CN112751807B - Secure communication method, device, system and storage medium - Google Patents
Secure communication method, device, system and storage medium Download PDFInfo
- Publication number
- CN112751807B CN112751807B CN201911048470.4A CN201911048470A CN112751807B CN 112751807 B CN112751807 B CN 112751807B CN 201911048470 A CN201911048470 A CN 201911048470A CN 112751807 B CN112751807 B CN 112751807B
- Authority
- CN
- China
- Prior art keywords
- internet
- things
- intelligent contract
- things equipment
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention discloses a secure communication method, a device, a system and a storage medium, relating to the network security technology. The secure communication method comprises the following steps: acquiring attribute information sent by the Internet of things equipment through an intelligent contract interface, wherein the attribute information is description information of the Internet of things equipment and Internet of things data to be sent by the Internet of things equipment; verifying the attribute information by adopting an intelligent contract; under the condition that the verification is passed, transmitting an instruction allowed to be transmitted to the Internet of things equipment through the intelligent contract interface so that the Internet of things equipment can transmit Internet of things data through the intelligent contract interface; and sending the content sent by the intelligent contract interface to the block chain node so that the block chain node generates a block according to the content and stores the block into the block chain. Therefore, abnormal or damaged nodes can be found quickly, the possibility that the server is attacked by DDoS is reduced, and the safety of the Internet of things network is improved.
Description
Technical Field
The present invention relates to network security technologies, and in particular, to a secure communication method, apparatus, system, and storage medium.
Background
At present, massive Internet of things equipment is added into the Internet. Due to the occurrence of bugs such as botnet source codes Mirai and variants thereof and the limitation of resources of the device, the attack amount and convenience of Distributed Denial of Service attack (DDoS) are greatly increased, thereby bringing specific security challenges. Similar to other security fields, due to the rapid evolution of DDoS attack patterns, a traditional DDoS protection scheme designed only for preventing a single attack source cannot cope with large-volume malicious traffic impact under the intervention of internet-of-things equipment.
Disclosure of Invention
The embodiment of the invention aims to solve the technical problem that: how to improve the security of the internet of things network.
According to a first aspect of some embodiments of the present invention there is provided a secure communications method comprising: acquiring attribute information sent by the Internet of things equipment through an intelligent contract interface, wherein the attribute information is description information of the Internet of things equipment and Internet of things data to be sent by the Internet of things equipment; verifying the attribute information by adopting an intelligent contract; under the condition that the verification is passed, transmitting an instruction allowed to be transmitted to the Internet of things equipment through the intelligent contract interface so that the Internet of things equipment can transmit Internet of things data through the intelligent contract interface; and sending the content sent through the intelligent contract interface to the blockchain node so that the blockchain node generates a block according to the content and stores the block into the blockchain.
In some embodiments, the attribute information includes at least one of an address of the internet of things device and a data amount of internet of things data to be sent by the internet of things device.
In some embodiments, the attribute information includes an address of the internet of things device and a data volume of internet of things data to be sent by the internet of things device; the verification of the attribute information by adopting the intelligent contract comprises the following steps: the intelligent contract judges whether the address of the Internet of things equipment is located in a credible list corresponding to the intelligent contract or not; if the address of the Internet of things equipment is not located in the trusted list corresponding to the intelligent contract, the verification fails; if the address of the Internet of things equipment is located in the credible list corresponding to the intelligent contract, the intelligent contract judges whether the data volume of the Internet of things data to be sent by the Internet of things equipment exceeds an equipment preset value distributed for the Internet of things equipment or not; if not, the check is passed, otherwise the check is not passed.
In some embodiments, the attribute information includes an address of the internet of things device and a data volume of internet of things data to be sent by the internet of things device; the verification of the attribute information by adopting the intelligent contract comprises the following steps: the intelligent contract judges whether the address of the Internet of things equipment is located in a trusted list corresponding to the intelligent contract or not; if the address of the Internet of things equipment is not located in the credible list corresponding to the intelligent contract, the verification is failed; if the address of the Internet of things equipment is located in the credible list corresponding to the intelligent contract, the intelligent contract judges whether the data volume of the Internet of things data to be sent by the Internet of things equipment exceeds an equipment preset value distributed for the Internet of things equipment or not; if the data volume of the data of the Internet of things exceeds the preset value of the equipment, the verification fails; if the data volume of the data of the Internet of things does not exceed the preset value of the equipment, the intelligent contract judges whether the total data volume transmitted in the current Internet of things network exceeds the preset value of the system or not; and if the total data amount does not exceed the preset value of the system, the verification is passed, otherwise, the verification is not passed.
In some embodiments, the secure communication method further comprises: and under the condition that the verification fails, sending an instruction which is not allowed to be sent through the intelligent contract interface so as to reject the equipment of the Internet of things from sending the data of the Internet of things.
In some embodiments, the secure communication method further comprises: and creating an intelligent contract, and broadcasting an interface address of the created intelligent contract to the Internet of things equipment.
In some embodiments, the secure communication method further comprises: acquiring a registration request sent by the Internet of things equipment through an intelligent contract interface; and in response to the completion of the registration process of the Internet of things equipment, adding the Internet of things equipment into a trusted list corresponding to the intelligent contract.
In some embodiments, the secure communication method further comprises: a first block chain link point in the block chain system acquires content transmitted through an intelligent contract interface; the first block link point packs the content to generate a block; the first block chain node distributes the generated blocks in the block chain system; and verifying the generated block by a second block chain link point in the block chain system, and storing the verified block into the block chain.
According to a second aspect of some embodiments of the present invention there is provided a secure communications apparatus comprising: the attribute information acquisition module is configured to acquire attribute information sent by the Internet of things equipment through an intelligent contract interface, wherein the attribute information is description information of the Internet of things equipment and Internet of things data to be sent by the Internet of things equipment; the verification module is configured to verify the attribute information by adopting the intelligent contract; the instruction sending module is configured to transmit the instruction allowed to be sent to the Internet of things equipment through the intelligent contract interface under the condition that the verification is passed, so that the Internet of things equipment sends the Internet of things data through the intelligent contract interface; and the content recording module is configured to send the content sent through the intelligent contract interface to the blockchain node so that the blockchain node generates a block according to the content and stores the block into the blockchain.
According to a third aspect of some embodiments of the present invention there is provided a secure communication system comprising: one or more servers comprising the aforementioned secure communication device; and one or more internet of things devices.
In some embodiments, some or all of the one or more servers constitute a blockchain system as blockchain link points.
According to a fourth aspect of some embodiments of the present invention there is provided a secure communications apparatus comprising: a memory; and a processor coupled to the memory, the processor configured to perform any of the foregoing secure communication methods based on instructions stored in the memory.
According to a fifth aspect of some embodiments of the present invention, there is provided a computer readable storage medium having a computer program stored thereon, wherein the program when executed by a processor implements any one of the aforementioned secure communication methods.
Some embodiments of the above invention have the following advantages or benefits: according to the embodiment of the invention, the safe and reliable management and control of massive Internet of things equipment can be realized through an intelligent contract, and malicious flow is recorded through a block chain mechanism so as to effectively trace the source, so that abnormal or damaged nodes can be found quickly, the possibility that a server is attacked by DDoS is reduced, and the safety of the Internet of things network is improved.
Other features of the present invention and advantages thereof will become apparent from the following detailed description of exemplary embodiments of the invention, which proceeds with reference to the accompanying drawings.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flow diagram of a secure communication method according to some embodiments of the invention.
Fig. 2 is a flow diagram of a security verification method according to some embodiments of the invention.
FIG. 3 is a flow diagram illustrating a security verification method according to further embodiments of the invention.
Fig. 4 is a flowchart illustrating a method of performing a blockchain operation according to some embodiments of the present invention.
FIG. 5 is a flow diagram illustrating an initialization method according to some embodiments of the invention.
Fig. 6 is a schematic diagram of a secure communications device according to some embodiments of the present invention.
Fig. 7 is a block diagram of a secure communication system according to some embodiments of the invention.
Fig. 8 is a schematic diagram of a secure communications apparatus according to further embodiments of the present invention.
Fig. 9 is a schematic diagram of a secure communications apparatus according to further embodiments of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be discussed further in subsequent figures.
Fig. 1 is a flow diagram illustrating a secure communication method according to some embodiments of the invention. As shown in fig. 1, the secure communication method of this embodiment includes steps S102 to S108.
In step S102, attribute information sent by the internet of things device through the intelligent contract interface is acquired.
The attribute information is description information of the internet of things equipment and internet of things data to be sent by the internet of things equipment. In some embodiments, the attribute information includes at least one of an address of the internet of things device and a data volume of internet of things data to be sent by the internet of things device.
The intelligent contract is a piece of code running in a blockchain, and can be deployed in a server. Intelligent contracts may be used, for example, to monitor the consumption of bandwidth resources in a network, authorize device access, messaging, and other processes.
The intelligent contract can provide a calling interface for the Internet of things equipment in the Internet of things. The internet of things equipment can realize the transmission process of the internet of things data by calling an intelligent contract interface, and the process comprises the steps of transmitting attribute information and transmitting the internet of things data.
In step S104, the attribute information is checked using the intelligent contract. Through the verification, whether the Internet of things equipment is the safety equipment or not and whether the data to be sent by the Internet of things equipment meets the safety requirements or not can be judged.
In step S106, in the case that the verification passes, the instruction allowed to be sent is transmitted to the internet of things device through the intelligent contract interface, so that the internet of things device sends the internet of things data through the intelligent contract interface.
In some embodiments, in the case that the verification fails, an instruction not allowed to be sent is sent through the intelligent contract interface so as to refuse the internet of things device to send the internet of things data. Therefore, the attack sent by the equipment of the Internet of things is avoided.
In step S108, the content transmitted through the smart contract interface is sent to the blockchain node, so that the blockchain node generates a block according to the content and stores the block into the blockchain. The content transmitted through the smart contract interface may include attribute information, instructions to allow transmission, instructions to disallow transmission, internet of things data, and so on.
In some embodiments, the blockchain network may include some or all of the servers in the internet of things network. The block link point for generating the block can be a server itself communicating with the internet of things device, or other servers with stronger computing power in the network.
By the method of the embodiment, safe and reliable management and control over massive Internet of things equipment can be achieved through intelligent contracts, malicious traffic is recorded through a block chain mechanism so as to effectively trace to the source, abnormal or damaged nodes can be found quickly, the possibility that a server is attacked by DDoS is reduced, and the safety of the Internet of things network is improved.
An embodiment for performing security checks is described below with reference to fig. 2 and 3.
FIG. 2 is a flow diagram illustrating a security verification method according to some embodiments of the invention. As shown in fig. 2, the security verification method of this embodiment includes steps S202 to S204.
In step S202, the intelligent contract determines whether the address of the internet-of-things device is located in a trusted list corresponding to the intelligent contract. If not, the check fails; if so, step S204 is performed.
In step S204, the intelligent contract determines whether the data volume of the internet-of-things data to be sent by the internet-of-things device exceeds a device preset value allocated to the internet-of-things device; if not, the check is passed, otherwise the check is not passed.
For example, the smoke sensing device sends a smaller amount of data per time, while the video surveillance device sends a larger amount of data per time. If the data volume of the smoke sensing data to be transmitted by the smoke sensing device exceeds the device preset value allocated to the smoke sensing device, the smoke sensing device is likely to be in an abnormal state.
By the method of the embodiment, whether the Internet of things equipment is credible or not can be judged firstly through the preset judgment logic of the intelligent contract, and whether the Internet of things equipment possibly sends abnormal data or not is judged according to the data volume so as to prevent abnormal behaviors of the Internet of things equipment in time. Therefore, the safety of the Internet of things network is improved.
In addition, whether the total data volume in the current network exceeds a preset value can be judged. FIG. 3 is a flow diagram illustrating a security verification method according to further embodiments of the invention. As shown in fig. 3, the security verification method of this embodiment includes steps S302 to S306.
In step S302, the intelligent contract determines whether the address of the internet-of-things device is located in a trusted list corresponding to the intelligent contract. If not, the check fails; if so, step S304 is performed.
In step S304, the intelligent contract determines whether the data amount of the internet-of-things data to be sent by the internet-of-things device exceeds a device preset value allocated to the internet-of-things device. If the data volume of the data of the Internet of things exceeds the preset value of the equipment, the verification fails; and if the data volume of the data of the internet of things does not exceed the preset value of the equipment, executing step S306.
In step S306, the intelligent contract determines whether the total amount of data transmitted in the current internet of things network exceeds a preset system value; if the total data amount does not exceed the preset value of the system, the verification is passed, otherwise, the verification is failed.
By the method of the embodiment, whether the internet of things equipment is credible or not can be judged through the preset judgment logic of the intelligent contract, whether the internet of things equipment possibly sends abnormal data or not is judged according to the data volume, and whether the whole network data is abnormal or not is judged, so that the data sending of the internet of things equipment is suspended when the bandwidth pressure in the whole network is large. Therefore, the safety of the Internet of things network is improved.
Embodiments of the present invention record content delivered in a system by means of a blockchain mechanism. An embodiment of a method of block chain operation according to some embodiments of the present invention is described below with reference to fig. 4.
Fig. 4 is a flowchart illustrating a method of performing a blockchain operation according to some embodiments of the present invention. As shown in fig. 4, the block chain operation method of this embodiment includes steps S402 to S408.
In step S402, a first chunk link point in the chunk chain system acquires content transmitted through an intelligent contract interface. These contents include attribute information, instructions to allow transmission, instructions to disallow transmission, internet of things data, and the like.
The blockchain node is a server in the internet of things network, and may be a server with stronger performance, for example.
In step S404, the first block link point packs the content to generate a block.
In step S406, the first tile link node issues the generated tile in the tile chain system.
In step S408, the second block link point in the block chain system verifies the generated block, and stores the verified block into the block chain.
When the block is verified, for example, a device preset value allocated to the internet of things device may be used as one of the verification conditions. For example, if the data volume of the communication of the internet of things device exceeds the preset bandwidth allocated to the internet of things device to be recorded in the content of the block, the information is likely to be forged, and thus the verification of the block can be regarded as failed.
By the method of the embodiment, the server in the internet of things can be used for constructing the block chain network so as to record the information transmitted in the network. Therefore, information in the internet of things can be traced, and trace recording and effective tracing of malicious flow are achieved.
The initialization process of the internet of things network is described below with reference to fig. 5.
FIG. 5 is a flow diagram illustrating an initialization method according to some embodiments of the invention. As shown in fig. 5, after creating a node and an account on the server side and completing setting of basic parameter configuration, the initialization method of this embodiment includes steps S502 to S506.
In step S502, an intelligent contract is created, and an interface address of the created intelligent contract is broadcast to the internet-of-things device.
In addition, the intelligent contracts can be instantiated to be deployed in the servers, and the bandwidth is distributed to the Internet of things equipment to serve as the equipment preset value.
In step S504, a registration request sent by the internet of things device through the intelligent contract interface is obtained. The internet of things equipment can trigger registration by calling a preset function.
In step S506, in response to the completion of the registration process of the internet of things device, the internet of things device is added to the trusted list corresponding to the intelligent contract. Conversely, suspect device portions that are not able to register successfully are placed in the trusted list.
By the method of the embodiment, the issuing of the intelligent contract interface and the preliminary verification work of the equipment can be completed in the registration stage of the equipment of the Internet of things, and the safety of the network of the Internet of things is improved.
An embodiment of the secure communication apparatus of the present invention is described below with reference to fig. 6.
Fig. 6 is a schematic diagram of a secure communications device according to some embodiments of the present invention. As shown in fig. 6, the secure communication apparatus 600 of this embodiment includes: an attribute information obtaining module 6100 configured to obtain attribute information sent by the internet of things device through the intelligent contract interface, where the attribute information is description information of the internet of things device and internet of things data to be sent by the internet of things device; a verification module 6200 configured to verify the attribute information using the intelligent contract; the instruction sending module 6300 is configured to, in the case that the verification passes, transmit the instruction allowed to be sent to the internet of things device through the intelligent contract interface, so that the internet of things device sends the internet of things data through the intelligent contract interface; a content recording module 6400 configured to transmit the content transmitted through the intelligent contract interface to the blockchain node so that the blockchain node generates a block according to the content and stores the block into the blockchain.
In some embodiments, the attribute information includes at least one of an address of the internet of things device and a data volume of internet of things data to be sent by the internet of things device.
In some embodiments, the attribute information includes an address of the internet of things device and a data volume of internet of things data to be sent by the internet of things device; the checking module 6200 is further configured to determine, by the intelligent contract, whether the address of the internet of things device is located in a trusted list corresponding to the intelligent contract; if the address of the Internet of things equipment is not located in the credible list corresponding to the intelligent contract, the verification is failed; if the address of the Internet of things equipment is located in the credible list corresponding to the intelligent contract, the intelligent contract judges whether the data volume of the Internet of things data to be sent by the Internet of things equipment exceeds an equipment preset value distributed for the Internet of things equipment or not; if not, the check is passed, otherwise the check is not passed.
In some embodiments, the attribute information includes an address of the internet of things device and a data volume of internet of things data to be sent by the internet of things device; the checking module 6200 is further configured to determine, by the intelligent contract, whether the address of the internet of things device is located in a trusted list corresponding to the intelligent contract; if the address of the Internet of things equipment is not located in the credible list corresponding to the intelligent contract, the verification is failed; if the address of the Internet of things equipment is located in the credible list corresponding to the intelligent contract, the intelligent contract judges whether the data volume of the Internet of things data to be sent by the Internet of things equipment exceeds an equipment preset value distributed for the Internet of things equipment or not; if the data volume of the data of the Internet of things exceeds the preset value of the equipment, the verification fails; if the data volume of the data of the Internet of things does not exceed the preset value of the equipment, the intelligent contract judges whether the total data volume transmitted in the current Internet of things network exceeds the preset value of the system or not; and if the total data amount does not exceed the preset value of the system, the verification is passed, otherwise, the verification is not passed.
In some embodiments, the instruction sending module 6300 is further configured to, in a case that the check fails, send, through the intelligent contract interface, an instruction that is not allowed to be sent, so as to reject the internet of things device from sending the internet of things data.
In some embodiments, the secure communications apparatus 600 further includes an intelligent contract creation module 6500 configured to create an intelligent contract and broadcast an interface address of the created intelligent contract to the internet-of-things devices.
In some embodiments, the secure communications apparatus 600 further includes a registration module 6600 configured to obtain a registration request sent by the internet of things device through the smart contract interface; and in response to the completion of the registration process of the Internet of things equipment, adding the Internet of things equipment into a trusted list corresponding to the intelligent contract.
An embodiment of the secure communication system of the present invention is described below with reference to fig. 7.
Fig. 7 is a block diagram of a secure communication system according to some embodiments of the invention. As shown in fig. 7, the secure communication system 70 of this embodiment includes: one or more servers 710 comprising a secure communications device 600; and one or more internet of things devices 720.
In some embodiments, some or all of the one or more servers 710 constitute a blockchain system as blockchain link points.
Fig. 8 is a schematic diagram of a secure communications apparatus according to further embodiments of the present invention. As shown in fig. 8, the secure communication device 80 of this embodiment includes: a memory 810 and a processor 820 coupled to the memory 810, the processor 820 being configured to perform the secure communication method of any of the previous embodiments based on instructions stored in the memory 810.
Fig. 9 is a schematic diagram of a secure communications device according to further embodiments of the present invention. As shown in fig. 9, the secure communication device 90 of this embodiment includes: the memory 910 and the processor 920 may further include an input/output interface 930, a network interface 940, a storage interface 950, and the like. These interfaces 930, 940, 950 and the memory 910 and the processor 920 may be connected, for example, by a bus 960. The input/output interface 930 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, and a touch screen. The network interface 940 provides a connection interface for various networking devices. The storage interface 950 provides a connection interface for external storage devices such as an SD card and a usb disk.
An embodiment of the present invention also provides a computer-readable storage medium on which a computer program is stored, wherein the program is configured to implement any one of the secure communication methods described above when executed by a processor.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (10)
1. A secure communication method, comprising:
acquiring attribute information sent by the Internet of things equipment through an intelligent contract interface, wherein the attribute information is description information of the Internet of things equipment and Internet of things data to be sent by the Internet of things equipment and comprises an address of the Internet of things equipment and data volume of the Internet of things data to be sent by the Internet of things equipment;
and verifying the attribute information by adopting an intelligent contract, comprising the following steps:
the intelligent contract judges whether the address of the Internet of things equipment is located in a credible list corresponding to the intelligent contract or not;
if the address of the Internet of things equipment is not located in the trusted list corresponding to the intelligent contract, the verification fails;
if the address of the Internet of things equipment is located in the credible list corresponding to the intelligent contract, the intelligent contract judges whether the data volume of the Internet of things data to be sent by the Internet of things equipment exceeds an equipment preset value distributed for the Internet of things equipment or not;
if the data volume of the data of the Internet of things exceeds the preset value of the equipment, the verification fails;
if the data volume of the data of the Internet of things does not exceed the equipment preset value, the intelligent contract judges whether the total data volume transmitted in the current Internet of things network exceeds a system preset value or not; and
if the total data amount does not exceed the system preset value, the verification is passed, otherwise, the verification is not passed;
under the condition that the verification is passed, transmitting an instruction allowed to be transmitted to the Internet of things equipment through the intelligent contract interface so that the Internet of things equipment can transmit the Internet of things data through the intelligent contract interface;
and sending the content sent through the intelligent contract interface to the block chain node so that the block chain node generates a block according to the content and stores the block into the block chain.
2. The secure communication method of claim 1, further comprising:
and under the condition that the verification fails, sending an instruction which is not allowed to be sent through the intelligent contract interface so as to reject the equipment of the Internet of things to send the data of the Internet of things.
3. The secure communication method of claim 1, further comprising:
and creating an intelligent contract, and broadcasting an interface address of the created intelligent contract to the Internet of things equipment.
4. The secure communication method of claim 1, further comprising:
acquiring a registration request sent by the Internet of things equipment through an intelligent contract interface;
and in response to the completion of the registration process of the Internet of things equipment, adding the Internet of things equipment into a trusted list corresponding to the intelligent contract.
5. The secure communication method of claim 1, further comprising:
a first block chain link point in the block chain system acquires content transmitted through an intelligent contract interface;
the first block link point packs the content to generate a block;
the first block chain node issues the generated blocks in the block chain system;
and the second block link point in the block chain system verifies the generated block and stores the verified block into the block chain.
6. A secure communications apparatus, comprising:
the attribute information acquisition module is configured to acquire attribute information sent by the internet of things equipment through an intelligent contract interface, wherein the attribute information is description information of the internet of things equipment and internet of things data to be sent by the internet of things equipment and comprises an address of the internet of things equipment and data volume of the internet of things data to be sent by the internet of things equipment;
the verification module is configured to verify the attribute information by adopting an intelligent contract, and comprises the following steps: the intelligent contract judges whether the address of the Internet of things equipment is located in a credible list corresponding to the intelligent contract or not; if the address of the Internet of things equipment is not located in the credible list corresponding to the intelligent contract, the verification is failed; if the address of the Internet of things equipment is located in the credible list corresponding to the intelligent contract, the intelligent contract judges whether the data volume of the Internet of things data to be sent by the Internet of things equipment exceeds an equipment preset value distributed for the Internet of things equipment or not; if the data volume of the data of the Internet of things exceeds the preset value of the equipment, the verification fails; if the data volume of the data of the Internet of things does not exceed the preset value of the equipment, the intelligent contract judges whether the total data volume transmitted in the current Internet of things network exceeds the preset value of the system or not; and if the total data amount does not exceed the system preset value, the verification is passed, otherwise, the verification is not passed;
the instruction sending module is configured to transmit the instruction allowed to be sent to the Internet of things equipment through the intelligent contract interface under the condition that the verification is passed, so that the Internet of things equipment sends the Internet of things data through the intelligent contract interface;
a content recording module configured to send the content sent through the intelligent contract interface to the blockchain node so that the blockchain node generates a block according to the content and stores the block into the blockchain.
7. A secure communication system, comprising:
one or more servers comprising the secure communications apparatus of claim 6; and
one or more internet of things devices.
8. The secure communications system of claim 7, wherein some or all of the one or more servers constitute a blockchain system as blockchain link points.
9. A secure communications apparatus, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the secure communication method of any of claims 1-4 based on instructions stored in the memory.
10. A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, implements the secure communication method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911048470.4A CN112751807B (en) | 2019-10-31 | 2019-10-31 | Secure communication method, device, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911048470.4A CN112751807B (en) | 2019-10-31 | 2019-10-31 | Secure communication method, device, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112751807A CN112751807A (en) | 2021-05-04 |
| CN112751807B true CN112751807B (en) | 2023-02-03 |
Family
ID=75641909
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911048470.4A Active CN112751807B (en) | 2019-10-31 | 2019-10-31 | Secure communication method, device, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112751807B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115065562B (en) * | 2022-08-17 | 2022-11-22 | 湖南红普创新科技发展有限公司 | Block chain-based injection determination method, device, equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108270571A (en) * | 2017-12-08 | 2018-07-10 | 西安电子科技大学 | Internet of Things identity authorization system and its method based on block chain |
| CN108881312A (en) * | 2018-08-24 | 2018-11-23 | 北京京东尚科信息技术有限公司 | Intelligent contract upgrade method, system and relevant device and storage medium |
| CN109255210A (en) * | 2018-09-27 | 2019-01-22 | 上海点融信息科技有限责任公司 | The method, apparatus and storage medium of intelligent contract are provided in block chain network |
| CN109325331A (en) * | 2018-09-13 | 2019-02-12 | 北京航空航天大学 | Transaction system is acquired based on the big data of block chain and credible calculating platform |
| CN109547582A (en) * | 2019-01-31 | 2019-03-29 | 苏州科技大学 | A kind of industrial Internet of Things framework and working method based on block chain |
| CN109768988A (en) * | 2019-02-26 | 2019-05-17 | 安捷光通科技成都有限公司 | Decentralization Internet of Things security certification system, facility registration and identity identifying method |
| CN110086804A (en) * | 2019-04-25 | 2019-08-02 | 广州大学 | A kind of internet of things data method for secret protection based on block chain and reliable hardware |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170140408A1 (en) * | 2015-11-16 | 2017-05-18 | Bank Of America Corporation | Transparent self-managing rewards program using blockchain and smart contracts |
| EP3522088B1 (en) * | 2018-02-05 | 2022-03-16 | Nokia Technologies Oy | Securing blockchain access through a gateway |
-
2019
- 2019-10-31 CN CN201911048470.4A patent/CN112751807B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108270571A (en) * | 2017-12-08 | 2018-07-10 | 西安电子科技大学 | Internet of Things identity authorization system and its method based on block chain |
| CN108881312A (en) * | 2018-08-24 | 2018-11-23 | 北京京东尚科信息技术有限公司 | Intelligent contract upgrade method, system and relevant device and storage medium |
| CN109325331A (en) * | 2018-09-13 | 2019-02-12 | 北京航空航天大学 | Transaction system is acquired based on the big data of block chain and credible calculating platform |
| CN109255210A (en) * | 2018-09-27 | 2019-01-22 | 上海点融信息科技有限责任公司 | The method, apparatus and storage medium of intelligent contract are provided in block chain network |
| CN109547582A (en) * | 2019-01-31 | 2019-03-29 | 苏州科技大学 | A kind of industrial Internet of Things framework and working method based on block chain |
| CN109768988A (en) * | 2019-02-26 | 2019-05-17 | 安捷光通科技成都有限公司 | Decentralization Internet of Things security certification system, facility registration and identity identifying method |
| CN110086804A (en) * | 2019-04-25 | 2019-08-02 | 广州大学 | A kind of internet of things data method for secret protection based on block chain and reliable hardware |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112751807A (en) | 2021-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110113167B (en) | Information protection method and system of intelligent terminal and readable storage medium | |
| EP3270317B1 (en) | Dynamic security module server device and operating method thereof | |
| CN104199654A (en) | Open platform calling method and device | |
| CN105306534A (en) | Information verification method based on open platform and open platform | |
| CN110247897B (en) | System login method, device, gateway and computer readable storage medium | |
| CN104199657A (en) | Call method and device for open platform | |
| CN104994094A (en) | Virtualization platform safety protection method, device and system based on virtual switch | |
| CN115147956A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN112751807B (en) | Secure communication method, device, system and storage medium | |
| CN111614731A (en) | Method and system for accessing block chain to Internet of things equipment, aggregation gateway and storage medium | |
| CN112528296B (en) | Vulnerability detection method and device, storage medium and electronic equipment | |
| CN106548097A (en) | The operation method and device of network device software | |
| CN111324912A (en) | File checking method, system and computer readable storage medium | |
| CN113259429A (en) | Session keeping control method, device, computer equipment and medium | |
| KR102275065B1 (en) | Apparatus and method for security control | |
| CN116881936A (en) | Trusted computing method and related equipment | |
| CN109886011B (en) | Safety protection method and device | |
| CN113098873B (en) | Data transmission method, data transmission device, computer equipment and computer readable storage medium | |
| CN106411816B (en) | Industrial control system, safety interconnection system and processing method thereof | |
| CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment | |
| CN211557285U (en) | Control terminal, signature server and task server | |
| CN113259376A (en) | Control method of Internet of things equipment based on block chain | |
| CN112532586A (en) | Network communication method, system, computer equipment and storage medium | |
| CN105825124A (en) | Server illegal operation monitoring method and monitoring system | |
| CN110311917A (en) | Host measure and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |