain system, wherein the network access request comprises an attribute certificate; if the consensus node verifies that the network access request passes the validity, the external node becomes a trusted node in the alliance chain system. Through the mode, the invention provides the alliance chain-oriented trusted networking method, which can strictly control the access of an alliance chain system and ensure the privacy of the configuration of the external node computing environment; moreover, the computing environment integrity verification process is simplified, and only the comparison with the attribute value in the attribute certificate is needed.
The present invention is described below with respect to a remote attestation apparatus based on a federation chain, and the remote attestation apparatus based on a federation chain described below and the remote attestation method based on a federation chain described above can be referred to correspondingly with each other.
Referring to fig. 3, fig. 3 is a schematic structural diagram of an embodiment of a remote attestation device based on a federated chain according to the present invention, in which the remote attestation device based on the federated chain includes: an external node module 310 and a consensus node module 320.
An external node module 310, configured to send an attribute certificate application packet to a third party trusted authority; and receiving an attribute certificate of the third-party trusted authority, wherein the attribute certificate is generated by the third-party trusted authority according to an attribute certificate application package and sent to a consensus node in the alliance chain system, and the network access request comprises the attribute certificate.
And the consensus node module 320 is configured to make the external node a trusted node in the federation chain system when the validity of the network access request is verified.
In some embodiments, the federation chain based remote attestation apparatus further includes a trusted node module including a trusted node in the federation chain system.
Any trusted node in the alliance chain system creates a transaction; wherein the transaction includes creating an AIK certificate of a trusted node of the transaction, creating component metric values of a current computing environment of the trusted node of the transaction, and transaction data; the trusted node for creating the transaction broadcasts the transaction in the coalition chain system; other nodes in the alliance chain system verify the format of the transaction and forward the transaction; the consensus node in the alliance chain system obtains the transaction and verifies the content of the transaction; if the verification is passed, the transaction is approved.
In some embodiments, consensus node module 320 comprises a consensus node in a federated chain system.
The consensus node verifies the validity of the attribute certificate provided by the external node and determines the issuer and the validity period of the attribute certificate; the consensus node verifies whether the attribute contained in the attribute certificate provided by the external node meets the network access requirement, wherein the attribute set of the network access requirement is required to be a subset of the attribute set in the attribute certificate; the consensus node verifies whether the attribute values of the respective attributes provided in the attribute certificate provided by the external node agree with the metric values provided by the external node.
Optionally, any consensus node in the coalition chain system creates an online transaction block; the network access transaction block comprises AIK certificates of the common node of the network access transaction block and measurement values of all components in the current computing environment of the common node of the network access transaction block; the consensus node for creating the network-access transaction block broadcasts in the network-access transaction block alliance chain system; the trusted node in the alliance chain system verifies the network access transaction block; if the verification is passed, receiving an online transaction block, and updating the local account book based on the online transaction block.
Optionally, the trusted node module is further configured to: verifying the format of the network access transaction block; verifying the identity of a consensus node creating an online transaction block; the integrity of the computing environment of the consensus node creating the online transaction block is verified.
In some embodiments, the attribute certificate application package includes an identification key, an AIK public key, an EK certificate, configuration information of each component of the computing environment, and metric values and metric storage logs thereof of the TPCM of the external node.
In some embodiments, the network access request further includes an AIK certificate, metrics of various components of the external node's current computing environment.
The invention also provides an electronic device, referring to fig. 4, fig. 4 is a schematic structural diagram of an embodiment of the electronic device of the invention. In this embodiment, the electronic device may include a memory 420, a processor 410, and a computer program stored on the memory 420 and executable on the processor 410. The processor 410, when executing the program, implements the federation chain-based remote attestation method provided by the methods described above.
Optionally, the electronic device may further comprise a communication bus 430 and a communication interface (Communications Interface) 440, wherein the processor 410, the communication interface 440, and the memory 420 complete communication with each other via the communication bus 430. The processor 410 may invoke logic instructions in the memory 420 to perform a federation chain based remote attestation method, the method comprising:
the external node sends an attribute certificate application package to a third party trusted authority; the external node receives an attribute certificate of a third-party trusted authority, wherein the attribute certificate is generated by the third-party trusted authority according to an attribute certificate application package; the external node sends a network access request to a consensus node in the alliance chain system, wherein the network access request comprises an attribute certificate; if the consensus node verifies that the network access request passes the validity, the external node becomes a trusted node in the alliance chain system.
Further, the logic instructions in the memory 420 described above may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention further provides a non-transitory computer readable storage medium, on which a computer program is stored, where the computer program is implemented when executed by a processor to perform the coalition chain based remote attestation method provided by the above methods, and the steps and principles of the method are described in detail in the above methods and are not repeated herein.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A federation chain-based remote attestation method, comprising:
the external node sends an attribute certificate application package to a third party trusted authority;
the external node receives an attribute certificate of the third-party trusted authority, wherein the attribute certificate is generated by the third-party trusted authority according to the attribute certificate application package;
the method comprises the steps that an external node sends a network access request to a consensus node in a alliance chain system, wherein the network access request comprises an attribute certificate;
and if the consensus node verifies that the network access request passes the validity, the external node becomes a trusted node in the alliance chain system.
2. The federation chain based remote attestation method of claim 1, wherein after the external node joins the federation chain system, further comprising:
any trusted node in the coalition chain system creates a transaction; wherein the transaction includes creating an AIK certificate of a trusted node of the transaction, the creating of the current computing environment component metric values of the trusted node of the transaction and the transaction data;
broadcasting the transaction in the alliance chain system by the trusted node for creating the transaction;
other nodes in the alliance chain system verify the format of the transaction and forward the transaction;
the consensus node in the alliance chain system obtains the transaction and verifies the content of the transaction; if the verification is passed, the transaction is approved.
3. The federation chain based remote attestation method of claim 1, wherein the external node becomes a trusted node in the federated chain system if the consensus node verifies that the web-access request and legitimacy pass, comprising:
the consensus node verifies the validity of the attribute certificate provided by the external node and determines the issuer and the validity period of the attribute certificate;
the consensus node verifies whether the attribute contained in the attribute certificate provided by the external node meets the network access requirement, wherein the attribute set of the network access requirement is required to be a subset of the attribute set in the attribute certificate;
the consensus node verifies whether the attribute values of the respective attributes provided in the attribute certificate provided by the external node are consistent with the metric values provided by the external node.
4. The federation chain based remote attestation method of claim 2, wherein after the external node joins the federation chain system, further comprising:
any common node in the alliance chain system creates an online transaction block; the network access transaction block comprises AIK certificates of the common node for creating the network access transaction block and measurement values of all components in the current computing environment of the common node for creating the network access transaction block;
broadcasting the network access transaction block in the alliance chain system by the common node for creating the network access transaction block;
the trusted node in the alliance chain system verifies the network access transaction block; and if the verification is passed, receiving the network access transaction block, and updating the local account book based on the network access transaction block.
5. The federation chain-based remote attestation method of claim 4, wherein the trusted node in the federation chain system verifies the online transaction block comprising:
the trusted node verifies the format of the network access transaction block;
the trusted node verifies the identity of the consensus node creating the network-access transaction block;
the trusted node verifies the integrity of the computing environment of the consensus node creating the online transaction block.
6. The federation chain-based remote attestation method of claim 1, wherein the attribute certificate application package includes an identification key, an AIK public key, an EK certificate, configuration information of various components of a computing environment, and metric values and metric storage logs thereof of the TPCM of the external node.
7. The federation chain-based remote attestation method of claim 1, wherein the networking request further includes AIK credentials, metrics of various components of the external node's current computing environment.
8. A coalition chain-based remote attestation apparatus, comprising:
the external node module is used for sending an attribute certificate application package to the third-party trusted authority; receiving an attribute certificate of the third-party trusted authority, wherein the attribute certificate is generated by the third-party trusted authority according to the attribute certificate application package and used for sending a network access request to a consensus node in a alliance chain system, and the network access request comprises the attribute certificate;
and the consensus node module is used for enabling the external node to be a trusted node in the alliance chain system when the passing of the validity of the network access request is verified.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the federation chain-based remote attestation method of any of claims 1-7 when the program is executed.
10. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the coalition chain based remote attestation method of any of claims 1 to 7.
CN202211617501.5A 2022-12-15 2022-12-15 Remote proving method, device, electronic equipment and storage medium based on alliance chain Pending CN116112215A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211617501.5A CN116112215A (en) 2022-12-15 2022-12-15 Remote proving method, device, electronic equipment and storage medium based on alliance chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211617501.5A CN116112215A (en) 2022-12-15 2022-12-15 Remote proving method, device, electronic equipment and storage medium based on alliance chain

Publications (1)

Publication Number Publication Date
CN116112215A true CN116112215A (en) 2023-05-12

Family

ID=86258889

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211617501.5A Pending CN116112215A (en) 2022-12-15 2022-12-15 Remote proving method, device, electronic equipment and storage medium based on alliance chain

Country Status (1)

Country Link
CN (1) CN116112215A (en)

Similar Documents

Publication Publication Date Title
US11842317B2 (en) Blockchain-based authentication and authorization
CN112214780B (en) Data processing method and device, intelligent equipment and storage medium
Yavari et al. An improved blockchain-based authentication protocol for IoT network management
CN112311735B (en) Credible authentication method, network equipment, system and storage medium
CN112671720B (en) Token construction method, device and equipment for cloud platform resource access control
CN110177124B (en) Identity authentication method based on block chain and related equipment
CN101262342A (en) Distributed authorization and validation method, device and system
CN112152778B (en) Node management method and device and electronic equipment
CN112448946B (en) Log auditing method and device based on block chain
Maganis et al. Opaak: using mobile phones to limit anonymous identities online
CN113676447A (en) Block chain-based scientific and technological service platform cross-domain identity authentication scheme
CN114760071B (en) Zero-knowledge proof based cross-domain digital certificate management method, system and medium
Addobea et al. Secure multi-factor access control mechanism for pairing blockchains
CN112422534B (en) Credit evaluation method and equipment for electronic certificate
Ahmed et al. Transparency of SIM profiles for the consumer remote SIM provisioning protocol
CN116112215A (en) Remote proving method, device, electronic equipment and storage medium based on alliance chain
Bao et al. BAP: A Blockchain-Assisted Privacy-Preserving Authentication Protocol With User-Controlled Data Linkability for VANETs
Zhou et al. Fair cloud auditing based on blockchain for resource-constrained IoT devices
CN111898112B (en) Intellectual property trading platform based on block chain technology
Karlsson et al. Vehicle Authentication with Threshold Signatures
Yavari et al. Research Article An Improved Blockchain-Based Authentication Protocol for IoT Network Management
CN114297607A (en) Identity authentication method and equipment
Turan et al. A Semi-decentralized PKI based on Blockchain with a Stake-based Reward-Punishment Mechanism
CN117829841A (en) Business transaction supervision method and device based on blockchain and electronic equipment
CN117375842A (en) Multi-stage platform certification method and device based on trusted management system and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination