CN113779605A - Industrial internet Handle identification system analysis authentication method based on alliance chain - Google Patents
Industrial internet Handle identification system analysis authentication method based on alliance chain Download PDFInfo
- Publication number
- CN113779605A CN113779605A CN202111073607.9A CN202111073607A CN113779605A CN 113779605 A CN113779605 A CN 113779605A CN 202111073607 A CN202111073607 A CN 202111073607A CN 113779605 A CN113779605 A CN 113779605A
- Authority
- CN
- China
- Prior art keywords
- node
- consensus
- user
- nodes
- chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000004458 analytical method Methods 0.000 title claims abstract description 43
- 238000003860 storage Methods 0.000 claims abstract description 28
- 238000012797 qualification Methods 0.000 claims abstract description 14
- 230000007246 mechanism Effects 0.000 claims abstract description 10
- 238000012795 verification Methods 0.000 claims description 13
- 230000008569 process Effects 0.000 claims description 12
- 238000004891 communication Methods 0.000 claims description 6
- 238000012856 packing Methods 0.000 claims description 3
- 238000013077 scoring method Methods 0.000 claims description 3
- 238000012550 audit Methods 0.000 abstract description 3
- 238000004364 calculation method Methods 0.000 abstract description 2
- 238000004806 packaging method and process Methods 0.000 abstract 1
- 238000007726 management method Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000005304 joining Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009776 industrial production Methods 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an industrial internet Handle identification system analysis authentication method based on a alliance chain, which comprises the following steps: the method comprises the steps of constructing an alliance chain structure, setting an access node by an industrial internet identification analysis access mechanism to verify the qualification of entering an alliance chain, writing the identity information of a user node into a distributed database under the chain by a storage node, maintaining an alliance chain account book by a consensus node, and packaging the node ID and the identity information hash value into a block uplink. When a user node requests an industrial Internet identification analysis service, the admission qualification of a alliance chain is obtained first, and the admission qualification can be obtained after the admission node audits and the consensus node records the uplink. The user node can request service from the Handle system after obtaining the admission qualification of the alliance chain, the user node can request service from the system node, the system node respectively obtains the identity information hash value and specific identity information from the alliance chain account book and the admission node, and the identity of the user node can be verified after calculation and comparison.
Description
Technical Field
The invention belongs to the technical field of industrial internet management, and relates to an industrial internet authentication method based on a alliance chain.
Background
At present, the rapid development of industrial internet construction in China becomes an important aid for promoting the transformation and upgrading of industries, and an industrial internet identification analysis system is the most important infrastructure of the system, provides coding, registration and analysis services for industrial equipment, machines, materials, parts and products, is a link for realizing the cooperation of industrial internet key elements such as platforms, networks, equipment, control, data and the like, and is a key measure for solving information islands in different industries and different enterprises.
Currently, an identifier resolution system mainly used in China is a Handle system, the Handle system is a global distributed general identifier service system, and the method is proposed in 1994 and aims to provide efficient, extensible and safe global identifier resolution service. The Handle system adopts a layered service model and has no single node. The top layer is a plurality of parallel Global Handle Registries (GHRs), and data among the GHRs are communicated synchronously, equally and constantly; the lower layer is Local Handle Service (LHS). The industrial internet identification analysis system using the Handle system in China comprises international root nodes (responsible for providing public root zone data management and root analysis service to the global scope), national top-level nodes (responsible for domestic top-level identification code registration and identification analysis service, identification filing, authentication and the like), second-level nodes (mainly referring to industrial nodes, responsible for identification code registration and identification analysis service in industry or region, identification service management and application docking service), enterprise nodes (own nodes of enterprises, also called third-level nodes, responsible for identification code registration and identification analysis service of enterprises), recursive analysis nodes (providing uniform entrance for industrial internet terminals, and improving identification analysis service performance through technologies such as caching), and clients (users of identification data or management terminals of identification analysis nodes).
The Handle system is a flat layered service model. The security authentication mechanism of the Handle system comprises administrator and Authority design, client identity security, operation legal security and the like, and the mechanisms are mainly based on a traditional centralized Certificate Authority (CA) as a trusted third party to take charge of security authentication in an industrial internet analysis scene. At present, network security problems in the industrial internet are frequent, the traditional trusted third party CA authentication is easily attacked, the malicious attack resistance is poor, and security risks such as resource abuse, data leakage, data tampering, identity spoofing and the like are caused.
Based on the technical scheme, the block chain technology is used in the field of industrial internet identification analysis authentication, is derived from digital encryption currency, has the advantages of decentralization, distrust, data non-falsification, traceability and the like, and can effectively solve the safety problem in the traditional centralization CA authentication. However, in an industrial internet environment, the amount of identification registration and analysis data is large, a certain throughput needs to be guaranteed while security is guaranteed, the traditional blockchain transaction amount starting from bitcoin is limited, resource consumption is large, and the method is not suitable for the current industrial internet environment. When blockchains are used for industrial internet authentication, the storage scheme must be improved to support large amounts of data while not wasting network bandwidth and blocky storage resources. The patent (an industrial internet identity authentication method based on a block chain, CN 111818056A) applied by hudong et al uses a block chain for industrial internet authentication, and completes registration and authentication of nodes and issuance of Token by using double-chain interaction, however, double-chain interaction is complex and cannot meet the requirement of large-scale identification analysis.
Disclosure of Invention
The invention aims to overcome the problems in the prior art and provides an industrial internet Handle identification system authentication method based on a alliance chain. By adopting the invention, a large amount of authentication data can be processed, high transaction amount is ensured, and meanwhile, the identity authentication information is ensured not to be tampered by using the block chain.
In order to realize the purpose of the invention, the technical scheme adopted by the invention is as follows:
an industrial internet Handle identification system analysis authentication method based on a alliance chain comprises the following steps:
step one, constructing a alliance chain authentication framework;
and step two, the established alliance chain authentication architecture realizes the registration and authentication requests of the user nodes.
In the first step, the alliance chain authentication architecture consists of an industrial internet identification analysis admission mechanism, a down-chain distributed storage system, an alliance chain and a Handle system; the industrial Internet identification analysis admission mechanism authenticates the qualification of a specific industry or enterprise entering a alliance chain, and the industrial Internet identification analysis admission mechanism sets an admission node; the method comprises the steps that a down-link distributed storage system stores specific identity authentication information and is maintained by a storage node; the alliance chain stores the identity authentication information hash value of the user and is maintained by the consensus node; the Handle system is responsible for industrial internet data identification analysis service and initiates an authentication or registration request to the system.
Further, in the step one, the access node has a credit endorsement to realize the first authentication in the alliance chain; the consensus node is a server group provided when each industry or enterprise accesses the alliance chain, and an alliance chain account book is built and maintained together.
In the second step, the user needs to register in advance in the system before the user node authenticates the request, and the registration method is as follows:
(1) the user node sends a registration request to the access node and attaches identity information; the access node checks the identity information of the user node and determines whether the alliance chain can be accessed;
the registration of the user node comprises an admission node, a consensus node, the joining of each node in a Handle system and a client requesting for an identifier analysis service, the nodes are collectively called the user node, and the nodes need to be attached with qualification information for proving the identity of the nodes when applying for registration to the admission node.
(2) The admission node approves the user node to access the alliance chain network, generates a user ID and a public and private key pair, and forwards the user identity information hash value and the user ID serving as a transaction to the consensus node;
the identity information of the user node permitted to access the alliance chain is generated by the admission node, and the identity information is as follows: { ID, public key, address, timestamp, identity information }.
(3) The common identification node verifies the received transaction, achieves consistency common identification, and writes the user ID and the hash value of the user identity information into the alliance chain; and the consensus node responsible for packing the blocks returns a write success message to the admission node.
(4) And after receiving the message, the access node forwards the user identity information to the storage node, the storage node writes the user identity information into the down-link database, and the access node simultaneously returns the user node ID, the public key and the private key to the user node.
Further, in step (3) of the registration process, the method for consensus among the consensus nodes is as follows:
a. in the process of alliance chain consensus, the access node monitors an alliance chain network and locally maintains a log recording scores of all consensus nodes, and the scoring method comprises the following steps: all consensus nodes scored 0 initially, during consensus: when the admission node receives a reply which is less than the total number 2/3 of all the consensus nodes, subtracting 2 from the score of the elected main node, and adding 1 to the score of other nodes; adding 1 to the accounting node of the successfully generated block; the newly added node score is 0; after a new round of consensus begins, the admission node selects the consensus node with the highest score as an accounting node according to the local score log, sends a consensus request to the accounting node, and broadcasts a user identity information hash value and a user ID as a transaction to the whole network consensus node;
b. all the common identification nodes independently monitor the whole network transaction, and store the monitored transaction into a memory after checking the validity; the accounting node receiving the consensus request packages the collected transaction data into a block according to time sequence and forwards the block to other consensus nodes;
c. other common identification nodes verify the transaction in the block and the block after receiving the block, and return a verification success message to the access node after the verification is error-free, and discard the block when the verification fails and do not return information; firstly, verifying the validity of the block: whether the format of the block meets the rule, whether the timestamp of the block is in a legal range, whether the hash value in the header of the block is the same as the hash value of the previous block, and whether the transaction in the block is legal; and then verifying the validity of the transaction in the block: whether the format of the transaction complies with the rules, whether the transaction already exists in the federation chain ledger.
d. The admission node receives the reply of 2/3 which exceeds the total number of all the consensus nodes, namely, the admission node indicates that the new block is generated and the consensus is completed, otherwise, the admission node indicates that the consensus fails, and the consensus is finished; and finally, the admission node updates the local scoring log according to the consensus result.
Furthermore, in the registration process, the public and private key pair is used as a tool for communication between the user node and the nodes in the system, namely, the communication between the nodes in the system is realized through the public and private key pair, the sender uses the receiver public key to encrypt the request and attaches the request hash encrypted by the own private key, and the receiver uses the own private key to decrypt information and uses the sender public key to decrypt the request hash and verify the request hash.
In the second step, the method for the user node to request the identity authentication from the system is as follows:
(1) and the user node requests service from the Handle system and attaches the self ID and the public key.
(2) Reading { ID, identity information hash value } from the alliance chain account book by the node of the Handle system receiving the request; the nodes which receive the specific request and request authentication to the system are collectively called system nodes, and the system nodes are all nodes which can provide identification analysis service in the Handle system;
(3) the system node requests the access node to read the down-link database;
(4) the access node verifies the identity of the system node, reads the database from the storage node after verification is correct, and returns identity information; the method for verifying the system node by the access node comprises the steps of reading an identity information hash value from an alliance chain account book, searching identity information of a database under the chain, calculating the hash value and comparing the hash value;
(5) and after receiving the returned information, the system node calculates a hash value and compares the hash value with the hash value read from the federation chain account book, if the hash value is consistent with the hash value, the system node returns an authentication success message, otherwise, the request is discarded.
In a word, the industrial internet Handle system analysis authentication method based on the alliance chain comprises the following steps: the method comprises the steps that an alliance chain architecture is established on the basis of a current Handle identification analysis system, an access node is arranged in an industrial internet identification analysis access mechanism to verify the qualification of entering an alliance chain, a storage node is responsible for writing identity information of a user node into a distributed database under the chain, a consensus node maintains an alliance chain account book, and node IDs and identity information hash values are packaged into block uplink chains. When a user node wants to request an industrial internet identification analysis service, the user node firstly needs to acquire the admission qualification of a alliance chain, and the admission qualification can be acquired after the admission node audits and the consensus node records the uplink. The user node can request service from the Handle system after obtaining the admission qualification of the alliance chain, the user node can request service from the system node, the system node respectively obtains the identity information hash value and specific identity information from the alliance chain account book and the admission node, and the identity of the user node can be verified after calculation and comparison.
Compared with the prior art, the invention has the advantages that:
1. the invention introduces an architecture system based on the alliance chain, is only open for a specific organization, and has more advantages in usability, high performance, privacy protection, data supervision, higher system operation efficiency and lower cost.
2. The invention adopts an improved consensus algorithm, introduces a scoring mechanism, can effectively prevent malicious or faulty nodes in a alliance chain environment, and can realize dynamic joining of the nodes.
3. The invention uses the data cooperation under the chain and the chain, the storage capacity is expanded by using the storage system under the chain on the chain, and the information on the chain can not be falsified under the chain through the hash value, thereby not only ensuring the safety of the information under the chain, but also achieving the high efficiency of transmission by using the storage under the chain.
Drawings
Fig. 1 shows a system architecture diagram of a Handle identification system parsing authentication method based on a federation chain according to the present invention.
Fig. 2 is a flowchart illustrating a federation chain-based industrial internet identity registration method according to the present invention.
Fig. 3 shows a flow chart of the consensus node consensus algorithm for maintaining a federation chain according to the present invention.
Fig. 4 shows a flowchart of an industrial internet identity authentication method based on a federation chain according to the present invention.
Detailed Description
The present invention will be described in detail below with reference to specific embodiments, but the present invention is not limited thereto.
The embodiment provides an industrial internet Handle identification system analysis authentication method based on a alliance chain, which specifically comprises the following steps:
step one, establishing a alliance chain authentication architecture on the basis of a current Handle identification analysis system;
and step two, the system realizes the registration and authentication request of the user node.
Firstly, a alliance chain authentication architecture is established based on the existing Handle system, and as shown in fig. 1, the alliance chain authentication architecture is composed of an industrial internet identifier resolution admission mechanism, a down-chain distributed storage system, an alliance chain and a Handle system.
The industrial Internet identification analysis admission authorities establish admission nodes to authenticate the qualification of a specific industry or enterprise to enter a alliance chain, the specific admission authorities operate the admission nodes, and the admission nodes have credit endorsements and accept registration and authentication requests.
The distributed storage system under the chain stores specific identity authentication information, and is maintained by the storage node, namely the storage node maintains the distributed storage under the chain. The alliance chain stores the identity authentication information hash value of the user and is maintained by the consensus node; the consensus node is a server group provided when each industry or enterprise accesses the alliance chain, and an alliance chain account book is built and maintained together. When an industry or an enterprise accesses to a alliance chain, one or more consensus nodes need to be maintained, consensus is achieved among the member consensus nodes through mutual trust of a weak center, alliance chain data are maintained together, and any node processes identity data to be regarded as one transaction.
The creation of the alliance chain starts from an establishment block, the admission node forwards { ID (identity) and identity information hash value } of each authenticated admission node, common identification node and each node in a Handle system when the alliance chain is built to the common identification node as a transaction, the common identification node forms the establishment block after common identification, and meanwhile, the storage node writes specific identity information into a distributed database under the chain.
The Handle system is responsible for industrial internet data identification analysis service and initiates an authentication or registration request to the system. The industrial internet identification analysis system provides identification coding, registration and analysis services of industrial equipment, products and the like, service requesters are collectively called user nodes, and because of the confidentiality requirement of industrial production, the service requesters need to register in a alliance chain and request to grant a legal user identity.
The requesting registrant is generally called as a user node, including but not limited to an admission node, a consensus node, each node in a Handle system, and a client requesting for an identifier resolution service, and these nodes need to attach qualification information for proving their own identity when applying for registration to the admission node, as shown in a flow chart of fig. 2, before a user authentication request, the user needs to register in the system in advance, and the specific operations are as follows:
(1) and the user node firstly sends a registration request to the admission node and attaches relevant identity information. The process can be carried out through a network, and can also be carried out on line to submit an application to an industrial Internet identification analysis admission organization. And the access node checks the identity information of the user node and determines whether the alliance chain can be accessed. And the admission node checks after receiving the request, the checked content comprises whether the provided identity information is qualified to enter a alliance chain or whether the user node is registered, and the admission node enters the next step after the checking is passed.
(2) And after the approval of the access node is passed, generating a user ID and a public and private key pair of the user node, and broadcasting the registration to the whole network consensus node, namely forwarding the user node identity information hash value and the user node ID to the consensus node as a transaction. The identity information of the user node permitted to access the alliance chain is generated by the admission node, and the identity information comprises the following information: { ID, public key, address, timestamp, identity information }.
(3) The consensus node verifies the identity of the access node initiating the transaction request, verifies the received transaction to achieve consistency consensus by the whole network consensus node, writes { ID, identity information hash value } into a block chain, and returns a message to the access node through the consensus node which is selected and is responsible for packing the blocks.
(4) And the admission node receives a return message sent by the consensus node, firstly verifies the identity of the consensus node, verifies that the user identity information is wrongly written into the downlink distributed database by the storage node, the user identity information is { ID, public key, address, timestamp and identity authentication information }, the user identity information is generated by the admission node, and finally the admission node returns the user node ID, the public key and the private key to the user node.
In the registration process, the public and private key pair is used as a tool for communicating with all nodes (including user nodes, access nodes, common nodes and the like) in the system by the user nodes, namely, the communication between the system nodes is realized by a public and private key pair to ensure the safety, the sender uses a receiver public key to encrypt a request and attaches a request hash encrypted by the self private key, and the receiver uses the self private key to decrypt information and uses the sender public key to decrypt the request hash and verify the request hash. Public keys of the admission node and the consensus node are public.
In step (3) of the above registration process, the method for consensus among the consensus nodes is as follows, as shown in the flow chart of fig. 3:
1) in the process of alliance chain consensus, the admission node monitors the alliance chain network and locally maintains a record of all consensus node scoresSThe scoring method is as follows: all consensus nodes scored 0 initially, during consensus: when the admission node receives a reply which is less than the total number 2/3 of all the consensus nodes, subtracting 2 from the score of the elected main node, and adding 1 to the score of other nodes; adding 1 to the accounting node of the successfully generated block; the newly added node score is 0. After a new round of consensus begins, the access node selects the highest-grade access node according to the local grading logThe consensus node is used as an accounting node, sends a consensus request to the accounting node, and broadcasts the user identity information hash value and the user ID as a transaction to the whole network consensus node.
2) And all the common identification nodes independently monitor the whole network transaction, check the validity of the monitored transaction and store the checked transaction in the memory. The accounting node receiving the consensus request packs the collected transaction data into a block according to time sequence and forwards the block to other consensus nodes.
3) And after receiving the block, the other common identification nodes verify the transaction in the block and the block, and return a verification success message to the access node after the verification is error-free, and discard the block when the verification is failed without returning information. Firstly, the validity of the block is verified, and the validity of the block is judged as follows: i whether the format of the block meets the rules; ii whether the timestamp of the block is within a legal range; iii, whether the hash value in the block head is the same as the hash value of the previous block or not; and iv, whether the transaction in the zone is legal or not. Then, the validity of the transaction in the block is verified, and the validity of the transaction is determined as follows: i whether the format of the transaction conforms to the rules; ii whether the transaction already exists in the federation chain ledger.
4) And the admission node receives a reply which exceeds the total number 2/3 of all the consensus nodes, namely the new block is generated and the consensus is completed, otherwise, the consensus is failed, and the round of consensus is finished. And finally, the admission node updates the local scoring log according to the consensus result.
After the user node passes the admission audit and completes the registration, the user node can apply for an identifier analysis service to the Handle system, here, the initiator requesting the service is collectively called the user node, and the nodes providing the service in the Handle system are collectively called the system node. As shown in the flowchart of fig. 4, the user node requests a service from the receiving node, and the specific operation of identity authentication is as follows:
(1) and the user node requests an identification analysis service from a specific node in the Handle system, attaches the user ID and the public key of the user, performs communication and registration operation between the nodes, and discloses the public key of the system node. User nodes include, but are not limited to, nodes or clients that request services from the Handle system.
(2) And the system node receives the request, and reads { ID, identity information hash value } from the alliance chain account book according to the decrypted user ID. If the read fails, the request is discarded. The nodes which receive the specific request and request the authentication from the system are collectively called system nodes, and the system nodes are all nodes which can provide identification resolution service in the Handle system.
(3) And after the system node finds the corresponding { ID, identity information hash value } from the block chain account book successfully, the system node requests the access node to read the down-link distributed database, and sends request information including the self node ID, the public key and the user node ID.
(4) And the access node receives a verification request message sent by the system node, firstly verifies the identity of the system node, and the verification process comprises the steps of reading the hash value of the identity information of the system node from the alliance chain account book, reading specific identity information from the distributed storage according to the ID of the system node, and after the hash value and the specific identity information are calculated, compared and verified to be correct, the access node searches a database from the storage node according to the ID of the user node in the request message, and finally returns the identity information to the system node.
(5) And after receiving the message sent by the access node, the system node calculates the identity information hash value and compares the identity information hash value with the identity information hash value taken from the alliance chain account book, and the identity authentication of the user node can be completed if the identity information hash value is consistent with the identity information hash value, and an authentication success message is returned to the user node.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the detailed description is made with reference to the embodiments of the present invention, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, which shall be covered by the claims of the present invention.
Claims (9)
1. A method for analyzing and authenticating an industrial Internet Handle identification system based on a alliance chain is characterized by comprising the following steps: the method comprises the following steps:
step one, constructing a alliance chain authentication framework;
and step two, the established alliance chain authentication architecture realizes the registration and authentication requests of the user nodes.
2. The alliance-chain-based industrial internet Handle identity system parsing authentication method as claimed in claim 1, wherein: in the first step, the alliance chain authentication architecture consists of an admission mechanism, a down-chain distributed storage system, an alliance chain and a Handle system;
the admission authority authenticates the qualification of a specific industry or enterprise to enter a alliance chain, and the industry internet identification analysis admission authority sets an admission node;
the method comprises the steps that a down-link distributed storage system stores specific identity authentication information and is maintained by a storage node;
the alliance chain stores the identity authentication information hash value of the user and is maintained by the consensus node;
the Handle system is responsible for industrial internet data identification analysis service and initiates an authentication or registration request to the system.
3. The alliance-chain-based industrial internet Handle identity system parsing authentication method as claimed in claim 2, wherein: the access node is provided with a credit endorsement to realize the first authentication in the alliance chain;
the consensus node is a server group provided when each industry or enterprise accesses the alliance chain, and an alliance chain account book is built and maintained together.
4. The alliance-chain-based industrial internet Handle identity system parsing authentication method as claimed in claim 1, wherein: in step two, before the user node authenticates the request, the user needs to register in advance in the system, and the registration method is as follows:
(1) the user node sends a registration request to the access node and attaches identity information; the access node checks the identity information of the user node and determines whether the alliance chain can be accessed;
(2) the admission node approves the user node to access the alliance chain network, generates a user ID and a public and private key pair, and forwards the user identity information hash value and the user ID serving as a transaction to the consensus node;
(3) the common identification node verifies the received transaction, achieves consistency common identification, and writes the user ID and the hash value of the user identity information into the alliance chain; the consensus node responsible for packing the block returns a write-in success message to the access node;
(4) and after receiving the message, the access node forwards the user identity information to the storage node, the storage node writes the user identity information into the down-link database, and the access node simultaneously returns the user node ID, the public key and the private key to the user node.
5. The alliance-chain-based industrial internet Handle architecture parsing authentication method as claimed in claim 4, wherein: in the step (1), the user nodes comprise access nodes, consensus nodes, nodes in a Handle system and clients requesting for identifier analysis service, and the user nodes need to attach qualification information for proving self identities when applying for registration to the access nodes;
in step (2), the identity information of the user node permitted to access the alliance chain is generated by the admission node, and the identity information is as follows: { ID, public key, address, timestamp, identity information }.
6. The alliance-chain-based industrial internet Handle architecture parsing authentication method as claimed in claim 4, wherein: in step (3) of the registration process, the consensus method between the consensus nodes is as follows:
a. in the process of alliance chain consensus, the access node monitors an alliance chain network and locally maintains a log recording scores of all consensus nodes, and the scoring method comprises the following steps: all consensus nodes scored 0 initially, during consensus: when the admission node receives a reply which is less than the total number 2/3 of all the consensus nodes, subtracting 2 from the score of the elected main node, and adding 1 to the score of other nodes; adding 1 to the accounting node of the successfully generated block; the newly added node score is 0; after a new round of consensus begins, the admission node selects the consensus node with the highest score as an accounting node according to the local score log, sends a consensus request to the accounting node, and broadcasts a user identity information hash value and a user ID as a transaction to the whole network consensus node;
b. all the common identification nodes independently monitor the whole network transaction, and store the monitored transaction into a memory after checking the validity; the accounting node receiving the consensus request packages the collected transaction data into a block according to time sequence and forwards the block to other consensus nodes;
c. other common identification nodes verify the transaction in the block and the block after receiving the block, and return a verification success message to the access node after the verification is error-free, and discard the block when the verification fails and do not return information; firstly, verifying the validity of the block: whether the format of the block meets the rule, whether the timestamp of the block is in a legal range, whether the hash value in the header of the block is the same as the hash value of the previous block, and whether the transaction in the block is legal; and then verifying the validity of the transaction in the block: whether the format of the transaction conforms to the rules, whether the transaction already exists in the federation chain ledger;
d. the admission node receives the reply of 2/3 which exceeds the total number of all the consensus nodes, namely, the admission node indicates that the new block is generated and the consensus is completed, otherwise, the admission node indicates that the consensus fails, and the consensus is finished; and finally, the admission node updates the local scoring log according to the consensus result.
7. The alliance-chain-based industrial internet Handle architecture parsing authentication method as claimed in claim 4, wherein: in the registration process, the public and private key pair is used as a tool for communication between the user node and the nodes in the system, namely, the communication between the nodes in the system is realized through the public and private key pair, the sender uses the public key of the receiver to encrypt the request and attaches the request hash encrypted by the private key of the receiver, and the receiver uses the private key of the receiver to decrypt information and uses the public key of the sender to decrypt the request hash and verify the request hash.
8. The alliance-chain-based industrial internet Handle identity system parsing authentication method as claimed in claim 1, wherein: in the second step, the method for the user node to request the identity authentication from the system is as follows:
(1) the user node requests service from the Handle system and attaches the ID and the public key of the user node;
(2) reading { ID, identity information hash value } from the alliance chain account book by the node of the Handle system receiving the request;
(3) the system node requests the access node to read the down-link database;
(4) the access node verifies the identity of the system node, reads the database from the storage node after verification is correct, and returns identity information;
(5) and the system node compares the received information and returns a message.
9. The alliance-chain-based industrial internet Handle identity system parsing authentication method as claimed in claim 8, wherein: in the step (2), the nodes which receive the specific request and request the authentication from the system are collectively called system nodes, and the system nodes are all nodes which can provide identification analysis service in the Handle system;
in the step (4), the method for verifying the system node by the access node is to read the identity information hash value from the alliance chain account book, search the identity information of the down-chain database and calculate the hash value for comparison;
in the step (5), after receiving the return information, the system node calculates the hash value and compares the hash value with the hash value read from the federation chain ledger, if the hash value is consistent with the hash value, the system node returns an authentication success message, otherwise, the request is discarded.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111073607.9A CN113779605B (en) | 2021-09-14 | 2021-09-14 | Industrial Internet Handle identification system analysis and authentication method based on alliance chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111073607.9A CN113779605B (en) | 2021-09-14 | 2021-09-14 | Industrial Internet Handle identification system analysis and authentication method based on alliance chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113779605A true CN113779605A (en) | 2021-12-10 |
| CN113779605B CN113779605B (en) | 2024-07-02 |
Family
ID=78843480
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111073607.9A Active CN113779605B (en) | 2021-09-14 | 2021-09-14 | Industrial Internet Handle identification system analysis and authentication method based on alliance chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113779605B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114218412A (en) * | 2022-02-22 | 2022-03-22 | 中汽数据(天津)有限公司 | Automobile supply chain image identification analysis method based on industrial internet identification analysis |
| CN114244851A (en) * | 2021-12-24 | 2022-03-25 | 四川启睿克科技有限公司 | Data distribution method based on block chain |
| CN114499952A (en) * | 2021-12-23 | 2022-05-13 | 中电科大数据研究院有限公司 | Alliance chain consensus identity authentication method |
| CN114978740A (en) * | 2022-06-06 | 2022-08-30 | 中国互联网络信息中心 | Block chain-based identification association and verification analysis method |
| CN115208653A (en) * | 2022-07-11 | 2022-10-18 | 苏州协同创新智能制造装备有限公司 | Encryption communication method based on active identification |
| CN115208580A (en) * | 2022-07-14 | 2022-10-18 | 北京泰尔英福科技有限公司 | Credible service positioning method and system based on industrial internet identification analysis |
| CN115277242A (en) * | 2022-08-04 | 2022-11-01 | 北京智融云河科技有限公司 | Access control method and device for digital object |
| CN115412257A (en) * | 2022-08-24 | 2022-11-29 | 淮阴工学院 | Cold chain joint node data sharing method and device based on block chain double chains |
| WO2023134557A1 (en) * | 2022-01-13 | 2023-07-20 | 华为技术有限公司 | Processing method and apparatus based on industrial internet identifier |
| CN116489086A (en) * | 2023-03-28 | 2023-07-25 | 网根科技(青岛)有限公司 | Node credibility verification method and system based on Handle system |
| CN116489085A (en) * | 2023-03-28 | 2023-07-25 | 网根科技(青岛)有限公司 | Analytical route security monitoring method and system based on Handle |
| CN117689383A (en) * | 2023-12-14 | 2024-03-12 | 深圳国家金融科技测评中心有限公司 | Method and device for realizing data portable right based on block chain technology |
| CN118138522A (en) * | 2024-05-07 | 2024-06-04 | 南京复创智能制造技术有限责任公司 | Network route construction system and method based on industry chain data sharing |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020062667A1 (en) * | 2018-09-29 | 2020-04-02 | 平安科技(深圳)有限公司 | Data asset management method, data asset management device and computer readable medium |
| CN111818056A (en) * | 2020-07-09 | 2020-10-23 | 重庆邮电大学 | Industrial Internet identity authentication method based on block chain |
| WO2021018088A1 (en) * | 2019-07-30 | 2021-02-04 | 华为技术有限公司 | Trusted authentication method, network device, system and storage medium |
| CN112417037A (en) * | 2020-11-05 | 2021-02-26 | 杭州云象网络技术有限公司 | Block chain construction method for distributed identity authentication in industrial field |
| CN112632064A (en) * | 2020-12-17 | 2021-04-09 | 北京中数创新科技股份有限公司 | Handle system-based block chain enhancement method and system |
| CN112702346A (en) * | 2020-12-24 | 2021-04-23 | 国网浙江省电力有限公司电力科学研究院 | Distributed identity authentication method and system based on alliance chain |
| CN113301185A (en) * | 2021-07-27 | 2021-08-24 | 深圳市数标国际科技有限公司 | Industrial Internet identification analysis system and method based on alliance block chain |
-
2021
- 2021-09-14 CN CN202111073607.9A patent/CN113779605B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020062667A1 (en) * | 2018-09-29 | 2020-04-02 | 平安科技(深圳)有限公司 | Data asset management method, data asset management device and computer readable medium |
| WO2021018088A1 (en) * | 2019-07-30 | 2021-02-04 | 华为技术有限公司 | Trusted authentication method, network device, system and storage medium |
| CN111818056A (en) * | 2020-07-09 | 2020-10-23 | 重庆邮电大学 | Industrial Internet identity authentication method based on block chain |
| CN112417037A (en) * | 2020-11-05 | 2021-02-26 | 杭州云象网络技术有限公司 | Block chain construction method for distributed identity authentication in industrial field |
| CN112632064A (en) * | 2020-12-17 | 2021-04-09 | 北京中数创新科技股份有限公司 | Handle system-based block chain enhancement method and system |
| CN112702346A (en) * | 2020-12-24 | 2021-04-23 | 国网浙江省电力有限公司电力科学研究院 | Distributed identity authentication method and system based on alliance chain |
| CN113301185A (en) * | 2021-07-27 | 2021-08-24 | 深圳市数标国际科技有限公司 | Industrial Internet identification analysis system and method based on alliance block chain |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114499952A (en) * | 2021-12-23 | 2022-05-13 | 中电科大数据研究院有限公司 | Alliance chain consensus identity authentication method |
| CN114499952B (en) * | 2021-12-23 | 2024-04-09 | 中电科大数据研究院有限公司 | Alliance chain consensus identity authentication method |
| CN114244851A (en) * | 2021-12-24 | 2022-03-25 | 四川启睿克科技有限公司 | Data distribution method based on block chain |
| CN114244851B (en) * | 2021-12-24 | 2023-07-07 | 四川启睿克科技有限公司 | Block chain-based data distribution method |
| WO2023134557A1 (en) * | 2022-01-13 | 2023-07-20 | 华为技术有限公司 | Processing method and apparatus based on industrial internet identifier |
| CN114218412B (en) * | 2022-02-22 | 2022-06-17 | 中汽数据(天津)有限公司 | Automobile supply chain image identification analysis method based on industrial internet identification analysis |
| CN114218412A (en) * | 2022-02-22 | 2022-03-22 | 中汽数据(天津)有限公司 | Automobile supply chain image identification analysis method based on industrial internet identification analysis |
| CN114978740B (en) * | 2022-06-06 | 2023-06-23 | 中国互联网络信息中心 | Identification association and verification analysis method based on block chain |
| CN114978740A (en) * | 2022-06-06 | 2022-08-30 | 中国互联网络信息中心 | Block chain-based identification association and verification analysis method |
| CN115208653A (en) * | 2022-07-11 | 2022-10-18 | 苏州协同创新智能制造装备有限公司 | Encryption communication method based on active identification |
| CN115208653B (en) * | 2022-07-11 | 2024-04-09 | 苏州协同创新智能制造装备有限公司 | Encryption communication method based on active identification |
| CN115208580A (en) * | 2022-07-14 | 2022-10-18 | 北京泰尔英福科技有限公司 | Credible service positioning method and system based on industrial internet identification analysis |
| CN115208580B (en) * | 2022-07-14 | 2024-05-24 | 北京泰尔英福科技有限公司 | Trusted service positioning method and system based on industrial Internet identification analysis |
| CN115277242A (en) * | 2022-08-04 | 2022-11-01 | 北京智融云河科技有限公司 | Access control method and device for digital object |
| CN115412257A (en) * | 2022-08-24 | 2022-11-29 | 淮阴工学院 | Cold chain joint node data sharing method and device based on block chain double chains |
| CN116489086A (en) * | 2023-03-28 | 2023-07-25 | 网根科技(青岛)有限公司 | Node credibility verification method and system based on Handle system |
| CN116489085A (en) * | 2023-03-28 | 2023-07-25 | 网根科技(青岛)有限公司 | Analytical route security monitoring method and system based on Handle |
| CN116489085B (en) * | 2023-03-28 | 2023-10-27 | 网根科技(青岛)有限公司 | Analytical route security monitoring method and system based on Handle |
| CN116489086B (en) * | 2023-03-28 | 2023-12-26 | 网根科技(青岛)有限公司 | Node credibility verification method and system based on Handle system |
| CN117689383A (en) * | 2023-12-14 | 2024-03-12 | 深圳国家金融科技测评中心有限公司 | Method and device for realizing data portable right based on block chain technology |
| CN118138522A (en) * | 2024-05-07 | 2024-06-04 | 南京复创智能制造技术有限责任公司 | Network route construction system and method based on industry chain data sharing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113779605B (en) | 2024-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113779605B (en) | Industrial Internet Handle identification system analysis and authentication method based on alliance chain | |
| CN106910051B (en) | DNS resource record notarization method and system based on alliance chain | |
| CN106878318B (en) | Block chain real-time polling cloud system | |
| CN111027036B (en) | Identity association method based on block chain | |
| CN113055363B (en) | Identification analysis system implementation method based on blockchain trust mechanism | |
| CN110941668B (en) | Block chain-based unified identity management and authentication method | |
| CN109391612A (en) | A kind of identification confirmation system and method based on block chain | |
| CN111818056B (en) | Industrial Internet identity authentication method based on block chain | |
| CN110856174B (en) | Access authentication system, method, device, computer equipment and storage medium | |
| CN113259311B (en) | Decentralized identity authentication system based on block chain | |
| CN101547095A (en) | Application service management system and management method based on digital certificate | |
| CN101262342A (en) | Distributed authorization and validation method, device and system | |
| CN109981639A (en) | Distributed trusted network connection method based on block chain | |
| CN115378604A (en) | Identity authentication method of edge computing terminal equipment based on credit value mechanism | |
| CN111865993B (en) | Identity authentication management method, distributed system and readable storage medium | |
| CN112436940A (en) | Internet of things equipment trusted boot management method based on zero-knowledge proof | |
| CN116112187B (en) | Remote proving method, device, equipment and readable storage medium | |
| JP2001186122A (en) | Authentication system and authentication method | |
| CN118174866B (en) | Resource certificate management system | |
| Liou et al. | T-auth: A novel authentication mechanism for the IoT based on smart contracts and PUFs | |
| KR102356725B1 (en) | Authentication and Policy Management Methods Using Layer Blockchain | |
| CN112926983A (en) | Block chain-based deposit certificate transaction encryption system and method | |
| CN116886352A (en) | Authentication and authorization method and system for digital intelligent products | |
| CN113630255B (en) | Lightweight bidirectional authentication method and system based on SRAM PUF | |
| CN110267264A (en) | A kind of system and method for failed cluster intelligent terminal and customer mobile terminal binding |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |