CN113572810A - Method for designing and realizing private multi-account book block chain system for Internet of things - Google Patents
Method for designing and realizing private multi-account book block chain system for Internet of things Download PDFInfo
- Publication number
- CN113572810A CN113572810A CN202110643533.1A CN202110643533A CN113572810A CN 113572810 A CN113572810 A CN 113572810A CN 202110643533 A CN202110643533 A CN 202110643533A CN 113572810 A CN113572810 A CN 113572810A
- Authority
- CN
- China
- Prior art keywords
- data
- terminal
- gateway
- server
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 230000005540 biological transmission Effects 0.000 claims abstract description 31
- 238000004458 analytical method Methods 0.000 claims abstract description 12
- 238000012545 processing Methods 0.000 claims description 29
- 230000008520 organization Effects 0.000 claims description 27
- 238000012795 verification Methods 0.000 claims description 27
- 230000008569 process Effects 0.000 claims description 22
- 238000004891 communication Methods 0.000 claims description 12
- 230000010267 cellular communication Effects 0.000 claims description 9
- 230000003993 interaction Effects 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 7
- 238000012800 visualization Methods 0.000 claims description 3
- 238000012790 confirmation Methods 0.000 claims 1
- 230000008901 benefit Effects 0.000 abstract description 4
- 230000006870 function Effects 0.000 description 11
- 238000005516 engineering process Methods 0.000 description 7
- 238000013461 design Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000010363 phase shift Effects 0.000 description 1
- 238000013515 script Methods 0.000 description 1
- 238000001228 spectrum Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for designing and realizing a private multi-account book block chain system for the Internet of things. The method comprises the following steps: step 1, establishing a system overall architecture; step 2, establishing a block chain network; step 3, registering and accessing the network by the terminal; step 4, applying data uplink transmission, uplink and subsequent analysis; step 5, transmitting downlink data or control instructions; and 6, establishing a new block, wherein the method has the advantage of fully utilizing the edge computing capability of the gateway and deploying the session book in the gateway. On one hand, the load of the server is reduced, and the robustness of the system is improved; on the other hand, the resource utilization efficiency of the gateway is improved. In addition, the scheme provided by the invention allows an application provider to deploy application in the gateway, and because the gateway is closer to the terminal equipment, the access delay of the application deployed in the edge of the Internet of things can be reduced, and the influence of application layer DoS attack on the system can be reduced.
Description
Technical Field
The invention belongs to the technical field of safety and communication of the Internet of things, and particularly relates to a method for designing and realizing a private multi-account book block chain system for the Internet of things.
Background
An existing internet of things system follows a basic architecture of 'end-pipe-cloud', and a terminal (a terminal: a hardware device which performs data acquisition or control in the internet of things and performs data transmission in a certain wireless communication mode) transmits a data packet to a gateway or a base station by using wireless transmission, and then forwards the data packet to a server located at a cloud end for storage and processing. The downlink data of the server side is firstly sent to the gateway or the base station and then converted into wireless signals to be transmitted to the terminal. Where the gateway or base station depends on the particular wireless transmission. Typical internet of things wireless communication technologies include Long Range (LoRa), NarrowBand internet of things (NB-IoT), and Fifth Generation (5G) mobile communication. The existing internet of things system is usually a centralized architecture, that is, a cloud is responsible for data processing, device management and user interfaces of the whole internet of things system, and bears all functions, and a gateway or a base station is only responsible for transparent forwarding of data.
The wireless communication technology commonly found in both LoRa and NB-IoT internet of things systems is briefly described below.
LoRa (Long Range) is one of Low-Power Wide-Area Network (LPWAN) technologies, is an ultra-long distance wireless transmission scheme based on a spread spectrum technology and developed by Semtech corporation in the United states, has a maximum communication distance of more than 10 kilometers, and is suitable for being applied to an Internet of things system [2 ]. LoRaWAN is a low-power consumption wide-coverage network protocol established by the LoRa alliance, adopts star topology networking, and the whole system architecture is divided into three major parts, namely a LoRa terminal, a LoRa gateway and a server. Data transmission is carried out between the LoRa terminal and the LoRa gateway through a LoRa wireless technology, and communication is carried out between the LoRa gateway and the server through a UDP/IP protocol.
The NB-IoT, as a wireless access network technology, inherits the basic functions of Long Term Evolution (LTE), is improved on the basis of LTE according to the application requirements of the Internet of things, and supports the cellular data connection of low-power consumption equipment in a wide area network. Deployment of NB-IoT requires 180kHz bandwidth, which can coexist in LTE or Global System for Mobile Communications (GSM) within the licensed frequency band, greatly reducing deployment cost and time. With different band selection, the NB-IoT can operate in three different modes of operation as needed. The functional improvement of NB-IoT over LTE comes from a new physical layer design, which uses Quadrature Phase Shift Keying (QPSK) modulation, Single Carrier Frequency Division Multiple Access (SC-FDMA) for uplink, and Orthogonal Frequency Division Multiple Access (OFDMA) for downlink, reducing implementation complexity and simplifying physical channels. The advantages of NB-IoT are low complexity of transceiver design, low power consumption, low cost of radio chip, wide coverage and high number of coverage. The NB-IoT is suitable for various application scenarios including smart cities, smart storage and intelligent transportation, and is an important technology for realizing the interconnection of everything in the Internet of things.
5G defines three application scenarios, namely Enhanced Mobile BroadBand band (eMBB), high-reliability and Ultra-Low Latency Communication (URLLC) and Massive Machine-Type Communication (mMTC), wherein the URLLC can provide Low-Latency and high-reliability Communication capability for real-time Reliable requirements of the Internet of things, and the mMTC can provide capability for simultaneous access of Massive terminals for the Internet of things. With the development of the scale and the application of the internet of things, the requirement of the internet of things on the capability of collecting and sharing a large amount of data becomes higher and the requirements on the speed and the time delay are more and more strict under different connection scenes, so that the value of the internet of things can be fully exerted only by using a high-efficiency and reliable 5G network support.
Edge computing is a distributed computing architecture that moves applications, data, and services from a hub node (Peer: an entity that maintains accounts in a blockchain network) to a logical edge node on the network for processing. Edge computing decomposes large services originally handled entirely by the central node, cuts them into smaller and more manageable parts, and distributes them to the edge nodes for processing. The edge node is a node with computing resources and network resources between a data generation source and the cloud center, and is closer to a user terminal device, so that the data processing and transmitting speed can be increased, and the delay can be reduced. The edge calculation provides intelligent analysis processing service at a place close to a data source, so that time delay is reduced, efficiency is improved, and safety and privacy protection are improved.
The edge computing can process and analyze data in real time or more quickly, so that the data processing is closer to a source rather than an external data center or a cloud, the delay time can be shortened, and the network bandwidth can be protected. At the same time, edge computing costs the enterprise data management solutions on local devices significantly less than cloud and data center networks.
A Blockchain (Blockchain) is a series of accounts formed by cryptographically linking data records called blocks (in a Blockchain network, a plurality of transactions constitute a Block and are stored in each node of the network in a chain manner), wherein each "Block" contains a hash value of the last "Block", a timestamp, and Transaction (Transaction: an operation request such as addition, deletion, check and modification of the account is initiated from an initiating terminal to the network in the Blockchain network, and a process of processing the request and returning the result to the initiating terminal by the Blockchain network is called a Transaction) information. The block chain has the characteristics of decentralization, distribution and public transparency, and can ensure that the ledger information is traceable and not falsifiable. A blockchain system operates in a Peer-to-Peer (P2P) network, with each blockchain node storing a copy of the ledger. Any node can check or agree on a transaction (Consensus refers to a process that a certain block is agreed among nodes in a blockchain network, and a block passing through the Consensus can be added into a blockchain account book, common Consensus mechanisms include Proof of Work-of-Work, PoW), Practical active Byzantine Fault Tolerance (PBFT) and Raft algorithm, and the result of the Consensus is recorded in a blockchain in a new 'blockchain' form. Some automatic scripts called intelligent contracts (intelligent contracts, codes called when an application program interacts with the account book, and nodes query and update the account book by calling the chain codes) can also run in the block chains, so that the block chains are divided into public chains, private chains and alliance chains according to the authority level. One popular blockchain private chain, federated open source implementation is HyperLegendr Fabric.
Currently, LoRa-based internet of things system solutions are evolved from the reference architecture proposed by LoRaWAN. The End-device is a LoRa terminal, the Radio Gateway is a LoRa Gateway, the Network Server (NS), the Join Server (JS) and the Application Server (AS) are servers responsible for different functions. The NS is responsible for the functions of encapsulation analysis and verification of an application data packet based on the LoRaWAN protocol, routing selection and gateway management. The JS is used for registering and accessing the LoRa terminal (i.e., Join: means that before data is reported for the first time, a request for network access needs to be initiated to the gateway and some necessary information is obtained) and the specific application of the internet of things is deployed in the AS.
In XisLoRa, a Network Connector is responsible for analyzing, packaging and verifying a data packet, a Network Server is responsible for storing, forwarding and analyzing the data packet, a Join Server is responsible for registering a terminal, a Network Controller is responsible for issuing a LoRa physical layer control instruction, and an Application Server is used for registering an Application, registering the terminal, displaying the Application and interacting users. XisLoRa uses the MySQL database to support the underlying data store, and LoRa Gateway is only responsible for transparent transport (pass-through).
In ChirpStack, Gateway Bridge is responsible for collecting and issuing Gateway data, Network Server centralizes most functions in LoRa service, including data analysis and verification, terminal registration and control instruction issuing, geocation Server provides some extra services based on geographical location information, and Application Server is used for Application registration and user interface. The ChirpStack applies a PostgreSQL database to perform the persistence operation of the data. Likewise, the LoRa Gateway is only responsible for transparent transmission.
The Things Network (TTN) integrates most of The LoRa services into a Network Server, and only deploys Application and user interface related content into an Application Server. The TTN database adopts InfluxDB, and LoRa Gateway is only responsible for transparent transmission.
In the prior art, the network access and the uplink and downlink data packet processing of the equipment are both completed by a network server. The gateway or the base station is only responsible for transparent transmission of the data packet, and the parsing function of the data packet is completed by a parsing server in the network server. The parsing server needs to check the integrity of the data packet, disassemble the data packet according to a corresponding protocol, and forward the data packet to a network access server (also deployed in a network server) and an application server for subsequent processing respectively according to a data type (network access request data or application data). For downlink application data, the prior art is to forward the downlink application data to a network server by an application server, encapsulate the data by an analysis server in the network server, forward the encapsulated data to a gateway/base station, and send the encapsulated data to a terminal through a wireless link.
The prior art has the following two problems:
the existing internet of things system adopts a database located in a centralized server to store various data in the system. As previously described, xiselt and XisLoRa employ MySQL databases, chirp adopts PostgreSQL, and TTN adopts infiuxdb. The gateway or the base station is only responsible for data forwarding and does not do any storage record work. Such a centralized data storage method has a data security problem. Firstly, data is more easily tracked, monitored and tampered because the data needs to be concentrated into a central cloud through the Internet; secondly, when the server is failed or damaged to cause data loss, part of the terminals cannot be used continuously; thirdly, historical data stored in the database is easy to be tampered, so that the data value is lost; finally, the traditional database has low expansibility, when the system scale is enlarged or system participants are increased, for example, a plurality of application providers and network providers belong to different organizations, the traditional database has high modification cost, and rights of multiple parties to data sharing are difficult to embody.
In the existing internet of things system, most of computing tasks are concentrated in a server of a central cloud. Massive internet of things data generated by a large-scale internet of things terminal brings huge pressure to a centralized server processing mode, a performance bottleneck or single-point fault is easy to form, and the expansibility of the internet of things terminal is correspondingly reduced. On the other hand, because the distance between the terminal and the server is relatively long, the terminal data can reach the server for processing only by forwarding through the gateway or the base station and by complex routing in the internet, and the processing result can be sent back to the terminal only by undergoing the complex routing. This slow response process makes it difficult for existing internet of things systems to handle scenarios with lower latency requirements. Thirdly, the gateway or the base station has certain computing power and storage capacity, but in the prior art, the gateway and the base station are only responsible for transparent transmission of data, so that a great part of computing power and storage capacity is wasted; finally, the gateway and the base station can transmit all terminal data to the server for processing, and the potential security risk is that an attacker can report a large amount of invalid data packets through a plurality of different gateways or base stations to form Denial of Service (DoS) attack. The server needs to discard a large number of invalid data packets after checking, so that a large number of effective computing resources of the server and network bandwidth resources are occupied, and reporting and processing of normal terminal data packets are influenced.
In the traditional scheme, the network access and the uplink and downlink data packet processing of the equipment are finished by the network server. The gateway or the base station is only responsible for transparent transmission of the data packet, and the parsing function of the data packet is completed by a parsing server in the network server. The analysis server needs to check whether the MIC of the data packet is correct, disassemble the data packet according to a corresponding protocol, and forward the data packet to a network access server (also belonging to a network server) and an application server respectively according to a data type (network access request data or application data) for subsequent processing. And for downlink application data, the application server forwards the downlink application data to the network server, the analysis server encapsulates the data, the MIC is calculated, and the data is forwarded to the gateway or the base station and is sent to the terminal through the wireless link. In the conventional scheme, all data need to be converged to a network server for processing. On one hand, the method brings huge pressure to a network server and reduces the robustness of the system; on the other hand, a certain marginal computing and storage capacity of the gateway or the base station is completely wasted. For simplicity, the following description of the present invention will be made with reference to a "gateway" as a main subject. The process of applying the "base station" to the relevant content is not changed.
The invention content is as follows:
the invention aims to provide a method for designing and realizing a private multi-account book block chain system for the Internet of things.
The method comprises the following steps:
step 1, establishing a system overall framework, and establishing an overall software and hardware system:
step 1.1, deploying N terminals of the Internet of things in a target area, wherein each terminal hardware comprises one or more sensors for sensing target data;
step 1.2, deploying M gateways of the Internet of things in a target area, wherein each gateway hardware comprises a transmission module used for receiving a wireless signal reported by a terminal; one MCU is used for operating the embedded system; a power supply module; the system comprises a cellular communication module, an Ethernet module, an Internet of things data protocol and a block chain node, wherein the cellular communication module is used for accessing the Internet in a cellular communication mode, or the Ethernet module is used for accessing the Internet in a wired network mode;
step 1.3, deploying server nodes in the Internet for running specific Internet of things applications and block chain nodes;
step 2, establishing a block chain network:
step 2.1, running a blockchain node program in each gateway to be fused into a blockchain network;
step 2.2, a block chain Organization (Organization: a set formed by a plurality of nodes in a block chain network) is constructed, and each gateway is brought into the Organization and named as a gateway Organization;
step 2.3, running a blockchain node program on each server to be fused into a blockchain network;
step 2.4, a block chain organization is constructed in the server, and all application servers are brought into the organization, which is named as an application organization;
step 2.5, construct a block chain ledger, calledA Session (Session: after a terminal accesses a network, a logical Channel for data interaction is established with a gateway and is called a Session) account book, a block chain Channel (Channel: a Channel for exchanging and sharing account book information between nodes of a block chain network, different channels are isolated from each other) is established and is called a first Channel 1, all gateway nodes and server nodes are added into the first Channel 1 for interaction, all nodes share the Session account book, and M is deployed in the Channel1A consensus node for performing block consensus, M1The number of the active components is arbitrarily specified according to specific application requirements;
step 2.6, a block chain account book is constructed again, the block chain account book is called an application account book, a block chain channel is constructed, the block chain channel is called a second channel 2, all server nodes are added into the second channel 2 for interaction, all server nodes share the application account book, and M is deployed in the second channel 22A consensus node for performing block consensus, M2The number of the active components is arbitrarily specified according to specific application requirements;
step 3, registering and accessing the network by the terminal, and completing the network access process of the terminal equipment to run the application of the Internet of things:
step 3.1, the terminal of the Internet of things registers the unique identity and the root key of the terminal of the Internet of things to a server;
step 3.2, the server converts the received identity data of each terminal into a transaction format and sends the transaction format to the consensus node through the first channel 1;
step 3.3, the consensus node forms a new block by the transaction received within a period of time, the block is sent to other nodes in the first channel 1 for verification, and endorsement is carried out on the block after the block passes the verification (Endorse: in a block chain network, the process of verifying the transaction request and the transaction result by the node is carried out, and only the transaction meeting the endorsement strategy is effective);
step 3.4, all nodes achieve consensus and generate new blocks by means of a designated consensus mode (such as PBFT, Kafka and RAFT), and all nodes in a channel store the newly generated blocks into an account book and update the world state at the same time; two accounts are designed in a block chain network, namely a session account and an application account respectively store the two types of data of the Internet of things, the accounts are composed of blocks containing transactions, each block is composed of a block head, a plurality of transactions and block metadata, and the current state of the data can be obtained by tracing the transactions, namely the world state; the server returns a registration pass response to the terminal;
step 3.5, the terminal sends a network access request to the gateway, and the request data packet comprises an identity identifier, an MIC (many integrated core) and a random number of the terminal;
step 3.6, the gateway queries a root key from the session book by using the terminal identity identifier, calculates and checks an MIC by using the root key, and performs integrity check on the network access data packet;
step 3.7, when the checking MIC is different from the receiving MIC, discarding the network-accessing data packet;
step 3.8, when the MIC is verified to be the same as the MIC received, the gateway establishes a session with the terminal and generates session data which comprise a network address, physical layer initial configuration information and random numbers, the gateway generates a session key of the terminal by using two groups of random numbers and a root key, and the gateway converts the session data of each terminal into a transaction format and sends the transaction format to the consensus node through the first channel 1;
step 3.9, the consensus node forms a new block by the transaction received within a period of time, sends the block to other nodes in the first channel 1 for verification, endorses the block after the verification is passed, generates a new block by means of a specified consensus mode, stores the new block in a session book of each node, and updates the world state;
step 3.10, the gateway generates a terminal network access permission data packet which comprises a network address of the terminal, physical layer initial configuration information and a random number and returns the network access permission data packet to the terminal;
3.11, the terminal generates a session key by means of two groups of random numbers, applies each parameter configuration of a physical layer, normally reports an application data packet, finishes the network access process of the terminal, and stores the session identity information of the terminal in a block chain to ensure the privacy and the non-tamper property of the session data;
step 4, uplink transmission, uplink and subsequent analysis of the application data, and after the application data is accessed to the network, the terminal reports the application data of the internet of things, and the method specifically comprises the following steps:
step 4.1, the terminal acquires data by means of a sensor of the terminal, packages the data into a data packet according to a corresponding protocol, calculates an MIC (minimum Integrated core) and encrypts the data packet by using a session key, and sends the data packet to a gateway in a wireless mode;
step 4.2, the gateway receives the terminal data packet and then preliminarily analyzes the data packet to obtain the network address of the terminal;
step 4.3, the gateway reads the session key of the terminal from the session book by depending on the network address, calculates the check MIC of the data packet, and compares the MIC with the received MIC;
step 4.4, when the MICs are different, directly discarding the data packet;
step 4.5, when the MICs are the same, the gateway firstly replies an Acknowledgement (ACK) to the terminal, and continues to analyze the data packet to obtain encrypted application data;
step 4.6, the gateway sends the encrypted application data to a server, and the server records the routing relation between the gateway and the terminal;
step 4.7, the server converts the encrypted application data into a transaction format and sends the transaction format to the consensus node through the second channel 2;
step 4.8, the consensus node forms a new block by the transaction received within a period of time, sends the block to other nodes in the second channel 2 for verification, endorses the block after the verification is passed, generates a new block by means of a specified consensus mode, stores the new block in the application account book of each node of the second channel 2, and updates the world state;
step 4.9, the internet of things application program located in the server requests the encrypted application data from the blockchain network through the corresponding client or interface and decrypts the data by using the session key to obtain the original application data, subsequent analysis processing and visualization can be performed by using the data according to the application requirement of the internet of things, and the processes of uplink transmission and uplink transmission of the application data are finished;
and 5, downlink data or control instruction transmission:
step 5.1, the application program of the Internet of things prepares downlink data or a control instruction, encrypts the downlink data or the control instruction by means of a session key, and sends the encrypted downlink data or the encrypted control instruction to a server;
step 5.2, the server caches the data packet and inquires the routing relation between the terminal and the gateway, and directly sends the encrypted data to the corresponding gateway;
step 5.3, the gateway inquires the session key of the terminal from the session book through the network address of the terminal;
step 5.4, the gateway forms the encrypted data into a data packet by means of a corresponding protocol, calculates the MIC of the data packet by using the session key and attaches the MIC to the data packet;
step 5.5, the gateway sends the data packet to the terminal through wireless communication;
step 5.6, the terminal checks the MIC of the data packet by using the session key, and when the MICs are different, the data packet is directly discarded; when the MICs are the same, the terminal replies an ACK message to the gateway, analyzes the data packet, decrypts the application data by using the session key, and performs subsequent processing, namely executes the control instruction;
step 5.7, after receiving the ACK information, the gateway forwards the ACK information to the server;
step 5.8, after the server receives the ACK information, the cached application data is converted into a transaction format and is sent to the consensus node through the second channel 2;
step 5.9, the consensus node forms a new block by the transaction received within a period of time, sends the block to other nodes in the second channel 2 for verification, endorses the block after the verification is passed, generates a new block by means of a specified consensus mode, stores the new block in an application account book of each node of the second channel 2, and updates the world state;
step 5.10, in step 5.8, when the server does not receive the ACK information within the preset time limit, the cache data is directly emptied, and the data packet fails to be sent and is not written into the block chain;
and 5.11, the server replies a response of successful transmission or failed transmission of the data packet to the application program, and the process of downlink data or control instruction is completed.
The method of the invention has the following advantages:
1. the block chain network provides data storage capacity for the Internet of things system, and the block chain naturally has non-tamper property, so that the method ensures that the data of the Internet of things is not tamper-able, and the encryption mechanism adopted in the block chain network can also improve the security of the data;
2. the shared account book of the block chain network enables the data of the Internet of things to have complete backup on a plurality of nodes, so that the data can be prevented from being damaged or lost due to single-point failure;
3. the consensus mechanism of the block chain network can keep strong consistency of the data of the Internet of things on a plurality of distributed nodes, and an additional data synchronization mechanism is not required to be introduced to ensure the consistency of the data among gateways and servers;
4. the method of the invention designs a double-account book structure aiming at the calculation and storage capacity of the gateway, the gateway maintains a small amount of internet of things session data, and the server maintains a large amount of internet of things application data, so that the gateway can access the terminal session data;
5. the method can reduce the processing pressure of the server side while ensuring the data security, improve the resource utilization efficiency of the gateway, balance the task load of the Internet of things system and improve the robustness of the Internet of things system;
6. the method has high expandability, allows an application provider to further utilize the edge computing capability of the gateway, directly deploys specific application programs or services on the gateway, and can accelerate the access speed and improve the user experience by the application;
7. the method of the invention realizes the data packet processing function at the gateway, when the illegal data packet exists, the gateway can directly intercept the data packet, thus saving the bandwidth of the link from the gateway to the server and the resource of the server; the method can resist the application layer Denial of Service (DoS) attack initiated by a malicious attacker through the gateway, and a large amount of illegal data packets sent by the attacker are intercepted by the gateway, so that the server can still keep normal and stable operation;
8. the method can replace a database of a traditional system to store the Internet of things data and has the advantages of tamper resistance and consistency guarantee; in addition, the multi-node shared account book can avoid data loss caused by partial node failure;
9. the method provided by the invention designs and provides a block chain account book structure of double account books aiming at the capability of the gateway of the system of the Internet of things and the characteristics of the data of the Internet of things, and stores the data with different types and characteristics in different account books, thereby improving the flexibility of the deployment of the account books;
10. the method of the invention fully utilizes the edge computing capability of the gateway, deploys the session book in the gateway, and sinks two core functions of the Internet of things system, namely the terminal network access processing and application data packet processing functions, from the server to the gateway, thereby reducing the load of the server and improving the robustness of the system; in addition, the invention allows an application provider to deploy application in the gateway, and the application of the internet of things deployed at the edge can reduce access delay and reduce the influence of application layer DoS attack on the system;
11. compared with the traditional network access mode based on the server, the method can greatly reduce the load of the server and the bandwidth of the return link;
12. the method of the invention sinks the data packet verification process from the traditional server side to the gateway side, thus greatly reducing the calculation pressure of the server side, filtering the illegal data packet and protecting the server safety;
13. the method designs a double-account block chain network which is formed by servers and gateways, wherein each server and each gateway are each node of the block chain network, various data in the Internet of things system are stored in a corresponding account book of the block chain network in a mode of blocks containing a plurality of transactions, and multi-node data synchronization is realized through a common identification mechanism of the block chain network, so that the consistency of the data in the Internet of things system is guaranteed.
Drawings
FIG. 1 is a system architecture diagram of the method of the present invention;
FIG. 2 is a block chain network structure diagram of the method of the present invention
FIG. 3 is a flow chart of a terminal network access request of the method of the present invention;
FIG. 4 is a flow chart of the uplink application data processing of the method of the present invention;
FIG. 5 is a schematic view of a downstream flow of the method of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
The method comprises the following steps:
step 1, as shown in fig. 1, establishing a system overall architecture, and establishing an overall software and hardware system:
step 1.1, deploying N terminals of the Internet of things in a target area, wherein each terminal hardware comprises one or more sensors for sensing target data;
step 1.2, deploying M gateways of the Internet of things in a target area, wherein each gateway hardware comprises a transmission module used for receiving a wireless signal reported by a terminal; one MCU is used for operating the embedded system; a power supply module; the system comprises a cellular communication module, an Ethernet module, an Internet of things data protocol and a block chain node, wherein the cellular communication module is used for accessing the Internet in a cellular communication mode, or the Ethernet module is used for accessing the Internet in a wired network mode;
step 1.3, deploying server nodes in the Internet for running specific Internet of things applications and block chain nodes;
step 2, as shown in fig. 2, building a block chain network:
step 2.1, running a blockchain node program in each gateway to be fused into a blockchain network;
step 2.2, a block chain Organization (Organization: a set formed by a plurality of nodes in a block chain network) is constructed, and each gateway is brought into the Organization and named as a gateway Organization;
step 2.3, running a blockchain node program on each server to be fused into a blockchain network;
step 2.4, a block chain organization is constructed in the server, and all application servers are brought into the organization, which is named as an application organization;
step 2.5, a block chain account book is constructed, namely a Session (Session: a logical Channel for data interaction is established between a terminal and a gateway after the terminal accesses the network, namely a Session) account book, a block chain Channel (Channel: a Channel for exchanging and sharing account book information between nodes of a block chain network, different channels are isolated from each other) is constructed, namely a first Channel 1, all gateway nodes and server nodes are added into the first Channel 1 for interaction, all nodes share a Session account book, and M is deployed in the Channel1A consensus node for performing block consensus, M1The number of the active components is arbitrarily specified according to specific application requirements;
step 2.6, a block chain account book is constructed again, the block chain account book is called an application account book, a block chain channel is constructed, the block chain channel is called a second channel 2, all server nodes are added into the second channel 2 for interaction, all server nodes share the application account book, and M is deployed in the second channel 22A consensus node for performing block consensus, M2The number of the active components is arbitrarily specified according to specific application requirements;
step 3, registering and accessing the network by the terminal, and completing the network access process of the terminal equipment to run the application of the Internet of things:
step 3.1, the terminal of the Internet of things registers the unique identity and the root key of the terminal of the Internet of things to a server;
step 3.2, the server converts the received identity data of each terminal into a transaction format and sends the transaction format to the consensus node through the first channel 1;
step 3.3, the consensus node forms a new block by the transaction received within a period of time, the block is sent to other nodes in the first channel 1 for verification, and endorsement is carried out on the block after the block passes the verification (Endorse: in a block chain network, the process of verifying the transaction request and the transaction result by the node is carried out, and only the transaction meeting the endorsement strategy is effective);
step 3.4, all nodes achieve consensus and generate new blocks by means of a designated consensus mode (such as PBFT, Kafka and RAFT), and all nodes in a channel store the newly generated blocks into an account book and update the world state at the same time; two accounts are designed in a block chain network, namely a session account and an application account respectively store the two types of data of the Internet of things, the accounts are composed of blocks containing transactions, each block is composed of a block head, a plurality of transactions and block metadata, and the current state of the data can be obtained by tracing the transactions, namely the world state; the server returns a registration pass response to the terminal;
step 3.5, the terminal sends a network access request to the gateway, and the request data packet comprises an identity identifier, an MIC (many integrated core) and a random number of the terminal;
step 3.6, the gateway queries a root key from the session book by using the terminal identity identifier, calculates and checks an MIC by using the root key, and performs integrity check on the network access data packet;
step 3.7, when the checking MIC is different from the receiving MIC, discarding the network-accessing data packet;
step 3.8, when the MIC is verified to be the same as the MIC received, the gateway establishes a session with the terminal and generates session data which comprise a network address, physical layer initial configuration information and random numbers, the gateway generates a session key of the terminal by using two groups of random numbers and a root key, and the gateway converts the session data of each terminal into a transaction format and sends the transaction format to the consensus node through the first channel 1;
step 3.9, the consensus node forms a new block by the transaction received within a period of time, sends the block to other nodes in the first channel 1 for verification, endorses the block after the verification is passed, generates a new block by means of a specified consensus mode, stores the new block in a session book of each node, and updates the world state;
step 3.10, the gateway generates a terminal network access permission data packet which comprises a network address of the terminal, physical layer initial configuration information and a random number and returns the network access permission data packet to the terminal;
3.11, the terminal generates a session key by means of two groups of random numbers, applies each parameter configuration of a physical layer, normally reports an application data packet, finishes the network access process of the terminal, and stores the session identity information of the terminal in a block chain to ensure the privacy and the non-tamper property of the session data;
step 4, after uplink transmission, uplink and subsequent analysis of the application data and network access, the terminal reports the application data of the internet of things, as shown in fig. 4, the method specifically includes the following steps:
step 4.1, the terminal acquires data by means of a sensor of the terminal, packages the data into a data packet according to a corresponding protocol, calculates an MIC (minimum Integrated core) and encrypts the data packet by using a session key, and sends the data packet to a gateway in a wireless mode;
step 4.2, the gateway receives the terminal data packet and then preliminarily analyzes the data packet to obtain the network address of the terminal;
step 4.3, the gateway reads the session key of the terminal from the session book by depending on the network address, calculates the check MIC of the data packet, and compares the MIC with the received MIC;
step 4.4, when the MICs are different, directly discarding the data packet;
step 4.5, when the MICs are the same, the gateway firstly replies an Acknowledgement (ACK) to the terminal, and continues to analyze the data packet to obtain encrypted application data;
step 4.6, the gateway sends the encrypted application data to a server, and the server records the routing relation between the gateway and the terminal;
step 4.7, the server converts the encrypted application data into a transaction format and sends the transaction format to the consensus node through the second channel 2;
step 4.8, the consensus node forms a new block by the transaction received within a period of time, sends the block to other nodes in the second channel 2 for verification, endorses the block after the verification is passed, generates a new block by means of a specified consensus mode, stores the new block in the application account book of each node of the second channel 2, and updates the world state;
step 4.9, the internet of things application program located in the server requests the encrypted application data from the blockchain network through the corresponding client or interface and decrypts the data by using the session key to obtain the original application data, subsequent analysis processing and visualization can be performed by using the data according to the application requirement of the internet of things, and the processes of uplink transmission and uplink transmission of the application data are finished;
step 5, as shown in fig. 5, downlink data or control instruction transmission:
step 5.1, the application program of the Internet of things prepares downlink data or a control instruction, encrypts the downlink data or the control instruction by means of a session key, and sends the encrypted downlink data or the encrypted control instruction to a server;
step 5.2, the server caches the data packet and inquires the routing relation between the terminal and the gateway, and directly sends the encrypted data to the corresponding gateway;
step 5.3, the gateway inquires the session key of the terminal from the session book through the network address of the terminal;
step 5.4, the gateway forms the encrypted data into a data packet by means of a corresponding protocol, calculates the MIC of the data packet by using the session key and attaches the MIC to the data packet;
step 5.5, the gateway sends the data packet to the terminal through wireless communication;
step 5.6, the terminal checks the MIC of the data packet by using the session key, and when the MICs are different, the data packet is directly discarded; when the MICs are the same, the terminal replies an ACK message to the gateway, analyzes the data packet, decrypts the application data by using the session key, and performs subsequent processing, namely executes the control instruction;
step 5.7, after receiving the ACK information, the gateway forwards the ACK information to the server;
step 5.8, after the server receives the ACK information, the cached application data is converted into a transaction format and is sent to the consensus node through the second channel 2;
step 5.9, the consensus node forms a new block by the transaction received within a period of time, sends the block to other nodes in the second channel 2 for verification, endorses the block after the verification is passed, generates a new block by means of a specified consensus mode, stores the new block in an application account book of each node of the second channel 2, and updates the world state;
step 5.10, in step 5.8, when the server does not receive the ACK information within the preset time limit, the cache data is directly emptied, and the data packet fails to be sent and is not written into the block chain;
and 5.11, the server replies a response of successful transmission or failed transmission of the data packet to the application program, and the process of downlink data or control instruction is completed.
As shown in fig. 2, the blockchain network designed by the method of the present invention includes two organizations, namely, a server organization and a gateway organization, the server organization includes all server nodes, the gateway organization includes all gateway nodes, the blockchain network includes two channels, all the nodes in the server organization and the gateway organization are connected to a first channel 1, on which a session book is carried, the server nodes and the gateway nodes share the session book through the first channel 1, only the nodes in the server organization can join a second channel 2, on which an application book is carried, i.e. the server nodes can share the application book through the second channel 2, each channel includes a module responsible for completing a common identification mechanism, and is composed of a plurality of common identification nodes, which can be served by the server nodes or the gateway nodes according to different block chain network implementations, can also be served by a separate node.
The invention designs two accounts in a block chain network, namely a session account and an application account which respectively store the two types of data of the Internet of things, wherein the accounts are composed of blocks containing transactions, each block is composed of a block head, a plurality of transactions and block metadata, and the current state of the data can be obtained by tracing the transactions, namely the world state. The transaction data of the session ledger comprises an identifier of the terminal, a network address of the terminal, session data of a network key of the terminal, an application key of the terminal can exist in the session ledger, but the key must be encrypted through an application server, because the session ledger is shared by all nodes, the application key which is not encrypted can cause application data leakage, and the world state of the session ledger can be indexed by the identifier of the device, so that the network address and the network key of the device can be obtained. The transaction data in the application account book comprise a network address of the equipment and encrypted application data, the format of the application data is determined by specific application, the server opens a data acquisition interface for an application program of the Internet of things, the application program decrypts the data after acquiring the required data from the application account book by using an application key to ensure the privacy of the application data, the world state of the application account book is represented by the latest application data information, the server cannot decrypt the application data, and the world state does not contain the numerical value of the actual application data.
The types of core data in the internet of things system can be classified into the following two types:
conversation data: including the terminal's identity identifier, root key, network address, terminal data encryption/decryption and integrity check keys (collectively referred to as session keys), and frame counter.
Application data: including various data related to the application of the internet of things.
The terminal identity identifier is a globally unique field which is fixed for the lifetime of the terminal when the terminal leaves a factory, a root key is used for encryption of a network access request and generation of a session key, after the terminal accesses the network for the first time, a session is established between the gateway and the terminal, a network address and a session key which are required by the session are generated, the network address is used for identification of the terminal when subsequent data are reported and issued, and the session key has two functions, namely encryption and decryption of application related data to protect privacy, and the MIC of the data is calculated to ensure the integrity. Encryption and decryption and MIC verification are completed by adopting different keys which are respectively marked as an application key and a network key, in order to ensure the privacy of different applications, the application key is only stored by a corresponding Internet of things application program and a terminal, the network key is stored by a server and the terminal, after the network access process is completed, the terminal can report actual application data, and the application server can also send control information to the terminal.
The session data and the application data have different quantities and generation frequencies, the session data are only generated when the terminal is initially accessed to the network or needs to be newly accessed to the network, one terminal only generates one piece of session data, the data quantity and the generation frequency are low, the application data are continuously generated in the running process, and the data quantity and the generation frequency are high.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the scope of the present disclosure should be covered within the scope of the present invention claimed in the appended claims.
Claims (3)
1. A method for designing and realizing a private multi-account book block chain system for the Internet of things is characterized by comprising the following steps:
step 1, establishing a system overall framework, and establishing an overall software and hardware system:
step 1.1, deploying N terminals of the Internet of things in a target area, wherein each terminal hardware comprises one or more sensors for sensing target data;
step 1.2, deploying M gateways of the Internet of things in a target area, wherein each gateway hardware comprises a transmission module used for receiving a wireless signal reported by a terminal; one MCU is used for operating the embedded system; a power supply module; the system comprises a cellular communication module, an Ethernet module, an Internet of things data protocol and a block chain node, wherein the cellular communication module is used for accessing the Internet in a cellular communication mode, or the Ethernet module is used for accessing the Internet in a wired network mode;
step 1.3, deploying server nodes in the Internet for running specific Internet of things applications and block chain nodes;
step 2, establishing a block chain network:
step 2.1, running a blockchain node program in each gateway to be fused into a blockchain network;
step 2.2, constructing a block chain organization, and bringing each gateway into the organization, which is named as a gateway organization;
step 2.3, running a blockchain node program on each server to be fused into a blockchain network;
step 2.4, a block chain organization is constructed in the server, and all application servers are brought into the organization, which is named as an application organization;
step 2.5, a block chain account book is constructed and called a session account book, a block chain channel is constructed and called a first channel 1, all gateway nodes and server nodes are added into the first channel 1 for interaction, all nodes share the session account book, and M is deployed in the channel1A consensus node for performing block consensus, M1The number of the active components is arbitrarily specified according to specific application requirements;
step 2.6, a block chain account book is constructed again, the block chain account book is called an application account book, a block chain channel is constructed, the block chain channel is called a second channel 2, all server nodes are added into the second channel 2 for interaction, all server nodes share the application account book, and M is deployed in the second channel 22A consensus node for performing block consensus, M2The number of the active components is arbitrarily specified according to specific application requirements;
step 3, registering and accessing the network by the terminal, and completing the network access process of the terminal equipment to run the application of the Internet of things;
step 4, uplink transmission, subsequent analysis and network access of the application data are carried out, and the terminal reports the application data of the Internet of things;
and 5, downlink data or control instruction transmission:
step 5.1, the application program of the Internet of things prepares downlink data or a control instruction, encrypts the downlink data or the control instruction by means of a session key, and sends the encrypted downlink data or the encrypted control instruction to a server;
step 5.2, the server caches the data packet and inquires the routing relation between the terminal and the gateway, and directly sends the encrypted data to the corresponding gateway;
step 5.3, the gateway inquires the session key of the terminal from the session book through the network address of the terminal;
step 5.4, the gateway forms the encrypted data into a data packet by means of a corresponding protocol, calculates the MIC of the data packet by using the session key and attaches the MIC to the data packet;
step 5.5, the gateway sends the data packet to the terminal through wireless communication;
step 5.6, the terminal checks the MIC of the data packet by using the session key, and when the MICs are different, the data packet is directly discarded; when the MICs are the same, the terminal replies an ACK message to the gateway, analyzes the data packet, decrypts the application data by using the session key, and performs subsequent processing, namely executes the control instruction;
step 5.7, after receiving the ACK information, the gateway forwards the ACK information to the server;
step 5.8, after the server receives the ACK information, the cached application data is converted into a transaction format and is sent to the consensus node through the second channel 2;
step 5.9, the consensus node forms a new block by the transaction received within a period of time, sends the block to other nodes in the second channel 2 for verification, endorses the block after the verification is passed, generates a new block by means of a specified consensus mode, stores the new block in an application account book of each node of the second channel 2, and updates the world state;
step 5.10, in step 5.8, when the server does not receive the ACK information within the preset time limit, the cache data is directly emptied, and the data packet fails to be sent and is not written into the block chain;
and 5.11, the server replies a response of successful transmission or failed transmission of the data packet to the application program, and the process of downlink data or control instruction is completed.
2. The method for designing and implementing the internet of things-oriented private multi-ledger blockchain system according to claim 1, wherein the step 3 includes the following steps:
step 3.1, the terminal of the Internet of things registers the unique identity and the root key of the terminal of the Internet of things to a server;
step 3.2, the server converts the received identity data of each terminal into a transaction format and sends the transaction format to the consensus node through the first channel 1;
step 3.3, the consensus node forms a new block by the transaction received within a period of time, sends the block to other nodes in the first channel 1 for verification, and endorses the block after the verification is passed;
step 3.4, all nodes achieve consensus by means of an appointed consensus mode, a new block is generated, all nodes in a channel store the newly generated block into an account book, and the world state is updated at the same time; two accounts are designed in a block chain network, namely a session account and an application account respectively store the two types of data of the Internet of things, the accounts are composed of blocks containing transactions, each block is composed of a block head, a plurality of transactions and block metadata, and the current state of the data can be obtained by tracing the transactions, namely the world state; the server returns a registration pass response to the terminal;
step 3.5, the terminal sends a network access request to the gateway, and the request data packet comprises an identity identifier, an MIC (many integrated core) and a random number of the terminal;
step 3.6, the gateway queries a root key from the session book by using the terminal identity identifier, calculates and checks an MIC by using the root key, and performs integrity check on the network access data packet;
step 3.7, when the checking MIC is different from the receiving MIC, discarding the network-accessing data packet;
step 3.8, when the MIC is verified to be the same as the MIC received, the gateway establishes a session with the terminal and generates session data which comprise a network address, physical layer initial configuration information and random numbers, the gateway generates a session key of the terminal by using two groups of random numbers and a root key, and the gateway converts the session data of each terminal into a transaction format and sends the transaction format to the consensus node through the first channel 1;
step 3.9, the consensus node forms a new block by the transaction received within a period of time, sends the block to other nodes in the first channel 1 for verification, endorses the block after the verification is passed, generates a new block by means of a specified consensus mode, stores the new block in a session book of each node, and updates the world state;
step 3.10, the gateway generates a terminal network access permission data packet which comprises a network address of the terminal, physical layer initial configuration information and a random number and returns the network access permission data packet to the terminal;
and 3.11, the terminal generates a session key by means of the two groups of random numbers, applies each parameter configuration of the physical layer, normally reports an application data packet, finishes the network access process of the terminal, and stores the session identity information of the terminal in a block chain so as to ensure the privacy and the non-tamper property of the session data.
3. The method for designing and implementing the internet of things-oriented private multi-ledger blockchain system according to claim 1, wherein the step 4 includes the following steps:
step 4.1, the terminal acquires data by means of a sensor of the terminal, packages the data into a data packet according to a corresponding protocol, calculates an MIC (minimum Integrated core) and encrypts the data packet by using a session key, and sends the data packet to a gateway in a wireless mode;
step 4.2, the gateway receives the terminal data packet and then preliminarily analyzes the data packet to obtain the network address of the terminal;
step 4.3, the gateway reads the session key of the terminal from the session book by depending on the network address, calculates the check MIC of the data packet, and compares the MIC with the received MIC;
step 4.4, when the MICs are different, directly discarding the data packet;
step 4.5, when the MICs are the same, the gateway firstly replies a confirmation message to the terminal, and continues to analyze the data packet to obtain the encrypted application data;
step 4.6, the gateway sends the encrypted application data to a server, and the server records the routing relation between the gateway and the terminal;
step 4.7, the server converts the encrypted application data into a transaction format and sends the transaction format to the consensus node through the second channel 2;
step 4.8, the consensus node forms a new block by the transaction received within a period of time, sends the block to other nodes in the second channel 2 for verification, endorses the block after the verification is passed, generates a new block by means of a specified consensus mode, stores the new block in the application account book of each node of the second channel 2, and updates the world state;
and 4.9, the Internet of things application program located in the server requests the encrypted application data from the blockchain network through the corresponding client or interface and decrypts the data by using the session key to obtain the original application data, subsequent analysis processing and visualization can be performed by using the data according to the application requirement of the Internet of things, and the uplink transmission and chaining process of the application data is finished.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110643533.1A CN113572810A (en) | 2021-06-09 | 2021-06-09 | Method for designing and realizing private multi-account book block chain system for Internet of things |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110643533.1A CN113572810A (en) | 2021-06-09 | 2021-06-09 | Method for designing and realizing private multi-account book block chain system for Internet of things |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113572810A true CN113572810A (en) | 2021-10-29 |
Family
ID=78161866
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110643533.1A Pending CN113572810A (en) | 2021-06-09 | 2021-06-09 | Method for designing and realizing private multi-account book block chain system for Internet of things |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113572810A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114629956A (en) * | 2021-11-26 | 2022-06-14 | 中国银联股份有限公司 | Method and blockchain network for implementing edge computing network acceleration |
| CN116962439A (en) * | 2022-04-14 | 2023-10-27 | 苏州科技大学 | Internet of things data storage and sharing method based on double account books |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109274573A (en) * | 2018-07-12 | 2019-01-25 | 华泰证券股份有限公司 | A kind of immediate news systems, method and application for merging block chain technology |
| CN109302405A (en) * | 2018-10-31 | 2019-02-01 | 北京邮电大学 | Industrial data detection block chain network framework and detection method based on edge calculations |
| CN109768988A (en) * | 2019-02-26 | 2019-05-17 | 安捷光通科技成都有限公司 | Decentralization Internet of Things security certification system, facility registration and identity identifying method |
| CN110351381A (en) * | 2019-07-18 | 2019-10-18 | 湖南大学 | A kind of Distributed data share method that Internet of Things based on block chain is credible |
| CN110365707A (en) * | 2019-07-30 | 2019-10-22 | 广州致链科技有限公司 | Edge calculations gateway and its implementation towards block chain Internet of things system |
| CN111464335A (en) * | 2020-03-10 | 2020-07-28 | 北京邮电大学 | Intelligent service customization method and system for endogenous trusted network |
| WO2020177109A1 (en) * | 2019-03-07 | 2020-09-10 | 北京建极练科技有限公司 | Lot-drawing processing method, trusted chip, node, storage medium and electronic device |
| CN111787114A (en) * | 2020-07-06 | 2020-10-16 | 重庆知翔科技有限公司 | Novel block chain network architecture construction method |
| US20200394183A1 (en) * | 2019-06-12 | 2020-12-17 | Subramanya R. Jois | System and method of executing, confirming and storing a transaction in a serverless decentralized node network |
| CN112600892A (en) * | 2020-12-07 | 2021-04-02 | 北京邮电大学 | Block chain equipment and system for Internet of things and working method |
| CN112804310A (en) * | 2020-12-31 | 2021-05-14 | 河南中盾云安信息科技有限公司 | Multi-chain intelligent security gateway for application of Internet of things and implementation method |
| CN112904734A (en) * | 2020-12-23 | 2021-06-04 | 上海上实龙创智能科技股份有限公司 | Intelligent household appliance control system and method based on Internet of things and block chain double gateways |
-
2021
- 2021-06-09 CN CN202110643533.1A patent/CN113572810A/en active Pending
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109274573A (en) * | 2018-07-12 | 2019-01-25 | 华泰证券股份有限公司 | A kind of immediate news systems, method and application for merging block chain technology |
| CN109302405A (en) * | 2018-10-31 | 2019-02-01 | 北京邮电大学 | Industrial data detection block chain network framework and detection method based on edge calculations |
| CN109768988A (en) * | 2019-02-26 | 2019-05-17 | 安捷光通科技成都有限公司 | Decentralization Internet of Things security certification system, facility registration and identity identifying method |
| WO2020177109A1 (en) * | 2019-03-07 | 2020-09-10 | 北京建极练科技有限公司 | Lot-drawing processing method, trusted chip, node, storage medium and electronic device |
| US20200394183A1 (en) * | 2019-06-12 | 2020-12-17 | Subramanya R. Jois | System and method of executing, confirming and storing a transaction in a serverless decentralized node network |
| CN110351381A (en) * | 2019-07-18 | 2019-10-18 | 湖南大学 | A kind of Distributed data share method that Internet of Things based on block chain is credible |
| CN110365707A (en) * | 2019-07-30 | 2019-10-22 | 广州致链科技有限公司 | Edge calculations gateway and its implementation towards block chain Internet of things system |
| CN111464335A (en) * | 2020-03-10 | 2020-07-28 | 北京邮电大学 | Intelligent service customization method and system for endogenous trusted network |
| CN111787114A (en) * | 2020-07-06 | 2020-10-16 | 重庆知翔科技有限公司 | Novel block chain network architecture construction method |
| CN112600892A (en) * | 2020-12-07 | 2021-04-02 | 北京邮电大学 | Block chain equipment and system for Internet of things and working method |
| CN112904734A (en) * | 2020-12-23 | 2021-06-04 | 上海上实龙创智能科技股份有限公司 | Intelligent household appliance control system and method based on Internet of things and block chain double gateways |
| CN112804310A (en) * | 2020-12-31 | 2021-05-14 | 河南中盾云安信息科技有限公司 | Multi-chain intelligent security gateway for application of Internet of things and implementation method |
Non-Patent Citations (2)
| Title |
|---|
| LU HOU,KAN ZHENG,ZHIMING LIU,XIAOJUN XU, TAO WU,: ""Design and Prototype Implementation of a Blockchain-Enabled LoRa System With Edge Computing"", 《IEEE INTERNET OF THINGS JOURNAL》 * |
| 武韬: ""基于LoRa物联网的私有区块链系统设计与实现"", 《中国优秀硕士学位论文全文数据库-信息科技辑》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114629956A (en) * | 2021-11-26 | 2022-06-14 | 中国银联股份有限公司 | Method and blockchain network for implementing edge computing network acceleration |
| CN114629956B (en) * | 2021-11-26 | 2024-04-16 | 中国银联股份有限公司 | Method and blockchain network for enabling edge computing network acceleration |
| CN116962439A (en) * | 2022-04-14 | 2023-10-27 | 苏州科技大学 | Internet of things data storage and sharing method based on double account books |
| CN116962439B (en) * | 2022-04-14 | 2024-04-30 | 苏州科技大学 | Internet of things data storage and sharing method based on double account books |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021203733A1 (en) | Power edge gateway device and device-based sensor data uplink storage method | |
| Wang et al. | Internet of things | |
| Stojmenovic et al. | An overview of fog computing and its security issues | |
| Ahmed et al. | An energy-efficient data aggregation mechanism for IoT secured by blockchain | |
| CA2604926C (en) | System topology for secure end-to-end communications between wireless device and application data source | |
| CN113765715A (en) | Decentralized data storage and processing for IOT devices | |
| CN111447234B (en) | Block chain structure suitable for edge calculation | |
| CN113572810A (en) | Method for designing and realizing private multi-account book block chain system for Internet of things | |
| CN111526015A (en) | Data acquisition uplink method, device, equipment and storage medium | |
| Germanus et al. | Increasing the resilience of critical scada systems using peer-to-peer overlays | |
| CN112532753B (en) | Data synchronization method, device, medium and electronic equipment of block chain system | |
| CN105306483A (en) | Safe and rapid anonymous network communication method and system | |
| Xue et al. | Research on key technologies of software-defined network based on blockchain | |
| Tawfik et al. | A review: the risks and weakness security on the IoT | |
| Cheung et al. | On virtual private networks security design issues | |
| CN113852544B (en) | Security gateway based on LoraWan and blockchain | |
| CN114024767B (en) | Method for constructing password definition network security system, system architecture and data forwarding method | |
| Zuo et al. | A security-aware software-defined IoT network architecture | |
| Abrar et al. | On IoT and Its Integration With Cloud Computing: Challenges and Open Issues | |
| CN114157487A (en) | Large-scale Internet of things access control method based on block chain technology | |
| US12010251B2 (en) | Electric border gateway device and method for chaining and storage of sensing data based on the same | |
| Raman et al. | Blockchain technology for privacy and security issues and challenges in IOT-based systems | |
| Darla et al. | Survey on Securing Internet of Things through Block chain Technology | |
| Sarkar et al. | A Study of Blockchain-Based Energy-Aware Intelligent Routing Protocols for Wireless Sensor Networks | |
| Zhao et al. | A Trusted and Privacy‐Preserved Dispersed Computing Scheme for the Internet of Mobile Things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211029 |