CN112435028B - Block chain-based Internet of things data sharing method and device - Google Patents

Block chain-based Internet of things data sharing method and device Download PDF

Info

Publication number
CN112435028B
CN112435028B CN202011459867.5A CN202011459867A CN112435028B CN 112435028 B CN112435028 B CN 112435028B CN 202011459867 A CN202011459867 A CN 202011459867A CN 112435028 B CN112435028 B CN 112435028B
Authority
CN
China
Prior art keywords
node
block
manager
blockchain
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011459867.5A
Other languages
Chinese (zh)
Other versions
CN112435028A (en
Inventor
尹鹏
尤信群
赵勇强
许欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MILITARY SECRECY QUALIFICATION CERTIFICATION CENTER
Original Assignee
MILITARY SECRECY QUALIFICATION CERTIFICATION CENTER
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by MILITARY SECRECY QUALIFICATION CERTIFICATION CENTER filed Critical MILITARY SECRECY QUALIFICATION CERTIFICATION CENTER
Priority to CN202011459867.5A priority Critical patent/CN112435028B/en
Publication of CN112435028A publication Critical patent/CN112435028A/en
Application granted granted Critical
Publication of CN112435028B publication Critical patent/CN112435028B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a block chain-based data sharing method of the Internet of things, which comprises the steps that a first block chain manager receives a service request message of a first node, and node authentication is carried out on the node based on the service request message; for the node authenticated by the node, if the service request type is access data, the first blockchain manager performs query operation, if the service type is storage data, generates a first block containing relevant data in the service request message, performs efficient and safe consensus approval based on a time back-off method, and adds the first block to the tail end of the blockchain if the consensus approval is passed, so that the sharing of the data in the Internet of things is realized. The invention also provides a corresponding device, and the method or the device provided by the invention realizes safe and efficient sharing of the data of the Internet of things based on the blockchain.

Description

Block chain-based Internet of things data sharing method and device
Technical Field
The application relates to the field of the Internet of things, in particular to the field of data sharing of the Internet of things based on a blockchain.
Background
Today, more and more people with private cars in the world have caused more and more traffic accidents on roads, which is becoming a serious problem in modern society. The node ad hoc network VANET (Vehicular Ad Hoc Network) provides data exchange and communication between nodes and the roadside units RSU (Road Side Unit) via a wireless medium called inter-node wireless access WAVE (wireless access in vehicular environments). The communication mode provides real-time related information, is beneficial to improving the safety of drivers and passengers, and gets rid of traffic jams. The high degree of connectivity between nodes and RSUs, while achieving intelligence, presents challenges for security. Some nodes in VANET are intended to achieve node security against attacks by malicious entities that could compromise the security of the node, driver and passengers. The exchange of information between nodes and RSUs, including location, speed, warning information, etc., can also present new privacy challenges. Traditional smart car security and privacy mechanisms can fail due to centralized, lack of privacy and security threats, etc.
Among the methods proposed at present, there are methods that use threshold authentication and group signature to solve the problem of public information reliability, but they cannot solve the problems of huge workload and lack of incentive mechanism. A point-to-point power transaction model based on the alliance blockchain is also provided, and the problem of expandability is solved, but the model is easy to be attacked by security.
Disclosure of Invention
In view of this, the present invention provides a data sharing method of the internet of things based on a blockchain, which proposes two stages of node key generation and node authentication to identify malicious nodes, and simultaneously proposes a block chain manager BM (Blockchain Manager) block consensus approval method based on a time back-off algorithm, wherein a receiver BM of a block first checks the identity first of a sender BM of the block, and if the receiver BM has approved at least one block previously sent by the sender, the receiver BM does not repeatedly perform a strict transaction verification process, but immediately approves the block after verifying a block signature and a time stamp; otherwise, if the sender BM sends the first chunk to the receiver BM, the transaction is validated using the usual strict transaction validation procedure. The block consensus approval method based on the time backoff algorithm is small in operation amount, more efficient and suitable for the field of Internet of things including Internet of vehicles.
In a first aspect, a blockchain-based data sharing method of the internet of things includes that a first blockchain manager receives a service request from a first node of the internet of things, wherein the service request includes a node ID of the first node, a service timestamp, signature information and a service operation type, the signature information is encrypted service information signed by using a node first private key of the first node, the operation type includes inquiry and storage, the service timestamp is a service request generation time, and the node first private key of the first node is a private key generated based on the node ID of the first node; the first blockchain manager performs node authentication on the first node based on the service timestamp and the node second public key, if the node authentication is passed, the first blockchain manager reports the node ID and the node second public key of the first node to the blockchain network, and if the node authentication is not passed, the first blockchain manager sends a node authentication failure message to the first node, wherein when the first blockchain manager does not have the node second public key of the first node, the first blockchain manager generates the node second public key of the first node based on the node ID; for a first node authenticated by the node, if the service type is access, the first blockchain manager performs query operation and sends a query result to the first node; for a first node which passes node authentication, if the service type is storage, the first blockchain network manager generates a first block based on the service request message, sends the first block to the blockchain network for common identification approval, adds the first block to the tail end of a blockchain of the blockchain network if the common identification approval passes, successfully eliminates storage to the first node, and sends a service request failure message to the first node if the common identification approval fails.
By the method, the validity of the first node generating the service request, namely the data sharing request, is verified through node registration and node authentication, and for the service request storing shared data, the first block generated based on the service request is subjected to consensus approval through a storage block consensus approval method so as to exclude illegal intrusion of a block chain manager, thereby realizing data sharing of the Internet of things based on the block chain. Compared with the Internet of things in the prior art, the block chain-based Internet of things data sharing method is safer.
According to a first possible implementation manner of the blockchain-based internet of things data sharing method, the first blockchain manager generating the node second public key of the first node based on the node ID includes the first blockchain manager sending the node ID from the service request to a registry; the first blockchain manager receives a system parameter k2 and a node part second private key of a first node from a registry, wherein the system parameter k2 and the node part second private key are generated by the registry based on the node ID; the first blockchain manager generates a node second private key of the first node based on the system parameter k2 and the node part second private key; the first blockchain manager generates a node second public key of the first node based on the node second private key of the first node.
From the above, the first blockchain manager sends the node ID to the registry, and generates the second public key of the node by using the related data based on the registry generated by the same algorithm as the first node, and the second public key of the node generated by the method is the same as the first public key of the node, so that the second public key can be used for subsequent node authentication and service information encryption, and illegal nodes are prevented from accessing the internet of things.
In a second possible implementation manner of the method for sharing data of the internet of things based on a blockchain according to the first possible implementation manner of the first aspect, the node authentication includes node timestamp verification, which includes that the first blockchain manager checks whether a difference between a current timestamp and a service timestamp in the service request sent by the first node is smaller than a first set time, and if the difference is smaller than the first set time, the first node verifies through the node timestamp; and the node public key verification comprises that the first blockchain manager uses the node second public key of the first node to verify the signature of the signature information in the service request, and if the verification is passed, the first node passes the node public key verification and obtains the encrypted service information.
From the above, the node timestamp verification may check whether the service request of the first node is an obsolete request, and the node public key verification may verify the signature message in the service request, thereby verifying whether the service request is a request issued by the first node with legal identity. The node authentication based on the method can prevent illegal nodes from invading the Internet of things, and delete outdated requirements.
According to a third possible implementation manner of the data sharing method of the internet of things based on the blockchain, the querying operation performed by the first blockchain manager includes that the first blockchain manager decrypts the encrypted service information, and determines information to be queried by the first node; the first blockchain manager queries the queried information based on a local information database, and if the queried information is not found in the local information database, the first blockchain manager searches the blockchain network for the queried information.
From the above, each blockchain manager maintains a local information database, and the first blockchain manager queries the local information database, and if the required information is not queried, then queries the blocks on the blockchain network. Based on the method, the data information of the first node service request can be quickly searched, a large amount of operation resources are saved, and efficient query is realized.
According to a fourth possible implementation manner of the data sharing method of the internet of things based on the blockchain, the first blockchain network manager generating the first block based on the service request message includes that the first blockchain manager decrypts the encrypted service information to determine information that the first node needs to store; the first block chain manager creates a first transaction block based on the received service request, wherein the first transaction block comprises a transaction timestamp, a transaction public key, a transaction signature and a transaction message, the transaction timestamp is the generation time of a first transaction, the transaction public key is a node second public key of a first node, the transaction signature is information signed by using the node second private key of the first node, and the transaction message comprises the information to be stored; the first blockchain manager adds the first transaction to the current block to generate a first block, wherein the first block comprises a block timestamp of the time of generating the first block, a block signature and a block message, the block signature is a signature using a public key of the first blockchain manager, and the block message comprises information of each transaction block.
By the method, the first block is generated based on the service request, and a time back-off algorithm is adopted to realize quick consensus approval. By adopting the method, compared with the traditional consensus approval method, the consensus efficiency is high, and the safe data storage is realized.
In a fifth possible implementation manner of the first aspect or the fourth possible implementation manner of the first aspect, the sending the first block to the blockchain network for consensus approval includes sending the first block to the blockchain network by a first blockchain manager for multiple rounds of block verification, where the round of block verification is completed once for each first block by each second blockchain manager of the blockchain network, and the second blockchain manager is another blockchain manager on the blockchain network other than the first blockchain manager; if the number of rounds K of block verification completed by the first block is smaller than or equal to a first set threshold value, after the first block chain manager waits for a first random time, sending the first block to other second block chain managers in the block chain network to perform a new round of block verification on the first block, wherein the initial value of K is set to 0; when the second block chain manager receives a block verification request of a first block sent by the first block chain manager, performing block verification on the first block; after each second block chain manager completes one round of block verification on the first block, the first block chain manager calculates the consensus passing rate of the first block, if the consensus passing rate is greater than or equal to a second set threshold value, the first block chain manager adds the first block to the tail end of the first block chain, and stores the stored information in a local information database, otherwise, the K value is increased by 1; if the consensus passing rate is smaller than a second set threshold value and the number K of rounds of completing consensus approval for the first block is larger than a first set threshold value, the first block fails to be subjected to consensus approval; wherein the consensus passing rate is equal to a quotient of a number of second blockchain managers that pass block verification of the first block divided by a total number of second blockchain managers.
By adopting the back-off algorithm based on time, the first blockchain waits for the first random time to send the first block for the consensus approval during each round of the consensus approval, so that the approval results of the blockchain network on other blocks in the first random time can be fully utilized, and the consensus approval efficiency of the first block is improved. Compared with the Internet of things in the prior art, the embodiment of the block chain-based Internet of things data sharing method has the advantage of high efficiency.
According to a fifth possible implementation manner of the first aspect, in a sixth possible implementation manner of the data sharing method of the internet of things based on a blockchain, the second blockchain manager performs statistics on the received blocks of the first blockchain manager within a second set time, so as to generate a total number of blocks of the received first blockchain manager, and when the total number of blocks of the received first blockchain manager is greater than a third set threshold, reports to the first blockchain manager that the block verification of the first block is failed; when the total number of the received blocks of the first block chain manager is smaller than or equal to a third set threshold value, the second block chain manager performs trust verification on the first block based on a trust relationship; if the trust verification of the second blockchain manager on the first block is not passed, the second blockchain manager performs strict verification on the first block, and if any one of the strict verifications of the second blockchain manager on the first block is not passed, the second blockchain manager reports to the second blockchain manager that the block verification of the first block is not passed; if the second blockchain manager passes the verification of the first block or passes all the verification in the strict verification, the first block is subjected to block identity verification, then if the first block passes all the verification in the block identity verification, the second blockchain manager reports the block verification of the first block to the first blockchain manager and stores the first blockchain manager in a trust list thereof, otherwise, the second blockchain manager reports the block verification of the first block to the first blockchain manager not to pass, wherein the trust list comprises the sender of the block successfully received by each blockchain manager in the blockchain network.
By the method, the first block is rapidly verified based on trust verification and block identity verification, so that the efficiency is improved, and when trust fails, the security is ensured by the strict verification and the block identity verification. Based on the method, the block verification of the first block is efficient and safe.
In a seventh possible implementation manner of the data sharing method of the internet of things based on a blockchain according to the sixth possible implementation manner of the first aspect, the trust verification includes that the second blockchain manager checks the first blockchain manager based on a locally stored trust list, and if the first blockchain manager is located in the trust list, the first blockchain trust verification passes; if the first blockchain manager is not in the trusted list, the second blockchain manager will send the first block to each third blockchain manager in its trusted list; each third blockchain manager checks the first blockchain manager based on its locally saved trust list, and if any third blockchain manager finds that the first blockchain manager manages its locally trusted list, the third blockchain manager reports to the second blockchain manager that the first blockchain trust verification passes.
By the method, the trust verification is carried out on the first block based on the trust relation state of the second blockchain manager or the third blockchain manager to the first blockchain manager, the method is suitable for blockchain networks with similar blockchain managers, the trust relation among the blockchain managers is known a priori, because the trust relation among the blockchain managers is known a priori, and a large amount of calculation time and calculation resources of the blockchain managers are not consumed based on the method, so that the efficiency of consensus approval is improved.
In an eighth possible implementation manner of the data sharing method of the internet of things based on a blockchain according to the seventh possible implementation manner of the first aspect, the block identity verification includes a block timestamp verification, which includes, checking by the second blockchain manager whether a difference between a current timestamp and the first block timestamp is less than a third set time, if the difference is less than the third set time, then the block timestamp verification passes, otherwise the block timestamp verification does not pass; block public key verification, which includes verifying a signature of a first block using a public key of the first block, the block public key verification passing if the verification passes.
From the above, the block timestamp validation essentially excludes obsolete blocks, which typically delay arrival, and the block public key validation is to verify whether the first blockchain manager is still valid. Based on the method, the identity of the first block can be verified by the second block chain manager, so that the first block can be judged to be an effective non-obsolete block, and illegal block chain manager intrusion is prevented.
In a ninth possible implementation manner of the data sharing method of the internet of things based on the blockchain according to the sixth possible implementation manner of the first aspect, the strict verification includes transaction timestamp verification, which includes, checking by the second blockchain manager whether the difference between the current timestamp and the timestamp of each transaction in the first block is smaller than the fourth set time, and if so, passing the transaction timestamp verification; transaction public key verification, which includes verifying the signature of each transaction of the first block using the public key of the transaction, and if both pass, the transaction public key verification passes.
By the method, the transaction timestamp verification essence excludes outdated transactions, the outdated transactions usually delay arrival, the transaction public key verification essence is to verify whether each transaction sender of the first block is still effective, and the second block chain manager can judge that each transaction of the first block is effective non-outdated transactions to prevent illegal block chain manager intrusion.
In a tenth possible implementation manner of the data sharing method of the internet of things based on the first aspect, the first random time is equal to a sum of a second random time and a third random time, wherein the second random time is greater than or equal to a 2 times delay time product and is smaller than the second set time, the third random time is equal to a product of a first random number and a delay time, the first random number is a random number between a difference of k times 1 from 0 to 2, and the delay time is a minimum transmission delay between the first blockchain manager and each second blockchain manager.
The third random time of the first random time is set based on a back-off algorithm, and is related to K, when K is larger, the third random time is longer, the more the blockchain network consensus approval passing blocks are received by each second blockchain manager, if the transactions contained in the blocks passing the consensus approval are overlapped with the transactions in the first blocks, the transactions are removed from the transaction pools to be verified by each second blockchain manager, and the efficient subsequent strict verification is facilitated, so that the first block consensus approval is efficiently and safely carried out.
In a second aspect, a blockchain-based data sharing method of the internet of things includes that a first node generates a first public key and a first private key of the first node based on a node ID; the method comprises the steps that a first node creates a service request and sends the service request to a first blockchain manager randomly selected by a blockchain network connected with the Internet of things for processing, wherein the service request comprises a node ID of the first node, a node first public key of the first node, a service time stamp, signature information and a service operation type, the signature information is encrypted service information signed by using the node first private key, the operation type comprises inquiry and storage, and the service time stamp is service generation time; the first node receives a service request result generated by the first blockchain manager based on the service request, wherein the service request result is a storage success message sent by the first blockchain manager if the first node passes the node authentication of the first blockchain manager and the first service request message contains a query operation, the service request result is a query result sent by the first blockchain manager if the first node does not pass the node authentication of the first blockchain manager and the first service request message contains a storage operation, and the service request result is a storage success message sent by the first blockchain manager if the first blockchain manager passes the co-authentication of the first block created by the method based on the first aspect, and the service request result is a node authentication failure message sent by the first blockchain manager if the first node does not pass the node authentication of the first blockchain manager and the first block does not pass the co-authentication.
By the above, the first node determines its node first public key and node first private key by acquiring information from registration, the node first public key is included in the service request, and the encrypted service information is signed with the node first private key. Based on the method, the service request not only comprises the information related to the requested sharing operation, but also comprises the identity information of the node, so that the security of the service request is improved.
According to a second aspect, in a first possible implementation manner of the blockchain-based data sharing method of the internet of things, the first node generates a node first public key and a node first private key thereof based on a node ID; the first node sends its node ID to the registry; the first node receives a system parameter k1 and a first private key of the first node part from a registry, wherein the system parameter k1 and the first private key of the first node part are generated by the registry based on the node ID; the first node generates a node first private key of the first node based on the system parameter k1 and the node part first private key; the first node generates its node first public key based on its node first private key.
From the above, the first node performs node registration based on the node ID, and generates its node first private key and node first public key based on the related data issued by the registration center. The node first private key and the node first public key obtained based on the method are identity keys of the first node, can be used for subsequent node authentication and service information encryption, and prevent illegal nodes from accessing the Internet of things.
In a third aspect, a blockchain-based data sharing device of the internet of things includes a service request receiving module, configured to receive a service request of a first node of the internet of things by a first blockchain manager, where the service request includes a node ID of the first node, a service timestamp, signature information, and a service operation type, where the signature information is encrypted service information signed using a node first private key, the operation type includes a query and a store, the service timestamp is a service generation time, and the node first private key signature of the first node is a private key generated based on the node ID of the first node; the node authentication module is used for carrying out node authentication on the first node by the first blockchain manager based on the service time stamp and the node second public key, and if the node authentication is passed, the first blockchain manager reports the node ID of the first node and the node second public key to the blockchain network of the first node, wherein when the first blockchain manager does not have the node second public key of the first node, the first blockchain manager generates the node second public key of the first node based on the node ID; the access operation module is used for carrying out query operation on the first block chain manager if the first node passes node authentication and the service type in the service request is access; the storage operation module is used for generating a first block based on the service request message by the block chain network manager if the first node passes node authentication and the service type in the service request is storage, performing consensus approval on the first block to the block chain network, and adding the first block to the tail end of a block chain of the block chain network if the consensus approval passes; the service result sending module is configured to send a result of receiving a service request to a first node by using a first blockchain manager, where the service request result includes that if the first node is authenticated by a node of the first blockchain manager and the first service request message includes a query operation, the service request result is the query result, and if the node is authenticated by the node of the first blockchain manager and the first service request message includes a storage operation and the first block is approved by the consensus, the service request result is a storage success message, and if the first block is not approved by the consensus, the service request result is a service request failure message, and if the first node is not authenticated by the node, the service request result is a node authentication failure message.
By the method, the validity of the first node generating the service request, namely the data sharing request, is verified through node registration and node authentication, and for the service request storing shared data, the first block generated based on the service request is subjected to consensus approval through a storage block consensus approval method so as to exclude illegal intrusion of a block chain manager, thereby realizing data sharing of the Internet of things based on the block chain. Compared with the Internet of things in the prior art, the block chain-based Internet of things data sharing device is safer.
According to a third aspect, in a first possible implementation manner of the blockchain-based internet of things data sharing device, the device further includes a node key generating second module, including a node ID sending second module, configured to send, by the first blockchain manager, a node ID of the first node to the registry; a parameter receiving second module, configured to receive, by the first blockchain manager from the registry, a system parameter k2 and a node part second private key of the first node, where the system parameter k2 and the node part second private key are generated by the registry based on the node ID; a second private key generation module, configured to generate a second private key of the node of the first node by using the first blockchain manager based on the system parameter k2 and the second private key of the node part; the public key generation second module is used for generating a node second public key of the first node based on the node second private key of the first node by the first blockchain manager.
From the above, the first blockchain manager sends the node ID to the registry, and generates the second public key of the node by using the related data generated by the same algorithm as the first node and issued by the registry, and the second public key of the node generated by the device is the same as the first public key of the node, so that the second public key of the node can be used for subsequent node authentication and service information encryption, and illegal nodes are prevented from accessing the internet of things.
According to a second possible implementation manner of the blockchain-based internet of things data sharing device, the node authentication device includes a node timestamp verification module, configured to check, by the first blockchain manager, whether a difference between a current timestamp and a service timestamp in the service request sent by the first node is less than a first set time, and if the difference is less than the first set time, the first node verifies by the node timestamp; and the node public key verification module is used for verifying the signature of the signature information in the service request by using the node second public key of the first node by the first blockchain manager, and if the verification is passed, the first node passes the node public key verification and obtains the encrypted service information.
From the above, the node timestamp verification may check whether the service request of the first node is an obsolete request, and the node public key verification may verify the signature message in the service request, thereby verifying whether the service request is a request issued by the first node with legal identity. The node authentication based on the device can prevent illegal nodes from invading the Internet of things, and delete outdated requirements.
According to a third possible implementation manner of the blockchain-based internet of things data sharing device, the access operation module includes a query information determining module, configured to decrypt the encrypted service information by the first blockchain manager, and obtain information that needs to be queried by the first node; the local query module is used for querying the queried information by the first blockchain manager based on a local information database; and the remote query module is used for searching the queried information in the blockchain network by the first blockchain manager if the queried information cannot be found in the local information database.
From the above, each blockchain manager maintains a local information database, and the first blockchain manager queries the local information database, and if the required information is not queried, then queries the blocks on the blockchain network. Based on the device, the data information of the first node service request can be quickly searched, a large amount of operation resources are saved, and efficient query is realized.
According to a fourth possible implementation manner of the blockchain-based internet of things data sharing device, the storage operation module includes a storage content generation module, configured to decrypt the encrypted service information by the first blockchain manager, and obtain information to be stored by the first node; the block generation module is used for creating a first transaction based on the received service request message by the first blockchain manager, adding the first transaction into a current block by the first blockchain manager to generate the first block, wherein the first transaction block comprises a transaction timestamp, a transaction signature and a transaction message, the transaction timestamp is the time generated by the first transaction, the transaction public key is a node second public key of a first node, the transaction signature is signature information of a node second private key of the first node, the transaction message is the information to be stored, the first block comprises a block timestamp, a block signature and a block message for generating the first block time, and the block signature is a signature of the first blockchain manager, and the block message comprises information of each transaction block; the first block chain manager is used for placing the first block into the block chain network for consensus approval; and the information storage module is used for adding the first block which passes the consensus approval to the end of the first block chain by the first block chain manager and storing the stored information in the local information database.
By the method, the first block is generated based on the service request, and a time back-off algorithm is adopted to realize quick consensus approval. Compared with the traditional consensus approval method, the device has high consensus efficiency and realizes safe data storage.
According to a fourth possible implementation manner of the third aspect, in a fifth possible implementation manner of the data sharing device of the internet of things based on a blockchain, the common approval module includes a time back-off module, configured to send the first block to each second blockchain manager of the blockchain network to perform a new round of block verification on the first block after the first blockchain manager waits for a first random time if a number K of rounds of block verification performed by the first block is less than or equal to a first set threshold, where an initial value of K is set to 0, and the round of block verification is performed once for each first block by each second blockchain manager of the blockchain network; the block verification module is used for performing block verification on the first block when the second block chain manager receives a block verification request of the first block sent by the first block chain manager; the consensus approval judging module is used for the first block chain manager to calculate the consensus passing rate of the first block after the second block chain manager completes one round of block verification on the first block, if the consensus passing rate is larger than or equal to a second set threshold value, if the first block is judged to pass the consensus approval, otherwise, the K value is increased by 1, and if the consensus passing rate is smaller than a second set threshold value and the number of rounds K of completing the consensus approval for the first block is larger than a first set threshold value, the first block fails the consensus approval; wherein the consensus passing rate is equal to a quotient of a number of second blockchain managers passing the block verification of the first block divided by a total number of second blockchain managers, the second blockchain manager being other blockchain managers on the blockchain network than the first blockchain manager.
By adopting the back-off algorithm based on time, the first blockchain waits for the first random time to send the first block for the consensus approval during each round of the consensus approval, so that the approval results of the blockchain network on other blocks in the first random time can be fully utilized, and the consensus approval efficiency of the first block is improved. For prior art's thing networking, this application has efficient advantage.
According to a fifth possible implementation manner of the third aspect, in a sixth possible implementation manner of the blockchain-based internet of things data sharing device, the block verification module includes a malicious manager determination module, configured to, during a second set time, count blocks of the received first blockchain manager by the second blockchain manager, generate a total number of blocks of the received first blockchain manager, and report, to the first blockchain manager, that block verification of the first block is failed when the total number of blocks of the received first blockchain manager is greater than a third set threshold; the trust verification module is used for performing trust verification on the first block by the second block chain manager when the total number of the received blocks of the first block chain manager is smaller than or equal to a third set threshold value; the strict authentication module is used for carrying out strict authentication on all transactions of the first block when the second block chain manager carries out trust authentication on the first block and fails, and if any one of the strict authentication fails, the second block chain manager reports that the block authentication of the first block fails to pass to the first block chain manager; and the block identity authentication module is used for carrying out identity authentication on the first block when the trust authentication of the second block chain manager on the first block passes or all the authentication in the strict authentication pass, and then reporting the block authentication of the first block to the first block chain manager by the second block chain manager if all the authentication of the first block passes, adding the first block chain to a trust list thereof, otherwise reporting the block authentication of the first block to the first block chain manager by the second block chain manager not passing, wherein the trust list comprises the sender of the block successfully received by each block chain manager in the block chain network.
By the method, the first block is rapidly verified based on trust verification and block identity verification, so that the efficiency is improved, and when trust fails, the security is ensured by the strict verification and the block identity verification. Based on the device, the block verification of the first block is efficient and safe
According to a seventh possible implementation manner of the third aspect, in a seventh possible implementation manner of the blockchain-based internet of things data sharing device, the trust verification module includes a direct trust verification module, configured to check the second blockchain manager against a locally stored trust list, and if the first blockchain manager is in its trust list, the first blockchain manager passes the trust verification; the block transfer sending module is used for sending the first block to each third block chain manager in the trust list by the second block chain manager if the first block chain manager is not in the trust list; and the indirect trust verification module is used for checking the first blockchain manager by the third blockchain manager based on the locally stored blocklist, and if any third blockchain manager finds that the first blockchain manager is in the locally trusted list, reporting the first trust verification to the second blockchain manager by the third blockchain manager.
By the above, the trust verification is performed on the first block based on the trust relation state of the second blockchain manager or the third blockchain manager to the first blockchain manager, the device is suitable for the blockchain network which is similar to each blockchain manager and the trust relation among the blockchain managers is known a priori, because the trust relation among the blockchain managers is known a priori, the device does not need to consume a large amount of calculation time and calculation resources of each blockchain manager, and therefore the efficiency of consensus approval is improved.
According to a sixth possible implementation manner of the third aspect, in an eighth possible implementation manner of the blockchain-based internet of things data sharing device, the block identity verification module includes a block timestamp verification module, configured to check, by the second blockchain manager, whether a difference between a current timestamp and a block timestamp is less than a third set time, and if so, the block timestamp verification passes; and the block public key verification module is used for verifying the block signature of the first block by using the block public key of the first block by the second block chain manager, and if the verification is passed, the block public key is verified to pass.
From the above, the block timestamp validation essentially excludes obsolete blocks, which typically delay arrival, and the block public key validation is to verify whether the first blockchain manager is still valid. Based on the device, the identity of the first block can be verified by the second block chain manager, so that the first block can be judged to be an effective non-obsolete block, and illegal block chain manager intrusion is prevented.
According to a sixth possible implementation manner of the third aspect, in a ninth possible implementation manner of the blockchain-based internet of things data sharing device, the strict authentication module includes a transaction timestamp verification module, configured to check, by the second blockchain manager, whether a difference between a current timestamp and a transaction timestamp of each transaction in the first block is less than a fourth set time, and if so, the transaction timestamp verification is passed; and the transaction public key verification module is used for verifying the transaction signature of each transaction of the first block by using the transaction public key of the corresponding transaction by the second blockchain manager, and if the verification is passed, the transaction public key is verified to be passed.
By the method, the transaction timestamp verification essence excludes outdated transactions, the outdated transactions usually delay arrival, the transaction public key verification essence is to verify whether each transaction sender of the first block is still effective, and the second block chain manager can judge that each transaction of the first block is effective non-outdated transactions to prevent illegal block chain manager intrusion.
According to a fifth possible implementation manner of the third aspect, in a tenth possible implementation manner of the data sharing device of the internet of things based on a blockchain, the first random time is equal to a sum of a second random time and a third random time, wherein the second random time is greater than or equal to a 2 times delay time product and is smaller than a second set time, the second random time is equal to a product of a first random number and a delay time, the first random number is a random number between differences of k times from 0 to 2 minus 1, and the delay time is a minimum transmission delay between the first blockchain manager and each second blockchain manager.
The third random time of the first random time is set based on a back-off algorithm, and is related to K, when K is larger, the third random time is longer, the more the blockchain network consensus approval passing blocks are received by each second blockchain manager, if the transactions contained in the blocks passing the consensus approval are overlapped with the transactions in the first blocks, the transactions are removed from the transaction pools to be verified by each second blockchain manager, and the efficient subsequent strict verification is facilitated, so that the first block consensus approval is efficiently and safely carried out.
In a fourth aspect, a blockchain-based data sharing device of the internet of things includes a node key generation first module, a first node generating its node first public key and node first private key based on a node ID; the system comprises a service request creation module, a service request generation module and a service operation type, wherein the service request creation module is used for creating a service request by a first node and sending the service request to a first blockchain manager randomly selected by a blockchain network connected with the Internet of things for processing, the service request comprises a node ID service time stamp of the first node, signature information and the service operation type, the signature information is encrypted service information signed by using a first private key of the node, the operation type comprises inquiry and storage, and the service time stamp is service generation time; the service result receiving module is configured to receive, by a first node, a service request result generated by the first blockchain manager based on the service request, where the service request result is a storage success message sent by the first blockchain manager if the first node authenticates the node according to claim 3 and the first service request message includes a query operation, the service request result is a query result sent by the first blockchain manager if the first node does not authenticate the node according to claim 3 and the first service request message includes a storage operation, and if the first node authenticates the node according to claim 3 and the first service request message includes a storage operation, the service request result is a storage success message sent by the first blockchain manager if the first blockchain manager authenticates the node according to any one of claims 6 to 11 based on the first block created by the method according to claim 5, and the service request result is a node authentication failure message sent by the first blockchain manager if the first node does not authenticate the node according to the first blockchain manager, and the service request result is a service request message sent by the first blockchain manager if the first block fails to authenticate the node.
By the above, the first node determines its node first public key and node first private key by acquiring information from registration, the node first public key is included in the service request, and the encrypted service information is signed with the node first private key. Based on the device, the service request not only comprises the information related to the requested sharing operation, but also comprises the identity information of the node, so that the security of the service request is improved.
According to a fourth aspect, in a first possible implementation manner of the blockchain-based data sharing device of the internet of things, the first module for generating the public and private keys of the nodes includes a first module for sending the node ID of the first module to the registry; a parameter receiving first module, configured to receive, by a first node, a system parameter k1 and a first private key of a first node portion from a registry, where the system parameter k1 and the first private key of the first node portion are generated by the registry based on the node ID; a first private key generation module, configured to generate, by a first node, a node first private key of the first node based on the system parameter k1 and a node portion first private key thereof; the first node generates its node first public key based on its node first private key.
From the above, the first node performs node registration based on the node ID, and generates its node first private key and node first public key based on the related data issued by the registration center. The node first private key and the node first public key obtained based on the method are identity keys of the first node, can be used for subsequent node authentication and service information encryption, and prevent illegal nodes from accessing the Internet of things.
In a fifth aspect, a blockchain manager is provided that includes the blockchain-based internet of things data sharing device of the third aspect.
In a sixth aspect, a node is provided, which includes the blockchain-based internet of things data sharing device of the fourth aspect.
In a seventh aspect, a computing device is provided, comprising,
a bus;
a communication interface connected to the bus;
at least one processor coupled to the bus; and
at least one memory coupled to the bus and storing program instructions that, when executed by the at least one processor, cause the at least one processor to perform any of the embodiments of the first aspect or any of the embodiments of the second aspect of the present application.
In an eighth aspect, there is provided a computer readable storage medium having stored thereon program instructions, characterized in that the program instructions, when executed by a computer, cause the computer to perform applying for any of the embodiments of the first aspect or any of the embodiments of the second aspect.
Drawings
FIG. 1 is a schematic flow chart of an embodiment of a block chain-based data sharing method of the Internet of things;
FIG. 2A is a flow chart of a service request generation method of the present application;
FIG. 2B is a flow chart of a first method of node key generation of the present application;
FIG. 3A is a flow chart of a node authentication method of the present application;
FIG. 3B is a flow chart of a second method of node key generation of the present application;
FIG. 4A is a schematic flow chart of memory block consensus in the present application;
FIG. 4B is a block diagram of the present application;
FIG. 4C is a schematic diagram of a transaction structure of the present application;
FIG. 4D is a block verification flow diagram of the present application;
FIG. 4E is a schematic diagram of a trust verification process of the present application;
FIG. 5 is a schematic structural diagram of an embodiment of a block chain-based data sharing device of the Internet of things of the present application;
FIG. 6A is a flow chart of a service request generation method of the present application;
FIG. 6B is a schematic structural diagram of a first module for generating a node key according to the present application;
FIG. 7A is a flow chart of a node authentication method of the present application;
fig. 7B is a schematic structural diagram of a second module for generating a node key according to the present application;
FIG. 8A is a schematic diagram illustrating a memory block common structure of the present application;
FIG. 8B is a schematic block diagram of a block verification module according to the present application;
FIG. 8C is a schematic diagram of a trust verification module structure of the present application;
FIG. 9, a schematic diagram of the computational architecture of the present application
Detailed Description
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is to be understood that "some embodiments" can be the same subset or different subsets of all possible embodiments and can be combined with one another without conflict.
In the following description, references to the terms "first/second/third, etc." or module a, module B, module C, etc. are used merely to distinguish between similar objects or between different embodiments, and do not represent a particular ordering of the objects, it being understood that particular orders or precedence may be interchanged as permitted so that embodiments of the invention described herein can be implemented in an order other than that illustrated or described herein.
In the following description, reference numerals indicating steps such as S110, S120, … …, etc. do not necessarily indicate that the steps are performed in this order, and the order of the steps may be interchanged or performed simultaneously as allowed.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing embodiments of the invention only and is not intended to be limiting of the invention.
The internet of things in the application comprises a plurality of member nodes, and particularly, when the internet of things is the internet of things, the nodes are member vehicles and RSUs around the vehicle nodes, the member vehicles and the roadside RSUs form a node ad hoc network VANET (vehicle networking) through wireless media of wireless access WAVE among the members, and the internet of vehicles is connected with a blockchain network. The wireless medium of the wireless access WAVE may be DRSC or C-V2X.
Each member node is provided with a sensor, acquires traffic related information, uploads the traffic related information to the blockchain network, and can access the blockchain or the information database of each blockchain manager as shared information of the Internet of things, wherein the shared information exists in the blockchains of the blockchain network or the information database of the related blockchain manager.
The blockchain network comprises a registration center for registering each member node, each blockchain manager authenticates each member node, and each blockchain manager of the blockchain network performs consensus approval on blocks formed based on shared data of each member node.
Method embodiments of the present application are described below based on fig. 1-4E.
[ an embodiment of a blockchain-based data sharing method for the Internet of things ]
Fig. 1 illustrates a flowchart of a first embodiment of a blockchain-based data sharing method for the internet of things, which includes,
step 110, the first node generates a service request and sends the service request to a first blockchain manager of the blockchain-based internet of things.
Before the first node generates the service request, if the first node does not have the node first public key and the node first private key which represent the identity of the first node, the first node must register with a registration center of the internet of things, where the registration center is a management unit on the internet of things and may be located in any network unit of the internet of things. Based on the information obtained from the registry, its node first public key and node first private key are determined using a first provisioning algorithm.
The service request can be generated based on various application programs, and for the Internet of vehicles, the service request is generated by the application programs in the vehicle-mounted terminal or the mobile phone APP bundled together with the vehicle, data query and data storage operation are performed for the first node, the data query comprises the information of querying the position information, real-time road conditions, weather conditions and the like of the vehicle from the Internet of vehicles, and the data storage comprises the storage of the position information of the vehicle onto the Internet of vehicles so as to realize the sharing of the data of the Internet of vehicles.
The service request comprises a service time stamp, a node ID, a node first public key, signature information and an operation type, wherein the service time stamp is represented as the time generated by the service request, the signature information is encrypted service information signed by using the node first private key of the first node, and the operation type is inquiry or storage. The service request is sent to a first blockchain manager, and the first blockchain manager is a blockchain manager which receives the service request on a blockchain network connected with the Internet of things.
For details of this step, please refer to [ service request generation method ].
From the above, the first node determines its node first public key based on the two-party agreement algorithm by acquiring information from registration, and includes it in the service request. Based on the method, the service request not only comprises the information related to the requested sharing operation, but also comprises the identity information of the node, so that the security of the service request is improved.
Step 120, the first blockchain manager performs node authentication on the first node, including node timestamp verification and node public key verification.
Wherein after the first blockchain manager receives the service request, if the first blockchain manager does not have the node second public key of the first node yet, the node second public key of the first blockchain manager must be generated based on the node ID in the service request by using the same method as the first node generates the node first public key of the first node. The second public key of the node should be the same as the first public key of the node and be used for node public key verification of the first node.
The first blockchain manager performs node authentication on the node, including node timestamp authentication and node public key authentication, wherein the node timestamp authentication is used for confirming the service request is not outdated or malicious, and the node public key authentication is used for verifying the identity of the first node. After the first node passes the node authentication of the first blockchain manager, the first blockchain manager reports the node second public key to each blockchain manager of the internet of things, so that other blockchain managers can acquire the node second public key of the first node.
For details of this step, please refer to [ node authentication method ].
By the method, the first blockchain manager determines the non-malicious node and the identity information thereof through node authentication, and based on the method, the network security of the Internet of things can be improved, and illegal nodes are prevented from being accessed maliciously.
Step 130, judging whether the node authentication of the first node is passed.
If the first node passes the node authentication, the step 140 is shifted to, and the first blockchain manager processes the service request of the first node to start the data sharing operation, otherwise, the step 190 is shifted to, and sends a node authentication failure message to the first node.
Step 140, determining whether the service request of the first node is a query or a storage type.
The first blockchain manager determines whether the service request of the first node is a query or a storage type based on the service type in the service request, if the service request of the first node is the query type, the step 150 is shifted to perform query processing to share data or other service information provided by other nodes, and otherwise, the step 160 is shifted to perform data storage processing to facilitate the sharing of the data stored by the host vehicle by other nodes.
Step 150, the first block quantity manager queries the data information of the first node service request.
The first block chain manager verifies the signature information in the service request to obtain encrypted service information, and then decrypts the encrypted service information to obtain the service information. The content that the first node needs to query can be determined according to the service information. For the Internet of vehicles, real-time information of the area and the road to which the vehicle is to move is queried, and a driver utilizes the real-time information to ensure the safety of the driver and save the driving time.
Wherein each blockchain manager maintains a database of information, the purpose of which is to respond quickly to requests. If the first blocksize manager finds the requested real-time information in its information database, directly sending the data to the first node; otherwise, the first blocksize manager searches for blocks in the blockchain network, finds blocks containing the queried information, and forwards data to the first node.
From the above, each blockchain manager maintains a local information database, and the first blockchain manager queries the local information database, and if the required information is not queried, then queries the blocks on the blockchain network. Based on the method, the data information of the first node service request can be quickly searched, and a large amount of operation resources are saved.
Step 160, the first blockchain manager generates a first block based on the service request, and sends the first block to each second blockchain manager for consensus approval.
The first blockchain manager decrypts the encrypted service information of the service request, and determines information which needs to be stored by the first node, namely, determines information which needs to be shared by the first node. For the internet of vehicles, the stored information is the traffic state of the road where the vehicle is located or the weather condition of the place where the vehicle is located.
Wherein the first blockchain manager generating a first block based on the service request includes the first blockchain manager creating a first transaction block based on the received service request, the first blockchain manager adding the first transaction to a current block, generating the first block. The first transaction block comprises a transaction time stamp, a transaction public key, a transaction signature and a transaction message, wherein the transaction time stamp is generated by a transaction, the transaction public key is a second public key of a first node, the transaction signature is information signed by a node second private key of the first node, the transaction message is information to be stored, the first block comprises a block time stamp, a block signature and a block message of the first block generation time, the block signature is a signature by using a public key of a first block chain manager, and the block message is information of each transaction block.
Specifically, fig. 4B shows specific information of a header of the first transaction, where the transaction ID is a unique identifier of the transaction, the Hash of the blockchain manager public key is a Hash of the first blockchain manager public key, the Hash is used to create the transaction, the transaction public key and the transaction signature are used to record detailed identity information of the first node, the timestamp is a time of generating the transaction when the transaction is initialized, and the transaction receiving time is a time when the first blockchain manager receives the service request. Fig. 4C shows header specific information of the first block, wherein the block ID is a unique identification of the block, the transaction number refers to a total number of transactions contained in a single block, the block timestamp indicates a time when the block was generated by the blockchain manager, and the block public key and the block signature are used to record detailed identity information of the first blockchain manager. All transactions are organized in a Merkle tree structure, with Merkle tree roots being the verification of all transactions in a single block.
The first blockchain manager sends the first block to each second blockchain on the first blockchain to conduct consensus approval. The second blockchain manager is each blockchain manager on the first blockchain network except the first blockchain manager. The traditional consensus approval methods such as a workload proving mechanism, a rights proving mechanism, a delegated rights proving and a verification pool consensus mechanism have large calculation amount and are not suitable for the Internet of things. The invention adopts a time back-off algorithm to quickly realize the consensus approval. For a detailed consensus approval method, please refer to [ memory block consensus approval method ].
By the method, the first block is generated based on the service request, and a time back-off algorithm is adopted to realize quick consensus approval. By adopting the method, compared with the traditional consensus approval method, the consensus efficiency is high.
Step 170, determine whether the first block passes the consensus approval.
If the first block passes the consensus approval, the step 180 proceeds to store the first block including the shared data information, otherwise, the step 190 proceeds to send a service request failure message to the first node.
Step 180, the first blockchain manager stores the first block to the end of the blockchain and saves the stored information in its information database.
The first block contains a first transaction, the first transaction contains information to be stored of the first node, and each blockchain manager can inquire that the stored information of the first block in the blockchain exists.
By the method, each blockchain manager can query the storage information from the blockchain containing the first block, and each node in the Internet of things can query the data information shared by each block of the blockchain based on each blockchain manager.
Step 190, the first blockchain manager sends the result of the service request to the first node.
For the first blockchain manager to send and receive service request results to the first node, wherein the service request results include,
if the first node is authenticated by a node of the first blockchain manager and the first service request message includes a query operation, the service request result is the query result,
and if the node passes the node authentication of the first blockchain manager and the first service request message contains a storage operation and the first block passes the consensus approval, the service request result is a storage success message,
and if the first block fails the consensus approval, the service request result is a service request failure message
And if the first node fails the node authentication, the service request result is a node authentication failure message.
[ service request Generation method ]
Fig. 2A shows a flow diagram of a service request generation method of the present application, which includes,
in step 1110, the first node performs node registration based on the node ID, and generates its node first private key and node first public key based on the related data issued by the registry.
Before the first node generates a service request, the first node checks whether the first node has the first private key of the node and the first public key of the node, if not, the first node needs to send a node ID to a registration center of the Internet of things for registration, and generates the first private key of the node and the first public key of the node according to a contract algorithm based on related data issued by the registration center. One possible implementation manner of the node ID is that the node registration number, the equipment configuration, the owner information and the node manufacturer information are combined, and the node ID is an identification number of the node ID. The agreed algorithm refers to an algorithm agreed by the first node and each blockchain manager of the blockchain network. For a detailed method of generating the first private key of the first node and the first public key of the first node, please refer to [ the first method of generating the node key ].
From the above, the first node performs node registration based on the node ID, and generates its node first private key and node first public key based on the related data issued by the registration center. The node first private key and the node first public key obtained based on the method are identity keys of the first node, can be used for subsequent node authentication and service information encryption, and prevent illegal nodes from accessing the Internet of things.
Step 1120, the first node generates a service request, i.e. generates a data sharing request.
The service request is generated based on actual use by the vehicle-mounted terminal in the first node or an application layer bound with the first vehicle at a mobile terminal of the first node, and is encapsulated in information of the application layer, such as information of HTTP protocol. One possible implementation manner is that after the node key generation stage, the first node encrypts the service information and signs the encrypted service information with the node first private key to obtain signature information. Illustratively, the first node adds its identity ID, node first public key, service timestamp, signed encrypted message to the service request information, and creates a request,
query (ID, node first public key, service timestamp, signature information (encrypted service information), type of operation).
The operation type includes access and storage types, and when the operation type is access, the service information is, for example, a road or region name to be queried, time to be queried and information type to be queried, wherein the information type to be queried is traffic condition or weather information; when the operation type is storage, the service information is, for example, a road or region name to be stored, a time to be stored, information to be stored, or the like.
Step 1130, the first node sends the service request to a first blockchain manager randomly selected from the blockchain network through the internet of things.
In this way, the first blockchain manager may be a blockchain manager in the blockchain network that receives the first node service request, and is randomly selected from the blockchain network. Based on the method, the first blockchain manager randomly selected ensures that the service requests of each blockchain management process are uniformly distributed, and is convenient for subsequent quick and efficient consensus approval.
[ node Key Generation first method ]
Fig. 2B shows a flow diagram of a first method of node key generation of the present application, which includes,
step 1111, the first node registers with the registry sender node ID, i.e. with the registry.
If the first node is a specific node or a mobile terminal bundled with the node, one possible implementation manner of the node ID is that the node registration number, the equipment configuration, the owner information and the node manufacturer information are combined, and the node ID is an identification number of the node ID; if the first node is an RSU, one possible implementation of the node ID is an RSU registration number, device configuration, owner information, RSU manufacturer information combined, which is an identification number of the RSU identity. The node registry identifies whether the first node is in a legitimate node based on the node ID. Only the legitimate node is registered.
Step 1113, the first node receives the system parameter K1 of the first node and the first private key of the node part generated by the registry based on the node ID using the certificateless public key cryptography algorithm.
The system parameter K1 of each first node is different from the first private key of the node part, and the identity information of each first node is implied.
Step 1115, the first node generates its node first private key based on the system parameter K1 of the first node and the node portion first private key using the certificateless public key cryptography algorithm.
The certificateless public key cryptography algorithm is a contract algorithm between the first blockchain manager and the first node, and the same algorithm is used by the following first blockchain manager.
Step 1117, the first node generates its node first public key based on the first node first private key of the first node using a certificateless public key cryptography algorithm.
The same public key cryptography algorithm without certificate is a contract algorithm between the first block chain manager and the first node, and the same algorithm is used by the following first block chain manager.
[ node authentication method ]
Fig. 3A shows a flow diagram of a node authentication method of the present application, including,
step 1210, the first blockchain manager generates a node second private key and a node second public key based on the node ID.
Before the first blockchain manager performs node authentication, the first blockchain manager checks whether the first blockchain manager has the node second public key, if not, the first blockchain manager needs to send the node ID to a registration center of the Internet of things, and generates the node second public key based on the registration center issuing information. For detailed methods please refer to [ node key generation second method ].
From the above, the first blockchain manager sends the node ID to the registry, and generates the second public key of the node by using the related data based on the registry generated by the same algorithm as the first node, and the second public key of the node generated by the method is the same as the first public key of the node, so that the second public key can be used for subsequent node authentication and service information encryption, and illegal nodes are prevented from accessing the internet of things.
Step 1220, the first blockchain manager performs node timestamp authentication of the node authentication.
The first blockchain manager checks whether the difference between the current timestamp and the service timestamp in the service request sent by the first node is smaller than a first set time, and if so, the first node passes the node timestamp verification.
By the method, whether the service request of the first node is an outdated invalid request or not can be checked, the time difference is larger than the first set time, the service request of the first node is an outdated invalid request, and the authentication of the node fails.
Step 1230, the first blockchain manager performs node public key authentication for node authentication.
The first block chain manager uses a node second public key of the first node to verify the signature of the signature information in the service request, and if the verification is passed, the first node passes the node public key verification and obtains the encrypted service information.
From the above, the second public key of the node using the first node can verify the signed message in the service request, thereby verifying whether the service request is a request issued by the first node of legal identity.
From the above, only the first node passes the node timestamp verification and the node public key authentication, and is considered to pass the node authentication.
[ node Key Generation second method ]
Fig. 3B shows a schematic flow chart of a second method of node key generation of the present application, which is the same as the schematic flow chart of the second method of node key generation of the present application, except that the execution body is changed from the first node to the first blockchain manager. Which comprises the steps of (a) a step of,
step 1211, the first blockchain manager registers with the registry, i.e., with the registry, transmitter node ID.
The node ID is obtained from service request information sent by the first node.
Step 1213, the first blockchain manager receives the system parameter K2 of the first node and the node part second private key generated by the registry based on the node ID using the certificateless public key cryptography algorithm.
Wherein the system parameter K2 and the node part second private key generated because of the same certificateless public key cryptography algorithm and node ID used are identical to the system parameter K1 and the node part first private key, respectively.
Step 1215, the first blockchain manager generates its node second private key based on the system parameter K2 of the first node and the node portion second private key using the certificateless public key cryptography algorithm.
Wherein the generated node second private key is identical to the node first private key because of the same certificateless public key cryptography algorithm used.
Step 1217, the first blockchain manager generates its node second public key based on the node second private key of the first node using a certificateless public key cryptography algorithm.
Wherein the generated node second public key is identical to the node first public key because of the same certificateless public key cryptography algorithm used.
[ memory Block consensus approval method ]
Fig. 4A shows a flow chart of block consensus approval of the present application, which includes,
step 1620, after the first blockchain manager waits for the first random time, the first blockchain manager sends the first blocks to the second blockchain managers.
The second blockchain manager is other blockchain managers except the first blockchain manager in the blockchain network, the first random time is equal to the sum of the second random time and the third random time, the second random time is more than or equal to the product of delay time which is 2 times and is less than the second set time, the third random time is equal to the product of the first random number and the delay time, the first random number is a random number which is obtained by subtracting a difference of 1 from the power of K from 0 to 2, and the delay time is the minimum transmission delay between the first blockchain manager and each second blockchain manager, wherein K is the completion round number K of block verification of the first block. Specifically, the second set time in this embodiment is generally set to 2 minutes.
The third random time of the first random time is set based on a back-off algorithm, and is related to K, when K is larger, the third random time is longer, the more the blockchain network consensus approval passing blocks are received by each second blockchain manager, if the transactions contained in the blocks passing the consensus approval are overlapped with the transactions in the first blocks, the transactions are removed from the transaction pools to be verified by each second blockchain manager, and the efficient subsequent strict verification is facilitated, so that the first block consensus approval is efficiently and safely carried out.
By the minimum value set by the second random time of the first random time, each second blockchain manager is ensured to have enough time to propagate new blocks generated by each blockchain manager of the blockchain network, so that each second blockchain manager can conveniently measure the frequency of the new block generation blocks generated by each blockchain manager, and the blockchain manager of the malicious frequently generated blocks can be found.
Step 1630, each second blockchain manager performs a block verification on the first block.
Wherein, for efficient consensus approval, in this step, only the first block is sent to the second blockchain manager that fails the block verification of the first block, and the second blockchain manager that has already passed the block verification of the first block may be considered to have passed the consensus verification in the present round of consensus approval, where the consensus passing rate is equal to the quotient of the number of second blockchain managers that passed the block verification of the first block divided by the total number of second blockchain managers. For details of the block verification method, please refer to [ block verification method ].
From the above, the block verification of the first block by each second blockchain manager is an important process for the first block consensus approval, and the consensus passing rate is used for judging whether the consensus approval passes.
Step 1640, determining whether the current consensus passing rate is greater than a second set threshold, i.e. whether the first block passes the approval.
Specifically, the second set threshold may be set to be greater than 50%, which is set to be 51% in this embodiment, and if the consensus passing rate of the first block is greater than or equal to 51%, the first block passes the consensus approval, and the step 1650 is performed; if the consensus passing rate of the first block is less than 51%, step 1660 is entered.
Step 1650, outputting the first chunk, through consensus approval, and adding the first chunk to an end of the blockchain.
After the first block is approved through the consensus, each first transaction in the first block is legal, and information in the first block is added to the first blockchain so as to be convenient for each blockchain manager to access.
Step 1660, determining whether K is greater than a first set threshold, i.e. whether the number of times of approval of the first block reaches the maximum number of times, and the second set threshold is the maximum number of rounds of approval of the first block.
If the maximum number of rounds has been reached, the first block consensus approval fails, and the process proceeds to step 1670, otherwise the process proceeds to step 1620, where the next round of block verification is continued.
Step 1670, outputting the first block consensus approval failure, and deleting the first block.
[ Block verification method ]
Fig. 4D illustrates a block verification flow diagram of the present application, including,
step 16310, the second blockchain manager counts the number of blocks M sent by the first blockchain manager within the second set time.
Wherein the first blockchain manager generates the frequency of blocks based on the number of blocks sent by the first blockchain manager counted at the second set time. The second set time is generally known to be set to 2 minutes.
Therefore, the frequency of the block generated by the first blockchain manager counted by the method can be used for judging whether the first blockchain manager is malicious or not so as to improve the safety of the blockchain.
Step 16320, determining whether the number of blocks M is greater than a third set threshold, i.e., determining whether the first blockchain manager is malicious.
If the number of blocks M is greater than the third set threshold, it is determined that the first blockchain manager is a malicious blockchain manager, and step 16392 is shifted to step 16330, otherwise, block verification is continued. The third set threshold is generally set according to the actual calculation amount of the network, and is set to 10 in this embodiment.
Step 16330, the second blockchain manager performs trust verification on the first block.
The main method of trust verification refers to the trust verification method, and the second blockchain manager or the trusted blockchain manager of the second blockchain manager is proved to successfully receive the block of the first blockchain manager through trust verification, which indicates that the first blockchain manager can be trusted to the second blockchain manager.
Step 16340, determining whether the trust verification of the second blockchain manager on the first block is passed.
If the first block passes the trust verification of the second blockchain manager, the step proceeds to step 16350 to continue the authentication of the first block manager, otherwise, the step proceeds to step 16360 to perform strict authentication on the first block.
Step 16350, the second blockchain manager performs authentication on the first block, including block timestamp authentication and block public key authentication.
The second block chain manager checks whether the difference between the current time stamp and the block time stamp is smaller than a third set time, if so, the block time stamp verification is passed, otherwise, the block time stamp verification is not passed; the block public key verification includes verifying the block signature of the first block by using the block public key of the first block, and if the verification is passed, the block public key passes the verification.
From the above, the block timestamp verification essentially excludes the obsolete block, which usually delays arrival, and the block public key verification is to verify whether the first block chain manager is still valid, and by the identity verification of the second block chain manager to the first block, it can be determined that the first block is a valid non-obsolete block, thereby completing the block verification.
Step 16360, the second blockchain manager performs a strict authentication on the first chunk that does not pass the trust authentication, the strict authentication including transaction timestamp authentication and transaction public key authentication for all transactions of the first chunk.
The transaction time stamp verification comprises the steps that the second blockchain manager checks whether the time difference between the current time stamp and each transaction time stamp of the first block is smaller than a third set time, if the time difference of each transaction is smaller than the third set time, the transaction time stamp verification is passed, and if not, the transaction time stamp verification is not passed; the transaction public key verification comprises the step of verifying the transaction signature of each transaction of the first block by using the transaction public key of each transaction of the first block, and if the signature of each transaction passes verification, the transaction public key passes verification. Wherein the said
By the above, the transaction timestamp verification essence excludes outdated transactions, which usually delay arrival, the transaction public key verification essence is to verify whether each transaction sender of the first block is still valid, and through the strict verification of the second block chain manager on the first block, each transaction of the first block can be judged to be valid non-outdated transaction.
Step 16370, determining whether the first block passes the block identity verification.
If the first block passes the block authentication, the first block passes the block authentication of the second blockchain manager, and goes to step 16391, otherwise, the first block does not pass the block authentication of the second blockchain manager, and goes to step 16392.
Step 16380, determine whether the first block passes the strict authentication.
If the first block passes the strict authentication, the step 16350 continues the block identity authentication, otherwise, the first block does not pass the block authentication of the second blockchain manager, and the step 16392 is performed.
Step 16391, the second blockchain manager reports to the first blockchain manager that the first block passes the block verification, which adds the first blockchain manager to its trust list, where the trust list includes senders of blocks successfully received by each blockchain manager in the blockchain network.
Step 16392, the second blockchain manager reports to the first blockchain manager that the first block fails the block verification.
[ trust verification method ]
Fig. 4E illustrates a flow of a trust verification method in a method embodiment of the present application, including,
Step 16331, the second blockchain manager looks up the first blockchain manager in its trust list.
Wherein if the first blockchain manager is in the trust list of the second blockchain manager, it is indicated that the second blockchain manager has had a direct trust relationship with the first blockchain manager.
By the method, the trust verification is directly carried out on the first block based on the trust relation state of the second blockchain manager on the first blockchain manager, the method is suitable for blockchain networks with similar blockchain managers, trust relations among the blockchain managers are known a priori, the trust relations among the blockchain managers are known a priori, and a large amount of calculation time and calculation resources of the blockchain managers are not consumed based on the method, so that the efficiency of consensus approval is improved.
Step 16332, determining whether the first blockchain manager is in the trusted list of the second blockchain manager.
Wherein if the first blockchain manager is in the trust list of the second blockchain manager, it is indicated that the second blockchain manager has a direct trust relationship with respect to the first blockchain manager layer, and the process goes to step 16337, otherwise, the process goes to step 16333.
The second blockchain manager sends the first block to each third blockchain manager, step 16333.
Wherein the third blockchain manager is each blockchain manager in the trust list of the second blockchain manager.
In step 16334, each third blockchain manager looks up the first blockchain manager in its trust list.
Wherein if the first blockchain manager is in the trust list of the third blockchain manager, it is indicated that the third blockchain manager has had a direct trust relationship with the first blockchain manager.
By the method, the trust verification is directly carried out on the first block based on the trust relation state of the third block chain manager on the first block chain manager, so that a great amount of computation time and computation resources of each third block chain manager are not consumed, and the efficiency of consensus approval is improved.
Step 16335, determining whether the first blockchain manager is in the trust list of any third blockchain manager.
If the first blockchain manager is in the trust list of any third blockchain manager, which indicates that the third blockchain manager has a trust relationship with the first blockchain manager, the first block passes the trust verification of the third blockchain manager, and goes to step 1337, otherwise, goes to step 16336.
Step 16336, outputting that the first block fails the trust verification of the second blockchain manager.
Step 16337, outputting the trust verification that the first block passes the second blockchain manager.
In summary, in the embodiment of the data sharing method of the internet of things based on the blockchain, the validity of the first node generating the service request, namely the data sharing request, is verified through node registration and node authentication, and for the service request storing shared data, the first block generated based on the service request is subjected to consensus approval through a storage block consensus approval method so as to exclude illegal intrusion of a blockchain manager, thereby realizing data sharing of the internet of things based on the blockchain. The memory block consensus approval is to use the trust relationship of each block chain manager in the block chain network, and based on a time back-off algorithm, realize safe and efficient block consensus approval. Compared with the Internet of things in the prior art, the embodiment of the block chain-based Internet of things data sharing method has the advantages of safety and high efficiency.
Embodiments of the apparatus of the present application are described below based on fig. 5 to 8C.
Block chain-based Internet of things data sharing device
Fig. 5 illustrates a schematic diagram of an embodiment of a blockchain-based internet of things data sharing device, including,
the shared service sending module 510 is configured to generate a service request by the first node. The method and advantages of this module are the same as step 110 of the blockchain-based data sharing method embodiment of the internet of things and will not be described in detail herein. For its module structure, please refer to [ service request generation module ].
The node authentication module 520 is configured to perform node authentication on the first node by the first blockchain manager. The method and advantage of this module are the same as step 120 and step 130 of the blockchain-based data sharing method embodiment of the internet of things, and will not be described in detail herein. The module structure is referred to as a vehicle-to-vehicle authentication module.
An access operation module 530 is provided for the first blockchain manager to query the first node for information to be queried from the blockchain in the evening. The method and advantages of this module are the same as step 150 of the blockchain-based data sharing method embodiment of the internet of things and will not be described in detail herein.
The block consensus approval module 540 is configured to generate a first block based on a service request of the first node by the first blockchain manager, and perform consensus approval on the first block on the blockchain network. The method and advantages of this module are the same as step 160 of the blockchain-based data sharing method embodiment of the internet of things and will not be described in detail herein.
The shared data storage module 550 is configured to store the first block approved by the first blockchain manager in the end of the blockchain, and store the stored data in the service information of the service request in the local information database of the first blockchain manager. The method and advantages of this module are the same as step 180 of the blockchain-based data sharing method embodiment of the internet of things and will not be described in detail herein.
The service result sending module 560 is configured to send the result of the service request to the first node, and the method and advantage of this module are the same as step 190 of the data sharing method embodiment of the block chain based internet of things, which is not described in detail herein.
[ service request Generation Module ]
Fig. 6A shows a schematic structural diagram of a service request generation module of the present application, which includes,
the first module 5110 for generating an in-vehicle key is configured to perform node registration by a first node based on the node ID, and generate a first private key and a first public key of the first node based on related data issued by a registration center. The method and advantage of this module are the same as step 1110 of the service request generation method in the data sharing method embodiment of the blockchain-based internet of things.
The service request generation module 5120 is configured to generate a service request, i.e. a sharing request, by the first node. The method and advantage of this module are the same as step 1120 of the service request generation method in the data sharing method embodiment of the blockchain-based internet of things.
The service request sending module 5130 is configured to send the service request to a first blockchain manager randomly selected from the blockchain network through the internet of things by using the first node. The method and advantage of this module are the same as step 1130 of the service request generation method in the blockchain-based data sharing method embodiment of the internet of things.
[ node Key Generation first Module ]
Fig. 6B shows a schematic structural diagram of a first module for node key generation of the present application, which includes,
the node ID sends a first module 5111 for the first node to send the node ID to the registry, i.e. to register with the registry. The method and advantage of the module are the same as step 1111 of the first method for generating the node key in the embodiment of the data sharing method of the block chain-based internet of things.
The system parameter receiving module 5113 is configured to receive, by the first node, the system parameter K1 of the first node and the node portion first private key generated by the registry based on the node ID using the certificateless public key cryptography algorithm. The method and advantage of the module are the same as step 1113 of the first method for generating the node key in the embodiment of the data sharing method of the block chain-based internet of things.
The private key generation first module 5115 is configured to generate, by the first node, its node first private key based on the system parameter K1 of the first node and the node portion first private key using the certificateless public key cryptography algorithm. The method and advantage of the module are the same as step 1115 of the first method for generating the node key in the embodiment of the data sharing method of the block chain-based internet of things.
The public key generation first module 5117 is configured to generate, by the first node, its node first public key based on the first node first private key of the first node using a certificateless public key cryptography algorithm. The method and advantage of this module are the same as step 1117 of the first method for generating the node key in the embodiment of the blockchain-based data sharing method of the internet of things.
[ node authentication Module ]
Fig. 7A shows a schematic structural diagram of a node authentication module of the present application, which includes,
the node key generation second module 5210 is for the first blockchain manager to generate a node second private key and a node second public key based on the node ID. The method and advantage of this module are the same as step 1210 of node authentication in the blockchain-based data sharing method embodiment of the internet of things.
The node timestamp verification module 5220 is configured to perform node timestamp verification on the first node by the first blockchain manager. The method and advantage of this module are the same as step 1220 of node authentication in the blockchain-based data sharing method embodiment of the internet of things.
The node public key verification module 5230 is configured to perform node public key verification on the first node by the first blockchain manager. The method and advantage of this module are the same as step 1230 of node authentication in the blockchain-based data sharing method embodiment of the internet of things.
[ node Key Generation second Module ]
Fig. 7B shows a schematic structural diagram of a node key generation second module of the present application, which includes,
the node ID sends a second module 5211 for the first blockchain manager to register with the registry sender node ID, i.e., with the registry. The method and advantage of this module are the same as step 1211 of the second method for generating the node key in the blockchain-based data sharing method embodiment of the internet of things.
The system parameter receiving module 5213 is configured to receive, by the first blockchain manager, the system parameter K2 of the first node and the node portion second private key generated by the registry based on the node ID using a certificateless public key cryptography algorithm. The method and advantage of this module are the same as step 1213 of the second method for generating the node key in the blockchain-based data sharing method embodiment of the internet of things.
The private key generation second module 5215 for the first blockchain manager to generate its node second private key based on the system parameter K2 of the first node and the node portion second private key using a certificateless public key cryptography algorithm. The method and advantage of this module are the same as step 1215 of the second method for generating the node key in the blockchain-based data sharing method embodiment of the internet of things.
The public key generation second module 5217 for the first blockchain manager to generate its node second public key based on the node second private key of the first node using a certificateless public key cryptography algorithm. The method and advantage of this module are the same as step 1217 of the second method for generating the node key in the blockchain-based data sharing method embodiment of the internet of things.
[ Block consensus approval Module ]
Fig. 8A is a schematic structural diagram of a block co-identification approval of a second embodiment of a block-chain-based data sharing device for internet of things of the present application, including,
the block generating module 5410 is configured to create a first transaction block when the first blockchain manager receives a service request, and add the first transaction to a current block to generate the first block, where the first transaction block includes a transaction timestamp, a transaction public key, a transaction signature, and a transaction message, the transaction timestamp is a time of transaction generation, the transaction public key is a node second public key of the first node, the transaction signature is information signed by using the node second private key of the first node, the transaction message is the information to be stored, the first block includes a block timestamp of the first block generation time, a block signature, and a block message, and the block signature is a signature using the public key of the first blockchain manager, and the block message is information of each transaction block.
The working principle and advantages of the module are the same as those of the block co-identification approval method 1610 in the block chain-based data sharing method embodiment of the internet of things, and are not described in detail herein.
The time backoff module 5420 is configured to send the first block to each second blockchain manager of the blockchain network to perform a round of block verification on the first block after the first blockchain manager waits for a first random time if the number K of rounds of consensus approval for the first block is less than or equal to a first set threshold, where an initial value of K is set to 0, and when each second blockchain manager completes a round of consensus approval for the first block, the K value is increased by 1.
The working principle and advantages of the module are the same as step 1620 of the block co-identification approval method in the block chain-based data sharing method embodiment of the internet of things, and are not described in detail herein.
The block verification module 5430 is configured to perform block verification on the first block when the second blockchain manager receives a block verification request of the first block sent by the first blockchain manager.
The working principle and advantages of the module are the same as step 1630 of the block co-identification approval method in the block chain-based data sharing method embodiment of the internet of things, and are not described in detail herein.
The consensus approval judging module 5440 is configured to calculate, by the first blockchain manager, a consensus passing rate of the first block after the second blockchain manager completes one round of block verification on the first block, if the consensus passing rate is greater than or equal to a second set threshold, the consensus approval of the first block passes, the first blockchain manager appends the first block to an end of the first blockchain, and if the consensus passing rate is less than the second set threshold and a round number K of complete consensus approval on the first block is greater than a first set threshold, the consensus approval of the first block fails; wherein the consensus passing rate is equal to a quotient of a number of second blockchain managers that pass block verification of the first block divided by a total number of second blockchain managers.
The working principle and advantages of the module are the same as those of the block co-identification approval method in the block chain-based data sharing method embodiment, namely, step 1640, step 1650, step 1660 and step 1670, and the advantages of the module include the advantages of the methods described in the above steps, which are not described in detail herein.
[ Block verification Module ]
Fig. 8B shows a schematic block diagram of the block verification module. Which comprises the steps of (a) a step of,
The malicious manager determining module 54310 is configured to count the blocks of the received first blockchain manager by the second blockchain manager within a second set time, generate a total number of blocks of the received first blockchain manager, and report to the first blockchain manager that the block verification of the first block is failed when the total number of blocks of the received first blockchain manager is greater than a third set threshold.
The working principle of the module includes steps 16310, 16320 and 16392 of a block verification method of a block co-approval method embodiment of the block chain manager, and the module advantages include the advantages of the method described in the above steps, which are not described in detail herein.
The trust verification module 54320 is configured to perform trust verification on the first block by the second blockchain manager when the received total number of blocks of the first blockchain manager is less than or equal to a third set threshold.
The working principle of the module includes steps 16330 and 16340 of a block verification method of a block co-approval method embodiment of the block chain manager, and the module advantages include the advantages of the method described in the above steps, which are not described in detail herein.
And the strict verification module 54340 is configured to, when the second blockchain manager performs trust verification on the first block and fails, perform strict verification on all transactions of the first block, and if any one of the strict verifications fails, report to the first blockchain manager that the block verification of the first block fails.
Wherein the module comprises, from the construction,
the transaction time stamp verification module is used for checking whether the difference between the current time stamp and the time stamp of each transaction in the first block is smaller than a fourth set time or not by the second block chain manager, and if so, the transaction time stamp verification is passed;
and the transaction public key verification module is used for verifying the signature of each transaction of the first block by using the public key of the corresponding transaction by the second blockchain manager, and if the verification is passed, the transaction public key is verified to be passed.
The working principle of the module includes steps 16360, 16370 and 16392 of a block verification method of a block co-approval method embodiment of the block chain manager, and the module advantages include the advantages of the method described in the above steps, which are not described in detail herein.
The block identity authentication module 54330 is configured to perform identity authentication on the first block when trust authentication of the second block by the second block chain manager is passed or each authentication in the strict authentication is passed, and if each authentication in the identity authentication of the first block is passed, report to the first block chain manager by the second block chain manager that the block authentication of the first block is passed, otherwise report to the first block chain manager by the second block chain manager that the block authentication of the first block is not passed.
Wherein the module comprises, from the construction,
the block time stamp verification module is used for checking whether the difference between the current time stamp and the first block time stamp is smaller than a third set time or not by the second block chain manager, and if so, the block time stamp verification is passed;
and the block public key verification module is used for verifying the signature of the first block by using the public key of the first block by the second block chain manager, and if the verification is passed, the block public key verification is passed.
The working principle of the module includes steps 16350, 16370, 16391 and 16392 of a block verification method of a block co-approval method embodiment of the block chain manager, and the advantages of the module include the advantages of the method described in the above steps, which are not described in detail herein.
[ trust verification Module ]
Fig. 8C shows a schematic structural diagram of the block verification module. Which comprises the steps of (a) a step of,
the direct trust verification module 54321 is configured to check the second blockchain manager against a locally stored trust list of the second blockchain manager, and if the first blockchain manager is in its trust list, the first blockchain is verified, where the trust list includes a sender of a block successfully received by each blockchain manager in the blockchain network.
The working principle of the module includes steps 16331, 16332 and 16337 of a trust verification method of a method embodiment of block consensus approval of a blockchain manager, and the module advantages include the advantages of the method described in the above steps, which are not described in detail herein.
The block transfer sending module 54322 is configured to send the first block to each third blockchain manager in the trusted list by the second blockchain manager if the first blockchain manager is not in the trusted list.
The working principle of the module includes a step 16333 of a trust verification method of a method embodiment of block consensus approval of a blockchain manager, and the module advantages include the advantages of the method described in the above steps, which are not described in detail herein.
The indirect trust verification module 54323 is configured to check the third blockchain manager for the first blockchain manager based on the locally stored blocklist thereof, and if any third blockchain manager finds that the first blockchain manager is in the locally trusted list thereof, then the third blockchain manager reports the first trust verification to the second blockchain manager
The working principle of the module includes the steps 16334, 16335, 16336 and 16337 of the trust verification method of the block consensus approval method embodiment of the block chain manager, and the module advantages include the advantages of the method described in the above steps, which are not described in detail herein.
In summary, in an embodiment of the data sharing device of the internet of things based on the blockchain, the validity of a first node generating a service request, namely a data sharing request, is verified through node registration and node authentication, and for the service request storing shared data, the first block generated based on the service request is subjected to consensus approval by a storage block consensus approval method so as to exclude illegal intrusion of a blockchain manager, thereby realizing data sharing of the internet of things based on the blockchain. The memory block consensus approval is to use the trust relationship of each block chain manager in the block chain network, and based on a time back-off algorithm, realize safe and efficient block consensus approval. Compared with the Internet of things in the prior art, the embodiment of the block chain-based Internet of things data sharing device has the advantages of safety and high efficiency.
[ computing device ]
The present invention also provides a computing device, described in detail below with respect to FIG. 9.
The computing device 900 includes a processor 910, a memory 920, a communication interface 930, and a bus 940.
It should be appreciated that the communication interface 930 in the computing device 910 shown in this figure may be used to communicate with other devices.
Wherein the processor 910 may be coupled to a memory 920. The memory 920 may be used to store the program codes and data. Accordingly, the memory 920 may be a storage unit internal to the processor 910, an external storage unit independent of the processor 910, or a component including a storage unit internal to the processor 910 and an external storage unit independent of the processor 910.
Optionally, computing device 900 may also include a bus 940. The memory 920 and the communication interface 930 may be connected to the processor 910 through a bus 940. Bus 940 may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus or an extended industry standard architecture (EFStended Industry Standard Architecture, EISA) bus, among others. The bus 940 may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, only one line is shown in the figure, but not only one bus or one type of bus.
It should be appreciated that in embodiments of the present invention, the processor 910 may employ a central processing unit (central processing unit, CPU). The processor may also be other general purpose processors, digital signal processors (digital signal processor, DSP), application specific integrated circuits (application specific integrated circuit, ASIC), off-the-shelf programmable gate arrays (field programmable gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. Or the processor 910 may employ one or more integrated circuits for executing associated programs to perform techniques provided by embodiments of the present invention.
The memory 920 may include read only memory and random access memory and provide instructions and data to the processor 910. A portion of the processor 910 may also include nonvolatile random access memory. For example, the processor 910 may also store information of the device type.
When the computing device 900 is running, the processor 910 executes computer-executable instructions in the memory 920 to perform the operational steps of the various method embodiments.
It should be understood that the computing device 900 according to the embodiments of the present invention may correspond to a respective subject performing the methods according to the embodiments of the present invention, and that the above and other operations and/or functions of the respective modules in the computing device 900 are respectively for implementing the respective flows of the methods according to the embodiments, and are not described herein for brevity.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided by the present invention, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. The storage medium includes various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk.
[ computer Medium ]
The embodiments of the present invention also provide a computer-readable storage medium having stored thereon a computer program for performing the operational steps of the method embodiments when executed by a processor.
The computer storage media of embodiments of the invention may take the form of any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination thereof. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the above embodiments, but may include many other equivalent embodiments without departing from the spirit of the invention, which fall within the scope of the invention.

Claims (26)

1. A block chain-based data sharing method of the Internet of things is characterized by comprising the following steps of,
the method comprises the steps that a first blockchain manager receives a service request from a first node of the Internet of things, wherein the service request comprises a node ID of the first node, a service time stamp, signature information and a service operation type;
the first blockchain manager performs node authentication on the first node based on the service timestamp and the node second public key, if the node authentication is passed, the first blockchain manager reports the node second public key of the first node and the node ID of the first node to the blockchain network, and if the node authentication is not passed, the first blockchain manager sends a node authentication failure message to the first node, wherein the first blockchain manager generates the node second public key of the first node based on the node ID;
for a first node authenticated by the node, if the service operation type is access, the first blockchain manager performs query operation and sends a query result to the first node;
for a first node whose node authentication passes, if the service operation type is storage, the first blockchain manager generates a first block based on the service request message, and sends the first block to the blockchain network where the first block is located for consensus approval, if the consensus approval passes, the first block is added to the tail end of the blockchain network, a storage success message is sent to the first node, if the consensus approval fails, a service request failure message is sent to the first node,
The signature information is encrypted service information signed by using a node first private key of a first node, the operation type comprises inquiry and storage, a service time stamp is service request generation time, and the node first private key of the first node is signed by a private key generated based on a node ID of the first node;
wherein the first blockchain manager generating the node second public key of the first node based on the node ID includes the first blockchain manager sending the node ID in the service request to the registry, and
the first blockchain manager receives a system parameter k2 and a node part second private key of the first node from the registry, wherein the system parameter k2 and the node part second private key are generated by the registry based on the node ID, and
the first blockchain manager generates a node second private key of the first node based on the system parameter k2 and the node portion second private key, and
the first blockchain manager generates a node second public key of the first node based on the node second private key of the first node;
wherein the first blockchain manager performing node authentication on the first node based on the service timestamp and the node second public key comprises node timestamp verification, which comprises the steps that the first blockchain manager checks whether the difference between the current timestamp and the service timestamp in the service request sent by the first node is smaller than a first set time, if so, the first node passes the node timestamp verification, and
And the node public key verification comprises that the first blockchain manager uses the node second public key of the first node to verify the signature of the signature information in the service request, and if the verification is passed, the first node passes the node public key verification and obtains the encrypted service information.
2. The method of claim 1, wherein the first blockchain manager performing the query operation comprises,
decrypting the encrypted service information by the first block chain manager to determine information to be queried by the first node;
the first blockchain manager queries the queried information based on a local information database, and if the queried information is not found in the local information database, the first blockchain manager searches the blockchain network for the queried information.
3. The method of claim 1, wherein the first blockchain network manager generating a first block based on the service request message comprises,
the first block chain manager decrypts the encrypted service information and determines information to be stored by the first node;
the first block chain manager creates a first transaction block based on the received service request, wherein the first transaction block comprises a transaction timestamp, a transaction public key, a transaction signature and a transaction message, the transaction timestamp is the generation time of the first transaction, the transaction public key is a node second public key of a first node, the transaction signature is a signature of a node second private key using the first node, and the transaction message is the information to be stored;
The first blockchain manager adds the first transaction to the current block to generate a first block, wherein the first block comprises a block timestamp of the time of generating the first block, a block signature and a block message, the block signature is a signature using a public key of the first blockchain manager, and the first block message comprises information of each transaction block.
4. The method of claim 3, wherein transmitting the first chunk to the blockchain network for consensus approval comprises,
the first block chain manager sends a first block to the block chain network for multi-round block verification, wherein one round of block verification is that each second block chain manager of the block chain network completes one block verification for the first block, and the second block chain manager is other block managers except the first block chain manager on the block chain network;
if the number of rounds K of the block verification completed by the first block is smaller than or equal to a first set threshold value, after the first block chain manager waits for a first random time, sending the first block to other second block chain managers in the block chain network to perform block verification on the first block, wherein the initial value of K is set to 0;
When the second block chain manager receives a block verification request of a first block sent by the first block chain manager, performing block verification on the first block;
after each second block chain manager completes one round of block verification on the first block, the first block chain manager calculates the consensus passing rate of the first block, if the consensus passing rate is greater than or equal to a second set threshold value, the first block chain manager adds the first block to the tail end of the first block chain, and stores stored information in a local information database, otherwise, the K value is increased by 1;
if the consensus passing rate is smaller than a second set threshold value and the number K of rounds of completing consensus approval for the first block is larger than a first set threshold value, the first block fails to be subjected to consensus approval;
wherein the consensus passing rate is equal to a quotient of a number of second blockchain managers that pass block verification of the first block divided by a total number of second blockchain managers.
5. The method of claim 4, wherein the second blockchain manager validating the first blockchain manager includes,
the second blockchain manager counts the received blocks of the first blockchain manager within a second set time to generate the total number of the received blocks of the first blockchain manager, and when the total number of the received blocks of the first blockchain manager is greater than a third set threshold, the second blockchain manager reports to the first blockchain manager that the block verification of the first block is not passed;
When the total number of the received blocks of the first block chain manager is smaller than or equal to a third set threshold value, the second block chain manager performs trust verification on the first block based on a trust relationship;
if the trust verification of the second blockchain manager on the first block is not passed, the second blockchain manager performs strict verification on the first block, and if any one of the strict verifications of the second blockchain manager on the first block is not passed, the second blockchain manager reports to the first blockchain manager that the block verification of the first block is not passed;
if the trust verification of the second blockchain manager on the first block passes or passes strictly, performing block identity verification on the first block, then if the first block passes each verification in the block identity verification, reporting the block verification of the first block to the first blockchain manager by the second blockchain manager, and storing the first blockchain manager in a trust list thereof, otherwise, reporting the block verification of the first block to the first blockchain manager by the second blockchain manager, wherein the trust list comprises the sender of the block successfully received by each blockchain manager in the blockchain network.
6. The method of claim 5, wherein the trust verification comprises,
the second blockchain manager checks the first blockchain manager based on a locally stored trust list, and if the first blockchain manager is located in the trust list, the first blockchain manager passes the trust verification;
if the first blockchain manager is not in the trusted list, the second blockchain manager will send the first block to each third blockchain manager in its trusted list;
each third blockchain manager checks the first blockchain manager based on its locally saved trust list, and if any third blockchain manager finds that the first blockchain manager is in its local trust list, the third blockchain manager reports the first blockchain validation pass to the second blockchain manager.
7. The method of claim 5, wherein the block authentication comprises,
the second block chain manager checks whether the difference between the current time stamp and the block time stamp of the first block is smaller than a third set time, if so, the block time stamp verification is passed, otherwise, the block time stamp verification is not passed;
Block public key verification, which includes verifying a block signature of a first block using a block public key of the first block, the block public key verification passing if the verification passes.
8. The method of claim 5, wherein said stringent authentication comprises,
transaction timestamp verification, which includes, the second blockchain manager checking whether the difference between the current timestamp and the transaction timestamp of each transaction in the first block is less than a fourth set time, if so, the transaction timestamp verification passes;
and the transaction public key verification comprises the step of verifying the transaction signature of each transaction of the first block by using the transaction public key of the transaction, and if the transaction public key passes the transaction public key verification.
9. The method of claim 4, wherein the first random time is equal to a sum of a second random time and a third random time, wherein the second random time is greater than or equal to a 2 times delay time product and less than a second set time, the third random time is equal to a product of a first random number and a delay time, the first random number is a random number between a difference of k times from 0 to 2 minus 1, and the delay time is a minimum transmission delay between the first blockchain manager and each second blockchain manager.
10. A block chain-based data sharing method of the Internet of things is characterized by comprising the following steps of,
the first node generates a node first public key and a node first private key of the first node based on the node ID;
creating a service request by a first node, and sending the service request to a first blockchain manager randomly selected by a blockchain network connected with the internet of things for processing, wherein the service request comprises a node ID of the first node, a service timestamp, signature information and a service operation type, the signature information is encrypted service information signed by using a first private key of the node, the operation type comprises inquiry and storage, the service timestamp is service generation time, the blockchain network performs node authentication on the first node according to the method of any one of claims 4-9, and performs consensus approval on a first block created by the first node through the node authentication and the service operation type is the stored first node;
the first node receives a service request result generated by the first blockchain manager based on the service request, wherein the service request result comprises,
if the first node passes the node authentication and the first service request message contains a query operation, the service request result is a query result sent by the first blockchain manager, and
If the first node passes the node authentication and the first service request message contains a storage operation, when the first block passes the consensus approval, the service request result is a storage success message sent by the first blockchain manager, and
if the first node fails the node authentication by the first blockchain manager, the service request result is a node authentication failure message sent by the first blockchain manager,
and if the first block fails the consensus approval, the service request result is a service request failure message sent by the first blockchain manager.
11. The method of claim 10, wherein the first node generates its node first public key and node first private key based on the node ID, comprising,
the first node sends its node ID to the registry;
the first node receives a system parameter k1 and a first private key of the first node part from a registry, wherein the system parameter k1 and the first private key of the first node part are generated by the registry based on the node ID;
the first node generates a node first private key of the first node based on the system parameter k1 and the node part first private key;
The first node generates its node first public key based on its node first private key.
12. A block chain-based data sharing device of the Internet of things is characterized by comprising,
the system comprises a service request receiving module, a service request receiving module and a service operation module, wherein the service request receiving module is used for receiving a service request of a first node of the Internet of things, the service request comprises a node ID of the first node, a service time stamp, signature information and a service operation type, the signature information is encrypted service information signed by using a first private key of the node, the operation type comprises inquiry and storage, the service time stamp is service generation time, the first private key signature of the node of the first node is a private key generated based on the node ID of the first node, and the first blockchain manager is the blockchain manager for receiving the service request of the first node;
the node authentication module is used for carrying out node authentication on the first node by the first blockchain manager based on the service time stamp and the node second public key, and if the node authentication is passed, the first blockchain manager reports the node ID of the first node and the node second public key to the blockchain network of the first node, wherein when the first blockchain manager does not have the node second public key of the first node, the first blockchain manager generates the node second public key of the first node based on the node ID;
The access operation module is used for carrying out query operation on the first block chain manager if the first node passes node authentication and the service operation type in the service request is access;
the storage operation module is used for generating a first block based on the service request message by the first block chain manager if the first node passes node authentication and the service operation type in service is storage, performing consensus approval on the first block to the block chain network, and adding the first block to the tail end of a block chain of the block chain network if the consensus approval passes;
a service result sending module, configured to send, by the first blockchain manager, a result of receiving a service request to the first node, where the service request result includes, if the first node is authenticated by the node of the first blockchain manager and the first service request message includes a query operation, the service request result is the query result, and
if the node passes the node authentication of the first blockchain manager and the first service request message comprises a storage operation and the first block passes the consensus approval, the service request result is a storage success message, and
If the first block fails the consensus approval, the service request result is a service request failure message, and
if the first node fails the node authentication, the service request result is a node authentication failure message;
a node key generation second module including a node ID transmission second module for the first blockchain manager to transmit the node ID of the first node to the registry, an
A parameter receiving second module for the first blockchain manager to receive the system parameter k2 and the node part second private key of the first node from the registry, wherein the system parameter k2 and the node part second private key are generated by the registry based on the node ID, and
a second private key generation module, configured to generate a second private key of the node of the first node by using the first blockchain manager based on the system parameter k2 and the second private key of the node part;
a public key generation second module for the first blockchain manager to generate a node second public key of the first node based on the node second private key of the first node;
the node authentication device comprises a node timestamp verification module for checking whether the difference between the current timestamp and the service timestamp in the service request sent by the first node is smaller than a first set time by the first blockchain manager, and if so, the first node passes the node timestamp verification, and
And the node public key verification module is used for verifying the signature of the signature information in the service request by using the node second public key of the first node by the first blockchain manager, and if the verification is passed, the first node passes the node public key verification and obtains the encrypted service information.
13. The apparatus of claim 12, wherein the access operation module comprises,
the inquiry information determining module is used for decrypting the encrypted service information by the first block chain manager and obtaining information which needs to be inquired by the first node;
the local query module is used for querying the queried information by the first blockchain manager based on a local information database;
and the remote query module is used for searching the queried information in the blockchain network by the first blockchain manager if the queried information cannot be found in the local information database.
14. The apparatus of claim 12, wherein the storage operation module comprises,
the storage content module is used for decrypting the encrypted service information by the first block chain manager and obtaining information required to be stored by the first node;
the system comprises a block generation module, a first block chain manager and a second block chain manager, wherein the block generation module is used for creating a first transaction based on a received service request message, the first block chain manager adds the first transaction into a current block to generate a first block, the first transaction block comprises a transaction timestamp, a transaction public key, a transaction signature and a transaction message, the transaction timestamp is the time generated by the first transaction, the transaction public key is a node second public key of a first node, the transaction signature is a signature of a node second private key using the first node, the transaction message is information to be stored, the first block comprises a block timestamp, a block chain signature and a block message for generating the first block time, and the block signature is a signature using the public key of the first block chain manager, and the block message comprises information of each transaction block;
The first block chain manager is used for placing the first block into the block chain network for consensus approval;
and the information storage module is used for adding the first block which passes the consensus approval to the end of the first block chain by the first block chain manager and storing the stored information in the local information database.
15. The apparatus of claim 14, wherein the consensus approval module comprises,
the time back-off module is used for sending the first block to each second block chain manager of the block chain network to perform a new round of block verification on the first block after the first block chain manager waits for a first random time if the number K of rounds of block verification completed by the first block is smaller than or equal to a first set threshold, wherein the initial value of K is set to 0, and one round of block verification is that each second block chain manager of the block chain network completes one round of block verification on the first block;
the block verification module is used for performing block verification on the first block when the second block chain manager receives a block verification request of the first block sent by the first block chain manager;
the consensus approval judging module is used for the first block chain manager to calculate the consensus passing rate of the first block after the second block chain manager completes one round of block verification on the first block, if the consensus passing rate is larger than or equal to a second set threshold value, if the first block is judged to pass the consensus approval, otherwise, the K value is increased by 1, and if the consensus passing rate is smaller than a second set threshold value and the number of rounds K of completing the consensus approval for the first block is larger than a first set threshold value, the first block fails the consensus approval;
Wherein the consensus passing rate is equal to a quotient of a number of second blockchain managers that pass block verification of the first block divided by a total number of second blockchain managers, the second blockchain manager being other blockchain managers on the blockchain network than the first blockchain manager.
16. The apparatus of claim 15, wherein the block verification module comprises,
the malicious manager judging module is used for counting the received blocks of the first block chain manager in a second set time to generate the total number of the received blocks of the first block chain manager, and when the total number of the received blocks of the first block chain manager is larger than a third set threshold value, the second block chain manager reports that the block verification of the first block is not passed to the first block chain manager;
the trust verification module is used for performing trust verification on the first block by the second block chain manager when the total number of the received blocks of the first block chain manager is smaller than or equal to a third set threshold value;
the strict authentication module is used for carrying out strict authentication on all transactions of the first block when the second block chain manager carries out trust authentication on the first block and fails, and if any one of the strict authentication fails, the second block chain manager reports that the block authentication of the first block fails to pass to the first block chain manager;
And the block identity authentication module is used for carrying out identity authentication on the first block when the trust authentication of the second block chain manager on the first block passes or the strict authentication passes, and then reporting the block authentication of the first block to the first block chain manager by the second block chain manager if all the authentication of the first block passes, adding the first block chain to a trust list thereof, otherwise reporting the block authentication of the first block to the first block chain manager by the second block chain manager not to pass, wherein the trust list comprises the sender of the block successfully received by each block chain manager in the block chain network.
17. The apparatus of claim 16, wherein the trust verification module comprises,
the direct trust verification module is used for checking the first blockchain manager from a trust list stored locally by the second blockchain manager, and if the first blockchain manager is in the trust list, the first blockchain manager passes the trust verification;
the block transfer sending module is used for sending the first block to each third block chain manager in the trust list by the second block chain manager if the first block chain manager is not in the trust list;
And the indirect trust verification module is used for checking the first blockchain manager by the third blockchain manager based on the locally stored blocklist, and if any third blockchain manager finds that the first blockchain manager is in the locally trusted list, reporting the first trust verification to the second blockchain manager by the third blockchain manager.
18. The apparatus of claim 16, wherein the block authentication module comprises,
the block time stamp verification module is used for checking whether the difference between the current time stamp and the block time stamp of the first block is smaller than a third set time or not by the second block chain manager, and if so, the block time stamp verification is passed;
and the block public key verification module is used for verifying the signature of the first block by using the public key of the first block by the second block chain manager, and if the verification is passed, the block public key verification is passed.
19. The apparatus of claim 16, wherein the stringent authentication module comprises,
the transaction timestamp verification module is used for checking whether the difference between the current timestamp and the transaction timestamp of each transaction in the first block is smaller than a fourth set time or not by the second block chain manager, and if so, the transaction timestamp verification is passed;
And the transaction public key verification module is used for verifying the transaction signature of each transaction of the first block by using the transaction public key of the corresponding transaction by the second blockchain manager, and if the verification is passed, the transaction public key is verified to be passed.
20. The apparatus of claim 15, wherein the first random time is equal to a sum of a second random time that is greater than or equal to a 2 times delay time product and less than a second set time and a third random time that is equal to a product of a first random number that is a random number between a difference of k times 0 to 2 minus 1 and a delay time that is a minimum transmission delay between the first blockchain manager and each second blockchain manager.
21. A block chain-based data sharing device of the Internet of things is characterized by comprising,
a node key generation first module, wherein the first node generates a node first public key and a node first private key based on the node ID;
the service request creation module is used for creating a service request by a first node and sending the service request to a first blockchain manager randomly selected by a blockchain network connected with the Internet of things for processing, wherein the service request comprises a node ID of the first node, a node first public key of the first node, a service timestamp, signature information and a service operation type, the signature information is encrypted service information signed by using the node first private key, the operation type comprises inquiry and storage, the service timestamp is service generation time, the blockchain network performs node authentication on the first node according to the method of any one of claims 4-9, and performs consensus approval on a first block created by the first node which passes through the node authentication and is stored by the service operation type;
A service result receiving module, configured to receive, by a first node, a service request result generated by a first blockchain manager based on the service request, where the service request result includes,
if the first node passes the node authentication and the first service request message contains a query operation, the service request result is a query result sent by the first blockchain manager, and
if the first node passes the node authentication and the first service request message contains a storage operation, when the first block passes the consensus approval, the service request result is a storage success message sent by a first blockchain manager, and
if the first node fails the node authentication, the service request result is a node authentication failure message sent by the first blockchain manager, and
and if the first block fails the consensus approval, the service request result is a service request failure message sent by the first block chain manager.
22. The apparatus of claim 21, wherein the node public-private key generation first module comprises,
a node ID sending first module, configured to send a node ID of a first node to a registry;
A parameter receiving first module, configured to receive, by a first node, a system parameter k1 and a first private key of a first node portion from a registry, where the system parameter k1 and the first private key of the first node portion are generated by the registry based on the node ID;
a first private key generation module, configured to generate, by a first node, a node first private key of the first node based on the system parameter k1 and a node portion first private key thereof;
the first node generates its node first public key based on its node first private key.
23. A blockchain manager comprising the apparatus of any of claims 12 to 20.
24. A node comprising an apparatus as claimed in any of claims 21 to 22.
25. A computing device, comprising,
a bus;
a communication interface connected to the bus;
at least one processor coupled to the bus; and
at least one memory coupled to the bus and storing program instructions that, when executed by the at least one processor, cause the at least one processor to perform the method of any of claims 1 to 9 or 10 to 11.
26. A computer readable storage medium having stored thereon program instructions, which when executed by a computer cause the computer to perform the method of any of claims 1 to 9 or 10 to 11.
CN202011459867.5A 2020-12-11 2020-12-11 Block chain-based Internet of things data sharing method and device Active CN112435028B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011459867.5A CN112435028B (en) 2020-12-11 2020-12-11 Block chain-based Internet of things data sharing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011459867.5A CN112435028B (en) 2020-12-11 2020-12-11 Block chain-based Internet of things data sharing method and device

Publications (2)

Publication Number Publication Date
CN112435028A CN112435028A (en) 2021-03-02
CN112435028B true CN112435028B (en) 2024-03-08

Family

ID=74691479

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011459867.5A Active CN112435028B (en) 2020-12-11 2020-12-11 Block chain-based Internet of things data sharing method and device

Country Status (1)

Country Link
CN (1) CN112435028B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113612616A (en) * 2021-07-27 2021-11-05 北京沃东天骏信息技术有限公司 Vehicle communication method and device based on block chain
CN115914243A (en) * 2021-08-17 2023-04-04 中移物联网有限公司 Information processing method and device and storage medium
CN113572620B (en) * 2021-09-27 2021-12-24 中邮消费金融有限公司 On-line voting method and system based on block chain
CN114039753B (en) * 2021-10-27 2024-03-12 中国联合网络通信集团有限公司 Access control method and device, storage medium and electronic equipment
CN114048509A (en) * 2021-11-26 2022-02-15 北京城建设计发展集团股份有限公司 Rail transit comprehensive monitoring method and device and electronic equipment
CN115396086A (en) * 2022-06-20 2022-11-25 中国联合网络通信集团有限公司 Identity authentication method, device, equipment and storage medium
CN117834301B (en) * 2024-03-05 2024-05-17 江苏社汇通智能科技有限公司 Internet of things-based network security communication control method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109347941A (en) * 2018-10-10 2019-02-15 南京简诺特智能科技有限公司 A kind of data sharing platform and its implementation based on block chain
CN109583820A (en) * 2018-12-19 2019-04-05 东莞市盟大塑化科技有限公司 A kind of freight tracking method based on block chain technology
CN109918878A (en) * 2019-04-24 2019-06-21 中国科学院信息工程研究所 A kind of industrial internet of things equipment authentication and safety interacting method based on block chain
CN111241557A (en) * 2019-12-31 2020-06-05 支付宝(杭州)信息技术有限公司 Service request method and device based on block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109347941A (en) * 2018-10-10 2019-02-15 南京简诺特智能科技有限公司 A kind of data sharing platform and its implementation based on block chain
CN109583820A (en) * 2018-12-19 2019-04-05 东莞市盟大塑化科技有限公司 A kind of freight tracking method based on block chain technology
CN109918878A (en) * 2019-04-24 2019-06-21 中国科学院信息工程研究所 A kind of industrial internet of things equipment authentication and safety interacting method based on block chain
CN111241557A (en) * 2019-12-31 2020-06-05 支付宝(杭州)信息技术有限公司 Service request method and device based on block chain

Also Published As

Publication number Publication date
CN112435028A (en) 2021-03-02

Similar Documents

Publication Publication Date Title
CN112435028B (en) Block chain-based Internet of things data sharing method and device
Othmane et al. A survey of security and privacy in connected vehicles
KR102673331B1 (en) Distribution of software updates to vehicles through V2V communication and verification by the vehicle community
WO2019083440A2 (en) Vehicle-mounted device upgrading method and related device
CN112399382A (en) Vehicle networking authentication method, device, equipment and medium based on block chain network
US11546173B2 (en) Methods, application server, IoT device and media for implementing IoT services
CN110324335B (en) Automobile software upgrading method and system based on electronic mobile certificate
JP7214838B2 (en) How certificate status is determined
CN108650220B (en) Method and equipment for issuing and acquiring mobile terminal certificate and automobile end chip certificate
Limbasiya et al. Lightweight secure message broadcasting protocol for vehicle-to-vehicle communication
KR101954507B1 (en) Method and apparatus for generating certificate of a vehicle
Alam Securing vehicle Electronic Control Unit (ECU) communications and stored data
Zhang et al. Secure and reliable parking protocol based on blockchain for VANETs
CN115580488A (en) Vehicle-mounted network message authentication method based on block chain and physical unclonable function
CN112235301A (en) Method and device for verifying access authority and electronic equipment
CN111614731A (en) Method and system for accessing block chain to Internet of things equipment, aggregation gateway and storage medium
CN113612616A (en) Vehicle communication method and device based on block chain
Limbasiya et al. Autosec: Secure automotive data transmission scheme for in-vehicle networks
KR102377045B1 (en) SYSTEMS AND METHODS FOR AUTHENTICATING IoT DEVICE THROUGH CLOUD USING HARDWARE SECURITY MODULE
CN114785521B (en) Authentication method, authentication device, electronic equipment and storage medium
CN111866808B (en) Identity authentication method, device and storage medium
Qin et al. ECAS: An efficient and conditional privacy preserving collision warning system in fog-based vehicular ad hoc networks
CN112541763B (en) Block co-identification approval method and device of block chain manager
CN110519708B (en) Point-to-multipoint communication method and device based on PC5 interface
Wang et al. A consortium blockchain-based model for data sharing in Internet of Vehicles

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant