CN108810007B - Internet of things security architecture - Google Patents
Internet of things security architecture Download PDFInfo
- Publication number
- CN108810007B CN108810007B CN201810671036.0A CN201810671036A CN108810007B CN 108810007 B CN108810007 B CN 108810007B CN 201810671036 A CN201810671036 A CN 201810671036A CN 108810007 B CN108810007 B CN 108810007B
- Authority
- CN
- China
- Prior art keywords
- transactions
- transaction
- layer
- request
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a security architecture of the Internet of things. The Internet of things security architecture is a three-layer architecture; the three-tier architecture comprises: an authentication layer, an application layer and a block chain layer; the authentication layer comprises an authentication center and a detection center; the authentication layer is used for authenticating according to the request registration information and sending the registration transaction to the block chain layer; the application layer comprises local nodes; the local node is used for storing transaction information, processing the transaction information through the Mercker tree to obtain a Mercker tree root, and issuing the Mercker tree root to the block chain layer; the block chain layer is used for processing transactions; the transactions include registration transactions, deletion transactions, update transactions, query transactions, device storage transactions, authorization transactions, request transactions, and local related transactions. By adopting the Internet of things security architecture provided by the invention, the security and privacy of the Internet of things can be improved.
Description
Technical Field
The invention relates to the field of Internet of things security, in particular to an Internet of things security architecture.
Background
In the current society, the technology of the Internet of Things is rapidly developed, the Internet of Things and embedded equipment are rapidly popularized in the fields of civil (such as smart cities and smart homes) and Military (such as the Internet of Battlefiled ways and the Internet of militariy ways), the technology of the Internet of Things has profound influence on the current society and plays a great role in promoting the intelligent society, but the civil and Military of the Internet of Things face the problems of safety and privacy. The traditional Internet of things system architecture is divided into 3 layers, namely a sensing layer, a network layer and an application layer from bottom to top, node equipment of the Internet of things is distributed in an open environment and is easy to suffer from external attack and network attack, node data are easy to tamper, data inside the nodes are stolen, and the like, so that the traditional Internet of things is lack of safety and privacy.
Disclosure of Invention
The invention aims to provide a security architecture of the Internet of things, and the security architecture is used for solving the problem that the traditional Internet of things is lack of security and privacy.
In order to achieve the purpose, the invention provides the following scheme:
an Internet of things security architecture is a three-layer architecture; the three-tier architecture comprises: an authentication layer, an application layer and a block chain layer;
the authentication layer comprises an authentication center and a detection center; the authentication layer is used for authenticating according to the request registration information and sending the registration transaction to the block chain layer;
the application layer comprises local nodes; the local node is used for storing transaction information, processing the transaction information through the Mercker tree to obtain a Mercker tree root, and issuing the Mercker tree root to the block chain layer;
the block chain layer is used for processing transactions; the transactions include registration transactions, deletion transactions, update transactions, query transactions, device storage transactions, authorization transactions, request transactions, and local related transactions.
Optionally, the certification authority has a key pair, and the certification authority is used for certifying the manufacturer and the local node;
the detection center is used for detecting malicious behaviors in the Internet of things.
Optionally, the local nodes have a plurality of local nodes, each local node has a public key pair or a private key pair, and the mutual identification among the local nodes is realized by using a byzantine fault-tolerant algorithm.
Optionally, the local node includes a permission table, a registry, an update table, an authorization table, and a storage information table; the authority table is used for checking the authority of the request transaction; the update table comprises update information of a manufacturer for updating the device according to the update information; the authorization table includes authorization permission information; the storage information table includes device storage data information.
Optionally, the block chain layer includes a service using layer and a service providing layer;
the service using layer comprises users and equipment; the service providing layer comprises a manufacturer, a cloud service provider and a local storage;
the service usage layer uses the service provided by the service providing layer.
Optionally, the registration transaction includes device description information, public key information, and a signature.
Optionally, the update transaction includes manufacturer information, a device serial code, update content, and a manufacturer signature.
Optionally, the device storage transaction includes a device code, a quality code, a data hash, a data execution method, and a signature.
Optionally, the transactions processed by the blockchain layer include transactions directly written into the blockchain layer and transactions written by the merkel tree;
the transactions directly written into the block chain layer comprise registration transactions of manufacturers and local nodes, update release transactions of global area device updates, permission release transactions of devices stored in different area devices of a cloud server provider and permission request transactions among different area devices;
the transactions of the block chain layer written through the Mercker tree comprise registration transactions of the device and a cloud service provider, update issuing transactions of partial region device updates, update inquiry transactions, permission issuing transactions among devices in the same region and access request transactions of the devices in the same region.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects: the invention provides an Internet of things security architecture, which uses a block chain technology to centralize the calculation and storage of transactions to a block chain layer; since the blockchain is a continuously growing list record, the blocks store the list record, and are linked and protected using cryptography, each block typically contains the hash, timestamp, and transaction data of the previous block; the block chain does not support direct deletion of data, so that the transaction between the two parties can be effectively recorded, and the record can be permanently checked; the block chain is managed by the p2p network, so that the maintenance cost of the participants can be effectively reduced; and due to the characteristic that the block chain cannot be tampered, the storage integrity guarantee can be provided for the transaction data, so that the safety and privacy of the Internet of things are improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
Fig. 1 is a hierarchical structure diagram of the internet of things provided in the embodiment of the present invention;
FIG. 2 is a block diagram of a Mercker tree according to an embodiment of the present invention;
fig. 3 is an architecture diagram of the internet of things according to an embodiment of the present invention;
FIG. 4 is a diagram of a process for registering transactions provided by an embodiment of the present invention;
FIG. 5 is a transaction diagram of an update version according to an embodiment of the present invention;
FIG. 6 is a diagram of a device storage transaction process provided by an embodiment of the invention;
fig. 7 is a diagram of a permission request transaction process according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide a security architecture of the Internet of things, which can improve the security and privacy of the Internet of things.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Fig. 1 is a structural diagram of an internet of things security architecture provided by the present invention, and as shown in fig. 1, the internet of things security architecture is a three-layer architecture; the three-tier architecture comprises: authentication layer 1, application layer 2, and blockchain layer 3; the authentication layer comprises an authentication center and a detection center; the authentication layer is used for authenticating according to the request registration information and sending the registration transaction to the block chain layer; the application layer comprises local nodes; the local node is configured to store transaction information, process the transaction information through the merkel tree to obtain a merkel root, and issue the merkel root to the block chain layer, where fig. 2 is a merkel tree structure diagram provided by the present invention; the block chain layer is used for processing transactions; the transactions include registration transactions, deletion transactions, update transactions, query transactions, device storage transactions, authorization transactions, request transactions, and local related transactions.
According to the internet of things security architecture provided by the invention, as shown in fig. 3-7, a use method of the internet of things security architecture based on a block chain comprises the following steps:
step 1: the equipment initializes an equipment authentication number in a hardware security module according to the requirement of the equipment of the Internet of things; the cloud service provider submits a registration request to a local network and executes the step 2; the user sends a registration request to the authentication center and performs step 3.
The equipment of the Internet of things has a unique equipment authentication number when leaving a factory, and the equipment is uniquely identified; a Hardware Security Module (HSM) is a computer hardware device used to protect and manage keys used by a strong authentication system and, at the same time, provide related cryptographic operations; the device authentication number is a key pair generated by the hardware security module.
Both are distinct entities, executed in parallel and asynchronously; the cloud service provider mainly provides a data cloud storage function for the user; the users are equipment manufacturers and equipment users of the Internet of things; the registration requests are not identical; such as different registration transactions sent depending on identity.
Step 2: the local network provides authentication release to the cloud service provider according to the registration request; the cloud service provider obtains authentication and does not continue to perform the following steps.
And step 3: the authentication center checks whether the registration request meets the requirement according to the request.
The registration transaction has corresponding format requirement and identity requirement, and the registration transaction structure comprises related description information, public key information and signature.
And 4, step 4: if the verification of the authentication center is successful, executing the step 5; otherwise, the request is returned.
And 5: the authentication center sends the related key pair to the applicant and sends the registration transaction to the block chain; if the applicant is the manufacturer, executing step 6; if the applicant is a normal user, step 8 is performed.
Step 6: the manufacturer distributes security or software updates (patches) to the network according to the new functional requirements of the equipment and the update scope; if the software updating operation is applied in a large area or globally, the updating operation is directly issued to the block chain; if the update is confined to only some areas, the update transaction will be sent to the local node where the device that needs to be updated is located.
And 7: the equipment periodically constructs an updating inquiry transaction according to the requirement and submits the updating inquiry transaction to the ordinary user.
And 8: the common user checks whether an update request exists in the update table; if yes, the user transmits the updated content to the equipment; otherwise, go to step 10.
And step 9: the equipment verifies the updated content according to the received updated content; if the signature and the data of the updated content are complete, the equipment updates; otherwise, go to step 10.
Step 10: the checking center detects the updated content; if the updated content is malicious, investigating the content and executing corresponding punishment; otherwise, step 11 is performed.
Step 11: the common user checks whether the built-in storage capacity of the equipment meets the required data storage according to the requirement; if not, the device uploads the data to a local storage node, and then the step 12 is executed, or the cloud service provider executes the step 13; if so, step 16 is performed.
Step 12: the device uploads the update data directly to the local storage node.
Step 13: the device directly uploads data to a cloud service provider, generates hashes of the data, and then constructs a stored information transaction.
Step 14: the device encrypts the transaction of the storage information with the key and then sends the transaction into the blockchain.
Step 15: and after the blockchain confirms that the transaction is received, the cloud service provider stores the data.
Step 16: the equipment issues related services among the equipment according to the request, and the user selects different authorities to issue according to different areas; if the devices are in the same area, step 17 is performed; if the device is in a different area, step 20 is performed.
And step 17: the common user sets the access authority among the devices in the same area according to the device authentication number and writes the authority content into an authority table; step 18 is performed.
Step 18: the device constructs an authorization request transaction according to the user request and issues the authorization request transaction to the local node.
Step 19: the local node checks whether the requested authority is matched or not according to the authority table; if the device is matched with the user, the user obtains the use permission requested by the device; otherwise, the authority request is refused.
Step 20: and generating a permission issue transaction by the common user according to the request, signing the permission issue transaction by different users, and sending the permission issue transaction to the block chain.
Step 21: the device constructs an authorization request transaction according to the user request and issues the authorization request transaction to the local node.
Step 22: and the local node checks whether the requested authority is matched according to the authority table, if so, the local node signs the request authority transaction, then issues the request authority transaction to the block chain and generates a communication key.
Step 23: the user receives the communication key and obtains the use authority requested by the device.
A security architecture of the Internet of things comprises a three-layer architecture, an authentication layer, an application layer and a block chain layer; the authentication layer comprises an authentication center and a detection center; the application layer comprises local nodes; the block chain layer comprises a service using layer and a service providing layer; the architecture describes the structure of an internet of things solution, including physical aspects (i.e., things) and virtual aspects (such as services and communication protocols) that by employing a layered architecture can focus on understanding how these aspects operate independently, integrating all of the most important aspects of the architecture into the IoT application. This modular approach helps manage the complexity of the IoT solution; and the layers are transmitted through information flow.
In practical application, the authentication layer comprises an authentication center and a detection center; the authentication center has its own key pair for verifying the manufacturer and the local node; the detection center is used for detecting all malicious behaviors.
In practical application, the application layer comprises local nodes; the local node possesses a public or private key pair; the consensus between local nodes uses the traditional byzantine fault tolerance algorithm.
In practical application, the local node comprises a registry, an updating table, an authorization table and a storage information table; the registry contains registration information for the device; the update table contains manufacturer's update messages; the authorization table contains authorization permission information; the storage information table contains device storage data information.
In practical application, the block chain layer comprises a service using layer and a service providing layer; the service using layer uses the service provided by the service providing layer; the service providing layer comprises a local storage service and a cloud service.
In practical application, the interaction between layers is a transaction; transactions include registration and deletion transactions, update transactions, query transactions, device storage transactions, authorization transactions, request transactions, and local related transactions.
In practical application, the registration transaction structure includes the relevant description information, the public key information and the signature.
In practical applications, the update issue transaction structure includes manufacturer information, device serial number, update content, and manufacturer signature.
In practical application, the device storage transaction structure comprises a device code, a quality code, a data hash, a data execution method and a signature.
In practical application, the authority issuing transaction structure comprises a device signature, an operation type and a signature.
In practical applications, the information directly written into the blockchain network includes manufacturer and local node registration transactions, update issue transactions (global area device update), information stored by the device to the cloud service provider, authority issue transactions (between different area devices), and authority request transactions (between different area devices).
In practical application, the information written into the block chain through the Merkle tree includes device and cloud service provider registration transaction, update issue transaction (partial area device update), update query transaction, permission issue transaction (between devices in the same area), and access request transaction (between devices in the same area).
Adopt the produced beneficial effect of above-mentioned technical scheme to lie in:
an entity in the Internet of things has a secret key; the key realizes identity authentication; adopt the produced beneficial effect of above-mentioned technical scheme to lie in: local nodes of the Internet of things own an authority table; the authority table realizes access control for users and equipment; adopt the produced beneficial effect of above-mentioned technical scheme to lie in: local nodes of the Internet of things store transaction information; the transaction information is processed by the merkel tree, and the local node can issue the merkel tree root merkel root to the block chain network; the Merkle tree provides privacy protection for the transaction information;
adopt the produced beneficial effect of above-mentioned technical scheme to lie in: the calculation and storage of the transaction are centralized to a block chain layer; the block chain layer provides lightweight features for users; adopt the produced beneficial effect of above-mentioned technical scheme to lie in: local nodes of the Internet of things use a traditional Byzantine fault-tolerant algorithm to achieve consensus for transactions; the traditional Byzantine fault-tolerant algorithm provides fault-tolerant characteristics and DoS resistance for local nodes; adopt the produced beneficial effect of above-mentioned technical scheme to lie in: local nodes of the Internet of things upload transaction data to a block chain network in a Hash mode; the property that the block chain can not be tampered provides storage integrity guarantee for the transaction data;
the block chain is applied to the Internet of things, relevant affairs of the Internet of things are stored in the block chain, and tampering of the affairs is avoided, so that a brand-new Internet of things architecture method is provided. This architecture consists of an authentication layer, a blockchain layer, and an application layer. The architecture can solve the problem of high energy consumption of the block chain implemented on the Internet of things, and realize the functions of identity verification, access control, privacy protection, lightweight function, fault tolerance, DoS attack resistance and storage integrity of the Internet of things.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.
Claims (9)
1. The Internet of things security architecture is characterized by being a three-layer architecture; the three-tier architecture comprises: an authentication layer, an application layer and a block chain layer;
the authentication layer comprises an authentication center and a detection center; the authentication layer is used for authenticating according to the request registration information and sending the registration transaction to the block chain layer;
the application layer comprises local nodes; the local node is used for storing transaction information, processing the transaction information through the Mercker tree to obtain a Mercker tree root, and issuing the Mercker tree root to the block chain layer;
the block chain layer is used for processing transactions; the transactions comprise registration transactions, deletion transactions, update transactions, inquiry transactions, device storage transactions, authorization transactions, request transactions and local related transactions;
the use method of the block chain-based Internet of things security architecture comprises the following steps:
step 1: the equipment initializes an equipment authentication number in a hardware security module according to the requirement of the equipment of the Internet of things; the cloud service provider submits a registration request to a local network and executes the step 2; the user sends a registration request to the authentication center and executes the step 3;
the equipment of the Internet of things has a unique equipment authentication number when leaving a factory, and the equipment is uniquely identified; the hardware security module is a computer hardware device used for protecting and managing a secret key used by the strong authentication system and providing related cryptographic operations at the same time; the equipment authentication number is a key pair generated by the hardware security module;
both are distinct entities, executed in parallel and asynchronously; the cloud service provider mainly provides a data cloud storage function for the user; the users are equipment manufacturers and equipment users of the Internet of things; the registration requests are not identical; such as different registration transactions sent based on identity;
step 2: the local network provides authentication release to the cloud service provider according to the registration request; the cloud service provider obtains authentication and does not continue to execute the following steps;
and step 3: the authentication center checks whether the registration request meets the requirement or not according to the request;
the registration transaction has corresponding format requirements and identity requirements, and the registration transaction structure comprises related description information, public key information and a signature;
and 4, step 4: if the verification of the authentication center is successful, executing the step 5; otherwise, returning the request;
and 5: the authentication center sends the related key pair to the applicant and sends the registration transaction to the block chain; if the applicant is the manufacturer, executing step 6; if the applicant is a common user, executing the step 8;
step 6: the manufacturer issues security or software updates to the network according to the new functional requirements of the equipment and the update range; if the software updating operation is applied in a large area or globally, the updating operation is directly issued to the block chain; if the update is only limited to some areas, the update transaction is sent to the local node of the device needing to be updated;
and 7: the equipment periodically constructs an updating inquiry transaction according to the requirement and submits the updating inquiry transaction to a common user;
and 8: the common user checks whether an update request exists in the update table; if yes, the user transmits the updated content to the equipment; otherwise, executing step 10;
and step 9: the equipment verifies the updated content according to the received updated content; if the signature and the data of the updated content are complete, the equipment updates; otherwise, executing step 10;
step 10: the checking center detects the updated content; if the updated content is malicious, investigating the content and executing corresponding punishment; otherwise, executing step 11;
step 11: the common user checks whether the built-in storage capacity of the equipment meets the required data storage according to the requirement; if not, the device uploads the data to a local storage node, and then the step 12 is executed, or the cloud service provider executes the step 13; if so, go to step 16;
step 12: the device uploads the updated data to the local storage node directly;
step 13: the equipment directly uploads data to a cloud service provider, generates hash of the data, and then constructs a storage information transaction;
step 14: the device encrypts the stored information transaction with the key and then sends the transaction to the blockchain;
step 15: after the block chain confirms that the transaction is received, the cloud service provider stores the data;
step 16: the equipment issues related services among the equipment according to the request, and the user selects different authorities to issue according to different areas; if the devices are in the same area, step 17 is performed; if the device is in a different area, step 20 is performed;
and step 17: the common user sets the access authority among the devices in the same area according to the device authentication number and writes the authority content into an authority table; step 18 is executed;
step 18: the device constructs an authority request transaction according to the user request and issues the authority request transaction to a local node;
step 19: the local node checks whether the requested authority is matched or not according to the authority table; if the device is matched with the user, the user obtains the use permission requested by the device; if not, rejecting the permission request;
step 20: generating an authority issuing transaction by a common user according to the request, signing the authority issuing transaction by different users, and then sending the authority issuing transaction to a block chain;
step 21: the device constructs an authority request transaction according to the user request and issues the authority request transaction to a local node;
step 22: the local node checks whether the requested authority is matched or not according to the authority table, if so, the local node signs the request authority transaction, then the local node issues the request authority transaction to a block chain, and a communication key is generated;
step 23: the user receives the communication key and obtains the use authority requested by the device.
2. The internet of things security architecture of claim 1, wherein the authentication center has a key pair, the authentication center for authenticating a manufacturer and the local node;
the detection center is used for detecting malicious behaviors in the Internet of things.
3. The internet of things security architecture of claim 1, wherein the local nodes are in a plurality, each local node having a public key pair or a private key pair, and wherein the consensus among the plurality of local nodes is achieved by using a Byzantine fault tolerance algorithm.
4. The internet of things security architecture of claim 1, wherein the local nodes comprise a permission table, a registry table, an update table, an authorization table, and a storage information table; the authority table is used for checking the authority of the request transaction; the update table comprises update information of a manufacturer for updating the device according to the update information; the authorization table includes authorization permission information; the storage information table includes device storage data information.
5. The internet of things security architecture of claim 1, wherein the blockchain layer comprises a service usage layer and a service provision layer;
the service using layer comprises users and equipment; the service providing layer comprises a manufacturer, a cloud service provider and a local storage;
the service usage layer uses the service provided by the service providing layer.
6. The internet of things security architecture of claim 1, wherein the registration transaction comprises device description information, public key information, and a signature.
7. The internet of things security architecture of claim 1, wherein the update transaction comprises manufacturer information, a device serial number, update content, and a manufacturer signature.
8. The internet of things security architecture of claim 1, wherein the device storage transaction comprises a device code, a quality code, a data hash, a data execution approach, and a signature.
9. The internet of things security architecture of claim 1, wherein the transactions processed at the blockchain layer include transactions written directly to the blockchain layer and transactions written at the blockchain layer through the merkel tree;
the transactions directly written into the block chain layer comprise registration transactions of manufacturers and local nodes, update release transactions of global area device updates, permission release transactions of devices stored in different area devices of a cloud server provider and permission request transactions among different area devices;
the transactions of the block chain layer written through the Mercker tree comprise registration transactions of the device and a cloud service provider, update issuing transactions of partial region device updates, update inquiry transactions, permission issuing transactions among devices in the same region and access request transactions of the devices in the same region.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810671036.0A CN108810007B (en) | 2018-06-26 | 2018-06-26 | Internet of things security architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810671036.0A CN108810007B (en) | 2018-06-26 | 2018-06-26 | Internet of things security architecture |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108810007A CN108810007A (en) | 2018-11-13 |
| CN108810007B true CN108810007B (en) | 2020-11-17 |
Family
ID=64071578
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810671036.0A Active CN108810007B (en) | 2018-06-26 | 2018-06-26 | Internet of things security architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108810007B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109218981B (en) * | 2018-11-20 | 2019-06-21 | 太原理工大学 | Wi-Fi access authentication method based on position signal feature common recognition |
| CN109615397A (en) * | 2018-12-07 | 2019-04-12 | 中链科技有限公司 | Security identifier authentication method and device based on block chain |
| CN110532741B (en) * | 2019-07-15 | 2021-06-01 | 北京工业大学 | Personal information authorization method, authentication center and service provider |
| CN111526022A (en) * | 2020-04-13 | 2020-08-11 | 成都链向科技有限公司 | Block chain token generation system suitable for industrial Internet of things |
| CN112904734A (en) * | 2020-12-23 | 2021-06-04 | 上海上实龙创智能科技股份有限公司 | Intelligent household appliance control system and method based on Internet of things and block chain double gateways |
| CN114244520B (en) * | 2021-12-02 | 2024-07-16 | 浙商银行股份有限公司 | Block chain-based method, system and equipment for admitting Internet of things equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017095036A1 (en) * | 2015-11-30 | 2017-06-08 | 전삼구 | Iot-based things management system and method using block-chain authentication |
| CN106875518A (en) * | 2016-06-21 | 2017-06-20 | 阿里巴巴集团控股有限公司 | The control method of smart lock, device and smart lock |
| CN107273760A (en) * | 2017-06-09 | 2017-10-20 | 济南浪潮高新科技投资发展有限公司 | One kind is based on many CA application authentication methods of block chain |
| CN107819848A (en) * | 2017-11-08 | 2018-03-20 | 济南浪潮高新科技投资发展有限公司 | A kind of internet of things equipment autonomy interconnected method based on block chain |
| CN107895111A (en) * | 2017-10-11 | 2018-04-10 | 西安电子科技大学 | Internet of things equipment supply chain trust systems management method, computer program, computer |
-
2018
- 2018-06-26 CN CN201810671036.0A patent/CN108810007B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017095036A1 (en) * | 2015-11-30 | 2017-06-08 | 전삼구 | Iot-based things management system and method using block-chain authentication |
| CN106875518A (en) * | 2016-06-21 | 2017-06-20 | 阿里巴巴集团控股有限公司 | The control method of smart lock, device and smart lock |
| CN107273760A (en) * | 2017-06-09 | 2017-10-20 | 济南浪潮高新科技投资发展有限公司 | One kind is based on many CA application authentication methods of block chain |
| CN107895111A (en) * | 2017-10-11 | 2018-04-10 | 西安电子科技大学 | Internet of things equipment supply chain trust systems management method, computer program, computer |
| CN107819848A (en) * | 2017-11-08 | 2018-03-20 | 济南浪潮高新科技投资发展有限公司 | A kind of internet of things equipment autonomy interconnected method based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| "基于区块链、智能合约和物联网的供应链原型系统";叶小榕,邵晴,肖蓉;《科技导报》;20171231;第35卷(第23期);正文第3.2节、4.2-4.3节 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108810007A (en) | 2018-11-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108810007B (en) | Internet of things security architecture | |
| Bao et al. | IoTChain: A three-tier blockchain-based IoT security architecture | |
| CN109327481B (en) | Block chain-based unified online authentication method and system for whole network | |
| JP2022508011A (en) | Data processing methods, devices, electronic devices and computer programs based on blockchain networks | |
| KR102152360B1 (en) | System and method for providing data reliability based on blockchain for iot services | |
| Hao et al. | A blockchain-based cross-domain and autonomous access control scheme for internet of things | |
| CN110032545A (en) | File memory method, system and electronic equipment based on block chain | |
| Liu et al. | Design patterns for blockchain-based self-sovereign identity | |
| CN110569674A (en) | Block chain network-based authentication method and device | |
| Chen et al. | Bidm: a blockchain-enabled cross-domain identity management system | |
| Yao et al. | PBCert: privacy-preserving blockchain-based certificate status validation toward mass storage management | |
| US11405198B2 (en) | System and method for storing and managing keys for signing transactions using key of cluster managed in trusted execution environment | |
| US11762746B2 (en) | Failover between decentralized identity stores | |
| Li et al. | Decentralized public key infrastructures atop blockchain | |
| Bai et al. | Decentralized and self-sovereign identity in the era of blockchain: a survey | |
| CN109951490A (en) | Webpage integrity assurance, system and electronic equipment based on block chain | |
| Wang et al. | A blockchain-based multi-CA cross-domain authentication scheme in decentralized autonomous network | |
| CN111901432A (en) | Block chain-based safety data exchange method | |
| Yang et al. | Efficient data integrity auditing supporting provable data update for secure cloud storage | |
| Liu et al. | A data preservation method based on blockchain and multidimensional hash for digital forensics | |
| CN103020542B (en) | Store the technology of the secret information being used for global data center | |
| CN114338081B (en) | Multi-block-chain unified identity authentication method, device and computer equipment | |
| Wang et al. | A lightweight data integrity verification with data dynamics for mobile edge computing | |
| CN113836576B (en) | User privacy data protection method for taxi taking software | |
| CN115664801A (en) | Block chain-based distributed digital identity management authentication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |