CN112435028A - Block chain-based Internet of things data sharing method and device - Google Patents
Block chain-based Internet of things data sharing method and device Download PDFInfo
- Publication number
- CN112435028A CN112435028A CN202011459867.5A CN202011459867A CN112435028A CN 112435028 A CN112435028 A CN 112435028A CN 202011459867 A CN202011459867 A CN 202011459867A CN 112435028 A CN112435028 A CN 112435028A
- Authority
- CN
- China
- Prior art keywords
- node
- block
- manager
- block chain
- blockchain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 224
- 238000012795 verification Methods 0.000 claims description 292
- 238000012545 processing Methods 0.000 claims description 11
- 238000004891 communication Methods 0.000 claims description 9
- 230000005540 biological transmission Effects 0.000 claims description 5
- 239000000203 mixture Substances 0.000 claims description 4
- 239000002994 raw material Substances 0.000 claims description 4
- 238000012546 transfer Methods 0.000 claims description 3
- 238000010200 validation analysis Methods 0.000 claims 1
- 230000008901 benefit Effects 0.000 description 43
- 238000004422 calculation algorithm Methods 0.000 description 43
- 238000010586 diagram Methods 0.000 description 20
- 230000008569 process Effects 0.000 description 11
- 238000004364 calculation method Methods 0.000 description 7
- 238000013500 data storage Methods 0.000 description 6
- 230000009545 invasion Effects 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 5
- 230000006855 networking Effects 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 206010039203 Road traffic accident Diseases 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
Abstract
The invention provides a block chain-based Internet of things data sharing method, which comprises the steps that a first block chain manager receives a service request message of a first node, and node authentication is carried out on the node based on the service request message; for the nodes passing the node authentication, if the service request type is access data, the first blockchain manager performs query operation, if the service type is storage data, a first block containing related data in the service request message is generated and subjected to efficient and safe consensus approval based on a time backoff method, and if the consensus approval passes, the first block is added to the tail end of the blockchain, so that the data in the internet of things are shared. The invention also provides a corresponding device, and the method or the device realizes safe and efficient sharing of the data of the Internet of things based on the block chain.
Description
Technical Field
The application relates to the field of Internet of things, in particular to the field of data sharing of the Internet of things based on a block chain.
Background
In the world, more and more people have private cars, and traffic accidents on roads are more and more, which gradually becomes a serious problem in modern society. The Ad Hoc network vanet (vehicular Ad Hoc network) provides data exchange and communication between nodes and between the nodes and a road Side unit rsu (road Side unit) through a wireless medium called an inter-node wireless access wave (wireless access in vehicular access). The communication mode provides real-time relevant information, is helpful for improving the safety of drivers and passengers, and gets rid of traffic jam. The high degree of connectivity between nodes and RSUs, while intelligent, poses a challenge to security. Some nodes in VANET are intended to achieve node security against attacks by malicious entities that could compromise the security of the nodes, drivers and passengers. Information exchange between nodes and RSUs including location, speed, warning information, etc. also presents new privacy challenges. Traditional intelligent automobile security and privacy mechanisms fail due to problems of centralization, lack of privacy and security threats and the like.
In the methods proposed at present, the problem of reliability of public information is solved by using a threshold authentication method and a group signature method, but the problems of huge workload and lack of incentive mechanism cannot be solved. A point-to-point electric power transaction model based on the alliance block chain is also provided, the problem of expandability is solved, and the point-to-point electric power transaction model is easy to be attacked.
Disclosure of Invention
In view of the above, the present invention provides an internet of things data sharing method based on a block chain, which provides two stages of node key generation and node authentication to identify a malicious node, and also provides a block chain manager BM (block chain manager) block consensus approval method based on a time back-off algorithm, wherein a receiver BM of a block first checks the identity of a sender BM of the block, and if the receiver BM has approved at least one block previously sent by the sender, a strict transaction verification process is not repeatedly performed, but the block is immediately approved after a block signature and a timestamp are verified; otherwise, if the sending BM sends the first block to the receiving BM, the transaction is verified by using the normal strict transaction verification procedure. The block consensus approval method based on the time back-off algorithm is small in operation amount, more efficient and suitable for the field of Internet of things including Internet of vehicles.
In a first aspect, a method for sharing data of an internet of things based on a blockchain includes that a first blockchain manager receives a service request from a first node of the internet of things, wherein the service request includes a node ID of the first node, a service timestamp, signature information and a service operation type, the signature information is encrypted service information signed by using a node first private key of the first node, the operation type includes query and storage, the service timestamp is service request generation time, and the node first private key signature of the first node is a private key generated based on the node ID of the first node; the first blockchain manager performs node authentication on the first node based on the service timestamp and the node second public key, if the node authentication passes, the first blockchain manager reports the node ID and the node second public key of the first node to a blockchain network of the first blockchain manager, and if the node authentication fails, the first blockchain manager sends a node authentication failure message to the first node, wherein when the first blockchain manager does not have the node second public key of the first node, the first blockchain manager generates the node second public key of the first node based on the node ID; for a first node passing the node authentication, if the service type of the first node is access, the first blockchain manager performs query operation and sends a query result to the first node; for a first node with a node passing authentication, if the service type of the first node is storage, a first blockchain network manager generates a first block based on the service request message and sends the first block to the blockchain network for consensus approval, if the consensus approval passes, the first block is added to the tail end of a blockchain of the blockchain network, the storage is successfully cancelled to the first node, and if the consensus approval fails, a service request failure message is sent to the first node.
Therefore, the validity of the first node which generates the service request, namely the data sharing request, is verified through node registration and node authentication, and the first block generated based on the service request is subjected to consensus approval through the storage block consensus approval method for the service request for storing the shared data, so that the invasion of an illegal block chain manager is eliminated, and the data sharing of the Internet of things based on the block chain is realized. Compared with the Internet of things in the prior art, the block chain-based Internet of things data sharing method is safer.
In a first possible implementation manner of the method for sharing data of the internet of things based on the blockchain according to the first aspect, the generating, by the first blockchain manager, the second public key of the node of the first node based on the node ID includes sending, by the first blockchain manager, the node ID in the service request to the registry; the first blockchain manager receives a system parameter k2 and a node portion second private key for the first node from the registry, wherein the system parameter k2 and the node portion second private key are generated by the registry based on the node ID; the first blockchain manager generates a node second private key for the first node based on the system parameter k2 and the node portion second private key; the first blockchain manager generates a node second public key for the first node based on a node second private key for the first node.
Therefore, the first block chain manager sends the node ID to the registration center, and generates the second public key of the node based on the relevant data issued by the registration center by using the same algorithm as the first node, and the second public key of the node generated based on the method is the same as the first public key of the node, so that the second public key can be used for subsequent node authentication and service information encryption, and the illegal node is prevented from accessing the Internet of things.
In a second possible implementation manner of the data sharing method for the internet of things based on the blockchain according to the first possible implementation manner of the first aspect, the node authentication includes node timestamp verification, which includes that the first blockchain manager checks whether a difference between a current timestamp and a service timestamp in the service request sent by the first node is less than a first set time, and if the difference is less than the first set time, the first node passes the node timestamp verification; and verifying the node public key, wherein the first block chain manager verifies the signature of the signature information in the service request by using a node second public key of the first node, and if the verification is passed, the first node passes the node public key verification and obtains the encrypted service information.
The node timestamp verifies whether the service request of the first node is an outdated invalid request, and the node public key verifies a signature message in the verifiable service request, so that whether the service request is a request sent by the first node with a legal identity is verified. The node authentication based on the method can prevent illegal nodes from invading the Internet of things and delete outdated requirements.
According to the first aspect, in a third possible implementation manner of the data sharing method for the internet of things based on the blockchain, the querying operation performed by the first blockchain manager includes that the first blockchain manager decrypts the encrypted service information, and determines information that the first node needs to query; the first blockchain manager queries the queried information based on the local information database, and if the queried information is not found in the local information database, the first blockchain manager searches the blockchain network for the queried information.
Therefore, each block chain manager maintains a local information database, the first block chain manager firstly queries the local information database, and then queries the blocks on the block chain network if the required information cannot be queried. Based on the method, the data information of the first node service request can be quickly searched, a large amount of operation resources are saved, and efficient query is realized.
According to the first aspect, in a fourth possible implementation manner of the data sharing method for the internet of things based on the blockchain, the generating, by the first blockchain network manager, the first block based on the service request message includes decrypting, by the first blockchain manager, the encrypted service information, and determining information that needs to be stored by the first node; the first blockchain manager creates a first transaction block based on the received service request, wherein the first transaction block comprises a transaction timestamp, a transaction public key, a transaction signature and a transaction message, the transaction timestamp is the generation time of the first transaction, the transaction public key is a node second public key of a first node, the transaction signature is information signed by using a node second private key of the first node, and the transaction message comprises the information needing to be stored; the first block chain manager adds the first transaction to the current block to generate a first block, wherein the first block comprises a block timestamp of the time of generating the first block, a block signature and a block message, the block signature is a signature using a public key of the first block chain manager, and the block message comprises information of each transaction block.
Therefore, the first block is generated based on the service request, and the quick consensus approval is realized by adopting a time backoff algorithm. Compared with the traditional consensus approval method, the consensus efficiency is high, and the safe data storage is realized.
According to the first aspect or a fourth possible implementation manner of the first aspect, in a fifth possible implementation manner of the method for sharing data of the internet of things based on the blockchain, the sending the first block to the blockchain network for consensus approval includes that the first blockchain manager sends the first block to the blockchain network for multi-round block verification, the first round is that each second blockchain manager of the blockchain network completes block verification on the first block once, and the second blockchain manager is another blockchain manager except the first blockchain manager on the blockchain network; if the number of rounds K of block verification of the first block is smaller than or equal to a first set threshold value, after waiting for a first random time, the first block chain manager sends the first block to other second block chain managers in the block chain network to perform a new round of block verification on the first block, wherein the initial value of K is set to be 0; when the second block chain manager receives a block verification request of a first block sent by the first block chain manager, block verification is carried out on the first block; after the second block chain managers complete one round of block verification on the first block, the first block chain manager calculates the consensus passing rate of the first block, if the consensus passing rate is larger than or equal to a second set threshold value, the consensus of the first block passes, the first block chain manager adds the first block to the tail end of the first block chain and stores the stored information in a local information database, and if not, the K value is added by 1; if the consensus passing rate is smaller than a second set threshold and the number of rounds K of the first block which are subjected to the consensus approval is larger than a first set threshold, the first block is failed in the consensus approval; wherein the consensus pass rate is equal to a quotient of a number of second blockchain managers that pass block verification for the first block divided by a total number of second blockchain managers.
Therefore, by adopting a time-based backoff algorithm, the first block chain waits for the first random time to send the first block for consensus approval during each round of consensus approval, and the approval results of the block chain network on other blocks in the first random time can be fully utilized, so that the consensus approval efficiency of the first block is improved. Compared with the Internet of things in the prior art, the block chain-based Internet of things data sharing method has the advantage of high efficiency.
In a sixth possible implementation manner of the data sharing method for the internet of things based on the block chain according to the fifth possible implementation manner of the first aspect, the verifying the first block by the second block chain manager includes that the second block chain manager counts the received blocks of the first block chain manager within a second set time, so as to generate a total number of the received blocks of the first block chain manager, and when the total number of the received blocks of the first block chain manager is greater than a third set threshold, the second block chain manager reports to the first block chain manager that the block verification of the first block fails; when the total number of the received blocks of the first blockchain manager is smaller than or equal to a third set threshold value, the second blockchain manager performs trust verification on the first blocks based on a trust relationship; if the trust verification of the first block by the second block chain manager is not passed, the second block chain manager strictly verifies the first block, and if any verification of the first block by the second block chain manager is not passed, the second block chain manager reports the block verification of the first block to the second block chain manager; and if the trust verification of the first block by the second block chain manager passes or all the verifications in strict verification pass, performing block identity verification on the first block, and if the first block passes all the verifications in the block identity verification, reporting that the block verification of the first block passes to the first block chain manager by the second block chain manager, and storing the first block chain manager in a trust list of the first block chain manager, otherwise, reporting that the block verification of the first block does not pass to the first block chain manager by the second block chain manager, wherein the trust list comprises senders of the blocks successfully received by all the block chain managers in the block chain network.
Therefore, the first block is quickly verified based on trust verification and block identity verification, efficiency is improved, and when trust fails, safety is guaranteed by adopting strict verification and block identity verification to quickly verify the first block. Based on the method, the block verification of the first block is efficient and safe.
According to a sixth possible implementation manner of the first aspect, in a seventh possible implementation manner of the data sharing method for the internet of things based on the blockchain, the trust verification includes that the second blockchain manager checks a locally-stored trust list of the first blockchain manager, and if the first blockchain manager is located in the trust list, the first blockchain manager passes the trust verification; if the first blockchain manager is not in the trust list, the second blockchain manager sends the first block to each third blockchain manager in the trust list; and each third block chain manager checks the first block chain manager based on the trust list locally stored by the third block chain manager, and if any third block chain manager finds that the first block is managed in the local trust list, the third block chain manager reports the first block trust verification passing to the second block chain manager.
In the above way, the trust verification of the first block is performed on the basis of the trust relationship state of the first block chain manager by the second block chain manager or the third block chain, so that the method is suitable for a block chain network in which the block chain managers are relatively close and the trust relationship between the block chain managers is known a priori.
According to a seventh possible implementation manner of the first aspect, in an eighth possible implementation manner of the data sharing method for the internet of things based on the blockchain, the block identity verification includes block timestamp verification, which includes that the second blockchain manager checks whether a difference between a current timestamp and a first block timestamp is less than a third set time, if the difference is less than the third set time, the block timestamp verification is passed, otherwise, the block timestamp verification is not passed; and verifying the public key of the block, wherein the public key of the block is used for verifying the signature of the first block, and if the signature passes the verification, the public key of the block passes the verification.
Thus, block timestamp verification essentially excludes obsolete blocks, which are typically late to arrive, and block public key verification verifies that the first blockchain manager is still valid. Based on the method, the first block can be judged to be a valid non-obsolete block through the identity verification of the second block chain manager on the first block, and the invasion of an illegal block chain manager is prevented.
In a ninth possible implementation manner of the data sharing method for the internet of things based on the blockchain according to the sixth possible implementation manner of the first aspect, the strict verification includes transaction timestamp verification, which includes that the second blockchain manager checks whether differences between a current timestamp and timestamps of transactions in the first block are all less than a fourth set time, and if the differences are all less than the fourth set time, the transaction timestamp verification is passed; and verifying the transaction public key, wherein the signature of each transaction in the first block is verified by using the public key of the transaction, and if the signature passes, the transaction public key passes verification.
Therefore, the transaction timestamp verification essence excludes outdated transactions, the outdated transactions usually arrive with delay, the transaction public key verification essence is to verify whether each transaction sender in the first block is still effective, and the first block can be judged to be effective non-outdated transactions through strict verification of the first block by the second block chain manager, so that the illegal block chain manager is prevented from invading.
In a tenth possible implementation manner of the data sharing method for the internet of things based on the block chain according to the fifth possible implementation manner of the first aspect, the first random time is equal to a sum of a second random time and a third random time, wherein the second random time is greater than or equal to 2 times a delay time product and is less than a second set time, the third random time is equal to a product of a first random number and a delay time, the first random number is a random number between a difference of subtracting 1 from a k power of 0 to 2, and the delay time is a minimum transmission delay between the first block chain manager and each second block chain manager.
The third random time of the first random time is set based on a backoff algorithm and is related to K, when the K is longer, the longer the third random time is, the more blocks which are subjected to the block chain network consensus approval are received by each second block chain manager, and if the transactions contained in the blocks which are subjected to the consensus approval are overlapped with the transactions in the first block, the transactions are removed from the transaction pool to be verified of each second block chain manager, so that efficient subsequent strict verification is facilitated, and the first block consensus approval is efficiently and safely performed.
In a second aspect, a block chain-based data sharing method for the internet of things comprises the steps that a first node generates a node first public key and a node first private key of the first node based on a node ID; the method comprises the steps that a first node creates a service request and sends the service request to a first blockchain manager randomly selected by a blockchain network connected with the first node of the first node for processing, wherein the service request comprises a node ID of the first node, a first public key of the node of the first node, a service timestamp, signature information and a service operation type, the signature information is encrypted service information signed by using the first private key of the node, the operation type comprises inquiry and storage, and the service timestamp is service generation time; the first node receives a service request result generated by the first blockchain manager based on the service request, wherein the service request result comprises a query result sent by the first blockchain manager if the first node passes the node authentication of the first blockchain manager according to the first aspect and the first service request message comprises a query operation, and if the first node passes the node authentication of the first blockchain manager according to the first aspect of the first blockchain manager and the first service request message comprises a storage operation, the service request result is a storage success message sent by the first blockchain manager if the first blockchain manager creates the first block based on the method of the first aspect and passes the consensus approval of the first aspect, and if the first node does not pass the node authentication of the first blockchain manager, the service request result is a node authentication failure message sent by the first blockchain manager, and the first block fails the consensus approval, and the service request result is a service request failure message sent by the first blockchain manager.
In the above, the first node obtains information from the registration, determines a node first public key and a node first private key thereof, where the node first public key is included in the service request, and signs the encrypted service information with the node first private key. Based on the method, the service request not only comprises the related information of the sharing operation of the request, but also comprises the identity information of the node, thereby improving the safety of the service request.
In a first possible implementation manner of the block chain-based data sharing method for the internet of things, the first node generates a node first public key and a node first private key thereof based on the node ID; the first node sends the node ID to the registration center; the first node receiving from the registry its system parameter k1 and first node portion first private key, wherein the system parameter k1 and first node portion first private key were generated by the registry based on the node ID; the first node generates a node first private key of the first node based on the system parameter k1 and the node part first private key thereof; the first node generates its node first public key based on its node first private key.
Therefore, the first node executes node registration based on the node ID, and generates a node first private key and a node first public key based on related data issued by the registration center. The node first private key and the node first public key obtained based on the method are identity keys of the first node, and can be used for subsequent node authentication and service information encryption to prevent an illegal node from accessing the Internet of things.
In a third aspect, the device for sharing data of the internet of things based on a blockchain comprises a service request receiving module, a service request processing module, a service processing module and a service processing module, wherein the service request receiving module is used for a first blockchain manager to receive a service request of a first node of the internet of things, the service request comprises a node ID of the first node, a service timestamp, signature information and a service operation type, the signature information is encrypted service information signed by using a first private key of the node, the operation type comprises query and storage, the service timestamp is service generation time, and the first private key signature of the node of the first node is a private key generated based on the node ID of the first node; the node authentication module is used for the first blockchain manager to perform node authentication on the first node based on the service timestamp and the node second public key, and if the node authentication is passed, the first blockchain manager reports the node ID and the node second public key of the first node to the blockchain network, wherein when the first blockchain manager does not have the node second public key of the first node, the first blockchain manager generates the node second public key of the first node based on the node ID; the access operation module is used for inquiring the first block chain manager if the first node passes the node authentication and the service type in the service request is access; the storage operation module is used for generating a first block by the blockchain network manager based on the service request message if the first node passes the node authentication and the service type in the service request is storage, performing consensus approval on the first block to the blockchain network, and adding the first block to the tail end of a blockchain of the blockchain network if the consensus approval passes; a service result sending module, configured to send, by the first blockchain manager, a result of receiving the service request to the first node, where the service request result includes that, if the first node passes the node authentication of the first blockchain manager and the first service request message includes the query operation, the service request result is the query result, and if the node passes the node authentication of the first blockchain manager and the first service request message includes the storage operation and the first block passes the consensus approval, the service request result is a storage success message, and if the first block fails the consensus approval, the service request result is a service request failure message, and if the first node fails the node authentication, the service request result is a node authentication failure message.
Therefore, the validity of the first node which generates the service request, namely the data sharing request, is verified through node registration and node authentication, and the first block generated based on the service request is subjected to consensus approval through the storage block consensus approval method for the service request for storing the shared data, so that the invasion of an illegal block chain manager is eliminated, and the data sharing of the Internet of things based on the block chain is realized. Compared with the Internet of things in the prior art, the Internet of things data sharing device based on the block chain is safer.
According to a third aspect, in a first possible implementation manner of a device for sharing data of an internet of things based on a blockchain, the device further includes a second module for generating a node key, where the second module includes a second module for sending a node ID of a first node to a registry by a first blockchain manager; a parameter receiving second module for the first blockchain manager to receive from the registry a system parameter k2 and a node portion second private key for the first node, wherein the system parameter k2 and the node portion second private key are generated by the registry based on the node ID; a private key generation second module for the first blockchain manager to generate a node second private key for the first node based on the system parameter k2 and the node portion second private key; and the public key generation second module is used for generating the node second public key of the first node by the first block chain manager based on the node second private key of the first node.
Therefore, the first block chain manager sends the node ID to the registration center, and generates the second public key of the node based on the relevant data issued by the registration center and generated by the same algorithm as the first node, and the second public key of the node generated based on the device is the same as the first public key of the node, so that the second public key can be used for subsequent node authentication and service information encryption, and the illegal node is prevented from accessing the Internet of things.
According to a third aspect, in a second possible implementation manner of the data sharing apparatus for internet of things based on a blockchain, the node authentication apparatus includes a node timestamp verification module, configured to check, by a first blockchain manager, whether a difference between a current timestamp and a service timestamp in the service request sent by a first node is smaller than a first set time, and if the difference is smaller than the first set time, the first node passes node timestamp verification; and the node public key verification module is used for verifying the signature of the signature information in the service request by using the node second public key of the first node by the first block chain manager, and if the signature passes the verification, the first node passes the node public key verification and obtains the encrypted service information.
The node timestamp verifies whether the service request of the first node is an outdated invalid request, and the node public key verifies a signature message in the verifiable service request, so that whether the service request is a request sent by the first node with a legal identity is verified. The node authentication based on the device can prevent illegal nodes from invading the Internet of things and delete outdated demands.
According to a third aspect, in a third possible implementation manner of the data sharing device of the internet of things based on the blockchain, the access operation module includes a query information determining module, configured to decrypt, by the first blockchain manager, the encrypted service information and obtain information that the first node needs to query; the local query module is used for the first block chain manager to query the queried information based on a local information database; a remote query module to search the query information in the blockchain network by the first blockchain manager if the queried information is not found in the local information database.
Therefore, each block chain manager maintains a local information database, the first block chain manager firstly queries the local information database, and then queries the blocks on the block chain network if the required information cannot be queried. Based on the device, the data information of the first node service request can be quickly searched, a large amount of operation resources are saved, and efficient query is realized.
According to the third aspect, in a fourth possible implementation manner of the data sharing device of the internet of things based on the blockchain, the storage operation module includes a storage content generation module, configured to decrypt the encrypted service information by the first blockchain manager, and obtain information that needs to be stored by the first node; a block generation module, configured to create a first transaction based on the received service request message by a first blockchain manager, and add the first transaction to a current block by the first blockchain manager to generate a first block, where the first transaction block includes a transaction timestamp, a transaction signature, and a transaction packet, the transaction timestamp is time generated by the first transaction, the transaction public key is a node second public key of a first node, the transaction signature is signature information using a node second private key of the first node, the transaction packet is the information to be stored, the first block includes a block timestamp, a block signature, and a block packet for generating a first block time, the block signature is a signature using a first blockchain manager public key, and the block packet includes information of each transaction block; the consensus approval module is used for the first block chain manager to place the first block into the block chain network for consensus approval; and the information storage module is used for the first block chain manager to add the first block which passes the consensus examination to the tail of the first block chain and store the stored information in the local information database.
Therefore, the first block is generated based on the service request, and the quick consensus approval is realized by adopting a time backoff algorithm. Compared with the traditional consensus approval method, the device has high consensus efficiency and realizes safe data storage.
According to a fourth possible implementation manner of the third aspect, in a fifth possible implementation manner of the data sharing device of the internet of things based on the block chain, the consensus approval module includes a time backoff module, configured to, if the number of rounds K of block verification completed by the first block is smaller than or equal to a first set threshold, after waiting for a first random time, the first block chain manager sends the first block to each second block chain manager of the block chain network to perform a new round of block verification on the first block, where an initial value of K is set to 0, and the first round is that each second block chain manager of the block chain network completes one block verification on the first block; the block verification module is used for performing block verification on the first block when the second block chain manager receives a block verification request of the first block sent by the first block chain manager; the consensus approval judging module is used for calculating the consensus passing rate of the first block by the first block chain manager after the second block chain managers complete one round of block verification on the first block, if the consensus passing rate is larger than or equal to a second set threshold value, the consensus approval of the first block is passed, otherwise the value of K is added by 1, and if the consensus passing rate is smaller than the second set threshold value and the number of rounds K of the consensus approval of the first block is larger than the first set threshold value, the consensus approval of the first block fails; wherein the consensus passing rate is equal to the quotient of the number of second blockchain managers passing the block verification of the first block divided by the total number of second blockchain managers, and the second blockchain managers are other blockchain managers on the blockchain network except the first blockchain manager.
Therefore, by adopting a time-based backoff algorithm, the first block chain waits for the first random time to send the first block for consensus approval during each round of consensus approval, and the approval results of the block chain network on other blocks in the first random time can be fully utilized, so that the consensus approval efficiency of the first block is improved. Compared with the Internet of things in the prior art, the method and the system have the advantage of high efficiency.
According to a fifth possible implementation manner of the third aspect, in a sixth possible implementation manner of the data sharing device of the internet of things based on the blockchain, the blockchain verification module includes a malicious manager determining module, configured to count, by the second blockchain manager, received blocks of the first blockchain manager within a second set time, to generate a total number of received blocks of the first blockchain manager, and when the total number of received blocks of the first blockchain manager is greater than a third set threshold, the second blockchain manager reports to the first blockchain manager that the block verification of the first block fails; the trust verification module is used for performing trust verification on the first block by the second block chain manager when the total number of the received blocks of the first block chain manager is less than or equal to a third set threshold value; the strict authentication module is used for strictly verifying all transactions of the first block by the second block chain manager when the first block is not subjected to trust verification by the second block chain manager, and reporting that the block verification of the first block is not passed to the first block chain manager by the second block chain manager if any one of the strict verifications is not passed; and the block identity authentication module is used for performing identity authentication on the first block when the trust authentication of the second block chain manager on the first block passes or all the authentication in the strict authentication passes, and then if all the authentication in the identity authentication of the first block passes, the second block chain manager reports the block authentication passing of the first block to the first block chain manager, and adds the first block chain into a trust list of the second block chain manager, otherwise, the second block chain manager reports the block authentication failing of the first block to the first block chain manager, wherein the trust list comprises a sender of the block successfully received by each block chain manager in the block chain network.
Therefore, the first block is quickly verified based on trust verification and block identity verification, efficiency is improved, and when trust fails, safety is guaranteed by adopting strict verification and block identity verification to quickly verify the first block. Based on the device, the block verification of the first block is efficient and safe
According to a sixth possible implementation manner of the third aspect, in a seventh possible implementation manner of the data sharing apparatus of the internet of things based on the blockchain, the trust verification module includes a direct trust verification module, configured to check the first blockchain manager with a locally stored trust list of the second blockchain manager, and if the first blockchain manager is in the trust list of the first blockchain manager, the first blockchain manager passes the trust verification; the block transfer sending module is used for sending the first block to each third block chain manager in the trust list by the second block chain manager if the first block chain manager is not in the trust list; and the indirect trust verification module is used for checking the first block chain manager by the third block chain manager based on the block list locally stored by the third block chain manager, and reporting that the first trust verification is passed to the second block chain manager by the third block chain manager if any third block chain manager finds that the first block is managed in the local trust list.
In the above, the trust verification of the first block based on the trust relationship state of the first block chain manager by the second block chain manager or the third block chain is suitable for the block chain networks with the block chain managers being relatively close and the trust relationship between the block chain managers is known a priori, and because the trust relationship between the block chain managers is known a priori, based on the above device, a large amount of calculation time and calculation resources of each block chain manager do not need to be consumed, so that the efficiency of consensus approval is improved.
According to a sixth possible implementation manner of the third aspect, in an eighth possible implementation manner of the data sharing device of the internet of things based on the blockchain, the blockchain authentication module includes a blockchain timestamp authentication module, configured to check, by the second blockchain manager, whether a difference between the current timestamp and the blockchain timestamp is smaller than a third set time, and if the difference is smaller than the third set time, the blockchain manager passes the verification of the blockchain timestamp; and the block public key verification module is used for verifying the block signature of the first block by using the block public key of the first block by the second block chain manager, and if the block public key passes the verification, the block public key passes the verification.
Thus, block timestamp verification essentially excludes obsolete blocks, which are typically late to arrive, and block public key verification verifies that the first blockchain manager is still valid. Based on the device, the first block can be judged to be a valid non-outdated block through the identity verification of the second block chain manager on the first block, and the invasion of an illegal block chain manager is prevented.
According to a sixth possible implementation manner of the third aspect, in a ninth possible implementation manner of the data sharing device of the internet of things based on the blockchain, the strict authentication module includes a transaction timestamp verification module, configured to check, by the second blockchain manager, whether a difference between a current timestamp and a transaction timestamp of each transaction in the first block is smaller than a fourth set time, and if so, the transaction timestamp verification is passed; and the transaction public key verification module is used for verifying the transaction signature of each transaction in the first block by using the transaction public key of the corresponding transaction through the second block chain manager, and if the transaction public key passes the verification, the transaction public key passes the verification.
Therefore, the transaction timestamp verification essence excludes outdated transactions, the outdated transactions usually arrive with delay, the transaction public key verification essence is to verify whether each transaction sender in the first block is still effective, and the first block can be judged to be effective non-outdated transactions through strict verification of the first block by the second block chain manager, so that the illegal block chain manager is prevented from invading.
In a tenth possible implementation manner of the data sharing apparatus for internet of things based on a block chain according to the fifth possible implementation manner of the third aspect, the first random time is equal to a sum of a second random time and a third random time, wherein the second random time is greater than or equal to 2 times a delay time product and is less than a second set time, the second random time is equal to a product of a first random number and a delay time, the first random number is a random number between a difference of k-th power from 0 to 2 minus 1, and the delay time is a minimum transmission delay between the first block chain manager and each second block chain manager.
The third random time of the first random time is set based on a backoff algorithm and is related to K, when the K is longer, the longer the third random time is, the more blocks which are subjected to the block chain network consensus approval are received by each second block chain manager, and if the transactions contained in the blocks which are subjected to the consensus approval are overlapped with the transactions in the first block, the transactions are removed from the transaction pool to be verified of each second block chain manager, so that efficient subsequent strict verification is facilitated, and the first block consensus approval is efficiently and safely performed.
In a fourth aspect, a block chain-based data sharing device of the internet of things comprises a node key generation first module, a node ID generation first module, a node first public key and a node first private key, wherein the node first public key and the node first private key are generated by a first node based on the node ID; the service request creating module is used for a first node to create a service request and send the service request to a first blockchain manager randomly selected by a blockchain network connected with the first node through the Internet of things for processing, wherein the service request comprises a node ID service timestamp of the first node, signature information and a service operation type, the signature information is encrypted service information signed by using a first private key of the node, the operation type comprises query and storage, and the service timestamp is service generation time; a service result receiving module, configured to receive, by the first node, a service request result generated by the first blockchain manager based on the service request, where the service request result includes, if the first node is authenticated by the node according to claim 3 of the first blockchain manager and the first service request message includes a query operation, the service request result is a query result sent by the first blockchain manager, and if the first node is authenticated by the node according to claim 3 of the first blockchain manager and the first service request message includes a storage operation, if the first blockchain manager creates the first block based on the method according to claim 5 and the co-approval is performed by the method according to any one of claims 6 to 11, the service request result is a storage success message sent by the first blockchain manager, and if the first node is not authenticated by the first blockchain manager, the service request result is a node authentication failure message sent by the first blockchain manager, and the first block fails the consensus approval, and the service request result is a service request failure message sent by the first blockchain manager.
In the above, the first node obtains information from the registration, determines a node first public key and a node first private key thereof, where the node first public key is included in the service request, and signs the encrypted service information with the node first private key. Based on the device, the service request not only comprises the related information of the sharing operation of the request, but also comprises the identity information of the node, so that the safety of the service request is improved.
According to a fourth aspect, in a first possible implementation manner of the data sharing device of the internet of things based on the block chain, the node public and private key generating first module includes a node ID sending first module, configured to send a node ID of the first node to the registry; a parameter receiving first module for the first node to receive its system parameter k1 and first node part first private key from the registry, wherein the system parameter k1 and first node part first private key are generated by the registry based on the node ID; the private key generation first module is used for the first node to generate a node first private key of the first node based on the system parameter k1 of the first node and the node part first private key; the public key generation module is used for generating a first public key of the first node based on the first private key of the first node.
Therefore, the first node executes node registration based on the node ID, and generates a node first private key and a node first public key based on related data issued by the registration center. The node first private key and the node first public key obtained based on the method are identity keys of the first node, and can be used for subsequent node authentication and service information encryption to prevent an illegal node from accessing the Internet of things.
In a fifth aspect, a blockchain manager is provided, which includes the blockchain-based internet of things data sharing device of the third aspect.
In a sixth aspect, a node is provided, which includes the data sharing apparatus for the internet of things based on the block chain in the fourth aspect.
In a seventh aspect, a computing device is provided, comprising,
a bus;
a communication interface connected to the bus;
at least one processor coupled to the bus; and
at least one memory coupled to the bus and storing program instructions that, when executed by the at least one processor, cause the at least one processor to perform any of the embodiments of the first aspect or any of the embodiments of the second aspect of the present application.
In an eighth aspect, a computer-readable storage medium is provided, on which program instructions are stored, wherein the program instructions, when executed by a computer, cause the computer to perform the embodiments of any of the embodiments of the first aspect or any of the embodiments of the second aspect.
Drawings
Fig. 1 is a schematic flowchart of an embodiment of a block chain-based data sharing method for the internet of things according to the present application;
FIG. 2A is a schematic flow chart of a service request generation method according to the present application;
fig. 2B is a schematic flowchart of a first method for generating a node key according to the present application;
fig. 3A is a schematic flowchart of a node authentication method according to the present application;
fig. 3B is a schematic flowchart of a second method for node key generation according to the present application;
FIG. 4A is a schematic flow chart illustrating block consensus of the present application;
FIG. 4B is a block diagram of the present application;
FIG. 4C, a transaction structure diagram of the present application;
FIG. 4D is a block verification process diagram of the present application;
FIG. 4E is a schematic diagram of a trust verification process of the present application;
fig. 5 is a schematic structural diagram of an embodiment of a data sharing apparatus for internet of things based on a block chain according to the present application;
FIG. 6A is a schematic flow chart of a service request generation method according to the present application;
fig. 6B is a schematic structural diagram of a first module for generating a node key according to the present application;
fig. 7A is a schematic flowchart of a node authentication method according to the present application;
fig. 7B is a schematic structural diagram of a second module for node key generation according to the present application;
FIG. 8A is a block diagram illustrating a structure of a memory block consensus of the present application;
FIG. 8B is a block verification module of the present application;
FIG. 8C is a block diagram of a trust verification module according to the present application;
FIG. 9 is a schematic diagram of a computing architecture of the present application
Detailed Description
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or different subsets of all possible embodiments, and may be combined with each other without conflict.
In the following description, references to the terms "first \ second \ third, etc." or module a, module B, module C, etc. are used solely to distinguish between similar objects or different embodiments and are not intended to imply a particular ordering with respect to the objects, it being understood that where permissible any particular ordering or sequence may be interchanged to enable embodiments of the invention described herein to be practiced otherwise than as shown or described herein.
In the following description, reference to reference numerals indicating steps, such as S110, S120 … …, etc., does not necessarily indicate that the steps are performed in this order, and the order of the preceding and following steps may be interchanged or performed simultaneously, where permissible.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing embodiments of the invention only and is not intended to be limiting of the invention.
The thing networking in this application includes a plurality of member node, specifically, when the thing networking is the car networking, the node is each member vehicle and each vehicle node peripheral RSU, each member vehicle with roadside RSU passes through the wireless medium of wireless access WAVE between the member and forms node ad hoc network VANET promptly car networking, car networking and block chain network connection again. The wireless medium of the wireless access WAVE may be DRSC or C-V2X.
Each member node is provided with a sensor, acquires information related to traffic, uploads the information to the block chain network, exists in a block chain of the block chain network or an information database of a related block chain manager as shared information of the Internet of things, and can access the block chains or the information database of the block chain manager.
The block chain network comprises a registration center for registering each member node, each block chain manager authenticates each member node, and each block chain manager of the block chain network performs consensus approval on a block formed based on shared data of each member node.
Method embodiments of the present application are described below based on fig. 1 to 4E.
Example of data sharing method for Internet of things based on block chain
Fig. 1 shows a flowchart of a first embodiment of a block chain-based data sharing method for internet of things, which includes,
Before the first node generates the service request, if the first node does not have the node first public key and the node first private key representing the identity of the first node, the first node must register with a registration center of the internet of things, and the registration center is a management unit on the internet of things and can be located in any network unit of the internet of things. Based on the information obtained from the registry, a first agreed algorithm is used to determine a first public key of the node and a first private key of the node.
The service request can be generated based on various application programs, for the Internet of vehicles, the service request is generated in the application program in the vehicle-mounted terminal or generated by the mobile phone APP bundled together with the vehicle-mounted terminal, data query and data storage operations are performed on the first node, the data query comprises the query of information such as position information of other vehicles, real-time road conditions and weather conditions from the Internet of vehicles, and the data storage comprises the storage of the position information of the vehicle to the Internet of vehicles, so that the data sharing of the Internet of vehicles is realized.
The service request comprises a service timestamp, a node ID, a node first public key, signature information and an operation type, wherein the service timestamp represents the time generated by the service request, the signature information is encrypted service information signed by using a node first private key of a first node, and the operation type is query or storage. The service request is sent to a first block chain manager, and the first block chain manager is a block chain manager which receives the service request on a block chain network connected with the Internet of things.
For a detailed method of this step, refer to [ service request generation method ].
Therefore, the first node acquires information from the registration, determines a first public key of the node based on a two-party agreement algorithm, and includes the first public key in the service request. Based on the method, the service request not only comprises the related information of the sharing operation of the request, but also comprises the identity information of the node, thereby improving the safety of the service request.
After the first blockchain manager receives the service request, if the first blockchain manager does not have the node second public key of the first node, the node second public key of the first blockchain manager must be generated by the same method as the first node generates the node first public key of the first node based on the node ID in the service request. The node second public key should be the same as the node first public key and can be used for node public key verification on the first node.
The first blockchain manager performs node authentication on the node, wherein the node authentication includes node timestamp authentication and node public key authentication, the node timestamp authentication confirms that the service request is non-outdated or malicious, and the node public key authentication verifies the identity of the first node. After the first node passes the node authentication of the first blockchain manager, the first blockchain manager reports the node second public key to each blockchain manager of the internet of things, so that other blockchain managers can obtain the node second public key of the first node.
For a detailed method of this step, please refer to [ node authentication method ].
Therefore, the first block chain manager determines that the first node is a non-malicious node and identity information of the non-malicious node through node authentication, and based on the method, network security of the Internet of things can be improved, and malicious access of illegal nodes is prevented.
And step 130, judging whether the node authentication of the first node passes or not.
If the first node passes the node authentication, the process proceeds to step 140, where the first blockchain manager processes the service request of the first node and starts the data sharing operation, otherwise, the process proceeds to step 190, where a node authentication failure message is sent to the first node.
The first blockchain manager judges whether the service request of the first node is an inquiry type or a storage type based on the service type in the service request, if the service request of the first node is the inquiry type, the step 150 is carried out to carry out inquiry processing and share data or other service information provided by other nodes, and if not, the step 160 is carried out to carry out data storage processing so that other nodes can share the data stored by the vehicle.
And the first block chain manager obtains the encrypted service information when verifying the signature information in the service request, and then decrypts the encrypted service information to obtain the service information. The content which the first node needs to inquire can be further determined according to the service information. For the internet of vehicles, the real-time information of the area and the road where the vehicle is to move is inquired, and the driver can use the real-time information to ensure the safety of the driver and save the driving time.
Wherein each blockchain manager maintains a database of information for the purpose of fast response requests. If the first block size manager finds the requested real-time information in its information database, then directly sending the data to the first node; otherwise, the first block size manager searches blocks in the block chain network, finds the blocks containing the queried information, and forwards the data to the first node.
Therefore, each block chain manager maintains a local information database, the first block chain manager firstly queries the local information database, and then queries the blocks on the block chain network if the required information cannot be queried. Based on the method, the data information of the first node service request can be quickly searched, and a large amount of calculation resources are saved.
And step 160, the first blockchain manager generates a first blockchain based on the service request, and sends the first blockchain to each second blockchain manager for consensus approval.
The first blockchain manager decrypts the encrypted service information of the service request, and determines the information which needs to be stored by the first node, namely determines the information which needs to be shared by the first node. For the internet of vehicles, the stored information is the traffic state of the road on which the vehicle is located or the weather conditions of the location.
Wherein the first blockchain manager generating the first block based on the service request comprises the first blockchain manager creating a first transaction block based on the received service request, the first blockchain manager adding the first transaction to the current block, generating the first block. The first transaction block comprises a transaction timestamp, a transaction public key, a transaction signature and a transaction message, wherein the transaction timestamp is transaction generation time, the transaction public key is a second public key of a first node, the transaction signature is information signed by using a second private key of the node of the first node, the transaction message is information required to be stored, the first block comprises a block timestamp, a block signature and a block message of first block generation time, the block signature is a signature by using a first block chain manager public key, and the block message is information of each transaction block.
Specifically, fig. 4B shows specific information of a header of the first transaction, where a transaction ID is a unique identifier of the transaction, a Hash of the public key of the blockchain manager is a Hash of the public key of the first blockchain manager and is used for creating the transaction, the transaction public key and the transaction signature are used for recording detailed identity information of the first node, a timestamp is a time generated by the time transaction for initializing the transaction, and a transaction receiving time is a time when the first blockchain manager receives the service request. Fig. 4C shows header specific information of the first block, where the block ID is a unique identification of the block, the transaction number refers to the total number of transactions contained in a single block, the block timestamp indicates the time when the block chain manager generated the block, and the block public key and the block signature are used to record detailed identity information of the first block chain manager. All transactions are organized in a structure of Merkle trees, the root of which is a verification of all transactions in a single block.
And the first block chain manager sends the first block to each second block chain on the first block chain network for consensus approval. The second blockchain manager is each blockchain manager except the first blockchain manager on the first blockchain. The traditional consensus approval methods such as a workload certification mechanism, a rights and interests certification mechanism and a delegation rights and interests certification and verification pool consensus mechanism are large in calculation amount and are not suitable for the Internet of things. The invention adopts a time back-off algorithm to quickly realize consensus approval. For a detailed consensus method, refer to [ block consensus method ].
Therefore, the first block is generated based on the service request, and the quick consensus approval is realized by adopting a time backoff algorithm. Compared with the traditional consensus approval method, the consensus efficiency is high by adopting the method.
If the first block passes the consensus approval, the step 180 is performed, the first block including the shared data information is stored, otherwise, the step 190 is performed, and a service request failure message is sent to the first node.
The first blockchain manager stores the first block to the end of the blockchain and saves the stored information in its information database, step 180.
The first block comprises a first transaction, the first transaction comprises information needing to be stored of the first node, and each block chain manager can inquire the storage information of the first block in the block chain.
Therefore, by using the blockchain containing the first block, each blockchain manager can inquire the storage information from the blockchain, and based on the method, each node in the internet of things can inquire the data information shared by each block of the blockchain based on each blockchain manager.
For the first blockchain manager to send a receive service request result to the first node, wherein the service request result includes,
if the first node is authenticated by the node of the first blockchain manager and the first service request message contains the query operation, the service request result is the query result,
and if the node is authenticated by the node of the first blockchain manager and the first service request message includes a storage operation and the first block passes the consensus approval, the service request result is a storage success message,
and if the first block fails the consensus approval, the service request result is a service request failure message
And if the first node fails the node authentication, the service request result is a node authentication failure message.
[ METHOD FOR GENERATING SERVICE REQUEST ]
Fig. 2A shows a flow chart of a service request generation method of the present application, which includes,
Before the first node generates the service request, the first node checks whether the first node has a first private key and a first public key of the node, if not, the first node needs to send a node ID to a registration center of the Internet of things for registration, and generates the first private key and the first public key of the node based on related data issued by the registration center by a convention algorithm. One possible implementation of the node ID is a combination of a node registration number, device configuration, owner information, and node manufacturer information, which is an identification number of the node identity. The appointed algorithm is an algorithm appointed by the first node and each blockchain manager of the blockchain network. A detailed method for a first node to generate a node first private key and a node first public key thereof is referred to as [ node key generation first method ].
Therefore, the first node executes node registration based on the node ID, and generates a node first private key and a node first public key based on related data issued by the registration center. The node first private key and the node first public key obtained based on the method are identity keys of the first node, and can be used for subsequent node authentication and service information encryption to prevent an illegal node from accessing the Internet of things.
The service request is generated based on actual use by an application layer of the vehicle-mounted terminal in the first node or the mobile terminal bundled with the first vehicle, and is encapsulated in information of the application layer, such as information of an HTTP protocol. One possible implementation is that, after the node key generation stage, the first node encrypts the service information, and signs the encrypted service information with the first private key of the node to obtain signature information. Illustratively, the first node adds its identity ID, the node first public key, a service timestamp, a signed encrypted message to the service request information, and creates a request,
query (ID, node first public key, service timestamp, signature information (encrypted service information), operation type).
Wherein, the operation type includes an access and storage type, and when the operation type is an access, the service information is, for example, a name of a road or a region to be queried, a time to be queried, and a kind of information to be queried, such as traffic condition or weather information; when the operation type is storage, the service information is, for example, a road or area name to be stored, a time to be stored, information to be stored, or the like.
Accordingly, the first blockchain manager may be a blockchain manager in the blockchain network that receives the service request of the first node, and is randomly selected from the blockchain network. Based on the method, the randomly selected first block chain manager ensures that the service requests managed and processed by each block chain are uniformly distributed, and subsequent quick and efficient consensus approval is facilitated.
[ node Key Generation first method ]
Fig. 2B shows a flow diagram of a first method of node key generation of the present application, which includes,
If the first node is a specific node or a mobile terminal bound with the node, one possible implementation manner of the node ID is that the node registration number, the device configuration, the owner information and the node manufacturer information are combined and are identification numbers of node identities; if the first node is an RSU, one possible implementation of the node ID is a combination of RSU registration number, device configuration, owner information, RSU manufacturer information, which is an identification of the RSU identity. The node registry identifies whether the first node is in a legitimate node based on the node ID. Only legitimate nodes are registered.
And step 1113, the first node receives the system parameter K1 of the first node and the first private key of the node part, which are generated by the registry based on the node ID by using the certificateless public key cryptography algorithm.
Wherein, the system parameter K1 of each first node is different from the first private key of the node part, and the identity information of each first node is implied.
The certificateless public key cryptography algorithm is a convention algorithm between the first blockchain manager and the first node, and the same algorithm is used by the subsequent first blockchain manager.
Step 1117, the first node generates its node first public key based on the node first private key of the first node by using the certificateless public key cryptography algorithm.
The certificateless public key cryptography algorithm is the appointed algorithm of the first block chain manager and the first node, and the same algorithm is used by the subsequent first block chain manager.
[ METHOD OF AUTHENTICATION OF NODES ]
Fig. 3A shows a flow chart of a node authentication method of the present application, which includes,
Before the first blockchain manager performs node authentication, the first blockchain manager checks whether the first blockchain manager has a second public key of the node, if not, the first blockchain manager needs to send a node ID to a registry of the Internet of things, and generates the second public key of the node based on information sent by the registry. Detailed methods please refer to [ node key generation second method ].
Therefore, the first block chain manager sends the node ID to the registration center, and generates the second public key of the node based on the relevant data issued by the registration center by using the same algorithm as the first node, and the second public key of the node generated based on the method is the same as the first public key of the node, so that the second public key can be used for subsequent node authentication and service information encryption, and the illegal node is prevented from accessing the Internet of things.
In step 1220, the first blockchain manager performs a node timestamp authentication of the node authentication.
And the first block chain manager checks whether the difference between the current time stamp and the service time stamp in the service request sent by the first node is less than a first set time, and if the difference is less than the first set time, the first node passes the node time stamp verification.
Therefore, the method can check whether the service request of the first node is an outdated and invalid request, the time difference is greater than the first set time, the service request of the first node is an outdated and invalid request, and the node authentication fails.
In step 1230, the first blockchain manager performs node public key authentication for node authentication.
And the first block chain manager verifies the signature of the signature information in the service request by using the second public key of the node of the first node, and if the verification is passed, the first node passes the verification of the public key of the node and obtains the encrypted service information.
In this way, the signed message in the service request can be verified using the node second public key of the first node, thereby verifying whether the service request is a request issued by the first node of legitimate identity.
Therefore, only the first node passes the node timestamp verification and the node public key authentication, and the first node is considered to pass the node authentication.
[ second method for node Key Generation ]
Fig. 3B shows a flowchart of the second method for node key generation of the present application, which is the same as the flowchart of the second method for node key generation of the present application except that the execution subject is exchanged from the first node to the first blockchain manager. Which comprises the steps of preparing a mixture of a plurality of raw materials,
Wherein the node ID is obtained from the service request information sent by the first node.
Wherein the system parameter K2 and the node part second private key generated because of the same certificateless public key cryptography algorithm and node ID used are the same as the system parameter K1 and the node part first private key, respectively.
At step 1215, the first blockchain manager generates its node second private key based on the system parameter K2 of the first node and the node portion second private key using a certificateless public key cryptography algorithm.
And because the same certificateless public key cryptography algorithm is used, the generated second private key of the node is the same as the first private key of the node.
Step 1217, the first blockchain manager generates its node second public key based on the node second private key of the first node using a certificateless public key cryptography algorithm.
And the generated node second public key is the same as the node first public key because the same certificateless public key cryptography algorithm is used.
[ consensus approval method for memory blocks ]
Fig. 4A shows a schematic flow chart of the block consensus approval of the present application, which includes,
in step 1620, the first blockchain manager sends the first block to each second blockchain manager after waiting for the first random time.
The second blockchain manager is other blockchain managers except the first blockchain manager in the blockchain network, the first random time is equal to the sum of a second random time and a third random time, the second random time is greater than or equal to 2 times of delay time product and less than a second set time, the third random time is equal to the product of a first random number and the delay time, the first random number is a random number between K power of 0 to 2 minus 1, the delay time is the minimum transmission delay between the first blockchain manager and each second blockchain manager, and K is the number K of rounds of block verification completion of the first block. Specifically, the second setting time is generally set to 2 minutes in the present embodiment.
The third random time of the first random time is set based on a backoff algorithm and is related to K, when the K is longer, the longer the third random time is, the more blocks which are subjected to the block chain network consensus approval are received by each second block chain manager, and if the transactions contained in the blocks which are subjected to the consensus approval are overlapped with the transactions in the first block, the transactions are removed from the transaction pool to be verified of each second block chain manager, so that efficient subsequent strict verification is facilitated, and the first block consensus approval is efficiently and safely performed.
From the above, the minimum value of the second random time of the first random time ensures that each second blockchain manager has enough time to propagate the new blocks generated by each blockchain manager of the blockchain network, so that each second blockchain manager can measure the frequency of the new block generation blocks generated by each blockchain manager, thereby finding the blockchain manager which generates the blocks frequently and maliciously.
In step 1630, each second blockchain manager performs a block verification on the first block.
In order to efficiently perform the consensus approval, the first block is sent only to the second blockchain manager which does not pass the first blockchain verification in this step, and the second blockchain manager which passes the first blockchain verification can consider that the second blockchain manager passes the consensus verification in the current round of the consensus approval, wherein the consensus passing rate is equal to the quotient of the number of the second blockchain managers which pass the block verification of the first block divided by the total number of the second blockchain managers. For a detailed block verification method, please refer to [ block verification method ].
Therefore, the block verification of the first block by each second block chain manager is an important process of the consensus approval of the first block, and the consensus passing rate is used for judging whether the consensus approval passes or not.
Specifically, the second set threshold may be set to be greater than 50%, which is set to be 51% in this embodiment, if the consensus passing rate of the first block is greater than or equal to 51%, the first block passes the consensus approval, and the step 1650 is performed; if the consensus pass rate of the first block is less than 51%, go to step 1660.
Therefore, after the first block passes the consensus approval, each first transaction in the first block is legal, and the information is also added to the first block chain, so that each block chain manager can conveniently access the first transaction.
If the maximum number of rounds has been reached, the first block consensus approval fails, step 1670 is performed, otherwise step 1620 is performed to continue the next round of block verification.
At step 1670, the first block consensus approval failure is output, and the first block is deleted.
[ Block verification method ]
Fig. 4D shows a block verification flow diagram of the present application, including,
in step 16310, the second blockchain manager counts the number of blocks M sent by the first blockchain manager within a second set time.
Wherein, the number of blocks sent by the first block chain manager is counted based on the second set time, and the frequency of generating the blocks by the first block chain manager. It is known that the second set time is generally set to 2 minutes.
Thus, the frequency of the block generated by the first blockchain manager counted by the method can be used for judging whether the first blockchain manager is a malicious blockchain manager or not so as to improve the safety of the blockchain.
If the number M of blocks is greater than the third threshold, it is determined that the first blockchain manager is a malicious blockchain manager, and step 16392 is executed, otherwise, step 16330 is executed to continue the block verification. The third set threshold is generally set according to the actual calculation amount of the network, and is set to 10 in the present embodiment.
The main method of trust verification refers to [ trust verification method ], and it is proved through trust authentication that the second blockchain manager or a trusted blockchain manager thereof successfully receives the block of the first blockchain manager, which indicates that the first blockchain manager can be trusted by the second blockchain manager.
If the first block passes the trust verification of the second block chain manager, go to step 16350 to continue the identity verification of the first block chain manager, otherwise go to step 16360 to strictly authenticate the first block.
The block timestamp verification comprises that the second block chain manager checks whether the difference between the current timestamp and the block timestamp is less than a third set time, if so, the block timestamp verification is passed, otherwise, the block timestamp verification is not passed; the block public key verification comprises the step of verifying the block signature of the first block by using the block public key of the first block, and if the verification is passed, the block public key passes the verification.
Therefore, the block timestamp verification essentially excludes the obsolete block, the obsolete block usually arrives with delay, the block public key verification is used for verifying whether the first block chain manager is still valid, the first block can be judged to be a valid non-obsolete block through the identity verification of the second block chain manager on the first block, and the block verification is completed.
The transaction timestamp verification comprises that the second block chain manager checks whether the time difference between the current timestamp and each transaction timestamp of the first block is less than a third set time, if the time difference of each transaction is less than the third set time, the transaction timestamp verification is passed, otherwise, the transaction timestamp verification is not passed; the transaction public key verification comprises the steps of verifying the transaction signature of each transaction in the first block by using the transaction public key of each transaction in the first block, and if the signature of each transaction passes the verification, the transaction public key passes the verification. Wherein, the
Therefore, the transaction timestamp verification essence excludes outdated transactions, the outdated transactions usually arrive with delay, the transaction public key verification essence is to verify whether each transaction sender in the first block is still effective, and each transaction in the first block can be judged to be an effective non-outdated transaction through strict verification of the first block by the second block chain manager.
If the first block passes the block authentication, the first block passes the block authentication of the second block chain manager, and the step 16391 is performed, otherwise, the first block does not pass the block authentication of the second block chain manager, and the step 16392 is performed.
At step 16380, it is determined whether the first block passes the strict verification.
If the first block passes strict verification, the process proceeds to step 16350 to continue block identity verification, otherwise, the first block does not pass block verification of the second blockchain manager, and the process proceeds to step 16392.
At step 16392, the second blockchain manager reports to the first blockchain manager that the first block failed block verification.
[ Trust verification method ]
Fig. 4E shows a flow of a trust verification method in a method embodiment of the present application, including,
Wherein, if the first blockchain manager is in the trust list of the second blockchain manager, it indicates that the second blockchain manager has a direct trust relationship with the first blockchain manager.
Therefore, the trust verification is directly carried out on the first block based on the trust relationship state of the second block chain manager to the first block chain manager, the method is suitable for the block chain networks with the block chain managers being close to each other, and the trust relationship between the block chain managers is known a priori.
If the first blockchain manager is in the trust list of the second blockchain manager, it indicates that the second blockchain manager has a direct trust relationship with the first blockchain manager layer, go to step 16337, otherwise go to step 16333.
In step 16333, the second blockchain manager sends the first block to each third blockchain manager.
And the third blockchain manager is each blockchain manager in the trust list of the second blockchain manager.
Each third blockchain manager looks up the first blockchain manager in its trust list, step 16334.
Wherein, if the first blockchain manager is in the trust list of the third blockchain manager, it indicates that the third blockchain manager has a direct trust relationship with the first blockchain manager.
In the above way, the trust verification is directly performed on the first block based on the trust relationship state of the third block chain manager to the first block chain manager, and a large amount of calculation time and calculation resources of each third block chain manager do not need to be consumed, so that the efficiency of consensus approval is improved.
If the first blockchain manager is in the trust list of any third blockchain manager, which indicates that the third blockchain manager has a trust relationship with the first blockchain manager, the first block passes through the trust verification of the third blockchain manager, and the step 1337 is performed, otherwise, the step 16336 is performed.
Step 16336, output the first block fails the trust verification of the second blockchain manager.
In summary, in an embodiment of a data sharing method for the internet of things based on a block chain, the validity of a first node generating a service request, namely a data sharing request, is verified through node registration and node authentication, and for the service request for storing shared data, the first block generated based on the service request is subjected to consensus approval through a storage block consensus approval method to eliminate the invasion of an illegal block chain manager, so that the data sharing of the internet of things based on the block chain is realized. The storage block consensus approval is realized by utilizing the ever trust relationship of each block chain manager in the block chain network and a time-based backoff algorithm. Compared with the Internet of things in the prior art, the block chain-based Internet of things data sharing method has the advantages of safety and high efficiency.
Each apparatus embodiment of the present application is described below based on fig. 5 to 8C.
First embodiment of Internet of things data sharing device based on block chain
Fig. 5 shows a schematic structural diagram of an embodiment of a data sharing device of the internet of things based on a block chain, which includes,
a shared service sending module 510, configured to generate a service request by the first node. Method and advantages of the module are step 110 of the same block chain-based data sharing method embodiment of the internet of things, and are not described in detail here. The module structure refers to [ service request generation module ].
A node authentication module 520, configured to perform node authentication on the first node by the first blockchain manager. Method and advantages of the module are steps 120 and 130 of the same block chain-based data sharing method embodiment of the internet of things, and are not described in detail here. The module structure refers to [ vehicle connection authentication module ].
The access operation module 530 is used for the first blockchain manager to query the information to be queried of the first node from the blockchain at night. Method and advantages of this module step 150 of the same block chain-based data sharing method embodiment of the internet of things is not described in detail here.
The block consensus approval module 540 is configured to the first blockchain manager generate a first block based on a service request of the first node, and perform consensus approval on the first block on the blockchain network. Method and advantages of the module are step 160 of the same block chain-based data sharing method embodiment of the internet of things, and are not described in detail here.
The shared data storage module 550 is configured to store the first block approved by the first blockchain manager into the end of the blockchain, and store the stored data in the service information of the service request in the identity information database of the first blockchain manager. Method and advantages of the module are step 180 of the same block chain-based data sharing method embodiment of the internet of things, and are not described in detail here.
A service result sending module 560, configured to send a result of the service request to the first node, and a method and advantage of the module are the same as step 190 of the block chain-based data sharing method for the internet of things, and are not described in detail here.
[ service request Generation Module ]
Fig. 6A shows a schematic structural diagram of a service request generation module of the present application, which includes,
a first module 5110 for generating the car-associated key is used by the first node to perform node registration based on the node ID, and to generate a first private key and a first public key of the node based on the relevant data issued by the registration center. Method and advantages of the module are the same as in step 1110 of the service request generation method in the block chain based data sharing method embodiment of the internet of things.
A service request generating module 5120, configured to generate a service request, i.e. a sharing request, by the first node. Method and advantages of this module are the same as step 1120 of the service request generation method in the block chain based internet of things data sharing method embodiment.
A service request sending module 5130, configured to send, by the first node, the service request to a first blockchain manager randomly selected from a blockchain network through the internet of things. The method and advantages of this module are the same as in step 1130 of the service request generation method in the embodiment of the block chain based data sharing method for the internet of things.
[ node Key Generation first Module ]
Fig. 6B shows a schematic structural diagram of a first module for node key generation of the present application, which includes,
the node ID sending first module 5111 is for the first node to send the node ID to the registry, i.e., to register with the registry. The method and advantages of the module are the same as the step 1111 of the node key generation first method in the block chain-based data sharing method embodiment of the internet of things.
The system parameter receiving module 5113 is configured to receive, by the first node, the system parameter K1 of the first node and the node part first private key, which are generated by the registry based on the node ID by using the certificateless public key cryptography algorithm. The method and advantages of the module are the same as the step 1113 of the node key generation first method in the block chain-based data sharing method embodiment of the internet of things.
The private key generating first module 5115 is for the first node to generate its node first private key based on the system parameter K1 of the first node and the node part first private key using a certificateless public key cryptography algorithm. Method and advantages of this module are the same as step 1115 of the node key generation first method in the block chain based internet of things data sharing method embodiment.
A public key generating first module 5117 is configured for the first node to generate its node first public key based on the node first private key of the first node by using a certificateless public key cryptography algorithm. The method and advantages of the module are the same as the step 1117 of the node key generation first method in the block chain-based data sharing method embodiment of the internet of things.
[ node authentication Module ]
Fig. 7A shows a schematic structural diagram of a node authentication module of the present application, which includes,
a node key generation second module 5210 for the first blockchain manager to generate a node second private key and a node second public key based on the node ID. The method and advantages of this module are the same as the step 1210 of the node authentication method in the block chain based data sharing method embodiment of the internet of things.
A node timestamp verification module 5220, configured to perform node timestamp verification on the first node by the first blockchain manager. The method and advantages of the module are the same as the step 1220 of the node authentication method in the embodiment of the block chain-based data sharing method of the internet of things.
A node public key verification module 5230, configured to the first blockchain manager perform node public key verification on the first node. The method and advantages of the module are the same as the step 1230 of the node authentication method in the embodiment of the block chain-based data sharing method of the internet of things.
[ second Module for node Key Generation ]
Fig. 7B shows a schematic structural diagram of a second module for node key generation of the present application, which includes,
the node ID sending second module 5211 is used for the first blockchain manager to send the node ID to the registry, i.e., to register with the registry. Method and advantages of the module are steps 1211 of the node key generation second method in the same block chain-based internet of things data sharing method embodiment.
The system parameter receiving module 5213 is used by the first blockchain manager to receive the system parameter K2 of the first node and the node part second private key generated by the registry based on the node ID using the certificateless public key cryptography algorithm. Method and advantages of this module are the same as step 1213 of the node key generation second method in the block chain based internet of things data sharing method embodiment.
A private key generation second module 5215 for the first blockchain manager to generate its node second private key based on the system parameter K2 of the first node and the node portion second private key using a certificateless public key cryptography algorithm. Method and advantages of this module are the same as step 1215 of the node key generation second method in the block chain based internet of things data sharing method embodiment.
A public key generation second module 5217 is used for the first blockchain manager to generate its node second public key based on the node second private key of the first node using a certificateless public key cryptography algorithm. Method and advantages of this module are the same as step 1217 of the node key generation second method in the block chain based internet of things data sharing method embodiment.
[ Block consensus approval Module ]
Fig. 8A is a schematic structural diagram illustrating a block consensus approval of a second embodiment of a data sharing apparatus for internet of things based on a block chain according to the present application, including,
the block generation module 5410 is configured to, when the first blockchain manager receives the service request, create a first transaction block, add a first transaction to a current block, and generate a first block, where the first transaction block includes a transaction timestamp, a transaction public key, a transaction signature, and a transaction message, the transaction timestamp is time for transaction generation, the transaction public key is a node second public key of a first node, and the transaction signature is information signed using a node second private key of the first node, the transaction message is information to be stored, the first block includes a block timestamp, a block signature, and a block message of first block generation time, the block signature is a signature using the first blockchain manager public key, and the block message is information of each transaction block.
The working principle and advantages of the module are the step 1610 of the storage block consensus approval method in the same block chain-based data sharing method embodiment of the internet of things, and are not described in detail here.
A time backoff module 5420, configured to, if the number of rounds K of the first block that completes the consensus approval is less than or equal to a first set threshold, after waiting for a first random time, the first block chain manager sends the first block to each second block chain manager of the block chain network to perform one round of block authentication on the first block, where an initial value of K is set to 0, and when each second block chain manager completes one round of the consensus approval on the first block, the value of K is added by 1.
The operation principle and advantages of the module are the steps 1620 of the storage block consensus approval method in the same block chain-based data sharing method embodiment of the internet of things, and are not described in detail here.
The block verification module 5430 is configured to perform block verification on the first block when the second blockchain manager receives a block verification request of the first block sent by the first blockchain manager.
The operation principle and advantages of the module are the step 1630 of the storage block consensus approval method in the same embodiment of the block chain-based data sharing method for the internet of things, and are not described in detail here.
A consensus approval judgment module 5440, configured to calculate, by the first block chain manager, a consensus passing rate of the first block after the second block chain managers complete one round of block verification on the first block, if the consensus passing rate is greater than or equal to a second set threshold, the consensus approval of the first block passes, the first block chain manager adds the first block to the end of the first block chain, and if the consensus passing rate is less than the second set threshold and the number of rounds K of completing the consensus approval on the first block is greater than the first set threshold, the consensus approval of the first block fails; wherein the consensus pass rate is equal to a quotient of a number of second blockchain managers that pass block verification for the first block divided by a total number of second blockchain managers.
The working principle and advantages of the module include the advantages of the methods described in the above steps, which are not described in detail herein, in step 1640, step 1650, step 1660 and step 1670 of the co-identification approval method for storage blocks in the same embodiment of the data sharing method for internet of things based on block chains.
[ Block verification Module ]
Fig. 8B shows a schematic structural diagram of the block verification module. Which comprises the steps of preparing a mixture of a plurality of raw materials,
the malicious manager determining module 54310 is configured to count, by the second blockchain manager, the received blocks of the first blockchain manager within a second set time, to generate a total number of the received blocks of the first blockchain manager, and when the total number of the received blocks of the first blockchain manager is greater than a third set threshold, the second blockchain manager reports to the first blockchain manager that the block verification of the first block fails.
The operation principle of the module includes step 16310, step 16320 and step 16392 of the block verification method of the embodiment of the block consensus approval method of the blockchain manager, and the advantages of the module include the advantages of the methods described in the above steps, which are not described in detail herein.
A trust verification module 54320, configured to perform trust verification on the first block by the second blockchain manager when the total number of blocks of the received first blockchain manager is less than or equal to a third set threshold.
The operation principle of the module includes step 16330 and step 16340 of the block verification method of the embodiment of the block consensus approval method of the blockchain manager, and the advantages of the module include the advantages of the methods described in the above steps, which are not described in detail herein.
A strict verification module 54340, configured to, when the second blockchain manager does not perform trust verification on the first block, strictly verify all transactions of the first block by the second blockchain manager, and if any of the strict verifications does not pass, report that the block verification of the first block is not passed to the first blockchain manager by the second blockchain manager.
Wherein, from the structure, the module comprises,
the transaction timestamp verification module is used for the second block chain manager to check whether the difference between the current timestamp and the timestamp of each transaction in the first block is less than the fourth set time, and if so, the transaction timestamp verification is passed;
and the transaction public key verification module is used for verifying the signature of each transaction in the first block by using the public key of the corresponding transaction by the second block chain manager, and if the signature passes the verification, the transaction public key passes the verification.
The operation principle of the module includes step 16360, step 16370 and step 16392 of the block verification method of the embodiment of the block consensus approval method of the blockchain manager, and the advantages of the module include the advantages of the methods described in the above steps, which are not described in detail herein.
The block identity authentication module 54330 is configured to perform identity authentication on the first block when the trust verification of the second block chain manager for the first block passes or all the verifications in the strict verification pass, and if all the verifications in the identity authentication of the first block pass, the second block chain manager reports that the block verification of the first block passes to the first block chain manager, otherwise, the second block chain manager reports that the block verification of the first block does not pass to the first block chain manager.
Wherein, from the structure, the module comprises,
the block timestamp verification module is used for the second block chain manager to check whether the difference between the current timestamp and the first block timestamp is less than a third set time, and if the difference is less than the third set time, the block timestamp verification is passed;
and the block public key verification module is used for verifying the signature of the first block by using the public key of the first block by the second block chain manager, and if the signature passes the verification, the block public key passes the verification.
The operation principle of the module includes step 16350, step 16370, step 16391 and step 16392 of the block verification method of the embodiment of the block consensus approval method of the blockchain manager, and the advantages of the module include the advantages of the methods described in the above steps, which are not described in detail herein.
[ Trust verification Module ]
Fig. 8C shows a structural diagram of the block verification module. Which comprises the steps of preparing a mixture of a plurality of raw materials,
a direct trust verification module 54321, configured to check the first blockchain manager with a locally stored trust list of the second blockchain manager, and if the first blockchain manager is in the trust list of the second blockchain manager, the first blockchain manager passes the trust verification, where the trust list includes a sender of a blockchain that is successfully received by each blockchain manager in the blockchain network.
The working principle of the module comprises step 16331, step 16332 and step 16337 of the trust verification method of the embodiment of the block consensus approval method of the blockchain manager, and the advantages of the module include the advantages of the methods described in the above steps, which are not described in detail herein.
A block transfer sending module 54322 for sending the first block to each third blockchain manager in the trusted list if the first blockchain manager is not in the trusted list.
The working principle of the module includes step 16333 of the trust verification method of the embodiment of the block consensus approval method of the blockchain manager, and the module advantages include the advantages of the method described in the above steps, which are not described in detail herein.
An indirect trust verification module 54323, configured to check, by the third blockchain manager, the first blockchain manager based on the locally stored blockchain list, and if any third blockchain manager finds that the first blockchain manager is in the local trust list, the third blockchain manager reports that the first trust verification passes to the second blockchain manager
The working principle of the module comprises step 16334, step 16335, step 16336 and step 16337 of the trust verification method of the embodiment of the block consensus approval method of the blockchain manager, and the advantages of the module include the advantages of the methods described in the above steps, which are not described in detail here.
In summary, in an embodiment of the data sharing device for the internet of things based on the block chain, the validity of a first node generating a service request, namely a data sharing request, is verified through node registration and node authentication, and for the service request storing shared data, the first block generated based on the service request is subjected to consensus approval through a storage block consensus approval method to eliminate the invasion of an illegal block chain manager, so that the data sharing of the internet of things based on the block chain is realized. The storage block consensus approval is realized by utilizing the ever trust relationship of each block chain manager in the block chain network and a time-based backoff algorithm. Compared with the Internet of things in the prior art, the data sharing device of the Internet of things based on the block chain has the advantages of safety and high efficiency.
[ calculating device ]
The present invention also provides a computing device, described in detail below with respect to FIG. 9.
The computing device 900 includes a processor 910, a memory 920, a communication interface 930, and a bus 940.
It is to be appreciated that the communication interface 930 in the computing device 910 shown in this figure may be used to communicate with other devices.
The processor 910 may be connected to the memory 920. The memory 920 may be used to store the program codes and data. Therefore, the memory 920 may be a storage unit inside the processor 910, an external storage unit independent of the processor 910, or a component including a storage unit inside the processor 910 and an external storage unit independent of the processor 910.
Optionally, computing device 900 may also include a bus 940. The memory 920 and the communication interface 930 may be connected to the processor 910 through a bus 940. The bus 940 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus 940 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one line is shown, but this does not represent only one bus or one type of bus.
It should be understood that, in the embodiment of the present invention, the processor 910 may employ a Central Processing Unit (CPU). The processor may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. Or the processor 910 may employ one or more integrated circuits for executing related programs to implement the technical solutions provided by the embodiments of the present invention.
The memory 920 may include a read-only memory and a random access memory, and provides instructions and data to the processor 910. A portion of the processor 910 may also include non-volatile random access memory. For example, the processor 910 may also store information of the device type.
When the computing device 900 is running, the processor 910 executes the computer-executable instructions in the memory 920 to perform the operational steps of the method embodiments.
It should be understood that the computing device 900 according to the embodiment of the present invention may correspond to a corresponding main body for executing the method according to the embodiments of the present invention, and the above and other operations and/or functions of each module in the computing device 900 are respectively for implementing corresponding flows of each method of the embodiment, and are not described herein again for brevity.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. The storage medium includes various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
[ computational Medium ]
Embodiments of the present invention also provide a computer-readable storage medium having stored thereon a computer program for performing, when executed by a processor, the operational steps of the method embodiments.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in more detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention.
Claims (30)
1. A block chain-based data sharing method for the Internet of things comprises the following steps,
the method comprises the steps that a first blockchain manager receives a service request from a first node of the Internet of things, wherein the service request comprises a node ID, a service timestamp, signature information and a service operation type of the first node;
the first blockchain manager performs node authentication on the first node based on the service timestamp and the node second public key, if the node authentication passes, the first blockchain manager reports the node second public key of the first node and the node ID of the first node to the blockchain network, and if the node authentication fails, the first blockchain manager sends a node authentication failure message to the first node, wherein the first blockchain manager generates the node second public key of the first node based on the node ID;
for a first node passing the node authentication, if the service type of the first node is access, the first blockchain manager performs query operation and sends a query result to the first node;
for a first node with a node passing authentication, if the service type of the first node is storage, a first block chain manager generates a first block based on the service request message and sends the first block to a block chain network where the first block is located for consensus approval, if the consensus approval passes, the first block is added to the tail end of a block chain of the block chain network, the storage is successfully cancelled to the first node, and if the consensus approval fails, a service request failure message is sent to the first node,
the signature information is encrypted service information signed by using a first private key of a node of a first node, the operation type comprises query and storage, the service timestamp is service request generation time, and the first private key signature of the node of the first node is a private key generated based on a node ID of the first node.
2. The method of claim 1 wherein the first blockchain manager generating the node second public key for the first node based on the node ID comprises,
the first blockchain manager sends the node ID in the service request to a registration center;
the first blockchain manager receives a system parameter k2 and a node portion second private key for the first node from the registry, wherein the system parameter k2 and the node portion second private key are generated by the registry based on the node ID;
the first blockchain manager generates a node second private key for the first node based on the system parameter k2 and the node portion second private key;
the first blockchain manager generates a node second public key for the first node based on a node second private key for the first node.
3. The method of claim 2, wherein the first blockchain manager node-authenticating the first node based on the service timestamp and a node second public key comprises the first blockchain manager node-authenticating the first node based on the service timestamp and the node second public key
The node timestamp verification comprises that a first block chain manager checks whether the difference between the current timestamp and a service timestamp in the service request sent by a first node is less than a first set time, and if the difference is less than the first set time, the first node passes the node timestamp verification;
and verifying the node public key, wherein the first block chain manager verifies the signature of the signature information in the service request by using a node second public key of the first node, and if the verification is passed, the first node passes the node public key verification and obtains the encrypted service information.
4. The method of claim 1, wherein the first blockchain manager performing the query operation comprises,
the first block chain manager decrypts the encrypted service information and determines the information which needs to be inquired by the first node;
the first blockchain manager queries the queried information based on the local information database, and if the queried information is not found in the local information database, the first blockchain manager searches the blockchain network for the queried information.
5. The method of claim 1 wherein the first blockchain network manager generating the first block based on the service request message comprises,
the first block chain manager decrypts the encrypted service information and determines information needing to be stored by the first node;
the first blockchain manager creates a first transaction block based on the received service request, wherein the first transaction block comprises a transaction timestamp, a transaction public key, a transaction signature and a transaction message, the transaction timestamp is the generation time of the first transaction, the transaction public key is a node second public key of a first node, the transaction signature is a signature using a node second private key of the first node, and the transaction message is the information to be stored;
the first block chain manager adds the first transaction to the current block to generate a first block, wherein the first block comprises a block timestamp of the time of generating the first block, a block signature and a block message, the block signature is a signature using a public key of the first block chain manager, and the first block message comprises information of each transaction block.
6. The method of any of claims 1 or 5, wherein said sending the first block to the blockchain network for consensus approval comprises,
the method comprises the steps that a first block chain manager sends a first block to a block chain network to carry out multi-round block verification, wherein one round is that each second block chain manager of the block chain network completes one block verification on the first block, and the second block chain manager is other block managers except the first block chain manager on the block chain network;
if the number of rounds K of block verification of the first block is smaller than or equal to a first set threshold value, after waiting for a first random time, the first block chain manager sends the first block to other second block chain managers in the block chain network to perform block verification on the first block, wherein the initial value of K is set to be 0;
when the second block chain manager receives a block verification request of a first block sent by the first block chain manager, block verification is carried out on the first block;
after the second block chain managers complete one round of block verification on the first block, the first block chain manager calculates the consensus passing rate of the first block, if the consensus passing rate is larger than or equal to a second set threshold value, the consensus of the first block passes, the first block chain manager adds the first block to the tail end of the first block chain and stores the stored information in a local information database, and if not, the K value is added by 1;
if the consensus passing rate is smaller than a second set threshold and the number of rounds K of the first block which are subjected to the consensus approval is larger than a first set threshold, the first block is failed in the consensus approval;
wherein the consensus pass rate is equal to a quotient of a number of second blockchain managers that pass block verification for the first block divided by a total number of second blockchain managers.
7. The method of claim 6 wherein the second blockchain manager authenticating the first block comprises,
the second block chain manager counts the received blocks of the first block chain manager within a second set time to generate the total number of the received blocks of the first block chain manager, and when the total number of the received blocks of the first block chain manager is larger than a third set threshold, the second block chain manager reports the block verification failure of the first block to the first block chain manager;
when the total number of the received blocks of the first blockchain manager is smaller than or equal to a third set threshold value, the second blockchain manager performs trust verification on the first blocks based on a trust relationship;
if the trust verification of the first block by the second block chain manager is not passed, the second block chain manager strictly verifies the first block, and if any verification of the first block by the second block chain manager is not passed, the second block chain manager reports the block verification of the first block to the second block chain manager;
and if the trust verification of the first block by the second block chain manager passes or all the verifications in strict verification pass, performing block identity verification on the first block, and if the first block passes all the verifications in the block identity verification, reporting that the block verification of the first block passes to the first block chain manager by the second block chain manager, and storing the first block chain manager in a trust list of the first block chain manager, otherwise, reporting that the block verification of the first block does not pass to the first block chain manager by the second block chain manager, wherein the trust list comprises senders of the blocks successfully received by all the block chain managers in the block chain network.
8. The method of claim 7, wherein the trust verification comprises,
the second blockchain manager checks the trust list of the first blockchain manager based on local storage, and if the first blockchain manager is located in the trust list, the first blockchain manager passes the trust verification;
if the first blockchain manager is not in the trust list, the second blockchain manager sends the first block to each third blockchain manager in the trust list;
and each third block chain manager checks the first block chain manager based on the trust list locally stored by the third block chain manager, and if any third block chain manager finds that the first block is managed in the local trust list, the third block chain manager reports the first block trust verification passing to the second block chain manager.
9. The method of claim 7, wherein the block identity verification comprises,
the block timestamp verification comprises that the second block chain manager checks whether the difference between the current timestamp and the block timestamp of the first block is less than a third set time, if so, the block timestamp verification passes, otherwise, the block timestamp verification does not pass;
and verifying the block public key, wherein the verification of the block signature of the first block is carried out by using the block public key of the first block, and if the verification is passed, the block public key is verified.
10. The method of claim 7, wherein the rigorous validation comprises,
the transaction timestamp verification comprises that the second block chain manager checks whether the difference between the current timestamp and the transaction timestamp of each transaction in the first block is less than a fourth set time, and if so, the transaction timestamp verification is passed;
and verifying the transaction public key, wherein the transaction signature of each transaction in the first block is verified by using the transaction public key of the transaction, and if the transaction signature passes the transaction public key verification, the transaction public key verification passes.
11. The method of claim 6, wherein the first random time is equal to a sum of a second random time and a third random time, wherein the second random time is greater than or equal to 2 times a delay time product and less than a second predetermined time, wherein the third random time is equal to a product of a first random number and a delay time, wherein the first random number is a random number between a difference of k times from 0 to 2 minus 1, and wherein the delay time is a minimum transmission delay between the first blockchain manager and each second blockchain manager.
12. A block chain-based data sharing method for the Internet of things comprises the following steps,
the first node generates a node first public key and a node first private key of the first node based on the node ID;
the method comprises the steps that a first node creates a service request and sends the service request to a first blockchain manager randomly selected by a blockchain network connected with the first node of the first node for processing, wherein the service request comprises a node ID, a service timestamp, signature information and a service operation type of the first node, the signature information is encrypted service information signed by using a first private key of the first node, the operation type comprises inquiry and storage, and the service timestamp is service generation time;
the first node receives a service request result generated by the first blockchain manager based on the service request, wherein the service request result comprises,
if the first node is authenticated by the first blockchain manager by the node of claim 3 and the first service request message includes a query operation, the service request result is a query result sent by the first blockchain manager,
and if the first node is authenticated by the node according to claim 3 of the first blockchain manager and the first service request message contains a storage operation, if the first blockchain manager creates the first block based on the method according to claim 5 and the first blockchain manager agrees with the consensus of any one of claims 6 to 11, the service request result is a storage success message sent by the first blockchain manager,
and if the first node is not authenticated by the first blockchain manager by the node, the service request result is a node authentication failure message sent by the first blockchain manager,
and if the first block fails the consensus approval, the service request result is a service request failure message sent by the first block chain manager.
13. The method of claim 12, wherein the first node generates its node first public key and node first private key based on the node ID;
comprises the steps of (a) preparing a mixture of a plurality of raw materials,
the first node sends its node ID to the registry;
the first node receiving from the registry its system parameter k1 and first node portion first private key, wherein the system parameter k1 and first node portion first private key were generated by the registry based on the node ID;
the first node generates a node first private key of the first node based on the system parameter k1 and the node part first private key thereof;
the first node generates its node first public key based on its node first private key.
14. A block chain-based Internet of things data sharing device is characterized by comprising,
the service request receiving module is used for receiving a service request of a first node of the Internet of things by a first block chain manager, wherein the service request comprises a node ID of the first node, a service timestamp, signature information and a service operation type, the signature information is encrypted service information signed by using a first private key of the node, the operation type comprises query and storage, the service timestamp is service generation time, and the first private key signature of the node of the first node is a private key generated based on the node ID of the first node;
the node authentication module is used for the first blockchain manager to perform node authentication on the first node based on the service timestamp and the node second public key, and if the node authentication is passed, the first blockchain manager reports the node ID and the node second public key of the first node to the blockchain network, wherein when the first blockchain manager does not have the node second public key of the first node, the first blockchain manager generates the node second public key of the first node based on the node ID;
the access operation module is used for inquiring the first block chain manager if the first node passes the node authentication and the service type in the service request is access;
the storage operation module is used for generating a first block by the blockchain network manager based on the service request message if the first node passes the node authentication and the service type in the service request is storage, performing consensus approval on the first block to the blockchain network, and adding the first block to the tail end of a blockchain of the blockchain network if the consensus approval passes;
a service result sending module, configured to send, by the first blockchain manager, a result of receiving the service request to the first node, where the service request result includes,
if the first node is authenticated by the node of the first blockchain manager and the first service request message contains the query operation, the service request result is the query result,
and if the node is authenticated by the node of the first blockchain manager and the first service request message includes a storage operation and the first block passes the consensus approval, the service request result is a storage success message,
and if the first block fails the consensus approval, the service request result is a service request failure message,
and if the first node fails the node authentication, the service request result is a node authentication failure message;
the first blockchain manager is a blockchain manager for receiving a service request of the first node.
15. The apparatus of claim 14, further comprising a node key generation second module comprising,
a node ID sending second module, configured to send the node ID of the first node to the registry by the first blockchain manager;
a parameter receiving second module for the first blockchain manager to receive from the registry a system parameter k2 and a node portion second private key for the first node, wherein the system parameter k2 and the node portion second private key are generated by the registry based on the node ID;
a private key generation second module for the first blockchain manager to generate a node second private key for the first node based on the system parameter k2 and the node portion second private key;
and the public key generation second module is used for generating the node second public key of the first node by the first block chain manager based on the node second private key of the first node.
16. The apparatus according to claim 14, wherein the node authentication apparatus comprises,
the node timestamp verification module is used for the first block chain manager to check whether the difference between the current timestamp and the service timestamp in the service request sent by the first node is less than a first set time, and if the difference is less than the first set time, the first node passes the node timestamp verification;
and the node public key verification module is used for verifying the signature of the signature information in the service request by using the node second public key of the first node by the first block chain manager, and if the signature passes the verification, the first node passes the node public key verification and obtains the encrypted service information.
17. The apparatus of claim 14, wherein the access operation module comprises,
the query information determining module is used for the first block chain manager to decrypt the encrypted service information and obtain information to be queried of the first node;
the local query module is used for the first block chain manager to query the queried information based on a local information database;
a remote query module to search the query information in the blockchain network by the first blockchain manager if the queried information is not found in the local information database.
18. The apparatus of claim 14, wherein the storage operation module comprises, including,
the content storage module is used for decrypting the encrypted service information by the first block chain manager and obtaining information required to be stored by the first node;
a block generation module, configured to create a first transaction based on a received service request message by a first blockchain manager, and add the first transaction to a current block by the first blockchain manager to generate a first block, where the first transaction block includes a transaction timestamp, a transaction public key, a transaction signature, and a transaction message, the transaction timestamp is time for generating the first transaction, the transaction public key is a node second public key of a first node, the transaction signature is a signature using a node second private key of the first node, the transaction message is information to be stored, the first block includes a block timestamp for generating a first block time, a blockchain signature, and a block message, the block signature is a signature using a first blockchain manager public key, and the block message includes information of each transaction block;
the consensus approval module is used for the first block chain manager to place the first block into the block chain network for consensus approval;
and the information storage module is used for the first block chain manager to add the first block which passes the consensus examination to the tail of the first block chain and store the stored information in the local information database.
19. The apparatus of claim 18, wherein the consensus approval module comprises, including,
a time back-off module, configured to, if a number of rounds K of block verification of the first block is smaller than or equal to a first set threshold, after waiting for a first random time, send the first block to each second block chain manager of the block chain network to perform a new round of block verification on the first block, where an initial value of K is set to 0, and the first round is a round in which each second block chain manager of the block chain network completes one block verification on the first block;
the block verification module is used for performing block verification on the first block when the second block chain manager receives a block verification request of the first block sent by the first block chain manager;
the consensus approval judging module is used for calculating the consensus passing rate of the first block by the first block chain manager after the second block chain managers complete one round of block verification on the first block, if the consensus passing rate is larger than or equal to a second set threshold value, the consensus approval of the first block is passed, otherwise the value of K is added by 1, and if the consensus passing rate is smaller than the second set threshold value and the number of rounds K of the consensus approval of the first block is larger than the first set threshold value, the consensus approval of the first block fails;
wherein the consensus passing rate is equal to the quotient of the number of second blockchain managers passing the block verification of the first block divided by the total number of second blockchain managers, and the second blockchain managers are other blockchain managers on the blockchain network except the first blockchain manager.
20. The apparatus of claim 19, wherein the block verification module comprises,
the malicious manager judging module is used for counting the received blocks of the first block chain manager by the second block chain manager within a second set time to generate the total number of the received blocks of the first block chain manager, and when the total number of the received blocks of the first block chain manager is larger than a third set threshold value, the second block chain manager reports the block verification failure of the first block to the first block chain manager;
the trust verification module is used for performing trust verification on the first block by the second block chain manager when the total number of the received blocks of the first block chain manager is less than or equal to a third set threshold value;
the strict authentication module is used for strictly verifying all transactions of the first block by the second block chain manager when the first block is not subjected to trust verification by the second block chain manager, and reporting that the block verification of the first block is not passed to the first block chain manager by the second block chain manager if any one of the strict verifications is not passed;
and the block identity authentication module is used for performing identity authentication on the first block when the trust authentication of the second block chain manager on the first block passes or all the authentication in the strict authentication passes, and then if all the authentication in the identity authentication of the first block passes, the second block chain manager reports the block authentication passing of the first block to the first block chain manager, and adds the first block chain into a trust list of the second block chain manager, otherwise, the second block chain manager reports the block authentication failing of the first block to the first block chain manager, wherein the trust list comprises a sender of the block successfully received by each block chain manager in the block chain network.
21. The apparatus of claim 20, wherein the trust verification module comprises,
the direct trust verification module is used for the second blockchain manager to check the first blockchain manager in a locally stored trust list, and if the first blockchain manager is in the trust list, the first blockchain manager passes the trust verification;
the block transfer sending module is used for sending the first block to each third block chain manager in the trust list by the second block chain manager if the first block chain manager is not in the trust list;
and the indirect trust verification module is used for checking the first block chain manager by the third block chain manager based on the block list locally stored by the third block chain manager, and reporting that the first trust verification is passed to the second block chain manager by the third block chain manager if any third block chain manager finds that the first block is managed in the local trust list.
22. The apparatus of claim 20, wherein the block identity verification module comprises,
the block timestamp verification module is used for the second block chain manager to check whether the difference between the current timestamp and the block timestamp of the first block is less than a third set time, and if the difference is less than the third set time, the block timestamp verification is passed;
and the block public key verification module is used for verifying the signature of the first block by using the public key of the first block by the second block chain manager, and if the signature passes the verification, the block public key passes the verification.
23. The apparatus of claim 20, wherein the strict authentication module comprises,
the transaction timestamp verification module is used for the second block chain manager to check whether the difference between the current timestamp and the transaction timestamp of each transaction in the first block is less than the fourth set time, and if so, the transaction timestamp verification is passed;
and the transaction public key verification module is used for verifying the transaction signature of each transaction in the first block by using the transaction public key of the corresponding transaction through the second block chain manager, and if the transaction public key passes the verification, the transaction public key passes the verification.
24. The apparatus of claim 19, wherein the first random time is equal to a sum of a second random time and a third random time, wherein the second random time is greater than or equal to 2 times a delay time product and less than a second predetermined time, wherein the second random time is equal to a product of a first random number and a delay time, wherein the first random number is a random number between a difference of k times from 0 to 2 minus 1, and wherein the delay time is a minimum transmission delay between the first blockchain manager and each of the second blockchain managers.
25. A block chain-based data sharing device of the Internet of things comprises,
a node key generation first module, wherein the first node generates a node first public key and a node first private key thereof based on the node ID;
the service request creating module is used for a first node to create a service request and send the service request to a first blockchain manager randomly selected by a blockchain network connected with the first node through the Internet of things for processing, wherein the service request comprises a node ID of the first node, a node first public key of the first node, a service timestamp, signature information and a service operation type, the signature information is encrypted service information signed by using a node first private key, the operation type comprises query and storage, and the service timestamp is service generation time;
a service result receiving module, configured to receive, by the first node, a service request result generated by the first blockchain manager based on the service request, where the service request result includes,
if the first node is authenticated by the first blockchain manager by the node of claim 3 and the first service request message includes a query operation, the service request result is a query result sent by the first blockchain manager,
and if the first node is authenticated by the node of the first blockchain manager according to the claim 3 and the first service request message contains a storage operation, if the first blockchain manager creates the first block based on the method of the claim 5 and the first block passes the consensus approval according to the method of any one of the claims 6 to 11, the service request result is a storage success message sent by the first blockchain manager,
and if the first node is not authenticated by the first blockchain manager by the node, the service request result is a node authentication failure message sent by the first blockchain manager,
and if the first block fails the consensus approval, the service request result is a service request failure message sent by the first block chain manager.
26. The apparatus of claim 25, wherein the node public-private key generating first module comprises,
a node ID sending first module, which is used for the first node to send the node ID to the registration center;
a parameter receiving first module for the first node to receive its system parameter k1 and first node part first private key from the registry, wherein the system parameter k1 and first node part first private key are generated by the registry based on the node ID;
the private key generation first module is used for the first node to generate a node first private key of the first node based on the system parameter k1 of the first node and the node part first private key;
the public key generation module is used for generating a first public key of the first node based on the first private key of the first node.
27. A blockchain manager, comprising the blockchain-based internet of things data sharing device as claimed in any one of claims 14 to 24.
28. A node comprising a blockchain-based internet of things data sharing device according to any one of claims 25 to 26.
29. A computing device, comprising,
a bus;
a communication interface connected to the bus;
at least one processor coupled to the bus; and
at least one memory coupled to the bus and storing program instructions that, when executed by the at least one processor, cause the at least one processor to perform the method of any of claims 1-11 or 12-13.
30. A computer readable storage medium having stored thereon program instructions, which when executed by a computer, cause the computer to perform the method of any of claims 1 to 11 or 12 to 13.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011459867.5A CN112435028B (en) | 2020-12-11 | 2020-12-11 | Block chain-based Internet of things data sharing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011459867.5A CN112435028B (en) | 2020-12-11 | 2020-12-11 | Block chain-based Internet of things data sharing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112435028A true CN112435028A (en) | 2021-03-02 |
| CN112435028B CN112435028B (en) | 2024-03-08 |
Family
ID=74691479
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011459867.5A Active CN112435028B (en) | 2020-12-11 | 2020-12-11 | Block chain-based Internet of things data sharing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112435028B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113572620A (en) * | 2021-09-27 | 2021-10-29 | 中邮消费金融有限公司 | On-line voting method and system based on block chain |
| CN113612616A (en) * | 2021-07-27 | 2021-11-05 | 北京沃东天骏信息技术有限公司 | Vehicle communication method and device based on block chain |
| CN114039753A (en) * | 2021-10-27 | 2022-02-11 | 中国联合网络通信集团有限公司 | Access control method and device, storage medium and electronic equipment |
| CN114048509A (en) * | 2021-11-26 | 2022-02-15 | 北京城建设计发展集团股份有限公司 | Rail transit comprehensive monitoring method and device and electronic equipment |
| CN115396086A (en) * | 2022-06-20 | 2022-11-25 | 中国联合网络通信集团有限公司 | Identity authentication method, device, equipment and storage medium |
| CN115914243A (en) * | 2021-08-17 | 2023-04-04 | 中移物联网有限公司 | Information processing method and device and storage medium |
| CN117834301A (en) * | 2024-03-05 | 2024-04-05 | 江苏社汇通智能科技有限公司 | Internet of things-based network security communication control method and system |
| CN117834301B (en) * | 2024-03-05 | 2024-05-17 | 江苏社汇通智能科技有限公司 | Internet of things-based network security communication control method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109347941A (en) * | 2018-10-10 | 2019-02-15 | 南京简诺特智能科技有限公司 | A kind of data sharing platform and its implementation based on block chain |
| CN109583820A (en) * | 2018-12-19 | 2019-04-05 | 东莞市盟大塑化科技有限公司 | A kind of freight tracking method based on block chain technology |
| CN109918878A (en) * | 2019-04-24 | 2019-06-21 | 中国科学院信息工程研究所 | A kind of industrial internet of things equipment authentication and safety interacting method based on block chain |
| CN111241557A (en) * | 2019-12-31 | 2020-06-05 | 支付宝(杭州)信息技术有限公司 | Service request method and device based on block chain |
-
2020
- 2020-12-11 CN CN202011459867.5A patent/CN112435028B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109347941A (en) * | 2018-10-10 | 2019-02-15 | 南京简诺特智能科技有限公司 | A kind of data sharing platform and its implementation based on block chain |
| CN109583820A (en) * | 2018-12-19 | 2019-04-05 | 东莞市盟大塑化科技有限公司 | A kind of freight tracking method based on block chain technology |
| CN109918878A (en) * | 2019-04-24 | 2019-06-21 | 中国科学院信息工程研究所 | A kind of industrial internet of things equipment authentication and safety interacting method based on block chain |
| CN111241557A (en) * | 2019-12-31 | 2020-06-05 | 支付宝(杭州)信息技术有限公司 | Service request method and device based on block chain |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113612616A (en) * | 2021-07-27 | 2021-11-05 | 北京沃东天骏信息技术有限公司 | Vehicle communication method and device based on block chain |
| CN115914243A (en) * | 2021-08-17 | 2023-04-04 | 中移物联网有限公司 | Information processing method and device and storage medium |
| CN113572620A (en) * | 2021-09-27 | 2021-10-29 | 中邮消费金融有限公司 | On-line voting method and system based on block chain |
| CN114039753A (en) * | 2021-10-27 | 2022-02-11 | 中国联合网络通信集团有限公司 | Access control method and device, storage medium and electronic equipment |
| CN114039753B (en) * | 2021-10-27 | 2024-03-12 | 中国联合网络通信集团有限公司 | Access control method and device, storage medium and electronic equipment |
| CN114048509A (en) * | 2021-11-26 | 2022-02-15 | 北京城建设计发展集团股份有限公司 | Rail transit comprehensive monitoring method and device and electronic equipment |
| CN115396086A (en) * | 2022-06-20 | 2022-11-25 | 中国联合网络通信集团有限公司 | Identity authentication method, device, equipment and storage medium |
| CN117834301A (en) * | 2024-03-05 | 2024-04-05 | 江苏社汇通智能科技有限公司 | Internet of things-based network security communication control method and system |
| CN117834301B (en) * | 2024-03-05 | 2024-05-17 | 江苏社汇通智能科技有限公司 | Internet of things-based network security communication control method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112435028B (en) | 2024-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112435028B (en) | Block chain-based Internet of things data sharing method and device | |
| WO2019083440A2 (en) | Vehicle-mounted device upgrading method and related device | |
| US20170180330A1 (en) | Method and electronic device for vehicle remote control and a non-transitory computer readable storage medium | |
| CN110324335B (en) | Automobile software upgrading method and system based on electronic mobile certificate | |
| US11546173B2 (en) | Methods, application server, IoT device and media for implementing IoT services | |
| US20210311720A1 (en) | Vehicle-Mounted Device Upgrade Method and Related Apparatus | |
| CN112399382A (en) | Vehicle networking authentication method, device, equipment and medium based on block chain network | |
| CN108650220B (en) | Method and equipment for issuing and acquiring mobile terminal certificate and automobile end chip certificate | |
| US11695574B2 (en) | Method and system for establishing trust for a cybersecurity posture of a V2X entity | |
| KR101954507B1 (en) | Method and apparatus for generating certificate of a vehicle | |
| WO2021164609A1 (en) | Authentication method and apparatus for vehicle-mounted device | |
| WO2018108293A1 (en) | Methods, devices and vehicles for authenticating a vehicle during a cooperative maneuver | |
| Oyler et al. | Security in automotive telematics: a survey of threats and risk mitigation strategies to counter the existing and emerging attack vectors | |
| CN115580488A (en) | Vehicle-mounted network message authentication method based on block chain and physical unclonable function | |
| CN113612616A (en) | Vehicle communication method and device based on block chain | |
| KR20190078154A (en) | Apparatus and method for performing intergrated authentification for vehicles | |
| CN111866808B (en) | Identity authentication method, device and storage medium | |
| CN116155579A (en) | Secure communication method, system, storage medium and vehicle | |
| CN112506267B (en) | RTC calibration method, vehicle-mounted terminal, user and storage medium | |
| CN110519708B (en) | Point-to-multipoint communication method and device based on PC5 interface | |
| KR102377045B1 (en) | SYSTEMS AND METHODS FOR AUTHENTICATING IoT DEVICE THROUGH CLOUD USING HARDWARE SECURITY MODULE | |
| CN112541763B (en) | Block co-identification approval method and device of block chain manager | |
| Akhter et al. | A Secured Privacy-Preserving Multi-Level Blockchain Framework for Cluster Based VANET. Sustainability 2021, 13, 400 | |
| CN114785521B (en) | Authentication method, authentication device, electronic equipment and storage medium | |
| WO2023006028A1 (en) | Information processing method, electronic system, electronic device, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |