CN110086804B - Internet of things data privacy protection method based on block chain and trusted hardware - Google Patents
Internet of things data privacy protection method based on block chain and trusted hardware Download PDFInfo
- Publication number
- CN110086804B CN110086804B CN201910338028.9A CN201910338028A CN110086804B CN 110086804 B CN110086804 B CN 110086804B CN 201910338028 A CN201910338028 A CN 201910338028A CN 110086804 B CN110086804 B CN 110086804B
- Authority
- CN
- China
- Prior art keywords
- data
- ida
- internet
- block chain
- trusted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/53—Network services using third party service providers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Bioethics (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a block chain and trusted hardware-based internet of things data privacy protection method, which comprises three stages of key management and data generation, data access control strategy definition and intelligent contract deployment, and data access and intelligent contract execution, wherein internet of things data is encrypted by a hardware trusted entity IDA and the encrypted data is uploaded to a cloud for storage; when an operation request exists, the trusted entity calls an access control authentication interface of the intelligent contract to carry out authority authentication; after the authority authentication is passed, the trusted entity performs security authentication on the operation execution server and sends the key to the data operation execution server through a security channel; the server decrypts the data and executes the operation after downloading the data from the cloud, and writes the data use record into the block chain after the data analysis operation is completed. According to the scheme, the block chain is combined with the trusted entity, so that the data is effectively operated under the condition that the privacy of the original data is not disclosed, and the integrity and the safety of the data use record are ensured.
Description
Technical Field
The invention belongs to the field of Internet of things privacy protection, a block chain and trusted hardware, and particularly relates to an Internet of things data privacy protection method based on the block chain and the trusted hardware.
Background
With the development of the technology of the internet of things, the application of the internet of things in life is more and more popular, including smart home, smart wearing, car networking, smart medical treatment and the like. A large amount of data are generated in the Internet of things equipment and uploaded to a cloud database of a service provider to provide various Internet of things services. For example, in a samsung intelligent home system, various data generated by internet of things equipment in a user's home are uploaded to a cloud database of a service provider, so that a system cloud server can conveniently realize intelligent management and control by processing the data; the user monitors information such as blood pressure and heartbeat in real time by wearing the intelligent bracelet, and sends the information to a service provider so as to provide more accurate and real-time medical service for the user. These internet of things data often involve much personal privacy, so it is essential to protect the private data from being revealed to third parties and for uses unknown to the user.
Current research on protecting data privacy focuses on two areas: the first is data access control, through which the access capability and access range of a user accessing data to the data are set, unauthorized access will be denied, thereby protecting data privacy. However, existing access control technologies all rely on a trusted third party for authentication and authorization, and the trusted third party is not always trustworthy, and may sell security information such as user data or access control for the benefit of the trusted third party. And secondly, data anonymization, wherein the key part of private data is fuzzified by the data anonymization, so that the relation between the data and a user is eliminated, but the data can still be processed to obtain some useful information, and thus the data privacy is protected. These studies are focused on how to control which data a user accesses without revealing privacy, and there is no method to control what operation processing is performed on data after the user who requests to access the data gets the data, and whether the operation is only used for an analysis operation performed for providing services to a data owner, which are issues of concern to the data owner.
The block chain is a distributed account book technology which is gradually raised along with the increasing popularization of digital currencies such as bitcoin and the like, and has the characteristics of decentralization, safety, credibility, tamper resistance, programmability and the like. In recent years, the blockchain has become a platform solution independent of the bitcoin, and the core idea is to use the blockchain as a programmable distributed credit infrastructure to support intelligent contract application, and distinguish the blockchain as a virtual currency supporting platform in the past. Intelligent contracts are executable code deployed on a blockchain that can be executed on behalf of various signers without relying on central authorities to automate the execution of the contracts. Because the intelligent contract has the characteristics of low running cost, low human intervention risk, accurate execution and the like, the intelligent contract is applied to various fields, such as transaction and fair exchange, identity management, the Internet of things, medical record privacy, crowd funding and the like.
Trusted hardware is one of the important bases of Trusted computing, and a Trusted Execution Environment (TEE) can be constructed on a device based on the Trusted hardware. TEE is a concept proposed by Global Platform (GP), and currently, the most widely used research is Intel SGX (Intel Software Guard Extensions), which is an extension to Intel system (IA) for enhancing Software security. In the mode, all malicious software on the platform is not identified and isolated, but the security operation of legal software is encapsulated in an enclave, so that the legal software is protected from being attacked by the malicious software, and privileged or non-privileged software cannot access the enclave; that is, once software and data are located in enclave, even the operating system and vmm (hypervisor) cannot affect the code and data inside the enclave. SGX also provides remote authentication services that allow the server to determine whether the client requesting the service is in a secure trusted environment (hardware + software) and establish an encrypted channel so that confidential data can be securely delivered to trusted clients and services to untrusted clients are denied.
Disclosure of Invention
The invention provides an Internet of things data privacy protection method based on a block chain and trusted hardware, aiming at the problems that the access control of the Internet of things privacy data depends on the implementation of a third party and the actual use condition of the data cannot be monitored and limited in the prior art.
The technical scheme adopted by the invention is as follows: a block chain and trusted hardware-based Internet of things data privacy protection method comprises three stages:
(1) key management and data generation: generating a key for data encryption, judging whether the trusted entity IDA is in a safe and trusted environment, and if so, transmitting the key to the trusted entity IDA;
(2) data access control policy definition and intelligent contract deployment: a data owner establishes an access and operation control strategy for own data, and signs the strategy together with a trusted entity IDA as an intelligent contract and deploys the intelligent contract to a block chain network;
(3) data access and intelligent contract execution: the data user sends the data access and operation request information to the credible entity IDA, the credible entity IDA calls an access control judgment interface of the intelligent contract to judge whether the request is authorized, if so, the data operation execution environment is judged to be safe and credible, and if not, the request failure information is returned to the data requester; and if the data operation execution environment is safe and credible, the data operation execution server downloads corresponding data information from the cloud server according to a corresponding secret key, decrypts the data and performs corresponding data analysis operation, returns an analysis result to the data requester, broadcasts a data use record in the blockchain network, and adds the data use record to the blockchain.
In the invention, the data of the Internet of things is encrypted by a hardware trusted entity IDA and the encrypted data is uploaded to the cloud for storage; when an operation request exists, the trusted entity calls an access control authentication interface of the intelligent contract to carry out authority authentication; after the authority authentication is passed, the trusted entity performs security authentication on the operation execution server and sends the key to the enclave in the data operation execution server through a security channel; the server decrypts the data and executes the operation in the inlay after downloading the data from the cloud, and writes the data use record into the block chain after the data analysis operation is completed. Generally, compared with the prior art, the above technical solution conceived by the present invention has the following beneficial effects:
1. according to the invention, cloud data access control is transferred from a cloud storage provider to a block chain, and flexible cloud data fine-grained access control based on identity and application is realized by using a block chain intelligent contract, and by combining with trusted hardware, under the condition that original data is not leaked to a data user, the characteristics of decentralization, distrust, high reliability, programmability and the like of the block chain are utilized, so that the convenient adjustment of data access control is realized, the safety and reliability of data access control are ensured, and the user of the Internet of things can conveniently and quickly change the own access control strategy.
2. The invention provides a trusted environment for the execution of data operation by combining an intelligent contract and trusted hardware, designs a data access flow aiming at the interaction among a data user, a trusted entity IDA and a cloud service provider, can ensure that a third party completes the analysis request of data under the condition of not revealing user data, records the data use into a block chain, ensures the trusted use of the data and the integrity and the non-tampering property of the use record, ensures that an internet-of-things user really becomes the owner of the data, and ensures that the data are only used for the authorized use.
Drawings
Fig. 1 is a schematic diagram of a block chain and trusted hardware-based data privacy protection scheme of the internet of things provided by the invention;
fig. 2 is a flowchart of a data privacy protection method for the internet of things based on a block chain and trusted hardware provided by the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. Other embodiments obtained by those skilled in the art based on the concept and embodiments of the present invention belong to the protection scope of the present invention.
As shown in fig. 1, in the data privacy protection method for the internet of things provided by the present invention, there are several entities, such as a trusted entity IDA, a data owner, a data user, and a cloud storage provider (i.e., a cloud), and the data owner, the data user, and the trusted entity IDA serve as nodes to form a whole block chain network; the cloud storage provider is connected with the Internet of things equipment end through the Internet of things sensing layer and the network layer; the data user has a data operation execution server. The method comprises the following specific steps:
the trusted entity IDA is a trusted entity running in the trusted execution environment TEE, also called trusted hardware. The trusted entity IDA is a secret key (comprising a private key and a public key) for managing data encryption by the Internet of things user, receives Internet of things privacy data transmitted by the Internet of things user, encrypts the Internet of things privacy data by the private key (also called a user secret key) and uploads the encrypted Internet of things privacy data to a cloud database of an Internet of things service provider, and is responsible for calling an intelligent contract to complete access authority authentication of a data use request and security authentication of a data operation execution server.
Sensing layer and network layer of the internet of things: the sensing layer of the Internet of things is various Internet of things devices such as various sensors, intelligent electrical appliances and the like and is a data source; and the Internet of things network layer provides data secure communication between the Internet of things sensing layer and the credible entity IDA.
The data owner is the equipment owner and the data producer of the internet of things, namely the internet of things user who uploads the data. The data owner can set own data encryption key, upload data to the trusted entity IDA, and change the access control intelligent contract content on the blockchain and verify the data use record on the blockchain.
The data user is a service provider or other organization or individual needing to use the user data of the internet of things for data analysis. When a data user needs to use data, request information containing the data and operation needs to be submitted to the trusted entity IDA, and then data processing is carried out in the vary in the operation execution server to obtain effective information, so that original data cannot be obtained.
The data operation execution server is generally a server of a data user. The cloud storage provider is generally an internet of things service provider and is responsible for storing and controlling access to the encrypted data. The data owner changes the access control intelligent contract on the blockchain through an interface of the intelligent contract; the trusted entity IDA authenticates whether the request of the data user is authorized through the interface of the intelligent contract; the data operation execution server of the data consumer uses the data usage record as the block data to be recorded in the block chain. The whole block chain network is used as a decentralized authentication center, and a credible distributed data operation behavior log is obtained.
In this embodiment, it is assumed that the internet of things device is an intelligent bracelet for monitoring blood pressure information of a user in real time, the internet of things user using the intelligent bracelet is a data owner, certain health service software is a data user, and a requested service is to calculate average blood pressure.
Fig. 2 is a flow chart of the internet of things data privacy protection method based on the block chain and the trusted hardware, and mainly includes the following three stages: the method comprises a key management and data generation stage, a data access control strategy definition and intelligent contract deployment stage and a data access and intelligent contract execution stage.
S1, the key management and data generation stage comprises the following steps:
s11, generating a key for data encryption by a user of the Internet of things, then performing security authentication on the trusted entity IDA to judge whether the trusted entity IDA is in a secure and trusted environment, if the authentication is successful, sending the key to the trusted entity IDA through a secure channel, and storing the user information and the corresponding key by the trusted entity IDA.
Specifically, when registering, a user of the internet of things locally generates a key for encrypting data, acquires the trusted entity IDA service for the first time, performs security authentication on the trusted entity IDA, and transmits the key to the trusted entity IDA after the authentication is successful.
And S12, data generated by the Internet of things equipment is collected and sent to a trusted entity IDA (such as a secure channel constructed by an SSL/TLS protocol) through the secure channel, and the trusted entity IDA encrypts the data by using an encryption key corresponding to a user and uploads the encrypted data to a cloud database of a service provider.
Specifically, the user transmits the data type generated by the internet of things device to the trusted entity IDA, and the trusted entity IDA encrypts the data and transmits the encrypted data (uid, e (data type)) to the cloud database.
In this embodiment, the internet of things device is an intelligent bracelet, the internet of things privacy data is blood pressure information of a user, and the cloud database is a cloud database provided by a health service provider.
S2, defining a data access control strategy as follows: the data owner establishes an access and operation control strategy for own data, and signs an intelligent contract based on the strategy together with the credible entity IDA and deploys the intelligent contract to the block chain network.
Variables in the access control policy include: the data type, data range, operation type operation, data user conner, service life expiration, price cost, authority state status define that the data user conner can successfully access the data item data type of the data range for operating the operation with the price cost, the service life is expiration, and the user can change the variable values at any time to change the access control of the data. The intelligent contract based on the access control policy is deployed on the block chain, and the access control policy of the used cloud database is to be corresponding to the access control policy in the intelligent contract.
Specifically, the intelligent contract deployment process is as follows:
and S21, the data owner and the trusted entity IDA negotiate a commitment contract Policy, namely Policy [ data type, data range, operation, consumer, expiry, cost ], and the signed intelligent contract (Policy) of both parties is broadcasted to the blockchain network, and other nodes verify the validity of the message after receiving the information.
S22, storing the contract information passing the verification, waiting for the arrival of consensus time, and packing all the transactions received in the time interval into a transaction Set by the node acquiring the accounting right after the arrival of the consensus time; calculating the Hash value of the Set; the Hash value of the transaction set is encapsulated in a block structure, which is then broadcast.
S23, after receiving the block structure, other nodes decompose a Hash value of a transaction set in the block structure and compare the Hash value with the Hash value under the Hash set of the verification node; and transmitting a transaction set approved by the verification node to other nodes, and finally agreeing the latest contract set in a specified time through the multi-round transmission and comparison, namely, successfully deploying the intelligent contract.
The intelligent contract comprises a plurality of interfaces, including the following:
an init () interface, which is used to define and initialize the variables defined in the access control policy, and only when the user first joins the block chain, the values of these variables will be stored in the block chain;
a grant () interface through which a data owner sets a right, the interface for authorizing a data user;
a revoke () interface through which a data owner revokes a certain authority, the interface being used to revoke the authority of a data user;
accessCheck () interface: the interface is provided for the trusted entity IDA to call, and when the trusted entity IDA receives the operation request of the data user, the interface is called to inquire whether the user has access and operation authority.
And the data owner conveniently changes the access control strategy of own data through the intelligent contract interface.
Specifically, the operations of deploying the access control policy to the block chain and initializing variables in the policy are as follows, when a user first enters the block chain network, the user calls an init () method to execute an init (data type, data range, operation, consumer, exception, cost, status), and it is defined that a data user consumer can successfully access a data item data type of a data range for operating the operation with a price cost, and the service life is exception.
Specifically, the step of changing the access control policy for the own data is as follows:
for simplifying the model, assuming that data range, expiration and cost in the intelligent contract are fixed and unchangeable, when a user of the internet of things adds a certain authorization to an access control page of a client, a system calls a grant () interface of the intelligent contract to execute a grant (data type, operation, provider), and sets a corresponding status to 1 (the status set to 1 indicates that the provider has the authorization) to complete authorization of the authorization; when the user of the internet of things revokes a certain authorization on the access control page of the client, the system calls a replay (data type, operation, consumer) interface of the intelligent contract, and sets the corresponding status to 0 (the status set to 0 is not the consumer) to complete the authorization revocation.
That is to say, in the data access control strategy used by the invention, the access control strategy is initialized on the block chain by an init () method, and when the user needs to be verified whether to have the access right, the access check () interface of the block chain intelligent contract is called for verification; when a user needs to add a certain right, a grant () interface of an intelligent contract is called to realize; when a user needs to withdraw a certain right, a revoke () interface of the intelligent contract is called to realize the revoke () interface, and the access control of data and the convenient adjustment of an access control strategy are realized through the block chain intelligent contract.
In this embodiment, if the smart bracelet user wants to cancel the access of the health service provider to the blood pressure data for calculating the blood pressure average data, the revoke () interface is called to execute a revoke (blood pressure data, average blood pressure is calculated, and health service provider), and the health service provider cannot use the blood pressure data of the smart bracelet user any more for calculating the average blood pressure, so that a data access control policy that is changeable at any time is implemented.
S3, the data access and intelligent contract execution stage comprises the following steps:
s31, a data user sends data access and operation request information (data type, operation, consumer, cost) to a trusted entity IDA;
in this embodiment, the data type is blood pressure data, the operation is average blood pressure calculation, and the cost is a price that needs to be paid for the health service software to obtain the blood pressure data and calculate the average blood pressure.
And S32, the trusted entity IDA calls an access control judgment interface accessCheck () of the intelligent contract and executes the accessCheck (data type, data range, operation, consumer, cost) to judge whether the request is authorized, so that the authorized access and operation can be executed. If the data is authorized, the step S33 is carried out, and if the data is not authorized, the request failure information is returned to the data requester;
in this embodiment, the consumer is a health service provider unique identifier.
S33, the trusted entity IDA carries out security authentication on the data operation execution environment, judges whether the data operation execution environment is safe and trusted, if the authentication is successful, sends a corresponding key to the inlay in the data operation execution server through a security channel, and goes to step S34; if the authentication fails, returning request failure information to the data requester;
in this embodiment, the operation execution server is a cloud server of a health service provider.
And S34, after receiving the key, the enave in the data operation execution server downloads corresponding data information from the cloud server, decrypts the data by using the key in the enave and performs corresponding data analysis operation, obtains an analysis result and returns the analysis result to the data requester, broadcasts a data use record in the block chain network, and adds the data use record to the block chain. Under the condition of not revealing user data, the analysis request of a third party to the data is completed, and the data use record is recorded in the block chain, so that the integrity and the non-tamper property of the data use record are ensured.
In this step, after receiving the key, the enalve in the operation execution server sends a data access request (consumer, uid, data type) to the cloud database, that is, the consumer of the data requests to access the data of the internet of things consumer uid.
In the embodiment, if the request operation is successful, the health service provider obtains the data of the average blood pressure, but cannot obtain the original blood pressure data of the user using the smart band, so that the privacy of the data of the user is protected.
The block chain and trusted hardware-based internet of things data privacy protection method is described in detail, a specific example is applied to explain the principle and the implementation mode of the invention, and the description of the embodiment is only used for helping to understand the method and the core idea of the invention; meanwhile, for those skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (5)
1. A block chain and trusted hardware-based Internet of things data privacy protection method is characterized by comprising three stages:
(1) key management and data generation: the method comprises the steps that a user of the Internet of things generates a key for data encryption, whether a trusted entity IDA is in a safe and trusted environment or not is judged, and if the trusted entity IDA is in the safe and trusted environment, the key is transmitted to the trusted entity IDA; data generated by the Internet of things equipment is collected and sent to the trusted entity IDA through the secure channel;
(2) data access control policy definition and intelligent contract deployment: a data owner establishes an access and operation control strategy for own data, and signs the strategy together with a trusted entity IDA as an intelligent contract and deploys the intelligent contract to a block chain network;
(3) data access and intelligent contract execution: the data user sends the data access and operation request information to the trusted entity IDA, the trusted entity IDA calls an access control judgment interface of the intelligent contract and executes the access control judgment interface to judge whether the request is authorized, if so, the data operation execution environment is judged to be safe and trusted, and if not, the request failure information is returned to the data requester; if the data operation execution environment is safe and credible, the credible entity IDA sends the corresponding secret key to the data operation execution server through the secure channel, the data operation execution server downloads the corresponding data information from the cloud server according to the corresponding secret key, decrypts the data and performs corresponding data analysis operation, returns the analysis result to the data requester, broadcasts the data use record in the block chain network, and adds the data use record to the block chain.
2. The internet of things data privacy protection method according to claim 1, wherein the key management and data generation comprises the following steps:
s11, generating a key for data encryption by a user of the Internet of things, then performing security authentication on the trusted entity IDA to judge whether the trusted entity IDA is in a secure and trusted environment, if the authentication is successful, sending the key to the trusted entity IDA through a secure channel, and storing the information of the user of the Internet of things and the corresponding key by the trusted entity IDA;
and S12, data generated by the Internet of things equipment is collected and sent to the trusted entity IDA through the secure channel, and the trusted entity IDA encrypts the data by using the encryption key corresponding to the user and uploads the data to the cloud database of the service provider.
3. The internet of things data privacy protection method according to claim 1, wherein an intelligent contract deployment process is as follows:
s21, the data owner and the credible entity IDA negotiate a commitment contract together, the contract signed by the two parties is broadcasted to the block chain network, and other nodes verify the validity of the message after receiving the information;
s22, storing the contract information passing the verification, waiting for the arrival of consensus time, and packing all transactions received in the interval of the consensus time into a transaction set by the node obtaining the accounting right after the arrival of the consensus time; and calculating a Hash value of the transaction set; packaging the Hash value of the transaction set in a block structure, and then broadcasting the block structure;
s23, after receiving the block structure, other nodes decompose the Hash value of the transaction set in the block structure and compare the Hash value with the Hash value under the Hash set of the verification node; and transmitting a transaction set approved by the verification node to other nodes, and finally agreeing on the latest contract set within a specified time through multiple rounds of transmission and comparison.
4. The internet of things data privacy protection method of claim 1, wherein the intelligent contract comprises a plurality of interfaces, including:
an init () interface for defining and initializing variables defined in the access control policy;
grant () interface for authorizing data users;
a revoke () interface for revoking the authority of the data user;
accessCheck () interface: the interface is called to inquire whether the user has access and operation authority or not when the credible entity IDA receives the operation request of the data user;
in the data access control strategy, when a user joins a block chain for the first time, an init () interface is called, and the access control strategy is deployed on the block chain; when the user needs to be verified whether to have the access right, calling an accessCheck () interface of a block chain intelligent contract for verification; when a user needs to add a certain right, a grant () interface of an intelligent contract is called to realize; when a user needs to withdraw a certain right, a revoke () interface of the intelligent contract is called to realize the revoke () interface, and the access control of data and the adjustment of an access control strategy are realized through the block chain intelligent contract.
5. The internet of things data privacy protection method according to claim 1, wherein the data access and intelligent contract execution includes the steps of:
s31, the data user sends the data access and operation request information to a trusted entity IDA;
s32, the trusted entity IDA calls an access control judgment interface accessCheck () of the intelligent contract, executes the access control judgment interface to judge whether the request is authorized, if so, the step S33 is carried out, and if not, request failure information is returned to the data requester;
s33, the trusted entity IDA carries out security authentication on the data operation execution environment, judges whether the data operation execution environment is safe and trusted, if the authentication is successful, sends a corresponding key to the inlay in the data operation execution server through a security channel, and goes to step S34; if the authentication fails, returning request failure information to the data requester;
and S34, after receiving the key, the enave in the data operation execution server downloads corresponding data information from the cloud server, decrypts the data by using the key in the enave and performs corresponding data analysis operation, obtains an analysis result and returns the analysis result to the data requester, broadcasts a data use record in the block chain network, and adds the data use record to the block chain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910338028.9A CN110086804B (en) | 2019-04-25 | 2019-04-25 | Internet of things data privacy protection method based on block chain and trusted hardware |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910338028.9A CN110086804B (en) | 2019-04-25 | 2019-04-25 | Internet of things data privacy protection method based on block chain and trusted hardware |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110086804A CN110086804A (en) | 2019-08-02 |
| CN110086804B true CN110086804B (en) | 2021-08-31 |
Family
ID=67416680
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910338028.9A Active CN110086804B (en) | 2019-04-25 | 2019-04-25 | Internet of things data privacy protection method based on block chain and trusted hardware |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110086804B (en) |
Families Citing this family (40)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110489493A (en) * | 2019-08-27 | 2019-11-22 | 山东浪潮人工智能研究院有限公司 | A kind of cloudy data center services quality identification based on block chain |
| CN110766550B (en) * | 2019-09-05 | 2021-06-22 | 创新先进技术有限公司 | Asset query method and device based on block chain and electronic equipment |
| CN110519066A (en) * | 2019-09-29 | 2019-11-29 | 广东电网有限责任公司 | A kind of Internet of Things secret protection access control method based on block chain technology |
| CN112751807B (en) * | 2019-10-31 | 2023-02-03 | 中国电信股份有限公司 | Secure communication method, device, system and storage medium |
| CN110933042B (en) * | 2019-11-06 | 2021-09-14 | 福建福链科技有限公司 | Data security messenger method and system suitable for alliance chain |
| CN112787837A (en) * | 2019-11-07 | 2021-05-11 | 华为技术有限公司 | Data sharing method, device and system |
| CN110855671B (en) * | 2019-11-15 | 2022-02-08 | 三星电子(中国)研发中心 | Trusted computing method and system |
| CN111160905B (en) * | 2019-12-17 | 2023-07-18 | 浙江大学 | Block chain link point user request processing protection method and device |
| CN111475567B (en) * | 2020-03-09 | 2021-07-23 | 上海能链众合科技有限公司 | Internet of things data sequential recording method |
| CN113536388B (en) * | 2020-04-16 | 2023-02-28 | 中移物联网有限公司 | Data sharing method and system based on block chain |
| CN111586125A (en) * | 2020-04-28 | 2020-08-25 | 济南浪潮高新科技投资发展有限公司 | Internet of things system |
| CN111542013A (en) * | 2020-04-30 | 2020-08-14 | 广州上仕工程管理有限公司 | Internet of things communication method and device |
| CN111597585B (en) * | 2020-05-26 | 2023-08-11 | 牛津(海南)区块链研究院有限公司 | Privacy protection method, system and related components of blockchain data |
| GB2596334A (en) * | 2020-06-25 | 2021-12-29 | British Telecomm | User device configuration |
| CN112612849B (en) | 2020-07-24 | 2024-06-18 | 支付宝(杭州)信息技术有限公司 | Data processing method, device, equipment and medium |
| CN112000963B (en) * | 2020-07-31 | 2024-01-09 | 天翼电子商务有限公司 | Transaction privacy information verification method and verification system based on blockchain |
| CN112069479B (en) * | 2020-08-04 | 2021-06-22 | 网思科技股份有限公司 | Face data calling method and device based on block chain |
| CN112035855A (en) * | 2020-08-14 | 2020-12-04 | 吴小兵 | Access control system based on privacy information on crowd funding platform |
| CN111818094B (en) | 2020-08-28 | 2021-01-05 | 支付宝(杭州)信息技术有限公司 | Identity registration method, device and equipment |
| CN113657960A (en) | 2020-08-28 | 2021-11-16 | 支付宝(杭州)信息技术有限公司 | Matching method, device and equipment based on trusted asset data |
| CN111814172A (en) | 2020-08-28 | 2020-10-23 | 支付宝(杭州)信息技术有限公司 | Method, device and equipment for acquiring data authorization information |
| CN111741036B (en) | 2020-08-28 | 2020-12-18 | 支付宝(杭州)信息技术有限公司 | Trusted data transmission method, device and equipment |
| CN111814156B (en) | 2020-09-04 | 2022-04-29 | 支付宝(杭州)信息技术有限公司 | Data acquisition method, device and equipment based on trusted equipment |
| CN113434849A (en) * | 2020-09-04 | 2021-09-24 | 支付宝(杭州)信息技术有限公司 | Data management method, device and equipment based on trusted hardware |
| CN111814196B (en) | 2020-09-04 | 2021-01-05 | 支付宝(杭州)信息技术有限公司 | Data processing method, device and equipment |
| CN111814198B (en) * | 2020-09-11 | 2021-03-23 | 支付宝(杭州)信息技术有限公司 | Block chain-based user privacy data providing method and device |
| CN113012008B (en) * | 2020-09-15 | 2022-06-03 | 支付宝(杭州)信息技术有限公司 | Identity management method, device and equipment based on trusted hardware |
| CN111930846B (en) | 2020-09-15 | 2021-02-23 | 支付宝(杭州)信息技术有限公司 | Data processing method, device and equipment |
| CN113255005B (en) | 2020-09-15 | 2024-05-28 | 支付宝(杭州)信息技术有限公司 | Block chain-based data asset circulation method, device and equipment |
| WO2022061599A1 (en) * | 2020-09-23 | 2022-03-31 | 中国科学院深圳先进技术研究院 | Blockchain-based distributed internet of things instruction management method and system |
| CN112565453B (en) * | 2020-12-22 | 2022-10-28 | 内蒙古大学 | Block chain access control strategy model and strategy protection scheme under Internet of things |
| CN112685773A (en) * | 2020-12-29 | 2021-04-20 | 海南大学 | Data distributed privacy protection method based on intelligent contracts and SGX |
| CN112924921A (en) * | 2021-01-21 | 2021-06-08 | 国网河北省电力有限公司信息通信分公司 | Credible collection mechanism of smart electric meter quality data based on block chain |
| CN113472801B (en) * | 2021-07-12 | 2022-10-14 | 中国人民解放军陆军勤务学院 | Physically isolated network communication method and module |
| CN115225662B (en) * | 2021-09-22 | 2023-09-19 | 北京邮电大学 | Efficient trusted energy data processing method based on digital twin and blockchain |
| CN114117522B (en) * | 2021-11-23 | 2024-05-28 | 上海交通大学 | Internet of vehicles data sharing implementation method based on block chain and trusted execution environment |
| CN114257435A (en) * | 2021-12-15 | 2022-03-29 | 四川启睿克科技有限公司 | Internet of things data distributed use control system and method |
| CN114726878B (en) * | 2022-03-28 | 2024-02-23 | 广州广电运通金融电子股份有限公司 | Cloud storage system, equipment and method |
| CN114844675B (en) * | 2022-03-31 | 2024-04-09 | 四川链向科技集团有限公司 | Block chain data exchange method for Internet of things |
| CN114499895B (en) * | 2022-04-06 | 2022-07-29 | 国网浙江省电力有限公司电力科学研究院 | Data trusted processing method and system fusing trusted computing and block chain |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10587628B2 (en) * | 2016-09-29 | 2020-03-10 | Microsoft Technology Licensing, Llc | Verifiable outsourced ledgers |
| CN106600405B (en) * | 2016-11-17 | 2021-06-22 | 复旦大学 | Block chain-based data rights and interests protection method |
| CN107070652B (en) * | 2017-04-24 | 2019-07-23 | 湖南科技学院 | A kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and system |
| CN107342858B (en) * | 2017-07-05 | 2019-09-10 | 武汉凤链科技有限公司 | A kind of intelligent contract guard method and system based on trusted context |
| GB201711878D0 (en) * | 2017-07-24 | 2017-09-06 | Nchain Holdings Ltd | Computer - implemented system and method |
| US20190044917A1 (en) * | 2017-08-04 | 2019-02-07 | Bank Of America Corporation | System for secure verification of identity data |
| CN107682331B (en) * | 2017-09-28 | 2020-05-12 | 复旦大学 | Block chain-based Internet of things identity authentication method |
-
2019
- 2019-04-25 CN CN201910338028.9A patent/CN110086804B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110086804A (en) | 2019-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110086804B (en) | Internet of things data privacy protection method based on block chain and trusted hardware | |
| CN112214780B (en) | Data processing method and device, intelligent equipment and storage medium | |
| US11463241B2 (en) | Transmitting or receiving blockchain information | |
| CN112422532B (en) | Service communication method, system and device and electronic equipment | |
| Zhong et al. | Distributed blockchain‐based authentication and authorization protocol for smart grid | |
| CN110169011A (en) | The system and method authenticated for device | |
| CN109450843B (en) | SSL certificate management method and system based on block chain | |
| JP2008501176A (en) | Information distribution system that protects privacy | |
| CN111010430B (en) | Cloud computing security data sharing method based on double-chain structure | |
| Oktian et al. | BorderChain: Blockchain-based access control framework for the Internet of Things endpoint | |
| JP2014508456A (en) | Secure access to emergency personal health records | |
| CN110908786A (en) | Intelligent contract calling method, device and medium | |
| Aung et al. | Ethereum-based emergency service for smart home system: Smart contract implementation | |
| WO2017008640A1 (en) | Method for issuing access token and related device | |
| CN112634040B (en) | Data processing method and device | |
| Yang et al. | Protecting personal sensitive data security in the cloud with blockchain | |
| Chandrakar et al. | Blockchain based security protocol for device to device secure communication in internet of things networks | |
| EP4165851A1 (en) | Distributed anonymized compliant encryption management system | |
| KR20090054774A (en) | Method of integrated security management in distribution network | |
| Yee et al. | Ensuring privacy for e-health services | |
| US20220318356A1 (en) | User registration method, user login method and corresponding device | |
| CN113869901B (en) | Key generation method, key generation device, computer-readable storage medium and computer equipment | |
| Ye et al. | Public auditing for real-time medical sensor data in cloud-assisted HealthIIoT system | |
| Kim et al. | Secure user authentication based on the trusted platform for mobile devices | |
| De Oliveira et al. | Red Alert: break-glass protocol to access encrypted medical records in the cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |