CN116886312A - Cross-domain Internet of things identity authentication method and system based on blockchain - Google Patents

Cross-domain Internet of things identity authentication method and system based on blockchain Download PDF

Info

Publication number
CN116886312A
CN116886312A CN202310990708.5A CN202310990708A CN116886312A CN 116886312 A CN116886312 A CN 116886312A CN 202310990708 A CN202310990708 A CN 202310990708A CN 116886312 A CN116886312 A CN 116886312A
Authority
CN
China
Prior art keywords
internet
things
equipment
blockchain
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310990708.5A
Other languages
Chinese (zh)
Inventor
刘从军
卓文文
胡勇
薛峰
黄健荣
郭昌言
陈刚
刘绍成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Keda Huifeng Science And Technology Co ltd
Jiangsu University of Science and Technology
Original Assignee
Jiangsu Keda Huifeng Science And Technology Co ltd
Jiangsu University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Keda Huifeng Science And Technology Co ltd, Jiangsu University of Science and Technology filed Critical Jiangsu Keda Huifeng Science And Technology Co ltd
Priority to CN202310990708.5A priority Critical patent/CN116886312A/en
Publication of CN116886312A publication Critical patent/CN116886312A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The invention discloses a block chain-based cross-domain internet of things identity authentication method and system, wherein the method comprises the following steps: the internet of things device uploads the self identity identifier ID and the public key PK to the blockchain network for registration; the block chain link point creates a trusted domain D and determines a main device MD in the trusted domain D; the block chain link point determines slave equipment SD in a trusted domain D and issues a slave certificate to the slave equipment SD, and the slave certificate is recorded on a block in a block chain transaction form; and the No. 1 device sends a communication request to the No. 2 device, and after the communication request passes through the verification of the blockchain network, the public key PK during the registration of the device is used for decrypting the digital envelope, so that the identity authentication is completed. The method removes a centralized authority mechanism in the identity authentication process, avoids using hash value comparison to finish the identity authentication, meets the requirement of cross-domain authentication of the Internet of things equipment in a complex scene, improves the safety of the Internet of things equipment in the identity authentication process, and realizes safer Internet of things equipment identity authentication.

Description

Cross-domain Internet of things identity authentication method and system based on blockchain
Technical Field
The invention relates to an identity authentication technology, in particular to a block chain-based cross-domain internet of things identity authentication method and system.
Background
The authentication of the internet of things equipment refers to that when the internet of things equipment is accessed into the internet of things system, the equipment to be accessed needs to be subjected to identification so as to ensure the legality of the equipment. The identity authentication of the equipment of the Internet of things is the first step of the safety of the whole system of the Internet of things, for legal equipment, an identity authentication mechanism permits the equipment to be accessed into the system and interact with other equipment, and for illegal equipment, the identity authentication mechanism limits the equipment to be accessed into the system of the Internet of things so as to avoid potential safety hazards brought by the equipment.
Blockchain technology is a new technology, which merges various computer technologies, such as decentralization, point-to-point transmission, consensus mechanism, various cryptographic encryption algorithms and the like. Because the blockchain does not require mutual trust between the two parties, it can be used in many centralized or distributed systems. By utilizing the characteristics of the blockchain technology, various safety problems encountered in the development process of the Internet of things can be solved, technical advantages in the aspects of non-falsification, transparency, traceability and the like can be provided for the Internet of things, and then a safe and reliable Internet of things world is formed, so that effective safety and privacy guarantee are provided for a large amount of data exchange in the whole Internet of things world.
Wang Qiao A blockchain-based identity authentication method of the Internet of things is designed in a paper 'study on the identity authentication mechanism of the Internet of things equipment based on the blockchain technology', and a decentralised identity authentication system is realized by constructing a plurality of modules, but the method finally verifies identity and judges identity by comparing hash values, and a certain security hole exists in the method because of hash collision.
The closest prior art to the invention is patent application number 201910141547.6, namely, a blockchain-based method for authenticating the identity of the equipment of the Internet of things. The invention adopts the emerging blockchain technology to construct the identity authentication alliance blockchain applicable to the Internet of things equipment, stores the Internet of things equipment identification and the public key pair in the blockchain in the form of blockchain transaction in the registration stage, and authenticates the Internet of things equipment identification ID by using the public key PK during registration in the authentication stage. However, the security of the whole identity authentication process is not considered, namely, the two-way authentication is not achieved, and the method utilizes hash value comparison to complete the identity authentication, and because of hash collision, a certain security hole exists in the method, and meanwhile, the method cannot support multi-factor authentication, namely, cannot adapt to complex identity authentication scenes.
Disclosure of Invention
The invention aims to: the invention aims to provide a block chain-based cross-domain internet of things identity authentication method and system, so that the problems that hash collision exists in an existing block chain-based internet of things equipment authentication mechanism is solved, complex scene authentication is not met and the like are solved, and safer internet of things equipment identity authentication is realized.
The technical scheme is as follows: the invention discloses a block chain-based cross-domain internet of things identity authentication method, which comprises the following steps:
s1, the Internet of things equipment uploads an identity identifier ID and a public key PK to a blockchain network for registration, and records the blockchain network in a blockchain transaction form;
s2, creating a trusted domain D by the block chain link points, recording on the block in a block chain transaction form, and determining a main device MD in the trusted domain D, wherein a main device identifier is MDID;
s3, determining slave equipment SD in the trusted domain D by the block chain link point, wherein the identifier is SDID, issuing a slave certificate to the slave equipment SD, and recording the slave equipment SD on the block in a block chain transaction mode;
s4, the No. 1 device sends a communication request to the No. 2 device, after the communication request passes through the verification of the blockchain network, the public key PK during the registration of the device is utilized to decrypt the digital envelope so as to avoid hash collision, and therefore identity authentication is completed.
The step S1 specifically comprises the following steps:
the Internet of things device generates a public key PK by using a private key of the Internet of things device, and sends a device identifier ID and the public key PK to a corresponding blockchain node to carry out a registration request;
the corresponding block chain link point inquires whether a transaction block related to the equipment identifier ID exists in the block chain network according to the equipment identifier ID, and if the transaction block does not exist, the transaction block is requested;
after the request has been passed through the device, the block link point generates a transaction block in the form of < ID PK REG T1>, and consensus is made that the REG represents a registration flag;
and the corresponding blockchain node returns a message of successful registration to the Internet of things equipment.
The step S2 specifically comprises the following steps:
the corresponding block link point inquires whether a transaction block related to the trusted domain identifier TDID exists in the block chain network according to the trusted domain identifier TDID, and if not, a trusted domain D is created;
the corresponding block link point generates a transaction block in the form of < TDID CRE T2>, and consensus is carried out, wherein the CRE represents a generation mark;
after the trusted domain D is successfully created, the corresponding blockchain node selects two pieces of internet of things equipment which have completed registration and are not revoked from the blockchain network as main equipment MD in the trusted domain D, wherein one piece of equipment is used as a standby.
The step S3 specifically comprises the following steps:
the corresponding block link point determines other registered devices except the master device in the block chain network as slave devices SD;
the corresponding block chain link point inquires whether a transaction block related to the < TDID, SDID > exists in the block chain network through a trusted domain identifier TDID and a slave device identifier SDID, and if the transaction block related to the < TDID, SDID > exists in the block chain network, a slave certificate is issued to the slave device;
the corresponding block link point generates a link point with < TDID| | a transaction block in the form of SDID suid T3, and consensus is made that the SUBD represents a slave flag.
The step S4 includes the following sub-steps:
s400, the No. 1 device sends a communication request encrypted by a No. 1 device private key to the No. 2 device, wherein the communication request comprises a subordinate credential and a time stamp T;
s401, the corresponding blockchain node receives a communication request sent by No. 1 equipment, and signature verification is carried out by using a No. 1 equipment public key PK 1; if the verification fails, error information is sent to the No. 1 device; if the verification is passed, continuing to verify the subordinate credential, and checking the validity and effectiveness of the subordinate credential;
s402, the corresponding block chain link points further verify the subordinate certificates, and the legitimacy and the validity of the subordinate certificates are checked; if the verification fails, error information is sent to the No. 1 device; if the verification is passed, a digital envelope encrypted by a private key of the No. 2 device is sent to the No. 1 device, and the digital envelope contains a password K1;
s403, after receiving the digital envelope, the No. 1 device decrypts the digital envelope by using the No. 2 device public key PK2 to obtain a password K1, encrypts the password K1 by using a private key, returns the password K1 to the No. 2 device, decrypts the digital envelope by using the No. 1 device public key PK1 after receiving the information, and compares the password K1 with the password K2; if the authentication information is different, the authentication fails, and error information is sent to the No. 1 equipment; if the identity authentication is the same, the identity authentication is passed;
the password is a machine password and is expressed as a random number.
The slave credential contains a Trusted Domain Identifier (TDID), a Slave Device Identifier (SDID), a validity period (Time) and a master device signature (Sign); each subordinate credential is valid only for a period of time beyond which a new subordinate credential must be reissued.
The two main devices have a self-detection function, one of the main devices is used as a backup, and when the main device in operation fails, the main device is replaced by the backup main device; one or more slave devices are arranged, and each slave device is peer-to-peer in the whole internet of things system.
The Trusted Domain Identifier (TDID) is unique; the Master Device Identifier (MDID) is unique; the Slave Device Identifier (SDID) is unique.
The blockchain is a private blockchain; the blockchain node is a host or a server.
The algorithms used in the steps S1, S2, S3 and S4 in the content related to signature and encryption comprise one or more of RSA algorithm, DSA algorithm and elliptic curve digital signature algorithm ECDSA.
The device identifier ID contains an identity which can uniquely represent the device, and comprises a hardware factory internal standard, a TF card, a SIM card and a MAC address of the device.
Once the internet of things equipment and the trusted domain are logged off, the internet of things equipment and the trusted domain are defaulted to be illegal and are required to be manually processed in order to be used again.
The specific steps of logging out the Internet of things equipment are as follows:
the Internet of things equipment sends a cancellation request to the blockchain network, the corresponding blockchain node authenticates the Internet of things equipment, if the authentication is passed, the cancellation request is passed, otherwise, the cancellation request is refused;
after the logout request passes, the corresponding block chain link point generates a transaction block in the form of < TDID I D I REV I T4> and performs consensus, wherein REV represents a logout mark;
the corresponding block chain node returns a logout request passing message to the Internet of things equipment;
the specific steps of the trusted domain logout are as follows:
the block chain node decides to cancel a certain trusted domain and sends a cancellation instruction to a block chain network;
the corresponding block link point generates a transaction block in the form of < TDID REV T5>, and consensus is performed.
A block chain-based cross-domain Internet of things identity authentication system comprises the following modules:
and a device registration module: the method comprises the steps that the Internet of things equipment uploads an identity Identifier (ID) and a Public Key (PK) to the blockchain network for registration;
a trusted domain generation module: the method comprises the steps of creating a trusted domain for the block link points, and determining a master device and a slave device in the trusted domain;
and a device identification module: the slave certificate is used for checking the equipment by the block chain link point, and verifying whether the equipment is a trusted equipment or not;
and a device authentication module: the method is used for strengthening authentication between the equipment of the Internet of things, and is used for meeting the requirements of complex scenes and avoiding hash collision;
and (3) a cancellation module: the method is used for logging out the Internet of things equipment and the trusted domain.
A computer storage medium having stored thereon a computer program which when executed by a processor implements a blockchain-based cross-domain internet of things identity authentication method as described above.
A computer device comprises a storage, a processor and a computer program stored on the storage and capable of running on the processor, wherein the processor realizes the block chain-based cross-domain internet of things identity authentication method when executing the computer program.
The beneficial effects are that: compared with the prior art, the invention has the following advantages:
1. according to the invention, an authentication method which is consistently adopted in the process of completing the identity authentication of the Internet of things equipment based on the blockchain is abandoned, namely hash value comparison is easy to generate hash collision, so that the system becomes unsafe.
2. According to the invention, the trusted domain is created, the associated credentials are issued to other Internet of things devices in the local domain, all illegal devices outside the domain are isolated, an authentication mechanism is designed based on a blockchain link encryption algorithm, and multi-factor authentication is supported, so that the system is safer and more practical, and the identity authentication of a complex scene can be satisfied.
3. According to the method, a large number of account numbers and passwords do not need to be stored online, the device identifier ID and the public key PK are uploaded to the blockchain node when the Internet of things device is registered, and only the private key of the Internet of things device is needed to be stored, so that the method has lower cost requirements on the Internet of things device.
Drawings
FIG. 1 is a flow chart of the steps of the method of the present invention;
FIG. 2 is a block chain transaction data structure diagram according to the present invention;
FIG. 3 is a flow chart of the registration phase in the present invention;
FIG. 4 is a flow chart of trusted domain creation in the present invention;
FIG. 5 is a flow chart of the association phase in the present invention;
FIG. 6 is a flow chart of an authentication phase in the present invention;
FIG. 7 is a flowchart of a logout phase of the present invention;
FIG. 8 is a diagram of a slave credential architecture in accordance with the present invention;
fig. 9 is a system architecture diagram of the system of the present invention.
Detailed Description
The technical scheme of the invention is further described below with reference to the accompanying drawings.
A block chain-based cross-domain Internet of things identity authentication method and system comprise the following steps:
an initialization stage: selecting a plurality of block chain link points to build a block chain network;
registration: the internet of things device uploads the self identity identifier ID and the public key PK to the blockchain network for registration;
trusted domain creation phase: creating a trusted domain D by the block chain link point, and determining a main device MD in the trusted domain D;
and (3) an association stage: the block chain link point determines a slave device SD in the trusted domain D and issues a slave credential to the slave device SD;
authentication: two devices or more devices are communicated, and the blockchain node performs identity authentication on the two devices or more devices through an authentication mechanism designed by the invention;
a logout stage: the internet of things equipment or the trusted domain has a certain fault, so that the operation needs to be stopped, namely, a logout request is sent to the block link point.
As shown in fig. 1, a blockchain-based cross-domain internet of things identity authentication method includes the following steps:
s1, the Internet of things equipment uploads an identity identifier ID and a public key PK to a blockchain network for registration, and records the blockchain network in a blockchain transaction form;
s2, creating a trusted domain D by the block chain link points, recording on the block in a block chain transaction form, and determining a main device MD in the trusted domain D, wherein a main device identifier is MDID;
s3, determining slave equipment SD in the trusted domain D by the block chain link point, wherein the identifier is SDID, issuing a slave certificate to the slave equipment SD, and recording the slave equipment SD on the block in a block chain transaction mode;
s4, the No. 1 device sends a communication request to the No. 2 device, after the communication request passes through the verification of the blockchain network, the public key PK during the registration of the device is utilized to decrypt the digital envelope so as to avoid hash collision, and therefore identity authentication is completed.
FIG. 2 is a block chain transaction data structure diagram according to the present invention. SEQ represents a transaction sequence; the ID represents an unique identifier of the Internet of things device or the trusted domain; PK represents the public key of an internet of things device or a trusted domain, wherein the public key of the trusted domain is the public key of the master device in that domain; OP represents the operation of the blockchain node on the internet of things device or trusted domain, and is divided into a registration operator (REG), a generation operator (CRE), a slave operator (sudd), and a revocation operator (REV).
Fig. 3 is a flowchart of a registration phase in the present invention, and the step S1 specifically includes:
the Internet of things device generates a public key PK by using a private key of the Internet of things device, and sends a device identifier ID and the public key PK to a corresponding blockchain node to carry out a registration request;
the corresponding block chain link point inquires whether a transaction block related to the equipment identifier ID exists in the block chain network according to the equipment identifier ID, and if the transaction block does not exist, the transaction block is requested;
after the request has been passed through the device, the block link point generates a transaction block in the form of < ID PK REG T1>, and consensus is made that the REG represents a registration flag;
and the corresponding blockchain node returns a message of successful registration to the Internet of things equipment.
Fig. 4 is a flow chart of trusted domain creation in the present invention, and the step S2 specifically includes:
the corresponding block link point inquires whether a transaction block related to the trusted domain identifier TDID exists in the block chain network according to the trusted domain identifier TDID, and if not, a trusted domain D is created;
the corresponding block link point generates a transaction block in the form of < TDID CRE T2>, and consensus is carried out, wherein the CRE represents a generation mark;
after the trusted domain D is successfully created, the corresponding blockchain node selects two pieces of internet of things equipment which have completed registration and are not revoked from the blockchain network as main equipment MD in the trusted domain D, wherein one piece of equipment is used as a standby.
Fig. 5 is a flowchart of the association phase in the present invention, and the step S3 specifically includes:
the corresponding block link point determines other registered devices except the master device in the block chain network as slave devices SD;
the corresponding block chain link point inquires whether a transaction block related to the < TDID, SDID > exists in the block chain network through a trusted domain identifier TDID and a slave device identifier SDID, and if the transaction block related to the < TDID, SDID > exists in the block chain network, a slave certificate is issued to the slave device;
the corresponding block link point generates a link point with < TDID| | a transaction block in the form of SDID suid T3, and consensus is made that the SUBD represents a slave flag.
Fig. 6 is a flowchart of the authentication phase in the present invention, and the step S4 includes the following sub-steps:
s400, the No. 1 device sends a communication request encrypted by a No. 1 device private key to the No. 2 device, wherein the communication request comprises a subordinate credential and a time stamp T;
s401, the corresponding blockchain node receives a communication request sent by No. 1 equipment, and signature verification is carried out by using a No. 1 equipment public key PK 1; if the verification fails, error information is sent to the No. 1 device; if the verification is passed, continuing to verify the subordinate credential, and checking the validity and effectiveness of the subordinate credential;
s402, the corresponding block chain link points further verify the subordinate certificates, and the legitimacy and the validity of the subordinate certificates are checked; if the verification fails, error information is sent to the No. 1 device; if the verification is passed, a digital envelope encrypted by a private key of the No. 2 device is sent to the No. 1 device, and the digital envelope contains a password K1;
s403, after receiving the digital envelope, the No. 1 device decrypts the digital envelope by using the No. 2 device public key PK2 to obtain a password K1, encrypts the password K1 by using a private key, returns the password K1 to the No. 2 device, decrypts the digital envelope by using the No. 1 device public key PK1 after receiving the information, and compares the password K1 with the password K2; if the authentication information is different, the authentication fails, and error information is sent to the No. 1 equipment; if the identity authentication is the same, the identity authentication is passed.
The password is a machine password and is expressed as a random number.
FIG. 8 is a block diagram of a slave credential in accordance with the present invention. The slave credential contains a Trusted Domain Identifier (TDID), a Slave Device Identifier (SDID), a validity period (Time) and a master device signature (Sign); each subordinate credential is valid only for a period of time beyond which a new subordinate credential must be reissued.
The two main devices have a self-detection function, one of the main devices is used as a backup, and when the main device in operation fails, the main device is replaced by the backup main device; one or more slave devices are arranged, and each slave device is peer-to-peer in the whole internet of things system.
The Trusted Domain Identifier (TDID) is unique; the Master Device Identifier (MDID) is unique; the Slave Device Identifier (SDID) is unique.
The blockchain is a private blockchain; the blockchain node is a host or a server.
The algorithms used in the steps S1, S2, S3 and S4 in the content related to signature and encryption comprise one or more of RSA algorithm, DSA algorithm and elliptic curve digital signature algorithm ECDSA.
The device identifier ID contains an identity which can uniquely represent the device, and comprises a hardware factory internal standard, a TF card, a SIM card and a MAC address of the device.
Fig. 7 is a flowchart of a logout phase in the present invention, including an internet of things device logout and a trusted domain logout. Once the internet of things equipment and the trusted domain are logged off, the internet of things equipment and the trusted domain are defaulted to be illegal and are required to be manually processed in order to be used again.
The specific steps of logging out the Internet of things equipment are as follows:
the Internet of things equipment sends a cancellation request to the blockchain network, the corresponding blockchain node authenticates the Internet of things equipment, if the authentication is passed, the cancellation request is passed, otherwise, the cancellation request is refused;
after the logout request passes, the corresponding block chain link point generates a transaction block in the form of < TDID I D I REV I T4> and performs consensus, wherein REV represents a logout mark;
the corresponding block chain node returns a logout request passing message to the Internet of things equipment;
the specific steps of the trusted domain logout are as follows:
the block chain node decides to cancel a certain trusted domain and sends a cancellation instruction to a block chain network;
the corresponding block link point generates a transaction block in the form of < TDID REV T5>, and consensus is performed.
As shown in fig. 9, a blockchain-based cross-domain internet of things identity authentication system includes the following modules:
and a device registration module: the method comprises the steps that the Internet of things equipment uploads an identity Identifier (ID) and a Public Key (PK) to the blockchain network for registration;
a trusted domain generation module: the method comprises the steps of creating a trusted domain for the block link points, and determining a master device and a slave device in the trusted domain;
and a device identification module: the slave certificate is used for checking the equipment by the block chain link point, and verifying whether the equipment is a trusted equipment or not;
and a device authentication module: the method is used for strengthening authentication between the equipment of the Internet of things, and is used for meeting the requirements of complex scenes and avoiding hash collision;
and (3) a cancellation module: the method is used for logging out the Internet of things equipment and the trusted domain.
Examples:
the identity authentication method of the cross-domain internet of things based on the blockchain is applied to a multi-intelligent-device automatic interaction scene, such as a container transportation scene of port logistics, and comprises the following specific steps:
the blockchain network is built through a plurality of servers or hosts and serves as a blockchain node.
The cargo ship a, the container B and the port C all upload their own device identifiers ID and public keys PK to the blockchain network, requesting registration.
After registration passes, the blockchain node creates a trusted domain D and determines the master, backup master and slave in the domain, and the blockchain node issues a slave credential to the slave in the domain. In this example, cargo ship a is determined to be the master device MD in the trusted domain, and container B and port C are determined to be the slave devices SD in the trusted domain.
The cargo ship A carries the container B to reach the port C, the container B sends a communication request to the port C, after the block chain link point authentication is passed, the port C encrypts the password K1 by using the private key of the port C and returns the password K1 to the container B, the container B decrypts by using the public key of the port C to obtain the password K1, then the password K1 is encrypted by using the private key of the container B and returns the password K1 to the port C, and the port C decrypts by using the public key of the container B to obtain the password K2 and compares the password K1 with the password K2. If the two types of information are equal, the authentication is passed, and the communication is allowed; if the authentication is not equal, the authentication fails, and an error message is sent to the container B.
The identity authentication is passed, the container B communicates with the port C, and the container B determines whether the container B needs to be transported to the port C by communicating with the port C. If so, automatically applying for launching; if not, it remains on the cargo ship A.
In the embodiment, the cargo ship A is driven to the port C and then driven to leave by carrying the container B, the whole process does not need the intervention of a third party, a series of operations of loading and unloading the container on the ship and the like can be independently completed, the full-automatic intellectualization of port logistics is realized, and the full-automatic intelligent cargo ship is safer and more efficient.

Claims (11)

1. The block chain-based cross-domain internet of things identity authentication method is characterized by comprising the following steps of:
s1, the Internet of things equipment uploads an identity identifier ID and a public key PK to a blockchain network for registration, and records the blockchain network in a blockchain transaction form;
s2, creating a trusted domain D by the block chain link points, recording on the block in a block chain transaction form, and determining a main device MD in the trusted domain D, wherein a main device identifier is MDID;
s3, determining slave equipment SD in the trusted domain D by the block chain link point, wherein the identifier is SDID, issuing a slave certificate to the slave equipment SD, and recording the slave equipment SD on the block in a block chain transaction mode;
s4, the No. 1 device sends a communication request to the No. 2 device, after the communication request passes through the verification of the blockchain network, the public key PK during the registration of the device is utilized to decrypt the digital envelope so as to avoid hash collision, and therefore identity authentication is completed.
2. The blockchain-based cross-domain internet of things identity authentication method according to claim 1, wherein the step S1 is specifically:
the Internet of things device generates a public key PK by using a private key of the Internet of things device, and sends a device identifier ID and the public key PK to a corresponding blockchain node to carry out a registration request;
the corresponding block chain link point inquires whether a transaction block related to the equipment identifier ID exists in the block chain network according to the equipment identifier ID, and if the transaction block does not exist, the transaction block is requested;
after the request has been passed through the device, the block link point generates a transaction block in the form of < ID PK REG T1>, and consensus is made that the REG represents a registration flag;
and the corresponding blockchain node returns a message of successful registration to the Internet of things equipment.
3. The blockchain-based cross-domain internet of things identity authentication method according to claim 1, wherein the step S2 is specifically:
the corresponding block link point inquires whether a transaction block related to the trusted domain identifier TDID exists in the block chain network according to the trusted domain identifier TDID, and if not, a trusted domain D is created;
the corresponding block link point generates a transaction block in the form of < TDID CRE T2>, and consensus is carried out, wherein the CRE represents a generation mark;
after the trusted domain D is successfully created, the corresponding blockchain node selects two pieces of internet of things equipment which have completed registration and are not revoked from the blockchain network as main equipment MD in the trusted domain D, wherein one piece of equipment is used as a standby.
4. The blockchain-based cross-domain internet of things identity authentication method according to claim 1, wherein the step S3 is specifically:
the corresponding block link point determines other registered devices except the master device in the block chain network as slave devices SD;
the corresponding block chain link point inquires whether a transaction block related to the < TDID, SDID > exists in the block chain network through a trusted domain identifier TDID and a slave device identifier SDID, and if the transaction block related to the < TDID, SDID > exists in the block chain network, a slave certificate is issued to the slave device;
the corresponding block link point generates a link point with < TDID| | a transaction block in the form of SDID suid T3, and consensus is made that the SUBD represents a slave flag.
5. The blockchain-based cross-domain internet of things identity authentication method according to claim 1, wherein the step S4 comprises the following sub-steps:
s400, the No. 1 device sends a communication request encrypted by a No. 1 device private key to the No. 2 device, wherein the communication request comprises a subordinate credential and a time stamp T;
s401, the corresponding blockchain node receives a communication request sent by No. 1 equipment, and signature verification is carried out by using a No. 1 equipment public key PK 1; if the verification fails, error information is sent to the No. 1 device; if the verification is passed, continuing to verify the subordinate credential, and checking the validity and effectiveness of the subordinate credential;
s402, the corresponding block chain link points further verify the subordinate certificates, and the legitimacy and the validity of the subordinate certificates are checked; if the verification fails, error information is sent to the No. 1 device; if the verification is passed, a digital envelope encrypted by a private key of the No. 2 device is sent to the No. 1 device, and the digital envelope contains a password K1;
s403, after receiving the digital envelope, the No. 1 device decrypts the digital envelope by using the No. 2 device public key PK2 to obtain a password K1, encrypts the password K1 by using a private key, returns the password K1 to the No. 2 device, decrypts the digital envelope by using the No. 1 device public key PK1 after receiving the information, and compares the password K1 with the password K2; if the authentication information is different, the authentication fails, and error information is sent to the No. 1 equipment; if the identity authentication is the same, the identity authentication is passed;
the password is a machine password and is expressed as a random number.
6. The blockchain-based cross-domain internet of things identity authentication method of claim 1, wherein the slave credential comprises a trusted domain identifier, a slave device identifier, a validity period and a master device signature; each subordinate credential is valid only for a period of time, and a new subordinate credential must be reissued beyond the date;
the two main devices have a self-detection function, one of the main devices is used as a backup, and when the main device in operation fails, the main device is replaced by the backup main device; one or more slave devices are arranged, and each slave device is peer-to-peer in the whole internet of things system;
the blockchain is a private blockchain; the blockchain node is a host or a server.
7. The blockchain-based cross-domain internet of things identity authentication method according to claim 2, wherein the device identifier ID comprises an identity capable of uniquely representing the device, including a hardware factory internal standard, a TF card, a SIM card, and a MAC address of the device.
8. The blockchain-based cross-domain internet of things identity authentication method according to claim 1, wherein once the internet of things equipment and the trusted domain are logged off, the internet of things equipment and the trusted domain are defaulted to be illegal and are required to be manually processed in order to be used again;
the specific steps of logging out the Internet of things equipment are as follows:
the Internet of things equipment sends a cancellation request to the blockchain network, the corresponding blockchain node authenticates the Internet of things equipment, if the authentication is passed, the cancellation request is passed, otherwise, the cancellation request is refused;
after the logout request passes, the corresponding block chain link point generates a transaction block in the form of < TDID I D I REV I T4> and performs consensus, wherein REV represents a logout mark;
the corresponding block chain node returns a logout request passing message to the Internet of things equipment;
the specific steps of the trusted domain logout are as follows:
the block chain node decides to cancel a certain trusted domain and sends a cancellation instruction to a block chain network;
the corresponding block link point generates a transaction block in the form of < TDID REV T5>, and consensus is performed.
9. The block chain-based cross-domain internet of things identity authentication system is characterized by comprising the following modules:
and a device registration module: the method comprises the steps that the Internet of things equipment uploads an identity Identifier (ID) and a Public Key (PK) to the blockchain network for registration;
a trusted domain generation module: the method comprises the steps of creating a trusted domain for the block link points, and determining a master device and a slave device in the trusted domain;
and a device identification module: the slave certificate is used for checking the equipment by the block chain link point, and verifying whether the equipment is a trusted equipment or not;
and a device authentication module: the method is used for strengthening authentication between the equipment of the Internet of things, and is used for meeting the requirements of complex scenes and avoiding hash collision;
and (3) a cancellation module: the method is used for logging out the Internet of things equipment and the trusted domain.
10. A computer storage medium having stored thereon a computer program which when executed by a processor implements a blockchain-based cross-domain internet of things identity authentication method as claimed in any of claims 1 to 8.
11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements a blockchain-based cross-domain internet of things identity authentication method as claimed in any of claims 1-8 when the computer program is executed by the processor.
CN202310990708.5A 2023-08-07 2023-08-07 Cross-domain Internet of things identity authentication method and system based on blockchain Pending CN116886312A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310990708.5A CN116886312A (en) 2023-08-07 2023-08-07 Cross-domain Internet of things identity authentication method and system based on blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310990708.5A CN116886312A (en) 2023-08-07 2023-08-07 Cross-domain Internet of things identity authentication method and system based on blockchain

Publications (1)

Publication Number Publication Date
CN116886312A true CN116886312A (en) 2023-10-13

Family

ID=88264574

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310990708.5A Pending CN116886312A (en) 2023-08-07 2023-08-07 Cross-domain Internet of things identity authentication method and system based on blockchain

Country Status (1)

Country Link
CN (1) CN116886312A (en)

Similar Documents

Publication Publication Date Title
JP7280396B2 (en) Secure provisioning and management of equipment
US10979419B2 (en) System and method of device identification for enrollment and registration of a connected endpoint device, and blockchain service
US10657261B2 (en) System and method for recording device lifecycle transactions as versioned blocks in a blockchain network using a transaction connector and broker service
US11456879B2 (en) Secure processing of an authorization verification request
US9832026B2 (en) System and method from Internet of Things (IoT) security and management
US9716595B1 (en) System and method for internet of things (IOT) security and management
JP6684930B2 (en) Blockchain-based identity authentication method, device, node and system
US8392702B2 (en) Token-based management system for PKI personalization process
CN107784223B (en) Computer arrangement for transmitting a certificate to an instrument in a device
CN111201762B (en) Method for securely replacing a first manufacturer certificate that has been introduced into a device
US20090240941A1 (en) Method and apparatus for authenticating device in multi domain home network environment
US10375058B2 (en) Secure efficient registration of industrial intelligent electronic devices
CN107925573B (en) Method and apparatus for providing secure communication between constrained devices
US20180270052A1 (en) Cryptographic key distribution
WO2008111494A1 (en) Method, apparatus and system for distributed delegation and verification
WO2008002081A1 (en) Method and apparatus for authenticating device in multi domain home network environment
CN110771087B (en) Private key update
CN116828451A (en) Block chain-based network connection motorcade identity authentication method, device and medium
CN102882882B (en) A kind of user resources authorization method
CN116886312A (en) Cross-domain Internet of things identity authentication method and system based on blockchain
US20220394028A1 (en) Flexible authentication service for iot devices accommodating non-ip environments
US20230308266A1 (en) Method and System for Onboarding an IOT Device
US20220182244A1 (en) Method for Issuing a Cryptographically Protected Certificate of Authenticity for a User
Lim et al. A V2X Access Authorization Mechanism based on Decentralized ID (DID) and Verifiable Credentials (VC)
US20220158852A1 (en) Providing a Proof of Origin for a Digital Key Pair

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination