CN107895111B - Internet of things equipment supply chain trust system management method, computer program and computer - Google Patents

Internet of things equipment supply chain trust system management method, computer program and computer Download PDF

Info

Publication number
CN107895111B
CN107895111B CN201710941351.6A CN201710941351A CN107895111B CN 107895111 B CN107895111 B CN 107895111B CN 201710941351 A CN201710941351 A CN 201710941351A CN 107895111 B CN107895111 B CN 107895111B
Authority
CN
China
Prior art keywords
internet
things
things equipment
equipment
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710941351.6A
Other languages
Chinese (zh)
Other versions
CN107895111A (en
Inventor
李兴华
任彦冰
刘海
王运帷
梁辰
雒彬
马建峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201710941351.6A priority Critical patent/CN107895111B/en
Publication of CN107895111A publication Critical patent/CN107895111A/en
Application granted granted Critical
Publication of CN107895111B publication Critical patent/CN107895111B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention belongs to the technical field of the security of the Internet of things, a block chain and a network space, and discloses a management method of a supply chain trust system of equipment of the Internet of things, a computer program and a computer, wherein in the production stage of the equipment of the Internet of things, an equipment manufacturer of the Internet of things interacts with the equipment of the Internet of things to write necessary information into the equipment of the Internet of things; in the transaction stage of the equipment of the Internet of things, the transfer of trust relationships between the equipment of the Internet of things and different owners is completed; and in the Internet of things equipment deployment stage, the owner of the Internet of things equipment deploys the Internet of things equipment into the service network. The invention provides support for the safe communication between the Internet of things equipment and the Internet of things equipment; when the storage space occupied by the block chain is large, the server performs capacity relaxation on the block chain in the Internet of things equipment network. The identity authentication between an administrator and a plurality of pieces of equipment of the Internet of things is realized, and mutual trust of the pieces of equipment of the Internet of things is realized; the method comprises the steps that a plurality of administrators are supported to manage different Internet of things devices; the calculation and storage cost of the Internet of things equipment is low.

Description

Internet of things equipment supply chain trust system management method, computer program and computer
Technical Field
The invention belongs to the technical field of security of Internet of things, block chains and network spaces, and particularly relates to a management method, a computer program and a computer for a supply chain trust system of equipment of the Internet of things.
Background
Currently, a new round of scientific and technological revolution and industrial transformation in the world are continuously deepened, and the international industrial pattern is rapidly remodeled, so that innovation becomes the first power for leading development. In the revolution, the information technology is the field with the most concentrated global research and development investment, the most active innovation, the most extensive application and the largest radiation driving effect, is the competitive place of global technical innovation, and is the leading strength for leading a new revolution. The block chain technology is a widely recognized technical framework integrating distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and other technologies, and has become a hotspot of research and discussion of international organizations such as united nations, international currency and fund organizations and many national governments in recent years, and the industry has increased the input level. Industrial items based on the block chain technology are endlessly developed, and a plurality of commercial items such as BitCoin (BitCoin), leite coin (Litecoin), pointcoin (Peercoin), etherhouse (Ethereum) and the like are successively generated. On the basis of the pow (Proof of work) consensus mechanism, many new consensus mechanisms are established in the industry, such as pos (Proof of stamp), dpos (delayed Proof of stamp), pbft (practical Byzantine Fault tolerance), Ripple, etc., which further promote the development of the block chain industry. Before and after 2014, the industry began to recognize the important value of blockchain technology and use it in fields other than digital currency, such as distributed identity authentication, distributed domain name system, distributed intellectual property protection, etc. The core idea of the blockchain 2.0 architecture is to distinguish the blockchain as a programmable distributed credit infrastructure from the previous blockchain as a virtual currency support platform. The block chain 2.0 architecture tries to create a sharable technical platform and provide BaaS (Block chain as a service) service for developers, greatly improves transaction speed, reduces resource consumption, supports multiple consensus algorithms such as PoW, PoS and DPoS, and enables development of Distributed Application (DAPP) to be easier. Currently, the application of the blockchain has been extended to a plurality of fields such as internet of things, intelligent manufacturing, supply chain management, digital asset transaction, etc., and will bring new opportunities for the development of new generation information technologies such as cloud computing, big data, mobile internet, etc., and have the capability of initiating a new round of technical innovation and industrial change. The Internet of things environment has the characteristics of large quantity and scale of Internet of things equipment, limited resources of the Internet of things equipment and the like. Meanwhile, in the life cycle of the internet of things equipment, information interaction with the internet of things equipment manufacturer, the distributor, the purchasing party, the user and other internet of things equipment is required. In the process of interaction, how to ensure that two communication parties can ensure that an interaction party is an entity which can be trusted is a problem related to the establishment and migration of a trust relationship. The trust relationship between a single internet of things device and other entities is not fixed and invariable, and the trust relationship between the internet of things device and other entities will also be migrated in response with the transfer of the ownership of the internet of things device in the supply chain of the internet of things device. Therefore, how to efficiently establish and migrate the trust relationship in the supply chain of the internet of things device will affect the credibility and security of the internet of things device in the supply chain and the operating efficiency of the supply chain of the internet of things device. The traditional trust establishment method has two types, one is a method for distributing session keys based on a symmetric cryptosystem; the other is a PKI establishing mode based on an asymmetric cryptosystem. The first method is not suitable for a large-scale internet of things device supply chain management scenario, because the number of the internet of things devices is large, the management of the session key will be very difficult, and in fact, as the number of the keys to be managed increases exponentially with the increase of the internet of things devices, the network bandwidth in the system is greatly occupied, and the storage and processing overhead of the server is significantly increased. After the internet of things equipment is put into use, effective links between the internet of things equipment and the central server are difficult to guarantee, which means that once the links between the internet of things equipment subnets and the central server are cut off, safe communication between the internet of things equipment cannot be achieved; the second method is also not suitable for a large-scale internet of things device supply chain management scenario, because the low power consumption and light-weight computing requirements of the internet of things device are difficult to meet the computing overhead of encryption and decryption by frequently using a public key cryptosystem, if each internet of things device needs to access a trusted CA to obtain the trust relationship to other entities before a server or other internet of things devices communicate, the electric quantity and the communication load of the internet of things device are consumed by the process, and in fact, the consumption is possibly avoided; by adopting the mechanism, when the communication between the Internet of things equipment and the CA authentication center is temporarily interrupted, the establishment of the trust relationship between the Internet of things equipment and the server and between the Internet of things equipment and the Internet of things equipment cannot be continuously completed; in addition, when the trust relationship is transferred, it is difficult to perform lightweight adjustment and adaptation based on the public key cryptosystem in the PKI establishing manner, and in fact, if the purchasing party and the selling party are not in the same PKI system, they must have one party add the PKI system in which the other party is located for the interaction or establish a new PKI system including both parties, and the cost of doing so, both economic cost and management cost, is high.
In summary, the problems of the prior art are as follows: the existing internet of things equipment supply chain trust establishment mode has the problem that the management of a session key is very difficult; an effective link with the central server will be difficult to guarantee; the low power consumption and lightweight computing requirements of the internet of things equipment cannot meet the computing overhead of encryption and decryption by frequently using a public key cryptosystem, and when the trust relationship is transferred, the lightweight adjustment and adaptation are difficult to be carried out by establishing a PKI mode based on the public key cryptosystem. The invention solves the problem of session key management of large-scale Internet of things equipment; since the device can query the blockchain locally, the device can read the locally stored blockchain to establish trust even if the link between the device and the server is cut off after the device is put into use.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a method, a computer program and a computer for managing a supply chain trust system of equipment of the Internet of things.
The invention is realized in such a way, and provides a management method for a trust system of a supply chain of equipment of the internet of things, which comprises the following steps:
step one, managing trust relationships among different entities by using a block chain as a technical carrier;
step two, when ownership of the Internet of things equipment is changed, trust migration of the Internet of things equipment among different entities is achieved through protocol (figure 4) interaction;
step three, the owner of the equipment in the Internet of things interacts with the equipment in the Internet of things through a communication protocol (figure 5);
establishing trust between different pieces of equipment of the internet of things by respectively inquiring the block chains stored in the local storage space, and sharing the session key to perform communication through the trust relationship established in the step (confirming that the opposite party of the communication is also on the block chain and obtaining the public key of the opposite party);
and fifthly, the IOT equipment owner dispatches/puts new IOT equipment to the service network formed by the deployed and operated IOT equipment, and carries out protocol (figure 7) interaction with the dispatched/put IOT equipment through a server owned by the IOT equipment owner and carries out interaction with other original IOT equipment in the service network after the dispatched/put IOT equipment reaches the service network, so that the dispatched/put IOT equipment reaches the service network and is deployed and operated to realize the capacity relaxation of all IOT equipment storage spaces in the service network after the dispatched/put IOT equipment reaches the service network.
Further, the step one of adopting a block chain as a technical carrier specifically comprises: the central server generates a block chain, the central server writes the generated block chain into the Internet of things equipment, and a copy of the block chain is stored in each piece of deployed and operated Internet of things equipment; each piece of internet of things equipment corresponds to one block in the block chain.
Further, the ownership of the internet of things device in the second step is changed specifically in that the ownership of the internet of things device is transferred from an entity to another entity through negotiation, negotiation and transaction.
Further, the different entities in the step two include an internet of things equipment producer or a responsibility main body for producing the internet of things equipment, an internet of things equipment purchasing party and the internet of things equipment.
Further, the trust migration in the second step refers to the transfer of the ownership of the internet of things device between different entities caused by negotiation, negotiation or transaction.
Further, the specific protocol interaction in the step two specifically includes:
firstly, a server sends a trust relationship migration instruction to equipment of the Internet of things;
step two, the Internet of things equipment replies to the server and inquires whether the server confirms to carry out trust relationship migration;
and thirdly, the server replies the Internet of things equipment, informs the Internet of things equipment of confirming the trust relationship migration, and informs the Internet of things equipment of the identity of the next owner.
Further, the interaction with the internet of things device by using a specific communication protocol in the third step specifically includes three different situations:
(1) the Internet of things equipment is not put into a service network, and the server writes the block chain into the storage of the Internet of things equipment through wired or wireless communication;
(2) the method comprises the following steps that a main number of Internet of things devices are already put into use, and a single Internet of things device needs to be added; the server interacts with the newly added Internet of things equipment, and the newly added Internet of things equipment is communicated with other Internet of things equipment after being put into operation; after receiving necessary information of the interaction process, other Internet of things equipment updates the block chain and supplements the latest block; the interaction process of the server and the newly-added Internet of things equipment comprises the following steps:
1) the server informs the newly added Internet of things equipment of writing a block chain in the storage space of the newly added Internet of things equipment;
2) the Internet of things equipment confirms whether a block chain needs to be written into a server or not;
3) the server confirms that the block chain is written in, and writes the block chain into the storage space of the Internet of things equipment; the server continuously writes tokens which need other Internet of things equipment to supplement the new block into the storage space of the newly added Internet of things equipment;
(3) the internet of things equipment occupying the main quantity is already put into use, and a single piece of internet of things equipment needs to be added, and the method specifically comprises the following steps:
if a controller of the server considers that k untrusted internet-of-things devices exist, obtaining or generating a new block for the k internet-of-things devices, and setting the trust identifier as untrusted in the new block generated for the k internet-of-things devices; connecting k new blocks to the back of the original block chain; the method comprises the following steps of obtaining or generating a new block for newly-added Internet of things equipment, wherein the block is connected to the back of a block chain, and the interaction process between a server and the newly-added Internet of things equipment comprises the following steps:
1) the server informs the newly added Internet of things equipment of writing a block chain in the storage space of the newly added Internet of things equipment;
2) the Internet of things equipment confirms whether a block chain needs to be written into a server or not;
3) and the server confirms the block chain to be written in and writes the block chain into the storage space of the Internet of things equipment. And the server continuously writes the token which needs other Internet of things equipment to supplement the new block into the storage space of the newly added Internet of things equipment.
Further, the maintaining and managing the trust relationship in the third step specifically includes: the owner of the equipment of the Internet of things can know whether the equipment of the Internet of things is owned by the owner or not and whether the equipment of the Internet of things is credible or not through the block chain; and the safe communication with the equipment of the Internet of things is realized by interacting with specific fields on the block chain.
Further, the establishing the communication link in the fourth step specifically includes:
step one, sending a shared session key to an Internet of things device B by the Internet of things device A, encrypting a public key of the Internet of things device B, and simultaneously sending a message signed by the Internet of things device A to ensure authenticity;
step two, the Internet of things equipment B replies a message encrypted by a shared session key to the Internet of things equipment A, wherein the message consists of a random number and an identity and is responded;
thirdly, the Internet of things equipment A replies an XOR operation result of the two random numbers encrypted and sent by the shared session key to the Internet of things equipment B, and then response is carried out;
and step four, sharing the session key between the Internet of things equipment A and the Internet of things equipment B, establishing the secure connection, and encrypting and transmitting data by using the session key.
Further, the step five of the content server communicating with the newly added internet of things device specifically includes:
step one, a server informs newly-added Internet of things equipment of writing a block chain in a storage space of the newly-added Internet of things equipment;
step two, the Internet of things equipment confirms whether a block chain needs to be written into the server;
step three, the server confirms that the block chain is written in, and writes the block chain into the storage space of the Internet of things equipment;
fourthly, the Internet of things equipment replies the received block chain;
step five, the server sends a command requiring other internet of things equipment to perform capacity relaxation and a capacity relaxation token to the storage space of newly added internet of things equipment;
the newly-added internet of things device and other internet of things devices communicate specifically including:
step one, sending a shared session key to an Internet of things device B by the Internet of things device A, encrypting a public key of the Internet of things device B, and simultaneously sending a message signed by the Internet of things device A to ensure authenticity;
step two, the Internet of things equipment B replies a message encrypted by a shared session key to the Internet of things equipment A, wherein the message consists of a random number and an identity and is responded;
step three, the Internet of things equipment A sends a capacity relaxation instruction and a capacity relaxation token which are sent to the Internet of things equipment A by the server to the Internet of things equipment B, and the Internet of things equipment B performs capacity relaxation operation;
fourthly, the Internet of things equipment B replies to the Internet of things equipment A, and the capacity relaxation instruction and the token are received;
step five, the Internet of things equipment A transmits a new block chain to the Internet of things equipment B;
and step six, the Internet of things equipment B replies that the new block chain is received to the Internet of things equipment A.
Another objective of the present invention is to provide an internet of things device supply chain trust system management system of the internet of things device supply chain trust system management method, wherein the internet of things device supply chain trust system management system includes an internet of things device manufacturer trust management server, a purchasing party trust management server, and an internet of things device;
and the equipment manufacturer trust management server is used for realizing the management of the trust of the equipment produced by the equipment manufacturer, including performing necessary information interaction with the equipment of the Internet of things, storing initial data, and completing the work of trust migration and the like.
And the purchasing side trust management server is used for realizing generation, maintenance and updating of the block chain and generation and maintenance of the management relationship between the equipment administrator and the equipment, and timely performing capacity relaxation on the equipment of the Internet of things.
The Internet of things equipment is used for bearing business logic, mutual trust is established through the block chain, and communication with the server and other equipment is realized through an interaction protocol designed by the patent.
The internet of things equipment manufacturer trust management server comprises:
the initialization module is used for writing necessary information into the Internet of things equipment when the Internet of things equipment is produced or at a necessary stage after the production;
the trust migration module is used for completing trust migration;
the communication module is used for communicating the Internet of things equipment with other entities such as the Internet of things equipment and a purchasing party;
the buyer trust management server comprises:
the block chain management module is used for managing a block chain of the Internet of things equipment, and comprises generation, maintenance and update;
the personnel management module is used for managing administrator information for managing the equipment of the Internet of things, and the administrator information comprises assignment, inquiry and update;
the trust management module is used for overall management of a trust system of a service network formed by the Internet of things equipment, and comprises an inquiry block chain for determining the credibility of the Internet of things equipment, an inquiry block chain for determining the trust relationship between the Internet of things equipment and an administrator, and a personnel management module for determining the trust relationship between the administrator and the system.
The Internet of things equipment comprises:
the functional module is used for directly reflecting the value of the equipment of the Internet of things to meet the module which is required by the actual application requirement;
the block chain management module is used for maintaining and updating a block chain module;
the communication module is used for communicating with a server or other Internet of things equipment.
It is a further object of the invention to provide a computer program for execution by a computer, which computer program causes the computer to perform all the steps of any of the methods.
The invention also aims to provide a computer for executing the method for managing the supply chain trust system of the equipment of the internet of things.
The identity authentication between an administrator and a plurality of pieces of equipment of the Internet of things is realized, and then mutual trust between the pieces of equipment of the Internet of things is realized, and the identity authentication and trust establishment method provided by the invention can effectively solve the problem that the number of keys is exponentially increased along with the increase of the number of the administrators and the pieces of equipment of the Internet of things caused by a method of distributing session keys between each pair of the administrators and the pieces of equipment of the Internet of things, so that the communication between the pieces of equipment of the Internet of things and a trusted third-party server under the condition of adopting a PKI (public key infrastructure) mode is also remarkably reduced, and even the independent establishment of trust relationship between the pieces of equipment of the Internet of things through a query block chain under the condition of losing contact with the trusted third-party server can be; in addition, the invention supports a plurality of administrators to manage different Internet of things devices, each administrator manages a part of Internet of things devices, thereby greatly improving the flexibility of enterprises in personnel division arrangement and improving the traditional simple mode that one administrator manages all Internet of things devices. In a traditional mode, if a plurality of administrators manage different internet of things devices respectively, the situation that the number of the internet of things devices is huge, the internet of things devices are difficult to establish under the condition of numerous administrators, even the trust relationship between the administrators is difficult to establish, and communication cannot be carried out in time occurs. By adopting the trust establishing method provided by the invention, although the Internet of things equipment belongs to different administrators for management, the administrators may not know each other as much as possible, but the administrators and the Internet of things equipment can determine the trust attribute of any administrator or Internet of things equipment in the system by inquiring the block chain and then determine whether the interaction can be carried out with the administrator or the Internet of things equipment; in addition, the invention realizes that the transfer of the trust relationship of the internet of things equipment can be realized according to the conversion relationship of the ownership of the internet of things equipment when the ownership of the internet of things equipment is changed, which is not considered or is less considered in the traditional technical scheme; the invention also realizes that the storage cost of the Internet of things equipment is small (a specific implementation mode, embodiment 6); and the communication interaction with the server after the deployment and operation of the internet of things devices is less (by adopting the invention, most of the interaction between the internet of things devices is completed in a specific implementation mode in the way described in embodiment 4), most of trust management work is completed locally through a query block chain.
Drawings
Fig. 1 is a flowchart of a method for managing a supply chain trust hierarchy of an internet of things device according to an embodiment of the present invention.
Fig. 2 is a flowchart of an implementation of a method for managing a supply chain trust hierarchy of an internet of things device according to an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of each block in a block chain in embodiment 1 according to an embodiment of the present invention.
Fig. 4 is an interaction process diagram of trust relationship migration in embodiment 2 according to an embodiment of the present invention.
Fig. 5 is a schematic communication flow diagram for updating a block chain in embodiment 3(2) according to an embodiment of the present invention.
Fig. 6 is a schematic diagram of an interaction process of establishing a trust relationship between devices of the internet of things and sharing a session key in embodiment 4 according to an embodiment of the present invention.
Fig. 7 is a schematic diagram of a communication process of capacity relaxation in embodiment 5 according to an embodiment of the present invention.
Fig. 8 is a schematic block diagram of an internet of things device manufacturer trust management server according to an embodiment of the present invention.
Fig. 9 is a schematic diagram of the module components of the purchasing side trust management server according to the embodiment of the present invention.
Fig. 10 is a schematic diagram of a module composition of an internet of things device in the internet of things device supply chain trust hierarchy management system according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.
As shown in fig. 1, the method for managing a trust system of a supply chain of devices in the internet of things according to an embodiment of the present invention includes the following steps:
s101: manufacturing the Internet of things equipment by a manufacturer, and writing implementation trust establishing data into the Internet of things equipment;
s102: when a transaction occurs, ownership of the Internet of things equipment needs to be transited from a producer to a purchasing party, and an entity trusted by the Internet of things equipment needs to be changed from the producer to the purchasing party;
s103: and the purchasing party deploys the purchased Internet of things equipment to a service network.
The application of the principles of the present invention will now be described in further detail with reference to the accompanying drawings.
As shown in fig. 2, the internet of things device supply chain trust hierarchy manager provided in the embodiment of the present invention includes the following steps:
step one, manufacturing Internet of things equipment by a manufacturer, and writing data necessary for realizing trust establishment into the Internet of things equipment; the participating entities are manufacturers and Internet of things equipment;
step two, transaction/trust migration, wherein when a transaction occurs, ownership of the internet of things equipment needs to be transferred from a producer to a purchasing party, which also means that an entity trusted by the internet of things equipment needs to be transferred from the producer to the purchasing party; the entities are manufacturers, buyers and Internet of things equipment;
step three, deploying the Internet of things equipment, wherein a purchasing party deploys the purchased Internet of things equipment into a service network; the participating entities are the purchasing party and the Internet of things equipment, and after the Internet of things equipment is deployed, the Internet of things equipment enters a stage of generating value to serve the user.
The application of the principles of the present invention will now be described in further detail with reference to specific embodiments.
Embodiment 1, data storage method and data structure. The specific contents are as follows:
(1) overall design
In the ROM of the Internet of things equipment, the following are stored: internet of things equipment ID, Internet of things equipment KRAnd anti-counterfeiting codes.
In the SSD of the Internet of things equipment, the following are stored: the top-level public key of the owner of the Internet of things equipment, anti-counterfeiting codes and the like.
In the RAM of the Internet of things equipment, storing: owner top level public key, blockchain.
The structure of each block in the block chain is shown in fig. 3.
The description of each field in a block is as follows:
internet of things equipment ID: a unique identifier of an internet of things device.
Administrator ID: and a plurality of managers are supported to manage a plurality of Internet of things devices.
Administrator public key: each administrator is assigned a public-private key pair and the administrator public key is written into the block. This field is used to establish trust between the internet of things device and the administrator.
The public key of the internet of things device: and distributing a public and private key pair for each piece of Internet of things equipment, and writing the public key of the Internet of things equipment into the corresponding block. This field is used to establish trust between the internet of things device and the internet of things device.
Prev Hash: the Hash value of the last block is used to provide a non-tamperable property for the blockchain.
Whether it is authentic: only 1Bit is needed for representation. The position 1 represents that the equipment of the internet of things is credible, and the position 0 represents that the equipment of the internet of things is not credible at present.
Anti-counterfeiting code: the field is optional, and if the field is enabled, anti-counterfeiting verification service can be provided for the Internet of things equipment.
KRRepresents a private key; the owner top-level public key represents a public key in a public and private key pair which can uniquely identify the identity of a manufacturer of the equipment owner of the Internet of things and is approved by other manufacturers, and is generally established by a PKI system independent of the invention, but can also be established by other systems according to actual conditions; the anti-counterfeiting code stored in the internet of things device SSD is optional, and the anti-counterfeiting code should be regarded as necessary if and only if a manufacturer needs to provide anti-counterfeiting verification service; the anti-counterfeiting code field in the block chain block is obtained by reading the anti-counterfeiting code in the SSD by the server; other information stored in the SSD of the IOT equipment is determined by the actual functions and application deployment requirements of the IOT equipment.
(2) Internet of things equipment manufacturer link
When ownership of the internet of things equipment belongs to the internet of things equipment manufacturer, the block chain does not need to be configured, because the internet of things equipment manufacturer does not need to actually deploy the internet of things equipment to the business subnet, only the internet of things equipment is produced, and the internet of things equipment is sold to a purchasing party.
At this time, the data storage mode in the internet of things device is as follows:
in the ROM of the Internet of things equipment, the following are stored: internet of things equipment ID, Internet of things equipment KR
In the SSD of the Internet of things equipment, the following are stored: manufacturer top-level public keys, anti-counterfeiting codes, and others.
Because the content in the RAM disappears after power is off, and the internet of things equipment manufacturer deploys the internet of things equipment to a user in a service network without using the functions of the internet of things equipment, the content stored in the RAM is unimportant to the internet of things equipment manufacturer.
And automatically reading the (manufacturer top-level public key) into the memory after the Internet of things equipment is started, wherein the block chain is empty.
KRRepresents a private key; the manufacturer top-level public key represents a public key in a public and private key pair which can uniquely identify the identity of a manufacturer and is approved by other manufacturers; the anti-counterfeiting code stored in the internet of things device SSD is optional, and the anti-counterfeiting code should be regarded as necessary if and only if a manufacturer needs to provide anti-counterfeiting verification service; other information stored in the SSD of the equipment of the Internet of things is determined by the actual requirements of a manufacturer at the factory stage of the equipment of the Internet of things.
(3) Purchasing side link
The purchasing party needs to deploy the internet of things equipment to practical application and needs to deploy the block chain in the internet of things equipment. At this time, the data storage mode in the internet of things device is as follows.
In the ROM of the Internet of things equipment, the following are stored: internet of things equipment ID, Internet of things equipment KR
In the SSD of the Internet of things equipment, the following are stored: the buyer top-level public key, anti-counterfeiting code and others.
In the RAM of the Internet of things equipment, storing: buyer top-level public key, blockchain.
KRRepresents a private key; the buyer top public key represents a public key in a public and private key pair which can uniquely identify the identity of a buyer manufacturer and is approved by other manufacturers; the anti-counterfeiting code stored in the internet of things device SSD is optional, and the anti-counterfeiting code should be regarded as necessary if and only if a manufacturer needs to provide anti-counterfeiting verification service; and other information stored in the SSD of the Internet of things equipment is determined by the purchasing party according to the actual business requirement of the purchasing party.
Embodiment 2, trust relationship migration. The specific contents are as follows:
trust migration occurs when ownership of the internet of things device changes, which mainly means that a manufacturer sells the internet of things device to a purchasing party. The interactive process of trust relationship migration is shown in fig. 4.
The specific interaction content of the protocol shown in fig. 4 is as follows:
the method comprises the following steps: { Internet of things equipmentID,NATransition identifier, {. DELTA {. D1}sig}。
Secondly, the step of: { Internet of things device ID, NBTransfer identifier }KP-manufacturer
③:{NA NBKP-Purchase, {. DELTA {. D2}sig}KP-Internet of things equipment
Wherein N isA,NBAre all random numbers; "KP-buyer" represents the public key of the buyer; delta1Representing Hash (Internet of things device ID, N)ATransfer identifier), i.e., pair { internet of things device ID, NATransfer identifier } is hashed; delta2Denotes Hash (
Figure BDA0001430709210000123
KP-purchasing side), i.e. a chinese dictionary
Figure BDA0001430709210000124
KP-purchasing party carries out hash processing; {. DELTA }SigRepresenting the signing of Δ with the manufacturer's private key; { α }KP-manufacturerMeans that alpha is encrypted with the public key of the manufacturer; the transfer identifier is a special field used for indicating the function (trust transfer) to be realized by the interaction, and simultaneously, the field also supports the expansion of the function, the internet of things equipment manufacturer can safely interact with the internet of things equipment in the form of the protocol by combining the service requirement of the manufacturer, and only the field of the transfer identifier is replaced by other fields meeting the specific service requirement in the message I and the message II, and the field of the KP-purchasing party in the message III is specially modified to meet the service requirement of the manufacturer. By adopting the framework of the protocol shown in fig. 4, the internet of things equipment manufacturer can interact with the internet of things equipment in a diversified manner to control the internet of things equipment to realize the functions of the internet of things equipment.
In the protocol, firstly, an internet of things equipment manufacturer sends a message to internet of things equipment to inform the internet of things equipment of carrying out trust relationship migration, and the protocol specifically comprises the following steps: identifier of internet of things device ID, random number NAThe transfer identifier, and the signed hash values of these three fieldsA field of (1).
Then, the Internet of things equipment replies to the Internet of things equipment manufacturer to inquire whether the Internet of things equipment manufacturer confirms that trust relationship migration is required or not, and the content of the message specifically comprises an Internet of things equipment ID and a random number NBAnd a transfer identifier. This message is not transmitted in the clear, but is transmitted encrypted with the manufacturer's public key.
After the manufacturer receives the message sent by the Internet of things equipment, the manufacturer decrypts the received message by using the private key of the manufacturer and confirms that the Internet of things equipment is in an online state. The Internet of things equipment manufacturer then calculates
Figure BDA0001430709210000131
And (XOR operation) is used as a first field replied to the Internet of things equipment, a public key KP-purchasing party of a purchasing party is used as a second field to be replied, then the digital signatures of the hash values of the first two fields are calculated by using a private key of the purchasing party and are used as a third field, and finally the three fields are encrypted by using the public key of the Internet of things equipment and then sent out.
The manufacturer can obtain the public key of the purchasing party in multiple ways, and if the manufacturer and the purchasing party are in the same PKI system, the public key of the purchasing party can be obtained from the CA; the purchasing party may also communicate with the manufacturer to inform the manufacturer of its own public key. The protocol can provide a secure authentication process to complete the migration of the trust relationship. The attacker cannot impersonate the manufacturer to deceive the internet of things equipment, cannot impersonate the internet of things equipment to deceive the manufacturer, and cannot replace the public key of the purchasing party in the message III so that the trust relationship is transferred to other entities except the purchasing party. The method comprises the following specific steps:
if an attacker tries to impersonate a manufacturer server to communicate with the Internet of things equipment and controls the Internet of things equipment to finish the transfer of the trust relationship, the attacker replies a data packet of the manufacturer with the Internet of things equipment which cannot decrypt the message; if an attacker tries to impersonate the Internet of things equipment to deceive a manufacturer server, the attacker cannot decrypt a data packet sent to the Internet of things equipment by the manufacturer in the message III; if the attacker tries to replace the public key of the purchasing party in the message (c), it will notBy forging out messages
Figure BDA0001430709210000141
The protocol completes the function of updating the owner top-level public key stored in the SSD of the IOT equipment. So far, when starting next time, thing networking device will read purchasing side's public key into the memory, and the owner that it discerned has just changed into purchasing side from the producer.
Embodiment 3, after the purchasing party purchases the internet of things device, the internet of things device needs to be deployed in the service network. Deploying the internet of things device means that the blockchain is written into the memory of the internet of things device first, since this is a trusted carrier. In this case, two cases are divided, corresponding to different solutions.
(1) The embodiment is applicable to the situation that at the moment, large-batch Internet of things equipment is still in the base and is not released. In this case, to write the block chain into the device memory of the internet of things, the server block chain management module may generate the block chain, and the server communication module is responsible for writing the block chain into the device memory of the internet of things.
Each field in a blockchain block is interpreted in conjunction with fig. 3.
Internet of things equipment ID: directly reading from the ROM of the Internet of things equipment;
administrator ID: the purchasing party can appoint an administrator for the equipment of the Internet of things according to the personal allocation condition;
administrator public key: the buyer distributes a public and private key pair for each administrator and writes the public key into the block to verify the identity of the administrator;
the public key of the internet of things device: distributing a public and private key pair for each piece of Internet of things equipment, and writing a public key into a block;
prev Hash: the block corresponding to the previous Internet of things equipment is subjected to Hash processing and then is filled in the field;
whether it is authentic: initially, all the Internet of things equipment is credible, and the position is set to be 1;
anti-counterfeiting code: the field is optional, and when the field is started, anti-counterfeiting query service can be provided for the Internet of things equipment.
(2) The embodiment is applicable to the situation that a large amount of Internet of things equipment is already put into use, and a single piece of Internet of things equipment needs to be added. In this case, to write the blockchain into the memory of the new internet of things device and ensure that the blockchains of all the internet of things devices in the internet of things remain synchronized after the new internet of things device is released, the current latest blockchain needs to be stored in the new internet of things device and carries a token (specific information signed by a private key of the central server) sent by the central server. After the internet of things equipment is put into use, the internet of things equipment is communicated with other internet of things equipment in the internet of things. And after receiving the information and confirming the authenticity of the information, other Internet of things equipment updates the block chain in the memory of the other Internet of things equipment.
Fig. 5 shows a communication flow of the block chain update under (2).
In this case, two cases need to be considered.
1) It continues to be assumed that all internet of things devices that have been put into operation at present are still trusted. In this case, the newly added node carries only one more block than the block chains of the other nodes, and the parts are the same except for that one block.
At this time, the newly added internet of things device communicates with other internet of things devices (flood broadcasting), and the other internet of things devices update the block chain after receiving the information to supplement the latest block.
The process of interaction 1 in FIG. 5 at this point may be:
server → internet of things device 1:
{ Internet of things device ID, NABlock chain write identifier, {. DELTA {. Δ {1}sig}
② the server ← internet of things device 1:
{ Internet of things device ID, NBBlock chain write identifier }KP-server
Third, server → internet of things device 1:
{
Figure BDA0001430709210000151
new block chain, added blockNumber of blocks, {. DELTA { [ delta ]2}sig,{△3}sig}KP-Internet of things equipment 1
The content of message 2 may be:
{ New Block, increase Block identifier, increase number of blocks {. DELTA ]3}sig}
In (1), "the number of added blocks" in the message 2 is 1.
In the above description of interaction 1, NA,NBIs a random number; "KP-Server" represents the public key of the server; delta1Representing Hash (Internet of things device ID, N)ABlockchain write identifier), i.e., pair { internet of things device ID, N)ABlock chain write identifier } to perform hash processing; delta2Denotes Hash (
Figure BDA0001430709210000152
New block chain), i.e. a straight eye
Figure BDA0001430709210000153
Carrying out Hash processing on the new block chain; delta3Representing Hash (new block, adding block identifier, increasing block number), namely carrying out Hash processing on { new block, adding block identifier, increasing block number }; {. DELTA }SigRepresenting signing Δ with a private key of a server; { α }KP-serverMeans to encrypt α with the public key of the server; the blockchain write identifier in interaction 1 is a special field used to indicate the function (write blockchain) to be implemented in this interaction; the added block identifier in message 2 is used to indicate the function to be implemented in this message (adding a new block on the basis of the original block chain).
The "new chunk" in the message 2 is the last chunk in the "new chunk chain" that the internet of things device 1 saves after completing the interaction 1. After the Internet of things equipment 1 finishes the interaction 1, taking out a new block from a block chain stored in the equipment 1 and extracting the number of the added blocks from a message of the interaction 1, and {. DELTA { (Delta) }3}sigAnd constructing the message 2 for broadcasting.
Message 2 is broadcast without encryption, which is used to ensure that the communication and computation of the internet of things device is less expensive. But low traffic load and computational overhead means that the confidentiality is not strong enough and an attacker can see the whole content of message 2, including the values of the various fields in the "new chunk". Such an attack is not typically a threat because the values of the fields in the block shown in fig. 3 are known by entities outside the system and do not have a direct impact on the security of the system. However, it is also fully possible that the enterprise prepares to encrypt the message 2, because the message 2 is a communication between devices of the internet of things, the enterprise only needs to replace each message 2 shown in fig. 4 with the interaction process in embodiment 4 with reference to embodiment 4 (inter-device trust of the internet of things). The modification enables the block chain updating operation between the internet of things devices to have confidentiality, but can affect the requirements of lightweight communication and calculation overhead of the internet of things devices to a certain extent.
2) It is continuously assumed that an untrusted node exists in the currently running internet of things device, and the untrusted node needs to be processed. The method specifically comprises the following steps:
if the control center considers that k non-trusted nodes exist, a new block is generated for the k nodes, the 'trusted or not' position of the new block is set to be 0, and then the k new blocks are connected to the back of the original block chain. And generating a new block for the newly released Internet of things equipment, and connecting the block to the back of the block chain. The internet of things equipment is deployed and then communicates with other nodes, so that the other nodes supplement the block.
The total number of blocks in the newly generated block chain is [ original block number ] + k + 1.
The process of interaction 1 in FIG. 5 at this point may be:
server → internet of things device 1:
{ Internet of things device ID, NABlock chain write identifier, {. DELTA {. Δ {1}sig}
② the server ← internet of things device 1:
{ Internet of things device ID, NBBlock chain write identifier }KP-server
Third, server → internet of things device 1:
{
Figure BDA0001430709210000171
new block chain, increase number of blocks, {. DELTA {. C2}sig,{△3}sig}KP-Internet of things equipment 1
The content of message 2 may be:
{ New Block, increase Block identifier, increase number of blocks {. DELTA ]3}sig}
The "number of added blocks" in message 2 is k + 1. And k is the number of the untrustworthy nodes (the Internet of things equipment) observed by the server at the moment of putting the new Internet of things equipment.
The "new chunk" in the message 2 is the last k +1 chunks in the "new chunk chain" that the internet of things device 1 saves after completing the interaction 1. After the Internet of things equipment 1 finishes the interaction 1, taking out a new block from a block chain stored in the equipment 1 and extracting the number of the increased blocks from a message of the interaction 1, and {. DELTA { (Delta) }3}sigAnd constructing the message 2 for broadcasting.
Embodiment 4, the trust establishment between internet of things devices specifically includes:
the establishment of the trust relationship between the internet of things devices only needs to sequentially check the blocks in the block chain from back to front, and if the block corresponding to the internet of things device exists on the block chain and the 'whether the trusted bit' is 1, the internet of things device can be considered to exist and be trusted. As shown in fig. 6, it is assumed that the internet of things device a needs to perform secure communication with the internet of things device B, and at this time, the internet of things device a only needs to read the public key of the internet of things device B from the block chain and establish a communication link with the device B through a specific interaction protocol. The interaction process in fig. 6 may be described in detail as follows.
Internet of things equipment A → Internet of things equipment B:
{A,B,{Key}KP_B,NA,{△}Sig_A}
② the internet of things device A ← internet of things device B:
{B,A,NA,NB}Key
third, internet of things device A → internet of things device B:
Figure BDA0001430709210000172
fourthly, the internet of things device A ← → the internet of things device B:
{Data}Key
wherein N isA,NBAre all random numbers; delta denotes Hash (A, B, { Key }KP_B,NA) I.e. for { A, B, { Key }KP_B,NACarrying out Hash processing; { α }KP_BMeans that a is encrypted with the public key of B; { α }Sig_ARepresenting the signature of alpha by the private key of A; key is a session Key used for carrying out secure communication between the Internet of things equipment A and the Internet of things equipment B; data represents interactive Data between the Internet of things equipment A and the Internet of things equipment B; { Data }KeyIndicating that the data is encrypted with the session Key.
In the process of establishing trust between the Internet of things devices, A inquires a block chain, acquires the public Key of B and generates a session Key. A encrypts the session Key with the public Key of B, constructs a message in FIG. 6, and sends the message to B; b, after receiving the response, finishing the challenge response process, and constructing a message II in the figure 6 and sending the message II to the Internet of things equipment A; the Internet of things equipment A can confirm that the two parties share the session Key after receiving the message II, and at the moment, the Internet of things equipment A completes challenge response initiated by the Internet of things equipment B, constructs and sends the message III, and then can perform safe data interaction with the equipment B in the interaction process IV.
In the introduction of the protocol of fig. 6, a and B in the message (r) are used to identify the sender and the receiver, and the random number NAFor resisting replay attack, signature value {. DELTA }Sig_AFor the recipient to verify the authenticity of the message; b, A in the message (II) is used for identifying the identities of the sender and the receiver, NAUsed for completing challenge response initiated by Internet of things equipment A, NBFor ensuring that the encrypted information in message (c) is notTransmitted in clear text form in message (r), introducing NBThe possibility of known plaintext attacks is eliminated. In addition, NBA challenge response is also initiated to the internet of things device a. The information is encrypted by a session key and then transmitted to A; message III, the Internet of things equipment A completes the challenge response initiated by the message III and the Internet of things equipment B, and N is calculatedAAnd NBXor of then encrypted back.
The interaction process in example 4 ensures resistance to replay attacks with random numbers, authenticity of the information source with digital signatures and session key encryption, and confidentiality of sensitive information with session key encryption and public key encryption.
Example 5, capacity relaxation, specifically including:
as new nodes are added continuously, original nodes may be changed from credible to incredible and then from incredible to credible, the length of the block chain is increased continuously. At this time, one internet of things device may correspond to multiple blocks, and only one of them is valid (the last one). Resulting in wasted storage space and capacity relaxation.
The capacity relaxation work needs the control center to put in a new piece of internet of things equipment, and the new piece of internet of things equipment carries a capacity relaxation instruction issued by the control center and a new block chain and is deployed in a service subnet.
The Internet of things equipment communicates with other Internet of things equipment in the service subnet and issues a capacity relaxation instruction. And the Internet of things equipment receiving the instruction replaces the block chain in the memory of the equipment, and transmits the instruction to other Internet of things equipment which can be contacted with the equipment.
By adopting the recursive mode, all the internet of things equipment in the service subnet can finish updating the block chain, and the relaxation of the memory capacity is realized.
The communication flow for capacity relaxation may be represented as shown in fig. 7.
The detailed description of interaction 1 in FIG. 7 may be:
server → internet of things device 1:
{ Internet of things device ID, NABlock chain write identificationSymbol {. DELTA { (Δ) }1}sig}
② the server ← internet of things device 1:
{ Internet of things device ID, NBBlock chain write identifier }KP-server
Third, server → internet of things device 1:
{
Figure BDA0001430709210000191
new blockchain, all 0 fields, { [ Delta ]2}sigAll 0 fields }KP-Internet of things equipment 1
Server ← internet of things device 1:
{ Internet of things device ID, Nc}KP-server
Server → internet of things device 1:
{ Internet of things device ID, NcCapacity relaxation identifier, {. DELTA {. Δ {3}sig}KP-Internet of things equipment 1
In the description of interaction 1 of FIG. 7, NA,NB,NcAre all random numbers; "KP-Server" represents the public key of the server; delta1Representing Hash (Internet of things device ID, N)ABlockchain write identifier), i.e., pair { internet of things device ID, N)ABlock chain write identifier } to perform hash processing; delta2Denotes Hash (
Figure BDA0001430709210000192
New block chain), i.e. a straight eye
Figure BDA0001430709210000193
Carrying out Hash processing on the new block chain; delta3Represents Hash (capacity relaxation identifier), i.e. hashes { capacity relaxation identifier }; {. DELTA }SigRepresenting signing Δ with a private key of a server; { α }KP-serverMeans to encrypt α with the public key of the server; the "blockchain write identifier" is a special field used to indicate the function (write blockchain) to be implemented in the current interaction; the 'capacity relaxation identifier' is used to identify the capacity relaxation timeThe internet of things device 1 indicates the functions (capacity relaxation) that need to be completed in the next interaction (interaction 2).
In the message of interaction 1 of fig. 7, there are two "all 0 fields" which are made for compatibility with the format of interaction 1.
Assuming that the internet of things device 1 first communicates with the internet of things device 2 after completing the interaction 1, the detailed description of the interaction 2 in fig. 7 may be:
internet of things equipment 1 → Internet of things equipment 2:
{ID2,ID1,{Key}KP-Internet of things equipment 2,Nonce1,{△1}Sig_1}
② the internet of things device 1 ← internet of things device 2:
{ID1,ID2,Nonce1,Nonce2}Key
device of internet of things 1 → device of internet of things 2:
{ capacity relaxation identifier, Nonce2, {. DELTA { [ delta ]2}sig_Server}Key
Internet of things device 1 ← internet of things device 2:
{Nonce2,Nonce3}Key
internet of things equipment 1 → Internet of things equipment 2:
{ New Block chain, Nonce3}Key
Sixthly, the internet of things device 1 ← internet of things device 2:
{Nonce3}Key
nonces 1, 2, 3 in the description of interaction 2 of fig. 7 are all random numbers; the ID1 is an identity of the Internet of things equipment 1, the ID2 is an identity of the Internet of things equipment 2, and the KP-Internet of things equipment 2 is a public key of the Internet of things equipment 2; key is a session Key which needs to be established for carrying out secure communication between the Internet of things equipment 1 and the Internet of things equipment 2; { Key }KP-Internet of things equipment 2The public Key of the Internet of things equipment 2 is used for encrypting the Key; delta1Represents Hash (ID2, ID1, { Key }KP-Internet of things equipment 2Nonce1), namely pair { ID2, ID1, { Key }KP-Internet of things equipment 2Nonce1} for hash processing; {. DELTA }Sig_1Representing that a private key of the Internet of things equipment 1 is used for carrying out digital signature on the delta; {. DELTA }KeyThe expression encrypts delta by using a session Key; the "new blockchain" represents a blockchain stored in the internet of things device 1, and the blockchain obtained by the internet of things device 1 from the server in the interaction process 1 of fig. 7; the "capacity relaxation identifier" is used to specify a function (capacity relaxation) to be implemented by this interaction.
Since the "new blockchain" in the interaction 2 shown in fig. 7 occupies less memory than the original blockchain stored in the internet of things device 2, after the interaction 2 is completed, the internet of things device 2 completes the capacity relaxation operation of the local blockchain. The internet of things equipment 1 and the internet of things equipment 2 are respectively communicated with other internet of things equipment which can be communicated with each other, and the capacity of the internet of things equipment can be loosened by the interaction 2. By adopting the recursive interaction mode, all the internet of things equipment in the network can complete capacity relaxation.
Embodiment 6, the storage overhead analysis specifically includes:
since the storage space of the internet of things device is precious, the storage overhead of the blockchain needs to be analyzed. The lengths may be allocated for the fields of the block in fig. 2 as follows.
4Byte is the equipment ID of the Internet of things; administrator ID2 Byte; administrator KU 128 Byte; the Internet of things equipment KU is 128 Byte; prev Hash 64 Byte; whether the reliability is 1 bit; the anti-counterfeiting code is 4 Byte; totaling: 330Byte +1 bit.
Assuming that 1000 pieces of internet-of-things equipment are deployed in one service network, the total size of the block chain at this time is as follows:
(330Byte+1bit)×1000÷1024=322.12KB。
in fact, the size of a service network composed of 1000 pieces of internet of things devices is considerable, and at this time, the storage overhead of a block chain in the memory of the internet of things devices is 322.12KB, which can be realized at low cost for the current memory chip.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (8)

1. An Internet of things equipment supply chain trust system management method is characterized by comprising the following steps:
step one, managing trust relationships among different entities by using a block chain as a technical carrier;
secondly, when ownership of the Internet of things equipment is changed, realizing trust migration of the Internet of things equipment among different entities through protocol interaction;
step three, the owner of the equipment in the Internet of things interacts with the equipment in the Internet of things through a communication protocol; specifically, three different scenarios are included:
(1) the Internet of things equipment is not put into a service network, and the server writes the block chain into the storage of the Internet of things equipment through wired or wireless communication;
(2) the method comprises the following steps that a main number of Internet of things devices are already put into use, and a single Internet of things device needs to be added; the server interacts with the newly added Internet of things equipment, and the newly added Internet of things equipment is communicated with other Internet of things equipment after being put into operation; after receiving necessary information of the interaction process, other Internet of things equipment updates the block chain and supplements the latest block; the interaction process of the server and the newly-added Internet of things equipment comprises the following steps:
1) the server informs the newly added Internet of things equipment of writing a block chain in the storage space of the newly added Internet of things equipment;
2) the Internet of things equipment confirms whether a block chain needs to be written into a server or not;
3) the server confirms that the block chain is written in, and writes the block chain into the storage space of the Internet of things equipment; the server continuously writes tokens which need other Internet of things equipment to supplement the new block into the storage space of the newly added Internet of things equipment;
(3) the method includes that the equipment occupying the main number of the internet of things is already put into use, and the equipment of the internet of things is individually deployed, and a single piece of equipment of the internet of things is added, and the method specifically includes the following steps:
if a controller of the server considers that k untrusted internet-of-things devices exist, obtaining or generating a new block for the k internet-of-things devices, and setting the trust identifier as untrusted in the new block generated for the k internet-of-things devices; connecting k new blocks to the back of the original block chain; the method comprises the following steps of obtaining or generating a new block for newly-added Internet of things equipment, wherein the block is connected to the back of a block chain, and the interaction process between a server and the newly-added Internet of things equipment comprises the following steps:
1) the server informs the newly added Internet of things equipment of writing a block chain in the storage space of the newly added Internet of things equipment;
2) the Internet of things equipment confirms whether a block chain needs to be written into a server or not;
3) the server confirms that the block chain is written in, and writes the block chain into the storage space of the Internet of things equipment; the server continuously writes tokens which need other Internet of things equipment to supplement the new block into the storage space of the newly added Internet of things equipment;
establishing trust between different Internet of things devices by respectively inquiring the block chains stored in the local storage space, and sharing session key communication through the trust relationship;
and fifthly, the Internet of things equipment owner dispatches/puts new Internet of things equipment to a service network formed by deployed and operated Internet of things equipment, and realizes that the dispatched/put Internet of things equipment reaches the service network and is deployed and operated to realize the capacity relaxation of all Internet of things equipment storage spaces in the service network after the dispatched/put Internet of things equipment reaches the service network through two stages of protocol interaction between a server owned by the Internet of things equipment owner and the dispatched/put Internet of things equipment and interaction between the dispatched/put Internet of things equipment and other original Internet of things equipment in the service network after the dispatched/put Internet of things equipment reaches the service network.
2. The internet of things equipment supply chain trust hierarchy management method of claim 1, wherein the step one of adopting a block chain as a technology carrier specifically comprises: the central server generates a block chain, the central server writes the generated block chain into the Internet of things equipment, and a copy of the block chain is stored in each piece of deployed and operated Internet of things equipment; each piece of internet of things equipment corresponds to one block in the block chain.
3. The internet of things device supply chain trust hierarchy management method of claim 1, wherein the second step comprises:
(1) the ownership of the internet of things equipment is changed, specifically, ownership of the internet of things equipment is transferred to another entity through negotiation, negotiation and transaction behaviors from the entity;
(2) the different entities comprise an Internet of things equipment manufacturer or a responsibility main body for producing the Internet of things equipment, an Internet of things equipment purchasing party and the Internet of things equipment;
(3) the trust migration refers to the conversion of the ownership of the equipment of the internet of things among different entities caused by negotiation, negotiation or transaction behaviors;
(4) the protocol interaction in the second step specifically includes:
firstly, a server sends a trust relationship migration instruction to equipment of the Internet of things;
step two, the Internet of things equipment replies to the server and inquires whether the server confirms to carry out trust relationship migration;
and thirdly, the server replies the Internet of things equipment, informs the Internet of things equipment of confirming the trust relationship migration, and informs the Internet of things equipment of the identity of the next owner.
4. The internet of things equipment supply chain trust system management method of claim 3, wherein the maintaining and managing of the trust relationship in the third step specifically comprises: the owner of the equipment of the Internet of things can know whether the equipment of the Internet of things is owned by the owner or not and whether the equipment of the Internet of things is credible or not through the block chain; and the safe communication with the equipment of the Internet of things is realized by interacting with specific fields on the block chain.
5. The internet of things device supply chain trust hierarchy management method of claim 1, wherein the establishing of the communication link in the fourth step specifically comprises:
step one, sending a shared session key to an Internet of things device B by the Internet of things device A, encrypting a public key of the Internet of things device B, and simultaneously sending a message signed by the Internet of things device A to ensure authenticity;
step two, the Internet of things equipment B replies a message encrypted by a shared session key to the Internet of things equipment A, wherein the message consists of a random number and an identity and is responded;
thirdly, the Internet of things equipment A replies an XOR operation result of the two random numbers encrypted and sent by the shared session key to the Internet of things equipment B, and then response is carried out;
and step four, sharing the session key between the Internet of things equipment A and the Internet of things equipment B, establishing the secure connection, and encrypting and transmitting data by using the session key.
6. The internet of things device supply chain trust hierarchy management method of claim 1, wherein the communication between the server and the newly added internet of things device specifically comprises:
step one, a server informs newly-added Internet of things equipment of writing a block chain in a storage space of the newly-added Internet of things equipment;
step two, the Internet of things equipment confirms whether a block chain needs to be written into the server;
step three, the server confirms that the block chain is written in, and writes the block chain into the storage space of the Internet of things equipment;
fourthly, the Internet of things equipment replies the received block chain;
step five, the server sends a command requiring other internet of things equipment to perform capacity relaxation and a capacity relaxation token to the storage space of newly added internet of things equipment;
the newly-added internet of things device and other internet of things devices communicate specifically including:
step one, sending a shared session key to an Internet of things device B by the Internet of things device A, encrypting a public key of the Internet of things device B, and simultaneously sending a message signed by the Internet of things device A to ensure authenticity;
step two, the Internet of things equipment B replies a message encrypted by a shared session key to the Internet of things equipment A, wherein the message consists of a random number and an identity and is responded;
step three, the Internet of things equipment A sends a capacity relaxation instruction and a capacity relaxation token which are sent to the Internet of things equipment A by the server to the Internet of things equipment B, and the Internet of things equipment B performs capacity relaxation operation;
fourthly, the Internet of things equipment B replies to the Internet of things equipment A, and the capacity relaxation instruction and the token are received;
step five, the Internet of things equipment A transmits a new block chain to the Internet of things equipment B;
and step six, the Internet of things equipment B replies that the new block chain is received to the Internet of things equipment A.
7. An internet of things equipment supply chain trust system management system of the internet of things equipment supply chain trust system management method according to claim 1, wherein the internet of things equipment supply chain trust system management system comprises an internet of things equipment manufacturer trust management server, a purchasing side trust management server and an internet of things equipment;
the device manufacturer trust management server is used for realizing the management of the trust of the devices produced by the device manufacturer, and comprises the steps of carrying out necessary information interaction with the equipment of the Internet of things, storing initial data and finishing trust migration;
the purchasing side trust management server is used for realizing generation, maintenance and updating of a block chain and generation and maintenance of a management relation between an equipment manager and equipment, and timely loosening the capacity of the equipment of the Internet of things;
the Internet of things equipment is used for bearing business logic and establishing trust of each other through the block chain;
the internet of things equipment manufacturer trust management server comprises:
the initialization module is used for writing necessary information into the Internet of things equipment when the Internet of things equipment is produced or at a necessary stage after the production;
the trust migration module is used for completing trust migration;
the communication module is communicated with the Internet of things equipment and used for communicating with a purchasing party;
the buyer trust management server comprises:
the block chain management module is used for managing a block chain of the Internet of things equipment, and comprises generation, maintenance and update;
the personnel management module is used for managing administrator information for managing the equipment of the Internet of things, and the administrator information comprises assignment, inquiry and update;
the trust management module is used for overall management of a trust system of a service network formed by the Internet of things equipment, and comprises an inquiry block chain for determining the credibility of the Internet of things equipment, an inquiry block chain for determining the trust relationship between the Internet of things equipment and an administrator, and a personnel management module for determining the trust relationship between the administrator and the system;
the Internet of things equipment comprises:
the functional module is used for directly reflecting the value of the equipment of the Internet of things to meet the module which is required by the actual application requirement;
the block chain management module is used for maintaining and updating a block chain module;
the communication module is used for communicating with a server or other Internet of things equipment.
8. A computer for executing the method for managing the supply chain trust system of the equipment in the Internet of things according to any one of claims 1 to 6.
CN201710941351.6A 2017-10-11 2017-10-11 Internet of things equipment supply chain trust system management method, computer program and computer Active CN107895111B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710941351.6A CN107895111B (en) 2017-10-11 2017-10-11 Internet of things equipment supply chain trust system management method, computer program and computer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710941351.6A CN107895111B (en) 2017-10-11 2017-10-11 Internet of things equipment supply chain trust system management method, computer program and computer

Publications (2)

Publication Number Publication Date
CN107895111A CN107895111A (en) 2018-04-10
CN107895111B true CN107895111B (en) 2021-06-11

Family

ID=61803509

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710941351.6A Active CN107895111B (en) 2017-10-11 2017-10-11 Internet of things equipment supply chain trust system management method, computer program and computer

Country Status (1)

Country Link
CN (1) CN107895111B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108377272B (en) * 2018-05-09 2021-02-02 深圳市有方科技股份有限公司 Method and system for managing terminal of Internet of things
CN108737419B (en) * 2018-05-22 2020-05-22 北京航空航天大学 Trusted identifier life cycle management device and method based on block chain
CN108989022B (en) * 2018-06-08 2021-11-09 中国科学院计算技术研究所 Intelligent object shared key establishment method and system based on block chain
CN108810007B (en) * 2018-06-26 2020-11-17 东北大学秦皇岛分校 Internet of things security architecture
CN108881287A (en) * 2018-07-18 2018-11-23 电子科技大学 A kind of Internet of things node identity identifying method based on block chain
CN110493039B (en) * 2018-08-06 2021-06-04 腾讯科技(深圳)有限公司 Block chain-based equipment management method and equipment management system
CH715441B1 (en) * 2018-10-09 2024-08-15 Legic Identsystems Ag Methods and apparatus for communicating between an Internet of Things device and a remote computer system.
US20210306157A1 (en) * 2018-11-01 2021-09-30 Hewlett-Packard Development Company, L.P. Infrastructure device enrolment
CN109617989B (en) * 2018-12-28 2021-11-26 浙江省公众信息产业有限公司 Method, apparatus, system, and computer readable medium for load distribution
CN109889382B (en) * 2019-02-20 2020-07-21 中国互联网络信息中心 Domain name information maintenance system based on block chain hybrid consensus
CN110267270B (en) * 2019-05-07 2022-07-12 国网浙江省电力有限公司电力科学研究院 Identity authentication method for sensor terminal access edge gateway in transformer substation
CN110750595B (en) * 2019-10-16 2022-06-03 西安交通大学 Double-layer Internet of things architecture based on credit degree-block chain
CN111083131B (en) * 2019-12-10 2022-02-15 南瑞集团有限公司 Lightweight identity authentication method for power Internet of things sensing terminal
CN111741062B (en) * 2020-05-12 2023-04-18 湖南半岛医疗科技有限公司 Electronic equipment local area management system based on block chain technology
CN112464190A (en) * 2020-12-17 2021-03-09 深圳市飞思捷跃科技有限公司 Block chain-based high-availability high-safety method for Internet of things platform
CN112948784B (en) * 2021-03-23 2024-05-14 中国信息通信研究院 Internet of things terminal identity authentication method, computer storage medium and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103532963A (en) * 2013-10-22 2014-01-22 中国联合网络通信集团有限公司 IOT (Internet of Things) based equipment authentication method, device and system
CN104618317A (en) * 2014-07-30 2015-05-13 江苏物泰信息科技有限公司 Trust based Internet of Things data security system
CN105075307A (en) * 2013-02-25 2015-11-18 高通股份有限公司 Emergency mode for iot devices
CN107077568A (en) * 2014-11-17 2017-08-18 英特尔公司 symmetric key and trust chain

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9648617B2 (en) * 2015-08-24 2017-05-09 Sprint Communications Company L.P. Hardware-trusted orthogonal frequency division multiplex (OFDM) access to a shared common public radio interface (CPRI)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105075307A (en) * 2013-02-25 2015-11-18 高通股份有限公司 Emergency mode for iot devices
CN103532963A (en) * 2013-10-22 2014-01-22 中国联合网络通信集团有限公司 IOT (Internet of Things) based equipment authentication method, device and system
CN104618317A (en) * 2014-07-30 2015-05-13 江苏物泰信息科技有限公司 Trust based Internet of Things data security system
CN107077568A (en) * 2014-11-17 2017-08-18 英特尔公司 symmetric key and trust chain

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
A Lightweight Anonymous Authentication Protocol Using k-Pseudonym Set in Wireless Networks;Xinghua Li 等;《2015 IEEE Global Communications Conference (GLOBECOM)》;20160225;论文第1-6页 *
区块链技术驱动下的物联网安全研究综述;赵阔 等;《信息网络安全》;20170531(第5期);论文第1-6页 *

Also Published As

Publication number Publication date
CN107895111A (en) 2018-04-10

Similar Documents

Publication Publication Date Title
CN107895111B (en) Internet of things equipment supply chain trust system management method, computer program and computer
CN112926982B (en) Transaction data processing method, device, equipment and storage medium
CN111681003B (en) Resource cross-chain transfer method and device, computer equipment and storage medium
EP4120114A1 (en) Data processing method and apparatus, smart device and storage medium
CN113256290B (en) Decentralized encrypted communication and transaction system
Fernández-Caramés et al. A Review on the Use of Blockchain for the Internet of Things
Ullah et al. Towards blockchain-based secure storage and trusted data sharing scheme for IoT environment
CN109802993B (en) Alliance chain building method based on supply chain ecology
CN112667749B (en) Data processing method, device, equipment and storage medium
CN112685505B (en) Transaction data processing method and device, computer equipment and storage medium
US9047490B2 (en) Method and a system for secure execution of workflow tasks in a distributed workflow management system within a decentralized network system
US10116450B1 (en) Merkle signature scheme using subtrees
CN118509190A (en) Initiation of a security enhanced blockchain transaction
CN109245894B (en) Distributed cloud storage system based on intelligent contracts
CN110149323A (en) A kind of processing unit with millions TPS contract processing capacity
CN110096894A (en) A kind of data anonymous shared system and method based on block chain
WO2020126235A1 (en) Method for generating stateful hash based signatures of messages to be signed
WO2019142884A1 (en) Block verification device, block verification method and program
Han et al. Shrec: Bandwidth-efficient transaction relay in high-throughput blockchain systems
WO2021057124A1 (en) Fpga-based privacy block chain implementing method and device
Lahiri et al. A trustworthy blockchain based framework for impregnable iov in edge computing
Zhang et al. ROS‐Ethereum: A Convenient Tool to Bridge ROS and Blockchain (Ethereum)
Liu et al. Using blockchain technology in IoT manufacture environment for intelligence prediction
Xian et al. ICOE: A Lightweight Group-Consensus-Based Off-Chain Execution Model for Smart Contract-Based Industrial Applications
Lei et al. Improved Method of Blockchain Cross‐Chain Consensus Algorithm Based on Weighted PBFT

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant