CN110493039A - Device management method and equipment management system based on block chain - Google Patents
Device management method and equipment management system based on block chain Download PDFInfo
- Publication number
- CN110493039A CN110493039A CN201910713863.6A CN201910713863A CN110493039A CN 110493039 A CN110493039 A CN 110493039A CN 201910713863 A CN201910713863 A CN 201910713863A CN 110493039 A CN110493039 A CN 110493039A
- Authority
- CN
- China
- Prior art keywords
- target device
- block chain
- equipment
- public key
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
This application provides a kind of device management method and equipment management system based on block chain.Device management method includes: that equipment producer will be in the information public key write-in block chain network of itself, and to the key of the target device write-in affiliated group of target device, the information of target device and the key of affiliated group are signed to obtain the second data by the private key of itself and are written in block chain network;Target device is signed to obtain the first data and is written in block chain network according to the public key and information of the key pair itself of affiliated group;Public key of the equipment management side based on equipment producer verifies the second data, and the information of target device and the key of affiliated group are obtained after being verified, it is verified according to the first data of key pair of the affiliated group of target device, and the public key of target device is obtained after being verified, the information of target device and the public key of the target device are recorded, to be managed to target device.The application realizes the safety management to equipment.
Description
The application be submit on 08 06th, 2018, application No. is 201810884003.4, it is entitled " based on area
The divisional application of device management method, device, medium and the electronic equipment of block chain ".
Technical field
This application involves computer and fields of communication technology, in particular to a kind of equipment management based on block chain
Method and apparatus management system.
Background technique
In traditional internet of things equipment Managed Solution, internet of things equipment is only managed by simple identity,
This mode be easy to cause the leakage of facility information, and then will affect the safety of entire Internet of things system.
It should be noted that information is only used for reinforcing the reason to the background of the application disclosed in above-mentioned background technology part
Solution, therefore may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Summary of the invention
Embodiments herein provides a kind of device management method and equipment management system based on block chain, Jin Erzhi
It is few to overcome the problems, such as that equipment management safety is poor to a certain extent.
Other characteristics and advantages of the application will be apparent from by the following detailed description, or partially by the application
Practice and acquistion.
According to the one aspect of the embodiment of the present application, a kind of device management method based on block chain is provided, comprising: set
The public key of the information of equipment producer and the equipment producer is written in block chain network standby producer, and to the equipment
The key of the affiliated group of the target device is written in the target device of producer production, passes through the private key pair of the equipment producer
The key of the information of the target device and the affiliated group of the target device signed after the second data, will
Second data are written in the block chain network;The target device obtains the key of affiliated group, according to the target
The public key of target device described in the key pair of the affiliated group of equipment and the information of the target device are signed after obtaining signature
The first data, will first data be written block chain network in;Equipment management side obtains institute from the block chain network
The public key for stating the first data, second data and the equipment producer, the public key based on the equipment producer is to described
Second data are verified, and obtain after being verified information and the affiliated group of the target device of the target device
Key, the first data according to the key pair of the affiliated group of the target device are verified, and are obtained after being verified
The public key of the target device records the information of the target device and the public key of the target device, to set to the target
It is standby to be managed.
In some embodiments of the present application, aforementioned schemes are based on, the device management method based on block chain is also
Include: the target device after first data are written in the block chain network, generates the first random number, according to
The public key of the target device, the private key of the target device and the first generating random number authorization requests, by the authorization
Request is written in the block chain network;The equipment management side obtains the authorization requests, base from the block chain network
The authorization requests are verified in the public key of the target device, and based on the equipment management side after being verified
Private key signed to the random number after third data, based on the third data generate be directed to the target
The authorization message of equipment, and the authorization message is written in the block chain network, so that the target device is from the area
The authorization message is obtained in block chain network.
In some embodiments of the present application, aforementioned schemes are based on, are set according to the public key of the target device, the target
Standby private key and the first generating random number authorization requests, comprising: by the private key of the target device to described first with
Machine number is signed, and generates the authorization requests based on the public key of data and the target device after signature;Or pass through institute
The private key for stating target device signs to the public key of first random number and the target device, and based on the number after signature
According to the generation authorization requests.
In some embodiments of the present application, aforementioned schemes are based on, the device management method based on block chain is also
It include: that the target device obtains the authorization message that the equipment management side is sent, the authorization from the block chain network
Include in information by the private key of the equipment management side to the second random number sign as a result, based on the equipment pipe
The public key of reason side verifies the authorization message, and second random number is obtained after being verified, if described second
Random number is identical as first random number, it is determined that the target device authorization success.
In some embodiments of the present application, aforementioned schemes are based on, also include to authorisation device in the authorization message
Public key;The target device judges the public key of the target device with described wait award after getting the authorization message
Whether the public key for weighing equipment is identical, if the public key of the target device is identical as the public key to authorisation device, is based on institute
The public key for stating equipment management side verifies the authorization message.
In some embodiments of the present application, aforementioned schemes are based on, the equipment management side is also used to the equipment pipe
The public key of reason side is written in the block chain network;The equipment producer is also used to get institute from the block chain network
The public key of equipment management side is stated, and the public key of the equipment management side is written in the target device.
In some embodiments of the present application, aforementioned schemes are based on, the equipment producer is by the equipment producer
Information be written before the block chain network, the information of the equipment producer is encrypted.
In some embodiments of the present application, aforementioned schemes are based on, the affiliated group of target device includes the target
Production batch belonging to equipment.
According to the one aspect of the embodiment of the present application, a kind of equipment management system based on block chain is provided, comprising: set
Standby producer, equipment management side and target device to be managed;Wherein, the equipment producer is used for the letter of equipment producer
In the public key of breath and equipment producer write-in block chain network, and the target device write-in produced to the equipment producer
The key of the affiliated group of target device, by the private key of the equipment producer to the information of the target device and described
The key of the affiliated group of target device signed after the second data, the block is written into second data
In chain network;The target device is used to obtain the key of affiliated group, according to the key pair of the affiliated group of the target device
The information of the public key of the target device and the target device signed after the first data, by described first
Data are written in block chain network;Equipment management side from the block chain network for obtaining first data, described the
The public key of two data and the equipment producer, the public key based on the equipment producer verify second data,
And the information of the target device and the key of the affiliated group of the target device are obtained after being verified, according to the target
First data described in the key pair of the affiliated group of equipment are verified, and the public affairs of the target device are obtained after being verified
Key records the information of the target device and the public key of the target device, to be managed to the target device.
In some embodiments of the present application, aforementioned schemes are based on, the target device is also used to count by described first
After being written in the block chain network, the first random number is generated, according to the public key of the target device, the target device
Private key and the first generating random number authorization requests, the authorization requests are written in the block chain network;It is described to set
Standby manager is also used to obtain the authorization requests from the block chain network, and the public key based on the target device is to described
Authorization requests are verified, and the private key based on the equipment management side after being verified sign to the random number
Third data after to signature are generated the authorization message for being directed to the target device based on the third data, and awarded described
It weighs information to be written in the block chain network, so that the target device obtains the authorization letter from the block chain network
Breath.
In some embodiments of the present application, aforementioned schemes are based on, the target device is used to pass through the target device
Private key sign to first random number, and based on the public key of data and the target device after signature generate described in
Authorization requests;Or it is carried out for public key of the private key by the target device to first random number and the target device
Signature, and the authorization requests are generated based on the data after signature.
In some embodiments of the present application, aforementioned schemes are based on, the target device is also used to from the block link network
The authorization message that the equipment management side is sent is obtained in network, includes by the equipment management side in the authorization message
Private key to the second random number sign as a result, the public key based on the equipment management side tests the authorization message
Card, and second random number is obtained after being verified, if second random number is identical as first random number, really
The fixed target device authorization success.
In some embodiments of the present application, aforementioned schemes are based on, also include to authorisation device in the authorization message
Public key;The target device is also used to after getting the authorization message, judges public key and the institute of the target device
State it is whether identical to the public key of authorisation device, if the public key of the target device is identical as the public key to authorisation device,
Public key based on the equipment management side verifies the authorization message.
In some embodiments of the present application, aforementioned schemes are based on, the equipment management side is also used to the equipment pipe
The public key of reason side is written in the block chain network;The equipment producer is also used to get institute from the block chain network
The public key of equipment management side is stated, and the public key of the equipment management side is written in the target device.
In some embodiments of the present application, aforementioned schemes are based on, the equipment producer is also used to by the equipment
The information of producer is written before the block chain network, and the information of the equipment producer is encrypted.
In the technical solution provided by some embodiments of the present application, target device passes through the group according to belonging to target device
The public key of key pair target device and the information of target device of group are signed to obtain the first data, and are write first data into
In block chain network, equipment management side is enabled to obtain first data from block chain network, and be based on first data
Target device is managed, to pass through block chain network management equipment, and then effectively facility information can be avoided by illegal
It distorts, ensure that the safety of facility information, realize the safety management to equipment.Equipment producer is by by equipment producer
Information and equipment producer public key write-in block chain network in, and by the private key of equipment producer to the letter of target device
Breath and the key of the affiliated group of target device are signed to obtain the second data, and block chain network then is written in second data
In, enable equipment management side to obtain second data by block chain network, and be managed accordingly to target device, it is real
Show the purpose being managed based on block chain network to target device, is conducive to the safety for improving equipment management.Equipment pipe
Reason side from block chain network by obtaining the first data for passing through signature of target device write-in, the warp of equipment producer write-in
The second data of signature and the public key of equipment producer are crossed, the second data are tested with the public key based on equipment producer
Card, and verified based on the first data of key pair for verifying the obtained affiliated group of target device, and then record verifying and obtain
Target device information and public key, make it possible to realize management to target device based on block chain network, be conducive to improve
The safety of equipment management.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
The application can be limited.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the application
Example, and together with specification it is used to explain the principle of the application.It should be evident that the accompanying drawings in the following description is only the application
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.In the accompanying drawings:
Fig. 1 is shown can be using device management method of the embodiment of the present application based on block chain or based on block chain
The schematic diagram of the exemplary system architecture of equipment management device;
Fig. 2 shows the structural schematic diagrams of the computer system of the electronic equipment suitable for being used to realize the embodiment of the present application;
Fig. 3 diagrammatically illustrates the process of the device management method based on block chain of one embodiment according to the application
Figure;
Fig. 4 diagrammatically illustrates the stream of the device management method based on block chain of another embodiment according to the application
Cheng Tu;
Fig. 5 diagrammatically illustrates the stream of the device management method based on block chain of another embodiment according to the application
Cheng Tu;
Fig. 6 diagrammatically illustrates the stream of the device management method based on block chain of another embodiment according to the application
Cheng Tu;
Fig. 7 diagrammatically illustrates the stream of the device management method based on block chain of another embodiment according to the application
Cheng Tu;
Fig. 8 diagrammatically illustrates the stream of the device management method based on block chain of another embodiment according to the application
Cheng Tu;
Fig. 9 shows the application scenarios schematic diagram of the device management method of one embodiment according to the application;
Figure 10 shows the manufacturer, administrative center, edge calculations equipment and block of one embodiment according to the application
Specific interactive process schematic diagram between chain network;
Figure 11 diagrammatically illustrates the flow chart of administrative center's calibration equipment information according to one embodiment of the application;
Figure 12 diagrammatically illustrates the frame of the equipment management device based on block chain of one embodiment according to the application
Figure;
Figure 13 diagrammatically illustrates the equipment management device based on block chain of another embodiment according to the application
Block diagram;
Figure 14 diagrammatically illustrates the equipment management device based on block chain of another embodiment according to the application
Block diagram.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes
Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, thesing embodiments are provided so that the application will more
Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.
In addition, described feature, structure or characteristic can be incorporated in one or more implementations in any suitable manner
In example.In the following description, many details are provided to provide and fully understand to embodiments herein.However,
It will be appreciated by persons skilled in the art that the technical solution of the application can be practiced without one or more in specific detail,
Or it can be using other methods, constituent element, device, step etc..In other cases, it is not shown in detail or describes known side
Method, device, realization or operation to avoid fuzzy the application various aspects.
Block diagram shown in the drawings is only functional entity, not necessarily must be corresponding with physically separate entity.
I.e., it is possible to realize these functional entitys using software form, or realized in one or more hardware modules or integrated circuit
These functional entitys, or these functional entitys are realized in heterogeneous networks and/or processor device and/or microcontroller device.
Flow chart shown in the drawings is merely illustrative, it is not necessary to including all content and operation/step,
It is not required to execute by described sequence.For example, some operation/steps can also decompose, and some operation/steps can close
And or part merge, therefore the sequence actually executed is possible to change according to the actual situation.
Fig. 1 is shown can be using device management method of the embodiment of the present application based on block chain or based on block chain
The schematic diagram of the exemplary system architecture 100 of equipment management device.
As shown in Figure 1, system architecture 100 may include the processing equipment of equipment producer (for ease of description, hereinafter referred to as
Equipment producer) 101, target device 102 to be managed, equipment management side processing equipment (for ease of description, hereinafter referred to as setting
Standby manager) 103 and block chain network 104.Wherein, equipment producer 101, target device 102 and equipment management side 103 are distinguished
Access block chain network 104.
It should be understood that the number of equipment producer 101, target device 102 and equipment management side 103 shown in Fig. 1 is only
It is only illustrative.According to needs are realized, any number of equipment producer 101, target device 102 and equipment pipe can have
Reason side 103.
In one embodiment of the application, block chain network can be written in its information and public key by equipment management side 103
In 104;Equipment producer 101 its information and public key can be written in block chain network 104, and from block chain network 104
Obtain the public key of equipment management side 103.Meanwhile equipment producer 101 is by the public key of equipment management side 103 and target device 102
In public key and private key the write-in target device 102 of affiliated batch.Also, equipment producer 101 is by the private key of itself to this batch
The public key and facility information of secondary device are signed, then will be in the data write-in block chain network 104 after signature.
Target device 102 can generate itself public key and private key when starting, then pass through batch belonging to target device 102
Private key signs to itself public key and facility information, and is sent and registered to block chain network 104 based on the data after signature
Request.
Equipment management side 103 synchronizes corresponding data from block chain network 104, then the letter of verification object equipment 102
It whether correct ceases.Specifically, block is written to equipment producer 101 by the public key of equipment producer 101 in equipment management side 103
Data in chain network are verified, and the public key and facility information of this batch equipment are obtained after being verified.It is then based on this
The data that target device 102 is written in block chain network in the public key of batch equipment are verified, and mesh is obtained after being verified
The public key and facility information of marking device.And then equipment management side 103 records the public key and facility information of target device, completes equipment
Registration process.
Target device 102 can generate a random number after each electrifying startup, then use the private key of target device 102
It signs to the random number, and based on the data and 102 public key of target device generation authorization requests after signature, it then will authorization
In request write-in block chain network 104.Equipment management side 103 obtains the authorization requests from block chain network 104, and is based on mesh
The public key of marking device 102 is verified, and the random number is obtained after being verified, and then pass through the private key of equipment management side 103
It signs to the random number, the public key for being then based on signature result and target device 102 generates authorization message, and authorization is believed
In breath write-in block chain network 104.
Target device 102 can obtain the authorization message from block chain network 104, then according to equipment management side 103
Public key the signature result in authorization message is verified, if in the random number and authorization requests that are got after being verified
Random number is identical, it is determined that the authorization of target device 102 passes through.
Fig. 2 shows the structural schematic diagrams of the computer system of the electronic equipment suitable for being used to realize the embodiment of the present application.
Wherein, computer system shown in Fig. 2 can be adapted for equipment producer 101, target device 102 and equipment management side above-mentioned
One or more of 103.
It should be noted that Fig. 2 shows the computer system 200 of electronic equipment be only an example, should not be to this Shen
Please embodiment function and use scope bring any restrictions.
As shown in Fig. 2, computer system 200 includes central processing unit (Central Processing Unit, CPU)
201, it can be according to the program being stored in read-only memory (Read-Only Memory, ROM) 202 or from storage section
208 programs being loaded into random access storage device (Random Access Memory, RAM) 203 and execute various appropriate
Movement and processing.In RAM 203, it is also stored with various programs and data needed for system operatio.CPU 201, ROM 202 with
And RAM 203 is connected with each other by bus 204.Input/output (Input/Output, I/O) interface 205 is also connected to bus
204。
I/O interface 205 is connected to lower component: the importation 206 including keyboard, mouse etc.;It is penetrated including such as cathode
Spool (Cathode Ray Tube, CRT), liquid crystal display (Liquid Crystal Display, LCD) etc. and loudspeaker
Deng output par, c 207;Storage section 208 including hard disk etc.;And including such as LAN (Local Area Network, office
Domain net) card, modem etc. network interface card communications portion 209.Communications portion 209 via such as internet network
Execute communication process.Driver 210 is also connected to I/O interface 205 as needed.Detachable media 211, such as disk, CD,
Magneto-optic disk, semiconductor memory etc. are mounted on as needed on driver 210, in order to from the computer journey read thereon
Sequence is mounted into storage section 208 as needed.
Particularly, according to an embodiment of the present application, it may be implemented as computer below with reference to the process of flow chart description
Software program.For example, embodiments herein includes a kind of computer program product comprising be carried on computer-readable medium
On computer program, which includes the program code for method shown in execution flow chart.In such reality
It applies in example, which can be downloaded and installed from network by communications portion 209, and/or from detachable media
211 are mounted.When the computer program is executed by central processing unit (CPU) 201, executes and limited in the system of the application
Various functions.
It should be noted that computer-readable medium shown in the embodiment of the present application can be computer-readable signal media
Or computer readable storage medium either the two any combination.Computer readable storage medium for example can be with
System, device or the device of --- but being not limited to --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, or it is any more than
Combination.The more specific example of computer readable storage medium can include but is not limited to: have one or more conducting wires
Electrical connection, portable computer diskette, hard disk, random access storage device (RAM), read-only memory (ROM), erasable type are programmable
Read-only memory (Erasable Programmable Read Only Memory, EPROM), flash memory, optical fiber, Portable, compact
Disk read-only memory (Compact Disc Read-Only Memory, CD-ROM), light storage device, magnetic memory device or
The above-mentioned any appropriate combination of person.In this application, computer readable storage medium can be it is any include or storage program
Tangible medium, which can be commanded execution system, device or device use or in connection.And in this Shen
Please in, computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal,
In carry computer-readable program code.The data-signal of this propagation can take various forms, including but not limited to
Electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be computer-readable
Any computer-readable medium other than storage medium, the computer-readable medium can send, propagate or transmit for by
Instruction execution system, device or device use or program in connection.The journey for including on computer-readable medium
Sequence code can transmit with any suitable medium, including but not limited to: wireless, wired etc. or above-mentioned is any appropriate
Combination.
Flow chart and block diagram in attached drawing are illustrated according to the system of the various embodiments of the application, method and computer journey
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, program segment or code of table, a part of above-mentioned module, program segment or code include one or more
Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box
The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical
On can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it wants
It is noted that the combination of each box in block diagram or flow chart and the box in block diagram or flow chart, can use and execute rule
The dedicated hardware based systems of fixed functions or operations is realized, or can use the group of specialized hardware and computer instruction
It closes to realize.
Being described in unit involved in the embodiment of the present application can be realized by way of software, can also be by hard
The mode of part realizes that described unit also can be set in the processor.Wherein, the title of these units is in certain situation
Under do not constitute restriction to the unit itself.
As on the other hand, present invention also provides a kind of computer-readable medium, which be can be
Included in electronic equipment described in above-described embodiment;It is also possible to individualism, and without in the supplying electronic equipment.
Above-mentioned computer-readable medium carries one or more program, when the electronics is set by one for said one or multiple programs
When standby execution, so that method described in electronic equipment realization as the following examples.For example, the electronic equipment can be real
Each step now as shown in Figures 3 to 8.
Individually below from the angle of target device to be managed, equipment producer and equipment management side, the application is implemented
The realization details of the technical solution of example is described in detail.
It is illustrated from the angle of target device to be managed:
Fig. 3 diagrammatically illustrates the process of the device management method based on block chain of one embodiment according to the application
Figure, the device management method are suitable for electronic equipment described in previous embodiment, specifically, the execution of the device management method
Main body can be target device to be managed.
Referring to shown in Fig. 3, which includes at least step S310 to step S330, is described in detail as follows:
In step s310, the key of the affiliated group of target device is obtained.
In one embodiment of the application, belonging to the target device of available equipment production mode reform target device write-in
The key of group.Wherein, the key of the affiliated group of target device can be symmetric key, can also be with unsymmetrical key.If target
The key of the affiliated group of equipment is unsymmetrical key, then needs to get the public key and private key of the affiliated group of target device.
In one embodiment of the application, the affiliated group of target device can be production batch belonging to target device,
For example equipment producer can generate corresponding key according to the equipment that the production batch of equipment is each batch.
In step s 320, the public key of the target device according to the key pair of the affiliated group of the target device and described
The information of target device is signed, the first data after being signed.
It, can root if the key of the affiliated group of target device is unsymmetrical key in one embodiment of the application
It signs according to the private key of the affiliated group of target device to the public key of target device and the information of target device.Wherein, target is set
Standby information may include the mark of target device, such as device id.
In step S330, first data are written in block chain network, so that equipment management side is from the block
First data are obtained in chain network, and the target device is managed based on first data.
In the technical solution of embodiment shown in Fig. 3, be written in block chain network by the first data after signing, with
First data are obtained from block chain network for equipment management side, and target device is managed based on first data,
Make it possible to be managed equipment by block chain network, and then effectively facility information can be avoided illegally to be distorted,
The safety that ensure that facility information realizes the safety management to equipment.
Technical solution based on embodiment illustrated in fig. 3, as shown in figure 4, according to another embodiment of the application based on
The device management method of block chain, including step S410 are described in detail as follows to step S430:
In step S410, after above-mentioned first data are written in block chain network, the first random number is generated.
In this embodiment, it in the first data write-in block chain network that target device obtains after by above-mentioned signature
Afterwards, a random number can be generated, at random to initiate authorization requests based on the random number.
In the step s 420, at random according to the public key of the target device, the private key of the target device and described first
Number generates authorization requests.
In one embodiment of the application, it can be signed by the private key of target device to the first random number, and
Public key based on data and target device after signature generates the authorization requests.I.e. in this embodiment, due to target device
Public key be disclosed, therefore sign in signature without the public key to the target device.
It, can be by the private key of target device to the first random number and target device in another embodiment of the application
Public key sign, and generate the authorization requests based on the data after signature.It i.e. in this embodiment, not only can be to
One random number is signed, and can be signed to the public key of target device.
In step S430, the authorization requests are written in the block chain network, for the equipment management side from
It is obtained in the block chain network and responds the authorization requests.
The technical solution of embodiment illustrated in fig. 4 makes it possible to authorization requests be written in block chain network, to be based on block
Chain network realizes the safety management to equipment.
The technical solution of embodiment based on shown in Fig. 4, as shown in figure 5, according to another embodiment of the application based on
The device management method of block chain, including step S510 are described in detail as follows to step S530:
In step S510, after the authorization requests are written in the block chain network, from the block link network
The authorization message that the equipment management side is sent is obtained in network, includes by the equipment management side in the authorization message
The result that private key signs to the second random number.
In one embodiment of the application, receiving equipment to be managed, (equipment to be managed may for equipment management side
Target device) send authorization requests after, authorization requests can be verified by the public key of equipment to be managed, verified
The random number that can be obtained in authorization requests after (if the authorization requests received are that target device is sent, authorizes
Random number in request is the first random number above-mentioned), and signed by the private key of equipment management side, to generate authorization
Information.
In step S520, the public key based on the equipment management side verifies the authorization message, and is verifying
Second random number is obtained by rear.
In one embodiment of the application, target device can be written in the public key of equipment management side by equipment producer
In, and then target device can verify authorization message based on the public key of the equipment management side of equipment producer write-in.This
Outside, target device can also get the public key of equipment management side from block chain network.
In step S530, if second random number is identical as first random number, it is determined that the target device
It authorizes successfully.
In embodiments herein, since equipment management side may send authorization letter for multiple equipment to be managed
Breath, and the random number for including in the authorization message sent for distinct device is different, and random in authorization message
Number is identical as the random number in authorization requests, therefore target device can be got according to the first random number and from authorization message
The second random number determine whether to obtain the authorization of equipment management side.
It can also include to authorisation device in one embodiment of the application, in the authorization message in previous embodiment
Public key, then can also judge target device before the public key based on equipment management side verifies authorization message
Whether the public key to authorisation device for including in public key and authorization message is identical, and sets in the public key of target device with wait authorize
Public key when standby public key is identical, then based on equipment management side verifies authorization message, and then can guarantee according to authorization
The public key to authorisation device for including in information directly determines whether the authorization message is the authorization message for being directed to target device.
It is illustrated from the angle of equipment producer:
Fig. 6 diagrammatically illustrates the stream of the device management method based on block chain of another embodiment according to the application
Cheng Tu, the executing subject of the device management method can be the processing equipment of equipment producer.
Referring to shown in Fig. 6, which includes at least step S610 to step S630, is described in detail as follows:
In step S610, block chain network is written into the public key of the information of equipment producer and the equipment producer
In, and the key of the affiliated group of the target device is written to the target device that the equipment producer produces.
In one embodiment of the application, the affiliated group of target device can be production batch belonging to target device,
For example equipment producer can generate corresponding key according to the equipment that the production batch of equipment is each batch.Wherein, target
The key of the affiliated group of equipment can be symmetric key, can also be with unsymmetrical key.
In one embodiment of the application, in order to guarantee the information security of equipment producer, it can be produced by equipment
Before in the information write-in block chain network of side, the information of equipment producer is encrypted.
In one embodiment of the application, equipment producer can also get equipment management side from block chain network
Public key, and will the public key of equipment management side be written target device in.
In step S620, the information of the target device and the target are set by the private key of the equipment producer
The key of standby affiliated group is signed, the second data after being signed.
In step S630, second data are written in the block chain network, for the equipment management side from
Second data are obtained in the block chain network, and the target device is managed based on second data.
In the technical solution of embodiment shown in Fig. 6, by by the public key of the information of equipment producer and equipment producer
It is written in block chain network, and by the private key of equipment producer to the close of the affiliated group of information and target device of target device
Key is signed to obtain the second data, and then second data are written in block chain network, equipment management side is led to
It crosses block chain network and obtains second data, and target device is managed accordingly, realize based on block chain network to mesh
The purpose that marking device is managed is conducive to the safety for improving equipment management.
It is illustrated from the angle of equipment management side:
Fig. 7 diagrammatically illustrates the stream of the device management method based on block chain of another embodiment according to the application
The executing subject of Cheng Tu, the device management method can be the processing equipment of equipment management side.
Referring to shown in Fig. 7, which includes at least step S710 to step S740, is described in detail as follows:
In step S710, the first data by signature, the equipment of target device write-in are obtained from block chain network
The public key by the second data and equipment producer signed of producer write-in.
In one embodiment of the application, as shown in figure 3, the first data can be according to the affiliated group of target device
What the public key of key pair target device and the information of target device were signed;As shown in fig. 6, the second data can be it is logical
Cross what the private key of equipment producer signed to the key of the affiliated group of information and target device of target device.
In one embodiment of the application, the affiliated group of target device can be production batch belonging to target device,
For example equipment producer can generate corresponding key according to the equipment that the production batch of equipment is each batch.
In step S720, the public key based on the equipment producer verifies second data, and is verifying
Pass through the key of the rear information for obtaining the target device and the affiliated group of the target device.
In one embodiment of the application, the key of the affiliated group of target device can be symmetric key, can also be non-
Symmetric key.
In step S730, the first data according to the key pair of the affiliated group of the target device are verified, and
The public key of the target device is obtained after being verified.
It, can root if the key of the affiliated group of target device is unsymmetrical key in one embodiment of the application
The first data are verified according to the public key of the affiliated group of target device.
In step S740, the information of the target device and the public key of the target device are recorded, to the target
Equipment is managed.
In the technical solution of embodiment shown in Fig. 7, by the process for obtaining target device write-in from block chain network
The first data, the second data for passing through signature of equipment producer write-in and the public key of equipment producer of signature, to be based on
The public key of equipment producer verifies the second data, and the key pair the of the affiliated group of target device obtained based on verifying
One data are verified, and then record the information and public key of the target device that verifying obtains, are made it possible to based on block chain network
It realizes the management to target device, is conducive to the safety for improving equipment management.
Technical solution based on embodiment illustrated in fig. 7, as shown in figure 8, according to another embodiment of the application based on
The device management method of block chain, including step S810 are described in detail as follows to step S830:
Step S810, after the public key of the information and the target device that record the target device, from the block
The authorization requests that the target device is sent are obtained in chain network, include the private through the target device in the authorization requests
The random number of key signature.
Step S820, the public key based on the target device verify the authorization requests, and after being verified
Private key based on equipment management side signs to the random number, the third data after being signed.
Step S830 generates the authorization message for being directed to the target device based on the third data, and by the authorization
Information is written in the block chain network, so that the target device obtains the authorization message from the block chain network.
In one embodiment of the application, equipment management side is after authorization message is written in block chain network, mesh
Marking device can obtain authorization message based on the technical solution of embodiment illustrated in fig. 5, and determine whether to award based on authorization message
It weighs successfully.
It should be noted that public key above-mentioned is either public key itself, is also possible to the corresponding address of public key.
Above respectively from the angle of target device to be managed, equipment producer and equipment management side to the embodiment of the present application
Technical solution elaborated, below by the reality from the angle of three's interaction to the technical solution of the embodiment of the present application
Existing details is described in detail:
In the concrete application scene of the application, target device can be the edge calculations equipment in Internet of Things, such as
With the generation of (Secure Element, the safety element) safety zone SE and key storage function, have access to block chain network
Equipment and the equipment that can handle block data with CPU such as support that SGX (protect by Software Guard Extensions, software
Shield extension) preposition PC machine, support TEE (Trusted execution environment, credible performing environment) ARM
(Advanced RISC Machines, Advanced Reduced Instruction Set processor) chip, the M2M (Machine-to- with SE
Machine, Machine To Machine) equipment etc..Equipment management side can be administrative center, and equipment producer can be manufacturer.
Specifically as shown in figure 9, manufacturer's information and this batch are written into block chain network by step S901 by manufacturer
Edge device information, and by step S902 to edge calculations equipment be written data (such as can under offline environment to
The initial information of edge calculations equipment and the public key information of administrative center is written in edge calculations equipment), to initialize edge calculations
Equipment.Registration request and authorization requests is written to block chain network by step S903 in edge calculations equipment, and passes through step
S904 obtains the authorization message of administrative center's publication from block chain network.Administrative center passes through step S905 to block chain network
The information of middle write-in administrative center and publication are to the authorization message of edge calculations equipment, and by step S906 from block link network
The authorization requests that edge calculations equipment is sent are obtained in network.
Below in conjunction with Figure 10, to the specific interaction between manufacturer, administrative center, edge calculations equipment and block chain network
Process is described in detail, and specifically comprises the following steps that S1001 to step S1011, is illustrated in detailed below:
In step S1001, administrative center block chain network Register Authority data, i.e., by the number of administrative center
According in write-in block chain network.
In one embodiment of the application, administrative center is as shown in table 1 in the data that block chain network is registered, and can wrap
Include administrative center address and administrative center's information.Wherein, administrative center address is the public key address of administrative center.In the application
Other embodiments in, directly the public key of administrative center can also be registered in block chain network.
Administrative center address | Administrative center's information |
Table 1
In step S1002, manufacturer the data of manufacturer is written in the data of block chain network registration manufacturer
In block chain network.
In one embodiment of the application, manufacturer is as shown in table 2 in the data that block chain network is registered, and may include
Manufacturer address and manufacturer's information.Wherein, manufacturer address is the public key address of manufacturer.In other implementations of the application
In example, directly the public key of manufacturer can also be registered in block chain network.
Manufacturer address | Manufacturer's information |
Table 2
It, can be by manufacturer's information in order to avoid manufacturer's information is compromised in one embodiment of the application
It is written before block chain network, manufacturer's information is encrypted.
In the step s 1003, key is written to edge calculations equipment produced in the environment of offline secure in manufacturer
Data.
In one embodiment of the application, the key data that manufacturer is written to edge calculations equipment is as shown in table 3, packet
Include the public key of this batch public key, this batch private key and administrative center.
This batch public key | This batch private key | Administrative center's public key |
Table 3
In step S1004, the information of this batch edge calculations equipment is written to block chain network batch by manufacturer.
In one embodiment of the application, this batch edge calculations equipment of the manufacturer to block chain network batch write-in
Information it is as shown in table 4, comprising: this batch address (being directed toward this batch public key in the address), facility information (such as device id) and label
Name result.The signature result can be through the corresponding private key in manufacturer address (i.e. the public key of manufacturer) to this batch address
(public key) and facility information (ID) carry out the result after signature operation.
This batch address (public key) | Facility information (ID) | Signature result |
Table 4
In step S1005, edge calculations equipment initial start-up, the public key address of raw capital equipment and private key in equipment,
Wherein private key can not export.
In step S1006, edge calculations equipment exports the public key address of this equipment and facility information and block chain is written
In network, to be registered in block chain network.
In one embodiment of the application, the information that edge calculations equipment is written in block chain network is as shown in table 5, packet
Include following content:
Registration request | This equipment public key address | Facility information (ID) | Signature result 1 |
Table 5
As shown in table 5, the public key address of this equipment is the public key address of this equipment generated when equipment starting.Signature knot
Fruit 1 is to carry out the result after signature operation to this equipment public key address and facility information using this batch private key.
In step S1007, simultaneously whether calibration equipment information is correct for the synchronous block chain data of administrative center.
In one embodiment of the application, whether correct administrative center's calibration equipment information process be as shown in figure 11,
Include:
Step S1101 verifies this batch equipment information.
In one embodiment of the application, administrative center is by manufacturer address (public key) to (this batch address in plain text
(public key), facility information (ID)) and table 4 shown in signature result verified, as pass through if this batch public key, facility information
(ID) it is true, and carries out in next step.
Step S1102 verifies edge calculations facility information.
In one embodiment of the application, administrative center is obtained in back by facility information (ID) and is verified
This batch address (public key), then by this batch address (public key) to (" this device address (public key) " of registration and setting in plain text
It for signature result 1 shown in information (ID)) and table 5 and is verified, equipment succeeds in registration certainly if passing through, this device address
(public key) effectively, and carries out in next step.
Step S1103, recording equipment information.
With continued reference to shown in Figure 10, in step S1008, initialization back edge all needs after calculating each electrifying startup of equipment
Authorizing could use, and edge calculations equipment is generated random number and signed using own private key, according to random number and signature result
Authorization requests are sent to block network.
In one embodiment of the application, the information that the authorization requests that edge calculations equipment is sent include is as shown in table 6,
Including following content:
Authorization requests | This equipment public key address | The random number of request | Signature result 2 |
Table 6
As shown in table 6, signature result 2 is the knot carried out using the private key of this equipment to the random number of request after signature operation
Fruit.
In step S1009, the synchronous block chain data of administrative center, and get from synchronous block chain data wait award
The authorization requests that the edge calculations equipment of power is sent.
In step S1010, public key of the administrative center based on edge calculations equipment tests the authorization requests received
Card, signs to the random number in authorization requests using the private key of administrative center after being verified, and is then based on signature knot
Authorization message is written into block chain network in fruit.
In one embodiment of the application, the information that authorization message includes is as shown in table 7, including following content:
Authorization message | It is authorized to equipment public key address | Signature result |
Table 7
Signature result shown in table 7 is mainly to be done using the private key of administrative center to the random number in authorization requests
Signature result.
In step S1011, the synchronous block chain data of edge calculations equipment, and the extract management center from block chain data
Authorization result is tested.
In one embodiment of the application, edge calculations equipment first checks for the authorized equipment for including in authorization message
Whether public key address is this device address, and in this way then by signature result shown in administrative center's public key verifications table 7, verifying is logical
Later the random number in authorization message is obtained, if in the authorization requests that the random number and edge calculations equipment in authorization message are sent
Random number it is identical, then confirm edge calculations device authorization success.
In one embodiment of the application, after the success of edge calculations device authorization, corresponding business can be executed
Process is such as added and serves as internet of things equipment into Internet of Things.
In the technical solution of the above embodiments of the present application, information, registration process of the edge calculations equipment in production link
And licensing process combines block chain network, it is ensured that the trackability of facility information.Since different manufacturers is in block
There is respective address (not including sensitive information) in chain network, while being encrypted by the information to manufacturer, it can be ensured that
Different manufacturers can not mutually be understood by block chain network, and the information for avoiding manufacturer is compromised.Meanwhile manufacturer
The process of edge calculations equipment is produced also in relation with block chain network, so that the information of each edge calculations equipment of production can
It is registered in block chain network, it is ensured that the information of edge calculations equipment carries out reliable delivery by block chain network, and each
Edge calculations equipment all corresponds to an address in block chain network, can not forge.Again, due to each edge calculations equipment
By avoiding and the problem of Single Point of Faliure occur in network insertion block chain.
In addition, (such as the equipment owner believes the various sensitive informations of edge calculations equipment in above-described embodiment of the application
Breath etc.) it can be hidden by way of encryption, it ensure that the safety of sensitive data.And edge calculations equipment, management
The interactive process of center and manufacturer and block chain network, which passes through signature, ensures the integrality and reliability of data, improves and sets
The safety of standby management.
The Installation practice of the application introduced below, can be used for executing in the above embodiments of the present application based on block chain
Device management method.For undisclosed details in the application Installation practice, it is above-mentioned based on block to please refer to the application
The embodiment of the device management method of chain.
Figure 12 diagrammatically illustrates the frame of the equipment management device based on block chain of one embodiment according to the application
Figure, the equipment management device can be set in target device to be managed.
Referring to Fig.1 shown in 2, according to the equipment management device 120 based on block chain of one embodiment of the application, packet
It includes: first acquisition unit 1201, the first signature unit 1202 and the first writing unit 1203.
Wherein, first acquisition unit 1201 is used to obtain the key of the affiliated group of target device;First signature unit 1202
For the target device according to the key pair of the affiliated group of the target device public key and the target device information into
Row signature, the first data after being signed;First writing unit 1203 is used to first data block chain network is written
In, so that equipment management side obtains first data from the block chain network, and based on first data to described
Target device is managed.
In one embodiment of the application, the equipment management device 120 shown in Figure 12 based on block chain can also be wrapped
It includes: the first generation unit and the second generation unit.Wherein, the first generation unit is for generating the first random number;Second generates list
Member is for generating authorization requests according to the public key of the target device, the private key of the target device and first random number;
First writing unit 1203 is also used to the authorization requests be written in the block chain network, for the equipment management
Side obtains from the block chain network and responds the authorization requests.
In one embodiment of the application, the second generation unit is used for: by the private key of the target device to described
First random number is signed, and generates the authorization requests based on the public key of data and the target device after signature;Or
It is signed by the private key of the target device to the public key of first random number and the target device, and based on signature
Data afterwards generate the authorization requests.
In one embodiment of the application, the first acquisition unit 1201 is also used to: from the block chain network
The authorization message that the equipment management side is sent is obtained, includes the private key by the equipment management side in the authorization message
To the second random number sign as a result, the public key based on the equipment management side verifies the authorization message, and
Second random number is obtained after being verified;Equipment management device 120 shown in Figure 12 can also comprise determining that unit,
For when second random number is identical as first random number, determining the target device authorization success.
It also include the public key to authorisation device in one embodiment of the application, in the authorization message;Figure 12 institute
The equipment management device 120 shown can also include: judging unit, for judging the public key of the target device with described wait authorize
Whether the public key of equipment is identical;The first acquisition unit 1201 is configured that in the public key of the target device with described wait award
When the public key of power equipment is identical, the public key based on the equipment management side verifies the authorization message.
In one embodiment of the application, the first acquisition unit 1201, which is configured that, obtains equipment production mode reform institute
State the key of target device write-in.
Figure 13 diagrammatically illustrates the equipment management device based on block chain of another embodiment according to the application
Block diagram, the equipment management device can be set in the processing equipment of equipment producer.
Referring to Fig.1 shown in 3, according to the equipment management device 130 based on block chain of another embodiment of the application, packet
It includes: the second writing unit 1301, the second signature unit 1302 and third writing unit 1303.
Wherein, the second writing unit 1301 is used to be written the public key of the information of equipment producer and the equipment producer
In block chain network, and the key of the affiliated group of the target device is written to the target device that the equipment producer produces;
Second signature unit 1302 is for setting the information of the target device and the target by the private key of the equipment producer
The key of standby affiliated group is signed, the second data after being signed;Third writing unit 1303 is used for described second
Data are written in the block chain network, so that the equipment management side obtains second number from the block chain network
According to, and the target device is managed based on second data.
In one embodiment of the application, second writing unit 1301 is also used to: by the letter of equipment producer
Before in the public key of breath and equipment producer write-in block chain network, the information of the equipment producer is encrypted.
Figure 14 diagrammatically illustrates the equipment management device based on block chain of another embodiment according to the application
Block diagram, the equipment management device can be set in the processing equipment of equipment management side.
Referring to Fig.1 shown in 4, according to the equipment management device 140 based on block chain of another embodiment of the application, packet
It includes: second acquisition unit 1401, the first authentication unit 1402, the second authentication unit 1403 and recording unit 1404.
Wherein, second acquisition unit 1401 for obtained from block chain network target device write-in by the of signature
The public key of one data, the second data for passing through signature of equipment producer write-in and the equipment producer;First verifying is single
Member 1402 verifies second data for the public key based on the equipment producer, and institute is obtained after being verified
State the information of target device and the key of the affiliated group of the target device;Second authentication unit 1403 is used for according to the target
First data described in the key pair of the affiliated group of equipment are verified, and the public affairs of the target device are obtained after being verified
Key;Recording unit 1404 is used to record the information of the target device and the public key of the target device, to set to the target
It is standby to be managed.
In one embodiment of the application, the equipment management device 140 shown in Figure 14 based on block chain can also be wrapped
It includes: third authentication unit, third generation unit and the 4th writing unit;The second acquisition unit 1401 is also used to from the area
The authorization requests that the target device is sent are obtained in block chain network, include through the target device in the authorization requests
The random number of private key signature;The third authentication unit carries out the authorization requests for the public key based on the target device
Verifying, and the private key after being verified based on equipment management side signs to the random number, the third after being signed
Data;The third generation unit is used to generate the authorization message for being directed to the target device based on the third data;It is described
4th writing unit is used to the authorization message be written in the block chain network, so that the target device is from the block
The authorization message is obtained in chain network.
It should be noted that although being referred to several modules or list for acting the equipment executed in the above detailed description
Member, but this division is not enforceable.In fact, according to presently filed embodiment, it is above-described two or more
Module or the feature and function of unit can embody in a module or unit.Conversely, an above-described mould
The feature and function of block or unit can be to be embodied by multiple modules or unit with further division.
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the application
The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one
Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating
Equipment (can be personal computer, server, touch control terminal or network equipment etc.) is executed according to the application embodiment
Method.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the application
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the application, these modifications, purposes or
Person's adaptive change follows the general principle of the application and including the undocumented common knowledge in the art of the application
Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the application are by following
Claim is pointed out.
It should be understood that the application is not limited to the precise structure that has been described above and shown in the drawings, and
And various modifications and changes may be made without departing from the scope thereof.Scope of the present application is only limited by the accompanying claims.
Claims (15)
1. a kind of device management method based on block chain characterized by comprising
The public key of the information of equipment producer and the equipment producer is written in block chain network equipment producer, and to institute
The key of the affiliated group of the target device is written in the target device for stating the production of equipment producer, passes through the equipment producer
Private key signed to the information of the target device and the key of the affiliated group of the target device after second
Second data are written in the block chain network data;
The target device obtains the key of affiliated group, is set according to target described in the key pair of the affiliated group of the target device
The information of standby public key and the target device signed after the first data, by first data write area
In block chain network;
Equipment management side obtains first data, second data and the equipment producer from the block chain network
Public key, the public key based on the equipment producer verifies second data, and described in obtaining after being verified
The key of the information of target device and the affiliated group of the target device, according to the key pair institute of the affiliated group of the target device
It states the first data to be verified, and obtains the public key of the target device after being verified, record the letter of the target device
The public key of breath and the target device, to be managed to the target device.
2. the device management method according to claim 1 based on block chain, which is characterized in that further include:
The target device generates the first random number after first data are written in the block chain network, according to
The public key of the target device, the private key of the target device and the first generating random number authorization requests, by the authorization
Request is written in the block chain network;
The equipment management side obtains the authorization requests from the block chain network, the public key pair based on the target device
The authorization requests are verified, and the private key based on the equipment management side after being verified signs the random number
Name sign after third data, generate the authorization message for the target device based on the third data, and by institute
It states authorization message to be written in the block chain network, so that the target device obtains the authorization from the block chain network
Information.
3. the device management method according to claim 2 based on block chain, which is characterized in that according to the target device
Public key, the target device private key and the first generating random number authorization requests, comprising:
Signed by the private key of the target device to first random number, and based on after signature data and the mesh
The public key of marking device generates the authorization requests;Or
It is signed, and is based on to the public key of first random number and the target device by the private key of the target device
Data after signature generate the authorization requests.
4. the device management method according to claim 2 based on block chain, which is characterized in that further include:
The target device obtains the authorization message that the equipment management side is sent, the authorization letter from the block chain network
Include in breath by the private key of the equipment management side to the second random number sign as a result, based on the equipment management
The public key of side verifies the authorization message, and second random number is obtained after being verified, if described second with
Machine number is identical as first random number, it is determined that the target device authorization success.
5. the device management method according to claim 4 based on block chain, which is characterized in that in the authorization message also
It include the public key to authorisation device;
The target device judges that the public key of the target device is set with described wait authorize after getting the authorization message
Whether standby public key is identical, if the public key of the target device is identical as the public key to authorisation device, is set based on described
The public key of standby manager verifies the authorization message.
6. the device management method according to claim 4 based on block chain, which is characterized in that the equipment management side is also
For the public key of the equipment management side to be written in the block chain network;
The equipment producer is also used to get the public key of the equipment management side from the block chain network, and will be described
The public key of equipment management side is written in the target device.
7. the device management method according to claim 1 based on block chain, which is characterized in that the equipment producer exists
Before the block chain network is written in the information of the equipment producer, the information of the equipment producer is carried out at encryption
Reason.
8. the device management method according to any one of claim 1 to 7 based on block chain, which is characterized in that described
The affiliated group of target device includes production batch belonging to the target device.
9. a kind of equipment management system based on block chain characterized by comprising equipment producer, equipment management side and to
The target device of management;
Wherein, the equipment producer is used to the public key of the information of equipment producer and equipment producer block chain is written
In network, and the key of the affiliated group of the target device is written to the target device that the equipment producer produces, passes through institute
The private key for stating equipment producer sign to the information of the target device and the key of the affiliated group of the target device
Second data are written in the block chain network the second data after to signature;
The target device is used to obtain the key of affiliated group, according to mesh described in the key pair of the affiliated group of the target device
The information of the public key of marking device and the target device signed after the first data, first data are write
Enter in block chain network;
Equipment management side is raw for obtaining first data, second data and the equipment from the block chain network
The public key of production side, the public key based on the equipment producer verifies second data, and obtains after being verified
The key of the information of the target device and the affiliated group of the target device, according to the key of the affiliated group of the target device
First data are verified, and obtain the public key of the target device after being verified, record the target device
Information and the target device public key, to be managed to the target device.
10. the equipment management system according to claim 9 based on block chain, it is characterised in that:
The target device is also used to after first data are written in the block chain network, and it is random to generate first
Number, according to the public key of the target device, the private key of the target device and the first generating random number authorization requests, by institute
Authorization requests are stated to be written in the block chain network;
The equipment management side is also used to obtain the authorization requests from the block chain network, based on the target device
Public key verifies the authorization requests, and the private key based on the equipment management side after being verified is to the random number
Third data after being signed generate the authorization message for being directed to the target device based on the third data,
And the authorization message is written in the block chain network, so that the target device obtains institute from the block chain network
State authorization message.
11. the equipment management system according to claim 10 based on block chain, which is characterized in that the target device is used
It signs in the private key by the target device to first random number, and based on the data and the target after signature
The public key of equipment generates the authorization requests;Or for the private key by the target device to first random number and described
The public key of target device is signed, and generates the authorization requests based on the data after signature.
12. the equipment management system according to claim 10 based on block chain, which is characterized in that the target device is also
It include logical in the authorization message for obtaining the authorization message of equipment management side's transmission from the block chain network
Cross the private key of the equipment management side to the second random number sign as a result, the public key based on the equipment management side to institute
It states authorization message to be verified, and obtains second random number after being verified, if second random number and described the
One random number is identical, it is determined that the target device authorization success.
13. the equipment management system according to claim 12 based on block chain, which is characterized in that in the authorization message
It also include the public key to authorisation device;
The target device is also used to after getting the authorization message, judge the target device public key and it is described to
Whether the public key of authorisation device is identical, if the public key of the target device is identical as the public key to authorisation device, is based on
The public key of the equipment management side verifies the authorization message.
14. the equipment management system according to claim 12 based on block chain, which is characterized in that the equipment management side
It is also used to the public key of the equipment management side be written in the block chain network;
The equipment producer is also used to get the public key of the equipment management side from the block chain network, and will be described
The public key of equipment management side is written in the target device.
15. the equipment management system based on block chain according to any one of claim 9 to 14, which is characterized in that institute
Equipment producer is stated to be also used to before the block chain network is written in the information of the equipment producer, it is raw to the equipment
The information of production side is encrypted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910713863.6A CN110493039B (en) | 2018-08-06 | 2018-08-06 | Block chain-based equipment management method and equipment management system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810884003.4A CN109104311B (en) | 2018-08-06 | 2018-08-06 | Block chain-based device management method, apparatus, medium, and electronic device |
CN201910713863.6A CN110493039B (en) | 2018-08-06 | 2018-08-06 | Block chain-based equipment management method and equipment management system |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810884003.4A Division CN109104311B (en) | 2018-08-06 | 2018-08-06 | Block chain-based device management method, apparatus, medium, and electronic device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110493039A true CN110493039A (en) | 2019-11-22 |
CN110493039B CN110493039B (en) | 2021-06-04 |
Family
ID=64848786
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910713863.6A Active CN110493039B (en) | 2018-08-06 | 2018-08-06 | Block chain-based equipment management method and equipment management system |
CN201810884003.4A Active CN109104311B (en) | 2018-08-06 | 2018-08-06 | Block chain-based device management method, apparatus, medium, and electronic device |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810884003.4A Active CN109104311B (en) | 2018-08-06 | 2018-08-06 | Block chain-based device management method, apparatus, medium, and electronic device |
Country Status (1)
Country | Link |
---|---|
CN (2) | CN110493039B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111431728A (en) * | 2020-03-30 | 2020-07-17 | 腾讯科技(深圳)有限公司 | User group management method of distributed application program |
CN111445035A (en) * | 2020-02-20 | 2020-07-24 | 江苏荣泽信息科技股份有限公司 | Store equipment management system based on block chain |
CN111988338A (en) * | 2020-09-07 | 2020-11-24 | 华侨大学 | Permission-controllable Internet of things cloud platform based on block chain and data interaction method |
CN112637164A (en) * | 2020-12-15 | 2021-04-09 | 国网浙江省电力有限公司双创中心 | Equipment authentication management system, method and device based on block chain |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109617699A (en) * | 2019-01-16 | 2019-04-12 | 北京沃东天骏信息技术有限公司 | A kind of key generation method, block chain network service platform and storage medium |
CN113098907B (en) * | 2019-03-05 | 2023-07-11 | 深圳前海微众银行股份有限公司 | Group division method and device for block chain |
CN109743185B (en) * | 2019-03-19 | 2020-12-01 | 全链通有限公司 | Group communication method based on domain name block chain, block chain link point and medium |
CN109756349B (en) * | 2019-03-19 | 2020-12-01 | 全链通有限公司 | Group communication method based on domain name block chain, block chain link point and medium |
CN109918878B (en) * | 2019-04-24 | 2021-03-02 | 中国科学院信息工程研究所 | Industrial Internet of things equipment identity authentication and safe interaction method based on block chain |
US20220217002A1 (en) * | 2019-05-10 | 2022-07-07 | NEC Laboratories Europe GmbH | Method and system for device identification and monitoring |
CN110569674B (en) * | 2019-09-10 | 2023-11-17 | 腾讯科技(深圳)有限公司 | Authentication method and device based on block chain network |
CN111291411B (en) * | 2020-02-13 | 2022-12-23 | 福州大学 | Safe video anomaly detection system and method based on convolutional neural network |
CN111741062B (en) * | 2020-05-12 | 2023-04-18 | 湖南半岛医疗科技有限公司 | Electronic equipment local area management system based on block chain technology |
CN112118245B (en) * | 2020-09-10 | 2023-01-10 | 中国联合网络通信集团有限公司 | Key management method, system and equipment |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105635062A (en) * | 2014-10-31 | 2016-06-01 | 腾讯科技(上海)有限公司 | Network access equipment verification method and device |
CN106130779A (en) * | 2016-07-18 | 2016-11-16 | 布比(北京)网络技术有限公司 | A kind of Internet of Things equipment and with the Internet of Things construction method of this equipment |
US20170099138A1 (en) * | 2015-10-02 | 2017-04-06 | Orion Labs | Encrypted group communications |
CN106570710A (en) * | 2016-10-27 | 2017-04-19 | 纸飞机(北京)科技有限公司 | Commodity anti-counterfeiting method and device |
US20170339152A1 (en) * | 2016-05-20 | 2017-11-23 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Computing device configuration change management via guest keys |
CN107426250A (en) * | 2017-09-12 | 2017-12-01 | 大唐广电科技(武汉)有限公司 | A kind of industrial digital information network platform based on block chain |
CN107895111A (en) * | 2017-10-11 | 2018-04-10 | 西安电子科技大学 | Internet of things equipment supply chain trust systems management method, computer program, computer |
US20180101844A1 (en) * | 2016-10-11 | 2018-04-12 | Coinplug, Inc. | Method for issuing, using, refunding, settling and revocating electronic voucher using updated status of balance database by respective blocks in blockchain, and server using the same |
CN108243182A (en) * | 2017-10-26 | 2018-07-03 | 招商银行股份有限公司 | Management authorization method, sub- management end, root management end and the storage medium of block chain |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104580208B (en) * | 2015-01-04 | 2018-11-30 | 华为技术有限公司 | A kind of identity identifying method and device |
EP3271824A4 (en) * | 2015-03-20 | 2018-09-05 | Rivetz Corp. | Automated attestation of device integrity using the block chain |
GB201700367D0 (en) * | 2017-01-10 | 2017-02-22 | Trustonic Ltd | A system for recording and attesting device lifecycle |
CN107257340B (en) * | 2017-06-19 | 2019-10-01 | 阿里巴巴集团控股有限公司 | A kind of authentication method, authentication data processing method and equipment based on block chain |
CN108055125B (en) * | 2017-11-23 | 2020-06-30 | 阿里巴巴集团控股有限公司 | Method and device for encrypting and decrypting product information |
CN108055135B (en) * | 2017-12-13 | 2021-03-23 | 杭州全视软件有限公司 | Intelligent terminal authentication management method |
-
2018
- 2018-08-06 CN CN201910713863.6A patent/CN110493039B/en active Active
- 2018-08-06 CN CN201810884003.4A patent/CN109104311B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105635062A (en) * | 2014-10-31 | 2016-06-01 | 腾讯科技(上海)有限公司 | Network access equipment verification method and device |
US20170099138A1 (en) * | 2015-10-02 | 2017-04-06 | Orion Labs | Encrypted group communications |
US20170339152A1 (en) * | 2016-05-20 | 2017-11-23 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Computing device configuration change management via guest keys |
CN106130779A (en) * | 2016-07-18 | 2016-11-16 | 布比(北京)网络技术有限公司 | A kind of Internet of Things equipment and with the Internet of Things construction method of this equipment |
US20180101844A1 (en) * | 2016-10-11 | 2018-04-12 | Coinplug, Inc. | Method for issuing, using, refunding, settling and revocating electronic voucher using updated status of balance database by respective blocks in blockchain, and server using the same |
CN106570710A (en) * | 2016-10-27 | 2017-04-19 | 纸飞机(北京)科技有限公司 | Commodity anti-counterfeiting method and device |
CN107426250A (en) * | 2017-09-12 | 2017-12-01 | 大唐广电科技(武汉)有限公司 | A kind of industrial digital information network platform based on block chain |
CN107895111A (en) * | 2017-10-11 | 2018-04-10 | 西安电子科技大学 | Internet of things equipment supply chain trust systems management method, computer program, computer |
CN108243182A (en) * | 2017-10-26 | 2018-07-03 | 招商银行股份有限公司 | Management authorization method, sub- management end, root management end and the storage medium of block chain |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111445035A (en) * | 2020-02-20 | 2020-07-24 | 江苏荣泽信息科技股份有限公司 | Store equipment management system based on block chain |
CN111431728A (en) * | 2020-03-30 | 2020-07-17 | 腾讯科技(深圳)有限公司 | User group management method of distributed application program |
CN111431728B (en) * | 2020-03-30 | 2024-02-09 | 腾讯科技(深圳)有限公司 | User group management method of distributed application program |
CN111988338A (en) * | 2020-09-07 | 2020-11-24 | 华侨大学 | Permission-controllable Internet of things cloud platform based on block chain and data interaction method |
CN111988338B (en) * | 2020-09-07 | 2022-06-24 | 华侨大学 | Permission-controllable Internet of things cloud platform based on block chain and data interaction method |
CN112637164A (en) * | 2020-12-15 | 2021-04-09 | 国网浙江省电力有限公司双创中心 | Equipment authentication management system, method and device based on block chain |
Also Published As
Publication number | Publication date |
---|---|
CN110493039B (en) | 2021-06-04 |
CN109104311A (en) | 2018-12-28 |
CN109104311B (en) | 2021-08-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110493039A (en) | Device management method and equipment management system based on block chain | |
JP6889967B2 (en) | Methods and systems for generating advanced storage keys on mobile devices without secure elements | |
CN104869175B (en) | Cross-platform account resource-sharing implementation method, apparatus and system | |
JP6497834B2 (en) | Payment methods and associated payment gateway servers, mobile terminals, and time certificate issuing servers | |
JP6957623B2 (en) | Express credential transaction system | |
CN101820346B (en) | Secure digital signature method | |
CN108541318A (en) | For authorizing the client terminal device, server unit and the access control system that access | |
CN110535648A (en) | Electronic certificate is generated and verified and key controlling method, device, system and medium | |
CN103401844B (en) | The processing method of operation requests and system | |
US20140019364A1 (en) | Anytime validation tokens | |
US20140351596A1 (en) | Method, system and apparatus for authenticating user identity | |
KR101807764B1 (en) | Method and system for providing financial service | |
CN110073387A (en) | Confirm being associated between communication equipment and user | |
EP2820602A1 (en) | Systems and methods for mapping a mobile cloud account to a payment account | |
CN110535807A (en) | A kind of service authentication method, device and medium | |
CN106716957A (en) | Efficient and reliable attestation | |
TW201935349A (en) | Methods and devices of paying vehicle riding fare and equipment | |
CN107924516A (en) | A kind of payment authentication method of mobile terminal, device and mobile terminal | |
US20140136421A1 (en) | Method of registering a membership for an electronic payment, system for same, and apparatus and terminal thereof | |
CN108241980A (en) | Authorization and authentication method, system and the ebanking server of cross-terminal, Mobile Server | |
US11551220B2 (en) | Method for processing transaction data, corresponding communications terminal, card reader and program | |
CN116433239A (en) | Transaction payment method and device and electronic equipment | |
KR101976168B1 (en) | Method for performing login or service use based on two channel and apparatus for performing the same | |
EP4113412A1 (en) | Device and method for virtual authorization code-based process authorization | |
KR20150080658A (en) | Method for authenticating goods and Apparatus therefor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40015593 Country of ref document: HK |
|
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |