CN117914558A

CN117914558A - Internet of things equipment trusted control method and system, electronic equipment and storage medium

Info

Publication number: CN117914558A
Application number: CN202311841295.0A
Authority: CN
Inventors: 邓泽众; 王文凯; 连国妃; 占琦; 朱承兴; 林明煜
Original assignee: Tianyi IoT Technology Co Ltd
Current assignee: Tianyi IoT Technology Co Ltd
Priority date: 2023-12-28
Filing date: 2023-12-28
Publication date: 2024-04-19

Abstract

The application discloses a method, a system, electronic equipment and a storage medium for controlling the credibility of Internet of things equipment, wherein the method comprises the following steps: acquiring control instruction data through a cloud server; constructing a first instruction block according to the control instruction data; when the first instruction block is determined to be constructed, sending a device control instruction to an edge gateway through the cloud server; wherein, the edge gateway stores first block information of a second instruction block, and the second instruction block comprises a block before the first instruction block; checking according to the equipment control instruction and the first block information to obtain a checking result; and when the verification result is determined to be verification passing, executing the equipment control instruction through the edge gateway so as to control the Internet of things equipment. The embodiment of the application can realize the trusted control of the Internet of things equipment and effectively improve the control safety and reliability of the Internet of things equipment. The method and the device can be widely applied to the technical field of the Internet of things.

Description

Internet of things equipment trusted control method and system, electronic equipment and storage medium

Technical Field

The application relates to the technical field of the internet of things, in particular to an internet of things equipment credible control method, an internet of things equipment credible control system, electronic equipment and a storage medium.

Background

In related art, the internet of things (Internet of Thing, ioT) is a technology that connects various types of physical devices through a network so that they can collect and exchange data. Along with the progress of science and technology, the application of the internet of things is more and more extensive, and the application has profound effects on the fields of industry, resident life, medical treatment, urban planning and the like. At present, most of the control safety of the Internet of things equipment depends on the safety of the upstream cloud service, and the control safety of the Internet of things equipment is easy to be illegally attacked, so that the Internet of things equipment is illegally controlled, and the safety guarantee of the Internet of things equipment is difficult to be guaranteed.

In summary, the technical problems in the related art are to be improved.

Disclosure of Invention

The embodiment of the application mainly aims to provide a method, a system, electronic equipment and a storage medium for controlling the credibility of the Internet of things equipment, which can realize the credibility control of the Internet of things equipment and effectively improve the control safety and reliability of the Internet of things equipment.

In order to achieve the above object, an aspect of an embodiment of the present application provides a trusted control method for an internet of things device, where the method includes:

acquiring control instruction data through a cloud server;

Constructing a first instruction block according to the control instruction data;

When the first instruction block is determined to be constructed, sending a device control instruction to an edge gateway through the cloud server; wherein, the edge gateway stores first block information of a second instruction block, and the second instruction block comprises a block before the first instruction block;

checking according to the equipment control instruction and the first block information to obtain a checking result;

and when the verification result is determined to be verification passing, executing the equipment control instruction through the edge gateway so as to control the Internet of things equipment.

In some embodiments, the constructing a first instruction block according to the control instruction data includes:

checking and calculating through a workload proving mechanism according to the control instruction data, the first block information and the block time stamp to obtain instruction block data; wherein the block timestamp comprises timestamp data constructed by the first instruction block;

and constructing and obtaining the first instruction block according to the instruction block data.

In some embodiments, the verifying calculation is performed by a workload certification mechanism according to the control instruction data, the first block information and the block time stamp to obtain instruction block data, including:

Converting the control instruction data, the first block information and the block time stamp into a preset byte array to obtain a first input data sequence; wherein the first block information includes a first hash value of the second instruction block;

connecting the first input data sequence with a block random number to obtain a second input data sequence;

Performing hash calculation on the second input data sequence to obtain a second hash value;

when the second hash value is determined to meet the preset target requirement, obtaining the instruction block data; wherein the instruction block data includes the second hash value and the block random number.

In some embodiments, the device control instructions include instruction information, the block timestamp, and the block nonce;

the checking according to the equipment control instruction and the first block information to obtain a checking result comprises the following steps:

binary connection is carried out on the instruction information, the block time stamp, the block random number and the first block information to obtain connection data;

Carrying out hash calculation according to the connection data to obtain a third hash value;

Checking the third hash value according to the preset target requirement to obtain the checking result; wherein the verification result comprises the verification passing or verification failing.

In some embodiments, before executing the obtaining, by the cloud server, control instruction data, the method further includes:

When the cloud service end is determined to be accessed to the edge gateway, an origin block is constructed to initialize a block chain corresponding to the edge gateway;

and performing verification calculation through a workload certification mechanism to obtain third block information of the origin block.

In some embodiments, after performing the step of performing the verification calculation by the workload certification mechanism to obtain the third block information of the origin block, the method further comprises:

Importing the third block information to the edge gateway through a preset storage device;

Or importing the third block information to the edge gateway through the cloud server.

In some embodiments, after performing the step of executing the device control instruction by the edge gateway to control the internet of things device when the verification result is determined to be that verification passes, the method further includes:

storing second block information of the first instruction block to the edge gateway;

and updating the first block information stored in the edge gateway through the second block information.

To achieve the above object, another aspect of the embodiments of the present application provides a trusted control system for an internet of things device, where the system includes:

the first module is used for acquiring control instruction data through the cloud server;

the second module is used for constructing a first instruction block according to the control instruction data;

A third module, configured to send, when it is determined that the first instruction block is constructed, an equipment control instruction to an edge gateway through the cloud server; wherein, the edge gateway stores first block information of a second instruction block, and the second instruction block comprises a block before the first instruction block;

a fourth module, configured to perform verification according to the device control instruction and the first block information, to obtain a verification result;

and a fifth module, configured to execute the device control instruction through the edge gateway to control the internet of things device when the verification result is determined to be that the verification is passed.

To achieve the above object, another aspect of an embodiment of the present application provides an electronic device, including:

At least one processor;

At least one memory for storing at least one program;

The at least one program, when executed by the at least one processor, causes the at least one processor to implement the method described above.

To achieve the above object, another aspect of the embodiments of the present application proposes a computer-readable storage medium storing a computer program which, when executed by a processor, implements the above-mentioned method.

The embodiment of the application at least comprises the following beneficial effects: the application provides a method, a system, electronic equipment and a storage medium for controlling the credibility of Internet of things equipment. And then, when the first instruction block is determined to be constructed, sending a device control instruction to the edge gateway through the cloud server so as to verify according to the device control instruction and the first block information, and obtaining a verification result. In the embodiment of the application, the edge gateway stores first block information of a second instruction block, and the second instruction block comprises a block before the first instruction block. And finally, when the verification result is determined to be that the verification passes, executing a device control instruction through the edge gateway, and further controlling the Internet of things device, so that the credible control of the Internet of things device can be realized, and the control safety and reliability of the Internet of things device are effectively improved. It is easy to understand that in the embodiment of the application, the integrity and the legality of the related instruction can be checked by constructing the instruction block and checking according to the equipment control instruction and the corresponding first block information, and then after the checking is passed, the equipment control instruction is executed through the edge gateway, so that the control safety and the control reliability of the equipment of the internet of things are effectively improved.

Drawings

Fig. 1 is a schematic diagram of a model of a man-in-the-middle attack control device according to an embodiment of the present application;

Fig. 2 is a schematic diagram of a model of a DNS pollution attack control device according to an embodiment of the present application;

Fig. 3 is a flowchart of an internet of things device trusted control method provided by an embodiment of the present application;

Fig. 4 is a schematic diagram of a model of trusted control of an internet of things device according to an embodiment of the present application;

FIG. 5 is a flowchart illustrating steps performed in constructing a first instruction block according to control instruction data according to an embodiment of the present application;

FIG. 6 is a flowchart illustrating steps for performing verification calculation according to the control instruction data, the first block information and the block time stamp according to the embodiment of the present application by using a workload certification mechanism to obtain instruction block data;

FIG. 7 is a flowchart illustrating steps for performing verification according to a device control command and first block information to obtain a verification result according to an embodiment of the present application;

FIG. 8 is a flowchart illustrating an exemplary process for initializing a blockchain;

Fig. 9 is a flowchart illustrating a step of importing third block information into an edge gateway according to an embodiment of the present application;

Fig. 10 is a flowchart illustrating a step of updating block information stored in an edge gateway according to an embodiment of the present application;

fig. 11 is a timing sequence flow diagram of a trusted control method of an internet of things device according to an embodiment of the present application;

Fig. 12 is a flowchart illustrating an iterative operation step of a cloud service issuing a device control instruction to a gateway according to an embodiment of the present application;

Fig. 13 is a schematic structural diagram of an internet of things device trusted control system provided by an embodiment of the present application;

fig. 14 is a schematic hardware structure of an electronic device according to an embodiment of the present application.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with embodiments of the application, but are merely examples of apparatuses and methods consistent with aspects of embodiments of the application as detailed in the accompanying claims.

It is to be understood that the terms "first," "second," and the like, as used herein, may be used to describe various concepts, but are not limited by these terms unless otherwise specified. These terms are only used to distinguish one concept from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of embodiments of the present application. The words "if", as used herein, may be interpreted as "at … …" or "at … …" or "in response to a determination", depending on the context.

The terms "at least one", "a plurality", "each", "any" and the like as used herein, at least one includes one, two or more, a plurality includes two or more, each means each of the corresponding plurality, and any one means any of the plurality.

Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the application only and is not intended to be limiting of the application.

Before describing embodiments of the present application in detail, some of the terms and expressions that are referred to in the embodiments of the present application will be described first, and the terms and expressions that are referred to in the embodiments of the present application are applicable to the following explanation.

Blockchain (Blockchain): the method is a novel application mode of computing technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. In brief, it is a public, decentralized, non-tamperable digital ledger that records all transactions or digital events across multiple computers.

Edge gateway (EDGE GATEWAY): is a hardware device or software application for handling network communications between a legacy data center and edge devices in an edge computing environment. The edge gateway plays important roles of connection, security and management in the Internet of things and edge computing.

Trusted control (Trustworthy Control) is a control method for ensuring that internet of things (IoT) devices have a high degree of security, efficiency, and reliability in operation and control. By implementing evaluation, management and monitoring measures, the safe and reliable operation of the Internet of things equipment in various application scenes is ensured.

In related art, the internet of things (Internet of Thing, ioT) is a technology that connects various types of physical devices through a network so that they can collect and exchange data. Along with the progress of science and technology, the application of the internet of things is more and more extensive, and the application has profound effects on the fields of industry, resident life, medical treatment, urban planning and the like. In the internet of things, various devices need to be remotely controlled or automatically controlled. Accordingly, the control manner thereof may be divided into: the cloud service is used for directly controlling, the equipment is directly connected with cloud service, the instruction is directly issued by the cloud service to the terminal equipment for execution, the cloud service is used for controlling the cloud service through the edge gateway, the equipment and the edge gateway form a local area network, the gateway is connected with the cloud service, the instruction is issued by the cloud service to the terminal equipment for execution, the other equipment is used for issuing the instruction to the target terminal equipment for execution through the cloud or the gateway for execution. Many devices of the internet of things, such as cameras, circuit switches, elevator control, etc., need very high security guarantee, including security of data transmission and storage of the devices and security of controlling the devices. Accordingly, security protection of the control of the device is particularly important, and some key devices can have serious consequences if illegally controlled.

Most of the current equipment control security depends on the security of the upstream cloud service. For example, when the MQTT protocol is adopted to transmit data, identity verification is required for both the producer and the subscriber to connect to the brooker to operate a certain theme, or when the HTTP protocol is adopted, the cloud service encrypts and signs the issuing instruction by using a private key, and the device or gateway decrypts by using a public key to determine the identity of the control transmitting end. In the modes, the control safety of the Internet of things equipment is only easy to be attacked illegally, so that the Internet of things equipment is controlled illegally, and the safety guarantee of the Internet of things equipment is difficult to be guaranteed. Illustratively, referring to fig. 1 and 2, since both the MQTT certification and the asymmetric encryption key remain unchanged for long-term use, the middleman can intercept the message data in large quantities for brute force cracking. Meanwhile, a plurality of edge sides are connected to cloud service, so that a middleman can intercept ciphertext content generated by collision, and the difficulty of violent cracking is greatly reduced. Accordingly, after man-in-the-middle attack is completed, an illegal controller can forge the bidirectional message content when the communication message passes, particularly forge a control instruction issued to the edge side by the cloud, so as to obtain the equipment control right. In addition, when the edge side uses the domain name to access the cloud service, an illegal controller can guide the edge side to a forged cloud service through tampering or damaging the resolution process of the domain name server, so that the control right of the equipment is obtained.

Based on the above, an embodiment of the invention provides a trusted control method, a trusted control system, an electronic device and a storage medium for the internet of things device, which can realize the trusted control of the internet of things device and effectively improve the control safety and reliability of the internet of things device. According to the embodiment of the invention, the cloud server side acquires the control instruction data to construct the first instruction block according to the control instruction data, and after the first instruction block is constructed, the cloud server side sends the equipment control instruction to the edge gateway to verify according to the equipment control instruction and the first block information, so that a verification result is obtained. Accordingly, in the embodiment of the present invention, the edge gateway stores the first block information of the second instruction block, where the second instruction block includes the previous block of the first instruction block and the previous blocks of the first instruction block. Finally, when the verification result is determined to be that the verification is passed, the embodiment of the invention executes the equipment control instruction through the edge gateway to control the Internet of things equipment, thereby realizing the credible control of the Internet of things equipment and effectively improving the control safety and reliability of the Internet of things equipment.

The embodiment of the application provides a trusted control method for Internet of things equipment, and relates to the technical field of Internet of things. The method for controlling the credibility of the Internet of things equipment provided by the embodiment of the application can be applied to the terminal, the server and software running in the terminal or the server. In some embodiments, the terminal may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, a vehicle-mounted terminal, and the like; the server side can be configured as an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, and can be configured as a cloud server for providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, basic cloud computing services such as big data and artificial intelligence platforms, and the server can also be a node server in a blockchain network; the software may be an application or the like that implements a trusted control method of the internet of things device, but is not limited to the above form.

The application is operational with numerous general purpose or special purpose computer system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like. The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

It should be noted that, in each specific embodiment of the present application, when related processing is required according to user information, user behavior data, user history data, user location information, and other data related to user identity or characteristics, permission or consent of the user is obtained first, and the collection, use, processing, and the like of the data comply with related laws and regulations and standards. In addition, when the embodiment of the application needs to acquire the sensitive personal information of the user, the independent permission or independent consent of the user is acquired through popup or jump to a confirmation page and the like, and after the independent permission or independent consent of the user is definitely acquired, the necessary relevant data of the user for enabling the embodiment of the application to normally operate is acquired.

Fig. 3 is an optional flowchart of a method for trusted control of an internet of things device according to an embodiment of the present application, where the method in fig. 3 may include, but is not limited to, steps S110 to S150.

S110, acquiring control instruction data through the cloud server.

S120, constructing a first instruction block according to the control instruction data.

S130, when the first instruction block is determined to be constructed, sending a device control instruction to the edge gateway through the cloud service end. The edge gateway stores first block information of a second instruction block, and the second instruction block comprises a block before the first instruction block.

And S140, checking according to the equipment control instruction and the first block information to obtain a checking result.

And S150, executing a device control instruction through the edge gateway to control the Internet of things device when the verification result is determined to be that the verification is passed.

In the working process of the embodiment, the embodiment of the invention firstly obtains the control instruction data through the cloud server. Specifically, the control instruction data in the embodiment of the invention refers to an instruction for performing operation control on the internet of things equipment under the edge gateway. Correspondingly, the cloud service end refers to a cloud service platform connected with the edge gateway, such as a corresponding internet of things platform. For example, in the embodiment of the invention, the control instruction data is obtained through a corresponding internet of things platform (cloud server). Then, the embodiment of the invention constructs a first instruction block according to the acquired control instruction data. Specifically, in the embodiment of the present invention, the first instruction block refers to a blockchain block. In the embodiment of the invention, each edge gateway connected with the related internet of things equipment corresponds to an independent blockchain of the cloud server. For example, referring to fig. 4, edge gateway a in fig. 4 corresponds to blockchain a in the cloud server, and edge gateway B corresponds to blockchain B in the cloud server. After corresponding control instruction data is obtained, the embodiment of the invention generates a new block, namely a first instruction block, on a block chain corresponding to the corresponding edge gateway according to the control instruction data.

Further, after the first instruction block is determined to be constructed, the embodiment of the invention sends the equipment control instruction to the edge gateway through the cloud service end. Specifically, in the embodiment of the present invention, the edge gateway stores the first block information of the second instruction block. Accordingly, in the embodiment of the present invention, the second instruction block includes a block previous to the first instruction block, that is, a block generated by the edge gateway on a block chain corresponding to the edge gateway in the cloud server. In the embodiment of the present invention, the first block information refers to the block data recorded on the blockchain, such as transaction time, timestamp, and block hash value. After the first instruction block is constructed, the cloud server sends an equipment control instruction to the corresponding edge gateway so as to control the corresponding Internet of things equipment through the edge gateway. Then, the embodiment of the invention performs verification according to the equipment control instruction and the first block information to obtain a verification result. Specifically, when the edge gateway receives a device control instruction issued by the cloud server, the validity of the device control instruction is checked through the stored block information of the previous block of the first instruction block, namely the first block information, so as to obtain a check result. Correspondingly, when the verification result is determined to be that the verification is passed, the embodiment of the invention executes the device control instruction through the edge gateway to control the corresponding internet of things device to execute the related operation, thereby realizing the trusted control of the internet of things device. It is easy to understand that the control safety and reliability of the internet of things device can be effectively improved by combining the block information of the block chain to verify the validity of the related device control instruction.

Referring to fig. 5, in some embodiments of the present invention, a first instruction block is constructed from control instruction data, including, but not limited to, the steps of:

S210: and performing verification calculation through a workload proving mechanism according to the control instruction data, the first block information and the block time stamp to obtain instruction block data. Wherein the block timestamp includes timestamp data constructed by the first instruction block.

S220: and constructing a first instruction block according to the instruction block data.

In this embodiment, the embodiment of the present invention performs a verification calculation by a workload proof mechanism according to the control instruction data, the first block information and the block time stamp to obtain instruction block data, and further constructs the first instruction block according to the instruction block data. Specifically, in the embodiment of the present invention, the block timestamp includes timestamp data constructed by the first instruction block, that is, a timestamp generated by the current block. Accordingly, the Proof of Work (PoW) is a consensus mechanism used in blockchain technology that enables verification and validation of new transactions. According to the embodiment of the invention, the control instruction data, the first block information and the block time stamp are used as the input of the workload certification, so that the corresponding workload certification mechanism check calculation is performed, and the instruction block data are obtained. Further, after the workload is proven, that is, after the corresponding instruction block data is obtained by calculation, the embodiment of the invention generates the next instruction block, that is, the first instruction block according to the instruction block data. According to the embodiment of the invention, the block chain safety is protected through the computing capacity in a mode of generating the block by the workload certification mechanism, so that the control safety and reliability of the Internet of things equipment are effectively improved.

Referring to fig. 6, in some embodiments of the present invention, a verification calculation is performed by a workload certification mechanism according to control instruction data, first block information and block time stamp to obtain instruction block data, including but not limited to the following steps:

s310: and converting the control instruction data, the first block information and the block time stamp into a preset byte array to obtain a first input data sequence. Wherein the first block information includes a first hash value of the second instruction block.

S320: and connecting the first input data sequence with the block random number to obtain a second input data sequence.

S330: and carrying out hash calculation on the second input data sequence to obtain a second hash value.

S340: and when the second hash value is determined to meet the preset target requirement, obtaining the instruction block data. The instruction block data comprises a second hash value and the block random number.

In this embodiment, the embodiment of the present invention first converts the control instruction data, the first block information and the block timestamp into a preset byte array to obtain a first input data sequence. Specifically, the preset byte array in the embodiment of the present invention refers to converting corresponding data into a corresponding byte array, such as a binary byte array. In addition, in the embodiment of the present invention, the first block information includes a first hash value of the second instruction block. In the embodiment of the invention, the hash value is a displacement identifier with a fixed length, and is obtained by carrying out hash function calculation on input data. For example, in the embodiment of the present invention, the input of the workload certification, including the hash value (the first hash value) of the last block, the instruction data (the control instruction data) required to be issued this time, and the timestamp (the block timestamp) generated by the current block, are converted into the form of a binary array, so as to obtain the first input data sequence.

Then, the embodiment of the invention connects the first input data sequence with the block random number to obtain a second input data sequence, so as to perform hash calculation on the second input data sequence to obtain a second hash value. Specifically, the block random number in the embodiment of the present invention refers to a one-time random number or a character string, i.e., a nonce value. The embodiment of the invention connects the first input data sequence obtained through conversion with an attempted nonce value, namely a case random number in series to construct a second input data sequence, and carries out hash calculation on the second input data sequence to obtain a second hash value. Further, the embodiment of the invention judges whether the second hash value meets the preset target requirement. The preset target requirement is determined by corresponding real-time performance and security requirements, and comprises a corresponding hash value length and a target. For example, the preset target in the embodiment of the present invention requires that all the 20 low-order bits of the child be 0. Correspondingly, when the second hash value is determined to meet the preset target requirement, the embodiment of the invention obtains the instruction block data, including the corresponding second hash value and the block random number, namely the nonce value. It is easy to understand that when the second hash value does not meet the preset target requirement, the embodiment of the invention increments the nonce value, continuously tries to connect the new nonce value with the first input data sequence, calculates the corresponding second hash value until the nonce value which can enable the calculated second hash value to meet the preset target requirement is found, and completes the workload certification.

Referring to fig. 7, in some embodiments of the present invention, the device control instructions include instruction information, a block timestamp, and a block random number. Accordingly, in the embodiment of the present invention, the verification is performed according to the device control instruction and the first block information, so as to obtain a verification result, which includes but is not limited to the following steps:

s410: and binary connection is carried out on the instruction information, the block time stamp and the block random number and the first block information, so that connection data are obtained.

S420: and carrying out hash calculation according to the connection data to obtain a third hash value.

S430: and checking the third hash value according to the preset target requirement to obtain a checking result. The verification result comprises verification passing or verification failure.

In this embodiment, in the device control instruction issued by the cloud service end to the edge gateway, the instruction information refers to the plaintext of the instruction text. Correspondingly, the embodiment of the invention carries out binary connection on the instruction information, the block time stamp and the block random number with the first block information to obtain connection data, and carries out hash calculation according to the connection data to obtain a corresponding third hash value. Specifically, when the edge gateway receives a device control instruction issued by the cloud server, the edge gateway performs binary connection on the stored block information of the last block, namely, the first block information, and the received instruction information, the block timestamp and the block random number, so as to construct and obtain connection data. When the first device control command is issued, the last hash value is the hash value of block 0 (origin block). Then, in the embodiment of the present invention, the hash algorithm is used to perform hash calculation on the connection data to obtain a third hash value. Further, the embodiment of the invention checks the third hash value according to the preset target requirement to determine a corresponding check result, including passing or checking. Illustratively, in the embodiment of the present invention, the preset target requirement is that the low 20 bits of the hash value are all zero. Correspondingly, when the third hash value is determined to meet the preset target requirement, if the lower 20 bits of the third hash value are all zero, the verification result is verification passing. Otherwise, when the third hash value is determined to not meet the preset target requirement, the verification result is verification failure. The embodiment of the invention has higher operation efficiency by carrying out hash calculation on the corresponding connection data, does not occupy excessive calculation and memory resources, and can better adapt to the environment with limited edge resources.

It should be noted that, the hash algorithm in the embodiment of the present invention includes MD5, SHA1, SHA2, SHA3, blake2, HMAC, and the like. Because of a certain real-time requirement on the control of the equipment, for example, the equipment needs to execute and complete within 3 seconds through an instruction issued by the cloud server. Therefore, there is a certain operation performance requirement for performing workload certification on the cloud server, and factors influencing the workload certification operation time are mainly hash value length and binary representation targets for completing the certification. The larger the hash value length is, the more strict the target is, the more time is consumed for calculation. For example, in some embodiments of the invention, the SHA256 digest algorithm of SHA2 is used, with a hash value length of 256 bits, i.e., 32 bytes. Accordingly, in the case of using a hash value length of 256 bits, with 16 low binary values of all 0 as the workload certification target, the workload certification can be completed in less than 100 milliseconds in most cases. The embodiment of the invention selects the corresponding hash value length and the target through the specific application scene so as to balance the requirements of instantaneity and safety.

Referring to fig. 8, in some embodiments of the present invention, before executing the acquisition of control instruction data by the cloud server, the trusted control method for the internet of things device provided by the embodiment of the present invention further includes, but is not limited to, the following steps:

S510: when the cloud service is determined to access the edge gateway, an origin block is constructed to initialize the corresponding blockchain of the edge gateway.

S520: and performing verification calculation through a workload certification mechanism to obtain third block information of the origin block.

In this embodiment, before control instruction data is acquired through the cloud server, the embodiment of the present invention initializes a corresponding blockchain first. Specifically, the embodiment of the invention firstly judges whether an edge gateway is accessed to a cloud server. When determining that the cloud service end is connected with the corresponding edge gateway, the embodiment of the invention firstly constructs the air source condition so as to initialize the blockchain corresponding to the edge gateway. For example, when the cloud server accesses a corresponding edge gateway, such as an edge gateway with a key device, the cloud server generates a Block 0 (Genesis Block), i.e., an origin Block. Wherein the instruction type of the origin block is initialization (Init) without the hash value of the previous block. Then, the embodiment of the invention performs verification calculation through a workload certification mechanism to obtain the third block information of the origin block. Specifically, in the embodiment of the present invention, the third block information includes a hash value and a nonce value of the origin block. According to the embodiment of the invention, the origin block is constructed and verification calculation is performed through the workload certification mechanism, and the corresponding block chain is initialized for the accessed edge gateway at the cloud server, so that the subsequent trusted control of the Internet of things equipment according to the corresponding block information can be facilitated.

Referring to fig. 9 in conjunction with fig. 8, in some embodiments of the present invention, after performing the step of performing a verification calculation by a workload certification mechanism to obtain third block information of an origin block, the method for trusted control of an internet of things device according to the embodiment of the present invention further includes, but is not limited to, the following steps:

s610: and importing the third block information to the edge gateway through a preset storage device.

S620: and importing the third block information to the edge gateway through the cloud server.

In this embodiment, after the blockchain of the cloud server is initialized, the embodiment of the invention introduces the third block information of the origin block into the edge gateway, so that when the edge gateway issues the corresponding device control instruction at the cloud server, the validity check can be performed on the device control instruction according to the stored block information. Specifically, in the embodiment of the present invention, the edge gateway may introduce the origin block into the gateway device in an offline or online manner. When the offline mode is adopted, the embodiment of the invention guides the third block information to the edge gateway through the preset storage device. In the embodiment of the invention, the preset storage device can be a USB memory or other storage devices, and the origin block is burned into firmware or copied into the flash memory of the gateway device by using the preset storage device. Correspondingly, when an online mode is adopted, the embodiment of the invention leads the third block information into the edge gateway through the cloud service end. Meanwhile, when the cloud service is imported in an online mode, the cloud service end connected to the edge gateway during initialization is required to be ensured to be a trusted and legal cloud service, and the validity of the source can be confirmed in the cloud application service in a secondary verification mode, so that the description is omitted.

Referring to fig. 10, in some embodiments of the present invention, after performing a step of executing a device control instruction through an edge gateway to control an internet of things device when a verification result is determined to be that verification passes, the method for trusted control of the internet of things device according to the embodiment of the present invention further includes, but is not limited to, the following steps:

s710: second block information of the first instruction block is stored to the edge gateway.

S720: and updating the first block information stored in the edge gateway through the second block information.

In this embodiment, after the verification is passed and the internet of things device is controlled to execute the corresponding operation, the block information in the edge gateway is updated. Specifically, in the embodiment of the invention, the second block information of the first instruction block is stored in the edge gateway, and the first block information stored in the edge gateway is updated by the second block information. It is to be understood that, in the embodiment of the present invention, the first block information refers to the block information of the block preceding the first instruction block. According to the embodiment of the invention, the block information of the last block stored in the edge gateway, namely the first block information, is updated through the block information of the first instruction block which passes the verification, namely the second block information, so that when the next equipment control instruction is issued to the edge gateway, the validity of the equipment control instruction can be verified according to the block information of the block before the block corresponding to the control instruction, and the credible control of the Internet of things equipment is realized.

It should be noted that in the embodiment of the present invention, the cloud server stores a complete blockchain, and all the blocks are stored in a key value storage database, such as levelDB or rocksDB. Each complete blockchain record is recorded from the initialization to the current time, and the cloud service end sends a control instruction record to the corresponding edge side. Accordingly, these records cannot be tampered with, deleted based on the characteristics of the blockchain. Therefore, the reliability of the related data can be effectively improved. In addition, the edge gateway in the embodiment of the invention does not need to record a complete block chain, only needs to record the current block hash value, and after the credibility and legitimacy of one instruction are verified, the hash value obtained by calculation can replace the originally stored hash value, and the method can be well applied to the edge computing environment with limited resources by only storing one hash value.

The following describes and describes in detail the scheme of the embodiment of the present invention with reference to fig. 11 and fig. 12, by taking a specific scenario of an internet of things switch device as an example:

In the embodiment of the invention, the Internet of things switch equipment has two control instructions, including equipment opening and equipment closing. Correspondingly, the device opens the corresponding JSON message as follows:

Firstly, the embodiment of the invention initializes the blockchain of the cloud server. The cloud service end generates a new blockchain corresponding to the edge gateway equipment of the connection switch, and all subsequent control instructions issued to the edge gateway are recorded in a blockchain account book. Among them, the embodiment of the present invention creates block 0 (genesis block), i.e., the origin block, and obtains the hash value of block 0 as (hexadecimal), such as 00001FED22BF6E3046A07AFF478DC12E4C5CB42711AB7D8DDA3B831E24ED 302F. In the embodiment of the present invention, the lower 16 bits of the hash value are all 0. Accordingly, the embodiment of the invention imports the hash value into the edge gateway device to store the above hash value at the edge gateway.

Then, when a first switch control instruction is issued by the cloud server at a certain time node to indicate that the switch is turned on, the embodiment of the present invention generates a block 1, where the hash value is (hexadecimal) as follows: 000078EBCE119C7E8D89BD86FEFA C9D28C2DCD4E595AAD2366FE0C27F943. Likewise, the lower 16 bits of the hash value are all 0's. Then, the cloud server issues the control instruction, and the message is as follows:

Further, after the edge gateway receives the corresponding message, according to the hash value locally stored in the edge gateway, the embodiment of the invention combines the corresponding instruction information, the block timestamp and the nonce value (the block random number), and calculates the corresponding hash value (hexadecimal) through the same hash algorithm as follows: 000078EBCE119C7E8D89BD86FEFA C9D28C2DCD4E595AAD2366FE0C27F943. Correspondingly, as the lower 16 bits of the hash value are all 0, the hash value passes the verification, and the edge gateway sends an instruction to the Internet of things switching device to control the Internet of things switching device to execute the opening instruction. Meanwhile, the embodiment of the invention stores the new hash value instead of the hash value of the block 0.

Likewise, when the subsequent cloud server issues a closing instruction to the internet of things device again, the control instruction issuing and the validity checking process are repeated, so as to calculate and obtain a corresponding hash value (hexadecimal): 00006D315DD27CB9FB374E4863A7AE77164130B15CDF0B465CE92AB47531E8B9, then send the following to the edge gateway:

And after receiving the control instruction, the edge gateway performs verification in the same way. When it is determined that the verification passes, the instruction is executed and a new hash value is recorded.

Accordingly, the operation information recorded in the blockchain according to the embodiment of the present invention is as follows:

＝＝＝＝＝＝Block#2＝＝＝＝＝＝

timestamp:1698754202154

nonce:136906

command:{"deviceId":100235,"on":false}

prev.hash:

000078EBCE119C7E8D89BD86FEFA113C9D28C2DCD4E595AAD2366FE0C27F943D

hash:

00006D315DD27CB9FB374E4863A7AE77164130B15CDF0B465CE92AB47531E8B9

＝＝＝＝＝＝Block#1＝＝＝＝＝＝

timestamp:1698753374361

nonce:171141

command:{"deviceId":100235,"on":true}

prev.hash:

00001FED22BF6E3046A07AFF478DC12E4C5CB42711AB7D8DDA3B831E24ED 302F

hash:

000078EBCE119C7E8D89BD86FEFA113C9D28C2DCD4E595AAD2366FE0C27F943D

＝＝＝＝＝＝Block#0＝＝＝＝＝＝

timestamp:1698753374039

nonce:566074

prev.hash:

hash:

00001FED22BF6E3046A07AFF478DC12E4C5CB42711AB7D8DDA3B831E24ED 302F

it should be noted that, in the embodiment of the present invention, the blocks other than the block 0 (origin block) are all records of the control instruction, and the correctness of the records is easily verified.

It is easy to understand that in the embodiment of the invention, when the edge side is limited in resources, the credibility and validity of the instruction can be checked rapidly and accurately, and the edge side can completely trust the checking result, so that the execution of the non-counterfeit and non-tamperable equipment instruction is ensured. Meanwhile, complete records of equipment control operation are reserved in the cloud service end block chain, the records are ensured to be true and reliable, and authenticity can be verified through simple calculation. According to the embodiment of the invention, a distributed consensus security algorithm is realized between the cloud server and the edge gateway by applying the blockchain technology, so that the integrity and the legality of the data sent to the edge instruction by the cloud are ensured. The falsified or tampered instruction message can be quickly checked by the edge side gateway, so that the key equipment can be ensured to only execute legal control instructions with trusted sources. Meanwhile, according to the embodiment of the invention, the account book of the blockchain is used as the record of the control instruction operation of the storage device, and the record cannot be deleted or tampered, so that the complete authenticity of the record can be ensured, and the integrity and the reliability of the operation log are ensured.

It is easy to understand that both the hash value and the algorithm (workload proof and goal) of the block are involved in the overall data transfer process. Therefore, any man-in-the-middle attacker or counterfeited service attacker cannot tamper with or assemble legal control instructions, and send the legal control instructions to the edge side, see the complete flow timing diagram in fig. 11. Even if an attacker acquires the algorithm and the target used by the cloud end and the edge side by other means, the falsification instruction message cannot be falsified because the hash value of the last block is lacking. In this case, the only thing an attacker can do is to brute force crack the hash value of the last chunk. Illustratively, taking SHA256 as an example, an attacker needs to complete the operation of the following mathematical formula (1):

Wherein, C represents the intercepted instruction text, T represents a time stamp, N represents a one-time integer nonce value, X is the hash value of the last block that the attacker needs to crack (here, a 256-bit binary system), and the +number represents that the binary system is connected in series. For a hash value of 256 bits in length, this is an astronomical digital violence enumeration, which cannot be done in a significant time (before the next chunk generation), and there is a very high chance of obtaining incorrect hash value results. Therefore, when the hash value storage of the cloud service end and the edge side is safe, the control method of the Internet of things equipment provided by the embodiment of the invention is harder to crack, and the credible control of the Internet of things equipment can be realized. Meanwhile, the greater the hash value bit number generated by the algorithm, the stronger the security.

Referring to fig. 13, the embodiment of the present application further provides a trusted control system for an internet of things device, which can implement the trusted control method for an internet of things device, where the system includes:

the first module 810 is configured to obtain control instruction data through a cloud server.

A second module 820 for constructing the first instruction block according to the control instruction data.

And a third module 830, configured to send, when it is determined that the first instruction block is constructed, an equipment control instruction to the edge gateway through the cloud service end. The edge gateway stores first block information of a second instruction block, and the second instruction block comprises a block before the first instruction block.

And a fourth module 840, configured to perform verification according to the device control instruction and the first block information, to obtain a verification result.

And a fifth module 850, configured to execute, by the edge gateway, a device control instruction to control the internet of things device when it is determined that the verification result is that the verification is passed.

It can be understood that the content in the above method embodiment is applicable to the system embodiment, and the functions specifically implemented by the system embodiment are the same as those of the above method embodiment, and the achieved beneficial effects are the same as those of the above method embodiment.

The embodiment of the application also provides electronic equipment, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the credible control method of the Internet of things equipment when executing the computer program. The electronic equipment can be any intelligent terminal including a tablet personal computer, a vehicle-mounted computer and the like.

It can be understood that the content in the above method embodiment is applicable to the embodiment of the present apparatus, and the specific functions implemented by the embodiment of the present apparatus are the same as those of the embodiment of the above method, and the achieved beneficial effects are the same as those of the embodiment of the above method.

Referring to fig. 14, fig. 14 illustrates a hardware structure of an electronic device according to another embodiment, the electronic device includes:

the processor 910 may be implemented by a general purpose CPU (Central Processing Unit ), a microprocessor, an Application SPECIFIC INTEGRATED Circuit (ASIC), or one or more integrated circuits, etc. for executing related programs to implement the technical solutions provided by the embodiments of the present application;

The memory 920 may be implemented in the form of a Read Only Memory (ROM), a static storage device, a dynamic storage device, or a random access memory (Random Access Memory, RAM). The memory 920 may store an operating system and other application programs, and when the technical solution provided in the embodiments of the present disclosure is implemented by software or firmware, relevant program codes are stored in the memory 920, and the processor 910 invokes the trusted control method for the internet of things device to execute the embodiments of the present disclosure;

an input/output interface 930 for inputting and outputting information;

the communication interface 940 is configured to implement communication interaction between the device and other devices, and may implement communication in a wired manner (e.g., USB, network cable, etc.), or may implement communication in a wireless manner (e.g., mobile network, WIFI, bluetooth, etc.);

a bus 950 for transferring information between components of the device (e.g., processor 910, memory 920, input/output interface 930, and communication interface 940);

Wherein processor 910, memory 920, input/output interface 930, and communication interface 940 implement communication connections among each other within the device via a bus 950.

The embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program, and the computer program realizes the credible control method of the Internet of things equipment when being executed by a processor.

It can be understood that the content of the above method embodiment is applicable to the present storage medium embodiment, and the functions of the present storage medium embodiment are the same as those of the above method embodiment, and the achieved beneficial effects are the same as those of the above method embodiment.

The memory, as a non-transitory computer readable storage medium, may be used to store non-transitory software programs as well as non-transitory computer executable programs. In addition, the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory remotely located relative to the processor, the remote memory being connectable to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The embodiment of the application provides a trusted control method, a trusted control system, electronic equipment and a storage medium for Internet of things equipment, which are used for acquiring control instruction data through a cloud server to construct a first instruction block according to the control instruction data. And then, after the first instruction block is constructed, sending an equipment control instruction to the edge gateway through the cloud server so as to verify the equipment control instruction according to the first block information to obtain a verification result. Accordingly, in the embodiment of the present application, the edge gateway stores the first block information of the second instruction block, where the second instruction block includes the previous block of the first instruction block. And finally, judging whether the validity check of the equipment control instruction is passed. When the verification result is determined to be that verification passes, the device control instruction is executed through the edge gateway, so that the internet of things device is controlled, the credible control of the internet of things device can be realized, and the control safety and reliability of the internet of things device are effectively improved. It is easy to understand that in the embodiment of the application, the integrity and the legality of the related instruction can be checked by constructing the instruction block and checking according to the equipment control instruction and the corresponding first block information, and then after the checking is passed, the equipment control instruction is executed through the edge gateway, so that the control safety and the control reliability of the equipment of the internet of things are effectively improved.

The embodiments described in the embodiments of the present application are for more clearly describing the technical solutions of the embodiments of the present application, and do not constitute a limitation on the technical solutions provided by the embodiments of the present application, and those skilled in the art can know that, with the evolution of technology and the appearance of new application scenarios, the technical solutions provided by the embodiments of the present application are equally applicable to similar technical problems.

It will be appreciated by persons skilled in the art that the embodiments of the application are not limited by the illustrations, and that more or fewer steps than those shown may be included, or certain steps may be combined, or different steps may be included.

The above described apparatus embodiments are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, i.e. may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

Those of ordinary skill in the art will appreciate that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof.

The terms "first," "second," "third," "fourth," and the like in the description of the application and in the above figures, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

It should be understood that in the present application, "at least one (item)" means one or more, and "a plurality" means two or more. "and/or" for describing the association relationship of the association object, the representation may have three relationships, for example, "a and/or B" may represent: only a, only B and both a and B are present, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b or c may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.

In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the above-described division of units is merely a logical function division, and there may be another division manner in actual implementation, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including multiple instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method of the various embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (Random Access Memory RAM), a magnetic disk, or an optical disk, or other various media capable of storing a program.

The preferred embodiments of the present application have been described above with reference to the accompanying drawings, and are not thereby limiting the scope of the claims of the embodiments of the present application. Any modifications, equivalent substitutions and improvements made by those skilled in the art without departing from the scope and spirit of the embodiments of the present application shall fall within the scope of the claims of the embodiments of the present application.

Claims

1. The method for controlling the credibility of the Internet of things equipment is characterized by comprising the following steps:

acquiring control instruction data through a cloud server;

2. The method of claim 1, wherein said constructing a first instruction block from said control instruction data comprises:

3. The method of claim 2, wherein the performing a verification calculation by a workload certification mechanism based on the control instruction data, the first block information, and the block time stamp to obtain instruction block data comprises:

4. The method of claim 3, wherein the device control instructions include instruction information, the block time stamp, and the block nonce;

5. The method of claim 1, wherein prior to executing the obtaining control instruction data by the cloud server, the method further comprises:

6. The method of claim 5, wherein after performing the step of performing a verification calculation by a workload certification mechanism to obtain third block information of the origin block, the method further comprises:

7. The method according to any one of claims 1 to 6, wherein after performing the step of executing the device control instruction to control the internet of things device by the edge gateway when the check result is determined to be a check pass, the method further comprises:

8. An internet of things device trusted control system, the system comprising:

9. An electronic device, comprising:

At least one processor;

At least one memory for storing at least one program;

The at least one program, when executed by the at least one processor, causes the at least one processor to implement the method of any of claims 1-7.

10. A computer readable storage medium storing a computer program, characterized in that the computer program, when executed by a processor, implements the method of any one of claims 1 to 7.