CN111769938B - Key management system and data verification system of block chain sensor - Google Patents

Key management system and data verification system of block chain sensor Download PDF

Info

Publication number
CN111769938B
CN111769938B CN202010608426.0A CN202010608426A CN111769938B CN 111769938 B CN111769938 B CN 111769938B CN 202010608426 A CN202010608426 A CN 202010608426A CN 111769938 B CN111769938 B CN 111769938B
Authority
CN
China
Prior art keywords
blockchain
block chain
key
data
hmac
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010608426.0A
Other languages
Chinese (zh)
Other versions
CN111769938A (en
Inventor
斯雪明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Fulian Technology Co ltd
Original Assignee
Fujian Fulian Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Fulian Technology Co ltd filed Critical Fujian Fulian Technology Co ltd
Priority to CN202010608426.0A priority Critical patent/CN111769938B/en
Publication of CN111769938A publication Critical patent/CN111769938A/en
Application granted granted Critical
Publication of CN111769938B publication Critical patent/CN111769938B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The application provides a key management system of block chain sensor, data verification system, including a plurality of block chain nodes that can realize point-to-point communication and a plurality of block chain sensors that correspond with a plurality of block chain nodes and be connected, key management system stores all block chain sensor HMAC keys in this block chain node after the public key encryption of corresponding block chain node, and sign the HMAC key of the corresponding block chain sensor of this block chain node through aggregating the signature, verify all block chain sensor HMAC keys that this block chain node corresponds during the use through aggregating the signature, further guarantee the security of key storage, in order to solve the problem that block chain sensor key reveals easily. The data verification system verifies the data sent by the blockchain sensor to the corresponding blockchain node based on the first HMAC key, and the integrity of the information is protected by using a public key cryptosystem and verified by using an HMAC algorithm, so that the safety of data transmission is ensured.

Description

Key management system and data verification system of block chain sensor
Technical Field
The invention relates to the technical field of blockchain, in particular to a key management system and a data verification system of a blockchain sensor.
Background
The sensor, i.e. a detecting device, can sense the state change of the detected object, which can be expressed by some parameters and converted into data form to meet the requirements of data transmission, processing, storage, display, recording and control. With the advance of hardware bases such as Very Large Scale Integration (VLSI) and Micro Electro Mechanical System (MEMS) technologies, and radio frequency (radio frequency) technologies, the technology development of sensors is faster and wider, and the application range is wider.
Generally, a centralized management mode is adopted to manage sensors applied in the internet of things, and in this case, the credibility of the sensors in the internet of things cannot be guaranteed. For example, a sensor installed in a vehicle may be subjected to manipulation by some centralized mechanism, such as tampering with sensor data, when the vehicle collides with the vehicle, data such as a vehicle driving route, obstacle information, and vehicle driving related parameters recorded by the sensor. Therefore, the data credibility of the internet of things sensor in a centralized scene is questioned, and the credibility of a product detected by the sensor is further influenced. The method is an important means for combining the Internet of things and the block chain to form a credible Internet of things and ensure the credibility of products.
Fig. 1 is a diagram of a trusted internet of things topology combining an internet of things and a block chain, in fig. 1, a current block chain has n block chain link points and n internet of things nodes, each node manages a plurality of block chain sensors correspondingly, for example, an ith node manages mi block chain sensors correspondingly. In a credible internet of things, the credibility of a product is ensured by the credibility of a sensor, and to ensure the credibility of the sensor, the sensor is firstly changed into a block chain sensor, namely, the credibility of the (block chain) sensor is ensured by combining the sensor and the block chain in the internet of things by virtue of the characteristics of decentralization, non-falsification, whole-course trace retention, traceability, collective maintenance, public transparency and the like of the block chain.
In the analysis of the requirements of the blockchain sensor, the key security of the blockchain sensor is an important parameter, once a key is leaked, no matter how strong a cryptographic algorithm is, all cryptographic operations corresponding to the key are not safe, and at present, the key of the blockchain sensor does not have a complete set of key management method, and the security of the blockchain sensor can be seriously threatened by the leaked key.
Disclosure of Invention
The application provides a key management system and a data verification system of a block chain sensor, and aims to solve the problems that a complete key management method for a block chain sensor key does not exist at present, and the key is easy to leak.
In one aspect, the present application provides a key management system for a blockchain sensor, including a plurality of blockchain nodes capable of implementing peer-to-peer communication and a plurality of blockchain sensors correspondingly connected to the plurality of blockchain nodes:
the blockchain sensor is configured to store an HMAC key of the blockchain sensor;
the blockchain node stores the same HMAC key, the blockchain node being configured to perform the steps of:
HMAC key encryption step: acquiring public and private key pairs of the block chain nodes and HMAC keys of a plurality of block chain sensors corresponding to each block chain node; for any block chain node, encrypting a plurality of corresponding HMAC keys of the block chain sensors according to the public key of the block chain node to generate a plurality of encrypted data;
a digital signature step: all block chain sensor HMAC keys are encrypted by public keys corresponding to the block chain nodes and then stored in the block chain nodes, and for any block chain node, digital signature is carried out on a plurality of corresponding encrypted data according to the private key of the block chain node to generate a plurality of corresponding digital signature data;
and (3) aggregating and signing: for any block chain node, performing aggregated signature on the corresponding digital signature data to generate aggregated signature data corresponding to the block chain node;
HMAC key verification step: verifying, for any of the blockchain nodes, an HMAC key of the blockchain sensor by the aggregated signature data; if the aggregated signature data passes the verification and the HMAC key passes the verification, the blockchain sensor sends data to the blockchain nodes;
and recording the verified HMAC key as a first HMAC key.
Optionally, the blockchain node is further configured to perform the following steps:
and aiming at any block chain node, when the aggregated signature is carried out for the first time, verifying all digital signature data corresponding to the aggregated signature, and verifying the aggregated signature result when the aggregated signature is initialized, wherein the verification mode of the aggregated signature result is predetermined by the block chain node.
Optionally, the verification mode of the digital signature data is determined by pre-negotiation between the blockchain node and the blockchain sensor.
Optionally, the blockchain node is further configured to perform the following steps:
and storing the public key of the block chain node and the public key of the block chain sensor in a plaintext form, wherein the public key of the block chain node and the public key of the block chain sensor are public to all the block chain link points.
Optionally, the blockchain node is further configured to decrypt the HMAC key by a private key unique to the blockchain node in performing the HMAC key encryption step.
Optionally, the HMAC key is stored in the blockchain sensor and the corresponding blockchain node.
On the other hand, the present application further provides a data verification system for a blockchain sensor, including a plurality of blockchain nodes capable of implementing peer-to-peer communication and a plurality of blockchain sensors correspondingly connected to the plurality of blockchain nodes, where the data verification system verifies, based on a first HMAC key, data sent by the blockchain sensor to the corresponding blockchain node:
the blockchain sensor is configured to perform the steps of:
calculating a second HMAC value: acquiring data sent by any blockchain sensor to the corresponding blockchain node and a second HMAC key of the blockchain sensor; calculating an HMAC value according to the data and the second HMAC key to generate a second HMAC value;
and (3) ciphertext encryption: encrypting the data according to the public key of the corresponding block link node to generate transmission ciphertext data;
ciphertext digital signature: performing digital signature on the transmission ciphertext data according to a private key of the block chain sensor to generate ciphertext digital signature data;
and sending the second HMAC value, the transmission ciphertext data and the ciphertext digital signature data to the corresponding block chain node.
Optionally, the block link point verifies the integrity of the data based on the first HMAC key:
the blockchain node is configured to perform the steps of:
and ciphertext decryption step: decrypting the transmission ciphertext data according to the private key of the corresponding block chain node to generate decrypted data;
and (3) ciphertext digital signature verification: verifying the ciphertext digital signature data according to the public key of the block chain sensor, and if the ciphertext digital signature data passes the verification, approving the decrypted data;
a first HMAC value calculating step: calculating an HMAC value according to the decrypted data and the first HMAC key to generate a first HMAC value;
data integrity verification step: and comparing the first HMAC value with the second HMAC value, and if the first HMAC value is the same as the second HMAC value, the data integrity is verified.
Optionally, the blockchain sensor is further configured to store a public key of the blockchain node.
Optionally, the verification mode of the ciphertext digital signature is determined by pre-negotiation between the block chain node and the block chain sensor.
According to the technical scheme, the key management system and the data verification system of the block chain sensor comprise a plurality of block chain nodes capable of realizing point-to-point communication and a plurality of block chain sensors correspondingly connected with the block chain nodes, the key management system encrypts and stores HMAC keys of all the block chain sensors in the block chain nodes through public keys of the corresponding block chain nodes, signs the HMAC keys of all the block chain sensors corresponding to the block chain nodes through aggregation signatures, and verifies the HMAC keys of all the block chain sensors corresponding to the block chain nodes through the aggregation signatures during use, so that the safety of key storage is further ensured, and the problems that the block chain sensor keys do not have a complete set of key management method at present and the keys are easy to leak are solved. The data verification system verifies data sent by the blockchain sensor to the corresponding blockchain node based on the first HMAC key, the data transmitted by the sensor is protected by a public key cryptosystem, and the integrity of information is verified by using an HMAC algorithm, so that the safety of data transmission is ensured.
Drawings
In order to more clearly explain the technical solution of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious to those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a topological diagram of a key management system of a blockchain sensor according to an embodiment of the present disclosure;
fig. 2 is a flowchart illustrating an actual operation of a key management system of a blockchain sensor according to an embodiment of the present disclosure;
fig. 3 is a flowchart illustrating an actual operation of a data verification system of a blockchain sensor according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application. The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
At present, a set of perfect key management method is not provided for the key of the blockchain sensor, the security of the blockchain sensor is seriously threatened by the leaked key, and in order to solve the problem that the key of the blockchain sensor is easy to leak, the application discloses a key management system of the blockchain sensor and a data verification system of the blockchain sensor.
For the sake of understanding, the related concepts and terms of art appearing in the present application are explained in detail herein. The execution main bodies in the application are two, namely a block chain node and a block chain sensor. The block link point is that a computer or other equipment is connected with a network which has an independent address and has the function of transmitting or receiving data, and the node can be a workstation, a client, a network user or a personal computer, and can also be equipment connected with other networks; the blockchain sensors are correspondingly connected with the nodes, one blockchain node can correspond to one or more blockchain sensors, and the blockchain sensors can send data to the corresponding blockchain nodes.
The keys involved in this application fall into two categories: one is a public key and a private key, the public key is published to other people by a holder, and the public key is used for encrypting data; the private key is held by the owner and can not be published, the data encrypted by the public key can only be decrypted by using the private key, and each block chain link point and each block chain sensor in the application are respectively provided with a public and private key pair correspondingly; another type of key is an HMAC key, which can be regarded as a secret parameter of a smart device, and is customized by a product or a user, in this application, the sensor is a smart device, which can carry or be customized with the HMAC key parameter, in this application, the HMAC key parameter carried by or customized to the blockchain sensor is defined as an HMAC key of the blockchain sensor, which is abbreviated as an HMAC key, and the key management system of the blockchain sensor manages the HMAC key.
In the key management system of the block chain sensor, all HMAC keys of the block chain sensor are encrypted by keys of corresponding block chain nodes and then stored in the block chain link points, and the HMAC keys of all block chain sensors corresponding to the block chain link points can be verified through aggregation signatures when in use, so that the key storage safety is further ensured; the data verification system of the blockchain sensor protects the data sent by the blockchain sensor by using a public key cryptosystem and verifies the integrity of the data by using an HMAC algorithm on the basis of the data verification system of the blockchain sensor, thereby ensuring the safety of the sent data.
For convenience of description, the key management system of the blockchain sensor is simply referred to as the key management system, and the data verification system of the blockchain sensor is simply referred to as the data verification system.
In a first aspect, the present application provides a key management system, including a plurality of block chain nodes capable of implementing peer-to-peer communication and a plurality of block chain sensors correspondingly connected to the plurality of block chain nodes, referring to fig. 1, fig. 1 is a key management system topology diagram of a block chain sensor provided in an embodiment of the present application, and is also a trusted internet of things topology diagram combining an internet of things and a block chain, as can be seen from fig. 1, n block chain nodes capable of implementing peer-to-peer communication are total in the key management system, mi block chain sensors are total in an ith block chain node, each block chain node corresponds to a set of public key pairs, each block chain sensor stores its own HMAC key, and the block chain nodes corresponding to the chain block chain sensors store the same HMAC key (that is, the HMAC key only has the block chain nodes corresponding to the block chain sensors).
Referring to fig. 2, fig. 2 is a flowchart of an actual work flow of a key management system of a blockchain sensor according to an embodiment of the present invention, where a public-private key pair of an ith blockchain node is assumed to be { Mpk } i ,Msk i Corresponding mi blockchain sensors are arranged under the ith blockchain link point, and the HMAC keys of the mi blockchain sensors are keys respectively i 1 、key i 2 ……key i mi In this embodiment, the key is stored in the ith blockchain node corresponding to the blockchain sensor, and the HMAC key of each blockchain sensor is stored in the corresponding blockchain sensor i 1 、key i 2 ……key i mi The key management system manages the key, namely manages the HMAC key of the blockchain sensor stored in any blockchain node for each blockchain sensorThe node key management methods are the same, in this embodiment, taking the ith block chain node as an example, and with reference to fig. 2, the block chain node i is configured to perform the following steps:
mi blockchain sensor HMAC keys pass through public key Mpk of corresponding blockchain node i i The encrypted data is stored in the block chain link point i (here, the block chain node i is the ith block chain link point), and HMAC keys of mi block chain sensors corresponding to the block chain node i are signed by the aggregation signature, specifically:
HMAC key encryption step: according to public key Mpk of block chain node i i Encrypting the HMAC keys of the corresponding mi blockchain sensors, wherein the HMAC key of the first blockchain sensor is key i 1 The public key Mpk passing through the corresponding block chain node i i After encryption, the result of encrypting the data is Enc Mpki (key i 1 ) Is denoted by w 1 (ii) a HMAC key of the second blockchain sensor i 2 The public key Mpk passing through the corresponding block chain node i i After encryption, the result of encrypting the data is Enc Mpki (key i 2 ) Is denoted by w 2 (ii) a By analogy, the result of encrypting the HMAC key of the mi-th blockchain sensor is Enc Mpki (key i mi ) Is denoted by w mi I.e. public key Mpk passing through corresponding block chain node i i After encryption, the plurality of encrypted data generated by the HMAC keys of the mi blockchain sensors are respectively w 1 、w 2 ……w mi (ii) a It should be noted that only the blockchain node i can use its own unique private key Msk i Decrypt out w 1 、w 2 ……w mi
A digital signature step: all HMAC keys of the block chain sensor are encrypted by public keys of corresponding block chain nodes and then stored in the block chain nodes, digital signature is carried out on a plurality of corresponding encrypted data according to private keys of the block chain nodes aiming at any block chain node to generate a plurality of corresponding digital signature data, and still taking block chain link point i as an example, the specific process is that the block chain link point i uses a private key Msk i To w 1 、w 2 ……w mi Respectively carrying out digital signature, wherein the result of the block chain node i on the digital signature data of the encrypted data is as follows: sig Mski (w 1 ),……,Sig Mski (w mi ) Respectively marked as S 1 ,S 2 ,……,S mi
And (3) aggregating and signing: and performing aggregate signature on the plurality of corresponding digital signature data aiming at any block chain node to generate aggregate signature data corresponding to the block chain node. The aggregated signature is a variant signature scheme for aggregating any multiple signatures into one signature, and the aggregated signature is a digital signature with additional properties, which has compression and batch processing properties 1 ,S 2 ,……,S mi The aggregate signature is AggS (S) 1 ,S 2 ,……,S mi ) That is, a plurality of signatures respectively signed by a plurality of users on a plurality of messages can be aggregated into a short signature, and in practical work, the generated aggregated signature is verifiable, and in combination with the application, the HMAC key can be verified through the verification of the aggregated signature data.
HMAC key verification step: verifying an HMAC key of a block chain sensor by aggregating signature data aiming at any block chain node; and if the aggregated signature data passes the verification and the HMAC key passes the verification, the block chain sensor sends data to the block chain nodes. In combination with the present application, the blockchain link point i only needs to verify the aggregate signature AggS (S) when verifying the blockchain sensor HMAC key 1 ,S 2 ,……,S mi ) Determining S 1 ,S 2 ,……,S mi The correctness of (1) can be regarded as w 1 ,w 2 ,……,w mi Corresponding key i 1 ,……,key i mi And (6) passing the verification. For any block chain node, the verification of the aggregated signature comprises two scenes according to actual conditions, when the aggregated signature is carried out for the first time, all digital signature data corresponding to the aggregated signature are verified, and when the aggregated signature is initialized, the verification of the aggregated signature result is carried out, specifically as follows:
in a first scenario of aggregated signatures, when aggregated signatures are performed for the first time, all digital signature data corresponding to the aggregated signatures need to be verified, and in combination with the application, for a block chain node i, digital signature data S needs to be verified 1 ,S 2 ,……,S mi All the verifications are carried out. The verification method of the digital signature data is determined by block chain nodes and block chain sensors in advance, for example, one verification method of the digital signature data may be as follows: the summary information is encrypted by the private key of the sender and transmitted to the receiver together with the original text, the receiver decrypts the encrypted summary information by using the public key of the receiver, and then generates summary information for the received original text by using the HASH function, and the summary information is compared with the decrypted summary information. If the two information are the same, the received information is complete and is not modified in the transmission process, otherwise, the information is modified, and therefore the digital signature can verify the integrity of the information. It should be noted that all the digital signature data S need only be subjected to preliminary aggregate signature 1 ,S 2 ,……,S mi And (4) verifying, wherein after the first verification is passed, all digital signature data do not need to be verified any more, and only the aggregated signature result needs to be verified.
The other scenario of the aggregated signature verification is to verify the aggregated signature result, and the verification mode of the aggregated signature result is predetermined by the block link point. For example, the aggregated signature result may be a product of each digital signature data, and the verifier only needs to verify the aggregated signature once to be sure whether the signature comes from the signature that the specified user performed on each of the plurality of messages, thereby greatly improving the signature verification and transmission efficiency. The aggregated signature result may also be another algorithm customized by the user according to actual requirements, and the application is not limited specifically. In practical application, when a key management system is initialized, initialization authentication needs to be performed, where the initialization includes, for example, a case of starting up or restarting the system every day, the initialization authentication refers to that an HMAC key of any block chain sensor is encrypted by a public key of a corresponding block chain node and then stored in a block chain node, when the system is used, HMAC keys of all block chain sensors corresponding to the block chain node can be verified through an aggregation signature, so that security of key storage is further ensured, the verified HMAC key is marked as a first HMAC key, and the first HMAC key is used for verifying data sent by the block chain sensor to the corresponding block chain node in a data verification system.
In a second aspect, the present application provides a data verification system, which includes a plurality of block chain nodes capable of implementing peer-to-peer communication and a plurality of block chain sensors correspondingly connected to the plurality of block chain nodes, and the data verification system verifies data sent by the block chain sensor to the corresponding block chain node based on a first HMAC key, referring to fig. 3, where fig. 3 is an actual work flow diagram of the data verification system for the block chain sensor provided in the embodiment of the present application, the data verification system includes two parts, where the two parts are different execution main bodies, the first part is processing of data to be sent by the block chain sensor, the execution main body is the block chain sensor, the other part is verifying of data sent by a node corresponding to the block chain sensor, and the execution main bodies are the block chain nodes, which will be described below separately.
In the first section, the blockchain sensor transmits data to the corresponding blockchain link points. For any blockchain sensor, when sending data to a corresponding blockchain link, the blockchain sensor sends encrypted data, a digital signature and an HMAC value to the corresponding blockchain link based on its HMAC key, specifically, in this process, the blockchain sensor is configured to perform the following steps:
calculating a second HMAC value: and acquiring data sent by any blockchain sensor to the corresponding blockchain node, and calculating an HMAC value of the blockchain sensor transmission data. In this embodiment, it is assumed that the data sent by the jth sensor in the ith block chain node to the block link point i is a Message, and a public-private key pair of the jth sensor in the ith block chain node is a public-private key pair
Figure BDA0002559999190000071
The jth blockchain sensor's own HMAC key is @>
Figure BDA0002559999190000072
To distinguish from the first HMAC key, here we will ≧ the HMAC key of the jth blockchain sensor>
Figure BDA0002559999190000073
The HMAC value is calculated according to the data Message and the second HMAC key in a manner of ^ er than>
Figure BDA0002559999190000074
A second HMAC value is generated.
And (3) ciphertext encryption: the public key of the block chain node i is also stored in the corresponding block chain sensor, that is, the jth sensor stores the public key of the corresponding block chain node, and the public key is used for storing the public key of the block chain node i corresponding to the jth sensor Mpk i Encrypting the Message to generate the Enc Mpki (Message);
Ciphertext digital signature: according to the private key of the jth sensor
Figure BDA0002559999190000075
For transmission ciphertext data Enc Mpki (Message) performs digital signature to generate ciphertext digital signature data->
Figure BDA0002559999190000076
Transmitting the second HMAC value of the jth sensor and the transmission ciphertext data Enc Mpki (Message), ciphertext digital signature data
Figure BDA0002559999190000077
And sending the data Message to the corresponding block link point i, so that the process that the jth sensor in the ith block chain node sends the data Message to the block link point i is completed.
In the second part, the block chain link points verify the data sent by the block chain sensors. After the jth sensor in the ith block chain node sends the data Message to the block chain node point i, the ith block chain node point is to verify the integrity of the data based on the first HMAC key, and in this process, the block chain node is configured to perform the following steps:
and (3) ciphertext decryption: private key Msk according to corresponding block link point i i Decrypting transmission ciphertext data Enc Mpki (Message) generating decrypted data Message;
and (3) ciphertext digital signature verification: according to the public key of the jth sensor
Figure BDA0002559999190000078
Verifying ciphertext digital signature data
Figure BDA0002559999190000079
(Enc Mpki (Message)), if the ciphertext digital signature data passes the verification, the decrypted data is approved, wherein the verification mode of the ciphertext digital signature is determined by the block chain node and the block chain sensor in advance, the verification mode of the ciphertext digital signature data is the same as that of the encrypted data, and the verification mode is already described in the key management system and is not described repeatedly here.
A first HMAC value calculating step: validating a second HMAC value with a blockchain node i
Figure BDA00025599991900000710
If the transmission information Message passes the verification, the transmission information Message can be determined to be correct and complete, and an HMAC value is calculated according to the decrypted transmission information Message and the first HMAC key to generate a first HMAC value;
data integrity verification step: and comparing the first HMAC value with the second HMAC value, if the first HMAC value is the same as the second HMAC value, the data integrity passes the verification, which indicates that the data is not damaged in the transmission process, and if the first HMAC value is different from the second HMAC value, which indicates that the data is damaged or has other abnormality in the transmission process, the data is incomplete.
In the key management system and the data verification system of the blockchain sensor, public keys of all blockchain sensors and blockchain nodes are stored in corresponding blockchain link points in a plaintext form, and are written into a distributed account book through a blockchain consensus mechanism, and all blockchain link points are published for the use of the blockchain nodes or the blockchain sensors, such as encryption calculation, digital signature and the like.
According to the technical scheme, the key management system and the data verification system of the block chain sensor comprise a plurality of block chain nodes capable of realizing point-to-point communication and a plurality of block chain sensors correspondingly connected with the block chain nodes, the key management system encrypts and stores HMAC keys of all the block chain sensors in the block chain nodes through public keys of the corresponding block chain nodes, signs the HMAC keys of all the block chain sensors corresponding to the block chain nodes through aggregation signatures, and verifies the HMAC keys of all the block chain sensors corresponding to the block chain nodes through the aggregation signatures when in use, so that the key storage safety is further ensured, and the problems that the block chain sensor keys do not have a complete set of key management method at present and the keys are easy to leak are solved. The data verification system verifies data sent by the blockchain sensor to the corresponding blockchain node based on the first HMAC key, the data transmitted by the sensor is protected by a public key cryptosystem, and the integrity of information is verified by using an HMAC algorithm, so that the safety of data transmission is ensured.
The detailed description provided above is only a few examples under the general concept of the present application, and does not constitute a limitation to the scope of the present application. Any other embodiments extended according to the scheme of the present application without inventive efforts will be within the scope of protection of the present application for a person skilled in the art.

Claims (9)

1. A key management system of a blockchain sensor comprises a plurality of blockchain nodes capable of realizing point-to-point communication and a plurality of blockchain sensors correspondingly connected with the plurality of blockchain nodes, and is characterized in that:
the blockchain sensor is configured to store an HMAC key of the blockchain sensor;
the blockchain node stores the same HMAC key, the blockchain node being configured to perform the steps of:
HMAC key encryption step: acquiring public and private key pairs of the block chain nodes and HMAC keys of a plurality of block chain sensors corresponding to each block chain node; for any block chain node, encrypting a plurality of corresponding HMAC keys of the block chain sensors according to the public key of the block chain node to generate a plurality of encrypted data;
a digital signature step: all block chain sensor HMAC keys are encrypted by public keys corresponding to the block chain nodes and then stored in the block chain nodes, and for any block chain node, digital signature is carried out on a plurality of corresponding encrypted data according to the private key of the block chain node to generate a plurality of corresponding digital signature data;
and (3) aggregating and signing: for any block chain node, performing aggregate signature on the corresponding digital signature data to generate aggregate signature data corresponding to the block chain node;
HMAC key verification step: verifying, for any of the blockchain nodes, an HMAC key of the blockchain sensor by the aggregated signature data; if the aggregated signature data passes the verification and the HMAC key passes the verification, the blockchain sensor sends data to the blockchain nodes;
and recording the verified HMAC key as a first HMAC key.
2. The key management system for blockchain sensors of claim 1, wherein the blockchain node is further configured to perform the steps of:
and aiming at any block chain node, when the aggregated signature is carried out for the first time, verifying all digital signature data corresponding to the aggregated signature, and verifying the aggregated signature result when the aggregated signature is initialized, wherein the verification mode of the aggregated signature result is predetermined by the block chain node.
3. The key management system of blockchain sensors of claim 1, wherein the verification of the digitally signed data is determined by a pre-negotiation between the blockchain node and the blockchain sensor.
4. The key management system for blockchain sensors of claim 1, wherein the blockchain node is further configured to perform the steps of:
and storing the public key of the block chain node and the public key of the block chain sensor in a plaintext form, wherein the public key of the block chain node and the public key of the block chain sensor are public to all the block chain link points.
5. The key management system of blockchain sensors of claim 1, wherein the blockchain nodes are further configured to decrypt an HMAC key with a private key unique to the blockchain node in performing the HMAC key encryption step.
6. The key management system of blockchain sensors of claim 1, wherein the HMAC key is stored in the blockchain sensor and the corresponding blockchain node.
7. A data verification system of a blockchain sensor comprises a plurality of blockchain nodes capable of realizing point-to-point communication and a plurality of blockchain sensors correspondingly connected with the plurality of blockchain nodes, and is characterized in that the data verification system verifies data sent by the blockchain sensors to the corresponding blockchain nodes based on a first HMAC key, and the data verification system is characterized in that:
the blockchain sensor is configured to perform the steps of:
calculating a second HMAC value: acquiring data sent by any blockchain sensor to the corresponding blockchain node and a second HMAC key of the blockchain sensor; calculating an HMAC value according to the data and the second HMAC key to generate a second HMAC value;
and (3) ciphertext encryption: encrypting the data according to the public key of the corresponding block chain node to generate transmission ciphertext data;
ciphertext digital signature step: performing digital signature on the transmission ciphertext data according to a private key of the block chain sensor to generate ciphertext digital signature data;
sending the second HMAC value, the transmission ciphertext data and the ciphertext digital signature data to the corresponding block chain node;
the blockchain nexus verifies integrity of the data based on the first HMAC key, and the blockchain nexus is configured to perform the steps of:
and ciphertext decryption step: decrypting the transmission ciphertext data according to the private key of the corresponding block chain node to generate decrypted data;
and (3) ciphertext digital signature verification: verifying the ciphertext digital signature data according to the public key of the block chain sensor, and if the ciphertext digital signature data passes the verification, approving the decrypted data;
a first HMAC value calculating step: calculating an HMAC value according to the decrypted data and the first HMAC key to generate a first HMAC value;
data integrity verification step: and comparing the first HMAC value with the second HMAC value, and if the first HMAC value is the same as the second HMAC value, the data integrity is verified.
8. The data validation system of a blockchain sensor of claim 7, wherein the blockchain sensor is further configured to store a public key of the blockchain node.
9. The data verification system of a blockchain sensor according to claim 7, wherein a verification manner of the ciphertext digital signature is determined by pre-negotiation between the blockchain node and the blockchain sensor.
CN202010608426.0A 2020-06-29 2020-06-29 Key management system and data verification system of block chain sensor Active CN111769938B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010608426.0A CN111769938B (en) 2020-06-29 2020-06-29 Key management system and data verification system of block chain sensor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010608426.0A CN111769938B (en) 2020-06-29 2020-06-29 Key management system and data verification system of block chain sensor

Publications (2)

Publication Number Publication Date
CN111769938A CN111769938A (en) 2020-10-13
CN111769938B true CN111769938B (en) 2023-03-24

Family

ID=72724254

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010608426.0A Active CN111769938B (en) 2020-06-29 2020-06-29 Key management system and data verification system of block chain sensor

Country Status (1)

Country Link
CN (1) CN111769938B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112948886A (en) * 2021-03-26 2021-06-11 重庆倍来电新能源有限公司 Method for improving data transmission security based on block chain
CN113190860B (en) * 2021-05-07 2024-03-01 福建福链科技有限公司 Block chain sensor data authentication method and system based on ring signature
CN113709096B (en) * 2021-06-24 2023-08-04 北京农业信息技术研究中心 Livestock asset management identity authentication method and system
CN113660143B (en) * 2021-08-20 2022-07-19 国网安徽省电力有限公司电力科学研究院 Intelligent sensor protocol testing method
CN116684095B (en) * 2023-08-02 2023-09-29 杭州希智电子有限公司 Sensor data encryption method and system based on Internet of Things

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107968708B (en) * 2017-11-10 2020-01-17 财付通支付科技有限公司 Method, device, terminal and server for generating signature
CN110300112B (en) * 2019-07-02 2022-05-10 石家庄铁道大学 Block chain key hierarchical management method
CN110430039B (en) * 2019-07-19 2022-08-19 瑞纳智能设备股份有限公司 Production management system and method based on block chain
CN110944301A (en) * 2019-12-02 2020-03-31 重庆瑞坤科技发展股份有限公司 Intelligent cell equipment monitoring system based on block chain and key management method
CN111275419B (en) * 2020-01-17 2023-04-11 上海简苏网络科技有限公司 Block chain wallet signature right confirming method, device and system
CN111314067B (en) * 2020-02-05 2021-04-16 腾讯科技(深圳)有限公司 Block storage method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN111769938A (en) 2020-10-13

Similar Documents

Publication Publication Date Title
US11323276B2 (en) Mutual authentication of confidential communication
CN111769938B (en) Key management system and data verification system of block chain sensor
JP6345157B2 (en) In-vehicle information communication system and authentication method
JP4593533B2 (en) System and method for updating keys used for public key cryptography
US9160728B2 (en) Message sending/receiving method
CN109743171B (en) Key series method for solving multi-party digital signature, timestamp and encryption
US9705683B2 (en) Verifiable implicit certificates
US11870891B2 (en) Certificateless public key encryption using pairings
CN109104271B (en) Digital signature method, device and system
CN110597836B (en) Information inquiry request response method and device based on block chain network
CN103905204A (en) Data transmission method and transmission system
JP6041864B2 (en) Method, computer program, and apparatus for data encryption
CN111914291A (en) Message processing method, device, equipment and storage medium
CN110365662A (en) Business approval method and device
US20220038267A1 (en) Methods and devices for secured identity-based encryption systems with two trusted centers
Barker Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
JP5393594B2 (en) Efficient mutual authentication method, program, and apparatus
CN116318654A (en) SM2 algorithm collaborative signature system, method and equipment integrating quantum key distribution
JP5004086B2 (en) Authentication system using short sequences
CN110572257A (en) Anti-quantum computing data source identification method and system based on identity
CN116471081B (en) Indoor security anonymous authentication method based on Internet of things technology
CN115549910B (en) Data transmission method, equipment and storage medium
JP3862397B2 (en) Information communication system
CN114240428A (en) Data transmission method and device, data transaction terminal and data supplier
CN116846660A (en) Message transmission method and device based on cryptographic algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant