CN113541961A

CN113541961A - Mandatory verification information supervision method and device

Info

Publication number: CN113541961A
Application number: CN202110806582.2A
Authority: CN
Inventors: 王欢; 王海; 李静; 王庆春; 丰苏; 张君维; 周希昱; 赵殷瑶; 崔伟群; 田锋; 王亭亭; 张加涛
Original assignee: Information Center Of State Administration Of Market Supervision; National Institute of Metrology
Current assignee: Information Center Of State Administration Of Market Supervision; National Institute of Metrology
Priority date: 2021-07-16
Filing date: 2021-07-16
Publication date: 2021-10-22

Abstract

The invention discloses a method and a device for supervising compulsory verification information, which comprise the following steps: coding the measuring instrument to obtain an instrument unified code of the measuring instrument so as to obtain the associated information of the whole life cycle of the measuring instrument through the code; generating a digital certificate of a metering device, and uploading the digital certificate of the metering device to a pre-constructed alliance chain, wherein the alliance chain comprises a user chain and an appliance chain; uploading acquired data of the measuring instrument to an instrument chain, wherein the acquired data comprises an instrument code, running state data, time data and measurement data of the measuring instrument; decoding the digital certificate of the measuring instrument by using a decoder of the measuring instrument to obtain the validity period of the digital certificate of the measuring instrument; and monitoring the metering appliance based on the valid period of the digital certificate of the metering appliance and the acquired information to obtain monitoring information, and uploading the monitoring information to the alliance chain. The remote monitoring and real-time effective monitoring of the compulsory verification measuring instrument are realized, and the monitoring accuracy is improved.

Description

Mandatory verification information supervision method and device

Technical Field

The invention relates to the technical field of information processing, in particular to a method and a device for supervising compulsory verification information.

Background

The compulsory verification work (called forced verification for short) of the measuring instruments is carried out by a metering verification organization belonging to or authorized by a county-level or higher civil government metering administration department on the measuring instruments which are used for trade settlement, safety protection, medical sanitation and environmental monitoring and are arranged in the ' catalogue of the compulsory verification work measuring instruments of the people's republic of China '. Generally, the instrument is sent to a measurement and technical mechanism by an instrument using unit for verification (referred to as a submission), and some large instruments which cannot be moved are sent to an instrument using place by the measurement and technical mechanism to perform on-site verification (namely off-site verification). For the management of the compulsory verification measuring instrument, various metering mechanisms are used for carrying out compulsory verification and issuing a compulsory verification certificate so as to ensure the validity of the instrument. The method is characterized in that the compulsory verification measuring instrument is supervised by relying on a compulsory verification informatization platform constructed by a market supervision administrative department, and the nationwide compulsory verification instrument verification condition is obtained by directly using the compulsory verification informatization platform and a data acquisition mode, so that the instrument is supervised.

However, in the existing forced verification process, the field verification cannot be realized due to the limitation of the volume of a metering device and other conditions, and in addition, the problems of incomplete device information docking and untimely information reporting exist in the information supervision process, so that certain difficulties exist in real-time, accurate and efficient supervision.

Disclosure of Invention

In order to solve the problems, the invention provides a mandatory verification monitoring method and a mandatory verification monitoring device, which realize remote monitoring and real-time effective monitoring of a mandatory verification metering device and improve monitoring efficiency.

In order to achieve the purpose, the invention provides the following technical scheme:

a mandatory certification information supervision method, comprising:

coding the metering appliance to obtain an appliance uniform code of the metering appliance, so that the associated information of the full life cycle of the metering appliance is obtained through the appliance uniform code of the metering appliance;

generating a digital certificate of a metering appliance, and uploading the digital certificate of the metering appliance to a pre-constructed alliance chain, wherein the alliance chain comprises a user chain and an appliance chain;

uploading collected data of the measuring instruments to the instrument chain, wherein the collected data comprise instrument codes, running state data, time data and measurement data of the measuring instruments;

decoding the digital certificate of the measuring instrument by using the decoder of the measuring instrument to obtain the validity period of the digital certificate of the measuring instrument;

and monitoring the metering appliance based on the valid period of the digital certificate of the metering appliance and the acquired information, acquiring monitoring information, and uploading the monitoring information to the alliance chain.

Optionally, the generating a digital certificate of a metering appliance includes:

when the verification of the issuing server is passed, requesting to obtain the electronic seal;

after the electronic seal is obtained, utilizing a private key of the electronic seal certificate to sign the hash value of the digital certificate data of the metering device;

verifying the electronic seal, and if the electronic seal passes the verification, generating a decentralized identity of a certificate authority and a decentralized identity of a measuring instrument, wherein the decentralized identity of the certificate authority, the decentralized identity of the measuring instrument and electronic data of a compulsory verification measuring instrument certificate issued by the certificate authority jointly form instrument digital certificate content;

calculating a hash value of digital certificate data of a metering device, and signing the hash value by a private key of a digital certificate in a decentralized identity document of a certificate issuing organization to obtain the hash value and a signature of data to be linked;

applying a time stamp according to the hash value of the data to be uplink, and obtaining the time stamp of the data to be uplink;

and generating a digital certificate of the measuring instrument according to the decentralized identity mark of the certificate authority, the decentralized identity mark of the measuring instrument, the Hash value of the digital certificate data of the measuring instrument, the signature of the Hash value and the timestamp, and the electronic data of the compulsory verification certificate of the measuring instrument generated by the certificate authority.

Optionally, the method further comprises:

verifying the issuing server, comprising:

detecting whether an issuing server has a digital certificate;

if the digital certificate does not exist, generating first prompt information, wherein the first prompt information is used for prompting the issuing server to apply for the digital certificate from a CA certification authority;

if yes, verifying whether the digital certificate is available;

if the digital certificate is unavailable, generating second prompt information, wherein the second prompt information is used for prompting the issuing server to apply for the digital certificate from a CA certification authority;

and if the digital certificate is available, verifying the digital certificate, and if the digital certificate passes the verification, determining that the digital certificate is available so as to finish the verification of the issuing server.

Optionally, the requesting to obtain an electronic seal includes:

if the certification authority of the certification center system is established to apply for the electronic seal from the existing seal management service system, wherein the digital certificate of the electronic seal is bound with the digital certificate of the signing server;

if the certification authority of the certification center system is not established, applying for registration service to the mandatory certification value certificate verification service platform, calling the mandatory certification value certificate verification service platform to apply for registration service, and applying for the electronic seal.

Optionally, the decoding, by the meter decoder, the metering digital certificate includes:

after the metering appliance decoder is started, detecting whether the appliance has a metering appliance digital certificate or not;

if the metering appliance digital certificate does not exist, inquiring whether the metering appliance digital certificate is valid through the alliance chain;

if the inquiry is failed, generating import prompt information, wherein the import prompt information is used for prompting the metering appliance to import the digital certificate of the metering appliance;

if the inquiry is successful, downloading and obtaining the latest digital certificate of the metering appliance through the alliance chain;

if the digital certificate of the measuring instrument belongs to the measuring instrument, analyzing the validity period and the parameters of the digital certificate of the measuring instrument;

if the digital certificate of the metering appliance is within the validity period, determining that the parameter is valid;

determining that the parameter is invalid if the meter appliance digital certificate is not within a validity period.

Optionally, the method further comprises:

regularly detecting the validity of the digital certificate of the measuring instrument;

if the time interval between the current time and the validity period of the digital certificate of the measuring instrument is smaller than a time threshold, generating submission prompt information;

if the verification time is not within the validity period of the digital certificate of the measuring instrument, generating prompt information that the parameter verification is invalid;

responding to the starting of the metering appliance to start a detection appliance function, and detecting the associated information of the metering appliance;

if the metering appliance is in a networking state, uploading the associated information to the alliance chain;

and if the metering appliance is not in the networking state, storing the associated information locally.

Optionally, the method further comprises:

and responding to the manufactured electronic seal issued to an issuing mechanism, packaging issuing information into block data, and sending the block data to a digital certificate management and verification system of the metering device so that the digital certificate management and verification system of the metering device is stored in a block chain.

Optionally, the method further comprises:

acquiring an appliance uniform code of a metering appliance by a coalition chain member of the coalition chain so as to obtain the associated information of the full life cycle of the metering appliance, wherein a non-coalition member carries out data query in the coalition chain so as to obtain the information of a digital certificate of the metering appliance, so as to verify the digital certificate of the metering appliance.

A mandatory certification information supervisory device, comprising:

the code assigning unit is used for assigning codes to the metering appliances to obtain appliance uniform codes of the metering appliances so as to obtain the associated information of the full life cycle of the metering appliances through the appliance uniform codes of the metering appliances;

the device comprises a certificate generating unit, a data processing unit and a data processing unit, wherein the certificate generating unit is used for generating a digital certificate of a metering device and uploading the digital certificate of the metering device to a pre-constructed alliance chain, and the alliance chain comprises a user chain and an appliance chain;

the uploading unit is used for uploading collected data of the metering appliance to the appliance chain, and the collected data comprises appliance codes, running state data, time data and measurement data of the metering appliance;

the decoding unit is used for decoding the digital certificate of the measuring instrument by using the decoder of the measuring instrument to obtain the validity period of the digital certificate of the measuring instrument;

and the supervision unit is used for supervising the metering appliance based on the valid period of the digital certificate of the metering appliance and the acquisition information, acquiring supervision information and uploading the supervision information to the alliance chain.

Optionally, the generating unit includes:

the request subunit is used for requesting to obtain the electronic seal after the verification of the issuing server is passed;

the signature subunit is used for signing the hash value of the digital certificate data of the measuring instrument by using the private key of the electronic seal certificate after the electronic seal is obtained;

the verification subunit is used for verifying the electronic seal, and if the electronic seal passes the verification, generating a decentralized identity of a certificate authority and a decentralized identity of a measuring instrument, wherein the decentralized identity of the certificate authority, the decentralized identity of the measuring instrument and electronic data of a compulsory measuring instrument verification certificate sent by the certificate authority jointly form digital certificate content of the instrument;

the calculating subunit is used for calculating the hash value of the digital certificate data of the metering device, and signing the hash value by a private key of the digital certificate in the decentralized identity document of the certificate issuing organization to obtain the hash value and the signature of the data to be linked;

the time stamp obtaining subunit is configured to apply a time stamp according to the hash value of the data to be uplink, and obtain the time stamp of the data to be uplink;

and the generating subunit is used for generating the digital certificate of the measuring instrument according to the decentralized identity mark of the certificate issuing organization, the decentralized identity mark of the measuring instrument, the hash value of the digital certificate data of the measuring instrument, the signature and the time stamp of the hash value and the electronic data of the compulsory verification certificate of the measuring instrument generated by the certificate issuing organization.

Compared with the prior art, the invention provides a method and a device for supervising compulsory verification information, which comprise the following steps: coding the metering appliance to obtain an appliance uniform code of the metering appliance, so that the associated information of the full life cycle of the metering appliance is obtained through the appliance uniform code of the metering appliance; generating a digital certificate of a metering device, and uploading the digital certificate of the metering device to a pre-constructed alliance chain, wherein the alliance chain comprises a user chain and an appliance chain; uploading acquired data of the measuring instrument to an instrument chain, wherein the acquired data comprises an instrument code, running state data, time data and measurement data of the measuring instrument; decoding the digital certificate of the measuring instrument by using a decoder of the measuring instrument to obtain the validity period of the digital certificate of the measuring instrument; and monitoring the metering appliance based on the valid period of the digital certificate of the metering appliance and the acquired information to obtain monitoring information, and uploading the monitoring information to the alliance chain. The invention realizes the remote monitoring and real-time effective monitoring of the compulsory verification measuring instrument and improves the accuracy of supervision.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.

Fig. 1 is a logic topology diagram of a mandatory verification accurate monitoring method based on a block chain and a digital certificate technology according to an embodiment of the present invention;

fig. 2 is a schematic flow chart of a method for supervising mandatory verification information according to an embodiment of the present invention;

FIG. 3 is a schematic view of a management process of an electronic seal according to an embodiment of the present invention;

FIG. 4 is a diagram illustrating a decoding process of a digital certificate of a metering appliance according to an embodiment of the present invention;

fig. 5 is a schematic diagram of a flow of detecting an operation state of an apparatus according to an embodiment of the present invention;

FIG. 6 is a schematic diagram illustrating a verification process of a digital certificate of a metering appliance according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of a mandatory verification information monitoring apparatus according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The terms "first" and "second," and the like in the description and claims of the present invention and the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not set forth for a listed step or element but may include steps or elements not listed.

In the embodiment of the present invention, a mandatory certification information monitoring method is provided, where the method is implemented based on a blockchain and digital certificate technology, and refer to fig. 1, which shows a logical topology diagram of a mandatory certification accurate monitoring method based on a blockchain and digital certificate technology according to an embodiment of the present invention. The system mainly comprises the generation of a digital certificate of a metering device and a compulsory verification accurate supervision system, wherein the compulsory verification accurate supervision system is used for realizing the supervision of information of the metering device, and is used as a carrier for acquiring the running state of the device.

Correspondingly, referring to fig. 2, a schematic flow chart of a mandatory verification information monitoring method according to an embodiment of the present invention is shown, including:

and S101, coding the measuring instrument to obtain an instrument unified code of the measuring instrument.

The association information of the full life cycle of the metering appliance can be obtained through the appliance uniform coding of the metering appliance. Specifically, the code assigning server performs unified code assigning on the metering devices, and the distributing devices perform unified coding, that is, members (appliance production units and certificate issuing organizations) in a alliance chain can call the code assigning server to acquire the unified codes of the devices in a data exchange manner, and the code assigning server calls the unified coding engine of the devices to perform unified code assigning on the metering devices and distribute the unified codes of the devices. The instrument unified code can be associated on the measuring instrument, for example, the same instrument code is attached on the measuring instrument in a graphic code mode, and the association information of the whole life cycle of the instrument unified code is obtained in a code scanning mode.

S102, generating a digital certificate of the metering device, and uploading the digital certificate of the metering device to a pre-constructed alliance chain.

The alliance chain comprises a user chain and an appliance chain, a block alliance chain is formed by issuing digital certificate managers (issuing organizations and appliance production units) of metering appliances with authority and computing service capacity, alliance members (issuing organizations) are responsible for issuing, registering, updating and abolishing the digital certificates of the metering appliances, organizing data and storing the data into the block chain, and the normal operation of each node of a maintenance platform is maintained; non-alliance members (appliance usage units) can inquire and acquire digital certificate information of the metering appliances from the block chain and verify the authenticity of the certificates.

Specifically, in the process of generating the digital certificate of the metering appliance, the certificate issuing server of the metering appliance (for convenience of description, it is simply referred to as the issuing server hereinafter) is initialized first. Then, the relevant verification needs to be performed on the issuing server, which mainly includes: detecting whether an issuing server has a digital certificate; if the digital certificate does not exist, generating first prompt information, wherein the first prompt information is used for prompting the issuing server to apply for the digital certificate from a CA certification authority; if yes, verifying whether the digital certificate is available; if the digital certificate is unavailable, generating first prompt information, wherein the second prompt information is used for prompting the issuing server to apply for the digital certificate from a CA certification authority; and if the digital certificate is available, verifying the digital certificate, and if the digital certificate passes the verification, determining that the digital certificate is available so as to finish the verification of the issuing server.

For example, in the certification issuing step, the certification authority checks whether the issuing server has a corresponding digital certificate, if not, the certification authority needs to apply for the digital certificate from the corresponding ca (certificate authority) authority, and if so, the certification authority needs to check whether the digital certificate is available. If the digital certificate is not available, the digital certificate needs to be reapplied. After the issuing server determines that the digital certificate is owned, the certificate needs to be verified, wherein the specific verification mode is preset by an issuer of the certificate

When the verification of the issuing server is passed, requesting to obtain the electronic seal; after the electronic seal is obtained, utilizing a private key of the electronic seal certificate to sign the hash value of the certificate data of the measuring instrument; verifying the electronic seal, and if the electronic seal passes the verification, generating a decentralized identity of a certificate authority and a decentralized identity of a measuring instrument, wherein the decentralized identity of the certificate authority, the decentralized identity of the measuring instrument and electronic data of a compulsory measuring instrument verification certificate issued by the certificate authority jointly form instrument digital certificate content; calculating a hash value of digital certificate data of a metering device, and signing the hash value by a private key of a digital certificate in a decentralized identity document of a certificate issuing organization to obtain the hash value and a signature of data to be linked; applying a time stamp according to the hash value of the data to be uplink, and obtaining the time stamp of the data to be uplink; and generating a digital certificate of the measuring instrument according to the decentralized identity mark of the certificate authority, the decentralized identity mark of the measuring instrument, the Hash value of the digital certificate data of the measuring instrument, the signature of the Hash value, the timestamp and the electronic data of the mandatory measuring instrument verification certificate issued by the certificate authority. The present invention will be described in the following embodiments for the above steps, which will not be described in detail herein.

S103, uploading the collected data of the measuring instrument to the instrument chain.

The collected data comprises instrument codes, running state data, time data and measurement data of the measuring instruments,

s104, decoding the digital certificate of the measuring instrument by using the decoder of the measuring instrument to obtain the validity period of the digital certificate of the measuring instrument.

S105, monitoring the metering appliance based on the valid period of the digital certificate of the metering appliance and the acquisition information, acquiring monitoring information, and uploading the monitoring information to the alliance chain.

After the authorization of the appliance use unit, the appliance operation information is uploaded to an appliance chain in real time, and all levels of administrative management departments can access the appliance chain at any time through the compulsory verification accurate supervision system, so that the compulsory verification condition and the operation condition of the national metrological appliances are obtained. Correspondingly, the supervision information can be pushed to the administrative department of the home through the alliance chain, and the administrative department carries out targeted supervision and inspection. Thereby supporting accurate supervision and improving supervision efficiency.

The following describes a specific implementation procedure in the embodiment of the present invention.

When the digital certificate of the measuring instrument is generated in the embodiment of the invention, after the certificate issuing server is verified, an electronic seal is required to be acquired, and an issuing organization which has established a CA system applies for the electronic seal from an existing seal management service system, wherein the digital certificate of the electronic seal is bound with the digital certificate of the issuing server; the certification Authority that does not establish the CA system can apply for RA (Registration Authority Server) to the mandatory certification digital certificate verification service platform, invoke the digital certificate service provided by the platform, and apply for the electronic seal. The electronic seal is used for signing the hash value of the instrument certificate data by using the private key of the signature certificate, and mainly aims to ensure the unforgeability, the irrecoverability and the legality of the signature, namely the approval of a signer for the lawful ownership of the signed data. Referring to fig. 3, fig. 3 is a schematic view of a management flow of an electronic seal, when the electronic seal is issued, an issuing authority applies to an existing certificate management service system of the issuing authority, and the system generates an electronic seal for the issuing authority after passing the audit, or directly applies to a digital certificate management verification system of a metering device, and the system generates an electronic seal for the issuing authority. The existing certificate management service system issues the manufactured electronic seal to an issuing organization, encapsulates the issued information into block data, sends the data to a digital certificate management verification system of a current value meter, and stores the block data into a block chain. The digital certificate information of the issuing server issued by the issuing organization can be accessed to the digital certificate management and verification system of the metering appliance through a registration process. The updating and the canceling of the electronic seal can be processed according to similar processes, and the invention does not need to be repeated one by one.

And after the electronic seal is obtained, verifying the electronic seal, and if the certificate of the electronic seal passes the verification, namely the certificate is valid, passing the verification of the electronic seal. Then, the user DID and the appliance DID are generated, and the content of the digital certificate of the measuring appliance is formed. DID (decentralized ID) is generated by a block chain account address, so that cross-department, cross-region and cross-platform identity authentication can be realized, and dependence on single center ID registration in a traditional mode is eliminated. In the embodiment of the present invention, the DID is classified into two categories according to the attribute and the user, that is, the user DID and the appliance DID, which both have corresponding DID documents, and the contents of the DID documents are different. The DID of the user is a decentralized identity of an instrument certificate issuing mechanism, the DID document of the user comprises a public key of the DID of the user and digital certificate information, and the digital certificate information comprises a digital certificate serial number, a digital certificate public key, a public key encryption algorithm, a digital certificate validity period and the digital certificate issuing mechanism. The appliance DID is decentralized identity representation of the appliance, a public key of the appliance DID, a user DID of a certificate issuing organization, a unified appliance code, a certificate number, a certificate issuing date, a Hash value of digital certificate data of the metering appliance and a corresponding Hash algorithm are packaged in an appliance DID document, and the metering appliance is forced to verify the electronic data chain Hash of the certificate issued by the certificate issuing organization.

When the certificate issuing authority does not have the blockchain address, the appliance certificate server can directly apply for the blockchain account address; if the appliance does not have a blockchain address, the blockchain account address may be directly applied for by the appliance certificate server.

And then, calculating the hash value of the digital certificate data of the metering device, and signing the hash value by using a private key of the digital certificate in the DID document of the user to obtain the hash value and the signature of the uplink data. The signature is carried out on the verification data of the utensil certificate issuing organization, and the signing organization signs the Hash value of the utensil certificate data by using the private key of the digital certificate of the electronic seal passing the verification to obtain the signature of the uplink data.

The issuing organization applies a time stamp to an authoritative time stamp server according to the hash value of the electronic seal certificate data, and the authoritative time stamp is bound with the hash value of the digital certificate of the metering device. And after receiving the request of applying the timestamp by the issuing organization, the authoritative timestamp server examines and approves the request and issues the authoritative timestamp of the data to be confirmed for the issuing organization after the request passes the examination and approval. The timestamp carries the signature of the root certificate of the authoritative timestamp authority, and has legal effectiveness. And linking the meter with the unlinked authorized meter running state data and the meter digital certificate. The running state data of the metering appliance is only applied to an appliance chain, and the digital certificate of the appliance is respectively applied to a user chain and the appliance chain. And the digital certificate of the appliance is issued to the corresponding appliance for storage through a USB flash disk, a network and other modes; because some appliances have networking function and some appliances have no networking function, the appliance certificate is copied into the appliance by adopting a copying mode for the appliances without networking function; for the appliance with the networking function, the digital certificate of the appliance can be directly obtained through networking and uplink. The content of the digital certificate is analyzed by a certificate decoder in the appliance, the validity period of the digital certificate is checked, and the use of all or part of functions of the appliance is started or prohibited according to rules.

If the appliance user is authorized, the monitoring system in the appliance links the appliance code DID, the operating state data of the appliance, the time data, the measurement data to the appliance.

The embodiment of the invention provides a method for generating a digital certificate of a measuring instrument, which is used for supporting and realizing forced verification accurate supervision. In addition, the application also provides a compulsory verification accurate supervision system based on the block chain digital certificate technology, which comprises a coding server, an electronic seal, an issuing server, a timestamp server, a decoder in an appliance and a monitoring system in the appliance. Wherein:

(1) the tagging server may be configured to perform the steps of:

the members (appliance production units and certificate issuing organizations) of the alliance chain can call the code-assigning server to obtain the uniform codes of the appliances in a data exchange mode. The code assigning server calls an appliance unified coding engine to assign the appliance unified codes to the metering appliances in a unified mode.

(2) The meter digital certificate issuing server is configured to perform the steps of:

initializing a digital certificate of an issuing server;

verifying the digital certificate of the issuing server, wherein if the digital certificate passes the verification, the certificate is valid;

generating an appliance DID and a user DID, and generating the contents of an appliance digital certificate;

calculating a hash value of the digital certificate data of the metering device, and signing the hash value by a private key in a user data certificate to obtain the hash value and a signature of the uplink data;

applying a timestamp according to the hash value of the data to be uplinked;

generating a digital certificate of the measuring instrument;

the meter appliance digital certificate is uploaded to a user chain and an appliance chain, respectively.

The meter instrument digital certificate is downloaded and copied to an agreed storage location within the instrument.

(3) The electronic seal is configured to perform the steps of:

the certification authority which does not establish the CA system can apply for the electronic seal to the compulsory certification digital certificate verification service platform.

And after the platform passes the verification, issuing the electronic seal.

(4) The timestamp server is configured to perform the steps of:

receiving a timestamp application and performing content verification;

and issuing a time stamp.

(5) Referring to fig. 4, fig. 4 is a schematic diagram of a digital certificate decoding process of a metering appliance according to an embodiment of the present invention, where a decoder in the metering appliance is configured to perform the following steps:

when the appliance is powered on, firstly, a decoder is started, and whether a digital certificate of the metering appliance exists or not is detected;

if no digital certificate of the metering appliance exists, the following steps are executed:

the uplink queries whether the digital certificate of the measuring appliance is valid.

If the inquiry fails, prompting to import the digital certificate of the metering appliance;

obtaining the digital certificate of the appliance from other ways and importing the digital certificate into an appointed storage position of the appliance;

if the inquiry is successful, downloading the latest digital certificate of the measuring instrument;

if the digital certificate of the metering appliance exists, verifying whether the digital certificate belongs to the appliance;

if the digital certificate does not belong to the appliance, acquiring the digital certificate of the corresponding metering appliance through other ways;

if the appliance belongs to the equipment, the certificate validity period and the parameters are analyzed;

if the verification function of the corresponding parameters of the starting device is valid within the validity period;

if not, or if the parameter is not in the certificate, then all of the verification functions for the corresponding parameter are disabled.

(6) Referring to fig. 5, fig. 5 is a schematic diagram of a flow of detecting an operation state of an appliance according to an embodiment of the present invention. The in-gauge monitoring system is configured to perform the steps of:

regularly checking the validity period of the digital certificate of the measuring instrument;

if the time is close to the expiration, displaying early warning submission information;

if the time is out, prompting the user, and disabling all verification functions of the corresponding parameters;

if the appliance use unit authorizes the appliance to obtain the running state data of the appliance, starting the appliance to automatically start the function of detecting the appliance, and detecting the corresponding running state, clock and measurement data of the appliance;

if networking is carried out, the corresponding data is linked to appliances;

if not, the corresponding data is stored locally, and when the next check is carried out, the certificate authority carries out appliance chaining.

In view of the above, in the embodiment of the present invention, a mandatory verification precision supervision system based on a block chain digital certificate technology is provided, which monitors the operation state of a meter in real time by using a meter digital certificate, and connects the operation state of the meter to an instrument chain. The problems of unqualified detection and overdue non-detection of the instrument can be analyzed through the instrument operation data, accurate supervision is realized, and targeted supervision and inspection is carried out.

The embodiment of the invention also provides a management and verification system of the digital certificate of the metering appliance based on the block chain digital certificate technology, which constructs an integrated credible system, realizes mutual trust and mutual verification among heterogeneous digital certificate domains with different password algorithm systems, different service industry fields and different technical specifications, and realizes the verification and mutual verification of the digital certificates of the metering appliances with different CA certificates on a unified platform. Specifically, the method comprises the following steps:

a management and verification system for digital certificates of metering appliances based on a alliance chain is characterized in that a block chain alliance is formed by digital certificate managers (issuing organizations and appliance production units) of issuing metering appliances with authority and computing service capability. The alliance member (issuing organization) is responsible for issuing, registering, updating and abolishing the digital certificate of the measuring instrument, organizing data and storing the data into a block chain, and maintaining the normal operation of each node of the platform; non-alliance members (appliance usage units) can inquire and acquire digital certificate information of the metering appliances from the block chain and verify the authenticity of the certificates.

The digital certificate management and verification system of the measuring instrument fully utilizes the existing certificate management service system of an issuing organization, and has the functions of block data organization, block storage and exchange through standardized transformation. Meanwhile, the digital certificate management and verification system of the metering appliance provides RA service, can issue platform digital certificates for the issuing agencies which do not establish the digital certificate management service system, and is used for the issuing agencies to sign the issued digital certificates of the metering appliance. The certificate management service system of each node is used for managing, corresponding information and the digital certificate of the metering appliance are written into the appliance block data together, and an appliance block chain is accessed to ensure that the appliance block chain is not modified or deleted.

The management of the electronic seal is configured to perform the following steps: when the electronic seal is signed and issued, the signing and issuing organization applies for the existing certificate management service system of the signing and issuing organization, the electronic seal is generated for the signing and issuing organization after the system passes the verification, or the application is directly applied for the digital certificate management verification system of the measuring instrument, and the electronic seal is generated for the signing and issuing organization by the system. The existing certificate management service system issues the manufactured electronic seal to an issuing organization, encapsulates the issued information into block data, sends the data to a digital certificate management verification system of a current value meter, and stores the block data into a block chain. The digital certificate information of the issuing server issued by the issuing organization can be accessed to the digital certificate management and verification system of the metering appliance through a registration process. The updating and the canceling of the electronic seal can be processed according to similar processes.

Referring to fig. 6, fig. 6 is a schematic diagram illustrating a verification process of a digital certificate of a metering appliance according to an embodiment of the present invention. When the digital certificate of the metering appliance needs to be verified, the digital certificate of the metering appliance can be verified through the digital certificate management and verification system of the metering appliance, and the legality of the digital certificate of the metering appliance can be identified after the verification is passed. The networked appliances can automatically submit the digital certificates of the measuring appliances to the digital certificate management and verification system of the measuring appliances to verify the authenticity and the integrity of the seals, inquire the digital certificate data of the corresponding issuing server in the block chain, acquire the state information of the digital certificates of the measuring appliances at the current time of data analysis, verify the state of the digital certificates of the measuring appliances and return the results to the users.

It can be seen from the foregoing embodiments that, the embodiments of the present invention provide a system for managing and verifying a digital certificate of a metering device based on a blockchain digital certificate technology, which can implement mutual trust and mutual authentication between heterogeneous digital certificate domains, and ensure authority and security of the digital certificate of the metering device.

On the basis of the foregoing embodiments, referring to fig. 7, an embodiment of the present invention further provides a mandatory certification information monitoring apparatus, including:

the code assigning unit 10 is used for assigning codes to the measuring instruments to obtain instrument unified codes of the measuring instruments, so that the associated information of the whole life cycle of the measuring instruments is obtained through the instrument unified codes of the measuring instruments;

the certificate generating unit 20 is configured to generate a digital certificate of a metering appliance, and upload the digital certificate of the metering appliance to a pre-constructed federation chain, where the federation chain includes a user chain and an appliance chain;

the uploading unit 30 is used for uploading collected data of the measuring instruments to the instrument chain, wherein the collected data comprises instrument codes, running state data, time data and measurement data of the measuring instruments;

a decoding unit 40, configured to decode the meter digital certificate by using the meter decoder, and obtain a validity period of the meter digital certificate;

and the supervision unit 50 is configured to supervise the metering appliance based on the validity period of the digital certificate of the metering appliance and the acquisition information, obtain supervision information, and upload the supervision information to the federation chain.

Further, the generation unit includes:

Further, the apparatus further comprises:

the first verification unit is used for verifying the issuing server, and is specifically used for:

detecting whether an issuing server has a digital certificate;

if yes, verifying whether the digital certificate is available;

Further, the request subunit is specifically configured to:

Further, the decoding unit is specifically configured to:

Further, the apparatus further comprises:

the first detection subunit is used for detecting the validity of the digital certificate of the measuring instrument at regular time;

the first generation subunit is used for generating the submission prompt information if the time interval between the current time and the validity period of the digital certificate of the measuring instrument is smaller than a time threshold;

the second generation subunit is used for generating prompt information that the parameter verification is invalid if the digital certificate of the measuring instrument is not within the validity period of the digital certificate of the measuring instrument;

the second detection subunit is used for responding to the starting of the metering appliance to start a detection appliance function and detecting the associated information of the metering appliance;

the first uploading subunit is used for uploading the association information to the alliance chain if the metering appliance is in a networking state;

and the first storage subunit is used for storing the associated information locally if the metering appliance is not in a networking state.

Further, the apparatus further comprises:

and the sending subunit is used for responding to the manufactured electronic seal and issuing the electronic seal to an issuing mechanism, packaging issuing information into block data, and sending the block data to the digital certificate management and verification system of the metering device so as to store the digital certificate management and verification system of the metering device into a block chain.

Further, the apparatus further comprises:

and the acquiring subunit is configured to acquire, by a federation chain member of the federation chain, an appliance uniform code of the metering appliance to acquire association information of a full life cycle of the metering appliance, where a non-federation member performs data query in the federation chain to acquire metering appliance digital certificate information, so as to verify the metering appliance digital certificate.

The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A mandatory certification information supervision method is characterized by comprising the following steps:

2. The method of claim 1, wherein generating the meter digital certificate comprises:

verifying the electronic seal, and if the electronic seal passes the verification, generating a decentralized identity of a certificate authority and a decentralized identity of a measuring instrument, wherein the decentralized identity of the certificate authority, the decentralized identity of the measuring instrument and electronic data of a compulsory measuring instrument verification certificate issued by the certificate authority jointly form instrument digital certificate content;

3. The method of claim 1, further comprising:

verifying the issuing server, comprising:

detecting whether an issuing server has a digital certificate;

if yes, verifying whether the digital certificate is available;

4. The method according to claim 2, wherein said requesting to obtain an electronic seal comprises:

5. The method of claim 1, wherein said decoding, with the meter decoder, the meter digital certificate comprises:

6. The method of claim 5, further comprising:

7. The method of claim 4, further comprising:

8. The method of claim 1, further comprising:

9. A mandatory certification information supervisory device, comprising:

10. The apparatus of claim 9, wherein the generating unit comprises: