CN109617896A - A kind of Internet of Things access control method and system based on intelligent contract - Google Patents
A kind of Internet of Things access control method and system based on intelligent contract Download PDFInfo
- Publication number
- CN109617896A CN109617896A CN201811616085.0A CN201811616085A CN109617896A CN 109617896 A CN109617896 A CN 109617896A CN 201811616085 A CN201811616085 A CN 201811616085A CN 109617896 A CN109617896 A CN 109617896A
- Authority
- CN
- China
- Prior art keywords
- node
- access
- resource
- access control
- contract
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The access control method and system that the present invention relates to a kind of based on intelligent contract under environment of internet of things.The Internet of Things includes the first node and second node by network connection, and the method includes at first node: sending the resource access request for requesting access to the resource of second node to second node;The redirection instruction from second node is received, first node is redirected to intelligent contract associated with second node by the redirection instruction;Call the intelligent contract on block chain;And the response of the implementing result as the intelligent contract is received, the response includes the access token for the resource that the permission first node accesses second node or the refusal to the resource access request.
Description
Technical field
This disclosure relates to internet of things field, in particular to a kind of Internet of Things access control method based on intelligent contract
And system.
Background technique
With the development of the technologies such as smart home, digital medical and car networking, Internet of Things application is more universal, and safety is asked
It inscribes also further concerned.Internet of Things should meet safely three important characteristics: confidentiality, integrality and availability.Confidentiality is
Unauthorized object accesses sensitive information in order to prevent, while ensuring the accessible information of authorization object.Integrality ensures data
It is not tampered in transmission process.Availability is to ensure that data can be used at any time, guarantees redundancy.Authentication and access control are objects
The important component for safety of networking.
Accordingly, there exist the demands for the Internet of Things access control method with the safety of enhancing and system.
Summary of the invention
According to the disclosure in a first aspect, providing a kind of access control side based on intelligent contract under environment of internet of things
Method, the Internet of Things include the first node and second node by network connection, and the method includes at first node: to
Second node sends the resource access request for requesting access to the resource of second node;Receive the redirection from second node
First node is redirected to intelligent contract associated with second node by instruction, the redirection instruction;It calls on block chain
The intelligent contract;And the response of the implementing result as the intelligent contract is received, the response includes described in permission
First node accesses the access token of the resource of second node or the refusal to the resource access request.This method further includes,
At first node: sending the access request including the access token to second node;And it receives from second node
For allowing or the response of the resource of denied access second node.
According to the second aspect of the disclosure, a kind of access control side based on intelligent contract under environment of internet of things is provided
Method, the Internet of Things include the first node and second node by network connection, and the method includes at second node: connecing
Receive the resource access request of the resource for requesting access to second node from first node;And it is sent to first node
Instruction is redirected, first node is redirected to intelligent contract associated with second node by the redirection instruction.Described
One node calls the intelligent contract on block chain after receiving the redirection instruction, and receives as the intelligence
The response of the implementing result of contract, the response include the access token for allowing the resource of the first node access second node
Or the refusal to the resource access request.The method also includes at second node: receiving from the first node
Access request including the access token;The access token is sent to the intelligent contract to check the access token
Legitimacy;And it is sent to the first node for allowing or the sound of the resource of denied access second node according to inspection result
It answers.
According to the third aspect of the disclosure, a kind of computer system is provided, comprising: one or more processors;With
And one or more memories, it is configured as storage series of computation machine executable instruction, wherein the series of computation machine
Executable instruction makes one or more processor execute basis when being run by one or more processor
The method that the disclosure is recorded.
According to the fourth aspect of the disclosure, a kind of non-transient computer-readable medium is provided, calculating is stored thereon with
Machine executable instruction, the computer executable instructions make one or more when being run by one or more processors
Multiple processors execute the method recorded according to the disclosure.
According to the 5th of disclosure aspect, provide it is a kind of under environment of internet of things based on the access control of intelligent contract
System processed includes the steps that the component for executing the method recorded according to the disclosure.
By referring to the drawings to the detailed description of exemplary embodiment of the present invention, other feature of the invention and its
Advantage will become more apparent from.
Detailed description of the invention
The attached drawing for constituting part of specification describes embodiment of the disclosure, and together with the description for solving
Release the principle of the disclosure.
The disclosure can be more clearly understood according to following detailed description referring to attached drawing, in which:
Fig. 1 shows traditional access control technology.
Fig. 2 shows according to the implementation of disclosure exemplary embodiment based on the Internet of Things of the access control method of intelligent contract
Planar network architecture.
Fig. 3 shows the flow chart of the access control method based on intelligent contract according to disclosure exemplary embodiment.
Fig. 4 shows the process of the method executed according to the node for requesting access to resource of disclosure exemplary embodiment
Figure.
Fig. 5 shows the process of the method executed according to the node of the requested access resource of disclosure exemplary embodiment
Figure.
Fig. 6 shows the intelligent contract system based on block chain according to disclosure exemplary embodiment.
Fig. 7 shows the structure of the Transaction Information according to disclosure exemplary embodiment.
Fig. 8 shows the registration contract according to disclosure exemplary embodiment.
Fig. 9 shows the memory mechanism of the internet of things oriented access control according to disclosure exemplary embodiment.
Figure 10 shows the exemplary configuration that the calculating equipment of embodiment according to the present invention may be implemented.
Specific embodiment
Carry out detailed description of the present invention preferred embodiment below with reference to the accompanying drawings.It is not details and function required in this invention
It can be omitted, so as not to which understanding of the invention can be obscured.
It note that similar reference number refers to the similar project in figure with letter, thus once in a width figure
A project is defined, there is no need to discuss in figure later.
In the disclosure, term " first ", " second " etc. are only used only for distinguishing between element or step, and simultaneously
It is not intended to indicate time sequencing, priority or importance.
Fig. 1 shows traditional access control technology.As shown in Figure 1, node A sends resource to node B in step 101
Access request is to request access to the resource of node B.Node B accepts or rejects node A's by the determination of access control treatment mechanism
Access request.Then in step 102, node B is sent to node A to be received and denied access request.When access request is received,
In step 103, node A is according to the authorization of node B come the data of accessed node B.This traditional technology there may be very much
Problem.One problem be traditional access control technology be based on centralization framework, when individual node breaks down, may
Cause the operation of relevant node to be unable to complete, that is, there are problems that Single Point of Faliure.In addition, considerable internet of things equipment calculates energy
Power is low, therefore is difficult to execute authentication or access control processing.In addition, traditional technology entrusts authentication and access control
It holds in the palm to third-party server, this can destroy end-by-end security, lead to serious safety problem.
The present invention is above-mentioned to solve by providing a kind of Internet of Things access control technology of intelligent contract based on block chain
One or more of problem.It should be noted that the present invention also can solve the problem of other are not mentioned.Below by some examples
Property embodiment be described in detail the disclosure inventive concept.
Fig. 2 shows according to the implementation of disclosure exemplary embodiment based on the Internet of Things of the access control method of intelligent contract
Planar network architecture.As shown in Fig. 2, Internet of things system 200 generally may include by one or more servers 201 of network connection,
Such as store one or more databases 202 of equipment etc, the terminal device 203, one of such as computer, mobile phone etc
A or multiple things-internet gateways 204, one or more internet of things equipment 205,206 etc..The Internet of things system further includes operating in
Access control intelligence contract system 207 on block chain.Server 201 is interacted with terminal device 203, with from terminal device 203
Receive request and returning response.Server 201 is also interacted with internet of things equipment 204,205, database 202, accesses data, and
Data and service are supplied to the user of terminal device.Control, fire alarm and the environment of such service such as smart home
Monitoring etc..Database 202 is stored in relation to server, sensor and data of user etc..Terminal device 203 may include desk-top
The equipment such as machine, notebook computer, smart phone, tablet computer.User is sent by terminal device 203 and requests and taken
Business.Things-internet gateway 204 is used to access network for internet of things equipment 205 and 206 etc. and provides agency service.Internet of things equipment
205 and 206 can sense environmental data (such as cigarette sense, temperature and humidity), and execute specific operation (as opened air-conditioning, starting
Alarm etc.).
Internet of things system 200 can also include be stored in and run on block chain for realizing access control
Intelligence and about 207.As known to those skilled, block chain is a kind of distributed account book database of decentralization.Intelligence
Energy contract is a set of contract for defining and realizing in digital form.Intelligent contract on block chain is one group of computer that can be run
Code, these codes can be realized the process of exchange of assets.Assets may include data, voucher etc., can be by specific business
Affiliate's common definition under scene.One or more intelligent contracts, and institute are all saved in all nodes in block chain
The number and type of the intelligent contract saved on node are identical, and for each intelligent contract, are all had unique
Address, the address is for uniquely identifying a kind of intelligent contract.The present invention is by the intelligent contract based on block chain come to node
Access controlled.
Below with reference to Fig. 3 description according to the access control method based on intelligent contract of disclosure exemplary embodiment.Section
Point A and node B is the node on Internet of Things.It is assumed here that node A wants to execute access operation to protected node B, such as read
It takes or write operation.The process for executing access control for the first time is as described below.
In step 301, node A sends the resource access request for requesting access to the resource of node B to node B.
In step 302, node B is sent to node A redirects instruction, the redirections instruction node A is redirected to and
The associated intelligent contract of node B.
In step 303, node A sends the resource access request to block chain to call intelligent contract.
In step 304, the block chain for receiving resource access request generates transaction, such as GetAccess transaction, the transaction
The relevant informations such as node B are desired access to comprising node A.In the structure that will describe Transaction Information herein below.
In the step 304, the transaction of generation is broadcast to all nodes on block chain so that the intelligence by block chain
Energy contract digs mine behavior by miner and is performed.
In step 305, after the intelligent contract is performed, determine whether the node A has the money of accessed node B
The permission in source;
Within step 306, when permission of the node A without the resource of accessed node B, Xiang Jiedian A sends refusal
The response of request.
In step 307, when permission of the node A with the resource of accessed node B, the transaction is increased into institute
It states in block chain, and in step 308, Xiang Suoshu node A sends the response comprising access token.
So far, step 301 to 308 for node A for the first time accessed node B when registration process.Node A saves access order
Board, and afterwards always using the access token as the key of accessed node B resource.It continues with after describing registration process
Access process.
In a step 309, node A sends the access request including the access token to node B.
In the step 310, node B is when receiving the access request including access token, described in the transmission of Xiang Zhineng contract
Access token is to check the legitimacy of the access token.
In step 311, node B is sent to the node A for allowing or denied access node A according to inspection result
The response of resource.When allowing node A to carry out resource access, node A carries out the resource access to node B.
It should be appreciated that the present invention can be not limited to above-mentioned steps, it may include additional step or delete some steps, with
And the sequence of step can be different.And the present invention does not need to execute above-mentioned all steps, in order to specific one or it is multiple
A part of step can be only executed when purpose.
Fig. 4 is shown according to the method executed on the node A for requesting access to resource of disclosure exemplary embodiment
Flow chart.
As shown in figure 4, in step 401, the resource that node A sends the resource for requesting access to node B to node B is visited
Ask request.
In step 402, node A receives the redirection instruction from node B, and the redirection instruction resets node A
To intelligent contract associated with node B.
In step 403, node A calls the intelligent contract.
In step 404, node A receives the response of the implementing result as the intelligent contract, and the response includes permitting
Perhaps the access token of the resource of the described first node access second node or the response of denied access request.
The above are node A for the first time accessed node B when performed registration process.Following step 405 and 406 is to access
Journey.If non-access for the first time, following access process can be directly executed without carrying out above-mentioned registration process.
In step 405, node A sends the access request including the access token to node B.
In a step 406, node A receive from node B for allowing or the response of the resource of denied access node B.
When resource of the response for permission accessed node B, node A starts the resource of accessed node B.
Fig. 5 shows the stream according to the node B of the requested access resource of the disclosure exemplary embodiment method executed
Cheng Tu.
As shown in figure 5, in step 501, resource for request access to node B of the Node-B receiver from node A
Resource access request.
In step 502, Xiang Jiedian A, which is sent, redirects instruction, and redirections, which instructs, is redirected to node A and node
The associated intelligent contract of B.
After the completion of the registration process referring to described in Fig. 3, in step 503, packet of the Node-B receiver from the node A
Include the access request of the access token.
In step 504, node B sends the access token to the intelligent contract to check the conjunction of the access token
Method.
In step 505, node B is sent to the node A for allowing or denied access node B according to inspection result
The response of resource.
The present invention is accessed control by the intelligent contract on block chain, can eliminate the Single Point of Faliure of access control
Problem.In addition, present invention addresses when internet of things equipment processing capacity is low, main body (such as user, process or server
Deng) on object (such as sensor or executing agency) execute reading and writing and operation operation access mandate problem.
Below with reference to Fig. 6 description according to the intelligent contract system based on block chain of disclosure exemplary embodiment.
As shown in fig. 6, preserving Transaction Information and intelligent contract on block chain.Fig. 7 is shown accoding to exemplary embodiment
Transaction Information structure schematic diagram.Every Transaction Information also may be constructed a strategy.As shown in fig. 7, Transaction Information packet
Include multiple fields, comprising:
Resource: the resource of definition strategy, such as temperature sensor temperature, cigarette sense sensor concentration;
Operation: the operation that resource is executed, such as read, be written etc.;
Permission: operationally predefined permission, such as allow, refuse etc.;
The last visit time (ToLR): the time of the last time access data;
Allow access time: resource allows the accessed time.
Intelligent contract on block chain may include multiple access controls and about ACC, a judge and Yue JC and note
Volume and about RC.Based on access control and about ACC-object provides a kind of access control method, the method achieve based on predetermined
The access authority verification of adopted rule, and provide increase, update and delete access control policy.If node A is wanted access to
The data of node B, then the access control contract of Node B data is by its gateway proxy arrangement of node B.Access control and about ACC are also
Following main programming interface is provided to carry out management strategy and implement access control.
PolicyAdd (): addition strategy.
PolicyUpdate (): more new strategy.
PolicyDelete (): deletion strategy.
AccessControl (): requesting access to resource, returns to the access mandate to resource.
SetJC (): in order to make ACC be able to carry out the programming interface of JC, the example that ACC needs to retain JC.
DeleteACC (): access control contract is deleted.
Judge and Yue JC realize the dynamic access verifying of ACC.For example, judge and Yue JC receive the error row from ACC
To report, and access mandate is determined whether according to misdeed, to realize the dynamic authentication of ACC.
Registration and about RC are for adding, updating and deleting access control contract.Registration and about RC safeguard a look-up table, should
Information needed for table registration is to search and execute all methods.Fig. 8 shows registration and an example of about RC.The look-up table example
It such as include main body, object, contract title, contract founder, contract address and programming interface.Registration and about RC provide following
Interface:
MethodRegister (): increase contract.
MethodUpdate (): contract is updated.
MethodDelete (): contract is deleted.
GetContract (): contract address and programming interface are obtained.
Present disclose provides a kind of storage methods and storage organization in face of Internet of Things access control.Fig. 9 shows basis
The memory mechanism of the Transaction Information of disclosure exemplary embodiment and intelligent contract." contract " stores intelligent contract information, plan
Slightly _ 1, strategy _ 2 etc. store access control policy.
When Internet of things system increases new internet of things equipment (such as fire-fighting smoke detector), the agent node (packet of Internet of Things
Include the nodes such as server, terminal and gateway, hereinafter referred to as things-internet gateway) public key and private key are distributed for the internet of things equipment, and
Using public key as internet of things equipment account.The private key encryption contract of the things-internet gateway internet of things equipment generates ACC and about 2,
The contract list of contract structure shown in Fig. 9 is written.
User or safety officer can write Internet of Things access control rule for new internet of things equipment, or modification is led to
The Internet of Things access control rule of AI algorithm generation is crossed, these access control rules are stored in block N.User or safety management
Member checks the access control rule being stored in block N, and further modifies access control rule, modified access control rule
It is then stored in block N+1.
As shown in figure 9, access control rule passes through Merck youngster tree (Merkle Tree) data structure organization.Such as strategy _
2 include three transaction records, is record 1, record 2, record 3 respectively.Every transaction record corresponds to specific Internet of Things configuration, point
It is not Internet of Things 1, Internet of Things 2, Internet of Things 3.Internet of Things 3 includes two safety regulations, is safety regulation 4 and safety regulation respectively
5.Every safety regulation can be further separated into sub-rule again, such as rule 5 is segmented into sub-rule 6, sub-rule 7, sub-rule
8.And so on.
If user makes an amendment safety regulation, such as user is modified to be advised safely to safety regulation 8
Then 8_1, modified rule are saved in block N+1.In block N+1, new safety regulation is rule 6, rule 7, rule
8_1.Merck youngster's cryptographic Hash is recalculated according to new safety regulation and obtains safety regulation storage root Hash_5_1, further again
Calculate Merck youngster cryptographic Hash 3_1 and Policy_3.And so on.
Figure 10 shows the exemplary configuration that the calculating equipment 1000 of embodiment according to the present invention may be implemented.Calculating is set
Standby 1000 be the example that can apply the hardware device of aforementioned aspect of the present invention.Calculating equipment 1000 can be configured as holding
Any machine row processing and/or calculated.Calculating equipment 1000 can be but be not limited to work station, server, desk-top calculating
Machine, laptop computer, tablet computer, personal data assistants (PDA), smart phone, car-mounted computer or combination of the above.
As shown in Figure 10, calculate equipment 1000 may include may via one or more Interface & Bus 1020 connect or
One or more elements of communication.Bus 1002 can include but is not limited to, Industry Standard Architecture (Industry Standard
Architecture, ISA) bus, Micro Channel Architecture (Micro Channel Architecture, MCA) bus, enhancing ISA
(EISA) bus, Video Electronics Standards Association (VESA) local bus and peripheral component interconnection (PCI) bus etc..Calculating is set
Standby 1000 may include such as one or more processors 1004, one or more input equipments 1006 and one or more
Output equipment 1008.One or more processors 1004 can be any kind of processor, and can include but is not limited to
One or more general processors or application specific processor (such as dedicated processes chip).Input equipment 1006 can be can be to meter
Any kind of input equipment of equipment input information is calculated, and can include but is not limited to mouse, keyboard, touch screen, Mike
Wind and/or remote controllers.Output equipment 1008 can be any kind of equipment that information can be presented, and may include
But it is not limited to display, loudspeaker, video/audio outlet terminal, vibrator and/or printer.
Calculating equipment 1000 can also include or be connected to non-transient storage equipment 1014, the non-transient storage equipment
1014 can be storage equipment any non-transient and that data storage may be implemented, and can include but is not limited to disk drive
Dynamic device, light storage device, solid-state memory, floppy disk, flexible disk, hard disk, tape or any other magnetic medium, compact disk are appointed
What his optical medium, buffer memory and/or any other storage chip or module, and/or computer can be from wherein reading
Other any media of access evidence, instruction and/or code.Calculating equipment 1000 can also include random access memory (RAM)
1010 and read-only memory (ROM) 1012.ROM 1012 can store pending program, utility program in a non-volatile manner
Or process.RAM 1010 can provide volatile data storage, and store instruction relevant to the operation of equipment 1000 is calculated.It calculates
Equipment 1000 may also include the network/bus interface 1016 for being coupled to data link 10110.Network/bus interface 1016 can be with
It is any kind of equipment or system that can be enabled with external device (ED) and/or network communication, and can include but is not limited to
Modem, network card, infrared communication equipment, wireless telecom equipment and/or chipset (such as bluetoothTMEquipment,
1302.11 equipment, WiFi equipment, WiMax equipment, cellular communication facility etc.).
It can come individually or in any combination using the various aspects of foregoing embodiments, embodiment, specific reality
It applies or feature.The various aspects of foregoing embodiments can be realized by the combination of software, hardware or hardware and software.
For example, foregoing embodiments can be presented as the computer-readable code on computer-readable medium.It is computer-readable
Medium be can storing data any data storage device, the data can read thereafter by computer system.It is computer-readable
The example of medium includes read-only memory, random access memory, CD-ROM, DVD, tape, hard disk drive, solid state drive
And optical data storage.Computer-readable medium, which can be also distributed in the computer system of network-coupled, makes computer can
Code is read to store and execute in a distributed way.
For example, the form of hardware circuit can be used in foregoing embodiments.Hardware circuit may include combinatorial circuit,
Clock stores equipment (floppy disk, trigger, latch etc.), finite state machine, such as static random access memory or embedding
Enter any combination of memory, custom design circuit, programmable logic array of formula dynamic random access memory etc..
It in one embodiment, can be by encoding electricity with the hardware description language (HDL) of such as Verilog or VHDL
Road describes to realize the hardware circuit according to the disclosure.It can be for the cell library synthesis of given ic manufacturing technology design
HDL description, and can will be final to obtain final design database for timing, power and other reasons modification
Design database is transferred to factory to produce integrated circuit by semi-conductor manufacturing system.Semi-conductor manufacturing system can pass through (example
As on the chip that may include exposure mask) deposited semiconductor material, remove material, change institute's deposition materials shape, (such as pass through
Dopant material utilizes ultraviolet processing to modify dielectric constant) integrated circuit is produced to material modification etc..Integrated circuit can be with
Including transistor and can also include other circuit elements (for example, the passive elements such as capacitor, resistor, inductor) with
And the interconnection between transistor and circuit element.The multiple integrated circuits being coupled together may be implemented in some embodiments, with
It realizes hardware circuit, and/or discrete elements can be used in some embodiments.
Although passed through example illustrates some specific embodiments of the present invention in detail, those skilled in the art should
Understand, above-mentioned example, which is intended merely to, to be illustrative and do not limit the scope of the invention.It should be appreciated by those skilled in the art that above-mentioned
Embodiment can be modified in the case where without departing from the scope and spirit of the invention.The scope of the present invention is by appended power
Benefit requires restriction.
Claims (16)
1. a kind of access control method based on intelligent contract under environment of internet of things, which includes by network connection
First node and second node, the method includes at first node:
The resource access request for requesting access to the resource of second node is sent to second node;
The redirection instruction from second node is received, first node is redirected to and second node phase by the redirection instruction
Associated intelligence contract;
Call the intelligent contract on block chain;And
The response of the implementing result as the intelligent contract is received, the response includes that the first node is allowed to access second
The access token of the resource of node or refusal to the resource access request.
2. access control method as described in claim 1, further includes, at first node:
The access request including the access token is sent to second node;And
Receive from second node for allowing or the response of the resource of denied access second node.
3. access control method as claimed in claim 2, wherein the second node is being received including the access token
Access request when, send the access token to the intelligent contract to check the legitimacy of the access token, and root
It is sent to the first node for allowing or the response of the resource of denied access second node according to inspection result.
4. access control method as described in claim 1, wherein the block chain is configured as:
Receive the resource access request;
Generate Transaction Information;
The Transaction Information is broadcast to all nodes on block chain so that the intelligence contract is held by the node on block chain
Row;
After the intelligent contract is executed by the node on block chain, determine whether the first node has access second node
Resource permission;
When the first node has the permission of the resource of access second node, the Transaction Information is increased into the block
In chain, and the response comprising the access token is sent to the first node;And
When the first node does not have the permission of the resource of access second node, Xiang Suoshu first node is sent comprising to institute
State the response of the refusal of resource access request.
5. access control method as claimed in claim 4, wherein the Transaction Information includes with the resource of second node, to
Permission, last visit time and the permission access time related information of operation, the operation that two nodes execute.
6. access control method as described in claim 1, wherein the intelligence contract includes access control contract, registration contract
With judge's contract,
Wherein a node on Internet of Things described in access control Contracts Definitions is described to the access control method of another node
Access control method includes access authority;
The registration contract includes the information in relation to the access control contract, for managing the access control contract;And
Judge's contract receives the report from the access control contract, and determines whether authorization access.
7. access control method as claimed in claim 4, wherein Transaction Information and intelligent contract are deposited with Merkel's tree construction
On block chain, the Transaction Information corresponds at least one rule for storage,
Wherein when at least one described rule is modified on current block, after modified rule and corresponding modification
Transaction Information be stored on next block of the current block.
8. a kind of access control method based on intelligent contract under environment of internet of things, which includes by network connection
First node and second node, the method includes at second node:
Receive the resource access request of the resource for requesting access to second node from first node;And
It is sent to first node and redirects instruction, first node is redirected to associated with second node by the redirection instruction
Intelligent contract.
9. access control method as claimed in claim 8, wherein the first node is after receiving the redirection instruction,
The intelligent contract on block chain is called, and receives the response of the implementing result as the intelligent contract, the response bag
The access token for the resource for allowing the first node to access second node or the refusal to the resource access request are included,
Wherein the method also includes at second node:
Receive the access request including the access token from the first node;
The access token is sent to the intelligent contract to check the legitimacy of the access token;And
It is sent to the first node for allowing or the response of the resource of denied access second node according to inspection result.
10. access control method as claimed in claim 8, wherein the block chain is configured as:
Receive the resource access request;
Generate Transaction Information;
The Transaction Information is broadcast to all nodes on block chain so that the intelligence contract is held by the node on block chain
Row;
After the intelligent contract is executed by the node on block chain, determine whether the first node has access second node
Resource permission;
When the first node has the permission of the resource of access second node, the Transaction Information is increased into the block
In chain, and the response comprising the access token is sent to the first node;And
When the first node does not have the permission of the resource of access second node, Xiang Suoshu first node is sent comprising to institute
State the response of the refusal of resource access request.
11. access control method as claimed in claim 10, wherein the Transaction Information includes and the resource of second node, right
The permission of operation, the operation that second node executes, the time of last time request and permission access time related information.
12. access control method as claimed in claim 8, wherein the intelligence contract includes access control contract, registration conjunction
About with judge's contract,
Wherein a node on Internet of Things described in access control Contracts Definitions is described to the access control method of another node
Access control method includes access authority;
The registration contract includes the information in relation to the access control contract, for managing the access control contract;And
Judge's contract receives the report from the access control contract, and determines whether authorization access.
13. access control method as claimed in claim 12, wherein Transaction Information and intelligent contract are with Merkel's tree construction quilt
It being stored on block chain, the Transaction Information corresponds at least one rule,
Wherein when at least one described rule is modified on current block, after modified rule and corresponding modification
Transaction Information be stored on next block of the current block.
14. a kind of computer system, comprising:
One or more processors;And
One or more memories are configured as storage series of computation machine executable instruction,
Wherein the series of computation machine executable instruction makes described one when being run by one or more processor
A or more processor executes any one of method according to claim 1 in -13.
15. a kind of non-transient computer-readable medium, is stored thereon with computer executable instructions, the computer is executable
Instruction make when being run by one or more processors one or more processor execute according to claim 1-
Any one of method in 13.
16. a kind of access control system for based on intelligent contract under environment of internet of things, including for executing according to right
It is required that the component of the step of any one of method in 1-13.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811616085.0A CN109617896B (en) | 2018-12-28 | 2018-12-28 | Internet of things access control method and system based on intelligent contract |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811616085.0A CN109617896B (en) | 2018-12-28 | 2018-12-28 | Internet of things access control method and system based on intelligent contract |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109617896A true CN109617896A (en) | 2019-04-12 |
| CN109617896B CN109617896B (en) | 2021-07-13 |
Family
ID=66011682
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811616085.0A Active CN109617896B (en) | 2018-12-28 | 2018-12-28 | Internet of things access control method and system based on intelligent contract |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109617896B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110278255A (en) * | 2019-06-13 | 2019-09-24 | 深圳前海微众银行股份有限公司 | A kind of method and device of the Internet of Things IOT communication between devices based on block chain |
| CN110535880A (en) * | 2019-09-25 | 2019-12-03 | 四川师范大学 | The access control method and system of Internet of Things |
| CN110716441A (en) * | 2019-11-08 | 2020-01-21 | 北京金茂绿建科技有限公司 | Method for controlling intelligent equipment, intelligent home system, equipment and medium |
| CN110809006A (en) * | 2019-11-14 | 2020-02-18 | 内蒙古大学 | Block chain-based Internet of things access control architecture and method |
| CN112116348A (en) * | 2020-08-12 | 2020-12-22 | 北京智融云河科技有限公司 | Access control method for node resource |
| CN112560077A (en) * | 2019-09-10 | 2021-03-26 | 北京国双科技有限公司 | Access control method, device and system |
| CN112910996A (en) * | 2021-01-30 | 2021-06-04 | 上海上实龙创智能科技股份有限公司 | Internet of things equipment access control method, system, device and storage medium |
| CN113542117A (en) * | 2021-07-09 | 2021-10-22 | 重庆邮电大学 | Internet of things equipment resource access control method based on hierarchical block chain |
| CN113615140A (en) * | 2019-08-30 | 2021-11-05 | Oppo广东移动通信有限公司 | Access method, device and equipment of collection resource and storage medium |
| CN113938493A (en) * | 2021-10-09 | 2022-01-14 | 中国人民大学 | Point-to-point resource sharing method, system, medium and computing equipment in Internet of things |
| CN115277168A (en) * | 2022-07-25 | 2022-11-01 | 绿盟科技集团股份有限公司 | Method, device and system for accessing server |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107682331A (en) * | 2017-09-28 | 2018-02-09 | 复旦大学 | Internet of Things identity identifying method based on block chain |
| CN108270780A (en) * | 2018-01-08 | 2018-07-10 | 中国电子科技集团公司第三十研究所 | A kind of heterogeneous network environment multicenter digital identity management method |
| CN108763955A (en) * | 2018-05-20 | 2018-11-06 | 深圳市图灵奇点智能科技有限公司 | Running data sharing method and device, system and computer storage media |
| CN108848063A (en) * | 2018-05-24 | 2018-11-20 | 中链科技有限公司 | Data processing method, system and computer readable storage medium based on block chain |
| CN108965299A (en) * | 2018-07-19 | 2018-12-07 | 清华大学 | A kind of data access method, access verifying equipment and data-storage system |
| CN108989357A (en) * | 2018-09-12 | 2018-12-11 | 中国人民解放军国防科技大学 | User authorization and data sharing access control method based on block chain |
-
2018
- 2018-12-28 CN CN201811616085.0A patent/CN109617896B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107682331A (en) * | 2017-09-28 | 2018-02-09 | 复旦大学 | Internet of Things identity identifying method based on block chain |
| CN108270780A (en) * | 2018-01-08 | 2018-07-10 | 中国电子科技集团公司第三十研究所 | A kind of heterogeneous network environment multicenter digital identity management method |
| CN108763955A (en) * | 2018-05-20 | 2018-11-06 | 深圳市图灵奇点智能科技有限公司 | Running data sharing method and device, system and computer storage media |
| CN108848063A (en) * | 2018-05-24 | 2018-11-20 | 中链科技有限公司 | Data processing method, system and computer readable storage medium based on block chain |
| CN108965299A (en) * | 2018-07-19 | 2018-12-07 | 清华大学 | A kind of data access method, access verifying equipment and data-storage system |
| CN108989357A (en) * | 2018-09-12 | 2018-12-11 | 中国人民解放军国防科技大学 | User authorization and data sharing access control method based on block chain |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110278255B (en) * | 2019-06-13 | 2021-10-15 | 深圳前海微众银行股份有限公司 | Method and device for communication between IOT (Internet of things) devices based on block chain |
| CN110278255A (en) * | 2019-06-13 | 2019-09-24 | 深圳前海微众银行股份有限公司 | A kind of method and device of the Internet of Things IOT communication between devices based on block chain |
| CN113615140B (en) * | 2019-08-30 | 2023-04-04 | Oppo广东移动通信有限公司 | Access method, device and equipment of collection resource and storage medium |
| CN113615140A (en) * | 2019-08-30 | 2021-11-05 | Oppo广东移动通信有限公司 | Access method, device and equipment of collection resource and storage medium |
| CN112560077A (en) * | 2019-09-10 | 2021-03-26 | 北京国双科技有限公司 | Access control method, device and system |
| CN110535880A (en) * | 2019-09-25 | 2019-12-03 | 四川师范大学 | The access control method and system of Internet of Things |
| CN110535880B (en) * | 2019-09-25 | 2022-06-14 | 四川师范大学 | Access control method and system of Internet of things |
| CN110716441A (en) * | 2019-11-08 | 2020-01-21 | 北京金茂绿建科技有限公司 | Method for controlling intelligent equipment, intelligent home system, equipment and medium |
| CN110809006A (en) * | 2019-11-14 | 2020-02-18 | 内蒙古大学 | Block chain-based Internet of things access control architecture and method |
| CN112116348A (en) * | 2020-08-12 | 2020-12-22 | 北京智融云河科技有限公司 | Access control method for node resource |
| CN112116348B (en) * | 2020-08-12 | 2024-05-03 | 北京智融云河科技有限公司 | Access control method for node resources |
| CN112910996A (en) * | 2021-01-30 | 2021-06-04 | 上海上实龙创智能科技股份有限公司 | Internet of things equipment access control method, system, device and storage medium |
| CN113542117A (en) * | 2021-07-09 | 2021-10-22 | 重庆邮电大学 | Internet of things equipment resource access control method based on hierarchical block chain |
| CN113938493A (en) * | 2021-10-09 | 2022-01-14 | 中国人民大学 | Point-to-point resource sharing method, system, medium and computing equipment in Internet of things |
| CN115277168A (en) * | 2022-07-25 | 2022-11-01 | 绿盟科技集团股份有限公司 | Method, device and system for accessing server |
| CN115277168B (en) * | 2022-07-25 | 2023-05-26 | 绿盟科技集团股份有限公司 | Method, device and system for accessing server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109617896B (en) | 2021-07-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109617896A (en) | A kind of Internet of Things access control method and system based on intelligent contract | |
| CN110990804B (en) | Resource access method, device and equipment | |
| CN110060162B (en) | Data authorization and query method and device based on block chain | |
| KR102068349B1 (en) | Blockchain system and data storage method and device | |
| TWI736705B (en) | Business processing method and device | |
| CN111539813B (en) | Method, device, equipment and system for backtracking processing of business behaviors | |
| US9727751B2 (en) | Method and apparatus for applying privacy policies to structured data | |
| US9049013B2 (en) | Trusted security zone containers for the protection and confidentiality of trusted service manager data | |
| WO2021114937A1 (en) | Blockchain-based service processing method, apparatus and device | |
| CN109522751A (en) | Access right control method, device, electronic equipment and computer-readable medium | |
| CN114254336A (en) | Method, apparatus and system for enforcing data boundaries by using boundary tags | |
| CN112182506A (en) | Data compliance detection method, device and equipment | |
| JP2023520212A (en) | Privacy-centric data security in cloud environments | |
| CN113221142A (en) | Authorization service processing method, device, equipment and system | |
| Abdul et al. | Enhancing Security of Mobile Cloud Computing by Trust‐and Role‐Based Access Control | |
| CN111737304B (en) | Processing method, device and equipment of block chain data | |
| Ghosh et al. | Securing loosely-coupled collaboration in cloud environment through dynamic detection and removal of access conflicts | |
| CN115022039B (en) | Information processing method, apparatus, device and storage medium | |
| Kumar et al. | Real geo‐time‐based secured access computation model for e‐Health systems | |
| CN112837776A (en) | Block chain data privacy security protection method based on prescription transfer platform | |
| CN114301710B (en) | Method for determining whether message is tampered, secret pipe platform and secret pipe system | |
| Silva et al. | Privacy preservation in temporary use of iot environments | |
| Semwal et al. | Blockchain graphs (BCGs) to support right-to-be-forgotten “RTBF” in blockchains | |
| CN112818380B (en) | Backtracking processing method, device, equipment and system for business behaviors | |
| US20230367898A1 (en) | System and method for data privacy control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |