WO2023273279A1 - Network authentication system and method for robot - Google Patents

Abstract

The present disclosure relates to a network authentication system and method for a robot. The system comprises a plurality of virtual private network points of presence (VPN POP), wherein each VPN POP can acquire a blockchain ledger in a blockchain network, the blockchain ledger comprising registration information of registered robots; and any VPN POP is used for determining, when a network authentication request of a target robot is received and on the basis of the registration information in the blockchain ledger, whether the target robot has been registered, and the VPN POP is also used for performing two-way authentication with the target robot when the target robot has been registered. The plurality of VPN POP in the system can synchronize robot information on the basis of a blockchain system without the need for a VPN controller to synchronize the robot information. Therefore, by means of the technical solution, the cost and complexity of a VPN can be reduced, and the reliability of the VPN is also improved.

Description

Robot network authentication system and method

Cross References to Related Applications

This disclosure claims the priority of a Chinese patent application with application number 202110729431.1 and titled "Robot Network Authentication System and Method" filed with the China Patent Office on June 29, 2021, the entire contents of which are incorporated by reference in this disclosure.

technical field

The present disclosure relates to the technical field of robots, and in particular, to a robot network authentication system and method.

Background technique

At present, robots have been more and more widely used in various industries. Moreover, with the development of artificial intelligence technology, the capabilities of robots are becoming stronger and stronger, which in turn leads to the gradual strengthening of the destructiveness brought about by robots when they are illegally invaded.

In order to improve the safety of the robot, in related technologies, the management and control process of the robot is set in a safe network environment, and such a safe network generally adopts a VPN (Virtual Private Network, virtual private network). For example, a robot can be authenticated on the VPN Controller and then access the VPN network. However, this method still faces security risks and also increases the burden on the VPN Controller.

Contents of the invention

The purpose of the present disclosure is to provide a robot network authentication system and method to solve the above related technical problems.

In order to achieve the above object, according to the first aspect of the disclosed embodiments, a robot network authentication system is provided, including a plurality of VPN POPs (Point Of Presence, network service provider point), each of which can obtain the blockchain A blockchain account book in the network, which includes registration information of registered robots;

Any one of the VPN POPs is used to determine whether the target robot is registered based on the registration information in the block chain account book when receiving the network authentication request of the target robot, and to determine whether the target robot has registered. In this case, perform two-way authentication with the target robot.

Optionally, also include:

The first authentication management terminal, the first authentication management terminal is a block chain node with robot registration authority, and is used to write the registration information in the registration request into the area when receiving the registration request of the robot. In the block chain ledger; and send the start node information of the block chain network to the robot, wherein the registration information includes the block chain address and public key of the robot;

The robot is used for saving the starting node information, and accessing the block chain network based on the starting node information.

Optionally, also include:

The second authentication management terminal, the second authentication management terminal is a block chain node with robot cancellation authority, used to determine the robot to be canceled according to the robot identification in the cancellation request when receiving the robot cancellation request, and Updating the registration status of the robot to be canceled in the blockchain ledger to the cancellation status.

Optionally, also include:

The third authentication management terminal, the second authentication management terminal is a block chain node with VPN POP registration authority, and is used to write the registration information in the registration request to the registration request when receiving the VPN POP registration request. In the blockchain ledger, the registration information includes the blockchain address and public key of the VPN POP.

Optionally, the VPN POP has a robot registration authority, and any of the VPN POPs is also used to write the registration information in the registration request to the blockchain account book when receiving a registration request from a robot and sending the startup node information of the block chain network to the robot, wherein the registration information includes the block chain address and public key of the robot;

The robot is used for saving the starting node information, and accessing the block chain network based on the starting node information.

Optionally, the VPN POP has a robot logout authority, and any one of the VPN POPs is also used to, when receiving a robot logout request, determine the robot to be logged out according to the robot identifier in the logout request, and send the The registration status of the robot to be canceled in the blockchain account book is updated to the cancellation status.

Optionally, the VPN POP performs two-way authentication with the target robot in the following manner:

Send the first random number and the first blockchain address of the VPN POP to the target robot;

receiving the first identity verification information sent by the target robot, the first identity verification information is obtained by the target robot by encrypting the first random number with the private key of the target robot;

Decrypting and verifying the first identity verification information based on the public key of the target robot; and,

In the case that the decryption verification is successful, send the second identity verification information to the target robot, the second identity verification information is obtained by encrypting the second random number by the VPN POP through the private key of the VPN POP, and the second identity verification information is obtained by encrypting the second random number through the private key of the VPN POP Two random numbers are generated by the target robot, and the second identity verification information is used for the target robot to authenticate the VPN POP.

Optionally, any of the VPN POPs is also used to send authentication failure information to the target robot when the target robot fails to be authenticated;

The target robot is further configured to, after receiving the authentication failure information, send a network authentication request to another VPN POP among the plurality of VPN POPs.

According to the second aspect of the embodiments of the present disclosure, a robot network authentication method is provided, which is applied to any VPN POP in the blockchain network, wherein the blockchain network includes multiple VPN POPs, and each of the The VPN POP can obtain the blockchain ledger in the blockchain network, the blockchain ledger includes the registration information of the registered robot, and the method includes:

Receive a network authentication request from the target robot, where the network authentication request includes registration verification information;

determining whether the target robot has been registered according to the registration verification information and the registration information in the blockchain ledger;

In the case that the target robot has been registered, initiate a two-way authentication process with the target robot.

Optionally, the two-way authentication process includes:

Send the first random number and the first blockchain address of the VPN POP to the target robot;

receiving the first identity verification information sent by the target robot, the first identity verification information is obtained by the target robot by encrypting the first random number with the private key of the target robot;

Decrypting and verifying the first identity verification information based on the public key of the target robot; and,

In the case that the decryption verification is successful, send the second identity verification information to the target robot, the second identity verification information is obtained by encrypting the second random number by the VPN POP through the private key of the VPN POP, and the second identity verification information is obtained by encrypting the second random number through the private key of the VPN POP Two random numbers are generated by the target robot, and the second identity verification information is used for the target robot to authenticate the VPN POP.

According to a third aspect of the embodiments of the present disclosure, there is provided a robot network authentication method applied to a target robot, the method comprising:

Send a network authentication request to any VPN POP in the blockchain network; wherein, the blockchain network includes multiple VPN POPs, and each VPN POP can obtain the blockchain in the blockchain network account book, the blockchain account book includes the registration information of the registered robot, the network authentication request includes the registration verification information of the target robot, and the registration verification information is used by the VPN POP to determine whether the target robot has registering, and initiating a two-way authentication process with the target robot if the target robot is already registered;

Under the situation that described VPN POP initiates two-way authentication procedure, carry out two-way authentication with described VPN POP.

Optionally, the two-way authentication process includes:

Receive the first random number sent by the VPN POP and the first blockchain address of the VPN POP;

Encrypting the first random number with the private key of the target robot to obtain first identity verification information;

Send the first authentication information to the VPN POP;

receiving the second identity verification information sent by the VPN POP, where the second identity verification information is generated by the VPN POP when the first identity verification information is successfully decrypted and verified based on the public key of the target robot, The second identity verification information is obtained by encrypting a second random number through the private key of the VPN POP by the VPN POP, and the second random number is generated by the target robot;

Decrypting and verifying the second identity verification information through the public key of the VPN POP.

According to a fourth aspect of the embodiments of the present disclosure, there is provided a computer program, including computer readable code, when the computer readable code is run on a computing processing device, the computing processing device is made to perform any of the above-mentioned second aspects. one of the methods described.

According to a fifth aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium, on which a computer program is stored, and when the program is executed by a processor, the steps of any one of the methods described in the above-mentioned second aspect are implemented.

According to a sixth aspect of the embodiments of the present disclosure, there is provided a computing processing device, including:

a memory on which a computer program is stored;

A processor, configured to execute the computer program in the memory, so as to implement the steps of any one of the methods in the second aspect above.

According to a seventh aspect of the embodiments of the present disclosure, there is provided a computer program, including computer readable code, which, when the computer readable code is run on a computing processing device, causes the computing processing device to execute any of the above third aspects. one of the methods described.

According to an eighth aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium, on which a computer program is stored, and when the program is executed by a processor, the steps of any one of the methods described in the third aspect above are implemented.

According to a ninth aspect of the embodiments of the present disclosure, there is provided a computing processing device, including:

a memory on which a computer program is stored;

A processor, configured to execute the computer program in the memory, so as to implement the steps of any one of the methods in the third aspect above.

The above technical solution sets up multiple VPN POPs in the blockchain network, so that any of the VPN POPs can perform network authentication on registered robots, thereby avoiding the performance problems faced by a single VPN Controller for robot network authentication. Bottleneck issues and security risks. In addition, the plurality of VPN POPs can also synchronize robot information based on the blockchain system, without requiring the VPN Controller to maintain robot data. Therefore, the above technical solution can also reduce the cost and complexity of the VPN network, while improving the reliability of the VPN network.

Other features and advantages of the present disclosure will be described in detail in the detailed description that follows.

Description of drawings

The accompanying drawings are used to provide a further understanding of the present disclosure, and constitute a part of the description, together with the following specific embodiments, are used to explain the present disclosure, but do not constitute a limitation to the present disclosure. In the attached picture:

Fig. 1 is a schematic diagram of a robot network authentication system shown in an exemplary embodiment of the present disclosure.

Fig. 2 is a schematic diagram of a robot network authentication system shown in an exemplary embodiment of the present disclosure.

Fig. 3 is a flow chart of a robot network authentication method shown in an exemplary embodiment of the present disclosure.

Fig. 4 is a flow chart of a robot network authentication method shown in an exemplary embodiment of the present disclosure.

Fig. 5 is a schematic structural diagram of a computing processing device shown in an exemplary embodiment of the present disclosure.

Fig. 6 is a schematic diagram of a program code storage unit for implementing the method of the present disclosure shown in an exemplary embodiment of the present disclosure.

Fig. 7 is a schematic structural diagram of a computing processing device shown in an exemplary embodiment of the present disclosure.

Fig. 8 is a schematic diagram of a program code storage unit for implementing the method of the present disclosure shown in an exemplary embodiment of the present disclosure.

detailed description

Specific embodiments of the present disclosure will be described in detail below in conjunction with the accompanying drawings. It should be understood that the specific embodiments described here are only used to illustrate and explain the present disclosure, and are not intended to limit the present disclosure.

Before introducing the robot network authentication system and method of the present disclosure, the application scenarios of the present disclosure are firstly introduced, and the various embodiments provided in the present disclosure can be used, for example, in network authentication scenarios of robots.

In order to improve the safety of the robot, in related technologies, the management and control process of the robot is set in a secure network environment, and such a secure network generally adopts a VPN. For example, you can install VPN software on the robot, and authenticate to the VPN Controller through the VPN account (username/password), and connect to the VPN network after the authentication is passed.

However, in this way, the robot needs to save the VPN account information locally, which poses a risk of leakage. To improve security, account information needs to be changed periodically. Moreover, the VPN Controller is a centralized component that manages, stores, and maintains the VPN account information of all robots. Once the VPN Controller is out of control, the robot may be faked. At the same time, when the VPN Controller stops serving due to related reasons (natural disasters, power outages, etc.), robots may not be able to access the network, which will affect service availability. In addition, since all robot authentication is performed on the VPN Controller, there may be a performance bottleneck in the VPN Controller when there are a large number of robots.

In some implementation scenarios, robot network authentication can be performed based on VPN POP and VPN Controller. For example, a digital certificate can be pre-installed on the robot, so that it can be authenticated to the VPN POP through the digital certificate. However, in order to support the authentication of robots at the VPN POP, the VPN Controller needs to manage, store and maintain all robot information, and synchronize this information among VPN POPs, which in turn leads to a higher complexity of the VPN network.

To this end, the present disclosure provides a robot network authentication system. Fig. 1 is a schematic diagram of a robot network authentication system shown in the present disclosure. As shown in Fig. 1, the system includes a plurality of VPN POPs (indicated by 4 VPN POPs in Fig. 1). Wherein, each VPN POP can obtain a blockchain ledger in the blockchain network, and the blockchain ledger of the block includes registration information of registered robots.

Here, the registration information may include, for example, the robot's blockchain address, public key, and so on. For example, a robot can generate a public key as well as a private key, and generate a blockchain address based on the public key. In this way, the robot can be registered based on the public key and blockchain address. After successful registration, the robot's public key and blockchain address are written into the blockchain ledger.

In some implementation scenarios, the robot's registration information may also include robot-related information, such as robot type, robot ID (Identity document, identity mark), etc., which is not limited in the present disclosure.

Still referring to Fig. 1, any VPN POP in the network authentication system of the robot is used for, when receiving the network authentication request of the target robot, based on the registration information in the blockchain ledger, to determine whether the target robot has register, and perform two-way authentication with the target robot under the condition that the target robot has been registered.

For example, the target robot may send a network authentication request to any VPN POP, and the network authentication request may include, for example, the second blockchain address of the target robot and the second random number A. In this way, the VPN POP that has received the network authentication request can query the second blockchain address in the blockchain ledger. In the case that the VPN POP does not query the second blockchain address, it can be determined that the target robot is not registered, so that the authentication process can be terminated. When the VPN POP queries the second block chain address, it can be determined that the target robot is registered, and then a two-way authentication process can be initiated.

The following is an exemplary description of the two-way authentication process. For example, the VPN POP can send the first random number B and the first blockchain address of the VPN POP to the target robot.

The target robot can receive the first random number B and the first blockchain address, and sign the first random number B based on the private key of the target robot, obtain the signature result SIGN(A), and send SIGN(A) to all Describe VPN POP.

The VPN POP can obtain the public key PK(A) of the target robot by querying the blockchain ledger based on the second blockchain address of the target robot, and decrypt SIGN(A) through the public key PK(A) verify. When the decryption fails and/or the decryption result is not the first random number B, the authentication fails and the authentication process is terminated. When the decryption is successful and the decryption result is the first random number B, the authentication is successful. In this way, the VPN POP can sign the second random number A based on its own private key to obtain the SIGN (B), and send the SIGN (B) to the target robot, so that the target robot can perform a signature on the VPN POP. certified.

Correspondingly, the target robot can obtain the public key PK(B) of the VPN POP by querying the blockchain ledger based on the first blockchain address, and decrypt SIGN(B) through the public key PK(B) verify. When the decryption is successful and the decryption result is the second random number A, the authentication is successful. When the decryption fails and/or the decryption result is not the second random number A, the authentication fails.

The above embodiments illustrate the two-way authentication process between the target robot and the VPN POP in the present disclosure. However, those skilled in the art should know that, in actual implementation, there may be multiple ways of performing two-way authentication through an asymmetric cryptographic mechanism (for example, there may be corresponding deformations of two-way authentication ways under different communication standards), for the sake of brevity in the description, The present disclosure will not be repeated here.

The above technical solution can have the following beneficial effects:

After the robot is registered, its registration information is written into the blockchain ledger. In this way, network authentication can be performed based on registration information (blockchain address, public key, etc.), so that the robot does not need to maintain VPN account information locally, avoiding the risk of account leakage. Moreover, the registration information of the robot is managed, stored and maintained by the blockchain system, and the blockchain network is decentralized. At the same time, only the registration information of the robot is stored in the blockchain ledger, thus avoiding the loss of control due to a certain link. Phenomena that lead to bots being counterfeited.

At the same time, by setting multiple VPN POPs in the blockchain network, any one of the VPN POPs can perform network authentication on registered robots, thereby avoiding the performance bottleneck faced by a single VPN Controller for robot network authentication question.

In addition, unlike VPN Controller's way of managing robot information and synchronizing this information between VPN POPs, in the above technical solution, the registration information of robots can be saved by the blockchain system, and based on the blockchain system, it can be stored in each VPN POP. to synchronize between. In this way, the complexity of the VPN network (VPN Controller/VPN POP) can be simplified, the cost can be reduced, and the reliability of the VPN network can also be improved.

In some implementation scenarios, the VPN POP has the robot registration authority. In this case, any VPN POP in the robot network authentication system is also used to write the registration information in the registration request into the block chain account book when receiving the registration request of the robot and sending the startup node information of the block chain network to the robot, wherein the registration information includes the block chain address and public key of the robot.

Exemplarily, the robot can generate a public key and a private key, and generate a blockchain address through the public key. In this way, the robot can send a registration request including the blockchain address and public key to the VPN POP. Of course, the robot can also entrust a third party to generate the public key, private key and blockchain address, which is not limited in this disclosure.

After the VPN POP receives the registration request, it can write the robot's blockchain address and public key into the blockchain account book by sending a transaction to the blockchain network, thereby completing the registration. In this way, the registration process of the robot can be managed based on VPN POP.

It should be noted that, in some implementations, the registration information of the robot may also include the type, serial number, etc. of the robot. After the VPN POP receives the registration request, it can also verify the relevant information of the robot, which is not limited in this disclosure.

In addition, VPN POP can also send the startup node information of the blockchain network to the robot. Correspondingly, the robot can be used to save the starting node information, and access to the blockchain network based on the starting node information.

For example, the robot can connect to the VPN POP through the wireless network, and according to the recorded start node information, through the blockchain connection protocol, use the light node protocol or RPC (Remote Procedure Call, remote procedure call) to connect to the block chain network. Wherein, the wireless network may be, for example, WiFi (Wireless Fidelity, wireless fidelity), 4G, 5G, and the like. In this way, after connecting to the block chain network, the robot can send a network authentication request to any VPN POP in the block chain network, and then perform network authentication.

In some implementation scenarios, the VPN POP has the robot logout authority. In this case, any VPN POP in the robot network authentication system is also used to, when receiving a robot logout request, determine the robot to be logged out according to the robot identifier in the logout request, and send the zone The registration status of the robot to be canceled in the block chain account book is updated to the cancellation status.

Here, the robot logout request can be sent by the relevant robot management terminal or sent by the robot. The robot identifier in the robot logout request may be, for example, an identifier that can distinguish robots such as a robot number, which is not limited in the present disclosure.

In this way, when the VPN POP receives the robot logout request, it can determine the robot to be logged out according to the robot identifier in the logout request. The VPN POP can also update the registration status of the robot to be canceled in the blockchain account book to the cancellation status by sending a transaction to the block network. Since the registration status is updated to the deregistration status, the robot to be deregistered can no longer pass the network authentication of the VPN POP. In this way, registered robots can be managed based on VPN POP.

In addition, it is worth noting that the robot information and VPN POP information recorded in the blockchain ledger are important data for network access authentication. Therefore, in some implementation scenarios, it is also possible to set relevant authority control policies for the process of adding and modifying robots and VPN POPs.

For example, in a possible implementation manner, authority control may be performed based on a permission chain. In the permission chain, it is possible to restrict whether different blockchain accounts have the permission to write and modify certain data. For example, data write permissions and data modification permissions can be configured for blockchain accounts in OSS (Business Support System, business support system) and/or BSS (Operation Support System, operation support system), and for robots, VPN POP and The blockchain account involved in the VPN Controller sets the data read permission.

In some possible implementations, robots and VPN POP-related data can also be managed based on the formulated smart contract. For example, corresponding smart contracts can be written to store information through smart contracts. The smart contract can provide interfaces such as registration, modification, cancellation, and query. Among them, assign the calling authority of the registration, modification, cancellation, query and other interfaces to the blockchain account corresponding to the OSS/BSS, and set the blockchain account corresponding to the robot and VPN POP to have the calling authority of the query interface.

In this way, in some implementation scenarios, the system may further include a first authentication management terminal. Referring to the schematic diagram of a robot network authentication system shown in FIG. 2, the first authentication management terminal is a blockchain node with robot registration authority, which can correspond to the relevant account of OSS/BSS.

The first authentication management terminal is used to, when receiving the registration request of the robot, write the registration information in the registration request into the blockchain account book; and the startup node of the blockchain network Information is sent to the robot, wherein the registration information includes the robot's blockchain address and public key;

The robot is used for saving the starting node information, and accessing the block chain network based on the starting node information.

Exemplarily, the robot can generate a public key and a private key, and generate a blockchain address through the public key. In this way, the robot can send a registration request including the blockchain address and public key to the first authentication management terminal.

After receiving the registration request, the first authentication management terminal can write the robot's blockchain address and public key into the blockchain ledger by sending a transaction to the blockchain network, thereby Complete the registration.

Of course, in some implementations, the robot's registration information may also include the robot's type, serial number, and so on. After receiving the registration request, the first authentication management terminal may also verify the relevant information of the robot, which is not limited in the present disclosure.

In addition, the first authentication management terminal can also send the startup node information of the blockchain network to the robot. Correspondingly, the robot can be used to save the starting node information, and access to the blockchain network based on the starting node information.

For example, the robot can connect to the VPN POP through the wireless network, and according to the recorded startup node information, connect to the blockchain network through the blockchain connection protocol, using the light node protocol or RPC. In this way, after connecting to the block chain network, the robot can send a network authentication request to any VPN POP in the block chain network, and then perform network authentication.

Of course, based on different application requirements, in some possible implementation manners, the first authentication management terminal may also correspond to relevant management accounts, and these management accounts may not correspond to OSS/BSS.

By adopting the above technical solution, the registration process of the robot can be managed by setting the first authentication management terminal, and at the same time, the writing authority of the robot information can be controlled.

In some implementation scenarios, the system may further include a second authentication management terminal. Referring to Fig. 2, the second authentication management terminal is a block chain node with robot logout authority, which may correspond to the relevant account of OSS/BSS.

The second authentication management terminal is used to, when receiving a robot logout request, determine the robot to be logged out according to the robot identification in the logout request, and store the The registered status is updated to the unregistered status.

Here, the robot logout request may be sent by the relevant robot management terminal or sent by the robot. In some implementation manners, the robot logout request may also be automatically generated by the second authentication management terminal based on preset rules. For example, when a robot is registered, a corresponding valid time interval can be set for each robot, and a robot logout request is automatically generated after the valid time interval is exceeded. The robot identifier in the robot logout request may be, for example, an identifier that can distinguish robots such as a robot number, which is not limited in the present disclosure.

In this way, when the second authentication management terminal receives the robot logout request, it can determine the robot to be logged out according to the robot identifier in the logout request. The second authentication management terminal can also update the registration status of the robot to be canceled in the blockchain account book to the cancellation status by sending a transaction to the blockchain network. Since the registration status is updated to the deregistration status, the robot to be deregistered can no longer pass the network authentication of the VPN POP.

In this way, the registered robot can be managed based on the second authentication management terminal, and at the same time, the logout authority of the robot information is also controlled.

In a possible implementation, the system also includes a third authentication management terminal, the second authentication management terminal is a block chain node with VPN POP registration authority, which can correspond to the relevant account of OSS/BSS .

The third authentication management terminal is used to write the registration information in the registration request into the block chain account book when receiving the registration request of the VPN POP, and the registration information includes the registration information of the VPN POP Blockchain address and public key.

For example, VPN POP can generate public key and private key, and generate a blockchain address through the public key. In this way, the VPN POP can send a registration request including the blockchain address and public key to the third authentication management terminal.

After the third authentication management terminal receives the registration request, it can write the blockchain address and public key of the VPN POP into the blockchain account book by sending a transaction to the blockchain network, This completes the registration.

By adopting the above technical solution, the registration process of the VPN POP can be managed by setting the third authentication management terminal, and the writing authority of the VPN POP information is also controlled.

In addition, it is worth noting that, for convenience and brevity of description, the embodiments described in the specification belong to preferred embodiments, and the parts involved are not necessarily essential to the present invention. For example, the first authentication management terminal, the second authentication management terminal and the third authentication management terminal may be independent system components or the same system component during specific implementation. In addition, the first authentication management terminal, the second authentication management terminal, and the third authentication management terminal may also correspond to relevant blockchain management accounts, and these blockchain management accounts may not correspond to OSS/BSS. This is not limited.

In a possible implementation manner, any VPN POP in the robot network authentication system is also used to send authentication failure information to the target robot when the target robot fails to be authenticated;

The target robot is further configured to, after receiving the authentication failure information, send a network authentication request to another VPN POP among the plurality of VPN POPs.

Taking Figure 1 as an example, after the robot receives the authentication failure information sent by VPN POP 4, the robot can also resend the network authentication request to any one of VPN POP 1-3. In this way, the problem of robots being unable to access the VPN network due to the outage of a certain VPN POP can be reduced, and the availability of the system is improved.

The present disclosure also provides a robot network authentication method, which is applied to any VPN POP in the blockchain network. Wherein, the blockchain network includes a plurality of VPN POPs, and each VPN POP can obtain a blockchain account book in the blockchain network, and the blockchain account book includes registration information of registered robots .

Here, the registration information may include, for example, the robot's blockchain address, public key, and so on. For example, a robot can generate a public key as well as a private key, and generate a blockchain address based on the public key. In this way, the robot can be registered based on the public key and blockchain address. After successful registration, the robot's public key and blockchain address are written into the blockchain ledger.

In some implementation scenarios, the registration information of the robot may also include related information of the robot, such as the type of the robot, the ID of the robot, etc., which is not limited in the present disclosure.

Fig. 3 is a flow chart of a robot network authentication method shown in the present disclosure, the method comprising:

S31. Receive a network authentication request from the target robot, where the network authentication request includes registration verification information.

Exemplarily, the target robot may send a network authentication request to any VPN POP, and the network authentication request may include registration verification information of the target robot, for example. Here, the registration verification information may be, for example, the second blockchain address of the target robot.

S32. Determine whether the target robot is registered according to the registration verification information and the registration information in the blockchain ledger.

For example, the VPN POP that has received the network authentication request can query the second blockchain address in the blockchain ledger. In the case that the VPN POP does not query the second blockchain address, it can be determined that the target robot is not registered, so that the authentication process can be terminated.

When the VPN POP inquires the address of the second block chain, it can be determined that the target robot is registered, and then in S33, when the target robot is registered, initiate a communication with the target robot Two-way authentication process between.

The following is an exemplary description of the two-way authentication process. In a possible implementation manner, the two-way authentication process includes:

The VPN POP sends the first random number B and the first blockchain address of the VPN POP to the target robot.

The target robot can receive the first random number B and the first blockchain address, and sign the first random number B based on the private key of the target robot, obtain the signature result SIGN(A), and send SIGN(A) to all Describe VPN POP.

The VPN POP may receive the first identity verification information sent by the target robot, namely the signature result SIGN(A). In addition, the VPN POP may also decrypt and verify the first identity verification information based on the target robot's public key. Exemplarily, the VPN POP can obtain the public key PK(A) of the target robot by querying the blockchain ledger based on the second blockchain address, and decrypt the SIGN(A) through the public key PK(A) verify. When the decryption fails and/or the decryption result is not the first random number B, the authentication fails and the authentication process is terminated. When the decryption is successful and the decryption result is the first random number B, the decryption verification is successful.

In the case of successful decryption verification, the VPN POP sends second identity verification information to the target robot. Using the above example, the second identity verification information can be SIGN(B), and SIGN(B) is obtained by encrypting the second random number A by the VPN POP through the private key of the VPN POP, and the second random number A Generated by the target robot, the second identity verification information is used by the target robot to authenticate the VPN POP.

Correspondingly, the target robot can obtain the public key PK(B) of the VPN POP by querying the blockchain ledger based on the first blockchain address, and decrypt SIGN(B) through the public key PK(B) verify. When the decryption is successful and the decryption result is the second random number A, the authentication is successful. When the decryption fails and/or the decryption result is not the second random number A, the authentication fails.

The above embodiments illustrate the two-way authentication process between the target robot and the VPN POP in the present disclosure. However, those skilled in the art should know that, in actual implementation, there may be multiple ways of performing two-way authentication through an asymmetric encryption mechanism (for example, under different communication standards, there may be corresponding deformations in the way of two-way authentication). , the present disclosure will not repeat them one by one here.

The above technical solution can have the following beneficial effects:

After the robot is registered, its registration information is written into the blockchain ledger. In this way, network authentication can be performed based on registration information (blockchain address, public key, etc.), so that the robot does not need to maintain VPN account information locally, avoiding the risk of account leakage. Moreover, the registration information of the robot is managed, stored and maintained by the blockchain system, and the blockchain network is decentralized. At the same time, only the registration information of the robot is stored in the blockchain ledger, thus avoiding the loss of control due to a certain link. Phenomena that lead to bots being counterfeited.

At the same time, by setting multiple VPN POPs in the blockchain network, any one of the VPN POPs can perform network authentication on registered robots, thereby avoiding the performance bottleneck faced by a single VPN Controller for robot network authentication question.

In addition, unlike VPN Controller's way of managing robot information and synchronizing this information between VPN POPs, in the above technical solution, the registration information of robots can be saved by the blockchain system, and based on the blockchain system, it can be stored in each VPN POP. to synchronize between. In this way, the complexity of the VPN network (VPN Controller/VPN POP) can be simplified, the cost can be reduced, and the reliability of the VPN network can also be improved.

The present disclosure also provides a robot network authentication method, which is applied to a target robot, and the target robot may be, for example, the robot described in any of the foregoing embodiments. Referring to the flow chart of a robot network authentication method shown in Figure 4, the method includes:

S41, sending a network authentication request to any VPN POP in the blockchain network.

Wherein, the blockchain network includes a plurality of VPN POPs, and each VPN POP can obtain a blockchain account book in the blockchain network, and the blockchain account book includes registration information of registered robots . The network authentication request includes registration verification information of the target robot, and the registration verification information is used by the VPN POP to determine whether the target robot is registered. In some implementations, the registration verification information may be, for example, the second blockchain address of the target robot.

S42. When the VPN POP initiates a two-way authentication process, perform two-way authentication with the VPN POP.

For example, the VPN POP that has received the network authentication request can query the second blockchain address in the blockchain ledger. In the case that the VPN POP does not query the second blockchain address, it can be determined that the target robot is not registered, so that the authentication process can be terminated. When the VPN POP finds the address of the second blockchain, it can be determined that the target robot has been registered, and then a two-way authentication process with the target robot can be initiated.

Wherein, for the process of two-way authentication, please refer to the description of the above embodiments, and for the sake of brevity of the description, the present disclosure does not repeat it here.

The above technical solution can have the following beneficial effects:

After the robot is registered, its registration information is written into the blockchain ledger. In this way, network authentication can be performed based on registration information (blockchain address, public key, etc.), so that the robot does not need to maintain VPN account information locally, avoiding the risk of account leakage. Moreover, the registration information of the robot is managed, stored and maintained by the blockchain system, and the blockchain network is decentralized. At the same time, only the registration information of the robot is stored in the blockchain ledger, thus avoiding the loss of control due to a certain link. Phenomena that lead to bots being counterfeited.

At the same time, by setting multiple VPN POPs in the blockchain network, any one of the VPN POPs can perform network authentication on registered robots, thereby avoiding the performance bottleneck faced by a single VPN Controller for robot network authentication question.

In addition, unlike VPN Controller's way of managing robot information and synchronizing this information between VPN POPs, in the above technical solution, the registration information of robots can be saved by the blockchain system, and based on the blockchain system, it can be stored in each VPN POP. to synchronize between. In this way, the complexity of the VPN network (VPN Controller/VPN POP) can be simplified, the cost can be reduced, and the reliability of the VPN network can also be improved.

The present disclosure also provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the steps of the robot network authentication method applied to VPN POP provided by the present disclosure are implemented.

In another exemplary embodiment, there is also provided a computer program product comprising a computer program executable by a programmable device, the computer program having a function for performing the above-mentioned Part of the code for the Android authentication method applied to VPN POP.

The present disclosure also provides a computing processing device, including:

a memory having computer readable code stored therein; and

One or more processors, when the computer-readable code is executed by the one or more processors, the computing processing device executes the steps of the robot network authentication method applied to VPN POP provided by the present disclosure.

FIG. 5 is a schematic structural diagram of a computing processing device provided by the present disclosure. The computing processing device may include a processor 510 and a computer program product or computer readable medium in the form of memory 530 . Memory 530 may be electronic memory such as flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk, or ROM. The memory 530 may include a storage space 550, which may include program codes for performing any method steps in the methods described above. For example, the storage space 550 may include various program codes 551 for respectively implementing various steps in the above robot network authentication method applied to the VPN POP. These program codes can be read from or written into one or more computer program products. These computer program products comprise program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks. Such a computer program product is typically a portable or fixed storage unit as shown in FIG. 6 . The storage unit may have storage segments, storage spaces, etc. arranged similarly to the memory 530 in the computing processing device of FIG. 5 . The program code can, for example, be compressed in a suitable form. Here, the memory unit may include computer readable code 551', i.e. code readable by a processor such as 510, which when executed by the server causes the server to execute the robot described above for VPN POP Steps in a network authentication method.

The present disclosure also provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the steps of the robot network authentication method applied to robots provided in the present disclosure are implemented.

In another exemplary embodiment, there is also provided a computer program product comprising a computer program executable by a programmable device, the computer program having a function for performing the above-mentioned The code section of the bot network authentication method applied to the bot.

The present disclosure also provides a computing processing device, including:

a memory having computer readable code stored therein; and

One or more processors, when the computer readable code is executed by the one or more processors, the computing processing device executes the steps of the robot network authentication method applied to robots provided by the present disclosure.

FIG. 7 is a schematic structural diagram of a computing processing device provided by the present disclosure. The computing processing device may include a processor 710 and a computer program product or computer readable medium in the form of memory 730 . Memory 730 may be electronic memory such as flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk, or ROM. The memory 730 may include a storage space 750, and the storage space 750 may include program codes for performing any method steps in the methods described above. For example, the storage space 750 may include various program codes 751 for respectively implementing various steps in the above robot network authentication method applied to a robot. These program codes can be read from or written into one or more computer program products. These computer program products comprise program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks. Such a computer program product is typically a portable or fixed storage unit as shown in FIG. 8 . The storage unit may have storage segments, storage spaces, etc. arranged similarly to the memory 730 in the computing processing device of FIG. 7 . The program code can, for example, be compressed in a suitable form. Here, the memory unit may include computer readable code 751', i.e. code readable by a processor such as 710, which when executed by the server causes the server to execute the robot network for robots described above. The individual steps in the authentication method.

The preferred embodiments of the present disclosure have been described in detail above in conjunction with the accompanying drawings. However, the present disclosure is not limited to the specific details of the above embodiments. Within the scope of the technical concept of the present disclosure, various simple modifications can be made to the technical solutions of the present disclosure. These simple modifications all belong to the protection scope of the present disclosure.

In addition, it should be noted that the various specific technical features described in the above specific embodiments can be combined in any suitable manner if there is no contradiction. The combination method will not be described separately.

In addition, various implementations of the present disclosure can be combined arbitrarily, as long as they do not violate the idea of the present disclosure, they should also be regarded as the content disclosed in the present disclosure.

Claims (15)

1. A robot network authentication system, characterized in that it includes a plurality of virtual private network service access points VPN POP, each of the VPN POP can obtain the block chain account book in the block chain network, in the block chain account book including the registration information of registered robots;

   Any one of the VPN POPs is used to determine whether the target robot is registered based on the registration information in the block chain account book when receiving the network authentication request of the target robot, and to determine whether the target robot has registered. In this case, perform two-way authentication with the target robot.
2. The robot network authentication system according to claim 1, further comprising:

   The first authentication management terminal, the first authentication management terminal is a block chain node with robot registration authority, and is used to write the registration information in the registration request into the area when receiving the registration request of the robot. In the block chain ledger; and send the start node information of the block chain network to the robot, wherein the registration information includes the block chain address and public key of the robot;

   The robot is used for saving the starting node information, and accessing the block chain network based on the starting node information.
3. The robot network authentication system according to claim 1, further comprising:

   The second authentication management terminal, the second authentication management terminal is a block chain node with robot cancellation authority, used to determine the robot to be canceled according to the robot identification in the cancellation request when receiving the robot cancellation request, and Updating the registration status of the robot to be canceled in the blockchain ledger to the cancellation status.
4. The robot network authentication system according to claim 1, further comprising:

   The third authentication management terminal, the second authentication management terminal is a block chain node with VPN POP registration authority, and is used to write the registration information in the registration request to the registration request when receiving the VPN POP registration request. In the blockchain ledger, the registration information includes the blockchain address and public key of the VPN POP.
5. The robot network authentication system according to claim 1, wherein the VPN POP has a robot registration authority, and any one of the VPN POPs is also used for, when receiving a registration request from a robot, including the registration request in the registration request. The registration information of the blockchain is written into the blockchain ledger; and the startup node information of the blockchain network is sent to the robot, wherein the registration information includes the blockchain address and public key of the robot ;

   The robot is used for saving the starting node information, and accessing the block chain network based on the starting node information.
6. The robot network authentication system according to claim 1, wherein the VPN POP has a robot logout authority, and any one of the VPN POPs is also used for, when receiving a robot logout request, according to the logout request in the logout request The robot identification determines the robot to be canceled, and updates the registration status of the robot to be canceled in the blockchain ledger to the cancellation status.
7. The robot network authentication system according to claim 1, wherein the VPN POP carries out two-way authentication with the target robot in the following manner:

   Send the first random number and the first blockchain address of the VPN POP to the target robot;

   receiving the first identity verification information sent by the target robot, the first identity verification information is obtained by the target robot by encrypting the first random number with the private key of the target robot;

   Decrypting and verifying the first identity verification information based on the public key of the target robot; and,

   In the case that the decryption verification is successful, send the second identity verification information to the target robot, the second identity verification information is obtained by encrypting the second random number by the VPN POP through the private key of the VPN POP, and the second identity verification information is obtained by encrypting the second random number through the private key of the VPN POP Two random numbers are generated by the target robot, and the second identity verification information is used by the target robot to authenticate the VPNPOP.
8. The robot network authentication system according to any one of claims 1 to 7, wherein any one of the VPN POPs is also used to send an authentication failure message to the target robot when the target robot fails to be authenticated. information;

   The target robot is further configured to, after receiving the authentication failure information, send a network authentication request to another VPN POP among the plurality of VPN POPs.
9. A robot network authentication method is characterized in that it is applied to any VPN POP in the block chain network, wherein the block chain network includes a plurality of VPN POPs, and each VPN POP can obtain the area A block chain account book in a block chain network, the block chain account book includes registration information of a registered robot, and the method includes:

   Receive a network authentication request from the target robot, where the network authentication request includes registration verification information;

   determining whether the target robot has been registered according to the registration verification information and the registration information in the blockchain ledger;

   In the case that the target robot has been registered, initiate a two-way authentication process with the target robot.
10. The method according to claim 9, wherein the two-way authentication process includes:

    Send the first random number and the first blockchain address of the VPN POP to the target robot;

    receiving the first identity verification information sent by the target robot, the first identity verification information is obtained by the target robot by encrypting the first random number with the private key of the target robot;

    Decrypting and verifying the first identity verification information based on the public key of the target robot; and,

    In the case that the decryption verification is successful, send the second identity verification information to the target robot, the second identity verification information is obtained by encrypting the second random number by the VPN POP through the private key of the VPN POP, and the second identity verification information is obtained by encrypting the second random number through the private key of the VPN POP Two random numbers are generated by the target robot, and the second identity verification information is used for the target robot to authenticate the VPN POP.
11. A robot network authentication method, characterized in that it is applied to a target robot, the method comprising:

    Send a network authentication request to any VPN POP in the blockchain network; wherein, the blockchain network includes multiple VPN POPs, and each VPN POP can obtain the blockchain in the blockchain network account book, the blockchain account book includes the registration information of the registered robot, the network authentication request includes the registration verification information of the target robot, and the registration verification information is used by the VPN POP to determine whether the target robot has registering, and initiating a two-way authentication process with the target robot if the target robot is already registered;

    Under the situation that described VPN POP initiates two-way authentication procedure, carry out two-way authentication with described VPN POP.
12. The method according to claim 11, wherein the two-way authentication process includes:

    Receive the first random number sent by the VPN POP and the first blockchain address of the VPN POP;

    Encrypting the first random number with the private key of the target robot to obtain first identity verification information;

    Send the first authentication information to the VPN POP;

    receiving the second identity verification information sent by the VPN POP, where the second identity verification information is generated by the VPN POP when the first identity verification information is successfully decrypted and verified based on the public key of the target robot, The second identity verification information is obtained by encrypting a second random number through the private key of the VPN POP by the VPN POP, and the second random number is generated by the target robot;

    Decrypting and verifying the second identity verification information through the public key of the VPN POP.
13. A computer program, characterized in that it includes computer readable code, which when the computer readable code is run on a computing processing device, causes the computing processing device to execute the method according to any one of claims 9 to 12 method.
14. A computer-readable storage medium, on which a computer program is stored, wherein, when the program is executed by a processor, the steps of the method according to any one of claims 9 to 12 are realized.
15. A computing processing device, characterized in that it includes:

    a memory on which a computer program is stored;

    A processor configured to execute the computer program in the memory to implement the steps of the method according to any one of claims 9 to 12.

Images