CN113708939A - Container lock control method and device, container lock and storage medium - Google Patents

Container lock control method and device, container lock and storage medium Download PDF

Info

Publication number
CN113708939A
CN113708939A CN202111267267.3A CN202111267267A CN113708939A CN 113708939 A CN113708939 A CN 113708939A CN 202111267267 A CN202111267267 A CN 202111267267A CN 113708939 A CN113708939 A CN 113708939A
Authority
CN
China
Prior art keywords
unlocking
target
event
physical code
container lock
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111267267.3A
Other languages
Chinese (zh)
Other versions
CN113708939B (en
Inventor
高智敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Benavi Technology Co ltd
Original Assignee
Shenzhen Benavi Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Benavi Technology Co ltd filed Critical Shenzhen Benavi Technology Co ltd
Priority to CN202111267267.3A priority Critical patent/CN113708939B/en
Publication of CN113708939A publication Critical patent/CN113708939A/en
Application granted granted Critical
Publication of CN113708939B publication Critical patent/CN113708939B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00412Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The application discloses a container lock control method, a container lock control device, a container lock and a storage medium, wherein the method comprises the following steps: under the condition that the identity verification of a target user is passed, acquiring a target public key ring and a target physical code corresponding to the container lock from a block chain, and sending the target public key ring and the target physical code corresponding to the container lock to a terminal device of the target user, so that the terminal device generates an unlocking request according to the target public key ring, a private key of the target user and the target physical code; receiving the unlocking request, and verifying the unlocking request by using the target physical code; and if the unlocking request passes the verification, triggering unlocking operation.

Description

Container lock control method and device, container lock and storage medium
Technical Field
The invention relates to the technical field of block chains, in particular to a container lock control method and device, a container lock and a storage medium.
Background
At present, in the marine transportation industry, traditional container locks (lead sealing) are the mainstream method for ensuring the integrity of the containers. Each lead seal is provided with a seal number, and the seal number is recorded and documented by a monitoring person when the lead seal is packaged. The lead seal is designed to be locked and unlocked only, and can be removed only through external force damage. In the case of no or damaged lead seal, the container may be considered to be non-integrity except for the final recipient's sign-on link, and the recipient may be entitled to rejection.
The lead seal has a simple structure, is easy to copy and manufacture, and the lead seal number is usually recorded through a paper form and needs to be manually checked in accident investigation, so that the timeliness of complaint solution is reduced. Therefore, the container using the lead seal is inconvenient to manage, low in safety and high in accident investigation and responsibility determination difficulty.
Disclosure of Invention
The application provides a container lock control method and device, a container lock and a storage medium.
In a first aspect, a container lock control method is provided, which is applied to a container lock, and includes:
under the condition that the identity verification of a target user is passed, acquiring a target public key ring and a target physical code corresponding to the container lock from a block chain, and sending the target public key ring and the target physical code corresponding to the container lock to a terminal device of the target user, so that the terminal device generates an unlocking request according to the target public key ring, a private key of the target user and the target physical code;
receiving the unlocking request, and verifying the unlocking request by using the target physical code;
and if the unlocking request passes the verification, triggering unlocking operation.
In a second aspect, an instruction processing apparatus for module communication is provided, including:
the acquisition module is used for acquiring a target public key ring and a target physical code corresponding to the container lock from the block chain under the condition that the identity authentication of the target user passes;
the transmission module is used for sending a target public key ring and a target physical code corresponding to the container lock to the terminal equipment of the target user so that the terminal equipment generates an unlocking request according to the target public key ring, the private key of the target user and the target physical code;
the transmission module is also used for receiving the unlocking request;
the verification module is used for verifying the unlocking request by using the target physical code;
and the control module is used for triggering unlocking operation if the unlocking request passes the verification.
In a third aspect, there is provided a container lock comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps as in the first aspect and any one of its possible implementations.
In a fourth aspect, there is provided a computer storage medium storing one or more instructions adapted to be loaded by a processor and to perform the steps of the first aspect and any possible implementation thereof.
The container lock control method provided by the embodiment of the application is applied to a container lock, and comprises the steps of acquiring a target public key ring and a target physical code corresponding to the container lock from a block chain under the condition that the identity verification of a target user passes, and sending the target public key ring and the target physical code corresponding to the container lock to a terminal device of the target user, so that the terminal device generates an unlocking request according to the target public key ring, a private key of the target user and the target physical code; receiving the unlocking request, and verifying the unlocking request by using the target physical code; if the unlocking request passes the verification, the unlocking operation is triggered, the characteristics of the block chain are utilized, the container lock is verified when the unlocking request is received every time, the container lock is unlocked after passing the verification, the safety is high, the integrity of the container can be guaranteed, the management is convenient, a powerful clue can be provided for accident investigation or complaint solution based on the block chain record information, and the timeliness of the process is enhanced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments or the background art of the present application, the drawings required to be used in the embodiments or the background art of the present application will be described below.
Fig. 1 is a schematic structural diagram of a container lock according to an embodiment of the present disclosure;
fig. 2 is a schematic flow chart of a container lock control method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a container lock control device based on a block chain according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," and the like in the description and claims of the present application and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
The embodiments of the present application will be described below with reference to the drawings.
To illustrate the method in the embodiments of the present application more clearly, a general design of a container lock is first introduced.
The software part in the application can comprise three modules of identity authentication, communication and trusted event storage. The software can be burned in a system on chip (SoC), the software part comprises an open source real-time embedded operating system (MBEDOS), and the SoC is an ARM Cortex-M architecture chip with a Trusted Execution Environment (TEE) technology. The trusted execution environment is an isolated area directly managed by the processor, and the code running in the trusted execution environment is completely isolated from the system to ensure privacy, such as the security of a private key.
The storage module (for example, a Micro SD card can be used) in the embodiment of the present application reserves a trusted event storage space for recording all event records (for example, an on-off lock event, a sensor data event, and the like) of the lock.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a container lock according to an embodiment of the present application, as shown in fig. 1, including a wire 1, a chip 2, a detection module 3, a communication module 4, and a power supply module 5.
The chip 2 may be the SoC, or may select other chip types according to the requirement, which is not limited herein.
The physical state of the lock in the embodiment of the present application at least includes two types, i.e., open or closed, and the detection module 3 in the container lock can detect the physical state (open or closed) of the lock, mainly based on the following: if the lock is in an open state, the conducting wire 1 is electrified, otherwise, the conducting wire is not electrified.
In conjunction with the software portion, the lock may have three virtual states:
if the conducting wire 1 is in a power-on state (the detection module 3 detects a high level), the lock is closed.
If the conductor 1 is powered down (the detection module 3 detects a low level), the last event is read from the trusted event store.
If the last event is unlocking, the lock is in a normal open state.
If the last event was a close, the lock is in an abnormal open state, at which point the lock may have been forced open or broken. This aspect may also refer to the relevant steps described in the embodiment shown in fig. 2.
In an alternative embodiment, the detection module 3 is implemented using a D flip-flop. The clock end of the D flip-flop is synchronous with the CPU clock on the SoC. In the state that the lock is closed, the input end of the D trigger is 5V or 3.3V voltage required by the chip. To accurately detect the low level, the input pin of the D flip-flop should be connected to the pull-down resistor and to ground when the conductor 1 is powered down.
In an alternative embodiment, the communication module 4 may use a bluetooth communication module, such as bluetooth low energy BLE5.0, which conforms to Beacon standard and has the capability of listening to bluetooth broadcast. At the software level, the privacy and the safety of communication are ensured by encrypting a channel. Optionally, in the embodiment of the present application, a communication module in another communication mode may also be selected.
The communication module 4 has the following two functions:
1. collecting data of sensors (such as container thermometers, hygrometers and the like) and storing the data in a credible event storage space;
2. and transmitting the event back to the block chain through a terminal device (such as a smart phone).
Optionally, the container lock in the embodiment of the present application may be provided with a specific power supply module 5 as needed. For example, in one practical embodiment, the overall system current is 2.8 microamps and the full load is about 2.88 milliamps in the standby state, and the power consumption is 2.94 milliamps per day under an estimation of an average full load of 1 hour per day, taking into account energy consumption; the system voltage is 3.3V, rechargeable lithium thionyl chloride cells can be used in the examples of this application, with an energy density of about 500wh/kg, sufficient to support most marine cycles. Any standard charging circuit can be used for the power supply module 5, which is not limited in this embodiment of the present application.
Referring to fig. 2, fig. 2 is a schematic flow chart of a container lock control method according to an embodiment of the present application. The method can comprise the following steps:
201. and under the condition that the identity verification of the target user is passed, acquiring a target public key ring and a target physical code corresponding to the container lock from the block chain, and sending the target public key ring and the target physical code corresponding to the container lock to the terminal equipment of the target user, so that the terminal equipment generates an unlocking request according to the target public key ring, the private key of the target user and the target physical code.
The container lock control method in the present application can be used in an open/close control process of a container lock, which mainly involves two ends:
the user (terminal device), as a controller of the container lock, may control the container lock through the terminal device, which may be a mobile terminal. The user may be a maritime worker, and may use an Application program (App) on the terminal device to interact and control with the container lock through a communication method such as bluetooth.
The execution subject of the container lock control method in the present application is a container lock, such as the one shown in fig. 1. The container lock comprises a controller (chip), and the controller controls and executes a software method so as to realize the container lock control method in the embodiment of the application.
In the embodiment of the present application, the identity verification in the container lock may adopt a linkable ring signature algorithm. The ring signature mechanism can guarantee the identity privacy of the participants by considering the environmental characteristics of the shipping container lock (such as a plurality of participating roles in the block chain). For a maritime alliance consisting of a plurality of participants (a ship company, a trailer company and the like), the cooperation inside the alliance and the game are also achieved, and in some scenes, the protection of the identity of a user is very necessary. The traditional ring signature mechanism does not have a third party (a party without a data signature ring) capable of opening a signature, and a scheme with responsibility relevance and defamation resistance is adopted in the embodiment of the application, namely two ring signatures generated based on the same public key list can judge whether the two ring signatures come from the same signer, so that responsibility tracing is facilitated, and the signer is prevented from being turned to 35820 and trap.
The target user is a user who arbitrarily controls the container lock (to open or close), such as a maritime practitioner.
Firstly, a target user can acquire a historical physical code, namely an old physical code (PKlock _ old) of a lock, from a container lock through terminal equipment, and can inquire whether the related last marine transaction is completed through the old physical code of the lock; if not, the operation cannot be continued; if the authentication is finished, the authentication process is continued. If the lock is a new lock, the old physical code is set when the lock leaves the factory.
The container lock can perform identity authentication on a target user, and specifically, the container lock can perform identity authentication through patent CN112307445B (a block chain-based identity management method and apparatus, hereinafter referred to as an identity management apparatus). If the verification fails, the operation cannot be continued. If the verification is passed, the old physical code of the lock is uploaded to the blockchain for tracing.
In one embodiment, the unlocking request includes a digital signature of the target user, and the digital signature is generated by encrypting a digest of the target physical code with a private key of the target user and the target public key ring.
Specifically, the target user encrypts the digest hash of the target physical code PKlock by using a private key SKop and a public key ring Ringc of the target user through a linkable ring signature algorithm to generate a digital signature s, and the digital signature s is packaged into an unlocking request and sent to the lock.
In an optional implementation manner, in the case that the target user passes the authentication, the method further includes:
acquiring an initialization ciphertext from the terminal device, wherein the initialization ciphertext is encrypted by using a historical physical code acquired by the terminal device from the container lock;
decrypting the initialization ciphertext according to the historical physical code to obtain the target public key ring, the target physical code and a private key corresponding to the target physical code;
storing the target public key ring, the private key corresponding to the target physical code;
and storing an initialization event in the blockchain, wherein the initialization event comprises an initialization operation identifier, the target public key ring, the target physical code, an initialization operation time and a digital signature of an initialization operator.
Specifically, after the authentication is passed, the lock initialization process may be started. The initialization steps are as follows:
the target physical code, i.e. the new physical code of the lock (public key PKlock in the new RSA key pair), the target public key ring in the ring signature (Ringpk) is generated at the terminal device and compressed to a constant length (Ringc) by the accumulator. The target public key ring in the ring signature consists of the public keys of all participants participating in the current shipment (PK 1 … n) and the new physical code of the lock (PKlock). By the accumulator technology in cryptography, the public key ring can be compressed into a constant length for storage in the internet of things device (in the invention, the container lock). The constant public key ring (Ringc), the public key (pkop, belonging to PK1 … n) of the operator, the new physical code (PKlock) and the private key (SKlock) corresponding to the new physical code are RSA encrypted by the old physical code (PKlock _ old), and the initialization ciphertext m is generated and sent back to the lock.
After receiving the initialization ciphertext m, the lock reads a private key (SKlock _ old) corresponding to the old physical code (in the TEE), and decrypts the ciphertext m to obtain a constant public key ring (Ringc), a public key (pkop), a new lock physical code (PKlock) and a private key (SKlock) corresponding to the new physical code. The private key SKlock, the public key ring (Ringc), and the new physical code (PKlock) corresponding to the new physical code will replace the old private key SKlock _ old, the old public key ring, and the old physical code (PKlock _ old) stored originally.
The initialization event (event 0) can be stored in a trusted event storage space after being encrypted by a private key SKlock corresponding to the new physical code. For example, the system may include an initialization operation identifier (ID of the initialization operation), the target public key ring (Ringc), the target physical code (PKlock), an initialization operation time (Unix timestamp), and a digital signature of an initialization operator, and a clear text format of a specific event may be as shown in table 1:
operation ID Operation value Time of operation Operator
ID of initialization operation Public key ring (Ringc), new physical code PKlock Unix time stamp Operator ring digital signature
TABLE 1
Optionally, the initialization event may be transmitted to the terminal device, and may be uploaded to the block chain through the network for tracing.
Optionally, the method for generating the digital signature in the embodiment of the present application may not be a ring signature, that is, may replace another digital signature such as an algorithm based on RSA and the like.
202. And receiving the unlocking request, and verifying the unlocking request by using the target physical code.
After receiving the unlocking request of the terminal device, the container lock can acquire and verify the unlocking request by using a target physical code, mainly verifying a digital signature therein, and if the verification is passed, executing step 203; if the verification is passed, the step 203 is not executed, that is, the unlocking failure is prompted, and the operation of the current unlocking failure is recorded (the illegal unlocking event is recorded).
In an optional implementation, the verifying the unlocking request by using the target physical code includes:
calculating to obtain a decryption abstract according to the digital signature;
calculating the abstract of the target physical code, and if the decrypted abstract is the same as the abstract of the target physical code, the unlocking request passes verification; otherwise, the verification is not passed.
Specifically, after the lock receives the unlocking request, all encrypted data in the digital signature s are calculated, and the digest h' of the physical code is restored. The lock acquires a physical code from the TEE and calculates a summary h, and if h = h', the verification is passed; otherwise, the verification is not passed.
203. And if the unlocking request passes the verification, triggering unlocking operation.
In an optional embodiment, the method further comprises:
generating an unlocking event corresponding to the unlocking request, wherein the unlocking event comprises an unlocking operation identifier, an unlocking operation value, unlocking operation time and a digital signature of an unlocking operator;
and after the unlocking event is encrypted by a private key corresponding to the target physical code, the unlocking event is stored in a trusted event storage space of the block chain.
Whether the unlocking event is successful or not, the unlocking event is encrypted by a private key SKlock corresponding to the new physical code and then stored in a trusted event storage space. The specific event plaintext format may be as shown in table 2:
operation ID Operation value Time of operation Operator
ID of unlocking operation 0= reject; 1= success Unix time stamp Operator ring digital signature
TABLE 2
Likewise, an unlocking event may be transmitted to the terminal device and may be uploaded to the blockchain over the network for traceability purposes.
In the embodiment of the application, after the unlocking event is recorded and uploaded, if the verification is passed, the unlocking is performed, and at this time, the low level input of a detection module (as marked by a label 3 in fig. 1) is triggered; and if the verification fails, the unlocking is refused.
Optionally, the method further includes:
under the condition that the container lock is detected to be in an unlocking state, inquiring whether the last event type is an unlocking event or not in the trusted event storage space;
and if the last event type is not the unlocking event, generating and storing an illegal unlocking event in the block chain, wherein the illegal unlocking event comprises an illegal unlocking operation identifier, an illegal unlocking operation value, illegal unlocking operation time and a digital signature of a last locking operator.
The container lock in the embodiment of the application further comprises an illegal unlocking recording function. Specifically, when the detection module (as labeled 3 in fig. 1) detects a low level, the last event of the unlocking event is read from the trusted event storage. If the last event type is an unlocking event, no operation is performed; otherwise, the unlocking event is determined to be an illegal unlocking event (the lock may be damaged), and the event can be encrypted by a private key SKlock corresponding to the new physical code and then stored in a trusted event storage space. The specific event plaintext format may be as shown in table 3:
operation ID Operation value Time of operation Operator
ID of illegal unlocking operation 0= illegal Unix time stamp Ring digital signature of last lock operator
TABLE 3
In an optional embodiment, the method further comprises:
after the lock closing operation is detected, a lock closing event is encrypted through a private key corresponding to the target physical code and then stored in the trusted event storage space of the block chain, wherein the lock closing event comprises a lock closing operation identifier, a lock closing operation value, lock closing operation time and a digital signature of a lock closing operator.
Further optionally, after detecting the locking operation, the method further includes:
inquiring the last event type of the locking operation in the trusted event storage space;
if the last event type is an unlocking event, the locking operation value indicates legality;
and if the last event type is a lock closing event, the lock closing operation value indicates that the lock closing event is illegal, and a notification is sent based on the intelligent contract in the block chain, wherein the notification indicates that the lock closing event is illegal.
The user returns the lock to the physically closed state, at which point the detection module (labeled 3 in fig. 1) detects a high level and notifies the recording of a lock-off event.
If the last event type before the lock closing event recorded in the trusted event storage space is an unlocking event, the lock closing event is encrypted by a private key SKlock corresponding to the new physical code and then stored in the trusted event storage space. The specific event plaintext format may be as shown in table 4:
operation ID Operation value Time of operation Operator
ID of locking operation 1= legal Unix time stamp Ring digital signature for lock operator
TABLE 4
If the last event type recorded in the trusted event storage space is a lock closing event, the lock closing event is illegal, and the lock closing event can be encrypted through a new physical code PKlock and then stored in the trusted event storage space. The specific event plaintext format may be as shown in table 5:
operation ID Operation value Time of operation Operator
ID of locking operation 0= illegal Unix time stamp Ring digital signature for lock operator
TABLE 5
Optionally, in this embodiment of the application, the trusted event storage space is composed of a trusted execution environment TEE provided by ARM Cortex-M23, an EPROM, and an external storage device Micro SD card, and the trusted event storage space may be replaced by another scheme as needed.
At present, in the marine transportation industry, traditional container locks (lead sealing) are the mainstream method for ensuring the integrity of the containers. Each lead seal is provided with a seal number, and the seal number is recorded and documented by a monitoring person when the lead seal is packaged. The lead seal can only be locked and can not be unlocked during design, and can only be detached through external force damage. In the case of a lead-free or broken seal, the container may be considered to be non-integrity except for the final recipient's sign-on link and all recipients may be entitled to rejection.
In the embodiment of the application, the container lock (chain lock) interacting with the block chain compresses and encrypts the public key (such as a sender, a receiver, a shipper, an inspector and the like) of a participant related to the container and the hardware code of the participant through a ring signature and accumulator encryption technology to generate a signature ring with a fixed length. And uploading information (such as position, temperature and humidity in the container and the like) related to the identity verification result and the container to the block chain at each check point (comprising a fixed check point and a timing check point). All maritime participants can query the location of the container, the current carrier, and the integrity of the container in real time through the block chain. To ensure the integrity of the container, each time the chain lock is opened or broken, the hardware code itself is changed.
In the embodiment of the application, under the condition that the identity verification of a target user passes, a target public key ring and a target physical code corresponding to the container lock are obtained from a block chain, and the target public key ring and the target physical code corresponding to the container lock are sent to the terminal equipment of the target user, so that the terminal equipment generates an unlocking request according to the target public key ring, the private key of the target user and the target physical code; receiving the unlocking request, and verifying the unlocking request by using the target physical code; if the unlocking request passes the verification, the unlocking operation is triggered, the characteristics of the block chain are utilized, the container lock is verified when the unlocking request is received every time, the container lock is unlocked after passing the verification, the safety is high, the integrity of the container can be guaranteed, the management is convenient, and a powerful clue can be provided for accident investigation or complaint solution based on the block chain record information.
Based on the description of the container lock control method embodiment, the embodiment of the application also discloses a container lock control device based on the block chain. Referring to fig. 3, the block chain-based container lock control apparatus 300 includes:
an obtaining module 310, configured to obtain, from a block chain, a target public key ring and a target physical code corresponding to the container lock when the identity authentication of the target user passes;
a transmission module 320, configured to send a target public key ring and a target physical code corresponding to the container lock to a terminal device of the target user, so that the terminal device generates an unlocking request according to the target public key ring, the private key of the target user, and the target physical code;
the transmission module 320 is further configured to receive the unlocking request;
a verification module 330, configured to verify the unlocking request by using the target physical code;
and the control module 340 is configured to trigger an unlocking operation if the unlocking request passes the verification.
Optionally, a storage module 350 is further included, configured to store the unlocking event corresponding to the unlocking request in the blockchain.
According to an embodiment of the present application, the steps involved in the method shown in fig. 2 may be performed by the modules in the block chain-based container lock control device 300 shown in fig. 3, and are not described herein again.
The container lock control device 300 based on the block chain in the embodiment of the present application may acquire the target public key ring and the target physical code corresponding to the container lock from the block chain under the condition that the identity verification of the target user passes, and send the target public key ring and the target physical code corresponding to the container lock to the terminal device of the target user, so that the terminal device generates an unlocking request according to the target public key ring, the private key of the target user, and the target physical code; receiving the unlocking request, and verifying the unlocking request by using the target physical code; if the unlocking request passes the verification, the unlocking operation is triggered, the characteristics of the block chain are utilized, the container lock is verified when the unlocking request is received every time, the container lock is unlocked after passing the verification, the safety is high, the integrity of the container can be guaranteed, the management is convenient, a powerful clue can be provided for accident investigation or complaint solution based on the block chain record information, and the timeliness of the process is enhanced.
Based on the description of the above container lock control method embodiment, the embodiment of the present application further discloses a container lock, which may include a memory and a processor, where the memory stores a computer program. Wherein, each component unit in the container lock can be connected through a bus or other modes.
A computer storage medium may be stored in the memory of the container lock, the computer storage medium being configured to store a computer program comprising program instructions, the processor being configured to execute the program instructions stored by the computer storage medium. The processor (or CPU) is a computing core and a control core of the container lock, and is adapted to implement one or more instructions, and in particular, is adapted to load and execute the one or more instructions so as to implement a corresponding method flow or a corresponding function; in an embodiment, the processor described above in this embodiment of the present application may be configured to perform a series of processes, including the steps involved in the method shown in fig. 2, which are not described herein again.
An embodiment of the present application further provides a computer storage medium (Memory), which is a Memory device in an electronic device (container lock) and is used to store programs and data. It is understood that the computer storage medium herein may include both a built-in storage medium in the electronic device and, of course, an extended storage medium supported by the electronic device. Computer storage media provide storage space that stores an operating system for an electronic device. Also stored in the memory space are one or more instructions, which may be one or more computer programs (including program code), suitable for loading and execution by the processor. The computer storage medium may be a high-speed RAM memory, or may be a non-volatile memory (non-volatile memory), such as at least one disk memory; and optionally at least one computer storage medium located remotely from the processor.
In one embodiment, one or more instructions stored in a computer storage medium may be loaded and executed by a processor to perform the corresponding steps in the above embodiments; in a specific implementation, one or more instructions in the computer storage medium may be loaded by the processor and perform the steps involved in the method shown in fig. 2, which are not described herein again.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses and modules may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the division of the module is only one logical division, and other divisions may be possible in actual implementation, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not performed. The shown or discussed mutual coupling, direct coupling or communication connection may be an indirect coupling or communication connection of devices or modules through some interfaces, and may be in an electrical, mechanical or other form.
Modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions according to the embodiments of the present application are wholly or partially generated when the computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on or transmitted over a computer-readable storage medium. The computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)), or wirelessly (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The usable medium may be a read-only memory (ROM), or a Random Access Memory (RAM), or a magnetic medium, such as a floppy disk, a hard disk, a magnetic tape, a magnetic disk, or an optical medium, such as a Digital Versatile Disk (DVD), or a semiconductor medium, such as a Solid State Disk (SSD).

Claims (11)

1. A container lock control method is characterized by being applied to a container lock, and the method comprises the following steps:
under the condition that the identity verification of a target user is passed, acquiring a target public key ring and a target physical code corresponding to the container lock from a block chain, and sending the target public key ring and the target physical code corresponding to the container lock to a terminal device of the target user, so that the terminal device generates an unlocking request according to the target public key ring, a private key of the target user and the target physical code;
receiving the unlocking request, and verifying the unlocking request by using the target physical code;
and if the unlocking request passes the verification, triggering unlocking operation.
2. The container lock control method according to claim 1, wherein the unlocking request includes a digital signature of the target user, and the digital signature is generated by encrypting a digest of the target physical code by a private key of the target user and the target public key ring.
3. The container lock control method according to claim 2, wherein the verifying the unlocking request using the target physical code includes:
calculating to obtain a decryption abstract according to the digital signature;
calculating the abstract of the target physical code, and if the decrypted abstract is the same as the abstract of the target physical code, the unlocking request passes verification; otherwise, the verification is not passed.
4. The container lock control method according to claim 1, wherein in a case where the authentication of the target user is passed, the method further comprises:
acquiring an initialization ciphertext from the terminal equipment, wherein the initialization ciphertext is encrypted by using a historical physical code acquired by the terminal equipment from the container lock;
decrypting the initialization ciphertext according to the historical physical code to obtain the target public key ring, the target physical code and a private key corresponding to the target physical code;
storing the target public key ring, the target physical code and a private key corresponding to the target physical code;
storing an initialization event in the blockchain, wherein the initialization event comprises an initialization operation identifier, the target public key ring, the target physical code, an initialization operation time and a digital signature of an initialization operator.
5. The container lock control method according to claim 4, further comprising:
generating an unlocking event corresponding to the unlocking request, wherein the unlocking event comprises an unlocking operation identifier, an unlocking operation value, unlocking operation time and a digital signature of an unlocking operator;
and after the unlocking event is encrypted by a private key corresponding to the target physical code, storing the encrypted unlocking event in a trusted event storage space of the block chain.
6. The container lock control method according to any one of claims 1 to 5, further comprising:
after the locking operation is detected, a locking event is encrypted through a private key corresponding to the target physical code and then stored in a trusted event storage space of the block chain, wherein the locking event comprises a locking operation identifier, a locking operation value, locking operation time and a digital signature of a locking operator.
7. The container lock control method according to claim 6, wherein after the lock-closing operation is detected, the method further comprises:
querying the last event type of the locking operation in the trusted event storage space;
if the last event type is an unlocking event, the locking operation value indicates legality;
and if the last event type is a lock closing event, the lock closing operation value indicates that the lock closing event is illegal, sending a notification based on the intelligent contract in the block chain, wherein the notification indicates that the lock closing event is illegal.
8. The container lock control method according to claim 1, further comprising:
under the condition that the container lock is detected to be in an unlocking state, inquiring whether the last event type is an unlocking event;
and if the last event type is not the unlocking event, generating and storing an illegal unlocking event in the block chain, wherein the illegal unlocking event comprises an illegal unlocking operation identifier, an illegal unlocking operation value, illegal unlocking operation time and a digital signature of a last lock closing operator.
9. A container lock control device based on a block chain is characterized by comprising:
the acquisition module is used for acquiring a target public key ring and a target physical code corresponding to the container lock from the block chain under the condition that the identity authentication of the target user passes;
the transmission module is used for sending a target public key ring and a target physical code corresponding to the container lock to the terminal equipment of the target user so that the terminal equipment generates an unlocking request according to the target public key ring, the private key of the target user and the target physical code;
the transmission module is also used for receiving the unlocking request;
the verification module is used for verifying the unlocking request by using the target physical code;
and the control module is used for triggering unlocking operation if the unlocking request passes the verification.
10. A container lock, characterized by comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of the container lock control method according to any one of claims 1 to 8.
11. A computer-readable storage medium, characterized in that a computer program is stored which, when being executed by a processor, causes the processor to carry out the steps of the container lock control method according to any one of claims 1 to 8.
CN202111267267.3A 2021-10-29 2021-10-29 Container lock control method and device, container lock and storage medium Active CN113708939B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111267267.3A CN113708939B (en) 2021-10-29 2021-10-29 Container lock control method and device, container lock and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111267267.3A CN113708939B (en) 2021-10-29 2021-10-29 Container lock control method and device, container lock and storage medium

Publications (2)

Publication Number Publication Date
CN113708939A true CN113708939A (en) 2021-11-26
CN113708939B CN113708939B (en) 2022-02-08

Family

ID=78647479

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111267267.3A Active CN113708939B (en) 2021-10-29 2021-10-29 Container lock control method and device, container lock and storage medium

Country Status (1)

Country Link
CN (1) CN113708939B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170324717A1 (en) * 2010-04-30 2017-11-09 T-Central, Inc. System and Method to Enable PKI- and PMI- Based Distributed Locking of Content and Distributed Unlocking of Protected Content and/or Scoring of Users and/or Scoring of End-Entity Access Means-Added
WO2018113181A1 (en) * 2016-12-23 2018-06-28 上海新微技术研发中心有限公司 Electronic lock and digital authentication method of same
CN108269334A (en) * 2018-01-10 2018-07-10 北京小米移动软件有限公司 Method for unlocking, terminal device and smart lock
EP3352142A1 (en) * 2017-01-20 2018-07-25 Gunnebo Deutschland GmbH Devices, systems and method for unlocking a lock of a lock system
CN110766524A (en) * 2019-10-25 2020-02-07 浙江大华技术股份有限公司 Online booking self-service check-in method and storage device
US10745943B1 (en) * 2017-08-02 2020-08-18 United Services Automobile Associates (USAA) Smart lock box

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170324717A1 (en) * 2010-04-30 2017-11-09 T-Central, Inc. System and Method to Enable PKI- and PMI- Based Distributed Locking of Content and Distributed Unlocking of Protected Content and/or Scoring of Users and/or Scoring of End-Entity Access Means-Added
WO2018113181A1 (en) * 2016-12-23 2018-06-28 上海新微技术研发中心有限公司 Electronic lock and digital authentication method of same
EP3352142A1 (en) * 2017-01-20 2018-07-25 Gunnebo Deutschland GmbH Devices, systems and method for unlocking a lock of a lock system
US10745943B1 (en) * 2017-08-02 2020-08-18 United Services Automobile Associates (USAA) Smart lock box
CN108269334A (en) * 2018-01-10 2018-07-10 北京小米移动软件有限公司 Method for unlocking, terminal device and smart lock
CN110766524A (en) * 2019-10-25 2020-02-07 浙江大华技术股份有限公司 Online booking self-service check-in method and storage device

Also Published As

Publication number Publication date
CN113708939B (en) 2022-02-08

Similar Documents

Publication Publication Date Title
US20210176073A1 (en) Providing security in an intelligent electronic device
US10044696B2 (en) Simplified sensor integrity
US10193858B2 (en) Attestation device custody transfer protocol
US7735132B2 (en) System and method for encrypted smart card PIN entry
US10303860B2 (en) Security through layers in an intelligent electronic device
CN104618115B (en) ID card information acquisition methods and system
US20200106775A1 (en) Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium
CN113708940B (en) Container lock data processing method, related equipment and storage medium
CN108347361B (en) Application program testing method and device, computer equipment and storage medium
CN103281299B (en) A kind of ciphering and deciphering device and information processing method and system
US11734396B2 (en) Security through layers in an intelligent electronic device
CN110381075B (en) Block chain-based equipment identity authentication method and device
CN106101160A (en) A kind of system login method and device
CN104281903A (en) Electric automobile battery safety processing method and battery safety management device
CN102082669A (en) Security certification method and device
US9756044B2 (en) Establishment of communication connection between mobile device and secure element
CN113708939B (en) Container lock control method and device, container lock and storage medium
CN106503529A (en) A kind of cloud storage system based on fingerprint
CN107665311A (en) Authentication Client, encryption data access method and system
CN109302442A (en) A kind of data storage method of proof and relevant device
EP3086583B1 (en) Wireless terminal network locking method and system
CN103782304B (en) The method of pre-configured key during for manufacture
CN105871548B (en) The processing method of household appliance, Cloud Server and the debugging of family's power information
CN112948808B (en) Authorization management method and system, authorization management device and embedded device
US20120331290A1 (en) Method and Apparatus for Establishing Trusted Communication With External Real-Time Clock

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant