CN110958276B - Trusted acquisition and logging method and device based on digital identity of intelligent Internet of things equipment - Google Patents

Trusted acquisition and logging method and device based on digital identity of intelligent Internet of things equipment Download PDF

Info

Publication number
CN110958276B
CN110958276B CN202010113663.XA CN202010113663A CN110958276B CN 110958276 B CN110958276 B CN 110958276B CN 202010113663 A CN202010113663 A CN 202010113663A CN 110958276 B CN110958276 B CN 110958276B
Authority
CN
China
Prior art keywords
equipment
data
control subsystem
product
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010113663.XA
Other languages
Chinese (zh)
Other versions
CN110958276A (en
Inventor
赵祯龙
胡凯
刘康
张磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changzhou Weishi Intelligent Iot Innovation Center Co Ltd
Original Assignee
Changzhou Weishi Intelligent Iot Innovation Center Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changzhou Weishi Intelligent Iot Innovation Center Co Ltd filed Critical Changzhou Weishi Intelligent Iot Innovation Center Co Ltd
Priority to CN202010113663.XA priority Critical patent/CN110958276B/en
Publication of CN110958276A publication Critical patent/CN110958276A/en
Application granted granted Critical
Publication of CN110958276B publication Critical patent/CN110958276B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/26Special purpose or proprietary protocols or architectures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention relates to a trusted acquisition and logging method and a device, in particular to a trusted acquisition and logging method and a device based on digital identities of intelligent Internet of things equipment, and belongs to the technical field of distributed accounts books. According to the invention, the connection beacon of the Internet of things equipment is obtained through the camera, the control subsystem is connected with the Internet of things equipment through the connection beacon before collection through the front terminal system, the collected data carries dynamic equipment passwords, credible confirmation is carried out through the security module, then the data is subjected to rule-based anchoring through the logging module, and the anchored data and data fingerprints are subjected to real-time chain-up and verification, so that the offline data can be verified through credible verification service according to business appeal. The invention can effectively realize the authenticity of the uplink data, form a complete data credible memory and is safe and reliable.

Description

Trusted acquisition and logging method and device based on digital identity of intelligent Internet of things equipment
Technical Field
The invention relates to a trusted acquisition and logging method and a device, in particular to a trusted acquisition and logging method and a device based on digital identities of intelligent Internet of things equipment, and belongs to the technical field of distributed accounts books.
Background
The distributed account book technology is a novel application mode based on computer technologies such as distributed information storage, P2P (Peer-to-Peer networking), a consensus mechanism, an encryption algorithm, cryptography and the like, is a combined model of multiple technologies, and achieves decentralized storage of key data and transaction records, and traceability and non-falsification of information.
The information after the uplink has the characteristics of non-tampering and non-repudiation, but the authenticity of the uplink data cannot be guaranteed, and a complete data credible memory system cannot be effectively formed.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provides a credible acquisition and storage method and a device based on the digital identity of intelligent Internet of things equipment, which can effectively realize the authenticity of uplink data and form complete credible data storage, and is safe and reliable.
According to the technical scheme provided by the invention, the credible acquisition and logging method based on the digital identity of the intelligent Internet of things equipment comprises the following steps:
step 1, acquiring a connection beacon of current Internet of things equipment through a front terminal system, and sending a dynamic equipment password request to a control subsystem, wherein the dynamic equipment password request comprises a product ID and an equipment ID of the Internet of things equipment;
step 2, according to the product ID and the equipment ID contained in the received request of the dynamic equipment password, the control subsystem searches the corresponding product ID and equipment ID in a product equipment registry, after finding the corresponding product ID and equipment ID in the request of the dynamic equipment password, the control subsystem generates the required dynamic equipment password, stores the dynamic equipment password in the safe area of the control subsystem, and returns the dynamic equipment password to the front subsystem;
step 3, after receiving the dynamic equipment password of the current Internet of things equipment, the front terminal system acquires data of the current Internet of things equipment, associates the acquired data with the product ID, the equipment ID and the dynamic equipment password corresponding to the current Internet of things equipment to form an equipment data packet, and sends the formed equipment data packet to the control subsystem;
step 4, the control subsystem unpacks the equipment data packet and verifies the reliability of the data source in the equipment data packet;
step 5, for the data packets passing the verification, the control subsystem performs matching based on the rule engine, the control subsystem forwards the data packets matched with the rule engine to a storage contract module through a BBTS communication protocol, and the storage contract module stores the received data packets according to a data structure form according to the BBTS storage protocol; the BBTS is a block chain-Based Trusted Storage Blockchain-Based Trusted Storage protocol system.
The connection beacon of thing networking device including set up in two-dimensional code on the thing networking device, front end subsystem passes through the camera scanning connect the beacon to obtain the product ID and the equipment ID of current thing networking device.
In step 2, when the control subsystem does not find the corresponding product ID and device ID in the product device registry, the control subsystem registers the product ID and device ID to be found in the product device registry, and generates a corresponding dynamic device password after registration; and the control subsystem stores the dynamic equipment password into a safe area through a TrustZone method.
And the control subsystem is communicated with the front terminal system through a BBTS identification protocol.
According to a BBTS identification protocol, data collected by the front end subsystem from current Internet of things equipment comprises equipment identification information, event data and/or state data.
According to the BBTS storing and recording protocol, the data packets conforming to the uplink rule are analyzed and packaged into a transaction format conforming to the BBTS storing and recording protocol;
the transaction format comprises transaction content, and the data packet which accords with the uplink rule is packaged into the transaction content through a corresponding data structure according to the data property, the data size and the encryption requirement of the upper block chain.
A credible acquisition and logging device based on intelligent Internet of things equipment digital identity comprises a front terminal system, a control subsystem connected with the front terminal system and a logging contract module connected with the control subsystem;
acquiring a connection beacon of current Internet of things equipment through the front terminal system, and sending a request of a dynamic equipment password to the control subsystem, wherein the request of the dynamic equipment password comprises a product ID and an equipment ID of the Internet of things equipment;
according to the product ID and the equipment ID contained in the received dynamic equipment password request, the control subsystem searches the corresponding product ID and equipment ID in a product equipment registry, generates the required dynamic equipment password in the control subsystem after finding the product ID and the equipment ID corresponding to the dynamic equipment password request, stores the dynamic equipment password in a safe area of the control subsystem and returns the dynamic equipment password to the front subsystem;
after receiving a dynamic device password of the current Internet of things device, the front terminal system acquires data of the current Internet of things device, associates the acquired data with a product ID, a device ID and the dynamic device password corresponding to the current Internet of things device to form a device data packet, and sends the formed device data packet to the control subsystem;
the control subsystem unpacks the equipment data packet and verifies the reliability of a data source in the equipment data packet; for the data packets passing the verification, the control subsystem performs matching based on the rule engine, the control subsystem forwards the data packets matched with the rule engine to a storage contract module through a BBTS communication protocol, and the storage contract module stores the received data packets according to a data structure form according to the BBTS storage protocol; the BBTS is a block chain-Based Trusted Storage Blockchain-Based Trusted Storage protocol system.
The connection beacon of thing networking device including set up in two-dimensional code on the thing networking device, front end subsystem passes through the camera scanning connect the beacon to obtain the product ID and the equipment ID of current thing networking device.
When the control subsystem does not find the corresponding product ID and equipment ID in the product equipment registry, the control subsystem registers the product ID to be found and the equipment ID in the product equipment registry, and generates a corresponding dynamic equipment password after registration; and the control subsystem stores the dynamic equipment password into a safe area through a TrustZone method.
The control subsystem is communicated with the front terminal system through a BBTS (broadband transmission stream) identification protocol;
according to a BBTS identification protocol, data collected by the front end subsystem from current Internet of things equipment comprises equipment identification information, event data and/or state data.
The invention has the advantages that:
the connection beacon of the Internet of things equipment is obtained through the camera, the control subsystem is connected with the Internet of things equipment through the connection beacon before collection through the front terminal system, collected data carry dynamic equipment passwords, credible confirmation is carried out through the safety module, then the data are subjected to anchoring based on rules by the logging module, and anchored data and data fingerprints are subjected to chain up and storage in real time, so that the data under the line can be verified through credible verification service according to business appeal.
In conclusion, the data acquisition and data storage processes are combined through a safety hardware device, and credibility verification is performed from multiple aspects such as digital identity identification, data communication, data storage and the like through a BBTS protocol system, so that the data credibility of the whole chain of data acquisition, format conversion and storage and recording is ensured;
the identity information, the state information and the digital certificate of the equipment of the Internet of things are combined, and the legality of the equipment of the Internet of things is jointly checked. The method comprises the steps that the device information is safely stored in a device storage safety area invisible to a user in the modes of pre-reporting the device information, authenticating the identity, dynamically registering the device and the like, so that the method has better data safety, device compatibility and scale expandability;
the data transfer function of the service platform rule engine is used for orderly sorting and forwarding the data messages from the Internet of things equipment, and the forwarding rules are matched based on the data content sent by the Internet of things equipment, so that a data credibility mechanism is effectively integrated, and the service platform rule engine has better communication performance and higher communication safety;
according to the configuration of the rule engine, the data packet with the complete transaction model is filtered, and the data packet is encapsulated into the transaction content through different data structures according to the difference of the property, the size and the encryption requirement of the uplink content, so that the method has better multi-environment adaptability, application universality and storage efficiency.
Drawings
Fig. 1 is a block diagram of a trusted acquisition device of the present invention.
Fig. 2 is a data flow diagram of the BBTS communication protocol of the present invention.
Detailed Description
The invention is further illustrated by the following specific figures and examples.
In order to effectively realize the authenticity of the uplink data and form a complete data credible memory record, the credible acquisition memory record method comprises the following steps:
step 1, acquiring a connection beacon of current Internet of things equipment through a front terminal system, and sending a dynamic equipment password request to a control subsystem, wherein the dynamic equipment password request comprises a product ID and an equipment ID of the Internet of things equipment;
specifically, the connection beacon of thing networking device including set up in two-dimensional code on the thing networking device, front end subsystem passes through the camera scanning connect the beacon, after the scanning connects the beacon, can acquire the product ID and the equipment ID of current thing networking device. Generally, a connection instruction with the internet of things equipment is recorded in the connection beacon, the front end subsystem scans through the camera to trigger the connection instruction after connection, so that connection with the internet of things equipment can be established, identity information of the current internet of things equipment is acquired, and the identity information of the current internet of things equipment comprises a product ID and an equipment ID. In the embodiment of the invention, the current internet of things equipment specifically refers to the internet of things equipment which is connected with the front terminal system or is connected with the front terminal system.
Step 2, according to the product ID and the equipment ID contained in the received dynamic equipment password request, the control subsystem searches the corresponding product ID and equipment ID in the product equipment registry, and after finding the product ID and the equipment ID corresponding to the dynamic equipment password request, the control subsystem generates the required dynamic equipment password, stores the dynamic equipment password in the safe area of the control subsystem, and returns the dynamic equipment password to the front subsystem;
specifically, the control subsystem communicates with the front end subsystem through a BBTS identification protocol, so that the front end subsystem can send a request for a dynamic device password to the control subsystem, and the control subsystem performs lookup and comparison with a product device registry in the control subsystem according to a product ID and a device ID included in the dynamic password request after receiving the request for the dynamic device password. And after the product ID and the equipment ID of the equipment of the Internet of things are registered in the control subsystem, the corresponding product ID and the corresponding equipment ID can be directly found in the product equipment registry.
When the control subsystem does not find the corresponding product ID and equipment ID in the product equipment registry, the control subsystem registers the product ID to be found and the equipment ID in the product equipment registry, and generates a corresponding dynamic equipment password after registration; and the control subsystem stores the dynamic equipment password into a safe area through a TrustZone method. The method of using TrustZone to save to the secure area is a common method at present, and the method, process, etc. of using TrustZone to save the dynamic device password to the secure area are well known to those skilled in the art, and will not be described herein again.
In the embodiment of the present invention, the control subsystem may generate the dynamic device password by using a conventional technical means in the technical field, specifically, a random number generator is used to generate corresponding data to form the dynamic device password. The control subsystem returns the generated dynamic password to the front-end subsystem, and the uniqueness of the front-end subsystem in the subsequent data acquisition process is identified by using the dynamic equipment password.
Step 3, after receiving the dynamic equipment password of the current Internet of things equipment, the front terminal system performs data acquisition on the current Internet of things equipment, associates the acquired data with the product ID, the equipment ID and the dynamic equipment password corresponding to the current Internet of things equipment to form an equipment data packet, and sends the formed equipment data packet to the control subsystem;
specifically, the data read by the front end subsystem from the internet of things device includes device identification information, and event data or state data. The data structure (expressed in JSON format) is as follows:
the type of version is string.
The product identifier (product identifier), the corresponding type is byte [ ]; the length is a fixed 32 bytes.
DeviceKey (device identification), the corresponding type is byte [ ]; the length is a fixed 32 bytes.
DeviceSecret (device password (encryption)), corresponding type is byte [ ], and length is fixed 64 bytes.
properties (device properties), the corresponding type is an array, and the element structure includes:
identifier (unique identifier of attribute), type string;
name (attribute name), type string;
accessMode (attribute read-write type), the content is read-only (r) or read-write (rw);
data (data value);
dataType, specifically: int (native), float (native), double (native), text (native), date (String type UTC millisecond), pool (int type of 0 or 1), enum (int type), struct (structure type, which may include the preceding 6 types), array (array type, support int/double/float/text).
events (event data), the corresponding type is an array, and the element structure comprises:
identifier (unique identifier of event type), type string;
name (event type name), type string;
data (event content);
dataType (data type).
status (status data), type is array, element structure includes:
identifier (unique identifier of status indicator), type string;
name (status index name), type string;
data (status value);
dataType (data type).
The service platform identifies the product using ProductKey and DeviceId (for devices with Mac, Mac address is usually used) identifies the device, so as to verify the validity of the internet of things device through device certificates (ProductKey, DeviceId and DeviceSecret). In the embodiment of the invention, the service platform is a platform comprising a front terminal system and a control subsystem.
Before the internet of things equipment is accessed to the service platform, product and equipment information of the internet of things equipment needs to be reported, and after the authentication is passed (when the authentication is passed, a general matching algorithm in the field of identity authentication can be generally adopted, and a specific authentication mode and a specific process are well known by persons skilled in the art and are not described in detail herein), the internet of things equipment can be accessed to the service platform. The service platform adopts an authentication scheme of sub-device dynamic registration, and when the internet of things device is connected with the service platform, the DeviceSecret (namely, a dynamic device password) is acquired through a dynamic registration mode based on the DeviceId, and is safely stored in a storage safety area of the device and is invisible to a user.
And after the Internet of things equipment passes authentication based on the equipment certificate and accesses the service platform, the data can be sent. Data sent by the internet of things equipment consists of equipment identification, event information or state data, and equipment metadata (the equipment metadata is attribute data of the internet of things equipment) needs to be contained in the data packets sent each time.
The front terminal system associates the acquired data with the product ID, the equipment ID and the dynamic equipment password corresponding to the current Internet of things equipment to form an equipment data packet, and sends the formed equipment data packet to the control subsystem so as to verify the reliability of the data source by the control subsystem.
Step 4, the control subsystem unpacks the equipment data packet and verifies the reliability of the data source in the equipment data packet;
in specific implementation, a packaging mode of the device data packet is formed according to the front end subsystem, the control subsystem performs corresponding unpacking on the device data packet, and the specific packaging and unpacking modes and processes are well known to those skilled in the art and are not described herein again. When verifying the reliability of the data source in the device data packet, the verification mainly comprises digital signature verification to ensure the authenticity of the signing and issuing identity (specifically, the digital signature verification can adopt a general method for verifying the authenticity of the digital identity in the technical field, can be selected according to the needs and is not repeated here), data fingerprint verification of the content integrity, and passing through a security rule (the security rule mainly comprises an illegal data which is mainly used for filtering the internet of things device in the acquisition process and does not need to be stored in a regular expression form, different filtering rules are formulated according to the scene requirements, so the rule engine is called, the illegal data can comprise errors, peaks, malicious attack counterfeiting data and the like in the acquisition process, and is particularly well known by people in the technical field, and the detailed here is not repeated here) to verify the rationality of the content and the like, the specific means and manner for verifying the reliability of the data source may be selected according to actual needs, and are well known to those skilled in the art, and will not be described herein again.
And 5, for the verified equipment data packet, the control subsystem performs matching based on the rule engine and stores the equipment data packet according to a BBTS storage protocol.
Specifically, the control subsystem forwards a data packet matched with the rule engine to the storage and recording contract module through a BBTS communication protocol, the storage and recording contract module stores received data according to a data structure form according to the BBTS storage and recording protocol, and the received data is data obtained after unpacking.
Fig. 2 is a schematic diagram of data flow of a BBTS communication protocol, according to which data from an internet of things device can be sorted and forwarded in order. The forwarding rules are matched based on the data content sent by the equipment, and the data packets can be forwarded to a database, a storage system, a message queue, a real-time stream computing platform and a data processing uplink.
Further, according to the BBTS logging protocol, the data packets meeting the uplink rule are analyzed and packaged into a transaction format meeting the BBTS logging protocol;
the transaction format comprises transaction content, and the data packet which accords with the uplink rule is packaged into the transaction content through a corresponding data structure according to the data property, the data size and the encryption requirement of the upper block chain.
According to the configuration of the rule engine, the data packets conforming to the upper blockchain rule will be parsed and packed into a transaction format conforming to the uplink specification (the specification is the BBTS logging protocol). The complete transaction format includes transaction content, transaction code, transaction verification, encryption suite, transaction signature. According to the different properties, sizes and encryption requirements of the uplink content, the uplink content is packaged into the transaction content through the corresponding data structure.
The following is a specific analysis of the content of the transaction, in particular
The smaller data is directly linked up, and the transaction content structure is as follows:
content (certificate content) is of byte [ ], the block chain does not limit the encoding mode, and the certificate content is encoded by the service. The length is 512K or less.
The smaller data hash links up, and the transaction content structure is as follows:
a contentHash (hash value of the plaintext content of the certificate), wherein the hash value of the plaintext of the certificate cannot be constrained by the blockchain, and the hash algorithm is sha-256; type is byte [ ], length is fixed 32 bytes;
encrypting the plaintext by using an encryption key and a nonce to obtain a value, and decrypting the value by using the encryption key and the nonce to obtain a ciphertext value; the type is byte [ ], and the length is less than or equal to 512K; the length is less than or equal to 16 bytes, and when the AES GCM algorithm is used, the length of the value is generally 12 bytes.
The larger data hash links up, and the transaction content structure is as follows:
hash (hash value of source file), and the hash value is obtained by performing digest calculation according to the actual source file outside the chain; the hash algorithm is sha-256; the type is byte [ ], and the length is fixed to 32 bytes.
The larger data link links up, and the transaction content structure is as follows:
links (links to the content of the deposit certificate), may be written to URIs, or other clues that may be used to locate the source file. The content is the URI of the source file or other retrievable address; the type is byte [ ] (the content character string is coded to obtain a byte array, a block chain is not checked, the coding mode is not limited, and the business self-codes and decodes the byte array); the length is less than or equal to 64K;
and (3) hash (the hash value of the source file), retrieving the actual source file outside the chain according to the link, and then performing abstract calculation on the source file to obtain the hash value. The hash algorithm is sha-256, type is byte [ ], length is fixed 32 bytes.
In the embodiment of the present invention, for the above-mentioned four transaction content structures, when the structure is implemented specifically, the corresponding transaction structure can be selected specifically according to the requirements of the service scene.
To sum up, the invention is a credible acquisition and storage device based on the digital identity of the intelligent Internet of things equipment, and specifically comprises the following steps: the system comprises a front terminal system, a control subsystem connected with the front terminal system and a storage contract module connected with the control subsystem;
the method comprises the steps that a connection beacon of current Internet of things equipment is obtained through a front terminal system, and a dynamic equipment password request is sent to a control subsystem, wherein the dynamic equipment password request comprises a product ID and an equipment ID of the Internet of things equipment;
according to the product ID and the equipment ID contained in the received dynamic equipment password request, the control subsystem searches the corresponding product ID and equipment ID in the product equipment registry, generates the required dynamic equipment password in the control subsystem after finding the product ID and the equipment ID corresponding to the dynamic equipment password request, stores the dynamic equipment password in the safe area of the control subsystem and returns the dynamic equipment password to the front subsystem;
after receiving a dynamic device password of the current Internet of things device, the front terminal system performs data acquisition on the current Internet of things device, associates the acquired data with a product ID, a device ID and the dynamic device password corresponding to the current Internet of things device to form a device data packet, and sends the formed device data packet to the control subsystem;
the control subsystem unpacks the equipment data packet and verifies the reliability of a data source in the equipment data packet; and for the data packets passing the verification, the control subsystem performs matching based on the rule engine and stores the data packets into the storage and recording contract module according to the BBTS storage and recording protocol.
As shown in fig. 1, the front end subsystem includes a camera and a communication module, the front end subsystem can scan a connection beacon of the internet of things device through the camera, the front end subsystem can be connected with the control subsystem through the communication module, and the communication module in the front end subsystem is connected and communicated with the acquisition module in the control subsystem through a BBTS identification protocol, so as to transmit the device data packet to the acquisition module.
The control subsystem comprises an acquisition module, a security module connected with the acquisition module and a storage and recording module connected with the security module, and is connected with the storage and recording contract module through the storage and recording module according to a BBTS communication protocol. Specifically, the acquisition module can unpack the device data packet, then the security module verifies the reliability of the data source, and the verified data can be delivered to the logging module. Generally, the internet of things equipment has large data collection amount and various indexes, not all data need to be chained, the logging module performs matching on the data based on the rule engine, and the data meeting the chaining requirement can be analyzed, combined, and fingerprints are calculated. In the embodiment of the invention, the step of calculating the fingerprint mainly refers to that the content of the data needs to be subjected to hash digest before being stored, so that the information content is ensured not to be tampered.
As can be seen from the above description, the block-Based trusted storage protocol (BBTS protocol system) of the present invention is called BBTS protocol system for short, and includes three sub-protocols, which are respectively: the BBTS identification protocol is used for representing the digital identity of the Internet of things equipment; the BBTS communication protocol is used for data security storage and recording; the BBTS logging protocol is used for expressing the structural setting of logging data. According to the invention, the connection beacon of the Internet of things equipment is obtained through the camera, the control subsystem is connected with the Internet of things equipment through the connection beacon before collection through the front terminal system, the collected data carries dynamic equipment passwords, credible confirmation is carried out through the security module, then the data is subjected to rule-based anchoring (the anchoring is rule matching and determining, and the rule is the rule engine) through the logging module, and the anchored data and the data fingerprints are subjected to real-time chain-up verification (specifically, the fingerprints of the data are hash of the data, but the fingerprints are more general, and the hash is only a common technical realization form of the fingerprints), so that the data under the line can be verified through credible verification service according to business appeal.
In conclusion, the data acquisition and data storage processes are combined through a safety hardware device, and credibility verification is performed from multiple aspects such as digital identity identification, data communication, data storage and the like through a BBTS protocol system, so that the data credibility of the whole chain of data acquisition, format conversion and storage and recording is ensured;
the identity information, the state information and the digital certificate of the equipment of the Internet of things are combined, and the legality of the equipment of the Internet of things is jointly checked. The method comprises the steps that the device information is safely stored in a device storage safety area invisible to a user in the modes of pre-reporting the device information, authenticating the identity, dynamically registering the device and the like, so that the method has better data safety, device compatibility and scale expandability;
the data transfer function of the service platform rule engine is used for orderly sorting and forwarding the data messages from the Internet of things equipment, the forwarding rules are matched based on the data content sent by the Internet of things equipment, and an effective method is combined with a data credibility mechanism, so that the service platform rule engine has better communication performance and higher communication safety;
according to the configuration of the rule engine, the data packet with the complete transaction model is filtered, and the data packet is encapsulated into the transaction content through different data structures according to the difference of the property, the size and the encryption requirement of the uplink content, so that the method has better multi-environment adaptability, application universality and storage efficiency.
As mentioned above, this is only an example of the present invention and is not intended to limit the present invention in any way. Those skilled in the art can make various other improvements or modifications equivalent to the above-described embodiments without departing from the scope of the present invention, and any simple modification, equivalent change or modification made to the above embodiments according to the technical essence of the present invention will still fall within the scope of the present invention.

Claims (10)

1. A credible acquisition and logging method based on intelligent Internet of things equipment digital identity is characterized by comprising the following steps:
step 1, acquiring a connection beacon of current Internet of things equipment through a front terminal system, and sending a dynamic equipment password request to a control subsystem, wherein the dynamic equipment password request comprises a product ID and an equipment ID of the Internet of things equipment;
step 2, according to the product ID and the equipment ID contained in the received request of the dynamic equipment password, the control subsystem searches the corresponding product ID and equipment ID in a product equipment registry, after finding the corresponding product ID and equipment ID in the request of the dynamic equipment password, the control subsystem generates the required dynamic equipment password, stores the dynamic equipment password in the safe area of the control subsystem, and returns the dynamic equipment password to the front subsystem;
step 3, after receiving the dynamic equipment password of the current Internet of things equipment, the front terminal system acquires data of the current Internet of things equipment, associates the acquired data with the product ID, the equipment ID and the dynamic equipment password corresponding to the current Internet of things equipment to form an equipment data packet, and sends the formed equipment data packet to the control subsystem;
step 4, the control subsystem unpacks the equipment data packet and verifies the reliability of the data source in the equipment data packet;
step 5, for the data packets passing the verification, the control subsystem performs matching based on the rule engine, the control subsystem forwards the data packets matched with the rule engine to a storage contract module through a BBTS communication protocol, and the storage contract module stores the received data packets according to a data structure form according to the BBTS storage protocol; the BBTS is a block chain-Based Trusted Storage Blockchain-Based Trusted Storage protocol system.
2. The trusted collection and logging method based on the digital identity of the intelligent internet of things equipment as claimed in claim 1, wherein the trusted collection and logging method comprises the following steps: the connection beacon of thing networking device including set up in two-dimensional code on the thing networking device, front end subsystem passes through the camera scanning connect the beacon to obtain the product ID and the equipment ID of current thing networking device.
3. The method for trusted collection and logging of digital identities based on intelligent internet of things equipment according to claim 1, wherein in step 2, when the control subsystem does not find the corresponding product ID and equipment ID in the product equipment registry, the control subsystem registers the product ID and equipment ID to be found in the product equipment registry, and generates a corresponding dynamic equipment password after registration; and the control subsystem stores the dynamic equipment password into a safe area through a TrustZone method.
4. The trusted collection and logging method based on the digital identity of the intelligent internet of things device according to claim 1, wherein the control subsystem communicates with the front end subsystem through a BBTS (broadband transmission stream) identification protocol.
5. The trusted collection and logging method based on the digital identity of the intelligent internet of things equipment according to claim 4, wherein according to a BBTS (broadband transmission traffic System) identification protocol, the data collected by the front end subsystem from the current internet of things equipment comprises equipment identification information, event data and/or state data.
6. The trusted collection and logging method based on the digital identity of the intelligent internet of things equipment according to claim 5, wherein according to a BBTS logging protocol, data packets conforming to uplink rules are analyzed and packed into a transaction format conforming to the BBTS logging protocol;
the transaction format comprises transaction content, and the data packet which accords with the uplink rule is packaged into the transaction content through a corresponding data structure according to the data property, the data size and the encryption requirement of the upper block chain.
7. The utility model provides a credible collection deposits device based on intelligence thing allies oneself with equipment digital identity, characterized by: the system comprises a front terminal system, a control subsystem connected with the front terminal system and a storage contract module connected with the control subsystem;
acquiring a connection beacon of current Internet of things equipment through the front terminal system, and sending a request of a dynamic equipment password to the control subsystem, wherein the request of the dynamic equipment password comprises a product ID and an equipment ID of the Internet of things equipment;
according to the product ID and the equipment ID contained in the received dynamic equipment password request, the control subsystem searches the corresponding product ID and equipment ID in a product equipment registry, generates the required dynamic equipment password in the control subsystem after finding the product ID and the equipment ID corresponding to the dynamic equipment password request, stores the dynamic equipment password in a safe area of the control subsystem and returns the dynamic equipment password to the front subsystem;
after receiving a dynamic device password of the current Internet of things device, the front terminal system acquires data of the current Internet of things device, associates the acquired data with a product ID, a device ID and the dynamic device password corresponding to the current Internet of things device to form a device data packet, and sends the formed device data packet to the control subsystem;
the control subsystem unpacks the equipment data packet and verifies the reliability of a data source in the equipment data packet; for the data packets passing the verification, the control subsystem performs matching based on the rule engine, the control subsystem forwards the data packets matched with the rule engine to a storage contract module through a BBTS communication protocol, and the storage contract module stores the received data packets according to a data structure form according to the BBTS storage protocol; the BBTS is a block chain-Based Trusted Storage Blockchain-Based Trusted Storage protocol system.
8. The trusted collection and logging device based on the digital identity of the intelligent internet of things equipment as claimed in claim 7, wherein: the connection beacon of thing networking device including set up in two-dimensional code on the thing networking device, front end subsystem passes through the camera scanning connect the beacon to obtain the product ID and the equipment ID of current thing networking device.
9. The trusted collection and logging device based on the digital identity of the intelligent internet of things equipment as claimed in claim 7, wherein: when the control subsystem does not find the corresponding product ID and equipment ID in the product equipment registry, the control subsystem registers the product ID to be found and the equipment ID in the product equipment registry, and generates a corresponding dynamic equipment password after registration; and the control subsystem stores the dynamic equipment password into a safe area through a TrustZone method.
10. The trusted collection and logging device based on the digital identity of the intelligent internet of things equipment as claimed in claim 7, wherein: the control subsystem is communicated with the front terminal system through a BBTS (broadband transmission stream) identification protocol;
according to a BBTS identification protocol, data collected by the front end subsystem from current Internet of things equipment comprises equipment identification information, event data and/or state data.
CN202010113663.XA 2020-02-24 2020-02-24 Trusted acquisition and logging method and device based on digital identity of intelligent Internet of things equipment Active CN110958276B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010113663.XA CN110958276B (en) 2020-02-24 2020-02-24 Trusted acquisition and logging method and device based on digital identity of intelligent Internet of things equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010113663.XA CN110958276B (en) 2020-02-24 2020-02-24 Trusted acquisition and logging method and device based on digital identity of intelligent Internet of things equipment

Publications (2)

Publication Number Publication Date
CN110958276A CN110958276A (en) 2020-04-03
CN110958276B true CN110958276B (en) 2020-05-12

Family

ID=69985774

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010113663.XA Active CN110958276B (en) 2020-02-24 2020-02-24 Trusted acquisition and logging method and device based on digital identity of intelligent Internet of things equipment

Country Status (1)

Country Link
CN (1) CN110958276B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111930846B (en) * 2020-09-15 2021-02-23 支付宝(杭州)信息技术有限公司 Data processing method, device and equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105260675A (en) * 2015-10-16 2016-01-20 北京源创云网络科技有限公司 Electronic data consistency verification method, apparatus and system, and depository receipt verification platform
CN106656923A (en) * 2015-10-30 2017-05-10 阿里巴巴集团控股有限公司 Device association method, key update method and apparatuses
CN107819777A (en) * 2017-11-17 2018-03-20 北京亿生生网络科技有限公司 A kind of data based on block chain technology deposit card method and system
CN108259164A (en) * 2016-12-29 2018-07-06 华为技术有限公司 The identity identifying method and equipment of a kind of internet of things equipment
CN108574738A (en) * 2018-06-25 2018-09-25 广东机电职业技术学院 One kind is based on NB-IOT Cold Chain Logistics processes refrigeration monitoring system and method
CN110213058A (en) * 2019-06-05 2019-09-06 北京清大智信科技有限公司 A kind of block chain all-in-one machine for realizing data cochain

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018111302A1 (en) * 2016-12-16 2018-06-21 Visa International Service Association System and method for securely processing an electronic identity
CN107612909B (en) * 2017-09-18 2020-09-08 阿里巴巴集团控股有限公司 Information interaction method, device and equipment about Internet of things equipment
CN110070365B (en) * 2019-03-07 2021-12-07 创新先进技术有限公司 Commodity evidence storing method and device based on block chain and electronic equipment
CN110138873A (en) * 2019-05-21 2019-08-16 利姆斯(北京)区块链技术有限公司 Environment measuring sampled data accesses system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105260675A (en) * 2015-10-16 2016-01-20 北京源创云网络科技有限公司 Electronic data consistency verification method, apparatus and system, and depository receipt verification platform
CN106656923A (en) * 2015-10-30 2017-05-10 阿里巴巴集团控股有限公司 Device association method, key update method and apparatuses
CN108259164A (en) * 2016-12-29 2018-07-06 华为技术有限公司 The identity identifying method and equipment of a kind of internet of things equipment
CN107819777A (en) * 2017-11-17 2018-03-20 北京亿生生网络科技有限公司 A kind of data based on block chain technology deposit card method and system
CN108574738A (en) * 2018-06-25 2018-09-25 广东机电职业技术学院 One kind is based on NB-IOT Cold Chain Logistics processes refrigeration monitoring system and method
CN110213058A (en) * 2019-06-05 2019-09-06 北京清大智信科技有限公司 A kind of block chain all-in-one machine for realizing data cochain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
区块链在物联网中的应用;卿苏德;《智能物联技术》;20190518;1-8 *

Also Published As

Publication number Publication date
CN110958276A (en) 2020-04-03

Similar Documents

Publication Publication Date Title
US11907406B2 (en) Computer-implemented method and system of tamper-evident recording of a plurality of service data items
CN107749848B (en) Internet of things data processing method and device and Internet of things system
CN111586025B (en) SDN-based SDP security group implementation method and security system
US20080005558A1 (en) Methods and apparatuses for authentication and validation of computer-processable communications
CN108564182B (en) Equipment full life cycle management system and method based on block chain technology
CN111083131A (en) Lightweight identity authentication method for power Internet of things sensing terminal
CN101247407B (en) Network authentication service system and method
CN112953727A (en) Internet of things-oriented equipment anonymous identity authentication method and system
CN106452721A (en) Method and system for instruction identification of intelligent device based on identification public key
CN109714370B (en) HTTP (hyper text transport protocol) -based cloud security communication implementation method
CN110677234A (en) Privacy protection method and system based on homomorphic encryption block chain
CN112613006A (en) Power data sharing method and device, electronic equipment and storage medium
US7941668B2 (en) Method and system for securely managing application transactions using cryptographic techniques
CN103905448B (en) Towards the camera-shooting and recording device entity authentication method of city security protection
CN110958276B (en) Trusted acquisition and logging method and device based on digital identity of intelligent Internet of things equipment
CN106203188B (en) A kind of Unilateral Data Transferring System and its method adding MAC based on dual processors
CN101521576A (en) Method and system for identity authentication of internet user
CN113630421A (en) Method for preventing data migration of web system based on asymmetric encryption algorithm
CN115484030B (en) Enterprise tax data sharing method and system based on Internet of things technology
CN116668165A (en) Interaction method of trusted communication based on block chain
CN103414703A (en) Safe subscription publishing system and method based on wireless sensor network and cloud computing
CN107370728B (en) Instant license generation and verification system and method based on electronic license library
Chen et al. CallChain: Identity authentication based on blockchain for telephony networks
CN113992336B (en) Encryption network offline data trusted exchange method and device based on block chain
CN111756531B (en) Communication system and method of LoRa terminal based on CPK

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant