CN110493039B - Block chain-based equipment management method and equipment management system - Google Patents

Block chain-based equipment management method and equipment management system Download PDF

Info

Publication number
CN110493039B
CN110493039B CN201910713863.6A CN201910713863A CN110493039B CN 110493039 B CN110493039 B CN 110493039B CN 201910713863 A CN201910713863 A CN 201910713863A CN 110493039 B CN110493039 B CN 110493039B
Authority
CN
China
Prior art keywords
target device
public key
target
key
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910713863.6A
Other languages
Chinese (zh)
Other versions
CN110493039A (en
Inventor
唐小飞
申子熹
王强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201910713863.6A priority Critical patent/CN110493039B/en
Publication of CN110493039A publication Critical patent/CN110493039A/en
Application granted granted Critical
Publication of CN110493039B publication Critical patent/CN110493039B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The application provides a device management method and a device management system based on a block chain. The device management method comprises the following steps: the device production side writes the self information public key into the block chain network, writes the key of the group to which the target device belongs into the target device, signs the information of the target device and the key of the group to which the target device belongs through the self private key to obtain second data and writes the second data into the block chain network; the target device signs the public key and the information of the target device according to the key of the group to which the target device belongs to obtain first data and writes the first data into the block chain network; the equipment management party verifies the second data based on the public key of the equipment production party, acquires the information of the target equipment and the key of the group to which the target equipment belongs after the verification is passed, verifies the first data according to the key of the group to which the target equipment belongs, acquires the public key of the target equipment after the verification is passed, and records the information of the target equipment and the public key of the target equipment so as to manage the target equipment. The application realizes the safety management of the equipment.

Description

Block chain-based equipment management method and equipment management system
The application is a divisional application with application number 201810884003.4 and invention name of 'block chain-based device management method, apparatus, medium and electronic device' filed in 2018, 08/06.
Technical Field
The present invention relates to the field of computer and communication technologies, and in particular, to a device management method and a device management system based on a block chain.
Background
In traditional thing networking device management scheme, thing networking device only manages through simple identification, and this kind of mode causes revealing of equipment information easily, and then can influence the security of whole thing networking system.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present application and therefore may include information that does not constitute prior art known to a person of ordinary skill in the art.
Disclosure of Invention
The embodiment of the application provides a device management method and a device management system based on a block chain, and further can overcome the problem of poor device management safety at least to a certain extent.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned by practice of the application.
According to an aspect of an embodiment of the present application, there is provided a device management method based on a block chain, including: the method comprises the steps that an equipment producer writes information of the equipment producer and a public key of the equipment producer into a block chain network, writes a key of a group to which target equipment belongs into target equipment produced by the equipment producer, signs the information of the target equipment and the key of the group to which the target equipment belongs through a private key of the equipment producer to obtain signed second data, and writes the second data into the block chain network; the target device acquires a key of a group to which the target device belongs, signs a public key of the target device and information of the target device according to the key of the group to which the target device belongs to obtain signed first data, and writes the first data into a block chain network; the device management party acquires the first data, the second data and the public key of the device production party from the blockchain network, verifies the second data based on the public key of the device production party, acquires the information of the target device and the key of the group to which the target device belongs after the verification is passed, verifies the first data according to the key of the group to which the target device belongs, acquires the public key of the target device after the verification is passed, and records the information of the target device and the public key of the target device so as to manage the target device.
In some embodiments of the present application, based on the foregoing scheme, the method for device management based on a block chain further includes: after the target device writes the first data into the block chain network, generating a first random number, generating an authorization request according to a public key of the target device, a private key of the target device and the first random number, and writing the authorization request into the block chain network; the device management party obtains the authorization request from the block chain network, verifies the authorization request based on the public key of the target device, signs the random number based on the private key of the device management party after the verification is passed to obtain signed third data, generates authorization information aiming at the target device based on the third data, and writes the authorization information into the block chain network so that the target device can obtain the authorization information from the block chain network.
In some embodiments of the present application, based on the foregoing scheme, generating an authorization request according to the public key of the target device, the private key of the target device, and the first random number includes: signing the first random number through a private key of the target device, and generating the authorization request based on the signed data and a public key of the target device; or signing the first random number and the public key of the target device through the private key of the target device, and generating the authorization request based on the signed data.
In some embodiments of the present application, based on the foregoing scheme, the method for device management based on a block chain further includes: the target device obtains authorization information sent by the device management party from the blockchain network, the authorization information comprises a result of signing a second random number through a private key of the device management party, the authorization information is verified based on a public key of the device management party, the second random number is obtained after verification is passed, and if the second random number is the same as the first random number, the target device is determined to be authorized successfully.
In some embodiments of the present application, based on the foregoing scheme, the authorization information further includes a public key of the device to be authorized; after the target device acquires the authorization information, whether the public key of the target device is the same as that of the device to be authorized or not is judged, and if the public key of the target device is the same as that of the device to be authorized, the authorization information is verified based on the public key of the device manager.
In some embodiments of the present application, based on the foregoing solution, the device manager is further configured to write a public key of the device manager into the blockchain network; the device producer is further configured to obtain the public key of the device manager from the blockchain network, and write the public key of the device manager into the target device.
In some embodiments of the present application, based on the foregoing scheme, the device producer encrypts the information of the device producer before writing the information of the device producer into the blockchain network.
In some embodiments of the present application, based on the foregoing scheme, the group to which the target device belongs includes a production lot to which the target device belongs.
According to an aspect of an embodiment of the present application, there is provided a device management system based on a block chain, including: the system comprises an equipment production party, an equipment management party and target equipment to be managed; the device producer is used for writing information of the device producer and a public key of the device producer into a block chain network, writing a key of a group to which the target device belongs into target devices produced by the device producer, signing the information of the target devices and the key of the group to which the target devices belong by a private key of the device producer to obtain signed second data, and writing the second data into the block chain network; the target device is used for obtaining a key of a group to which the target device belongs, signing a public key of the target device and information of the target device according to the key of the group to which the target device belongs to obtain signed first data, and writing the first data into a block chain network; the device management party is used for acquiring the first data, the second data and a public key of the device producer from the blockchain network, verifying the second data based on the public key of the device producer, acquiring information of the target device and a secret key of a group to which the target device belongs after the verification is passed, verifying the first data according to the secret key of the group to which the target device belongs, acquiring the public key of the target device after the verification is passed, and recording the information of the target device and the public key of the target device so as to manage the target device.
In some embodiments of the present application, based on the foregoing solution, the target device is further configured to generate a first random number after writing the first data in the blockchain network, generate an authorization request according to a public key of the target device, a private key of the target device, and the first random number, and write the authorization request in the blockchain network; the device manager is further configured to obtain the authorization request from the blockchain network, verify the authorization request based on the public key of the target device, sign the random number based on the private key of the device manager after the verification is passed to obtain signed third data, generate authorization information for the target device based on the third data, and write the authorization information into the blockchain network, so that the target device can obtain the authorization information from the blockchain network.
In some embodiments of the present application, based on the foregoing scheme, the target device is configured to sign the first random number by using a private key of the target device, and generate the authorization request based on the signed data and a public key of the target device; or the authorization request is generated based on the signed data by signing the first random number and the public key of the target device through the private key of the target device.
In some embodiments of the present application, based on the foregoing scheme, the target device is further configured to obtain authorization information sent by the device manager from the blockchain network, where the authorization information includes a result of signing a second random number by using a private key of the device manager, verify the authorization information based on a public key of the device manager, and obtain the second random number after the verification is passed, and if the second random number is the same as the first random number, it is determined that the authorization of the target device is successful.
In some embodiments of the present application, based on the foregoing scheme, the authorization information further includes a public key of the device to be authorized; the target device is further configured to determine whether the public key of the target device is the same as the public key of the device to be authorized after the authorization information is obtained, and verify the authorization information based on the public key of the device manager if the public key of the target device is the same as the public key of the device to be authorized.
In some embodiments of the present application, based on the foregoing solution, the device manager is further configured to write a public key of the device manager into the blockchain network; the device producer is further configured to obtain the public key of the device manager from the blockchain network, and write the public key of the device manager into the target device.
In some embodiments of the present application, based on the foregoing solution, the device producer is further configured to encrypt the information of the device producer before writing the information of the device producer into the blockchain network.
In the technical solutions provided in some embodiments of the present application, a target device obtains first data by signing a public key of the target device and information of the target device according to a secret key of a group to which the target device belongs, and writes the first data into a blockchain network, so that a device manager can obtain the first data from the blockchain network, and manage the target device based on the first data, so as to manage the device through the blockchain network, thereby effectively avoiding illegal tampering of device information, ensuring the security of device information, and implementing security management on the device. The device producer writes the information of the device producer and the public key of the device producer into the blockchain network, signs the information of the target device and the key of the group to which the target device belongs through the private key of the device producer to obtain second data, and writes the second data into the blockchain network, so that the device manager can obtain the second data through the blockchain network and manage the target device according to the second data, the purpose of managing the target device based on the blockchain network is achieved, and the safety of device management is improved. The device management party acquires the signed first data written by the target device, the signed second data written by the device production party and the public key of the device production party from the block chain network, verifies the second data based on the public key of the device production party, verifies the first data based on the verified key of the group to which the target device belongs, and further records the verified information and the public key of the target device, so that the management of the target device can be realized based on the block chain network, and the safety of device management is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort. In the drawings:
fig. 1 is a schematic diagram illustrating an exemplary system architecture to which a block chain based device management method or a block chain based device management apparatus according to an embodiment of the present application may be applied;
FIG. 2 illustrates a schematic structural diagram of a computer system suitable for use in implementing an electronic device of an embodiment of the present application;
fig. 3 schematically shows a flow chart of a method of device management based on blockchains according to an embodiment of the present application;
fig. 4 schematically shows a flow chart of a method of device management based on blockchains according to another embodiment of the present application;
fig. 5 schematically shows a flow chart of a method of device management based on blockchains according to another embodiment of the present application;
fig. 6 schematically shows a flow chart of a method of device management based on blockchains according to another embodiment of the present application;
fig. 7 schematically illustrates a flow chart of a method of device management based on blockchains according to another embodiment of the present application;
fig. 8 schematically shows a flow chart of a method of device management based on blockchains according to another embodiment of the present application;
FIG. 9 is a diagram illustrating an application scenario of a device management method according to an embodiment of the present application;
FIG. 10 illustrates a diagram of specific interaction processes between a producer, a management center, an edge computing device, and a blockchain network according to one embodiment of the present application;
FIG. 11 schematically illustrates a flow diagram for a management center verifying device information, according to an embodiment of the present application;
fig. 12 schematically illustrates a block diagram of an apparatus for device management based on blockchains according to an embodiment of the present application;
fig. 13 schematically shows a block diagram of a device management apparatus based on a blockchain according to another embodiment of the present application;
fig. 14 schematically shows a block diagram of a device management apparatus based on a blockchain according to another embodiment of the present application.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the subject matter of the present application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the application.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
Fig. 1 is a schematic diagram illustrating an exemplary system architecture 100 to which the block chain based device management method or the block chain based device management apparatus according to the embodiment of the present application may be applied.
As shown in fig. 1, the system architecture 100 may include a processing device (hereinafter referred to as a device producer for convenience), 101, a target device 102 to be managed, a processing device (hereinafter referred to as a device manager for convenience), 103, and a blockchain network 104. Wherein, the device producer 101, the target device 102 and the device manager 103 access the blockchain network 104 respectively.
It should be understood that the number of device producers 101, target devices 102, and device managers 103 shown in fig. 1 is merely illustrative. There may be any number of device producers 101, target devices 102, and device managers 103, as desired for an implementation.
In one embodiment of the present application, the device manager 103 may write its information and public key into the blockchain network 104; the device producer 101 can write its information and the public key into the blockchain network 104 and obtain the public key of the device manager 103 from the blockchain network 104. Meanwhile, the device producer 101 writes the public key of the device manager 103 and the public key and the private key of the lot to which the target device 102 belongs into the target device 102. Moreover, the device producer 101 signs the public key and the device information of the device of the batch by its own private key, and then writes the signed data into the blockchain network 104.
The target device 102 generates its own public key and private key when it is started, signs its own public key and device information with the private key of the batch to which the target device 102 belongs, and sends a registration request to the blockchain network 104 based on the signed data.
The device manager 103 synchronizes the corresponding data from the blockchain network 104 and then checks whether the information of the target device 102 is correct. Specifically, the device management party 103 verifies the data written in the blockchain network by the device producer 101 through the public key of the device producer 101, and obtains the public key and the device information of the device in the batch after the verification is passed. And then verifying the data written into the blockchain network by the target device 102 based on the public key of the batch of devices, and obtaining the public key and the device information of the target device after the verification is passed. Further, the device manager 103 records the public key and the device information of the target device, and completes the registration process of the device.
After each power-on start, the target device 102 generates a random number, signs the random number using a private key of the target device 102, generates an authorization request based on the signed data and a public key of the target device 102, and writes the authorization request into the blockchain network 104. The device manager 103 obtains the authorization request from the blockchain network 104, performs verification based on the public key of the target device 102, obtains the random number after the verification is passed, signs the random number by using the private key of the device manager 103, generates authorization information based on the signature result and the public key of the target device 102, and writes the authorization information into the blockchain network 104.
The target device 102 may obtain the authorization information from the blockchain network 104, then verify a signature result in the authorization information according to the public key of the device manager 103, and if the random number obtained after the verification is passed is the same as the random number in the authorization request, determine that the target device 102 passes the authorization.
FIG. 2 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application. Wherein the computer system shown in fig. 2 may be adapted to one or more of the aforementioned device producer 101, target device 102, and device manager 103.
It should be noted that the computer system 200 of the electronic device shown in fig. 2 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 2, the computer system 200 includes a Central Processing Unit (CPU)201 that can perform various appropriate actions and processes in accordance with a program stored in a Read-Only Memory (ROM) 202 or a program loaded from a storage section 208 into a Random Access Memory (RAM) 203. In the RAM 203, various programs and data necessary for system operation are also stored. The CPU 201, ROM 202, and RAM 203 are connected to each other via a bus 204. An Input/Output (I/O) interface 205 is also connected to bus 204.
The following components are connected to the I/O interface 205: an input portion 206 including a keyboard, a mouse, and the like; an output section 207 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 208 including a hard disk and the like; and a communication section 209 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section 209 performs communication processing via a network such as the internet. A drive 210 is also connected to the I/O interface 205 as needed. A removable medium 211 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 210 as necessary, so that a computer program read out therefrom is mounted into the storage section 208 as necessary.
In particular, according to embodiments of the present application, the processes described below with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 209 and/or installed from the removable medium 211. The computer program executes various functions defined in the system of the present application when executed by a Central Processing Unit (CPU) 201.
It should be noted that the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
As another aspect, the present application also provides a computer-readable medium, which may be contained in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by an electronic device, cause the electronic device to implement the method as described in the embodiments below. For example, the electronic device may implement the steps shown in fig. 3 to 8.
The following describes details of implementation of the technical solution of the embodiment of the present application in detail from the perspective of a target device to be managed, a device producer, and a device manager, respectively.
From the point of view of the target device to be managed
Fig. 3 schematically shows a flowchart of a device management method based on a block chain according to an embodiment of the present application, where the device management method is applied to the electronic device described in the foregoing embodiment, and specifically, an execution subject of the device management method may be a target device to be managed.
Referring to fig. 3, the device management method at least includes steps S310 to S330, which are described in detail as follows:
in step S310, a key of a group to which the target device belongs is acquired.
In one embodiment of the present application, a key of a group to which a target device belongs, which is written by a device producer to the target device, may be obtained. The key of the group to which the target device belongs may be a symmetric key or an asymmetric key. If the key of the group to which the target device belongs is an asymmetric key, the public key and the private key of the group to which the target device belongs need to be acquired.
In one embodiment of the present application, the group to which the target device belongs may be a production lot to which the target device belongs, for example, the device manufacturer may generate a corresponding key for each lot of devices according to the production lot of the devices.
In step S320, the public key of the target device and the information of the target device are signed according to the key of the group to which the target device belongs, so as to obtain signed first data.
In an embodiment of the present application, if the key of the group to which the target device belongs is an asymmetric key, the public key of the target device and the information of the target device may be signed according to the private key of the group to which the target device belongs. The information of the target device may include an identifier of the target device, such as a device ID.
In step S330, the first data is written into a blockchain network, so that a device manager obtains the first data from the blockchain network and manages the target device based on the first data.
In the technical solution of the embodiment shown in fig. 3, the signed first data is written into the blockchain network, so that the device manager can obtain the first data from the blockchain network, and manage the target device based on the first data, so that the device can be managed through the blockchain network, and further the device information can be effectively prevented from being illegally tampered, the security of the device information is ensured, and the security management of the device is realized.
Based on the technical solution of the embodiment shown in fig. 3, as shown in fig. 4, the device management method based on the block chain according to another embodiment of the present application includes steps S410 to S430, which are described in detail as follows:
in step S410, after the first data is written into the block chain network, a first random number is generated.
In this embodiment, after writing the signed first data into the blockchain network, the target device may randomly generate a random number to initiate an authorization request based on the random number.
In step S420, an authorization request is generated according to the public key of the target device, the private key of the target device, and the first random number.
In one embodiment of the application, the first random number may be signed by a private key of the target device, and the authorization request may be generated based on the signed data and a public key of the target device. That is, in this embodiment, since the public key of the target device is public, the public key of the target device does not need to be signed at the time of signature.
In another embodiment of the present application, the first random number and the public key of the target device may be signed by a private key of the target device, and the authorization request may be generated based on the signed data. That is, in this embodiment, not only the first random number but also the public key of the target device may be signed.
In step S430, the authorization request is written into the blockchain network, so that the device manager obtains and responds to the authorization request from the blockchain network.
The technical solution of the embodiment shown in fig. 4 enables an authorization request to be written into a blockchain network to implement security management of a device based on the blockchain network.
Based on the technical solution of the embodiment shown in fig. 4, as shown in fig. 5, a device management method based on a block chain according to another embodiment of the present application includes steps S510 to S530, which are described in detail as follows:
in step S510, after the authorization request is written into the blockchain network, authorization information sent by the device manager is acquired from the blockchain network, where the authorization information includes a result of signing a second random number by using a private key of the device manager.
In an embodiment of the present application, after receiving an authorization request sent by a device to be managed (which may be a target device), a device manager verifies the authorization request by using a public key of the device to be managed, obtains a random number in the authorization request after the verification is passed (if the received authorization request is sent by the target device, the random number in the authorization request is the aforementioned first random number), and signs by using a private key of the device manager, so as to generate authorization information.
In step S520, the authorization information is verified based on the public key of the device manager, and the second random number is obtained after the verification is passed.
In an embodiment of the present application, the device producer may write the public key of the device manager into the target device, and the target device may verify the authorization information based on the public key of the device manager written by the device producer. In addition, the target device may also obtain the public key of the device manager from the blockchain network.
In step S530, if the second random number is the same as the first random number, it is determined that the target device is authorized successfully.
In the embodiment of the present application, since the device manager may send authorization information to a plurality of devices to be managed, the random numbers included in the authorization information sent to different devices are different, and the random number in the authorization information is the same as the random number in the authorization request, the target device may determine whether to obtain authorization of the device manager according to the first random number and the second random number obtained from the authorization information.
In an embodiment of the present application, the authorization information in the foregoing embodiment may further include a public key of the device to be authorized, so before verifying the authorization information based on the public key of the device manager, it may further be determined whether the public key of the target device is the same as the public key of the device to be authorized included in the authorization information, and when the public key of the target device is the same as the public key of the device to be authorized, the authorization information is verified based on the public key of the device manager, so that it can be ensured that whether the authorization information is the authorization information for the target device is directly determined according to the public key of the device to be authorized included in the authorization information.
From the perspective of the equipment manufacturer
Fig. 6 schematically shows a flowchart of a device management method based on a blockchain according to another embodiment of the present application, an execution subject of the device management method may be a processing device of a device producer.
Referring to fig. 6, the device management method at least includes steps S610 to S630, which are described in detail as follows:
in step S610, the information of the device producer and the public key of the device producer are written into the blockchain network, and the key of the group to which the target device belongs is written into the target device produced by the device producer.
In one embodiment of the present application, the group to which the target device belongs may be a production lot to which the target device belongs, for example, the device manufacturer may generate a corresponding key for each lot of devices according to the production lot of the devices. The key of the group to which the target device belongs may be a symmetric key or an asymmetric key.
In one embodiment of the present application, in order to ensure the information security of the device producer, the information of the device producer may be encrypted before being written into the blockchain network.
In an embodiment of the present application, the device producer may further obtain the public key of the device manager from the blockchain network, and write the public key of the device manager into the target device.
In step S620, the information of the target device and the key of the group to which the target device belongs are signed by the private key of the device producer, so as to obtain signed second data.
In step S630, the second data is written into the blockchain network, so that the device manager obtains the second data from the blockchain network, and manages the target device based on the second data.
In the technical solution of the embodiment shown in fig. 6, the information of the device producer and the public key of the device producer are written into the blockchain network, the private key of the device producer signs the information of the target device and the key of the group to which the target device belongs to obtain second data, and then the second data is written into the blockchain network, so that the device manager can obtain the second data through the blockchain network and manage the target device accordingly, thereby achieving the purpose of managing the target device based on the blockchain network, and facilitating the improvement of the security of device management.
From the perspective of the device management side
Fig. 7 schematically shows a flowchart of a device management method based on a blockchain according to another embodiment of the present application, and an execution subject of the device management method may be a processing device of a device manager.
Referring to fig. 7, the device management method at least includes steps S710 to S740, which are described in detail as follows:
in step S710, the signed first data written by the target device, the signed second data written by the device producer, and the public key of the device producer are obtained from the blockchain network.
In an embodiment of the present application, as shown in fig. 3, the first data may be obtained by signing a public key of the target device and information of the target device according to a secret key of a group to which the target device belongs; as shown in fig. 6, the second data may be obtained by signing the information of the target device and the key of the group to which the target device belongs by the private key of the device producer.
In one embodiment of the present application, the group to which the target device belongs may be a production lot to which the target device belongs, for example, the device manufacturer may generate a corresponding key for each lot of devices according to the production lot of the devices.
In step S720, the second data is verified based on the public key of the device producer, and after the verification is passed, the information of the target device and the key of the group to which the target device belongs are obtained.
In one embodiment of the present application, the key of the group to which the target device belongs may be a symmetric key or an asymmetric key.
In step S730, the first data is verified according to the key of the group to which the target device belongs, and the public key of the target device is obtained after the verification is passed.
In an embodiment of the present application, if the key of the group to which the target device belongs is an asymmetric key, the first data may be verified according to the public key of the group to which the target device belongs.
In step S740, information of the target device and the public key of the target device are recorded to manage the target device.
In the technical solution of the embodiment shown in fig. 7, the signed first data written by the target device, the signed second data written by the device producer, and the public key of the device producer are obtained from the blockchain network, so that the second data is verified based on the public key of the device producer, the first data is verified based on the verified key of the group to which the target device belongs, and then the information and the public key of the target device obtained through verification are recorded, so that the target device can be managed based on the blockchain network, which is beneficial to improving the security of device management.
Based on the technical solution of the embodiment shown in fig. 7, as shown in fig. 8, a device management method based on a block chain according to another embodiment of the present application includes steps S810 to S830, which are described in detail as follows:
step S810, after recording the information of the target device and the public key of the target device, acquiring an authorization request sent by the target device from the blockchain network, where the authorization request includes a random number signed by a private key of the target device.
Step S820, verifying the authorization request based on the public key of the target device, and signing the random number based on the private key of the device administrator after the verification is passed, so as to obtain signed third data.
Step S830, generating authorization information for the target device based on the third data, and writing the authorization information into the blockchain network, so that the target device obtains the authorization information from the blockchain network.
In an embodiment of the present application, after the device manager writes the authorization information into the blockchain network, the target device may obtain the authorization information based on the technical solution of the embodiment shown in fig. 5, and determine whether the authorization is successful based on the authorization information.
The public key may be the public key itself or an address corresponding to the public key.
The technical solution of the embodiment of the present application is described in detail from the perspective of the target device to be managed, the device producer, and the device manager, and the implementation details of the technical solution of the embodiment of the present application are described in detail from the perspective of interaction among the three devices as follows:
in a specific application scenario of the present application, the target device may be an edge computing device in the internet of things, such as a device having SE (Secure Element) security zone generation and key storage functions, a device capable of accessing a zone chain network, and a device having a CPU capable of processing block data, such as a front PC supporting SGX (Software Guard Extensions), an ARM (Advanced RISC Machines) chip supporting TEE (Trusted execution environment), an M2M (Machine-to-Machine) device with SE, and the like. The equipment management party can be a management center, and the equipment production party can be a manufacturer.
Specifically, as shown in fig. 9, the manufacturer writes manufacturer information and the edge device information of the batch into the blockchain network through step S901, and writes data (for example, initial information of the edge computing device and public key information of the management center may be written into the edge computing device in an offline environment) to initialize the edge computing device through step S902. The edge computing device writes the registration request and the authorization request to the blockchain network through step S903, and acquires the authorization information issued by the management center from the blockchain network through step S904. The management center writes the information of the management center and issues authorization information for the edge computing device into the blockchain network through step S905, and acquires an authorization request sent by the edge computing device from the blockchain network through step S906.
The following detailed description is made with reference to fig. 10 for a specific interaction process between a manufacturer, a management center, an edge computing device, and a blockchain network, and specifically includes the following steps S1001 to S1011, which are described in detail below:
in step S1001, the management center registers data of the management center in the blockchain network, that is, writes the data of the management center in the blockchain network.
In one embodiment of the present application, the data registered by the management center in the blockchain network is shown in table 1, and may include a management center address and management center information. The management center address is a public key address of the management center. In other embodiments of the present application, the public key of the management center may also be directly registered in the blockchain network.
Management center address Managing central information
TABLE 1
In step S1002, the manufacturer registers the manufacturer 'S data in the blockchain network, i.e., the manufacturer' S data is written into the blockchain network.
In one embodiment of the present application, the data that the producer registers in the blockchain network is shown in table 2, and may include the producer address and producer information. Wherein, the manufacturer address is the public key address of the manufacturer. In other embodiments of the present application, the public key of the manufacturer may be directly registered in the blockchain network.
Manufacturer address Manufacturer information
TABLE 2
In one embodiment of the present application, to avoid leakage of the producer information, the producer information may be encrypted before being written to the blockchain network.
In step S1003, the producer writes the key data to the produced edge computing device in an offline secure environment.
In one embodiment of the present application, the key data written by the manufacturer to the edge computing device is shown in table 3, and includes the public key of the lot, the private key of the lot, and the public key of the management center.
This batch of public keys Private key of this batch Management center public key
TABLE 3
In step S1004, the manufacturer batch writes the information of the edge computing devices of the batch to the blockchain network.
In one embodiment of the present application, the information of the batch of edge computing devices batch-written by the manufacturer to the blockchain network is shown in table 4, and includes: the address of the lot (which points to the public key of the lot), device information (such as the device ID), and the signature result. The signature result may be a result of performing a signature operation on the batch address (public key) and the device Information (ID) through a private key corresponding to the manufacturer address (i.e., the public key of the manufacturer).
This batch address (public key) Equipment Information (ID) Signature result
TABLE 4
In step S1005, the edge computing device is booted for the first time, and a public key address and a private key of the edge computing device are generated in the edge computing device, where the private key is not derivable.
In step S1006, the edge computing device derives the public key address and the device information of the device and writes the public key address and the device information into the blockchain network, so as to register in the blockchain network.
In one embodiment of the present application, the information written into the blockchain network by the edge computing device is shown in table 5, and includes the following contents:
registration request Public key address of the device Equipment Information (ID) Signature result 1
TABLE 5
As shown in table 5, the public key address of the device is the public key address of the device generated when the device is started. The signature result 1 is a result of performing a signature operation on the device public key address and the device information using the batch private key.
In step S1007, the center synchronization block chain data is managed and it is checked whether the device information is correct.
In an embodiment of the present application, a process of the management center verifying whether the device information is correct is shown in fig. 11, and includes:
in step S1101, the batch device information is verified.
In one embodiment of the present application, the management center verifies the plaintext (the address (public key) of the present batch, the device Information (ID)) and the signature result shown in table 4 by the manufacturer address (public key), if the address (public key) of the present batch and the device Information (ID) pass, the public key (public key) of the present batch and the device Information (ID) are true, and proceeds to the next step.
Step S1102, verify edge computing device information.
In an embodiment of the present application, the management center obtains the batch address (public key) verified in the previous step through the device Information (ID), and then verifies the plaintext (registered "the device address (public key)" and the device Information (ID)) and the signature result 1 shown in table 5 through the batch address (public key), if the batch address (public key) passes, the device self-registration succeeds, the device address (public key) is valid, and the next step is performed.
In step S1103, device information is recorded.
Continuing with fig. 10, in step S1008, after initialization, the edge computing device needs authorization to use after each power-on start, and the edge computing device generates a random number and uses its own private key for signature, and sends an authorization request to the block network according to the random number and the signature result.
In one embodiment of the present application, the authorization request sent by the edge computing device includes information as shown in table 6, including the following:
authorization request Public key address of the device Requested random number Signature result 2
TABLE 6
As shown in table 6, the signature result 2 is a result of performing a signature operation on the requested random number using the private key of the present apparatus.
In step S1009, the central synchronization blockchain data is managed, and the authorization request sent by the edge computing device to be authorized is acquired from the synchronized blockchain data.
In step S1010, the management center verifies the received authorization request based on the public key of the edge computing device, signs the random number in the authorization request using the private key of the management center after the verification is passed, and then writes authorization information into the blockchain network based on the signature result.
In one embodiment of the present application, the authorization information includes information as shown in table 7, which includes the following contents:
authorization information Authorized device public key address Signature result
TABLE 7
The signature result shown in table 7 is mainly a signature result of a random number in an authorization request using a private key of a management center.
In step S1011, the edge computing device synchronizes the blockchain data and extracts the management center authorization result from the blockchain data for verification.
In an embodiment of the present application, the edge computing device first checks whether the public key address of the authorized device included in the authorization information is the address of the edge computing device, if so, obtains the random number in the authorization information after passing the verification through the signature result shown in the management center public key verification table 7, and if the random number in the authorization information is the same as the random number in the authorization request sent by the edge computing device, confirms that the authorization of the edge computing device is successful.
In an embodiment of the present application, after the edge computing device successfully authorizes, a corresponding business process may be executed, for example, the business process is added to the internet of things to serve as an internet of things device.
In the technical scheme of the embodiment of the application, the information, the registration process and the authorization process of the edge computing equipment in the production link are combined with the blockchain network, so that the traceability of the equipment information is ensured. Because different manufacturers have respective addresses (not including sensitive information) on the blockchain network, and the information of the manufacturers is encrypted, the different manufacturers can be ensured to be incapable of mutually knowing through the blockchain network, and the information of the manufacturers is prevented from being leaked. Meanwhile, the process of producing the edge computing equipment by a manufacturer is combined with the blockchain network, so that the information of each produced edge computing equipment is registered on the blockchain network, the information of the edge computing equipment is reliably transmitted through the blockchain network, and each edge computing equipment corresponds to an address on the blockchain network and cannot be forged. Thirdly, since each edge computing device accesses the block chain through the network, the problem of single point of failure is avoided.
In addition, in the above embodiments of the present application, various sensitive information (such as device owner information) of the edge computing device may be hidden in an encrypted manner, so as to ensure the security of the sensitive data. And the integrity and the reliability of data are ensured by the aid of signatures in the interaction process of the edge computing equipment, the management center, the manufacturer and the block chain network, and safety of equipment management is improved.
The following describes an embodiment of an apparatus of the present application, which may be used to execute a device management method based on a block chain in the foregoing embodiment of the present application. For details that are not disclosed in the embodiments of the apparatus of the present application, please refer to the embodiments of the device management method based on blockchain described above in the present application.
Fig. 12 schematically shows a block diagram of a device management apparatus based on a blockchain according to an embodiment of the present application, which may be provided in a target device to be managed.
Referring to fig. 12, a device management apparatus 120 based on a block chain according to an embodiment of the present application includes: a first acquisition unit 1201, a first signature unit 1202, and a first writing unit 1203.
The first obtaining unit 1201 is configured to obtain a key of a group to which a target device belongs; the first signature unit 1202 is configured to sign the public key of the target device and the information of the target device according to the key of the group to which the target device belongs, so as to obtain signed first data; the first writing unit 1203 is configured to write the first data into a blockchain network, so that a device manager obtains the first data from the blockchain network and manages the target device based on the first data.
In an embodiment of the present application, the block chain-based device management apparatus 120 shown in fig. 12 may further include: a first generating unit and a second generating unit. The first generating unit is used for generating a first random number; the second generation unit is used for generating an authorization request according to the public key of the target device, the private key of the target device and the first random number; the first writing unit 1203 is further configured to write the authorization request into the blockchain network, so that the device manager obtains and responds to the authorization request from the blockchain network.
In one embodiment of the present application, the second generating unit is configured to: signing the first random number through a private key of the target device, and generating the authorization request based on the signed data and a public key of the target device; or signing the first random number and the public key of the target device through the private key of the target device, and generating the authorization request based on the signed data.
In an embodiment of the present application, the first obtaining unit 1201 is further configured to: obtaining authorization information sent by the equipment management party from the block chain network, wherein the authorization information comprises a result of signing a second random number through a private key of the equipment management party, verifying the authorization information based on a public key of the equipment management party, and obtaining the second random number after the verification is passed; the device management apparatus 120 shown in fig. 12 may further include: a determining unit, configured to determine that the target device is authorized successfully when the second random number is the same as the first random number.
In an embodiment of the present application, the authorization information further includes a public key of the device to be authorized; the device management apparatus 120 shown in fig. 12 may further include: the judging unit is used for judging whether the public key of the target device is the same as the public key of the device to be authorized; the first obtaining unit 1201 is configured to: and when the public key of the target device is the same as that of the device to be authorized, verifying the authorization information based on the public key of the device manager.
In an embodiment of the present application, the first obtaining unit 1201 is configured to: and acquiring the secret key written by the target equipment from the equipment production direction.
Fig. 13 schematically shows a block diagram of a device management apparatus based on a blockchain according to another embodiment of the present application, which may be provided in a processing device of a device producer side.
Referring to fig. 13, a device management apparatus 130 based on a block chain according to another embodiment of the present application includes: a second write unit 1301, a second signature unit 1302, and a third write unit 1303.
The second writing unit 1301 is configured to write information of a device producer and a public key of the device producer into the blockchain network, and write a key of a group to which a target device belongs to a target device produced by the device producer; the second signature unit 1302 is configured to sign the information of the target device and the key of the group to which the target device belongs by using a private key of the device producer, so as to obtain signed second data; the third writing unit 1303 is configured to write the second data into the blockchain network, so that the device manager obtains the second data from the blockchain network, and manages the target device based on the second data.
In an embodiment of the present application, the second writing unit 1301 is further configured to: encrypting the information of the equipment producer before writing the information of the equipment producer and the public key of the equipment producer into the blockchain network.
Fig. 14 schematically shows a block diagram of a device management apparatus based on a blockchain according to another embodiment of the present application, which may be provided in a processing device of a device manager.
Referring to fig. 14, a device management apparatus 140 based on a block chain according to another embodiment of the present application includes: a second acquisition unit 1401, a first verification unit 1402, a second verification unit 1403, and a recording unit 1404.
The second obtaining unit 1401 is configured to obtain, from the blockchain network, signed first data written by the target device, signed second data written by the device producer, and a public key of the device producer; the first verification unit 1402 is configured to verify the second data based on the public key of the device producer, and obtain information of the target device and a key of a group to which the target device belongs after the verification passes; the second verifying unit 1403 is configured to verify the first data according to the key of the group to which the target device belongs, and obtain the public key of the target device after the verification passes; the recording unit 1404 is configured to record information of the target device and a public key of the target device, so as to manage the target device.
In an embodiment of the present application, the device management apparatus 140 based on a block chain shown in fig. 14 may further include: a third verifying unit, a third generating unit and a fourth writing unit; the second obtaining unit 1401 is further configured to obtain, from the blockchain network, an authorization request sent by the target device, where the authorization request includes a random number signed by a private key of the target device; the third verification unit is used for verifying the authorization request based on the public key of the target device and signing the random number based on the private key of the device management party after the verification is passed to obtain signed third data; the third generating unit is used for generating authorization information aiming at the target device based on the third data; the fourth writing unit is configured to write the authorization information into the blockchain network, so that the target device obtains the authorization information from the blockchain network.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the application. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present application can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which can be a personal computer, a server, a touch terminal, or a network device, etc.) to execute the method according to the embodiments of the present application.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (15)

1. A device management method based on a block chain is characterized by comprising the following steps:
the method comprises the steps that an equipment producer writes information of the equipment producer and a public key of the equipment producer into a block chain network, writes a key of a group to which target equipment belongs into target equipment produced by the equipment producer, signs the information of the target equipment and the key of the group to which the target equipment belongs through a private key of the equipment producer to obtain signed second data, and writes the second data into the block chain network;
the target device acquires a key of a group to which the target device belongs, signs a public key of the target device and information of the target device according to the key of the group to which the target device belongs to obtain signed first data, and writes the first data into a block chain network;
the device management party acquires the first data, the second data and the public key of the device production party from the blockchain network, verifies the second data based on the public key of the device production party, acquires the information of the target device and the key of the group to which the target device belongs after the verification is passed, verifies the first data according to the key of the group to which the target device belongs, acquires the public key of the target device after the verification is passed, and records the information of the target device and the public key of the target device so as to manage the target device.
2. The blockchain-based device management method according to claim 1, further comprising:
after the target device writes the first data into the block chain network, generating a first random number, generating an authorization request according to a public key of the target device, a private key of the target device and the first random number, and writing the authorization request into the block chain network;
the device management party obtains the authorization request from the block chain network, verifies the authorization request based on the public key of the target device, signs the first random number based on the private key of the device management party after the verification is passed to obtain signed third data, generates authorization information aiming at the target device based on the third data, and writes the authorization information into the block chain network so that the target device can obtain the authorization information from the block chain network.
3. The blockchain-based device management method of claim 2, wherein generating the authorization request according to the public key of the target device, the private key of the target device, and the first random number includes:
signing the first random number through a private key of the target device, and generating the authorization request based on the signed data and a public key of the target device; or
And signing the first random number and the public key of the target device through the private key of the target device, and generating the authorization request based on the signed data.
4. The blockchain-based device management method according to claim 2, further comprising:
the target device obtains authorization information sent by the device management party from the blockchain network, the authorization information comprises a result of signing a second random number through a private key of the device management party, the authorization information is verified based on a public key of the device management party, the second random number is obtained after verification is passed, and if the second random number is the same as the first random number, the target device is determined to be authorized successfully.
5. The blockchain-based device management method according to claim 4, wherein the authorization information further includes a public key of the device to be authorized;
after the target device acquires the authorization information, whether the public key of the target device is the same as that of the device to be authorized or not is judged, and if the public key of the target device is the same as that of the device to be authorized, the authorization information is verified based on the public key of the device manager.
6. The blockchain-based device management method according to claim 4, wherein the device manager is further configured to write a public key of the device manager into the blockchain network;
the device producer is further configured to obtain the public key of the device manager from the blockchain network, and write the public key of the device manager into the target device.
7. The blockchain-based device management method according to claim 1, wherein the device producer encrypts the information of the device producer before writing the information of the device producer into the blockchain network.
8. The blockchain-based device management method according to any one of claims 1 to 7, wherein the group to which the target device belongs includes a production lot to which the target device belongs.
9. A blockchain-based device management system, comprising: the system comprises an equipment production party, an equipment management party and target equipment to be managed;
the device producer is used for writing information of the device producer and a public key of the device producer into a block chain network, writing a key of a group to which the target device belongs into target devices produced by the device producer, signing the information of the target devices and the key of the group to which the target devices belong by a private key of the device producer to obtain signed second data, and writing the second data into the block chain network;
the target device is used for obtaining a key of a group to which the target device belongs, signing a public key of the target device and information of the target device according to the key of the group to which the target device belongs to obtain signed first data, and writing the first data into a block chain network;
the device management party is used for acquiring the first data, the second data and a public key of the device producer from the blockchain network, verifying the second data based on the public key of the device producer, acquiring information of the target device and a secret key of a group to which the target device belongs after the verification is passed, verifying the first data according to the secret key of the group to which the target device belongs, acquiring the public key of the target device after the verification is passed, and recording the information of the target device and the public key of the target device so as to manage the target device.
10. The blockchain-based device management system of claim 9, wherein:
the target device is further configured to generate a first random number after the first data is written into the blockchain network, generate an authorization request according to the public key of the target device, the private key of the target device, and the first random number, and write the authorization request into the blockchain network;
the device manager is further configured to obtain the authorization request from the blockchain network, verify the authorization request based on the public key of the target device, sign the first random number based on the private key of the device manager after the verification is passed to obtain signed third data, generate authorization information for the target device based on the third data, and write the authorization information into the blockchain network, so that the target device obtains the authorization information from the blockchain network.
11. The blockchain-based device management system of claim 10, wherein the target device is configured to sign the first random number with a private key of the target device, and generate the authorization request based on the signed data and a public key of the target device; or the authorization request is generated based on the signed data by signing the first random number and the public key of the target device through the private key of the target device.
12. The system according to claim 10, wherein the target device is further configured to obtain authorization information sent by the device manager from the blockchain network, where the authorization information includes a result of signing a second random number by a private key of the device manager, verify the authorization information based on a public key of the device manager, obtain the second random number after the verification is passed, and determine that the target device is authorized successfully if the second random number is the same as the first random number.
13. The blockchain-based device management system according to claim 12, wherein the authorization information further includes a public key of the device to be authorized;
the target device is further configured to determine whether the public key of the target device is the same as the public key of the device to be authorized after the authorization information is obtained, and verify the authorization information based on the public key of the device manager if the public key of the target device is the same as the public key of the device to be authorized.
14. The blockchain-based device management system of claim 12 wherein the device manager is further configured to write a public key of the device manager into the blockchain network;
the device producer is further configured to obtain the public key of the device manager from the blockchain network, and write the public key of the device manager into the target device.
15. The blockchain-based device management system according to any one of claims 9 to 14, wherein the device producer is further configured to encrypt the information of the device producer before writing the information of the device producer into the blockchain network.
CN201910713863.6A 2018-08-06 2018-08-06 Block chain-based equipment management method and equipment management system Active CN110493039B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910713863.6A CN110493039B (en) 2018-08-06 2018-08-06 Block chain-based equipment management method and equipment management system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810884003.4A CN109104311B (en) 2018-08-06 2018-08-06 Block chain-based device management method, apparatus, medium, and electronic device
CN201910713863.6A CN110493039B (en) 2018-08-06 2018-08-06 Block chain-based equipment management method and equipment management system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201810884003.4A Division CN109104311B (en) 2018-08-06 2018-08-06 Block chain-based device management method, apparatus, medium, and electronic device

Publications (2)

Publication Number Publication Date
CN110493039A CN110493039A (en) 2019-11-22
CN110493039B true CN110493039B (en) 2021-06-04

Family

ID=64848786

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201810884003.4A Active CN109104311B (en) 2018-08-06 2018-08-06 Block chain-based device management method, apparatus, medium, and electronic device
CN201910713863.6A Active CN110493039B (en) 2018-08-06 2018-08-06 Block chain-based equipment management method and equipment management system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN201810884003.4A Active CN109104311B (en) 2018-08-06 2018-08-06 Block chain-based device management method, apparatus, medium, and electronic device

Country Status (1)

Country Link
CN (2) CN109104311B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109617699A (en) * 2019-01-16 2019-04-12 北京沃东天骏信息技术有限公司 A kind of key generation method, block chain network service platform and storage medium
CN113098907B (en) * 2019-03-05 2023-07-11 深圳前海微众银行股份有限公司 Group division method and device for block chain
CN109743185B (en) * 2019-03-19 2020-12-01 全链通有限公司 Group communication method based on domain name block chain, block chain link point and medium
CN109756349B (en) * 2019-03-19 2020-12-01 全链通有限公司 Group communication method based on domain name block chain, block chain link point and medium
CN109918878B (en) * 2019-04-24 2021-03-02 中国科学院信息工程研究所 Industrial Internet of things equipment identity authentication and safe interaction method based on block chain
EP3891954B1 (en) * 2019-05-10 2022-11-30 Nec Corporation Method and system for device identification and monitoring
CN110569674B (en) * 2019-09-10 2023-11-17 腾讯科技(深圳)有限公司 Authentication method and device based on block chain network
CN111291411B (en) * 2020-02-13 2022-12-23 福州大学 Safe video anomaly detection system and method based on convolutional neural network
CN111445035B (en) * 2020-02-20 2022-06-10 江苏荣泽信息科技股份有限公司 Store equipment management system based on block chain
CN111431728B (en) * 2020-03-30 2024-02-09 腾讯科技(深圳)有限公司 User group management method of distributed application program
CN111741062B (en) * 2020-05-12 2023-04-18 湖南半岛医疗科技有限公司 Electronic equipment local area management system based on block chain technology
CN111988338B (en) * 2020-09-07 2022-06-24 华侨大学 Permission-controllable Internet of things cloud platform based on block chain and data interaction method
CN112118245B (en) * 2020-09-10 2023-01-10 中国联合网络通信集团有限公司 Key management method, system and equipment
CN112637164A (en) * 2020-12-15 2021-04-09 国网浙江省电力有限公司双创中心 Equipment authentication management system, method and device based on block chain

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108243182A (en) * 2017-10-26 2018-07-03 招商银行股份有限公司 Management authorization method, sub- management end, root management end and the storage medium of block chain

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105635062B (en) * 2014-10-31 2019-11-29 腾讯科技(上海)有限公司 The verification method and device of network access equipment
CN104580208B (en) * 2015-01-04 2018-11-30 华为技术有限公司 A kind of identity identifying method and device
CN107533501A (en) * 2015-03-20 2018-01-02 里维茨公司 Use block chain automated validation appliance integrality
US10305686B2 (en) * 2015-10-02 2019-05-28 Orion Labs Encrypted group communications
US20170339152A1 (en) * 2016-05-20 2017-11-23 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Computing device configuration change management via guest keys
CN106130779B (en) * 2016-07-18 2019-09-17 布比(北京)网络技术有限公司 A kind of Internet of Things equipment and the Internet of Things construction method with the equipment
KR101841566B1 (en) * 2016-10-11 2018-05-04 주식회사 코인플러그 Method for issuing, using, refunding, settling and revocating electric voucher using updated status of balance database by respective blocks in blockchain, and server using the same
CN106570710A (en) * 2016-10-27 2017-04-19 纸飞机(北京)科技有限公司 Commodity anti-counterfeiting method and device
GB201700367D0 (en) * 2017-01-10 2017-02-22 Trustonic Ltd A system for recording and attesting device lifecycle
CN107257340B (en) * 2017-06-19 2019-10-01 阿里巴巴集团控股有限公司 A kind of authentication method, authentication data processing method and equipment based on block chain
CN107426250A (en) * 2017-09-12 2017-12-01 大唐广电科技(武汉)有限公司 A kind of industrial digital information network platform based on block chain
CN107895111B (en) * 2017-10-11 2021-06-11 西安电子科技大学 Internet of things equipment supply chain trust system management method, computer program and computer
CN108055125B (en) * 2017-11-23 2020-06-30 阿里巴巴集团控股有限公司 Method and device for encrypting and decrypting product information
CN108055135B (en) * 2017-12-13 2021-03-23 杭州全视软件有限公司 Intelligent terminal authentication management method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108243182A (en) * 2017-10-26 2018-07-03 招商银行股份有限公司 Management authorization method, sub- management end, root management end and the storage medium of block chain

Also Published As

Publication number Publication date
CN109104311B (en) 2021-08-31
CN109104311A (en) 2018-12-28
CN110493039A (en) 2019-11-22

Similar Documents

Publication Publication Date Title
CN110493039B (en) Block chain-based equipment management method and equipment management system
TWI697842B (en) Two-dimensional barcode processing method, device and system
US11870769B2 (en) System and method for identifying a browser instance in a browser session with a server
CN110061846B (en) Method, device and computer readable storage medium for identity authentication and confirmation of user node in block chain
CN104869175B (en) Cross-platform account resource-sharing implementation method, apparatus and system
KR101418799B1 (en) System for providing mobile OTP service
CN110535648B (en) Electronic certificate generation and verification and key control method, device, system and medium
CN110677376B (en) Authentication method, related device and system and computer readable storage medium
TW201820132A (en) Unified programming environment for programmable devices
US11757640B2 (en) Non-fungible token authentication
CN103051451A (en) Encryption authentication of security service execution environment
CN106716957A (en) Efficient and reliable attestation
CN103888436A (en) User authentication method and device
CN108335105B (en) Data processing method and related equipment
US11303459B2 (en) Smart television terminal and method for establishing a trust chain therefor
JP7412725B2 (en) Authentication method and authentication device
CN114666168B (en) Decentralized identity certificate verification method and device, and electronic equipment
US11068570B1 (en) Authentication using third-party data
US8260721B2 (en) Network resource access control methods and systems using transactional artifacts
WO2020071548A1 (en) Information processing device, method and program
CN114241631A (en) Control method and registration method of intelligent door lock and related devices
KR20150072007A (en) Method for accessing temper-proof device and apparatus enabling of the method
KR101581663B1 (en) Authentication and non-repudiation method and system using trusted third party
CN115186286B (en) Model processing method, device, equipment, readable storage medium and program product
TWI645345B (en) System, device and method for executing certificate operation on basis of token

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40015593

Country of ref document: HK

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant