CN113992418A - IoT (Internet of things) equipment management method based on block chain technology - Google Patents
IoT (Internet of things) equipment management method based on block chain technology Download PDFInfo
- Publication number
- CN113992418A CN113992418A CN202111267167.0A CN202111267167A CN113992418A CN 113992418 A CN113992418 A CN 113992418A CN 202111267167 A CN202111267167 A CN 202111267167A CN 113992418 A CN113992418 A CN 113992418A
- Authority
- CN
- China
- Prior art keywords
- group
- key
- equipment
- identity
- command
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 84
- 238000005516 engineering process Methods 0.000 title claims abstract description 14
- 239000003999 initiator Substances 0.000 claims abstract description 19
- 238000000034 method Methods 0.000 claims description 27
- 230000003993 interaction Effects 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 5
- 230000004044 response Effects 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 description 4
- 230000002547 anomalous effect Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Medical Informatics (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an IoT equipment management method based on a block chain technology, which comprises the following steps: s1, each device generates a pair of public and private keys to create identity, the private key is managed by each device in a security mode, and the public key is used for identifying the unique and verifiable identity of the device in the blockchain; s2, each device dynamically creates an identity group according to the need, the group can be added with a plurality of devices with verified identities, and each device can also be added with a plurality of identity groups; s3, when the device joins a group, the group initiator uses its private key to sign the device certificate and upload the block chain; s4, each identity group has a specific encryption key; and S5, recording and issuing the encrypted device management command by using the auditing property. The present invention uses the existing public network infrastructure for device management purposes by using blockchains to store commands to devices and by encrypting to ensure that commands are authorized without requiring a private network.
Description
Technical Field
The present invention belongs to the field of IoT device management, and more particularly, to an IoT device management method based on a blockchain technique.
Background
With the rapid development of enterprise-level IT infrastructures, the number of devices is increasing, and they are gradually dispersed in different geographical locations, which brings a new challenge to the traditional device management scheme, the traditional device management method manages and controls the scenes of massive internet of things devices through a single data center by centralized management, however, such a distributed cloud platform still cannot fundamentally solve the scalability problem of centralized management, and as the number of devices increases and reaches a certain critical point, IT is impractical to manage each device by using a centralized management tool, and the traditional centralized device management scheme has no ability to manage these internet of things devices with dispersed geographical locations and numerous numbers due to various limitations, so we propose an IoT device management method based on a block chain technology.
Disclosure of Invention
The invention aims to solve the defects in the prior art, and provides an IoT equipment management method based on a block chain technology.
In order to achieve the purpose, the invention provides the following technical scheme:
an IoT equipment management method based on a block chain technology comprises the following steps:
s1, each device generates a pair of public and private keys to create identity, the private key is managed by each device in a security mode, and the public key is used for identifying the unique and verifiable identity of the device in the blockchain;
s2, each device dynamically creates an identity group according to the need, the group can be added with a plurality of devices with verified identities, and each device can also be added with a plurality of identity groups;
s3, when the device joins a group, the group initiator uses its private key to sign the device certificate and upload the block chain;
s4, each identity group has a specific encryption key, the key is generated based on an attribute encryption algorithm, the encryption information in the group passes through a public key, each device has a decryption key of the device, and the decryption key is generated by a group initiator and transmitted to the device;
s5, the management command to be issued is encrypted by the encryption key, and then the encrypted device management command is recorded and issued by using the safety and privacy of the underlying technology of the block chain and the auditing property, so that when the device is on line, whether the corresponding encrypted management command needs to be decrypted or not can be confirmed according to the information and the command recorded on the block chain and executed.
Preferably, in step S1, all devices support decentralized identity, where each device has its own identity, a private key known only to the device and a public key known to the public key, and the public key is also uploaded as the device' S identity to the blockchain to be known to other devices.
Preferably, in step S2, the owner of the decentralized identity device establishes the decentralized identity group according to a specific grouping criterion, as required.
Preferably, in step S2, the specific manner of identity group key management is as follows: when a device becomes a member of a specific group, an encryption key specific to the group is obtained, and the group initiator generates the encryption key by using the attribute of the device, wherein the encryption key is distributed in a manner that: the identity group owner generates a secret key of the identity group in the configuration file of the identity group owner, encrypts the secret key by using a public key of the identity group member equipment, and uploads encrypted information to the block chain. And then the identity group member device obtains the secret key through decryption of the private key of the identity group member device.
Preferably, the attribute encryption algorithm described in step S4 is associated with a key and an access policy, and the attribute encryption algorithm includes the following four steps:
1) the Setup phase: also called as system initialization phase, inputting system security parameters and generating corresponding public parameters and system master keys;
2) KeyGen stage: the key generation phase, namely, the key generation phase, wherein a decryption user submits own attributes to the system to obtain a user key associated with the attributes;
3) and Enc stage: in the encryption stage, a data owner encrypts data to obtain a ciphertext and sends the ciphertext to a user or a public cloud;
4) and a Dec stage: also called as a decryption stage, a decryption user obtains a ciphertext and decrypts the ciphertext by using the own key SK.
Preferably, in step S5, the encryption key is used to send the encryption management command of the group, where the management device specifically is:
1) determining the affected device group specifically includes two cases: applying the command to the device of the particular province and to the particular device affected;
2) the command is encrypted by the group issuing command authority device for the group to be influenced by using the key of the response group;
3) issuing a command on the blockchain, a record on the blockchain to include plain text information indicating the affected group and an encrypted command, wherein the plain text information is publicly readable;
4) all devices will read the command from the blockchain, and if the plain text information indicating a particular group indicates that a device belongs to one of the members of the group affected by the command, the device then decrypts and processes the command; if the other equipment does not have the attribute of the group of equipment, the equipment does not have the permission to decrypt;
5) the device may use the status information about the command to update its own profile and re-perform group registration.
Preferably, the IoT device management method can also perform cross-group device interaction, specifically:
1) when the devices in the same group interact, the message can be encrypted in the same way as the encryption management instruction of the block chain, because the devices in the same group are authenticated by the group initiator when joining;
2) when different groups of equipment need to carry out information interaction and need to verify that equipment A is added into a group B, a certificate signed by an initiator of the group B is obtained from a block chain to determine that the equipment belongs to the group B, and in subsequent data interaction, the initiator of the group A can generate an attribute encryption key of a corresponding attribute encryption algorithm ciphertext strategy for the equipment B, and key agreement can also be carried out between the equipment A and the equipment B.
Preferably, the present IoT device management method supports public networks, in a managed device environment, devices are typically located on private networks to prevent unauthorized users from issuing commands to the devices, by using blockchains to save the commands to the devices and by encrypting to ensure that the commands are authorized, no longer requiring private networks, and the existing public network infrastructure can be used for device management purposes.
Preferably, the IoT device management method supports devices without stable connection, for devices with poor network connectivity, limited bandwidth, unstable connection, or far away from the base station, disconnection of the network connection does not affect reception of management commands, when the device comes online again, the unexecuted instructions are downloaded through the connection block chain, if there are multiple devices, when the device reestablishes the network connection, the state of the device can be updated through one of the nodes, so that most of the management traffic of the device remains local,
the invention has the technical effects and advantages that:
1. the invention provides an IoT equipment management method based on a block chain technology, compared with the traditional IoT equipment management method, the invention focuses on integrating the block chain technology into an enterprise-level heterogeneous equipment management mechanism, each equipment has a pair of public and private keys in an untrusted environment, an identity group created by an equipment owner according to a grouping standard is used for encrypting a management command to be issued through the encryption key, the encryption operation is related to the identity group to which the equipment belongs, the equipment which is not in the group cannot be decrypted, and then the encrypted management equipment command and other data are recorded, so that the security and the privacy of the block chain underlying technology can be utilized, and the auditability makes up the defect of lack of security in the traditional centralized equipment management scheme;
2. the invention confirms whether the corresponding encryption instruction needs to be decrypted and executed according to the information recorded on the block chain, thus realizing an effective equipment management scheme in a dispersed heterogeneous equipment system, effectively breaking through the limitation in the traditional centralized equipment management scheme and improving the management efficiency.
Drawings
Fig. 1 is a block diagram of a centralized internet of things device management system in an IoT device management method based on a blockchain technique according to the present invention;
fig. 2 is a block diagram of a common attribute encryption system for different devices in the IoT device management method based on the blockchain technique according to the present invention;
fig. 3 is a flowchart of an IoT device management method based on a blockchain technique according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides an IoT device management method based on a block chain technology as shown in figures 1-3, which comprises the following steps:
s1, each device generates a pair of public and private keys to create identity, the private key is managed by each device in a security mode, and the public key is used for identifying the unique and verifiable identity of the device in the blockchain;
in step S1, all devices support decentralized identity, where each device has its own identifier, where there is a private key known only to the device and a public key known well, and the public key is also uploaded to the blockchain as the identifier of the device and is known to other devices;
s2, each device dynamically creates an identity group according to the need, the group can be added with a plurality of devices with verified identities, and each device can also be added with a plurality of identity groups;
in step S2, the owner of the decentralized identity device establishes a decentralized identity group according to a specific grouping standard as required;
in step S2, the specific manner of identity group key management is as follows: when a device becomes a member of a specific group, an encryption key specific to the group is obtained, and the group initiator generates the encryption key by using the attribute of the device, wherein the encryption key is distributed in a manner that: the identity group owner generates a secret key of the identity group in the configuration file of the identity group owner, encrypts the secret key by using a public key of the identity group member equipment, and uploads encrypted information to the block chain. Then the identity group member equipment decrypts through a private key thereof to obtain a secret key;
s3, when the device joins a group, the group initiator uses its private key to sign the device certificate and upload the block chain;
s4, each identity group has a specific encryption key, the key is generated based on an attribute encryption algorithm, the encryption information in the group passes through a public key, each device has a decryption key of the device, and the decryption key is generated by a group initiator and transmitted to the device;
wherein, the attribute encryption algorithm described in step S4 is associated with the key and the access policy, and the attribute encryption algorithm includes the following four steps:
1) the Setup phase: also called as system initialization phase, inputting system security parameters and generating corresponding public parameters and system master keys;
2) KeyGen stage: the key generation phase, namely, the key generation phase, wherein a decryption user submits own attributes to the system to obtain a user key associated with the attributes;
3) and Enc stage: in the encryption stage, a data owner encrypts data to obtain a ciphertext and sends the ciphertext to a user or a public cloud;
4) and a Dec stage: also called as a decryption stage, a decryption user obtains a ciphertext and decrypts the ciphertext by using the own key SK;
s5, the management command to be issued is encrypted by adopting the encryption key, then the encrypted equipment management command is recorded and issued by using the safety privacy of the underlying technology of the block chain and the auditing property, and when the equipment is on line, whether the corresponding encryption management command needs to be decrypted or not can be confirmed according to the information and the command recorded on the block chain;
in step S5, the encryption key is used to send an encryption management command of the group, where the management device specifically is:
1) determining the affected device group specifically includes two cases: applying the command to the device of the particular province and to the particular device affected;
2) the command is encrypted by the group issuing command authority device for the group to be influenced by using the key of the response group;
3) issuing a command on the blockchain, a record on the blockchain to include plain text information indicating the affected group and an encrypted command, wherein the plain text information is publicly readable;
4) all devices will read the command from the blockchain, and if the plain text information indicating a particular group indicates that a device belongs to one of the members of the group affected by the command, the device then decrypts and processes the command; if the other equipment does not have the attribute of the group of equipment, the equipment does not have the permission to decrypt;
5) the device may use the status information about the command to update its own profile and re-perform group registration.
The IoT equipment management method can also perform cross-group equipment interaction, and specifically comprises the following steps:
1) when the devices in the same group interact, the message can be encrypted in the same way as the encryption management instruction of the block chain, because the devices in the same group are authenticated by the group initiator when joining;
2) when different groups of equipment need to carry out information interaction and need to verify that equipment A is added into a group B, a certificate signed by an initiator of the group B is obtained from a block chain to determine that the equipment belongs to the group B, and in subsequent data interaction, the initiator of the group A can generate an attribute encryption key of a corresponding attribute encryption algorithm ciphertext strategy for the equipment B, and key agreement can also be carried out between the equipment A and the equipment B.
Further, the present IoT device management method supports public networks, in managed device environments, devices are typically located on private networks to prevent unauthorized users from issuing commands to the devices, by using blockchains to store commands to the devices and by encrypting to ensure that the commands are authorized, no private networks are required, and existing public network infrastructure can be used for device management purposes.
Furthermore, the IoT equipment management method supports equipment without stable connection, for equipment with poor network connectivity, limited bandwidth, unstable connection or far away from a base station, disconnection of network connection does not affect the reception of management commands, after the equipment is on-line again, an unexecuted instruction is downloaded through a connection block chain, and if a plurality of pieces of equipment exist, when the equipment reestablishes network connection, the state of the equipment can be updated through one node, so that most of management traffic of the equipment is kept local.
Specifically, the subject part of the invention is composed of a control channel platform realized based on a block chain and a middleware service deployed at an equipment end of the internet of things, the uploading of a public key and a certificate and the downloading of an encryption instruction are all completed through an API gateway of the control channel platform, and the gateway is deployed in the form of an intelligent contract, specifically:
1. control channel platform
The control channel platform is essentially a alliance chain system and is realized based on Hyperridge. The number of verification nodes can be selected according to actual conditions. The API gateway is deployed in a block chain in the form of an intelligent contract, and each registered device can interact with a channel platform through the API gateway, so that asynchronous communication among the devices is realized;
2. device side middleware services
The middleware service of the equipment end defines an interface with a control channel platform, different equipment platforms need to define a uniform northbound interface, but the realization of the SDK needs to depend on a specific platform;
3. key distribution based on attribute encryption.
The IoT equipment management method supports various command types: various commands may be issued to the device in this manner, including but not limited to:
1. software updates (including emergency safety updates and the like) pushed to a particular device; 2. a change in reporting frequency; 3. altering a reporting target location; 4. the configuration change is reported.
Specifically, the IoT device management method synchronizes the communication between devices through the offset of the blockchain, which is essentially a distributed book, and can maintain a globally ordered instruction list, and can use the sequence number of the blockchain as the offset; each device can judge its own real-time status through the synchronous block offset, because all management commands before the offset are processed, the whole system can also infer the status of any device in the block chain.
Further, by using encryption based on membership in the identity group, some malicious users cannot decrypt the commands sent to the device or forge them. If the group encryption key is corrupted (or just a key rotation for security purposes), the device can resynchronize the group key by issuing a command on the blockchain that includes a blockchain offset (referring to the offset at which the device resynchronizes the key command was issued) and use the new encryption key (as in the previous key distribution process), so that the device can know explicitly whether to use the old or the new encryption key.
Further, the present IoT device management method supports the prevention of anomalous devices that would not be able to properly encrypt/sign without the encryption key of the access group if the anomalous device attempted to publish an update on the blockchain. Finally, the access to the encryption key depends on whether the private key of the group is known or not, and it is sufficient to prevent the anomalous device from issuing incorrect management commands, provided that appropriate security measures are taken for the private key of the group.
In summary, the following steps: compared with the traditional IoT equipment management method, the method has the following advantages:
(1) the blockchain underlying technique is applied to de-centralized device management.
(2) In an untrusted environment, the identity of equipment is verified through a certificate verification mechanism, and the condition that subsequent information is leaked due to the fact that unknown equipment is added to enter an identity group is avoided.
(3) In an untrusted environment, each device and an identity group created by a device owner according to requirements can uniquely identify the identity based on a key system, instructions are encrypted in an attribute-encryption-based mode, commands are distributed aiming at the identity group to ensure the safety and the privacy when the devices are managed, a safe, effective and reliable heterogeneous device management mechanism is further established, and efficient device management services are provided for more enterprises.
(4) An encryption command mechanism is provided, a management command sent by the equipment is encrypted through a secret key (a cp-abe secret key generated based on identity group identity information attributes), and the encrypted command and the plain text information of the affected identity group are recorded on a block chain, so that all the equipment can determine whether to process the corresponding management command according to the information recorded on the block chain, and thus, malicious behaviors of abnormal equipment can be effectively prevented, if an incorrect management command is issued, the efficiency of equipment management can be improved, the safety and the privacy of the equipment management command are ensured, and meanwhile, when other equipment (which does not belong to the identity group), the equipment cannot decrypt the encrypted secret key so as to avoid information leakage.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments or portions thereof without departing from the spirit and scope of the invention.
Claims (9)
1. An IoT device management method based on a block chain technology is characterized by comprising the following steps:
s1, each device generates a pair of public and private keys to create identity, the private key is managed by each device in a security mode, and the public key is used for identifying the unique and verifiable identity of the device in the blockchain;
s2, each device dynamically creates an identity group according to the need, the group can be added with a plurality of devices with verified identities, and each device can also be added with a plurality of identity groups;
s3, when the device joins a group, the group initiator uses its private key to sign the device certificate and upload the block chain;
s4, each identity group has a specific encryption key, the key is generated based on an attribute encryption algorithm, the encryption information in the group passes through a public key, each device has a decryption key of the device, and the decryption key is generated by a group initiator and transmitted to the device;
s5, the management command to be issued is encrypted by the encryption key, and then the encrypted device management command is recorded and issued by using the safety and privacy of the underlying technology of the block chain and the auditing property, so that when the device is on line, whether the corresponding encrypted management command needs to be decrypted or not can be confirmed according to the information and the command recorded on the block chain and executed.
2. The method of claim 1, wherein the method comprises: in step S1, all devices support decentralized identity, where each device has its own identity, where there is a private key known only to the device and a public key known well, and the public key is also uploaded as the identity of the device to the blockchain to be known to other devices.
3. The method of claim 1, wherein the method comprises: in step S2, the owner of the decentralized identity device establishes a decentralized identity group according to a specific grouping criterion as needed.
4. The method of claim 1, wherein the method comprises: in step S2, the specific manner of identity group key management is as follows: when a device becomes a member of a specific group, an encryption key specific to the group is obtained, and the group initiator generates the encryption key by using the attribute of the device, wherein the encryption key is distributed in a manner that: the identity group owner generates a secret key of the identity group in the configuration file of the identity group owner, the secret key of the identity group member equipment is used for encryption, then the encrypted information is uploaded to the block chain, and then the identity group member equipment obtains the secret key through decryption of the private key of the identity group member equipment.
5. The method of claim 1, wherein the method comprises: the attribute encryption algorithm described in step S4 is associated with the key and the access policy, and includes the following four steps:
1) the Setup phase: also called as system initialization phase, inputting system security parameters and generating corresponding public parameters and system master keys;
2) KeyGen stage: the key generation phase, namely, the key generation phase, wherein a decryption user submits own attributes to the system to obtain a user key associated with the attributes;
3) and Enc stage: in the encryption stage, a data owner encrypts data to obtain a ciphertext and sends the ciphertext to a user or a public cloud;
4) and a Dec stage: also called as a decryption stage, a decryption user obtains a ciphertext and decrypts the ciphertext by using the own key SK.
6. The method of claim 1, wherein the method comprises: in step S5, the encryption key is used to send the encryption management command of the group, where the management device specifically is:
1) determining the affected device group specifically includes two cases: applying the command to the device of the particular province and to the particular device affected;
2) the command is encrypted by the group issuing command authority device for the group to be influenced by using the key of the response group;
3) issuing a command on the blockchain, a record on the blockchain to include plain text information indicating the affected group and an encrypted command, wherein the plain text information is publicly readable;
4) all devices will read the command from the blockchain, and if the plain text information indicating a particular group indicates that a device belongs to one of the members of the group affected by the command, the device then decrypts and processes the command; if the other equipment does not have the attribute of the group of equipment, the equipment does not have the permission to decrypt;
5) the device may use the status information about the command to update its own profile and re-perform group registration.
7. The method of claim 1, wherein the method comprises: the IoT equipment management method can also perform cross-group equipment interaction, and specifically comprises the following steps:
1) when the devices in the same group interact, the message can be encrypted in the same way as the encryption management instruction of the block chain, because the devices in the same group are authenticated by the group initiator when joining;
2) when different groups of equipment need to carry out information interaction and need to verify that equipment A is added into a group B, a certificate signed by an initiator of the group B is obtained from a block chain to determine that the equipment belongs to the group B, and in subsequent data interaction, the initiator of the group A can generate an attribute encryption key of a corresponding attribute encryption algorithm ciphertext strategy for the equipment B, and key agreement can also be carried out between the equipment A and the equipment B.
8. The method of claim 1, wherein the method comprises: the present IoT device management method supports public networks, where devices are typically located on private networks in a managed device environment to prevent unauthorized users from issuing commands to the devices, storing the commands to the devices by using blockchains and ensuring that the commands are authorized by encryption, no longer requiring private networks, and enabling the use of existing public network infrastructure for device management purposes.
9. The method of claim 1, wherein the method comprises: the IoT equipment management method supports equipment without stable connection, for equipment with poor network connectivity, limited bandwidth, unstable connection or far away from a base station, disconnection of network connection does not affect the reception of a management command, after the equipment is on-line again, an unexecuted instruction is downloaded through a connection block chain, and if a plurality of pieces of equipment exist, when the equipment reestablishes network connection, the state of the equipment can be updated through one node, so that most of management traffic of the equipment is kept local.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111267167.0A CN113992418A (en) | 2021-10-29 | 2021-10-29 | IoT (Internet of things) equipment management method based on block chain technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111267167.0A CN113992418A (en) | 2021-10-29 | 2021-10-29 | IoT (Internet of things) equipment management method based on block chain technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113992418A true CN113992418A (en) | 2022-01-28 |
Family
ID=79743931
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111267167.0A Pending CN113992418A (en) | 2021-10-29 | 2021-10-29 | IoT (Internet of things) equipment management method based on block chain technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113992418A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115733688A (en) * | 2022-11-18 | 2023-03-03 | 四川启睿克科技有限公司 | Internet of things equipment offline authentication method based on distributed digital identity |
| WO2024001037A1 (en) * | 2022-06-29 | 2024-01-04 | 蚂蚁区块链科技(上海)有限公司 | Message transmission method and apparatus, electronic device and storage medium |
| CN117390656A (en) * | 2023-12-06 | 2024-01-12 | 深圳奥联信息安全技术有限公司 | Security management method and system for encryption equipment |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170180122A1 (en) * | 2015-12-17 | 2017-06-22 | Intel Corporation | Privacy Preserving Group Formation with Distributed Content Key Generation |
| US20190036681A1 (en) * | 2016-07-29 | 2019-01-31 | Trusted Key Solutions Inc. | System and method for blockchain-based device authentication based on a cryptographic challenge |
| CN109918878A (en) * | 2019-04-24 | 2019-06-21 | 中国科学院信息工程研究所 | A kind of industrial internet of things equipment authentication and safety interacting method based on block chain |
| CN110770695A (en) * | 2017-06-16 | 2020-02-07 | 密码研究公司 | Internet of things (IOT) device management |
| US10673617B1 (en) * | 2018-04-24 | 2020-06-02 | George Antoniou | Methods, system and point-to-point encryption device microchip for AES-sea 512-bit key using identity access management utilizing blockchain ecosystem to improve cybersecurity |
| CN111586010A (en) * | 2020-04-29 | 2020-08-25 | 中国联合网络通信集团有限公司 | Key distribution method and device |
| KR20200113103A (en) * | 2019-03-22 | 2020-10-06 | 주식회사 블록체인시스템 | Digital electronic device operation based on dual block chain comprising virtual blockchain and its operation method |
| CN112073479A (en) * | 2020-08-26 | 2020-12-11 | 重庆邮电大学 | Method and system for controlling de-centering data access based on block chain |
| CN112884562A (en) * | 2019-11-30 | 2021-06-01 | 腾讯科技(深圳)有限公司 | Block chain-based mortgage processing method and device and readable storage medium |
| CN113158143A (en) * | 2020-01-22 | 2021-07-23 | 区块链新科技(广州)有限公司 | Key management method and device based on block chain digital copyright protection system |
-
2021
- 2021-10-29 CN CN202111267167.0A patent/CN113992418A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170180122A1 (en) * | 2015-12-17 | 2017-06-22 | Intel Corporation | Privacy Preserving Group Formation with Distributed Content Key Generation |
| US20190036681A1 (en) * | 2016-07-29 | 2019-01-31 | Trusted Key Solutions Inc. | System and method for blockchain-based device authentication based on a cryptographic challenge |
| CN110770695A (en) * | 2017-06-16 | 2020-02-07 | 密码研究公司 | Internet of things (IOT) device management |
| US10673617B1 (en) * | 2018-04-24 | 2020-06-02 | George Antoniou | Methods, system and point-to-point encryption device microchip for AES-sea 512-bit key using identity access management utilizing blockchain ecosystem to improve cybersecurity |
| KR20200113103A (en) * | 2019-03-22 | 2020-10-06 | 주식회사 블록체인시스템 | Digital electronic device operation based on dual block chain comprising virtual blockchain and its operation method |
| CN109918878A (en) * | 2019-04-24 | 2019-06-21 | 中国科学院信息工程研究所 | A kind of industrial internet of things equipment authentication and safety interacting method based on block chain |
| CN112884562A (en) * | 2019-11-30 | 2021-06-01 | 腾讯科技(深圳)有限公司 | Block chain-based mortgage processing method and device and readable storage medium |
| CN113158143A (en) * | 2020-01-22 | 2021-07-23 | 区块链新科技(广州)有限公司 | Key management method and device based on block chain digital copyright protection system |
| CN111586010A (en) * | 2020-04-29 | 2020-08-25 | 中国联合网络通信集团有限公司 | Key distribution method and device |
| CN112073479A (en) * | 2020-08-26 | 2020-12-11 | 重庆邮电大学 | Method and system for controlling de-centering data access based on block chain |
Non-Patent Citations (2)
| Title |
|---|
| FA1C4: "CP-ABE方案形式化定义及安全模型总结", Retrieved from the Internet <URL:https://blog.csdn.net/qq_33976344/article/details/116381306> * |
| 钱涵佳;王宜怀;彭涛;陈成;罗喜召;: "轻量级窄带物联网应用系统中高效可验证加密方案", 计算机研究与发展, no. 05, 15 May 2019 (2019-05-15), pages 208 - 218 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024001037A1 (en) * | 2022-06-29 | 2024-01-04 | 蚂蚁区块链科技(上海)有限公司 | Message transmission method and apparatus, electronic device and storage medium |
| CN115733688A (en) * | 2022-11-18 | 2023-03-03 | 四川启睿克科技有限公司 | Internet of things equipment offline authentication method based on distributed digital identity |
| CN115733688B (en) * | 2022-11-18 | 2024-03-26 | 四川启睿克科技有限公司 | Internet of things equipment offline authentication method based on distributed digital identity |
| CN117390656A (en) * | 2023-12-06 | 2024-01-12 | 深圳奥联信息安全技术有限公司 | Security management method and system for encryption equipment |
| CN117390656B (en) * | 2023-12-06 | 2024-06-11 | 深圳奥联信息安全技术有限公司 | Security management method and system for encryption equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111771390B (en) | Self-organizing network | |
| Capkun et al. | Mobility helps peer-to-peer security | |
| US12074883B2 (en) | Systems and methods for network access granting | |
| AU2005204576B2 (en) | Enabling stateless server-based pre-shared secrets | |
| US8572387B2 (en) | Authentication of a peer in a peer-to-peer network | |
| CN113992418A (en) | IoT (Internet of things) equipment management method based on block chain technology | |
| CN102447679B (en) | Method and system for ensuring safety of peer-to-peer (P2P) network data | |
| Yang et al. | Blockchain-enabled tripartite anonymous identification trusted service provisioning in industrial IoT | |
| CN101356759A (en) | Token-based distributed generation of security keying material | |
| CN106878016A (en) | Data is activation, method of reseptance and device | |
| CN101420686B (en) | Industrial wireless network security communication implementation method based on cipher key | |
| JP2010538563A (en) | Network and method for establishing a secure network | |
| KR20140002773A (en) | A flexible system and method to manage digital certificates in a wireless network | |
| KR20090095436A (en) | Method for managing authentication information in homenetwork and apparatus thereof | |
| CN108353279A (en) | A kind of authentication method and Verification System | |
| CN101815294A (en) | Access authentication method, equipment and system of P2P (peer-to-peer) network | |
| CN110855707A (en) | Internet of things communication pipeline safety control system and method | |
| CN113204757A (en) | Information interaction method, device and system | |
| US7751569B2 (en) | Group admission control apparatus and methods | |
| CN107493294B (en) | Safe access and management control method of OCF (optical clock and frequency conversion) equipment based on asymmetric encryption algorithm | |
| CN112804356A (en) | Block chain-based networking equipment supervision authentication method and system | |
| CN111444268A (en) | Data encryption method based on block chain | |
| CN110120866B (en) | User management method of field device | |
| Naedele | An access control protocol for embedded devices | |
| CN106790185B (en) | CP-ABE-based method and device for safely accessing authority dynamic update centralized information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |