CN114143312A - Block chain-based edge computing terminal authentication method, system and equipment - Google Patents

Block chain-based edge computing terminal authentication method, system and equipment Download PDF

Info

Publication number
CN114143312A
CN114143312A CN202111421771.4A CN202111421771A CN114143312A CN 114143312 A CN114143312 A CN 114143312A CN 202111421771 A CN202111421771 A CN 202111421771A CN 114143312 A CN114143312 A CN 114143312A
Authority
CN
China
Prior art keywords
authentication
terminal
authenticated
information
transaction record
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111421771.4A
Other languages
Chinese (zh)
Inventor
吕航
雷波
王镇宇
李佳聪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202111421771.4A priority Critical patent/CN114143312A/en
Publication of CN114143312A publication Critical patent/CN114143312A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Abstract

The invention provides a block chain-based edge computing terminal authentication method, system and device. According to the invention, edge nodes can be used as block chain link points to construct a block chain, any edge node can acquire a first authentication transaction record of a terminal from the block chain under the condition that an authentication request of the terminal is received, the information to be authenticated is authenticated by using the first authentication transaction record, authentication passing information is sent to the terminal under the condition that the authentication passes, a second authentication transaction record is constructed for the information to be authenticated, and the second authentication transaction record is uploaded to the block chain. The invention can improve the reliability of terminal authentication, and save the complexity of a terminal authentication link and the terminal authentication efficiency under the condition of saving the central node.

Description

Block chain-based edge computing terminal authentication method, system and equipment
Technical Field
The invention relates to the field of computers, in particular to an edge computing terminal authentication method, system and device based on a block chain.
Background
Edge calculation, translated into edge calculation, is a distributed calculation architecture, which moves the calculation of application program, data and service from the central node of the network to the edge node of the network logic for processing.
Edge computing decomposes large services originally handled entirely by the central node, cuts them into smaller and more manageable parts, and distributes them to the edge nodes for processing. The edge node is closer to the user terminal equipment, so that the processing and sending speed of the data can be increased, and the delay is reduced.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the invention and therefore may include information that does not constitute prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a block chain-based edge computing terminal authentication method, system and device, which overcome the difficulties in the prior art and can improve the terminal authentication efficiency in the edge computing field.
The embodiment of the invention provides an edge computing terminal authentication method based on a block chain, wherein a network of the block chain is constructed by taking edge nodes as block chain link points, and the edge computing terminal authentication method is applied to the edge nodes and comprises the following steps:
receiving an authentication request of a terminal, wherein the authentication request carries information to be authenticated;
under the condition that a first authentication transaction record of the terminal is acquired from the blockchain by using the identification information of the terminal, authenticating the information to be authenticated by using the first authentication transaction record;
transmitting authentication passing information to the terminal under the condition that the authentication passes;
and under the condition that the authentication is passed, constructing a second authentication transaction record for the information to be authenticated, and uploading the second authentication transaction record to the block chain.
Optionally, authenticating the information to be authenticated by using the first authentication transaction record includes the following steps:
extracting the authenticated token from the first authentication transaction record, and performing validity authentication on the information to be authenticated by adopting an authentication token authentication mechanism;
and under the condition that the legality authentication is passed, performing terminal identity authentication on the information to be authenticated by using the first authentication transaction record.
Optionally, performing validity authentication on the information to be authenticated by using an authentication token authentication mechanism, specifically including the following steps:
obtaining a hash value of a token to be authenticated from information to be authenticated;
performing hash calculation on the authenticated token to obtain a hash value of the authenticated token;
and comparing the hash value of the authenticated token with the hash value of the token to be authenticated, and confirming that the validity authentication passes under the condition that the comparison passes.
Optionally, the edge computing terminal authentication method further includes:
under the condition that the authentication is passed, the identification information of the edge node, the identification information of the terminal, the shared secret key of the terminal stored in the first authentication transaction record and the random number provided by the terminal in the information to be authenticated are connected in series to obtain serial data;
encrypting the concatenated data by using a private key of the edge node to obtain a new authentication token and generate a new authentication token, and performing hash calculation on the new authentication token to obtain a hash value of the new authentication token;
transmitting authentication passing information to the terminal, including:
sending authentication passing information and a hash value of a new authentication token to the terminal;
and constructing a second authentication transaction record for the information to be authenticated, wherein the second authentication transaction record comprises:
and constructing a second authentication transaction record for the information to be authenticated and the new authentication token.
Optionally, performing terminal identity authentication on the information to be authenticated by using the first authentication transaction record, including:
generating a target authentication code by using a shared secret key of the terminal, an identity authentication domain value and a random number provided by the terminal in the information to be authenticated, wherein the shared secret key and the identity authentication domain value are stored in the first authentication transaction record;
comparing the target authentication code with an authentication code to be authenticated provided by the terminal through the information to be transacted, and taking the comparison result as an identity authentication result;
the authentication code to be authenticated is generated by the terminal by using a shared secret key, an identity authentication domain value and a random number which are stored by the terminal.
Optionally, the method for authenticating an edge computing terminal based on a block chain further includes:
generating a new identity authentication domain value of the terminal under the condition that the authentication is passed;
transmitting authentication passing information to the terminal, including:
sending authentication passing information and a new identity authentication domain value to the terminal;
and constructing a second authentication transaction record for the information to be authenticated, wherein the second authentication transaction record comprises:
and constructing a second authentication transaction record for the information to be authenticated and the new identity authentication domain value.
Optionally, the method for authenticating an edge computing terminal based on a block chain further includes:
and under the condition that the authentication is passed, providing the service for the terminal under the condition that the service requirement information of the terminal is obtained.
Optionally, providing a service to the terminal includes:
and providing the matched business service for the terminal by acquiring at least one of the authority and the credit level of the terminal from the first authentication record.
The embodiment of the present invention further provides an edge computing terminal authentication system based on a block chain, which is used for implementing the above edge computing terminal authentication method, where a network of the block chain is constructed by using edge nodes as block chain link points, and the edge computing terminal authentication system is applied to the edge nodes, and includes:
the receiving module is used for receiving an authentication request of the terminal, wherein the authentication request carries information to be authenticated;
the authentication module authenticates the information to be authenticated by using the first authentication transaction record under the condition that the first authentication transaction record of the terminal is acquired from the blockchain by using the identification information of the terminal;
the sending module sends authentication passing information to the terminal under the condition that the authentication passes;
and the generating module is used for constructing a second authentication transaction record for the information to be authenticated under the condition that the authentication is passed, and uploading the second authentication transaction record to the block chain.
Optionally, the authentication module further comprises:
the legality authentication module extracts an authenticated token from the first authentication transaction record and carries out legality authentication on information to be authenticated by adopting an authentication token authentication mechanism;
and the identity authentication module performs terminal identity authentication on the information to be authenticated by using the first authentication transaction record under the condition that the validity authentication is passed.
Optionally, the validity authentication module is specifically configured to:
obtaining a hash value of a token to be authenticated from information to be authenticated;
performing hash calculation on the authenticated token to obtain a hash value of the authenticated token;
and comparing the hash value of the authenticated token with the hash value of the token to be authenticated, and confirming that the validity authentication passes under the condition that the comparison passes.
Optionally, the identity authentication module is specifically configured to:
generating a target authentication code by using a shared secret key of the terminal, an identity authentication domain value and a random number provided by the terminal in the information to be authenticated, wherein the shared secret key and the identity authentication domain value are stored in the first authentication transaction record;
comparing the target authentication code with an authentication code to be authenticated provided by the terminal through the information to be transacted, and taking the comparison result as an identity authentication result;
the authentication code to be authenticated is generated by the terminal by using a shared secret key, an identity authentication domain value and a random number which are stored by the terminal.
The embodiment of the present invention further provides an edge computing terminal authentication system based on a block chain, where a network of the block chain is constructed by using edge nodes as block chain link points, and the edge computing terminal authentication system includes:
the terminal sends a terminal authentication request carrying information to be authenticated to the edge node;
the edge node receives the terminal authentication request, acquires the authentication transaction record of the terminal from the block chain by using the identification information of the terminal, authenticates the information to be authenticated by using the authentication transaction record, sends the authentication passing information to the terminal under the condition that the authentication passes, generates a new authentication transaction record for the information to be authenticated, and uploads the new authentication transaction record to the block chain.
An embodiment of the present invention further provides an edge computing terminal authentication device based on a block chain, including:
a processor;
a memory having stored therein executable instructions of the processor;
wherein the processor is configured to perform the steps of the above block chain based edge computing terminal authentication method via execution of executable instructions.
An embodiment of the present invention further provides a computer-readable storage medium for storing a program, where the program, when executed, implements the steps of the above method for authenticating an edge computing terminal based on a block chain.
The invention aims to provide a block chain-based edge computing terminal authentication method, a block chain-based edge computing terminal authentication system and block chain-based edge computing terminal authentication equipment.
The embodiment of the invention fully utilizes the sharing characteristic of the block chain data, any edge node can acquire the authentication transaction record of the terminal from the local block chain account book, and the authentication transaction record is utilized to authenticate the information to be authenticated, thereby realizing the terminal authentication in the moving process. The embodiment of the invention can improve the reliability of terminal authentication by utilizing the unforgeability of the block chain, and save the complexity of the terminal authentication link and the terminal authentication efficiency under the condition of saving the central node.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, with reference to the accompanying drawings.
FIG. 1 is a block chain network diagram of an edge computing system according to an embodiment of the present invention;
fig. 2 is a timing diagram of an edge computing terminal authentication method based on a block chain according to an embodiment of the present invention;
fig. 3 is a flowchart of an edge computing terminal authentication method based on a block chain according to an embodiment of the present invention;
fig. 4 is a second flowchart of an edge computing terminal authentication method based on a block chain according to an embodiment of the present invention;
fig. 5 is a third flowchart of an edge computing terminal authentication method based on a block chain according to an embodiment of the present invention;
fig. 6 is a fourth flowchart of an edge computing terminal authentication method based on a block chain according to an embodiment of the present invention;
FIG. 7 is a block diagram of an edge calculation block according to an embodiment of the present invention;
fig. 8 is a schematic diagram of the mlenage algorithm provided in the embodiment of the present invention;
fig. 9 is a diagram of an edge node structure in the edge computing terminal authentication system according to the embodiment of the present invention;
fig. 10 is a timing diagram of an edge computing terminal authentication method based on a block chain according to an embodiment of the present invention;
fig. 11 is a block chain-based edge computing terminal authentication system according to an embodiment of the present invention;
fig. 12 is a second block diagram of an edge computing terminal authentication system based on a block chain according to an embodiment of the present invention;
fig. 13 is a third schematic block diagram of an edge computing terminal authentication system based on a block chain according to an embodiment of the present invention;
fig. 14 is a fourth schematic block diagram of an edge computing terminal authentication system based on a block chain according to an embodiment of the present invention;
fig. 15 is a schematic diagram illustrating the operation of the edge computing terminal authentication system based on the blockchain according to the embodiment of the present invention.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
The drawings are merely schematic illustrations of the invention and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware forwarding modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
In addition, the flow shown in the drawings is only an exemplary illustration, and not necessarily includes all the steps. For example, some steps may be divided, some steps may be combined or partially combined, and the actual execution sequence may be changed according to the actual situation. The use of "first," "second," and similar terms in the detailed description is not intended to imply any order, quantity, or importance, but rather is used to distinguish one element from another. It should be noted that features of the embodiments of the invention and of the different embodiments may be combined with each other without conflict.
The inventor has noted that in the edge computing scenario, the problem that the terminal is often in the moving process needs to be faced, and the terminal can switch different edge nodes in the moving process. The edge nodes authenticate the terminal to be switched in, and provide corresponding services on the basis of the authentication.
The inventor knows that a wide-area industry application has a large number of terminals, registers in different edge nodes, and deploys a central database for uniform authentication, which is very complex and inefficient. Moreover, this also limits edge computing cross-platform applications.
The inventor considers solving the problem by excluding a central database, and realizes the terminal authentication of the edge node in the moving process by introducing a block chain technology.
The blockchain technology is a decentralized distributed data management framework, is already applied to a plurality of distributed system scenes, can efficiently realize distributed trusted computing, transaction and the like at low cost through decentralized and unforgeable computing models, and is widely applied to the fields of finance, logistics, industrial manufacturing, medical treatment, internet of things and the like at present.
The block chain has the characteristics of decentralization and impossibility of counterfeiting, so that cross-platform application can be realized in the terminal authentication process in the moving process in the edge computing system, and the mode is simple and the authentication efficiency is high.
The embodiment of the invention provides that a block chain network is constructed by utilizing edge nodes, a terminal authenticates at any edge node and can be regarded as an authentication transaction record, the authentication transaction record is stored on a block chain, and actually all block chain nodes share the authentication transaction record. In this way, when the terminal moves to any edge node, the edge node can authenticate the request hand-in terminal by using the authentication transaction record stored in the block chain.
By using the embodiment of the invention, the authentication center node is not required to be built, the terminal authentication safety and reliability are improved by using the unforgeable characteristic of the block chain, and the feasibility of realizing the edge calculation of the terminal across platforms is improved. Moreover, by using the embodiment of the invention, synchronous registration in nodes of the whole system is not needed, and a one-place registration and high-efficiency authentication mechanism of whole network passing can be realized.
Fig. 1 is a block chain-based edge computing system according to an embodiment of the present invention, where the block chain network includes a plurality of edge nodes, each edge node is a block chain node, the edge nodes are equal to each other, and a set of distributed block chain ledger book is separately maintained to implement sharing of block chain data.
In this case, referring to fig. 2, fig. 2 is a block chain-based edge-computing terminal authentication system according to an embodiment of the present invention, where a block chain network is composed of edge nodes, and the edge-computing terminal authentication system may include: an edge node 1a and a terminal 1b as a block chain node, where the edge node 1a is any one edge node in a block chain network, and the edge node is not particularly limited.
Referring to fig. 2, the edge computing terminal authentication system based on the block chain implements terminal authentication by the following steps:
step 210: the terminal 1b sends an authentication request carrying information to be authenticated to the edge node 1 a;
step 220: the edge node 1a acquires the authentication transaction record of the terminal 1b from the block chain by using the identification information of the terminal 1 b;
step 230: the edge node 1a authenticates the information to be authenticated by using the authentication transaction record;
step 240: the edge node 1a sends the authentication passing information to the terminal 1 b;
step 250: and under the condition that the authentication is passed, the edge node 1a generates a new authentication transaction record for the information to be authenticated, and uploads the new authentication transaction record to the block chain.
By using the embodiment of the invention, the edge nodes used as the block chain nodes share the authentication transaction record, so when the terminal moves from the previous edge node to the current edge node and requests to switch in, the current edge node can authenticate the terminal authentication request by using the authentication transaction record between the terminal and the previous edge node.
The embodiment of the invention can improve the reliability of terminal authentication by utilizing the unforgeability of the block chain, and save the complexity of the terminal authentication link and the terminal authentication efficiency under the condition of saving the central node.
Fig. 3 is a flowchart of an edge computing terminal authentication method based on a block chain according to an embodiment of the present invention, where an execution subject of the method is an edge node serving as a block chain node, and the edge node is any one block chain node. Specifically, the edge node may be a physical device or a virtual machine, and is not particularly limited herein.
Referring to fig. 3, the method specifically includes the following steps:
step 310: receiving an authentication request of a terminal, wherein the authentication request carries information to be authenticated;
step 320: under the condition that a first authentication transaction record of the terminal is acquired from the blockchain by using the identification information of the terminal, authenticating the information to be authenticated by using the first authentication transaction record;
step 330: transmitting authentication passing information to the terminal under the condition that the authentication passes;
step 340: and under the condition that the authentication is passed, constructing a second authentication transaction record for the information to be authenticated, and uploading the second authentication transaction record to the block chain.
The embodiment of the invention fully utilizes the sharing characteristic of the block chain data, any edge node can acquire the authentication transaction record of the terminal from the local block chain account book, and the authentication transaction record is utilized to authenticate the information to be authenticated, thereby realizing the terminal authentication in the moving process. The embodiment of the invention can improve the reliability of terminal authentication by utilizing the unforgeability of the block chain, and save the complexity of the terminal authentication link and the terminal authentication efficiency under the condition of saving the central node.
In the embodiment of the present invention, the authentication edge node generating the first authentication transaction record and the edge node generating the current second authentication transaction record may be two different edge nodes, or may be the same edge node.
In the embodiment of the invention, after the terminal is registered at a certain edge node, the edge node generates an authentication transaction record for the terminal based on the registration record, the authentication transaction record is sent to a block chain network, and the block chain is packaged to produce a block merging chain containing the authentication transaction record.
In the subsequent process, as the terminal is transferred to a plurality of edge nodes, each edge node relates to the terminal authentication requirement, the method of the embodiment of the invention is adopted to carry out the current authentication, and a new authentication transaction record is generated and linked up to be used as the basis of the next terminal authentication.
In the embodiment of the invention, when a plurality of candidate authentication transaction records of the terminal are acquired from the blockchain by using the identification information of the terminal, a first authentication transaction record with a time sequence later than that of other candidate authentication transaction records is selected from the plurality of candidate authentication transaction records.
In this embodiment, the first authenticated transaction record is the last authenticated transaction record of the terminal.
In the embodiment of the invention, double authentication is adopted to authenticate the information to be authenticated. Specifically, the method for authenticating the information to be authenticated by using the first authentication transaction record comprises the following steps:
extracting the authenticated token from the first authentication transaction record, and performing validity authentication on the information to be authenticated by adopting an authentication token authentication mechanism;
and under the condition that the legality authentication is passed, performing terminal identity authentication on the information to be authenticated by using the first authentication transaction record.
Thus, when the identity authentication is passed, the authentication of the information to be authenticated is confirmed to be passed.
By using the embodiment, the authentication request can be subjected to a double-authentication mechanism, so that the validity and reliability of authentication are enhanced on the basis of simplicity and high efficiency.
In the embodiment of the invention, the legality authentication is carried out on the information to be authenticated by adopting an authentication token authentication mechanism, and the method specifically comprises the following steps:
obtaining a hash value of a token to be authenticated from information to be authenticated;
performing hash calculation on the authenticated token to obtain a hash value of the authenticated token;
and comparing the hash value of the authenticated token with the hash value of the token to be authenticated, and confirming that the validity authentication passes under the condition that the comparison passes.
The present embodiment employs a token-based authentication mechanism. And under the condition that the hash value of the authenticated token is consistent with the hash value of the token to be authenticated, the token to be authenticated and the authenticated token are generated by the same edge node and are the same token.
In practical application, the authenticated token is automatically generated and added into the first authentication transaction record when the edge node generating the first authentication transaction record passes terminal authentication, and a hash value is calculated for the authenticated token and sent to the terminal.
Therefore, when the terminal initiates an authentication request to the current edge node, the terminal adds the hash value of the authenticated token as the hash value of the token to be authenticated as a part of the information to be authenticated into the authentication request. Therefore, the current edge node can adopt an authentication token authentication mechanism to carry out validity authentication on the information to be authenticated.
In the embodiment of the present invention, referring to fig. 4, the method for authenticating an edge computing terminal further includes:
step 410: receiving an authentication request of a terminal, wherein the authentication request carries information to be authenticated;
step 420: under the condition that a first authentication transaction record of the terminal is acquired from the blockchain by using the identification information of the terminal, authenticating the information to be authenticated by using the first authentication transaction record;
step 430: under the condition that the authentication is passed, the identification information of the edge node, the identification information of the terminal, the shared secret key of the terminal stored in the first authentication transaction record and the random number provided by the terminal in the information to be authenticated are connected in series to obtain serial data;
step 440: encrypting the concatenated data by using a private key of the edge node to obtain a new authentication token and generate a new authentication token, and performing hash calculation on the new authentication token to obtain a hash value of the new authentication token;
step 450: sending authentication passing information and the hash value of the new authentication token to the terminal;
step 460: and constructing a second authentication transaction record for the information to be authenticated and the new authentication token, and uploading the second authentication transaction record to the block chain.
The hash value of the authentication token and the authentication passing information in step 450 can be realized through the same step, and the hash value of the authentication token is carried in the authentication passing information. In other embodiments, the hash value of the authentication token and the authentication pass information may also be sent to the terminal through different steps without any order.
Wherein, the steps 410 and 420 refer to the above steps 310 and 320, respectively, and are not described herein again.
In the embodiment of the present invention, the new authentication token is used for the next terminal authentication.
In the embodiment of the present invention, the shared key of the terminal may be generated by the registration edge node and provided to the terminal when the terminal first registers in the blockchain network, and the shared key may be permanently used. At the same time, the shared secret key of the terminal is uplink stored.
In this case, the authenticated token is decrypted using the public key of the edge node that generated the first authenticated transaction record, resulting in the shared key of the terminal.
In the embodiment of the invention, the random number provided by the terminal is generated randomly by the terminal and is sent to the terminal through the information to be authenticated, so that the edge node can extract the random number from the information to be authenticated.
In the embodiment of the invention, the legality authentication based on the authentication token is the first re-authentication, and the terminal identity authentication of the information to be authenticated is carried out as the second re-authentication by utilizing the first authentication transaction record. The method for authenticating the terminal identity of the information to be authenticated by using the first authentication transaction record comprises the following steps:
generating a target authentication code by using a shared secret key of the terminal, an identity authentication domain value and a random number provided by the terminal in the information to be authenticated, wherein the shared secret key and the identity authentication domain value are stored in the first authentication transaction record;
comparing the target authentication code with an authentication code to be authenticated provided by the terminal through the information to be transacted, and taking the comparison result as an identity authentication result; the authentication code to be authenticated is generated by the terminal by using a shared secret key, an identity authentication domain value and a random number which are stored by the terminal.
In the embodiment of the present invention, the authentication domain value of the terminal is generated and provided to the terminal in the case that the authentication passes through the previous round of edge nodes, that is, the edge nodes that generate the first authentication transaction record. On one hand, the terminal stores the received identity authentication domain value locally for the current authentication, and on the other hand, the edge node in the previous round adds the identity authentication domain value to the first authentication transaction record and uplink for the next round of terminal authentication.
In an alternative embodiment of the present invention, referring to fig. 5, the method for authenticating an edge computing terminal based on a block chain includes:
step 510: receiving an authentication request of a terminal, wherein the authentication request carries information to be authenticated;
step 520: under the condition that a first authentication transaction record of the terminal is obtained from a blockchain by using the identification information of the terminal, authenticating the information to be authenticated by using the first authentication transaction record;
step 530: generating a new identity authentication domain value of the terminal under the condition that the authentication is passed;
step 540: sending authentication passing information and the new identity authentication domain value to the terminal;
step 550: and constructing a second authentication transaction record for the information to be authenticated and the new identity authentication domain value, and uploading the second authentication transaction record to the block chain.
And the new identity authentication domain value is provided for the terminal, so that the terminal can generate an authentication code in the next round of authentication.
In this embodiment of the present invention, referring to fig. 6, the method for authenticating an edge computing terminal based on a block chain may include the following steps:
step 610: receiving an authentication request of a terminal, wherein the authentication request carries information to be authenticated;
step 620: under the condition that a first authentication transaction record of the terminal is acquired from the blockchain by using the identification information of the terminal, authenticating the information to be authenticated by using the first authentication transaction record;
step 630: transmitting authentication passing information to the terminal under the condition that the authentication passes;
step 640: under the condition that the authentication is passed, constructing a second authentication transaction record for the information to be authenticated, and uploading the second authentication transaction record to the block chain;
step 650: and under the condition that the authentication is passed, providing the service for the terminal under the condition that the service requirement information of the terminal is obtained.
Wherein steps 610, 620, 630, 640 refer to steps 310, 320, 330 and 340 above, respectively, and are not detailed herein.
In the embodiment of the present invention, when the terminal has a service requirement, the edge node provides a corresponding service, and the specific service content is related to the service requirement information, which is not limited herein.
The service requirement information may be carried in the service request, or may be separately sent to the edge node when the authentication is passed.
In the embodiment of the present invention, providing a service to a terminal specifically includes the following steps:
and providing the matched business service for the terminal by acquiring at least one of the authority and the credit level of the terminal from the first authentication record.
The rights and credit rating of the terminal may be assigned by the terminal at registration and can be upgraded or downgraded at a later date and recorded in the blockchain. This therefore enables the recorded rights and credit levels to be extracted from the blockchain in order to provide the terminal with a matching business service.
Fig. 7 is a block data structure of edge calculation according to an embodiment of the present invention, and referring to fig. 7, the block data structure conforms to a general block data structure, and in a block, each record includes key variables including:
IDi: the identity ID number of the ith terminal;
MEC_IDij: jth edge node of ith terminal login authenticationID number of (a);
AMFi: the terminal is at the edge node MEC _ IDijThe Authentication AMF (Authentication management field) value used, and the above identity Authentication field value is an example of the AMF value;
AUTNi: edge node MEC _ IDijAn authentication token generated after authenticating the terminal;
Key_Priij: a PKI private key of the edge node MEC _ IDij;
Ki: a shared key of the terminal;
RANDi: at the edge node MEC _ IDijA random number used in authentication;
TimeStampi: terminal at edge node MEC _ IDijA timestamp when authenticating the authentication;
Pi: a terminal permission level;
Cri: a credit rating of the terminal;
MEC_IDik: the terminal registers the identification information of the registered edge node.
ID in initial authenticated transaction recordiGenerated by registered edge nodes and generating a shared secret key KiAnd distributed to the terminal for permanent storage.
PiAnd CriIndicating the terminal's rights and credit rating, maintained by the registered edge node, and may be upgraded or downgraded.
During the authentication process, the edge node also generates AMFiThe field is distributed to the terminal for the next authentication and is recorded in the block. Edge node calculation generation authentication token AUTNiThe token is hashed to generate a Hash value Hash (AUTN)i),AUTNiStored in a chunk record, and Hash value Hash (AUTN)i) It is distributed to the terminal for the next authentication.
The terminal authentication mechanism of the embodiment of the invention uses the MILENAGE algorithm and generates the authentication code MAC and the session key CK by f1 and f3 functions of the MILENAGE algorithmiAnd in particular to fig. 8.
When the terminal moves to the edge node and wants to obtain the service, the terminal is authenticated by the service edge node. Terminal first utilizes Ki、AMFiSQN and RANDiCalculating and generating an authentication code MAC:
MAC=f1(Ki,AMFi,SQN,RANDi);
wherein AMFiGenerating by the edge node of the previous wheel and storing by the terminal;
then, an authentication vector AV is calculated:
AV=IDi||SQN||RANDi||Hash(AUTNi)||MAC
wherein Hash (AUTN)i) An authentication token AUTN generated after the previous round of edge node authenticationiAnd the terminal sends the AV to the current edge node for authentication. The authentication vector a corresponds to the above information to be authenticated.
After the edge node receives the authentication request and the authentication vector AV of the terminal, the ID of the terminal is respectively extractediAuthentication token AUTNiHash value of (3), authentication and authorization code MAC and random number RANDiAnd sequence number SQN.
The edge node firstly finds the nearest authentication transaction record related to the terminal in a traversal mode in a block chain account book of the edge node, and extracts an authentication token AUTN after findingiAnd performing hash calculation on the authentication token to compare the authentication token with the hash value, and judging whether the authentication token is a legal authentication token.
After the comparison is passed, searching and recording the MEC _ ID of the last authentication edge nodeijPKI public key pair AUTNiDecrypting to obtain the original plaintext of the authentication token:
AUTNi(plaintext) ═ UnEncrypt (Key _ Pub)ij,AUTNi)
Wherein Key _ PubijThe PKI public key of the last edge node, the original plaintext of the decrypted authentication token is:
MEC_IDij⊕IDi||Ki||RANDi
extracting the shared secret key K of the terminaliCombined with SQN, R in authentication vector AVANDiAnd AMF stored in the blockiAnd generating an authentication code MAC through the f1 function, comparing the authentication code MAC with the authentication code MAC in the authentication vector, and finishing the terminal authentication if the comparison is successful.
It should be noted that although the terminal transmits the authentication vector AV once, the edge node performs double authentication on the terminal without relying on cooperation of any other unit, thereby determining the identity and reliability of the edge terminal and ensuring that the identity of the terminal is not illegally stolen and falsely used.
In the embodiment of the invention, the terminal is provided with a MILENAGE algorithm module, a sequence number SQN generator and a random number RAND generator. The MILENAGE algorithm module is used for executing the MILENAGE algorithm to generate the authentication code MAC and the session key CKi. And the sequence number SQN generator is used for generating a sequence number required by the authentication and providing the sequence number to the edge node. The random number RAND generator is used for generating a random number required by the authentication, generating an authentication code by using the random number, and sending the random number to the edge node to generate the authentication code.
Fig. 9 is a structural diagram of an edge node computing system provided by the present invention, the edge node computing system including:
the terminal authentication core processing unit 910: the terminal is responsible for processing the flow and control of terminal authentication;
AUTN encryption and decryption engine 920: encrypting and decrypting based on asymmetric PKI, storing the encrypted and decrypted key in a 'blockchain key database 940', and using the PKI public key of the previous round of authentication edge node to authenticate the AUTN stored in the blockchain authentication transaction record when the terminal is authenticatediCarrying out decryption operation, and after finishing authentication, using the PKI private key of the node to generate the AUTNiCarrying out encryption operation;
blockchain interaction interface 930: facing to the block chain, the block chain is a block data entry, records terminal login authentication and activity into transaction, and sends the transaction to a block chain accounting node;
blockchain key database 940: storing a PKI public key of an edge node in the whole block chain and a PKI public key and a private key of the node;
secret keyThe generator 950: shared secret key K through input terminaliAnd random number RAND transmitted by terminaliThe session key CK between the terminal and the edge node is generated by the f3 function of the mlenage algorithm (shown with reference to fig. 7)i:CKi=f3(Ki,RANDi);
Account book read-write module 960: the system comprises a data reading and writing module, a data processing module and a data processing module, wherein the data reading and writing module is used for reading and writing data of a locally maintained distributed block chain account book;
the AMF generator 970: and generating a 16-bit authentication control domain code, serving as an identity authentication domain value to be distributed to a terminal, and generating an authentication code MAC value in the next authentication process.
In an application scenario, referring to fig. 10, the method for authenticating an edge computing terminal specifically includes the following steps.
Step 1010: the terminal i completes authentication (or registration) through the edge node a.
Step 1020: edge node A generates AMF through AMF generatoriAnd the PKI private Key Key _ Pr of the node is utilizediTo terminal identification information MEC _ IDijShared private key K of terminaliAnd a random number RANDiCryptographically generated authentication token AUTNiAnd calculating AUTNiHash value of (AUTN)i)。
Step 1030: edge node A will AMFiAnd Hash (AUTN)i) Distributing to a terminal for storage;
step 1040: edge node A will AMFiAnd AUTNiAnd other relevant terminal authentication information, service information and the like generate a first authentication transaction record and send the first authentication transaction record to the chain.
Step 1050: and the edge node B receives a new block through the block chain interactive interface, and writes the block into a local distributed account book through the account book reading and writing module.
Step 1060: the terminal i moves to the service domain of the edge node B, and the stored shared secret key K is extractediAnd through a built-in sequence generator and a random number generator, the SQN and the RAND are generatediCalculating the authentication code MAC, and then adding Hash (AUTN)i) Generating an authentication vector AV in a combined manner;
step 1070: the terminal i sends the authentication vector AV to the edge node B to request authentication;
step 1080: the edge node B receives the authentication request and the authentication vector AV of the terminal i, and extracts the ID number ID of the terminal i from the AV through a terminal authentication core processing unitiTraversing the local block chain account book through the account book reading and writing module, acquiring the latest first authentication transaction record of the terminal, and extracting the AMF from the recordiAnd AUTNiThen to AUTNiPerforming Hash calculation, and comparing the calculated value with the Hash (AUTN) in the AVi) Comparing, and if the two are consistent, finishing the first re-authentication;
step 1090: the AUTN encryption and decryption engine of the edge node B acquires the PKI public Key _ Pub of the edge node A from the local block chain Key databaseaFor AUTNiPerforming a decryption operation from the AUTNiExtracting shared secret key K of terminal i in plain textiBy using Ki、AMFiAnd RAND in AViThe SQN calculates and generates an MAC authentication code through an f1 function of a MILENAGE algorithm and sends the MAC authentication code to a terminal authentication core processing unit;
thus, the terminal authentication core processing unit compares the calculated MAC with the MAC in the AV, and if the calculated MAC is consistent with the MAC in the AV, second authentication is completed;
step 10100: the terminal authentication core processing unit generates 16-bit AMF through an AMF generatoriAnd the ID value MEC _ ID of the node, the ID number of the terminal and the RAND in AViAnd a shared secret key K of the terminaliGeneration of a New AUTNiPlaintext, AUTNiThe plaintext is handed over to an AUTN encryption and decryption engine;
the AUTN encryption and decryption engine passes through the PKI private Key _ Pri of the nodebFor AUTNiEncrypting plaintext, calculating and generating authentication token AUTNiThe terminal authentication core processing unit informs the authentication result to the terminal i and calculates AUTN at the same timeiHash value and AMF ofiThe fields are sent to the terminal for storage;
when a session is between a terminal i and an edge node B, the session is respectively passed through a shared secret key K of the terminaliAnd a random number RANDiAnd MILENAGE algorithm f3 function calculation generation session keyCKiThe two-party communication session is encrypted and protected by the key, and the edge node B provides corresponding service according to the terminal authority and the credit level stored in the record;
step 10110: the edge node B finishes the service of the terminal i and sends a new AMFiAnd AUTNiAnd generating a second authentication transaction record together with other terminal information and service information, sending the second authentication transaction record to the chain, entering a new block, and synchronizing to an edge node on the chain.
Fig. 11 is a schematic block diagram of an edge computing terminal authentication system based on a block chain according to an embodiment of the present invention, where a network of the block chain is constructed by using edge nodes as block chain link points, and an edge computing terminal authentication method is applied to the edge nodes, where the system includes, but is not limited to:
a receiving module 1110, configured to receive an authentication request of a terminal, where the authentication request carries information to be authenticated;
the authentication module 1120 authenticates the information to be authenticated by using the first authentication transaction record when the first authentication transaction record of the terminal is acquired from the blockchain by using the identification information of the terminal;
a sending module 1130, which sends authentication passing information to the terminal if the authentication passes;
the constructing module 1140, in case of passing the authentication, constructs a second authentication transaction record for the information to be authenticated, and uploads the second authentication transaction record to the blockchain.
The block chain-based edge computing terminal authentication system of the embodiment of the invention fully utilizes the sharing characteristic of block chain data, any edge node can acquire the authentication transaction record of the terminal from the local block chain account book, and the authentication transaction record is utilized to authenticate the information to be authenticated, thereby realizing the terminal authentication in the moving process. The embodiment of the invention can improve the reliability of terminal authentication by utilizing the unforgeability of the block chain, and save the complexity of the terminal authentication link and the terminal authentication efficiency under the condition of saving the central node.
Optionally, the authentication module 1120 is specifically configured to:
extracting the authenticated token from the first authentication transaction record, and performing validity authentication on the information to be authenticated by adopting an authentication token authentication mechanism;
and under the condition that the legality authentication is passed, performing terminal identity authentication on the information to be authenticated by using the first authentication transaction record.
Optionally, the authentication module 1120 is further specifically configured to:
obtaining a hash value of a token to be authenticated from information to be authenticated;
performing hash calculation on the authenticated token to obtain a hash value of the authenticated token;
and comparing the hash value of the authenticated token with the hash value of the token to be authenticated, and confirming that the validity authentication passes under the condition that the comparison passes.
Optionally, the authentication module 1120 is further specifically configured to:
generating a target authentication code by using a shared secret key of the terminal, an identity authentication domain value and a random number provided by the terminal in the information to be authenticated, wherein the shared secret key and the identity authentication domain value are stored in the first authentication transaction record;
comparing the target authentication code with an authentication code to be authenticated provided by the terminal through the information to be transacted, and taking the comparison result as an identity authentication result;
the authentication code to be authenticated is generated by the terminal by using a shared secret key, an identity authentication domain value and a random number which are stored by the terminal.
Optionally, compared with fig. 11, the edge computing terminal authentication system based on the block chain shown in fig. 12 further includes:
a data concatenation module 1210, for concatenating the identification information of the edge node, the identification information of the terminal, the shared key of the terminal stored in the first authentication transaction record, and the random number provided by the terminal in the information to be authenticated to obtain concatenated data when the authentication is passed;
the encryption module 1220 is configured to encrypt the concatenated data by using a private key of the edge node, obtain a new authentication token, generate a new authentication token, and perform hash calculation on the new authentication token to obtain a hash value of the new authentication token;
the sending module 1230 is specifically configured to:
sending authentication passing information and the hash value of the new authentication token to the terminal;
the building module 1240 is specifically configured to:
and constructing a second authentication transaction record for the information to be authenticated and the new authentication token.
Optionally, compared with fig. 11, the edge computing terminal authentication system based on the block chain shown in fig. 13 further includes:
an identity authentication domain value generating module 1310 for generating a new identity authentication domain value of the terminal if the authentication is passed;
the sending module 1320 is specifically configured to:
sending the authentication passing information and the new identity authentication domain value to the terminal;
the construction module 1330 is specifically configured to:
and constructing a second authentication transaction record for the information to be authenticated and the new identity authentication domain value.
Alternatively, referring to fig. 14, compared to fig. 11, the edge computing terminal authentication system based on a block chain shown in fig. 14 further includes:
the service providing module 1410, when the authentication is passed, provides a service to the terminal when the service requirement information of the terminal is obtained.
Optionally, the service providing module 1410 is specifically configured to:
and providing the matched business service for the terminal by acquiring at least one of the authority and the credit level of the terminal from the first authentication record.
The embodiment of the invention also provides edge computing terminal authentication equipment based on the block chain, which comprises a processor. A memory having stored therein executable instructions of the processor. Wherein the processor is configured to calculate the steps of the terminal authentication method based on block chain edges, performed via execution of executable instructions.
As shown above, the edge nodes are used as the block chain link points to construct the block chain, and any edge node can acquire the first authentication transaction record of the terminal from the block chain when receiving an authentication request of the terminal, authenticate the information to be authenticated by using the first authentication transaction record, send authentication passing information to the terminal when the authentication passes, construct the second authentication transaction record for the information to be authenticated, and upload the second authentication transaction record to the block chain.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" platform.
Fig. 15 is a schematic structural diagram of an electronic device of the present invention. An electronic device 1500 according to this embodiment of the invention is described below with reference to fig. 15. The electronic device 1500 shown in fig. 15 is only an example and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 15, electronic device 1500 is in the form of a general purpose computing device. Components of electronic device 1500 may include, but are not limited to: at least one processing unit 1510, at least one storage unit 1520, a bus 1530 connecting different platform components (including the storage unit 1520 and the processing unit 1510), a display unit 1540, and the like.
In which the storage unit stores program codes executable by the processing unit 1510 to cause the processing unit 1510 to perform steps according to various exemplary embodiments of the present invention described in the above-described electronic prescription flow processing method section of the present specification. For example, the processing unit 1710 may perform the steps as shown in any of fig. 2-6.
The storage unit 1520 may include readable media in the form of volatile storage units, such as a random access memory unit (RAM)1521 and/or a cache memory unit 1522, and may further include a read-only memory unit (ROM) 1523.
The storage unit 1520 may also include a program/utility 1524 having a set (at least one) of program modules 1525, such program modules 1525 including, but not limited to: a processing system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 1530 may be any bus representing one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 1500 can also communicate with one or more external devices 1600 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 1500, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 1500 to communicate with one or more other computing devices. Such communication can occur via an input/output (I/O) interface 1750. Also, the electronic device 1500 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 1560. The network adapter 1560 may communicate with other modules of the electronic device 1500 via the bus 1530. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the electronic device 1500, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage platforms, to name a few.
The embodiment of the invention also provides a computer readable storage medium for storing a program, and the steps of the edge computing terminal authentication method based on the block chain are realized when the program is executed. In some possible embodiments, the various aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the section on the edge computing terminal authentication method mentioned above in this description, when the program product is run on the terminal device.
According to the program product for realizing the method, the portable compact disc read only memory (CD-ROM) can be adopted, the program code is included, and the program product can be operated on terminal equipment, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out processes of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
In summary, the present invention provides a method, a system, and a device for authenticating an edge computing terminal based on a blockchain, which make full use of the sharing characteristics of blockchain data, so that any edge node can obtain an authentication transaction record of the terminal from a local blockchain account book, and authenticate information to be authenticated by using the authentication transaction record, thereby implementing terminal authentication in a mobile process. The embodiment of the invention can improve the reliability of terminal authentication by utilizing the unforgeability of the block chain, and save the complexity of the terminal authentication link and the terminal authentication efficiency under the condition of saving the central node.
The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims (15)

1. An edge computing terminal authentication method based on a block chain is characterized in that a network of the block chain is constructed by taking edge nodes as block chain link points, and the edge computing terminal authentication method is applied to the edge nodes and comprises the following steps:
receiving an authentication request of a terminal, wherein the authentication request carries information to be authenticated;
under the condition that a first authentication transaction record of the terminal is obtained from a blockchain by using the identification information of the terminal, authenticating the information to be authenticated by using the first authentication transaction record;
transmitting authentication passing information to the terminal under the condition that the authentication passes;
and under the condition that the authentication is passed, constructing a second authentication transaction record for the information to be authenticated, and uploading the second authentication transaction record to the block chain.
2. The block chain based edge computing terminal authentication method according to claim 1, wherein the authenticating the information to be authenticated by using the first authentication transaction record comprises the following steps:
extracting an authenticated token from the first authentication transaction record, and performing validity authentication on the information to be authenticated by adopting an authentication token authentication mechanism;
and under the condition that the legality authentication is passed, performing terminal identity authentication on the information to be authenticated by using the first authentication transaction record.
3. The block chain-based edge computing terminal authentication method according to claim 2, wherein an authentication token authentication mechanism is used to perform validity authentication on the information to be authenticated, and the method specifically comprises the following steps:
obtaining a hash value of a token to be authenticated from the information to be authenticated;
performing hash calculation on the authenticated token to obtain a hash value of the authenticated token;
and comparing the hash value of the authenticated token with the hash value of the token to be authenticated, and confirming that the validity authentication is passed under the condition that the comparison is passed.
4. The block chain based edge computing terminal authentication method according to claim 3, further comprising:
under the condition that the authentication is passed, the identification information of the edge node, the identification information of the terminal, the shared secret key of the terminal stored in the first authentication transaction record and the random number provided by the terminal in the information to be authenticated are connected in series to obtain serial data;
encrypting the concatenated data by using a private key of the edge node to obtain a new authentication token and generate a new authentication token, and performing hash calculation on the new authentication token to obtain a hash value of the new authentication token;
sending authentication passing information to the terminal, including:
sending authentication passing information and the hash value of the new authentication token to the terminal;
and constructing a second authentication transaction record for the information to be authenticated, wherein the second authentication transaction record comprises:
and constructing a second authentication transaction record for the information to be authenticated and the new authentication token.
5. The method for authenticating the edge computing terminal based on the blockchain according to claim 2, wherein performing terminal identity authentication on the information to be authenticated by using the first authentication transaction record comprises:
generating a target authentication code by using the shared secret key of the terminal, the identity authentication domain value and the random number provided by the terminal in the information to be authenticated, which are stored in the first authentication transaction record;
comparing the target authentication code with an authentication code to be authenticated provided by the terminal through the information to be transacted, and taking a comparison result as an identity authentication result;
the authentication code to be authenticated is generated by the terminal by using the shared secret key, the identity authentication domain value and the random number stored by the terminal.
6. The block chain based edge computing terminal authentication method according to claim 5, further comprising:
generating a new identity authentication domain value of the terminal under the condition that the authentication is passed;
sending authentication passing information to the terminal, including:
sending authentication passing information and the new identity authentication domain value to the terminal;
and constructing a second authentication transaction record for the information to be authenticated, wherein the second authentication transaction record comprises:
and constructing a second authentication transaction record for the information to be authenticated and the new identity authentication domain value.
7. The block chain based edge computing terminal authentication method according to claim 1, further comprising:
and under the condition that the authentication is passed, providing the service for the terminal under the condition that the service requirement information of the terminal is obtained.
8. The method according to claim 7, wherein providing the service to the terminal comprises:
and providing the matched business service for the terminal by acquiring at least one of the authority and the credit level of the terminal from the first authentication record.
9. An edge computing terminal authentication system based on a block chain is characterized in that a network of the block chain is constructed by taking edge nodes as block chain link points, and the edge computing terminal authentication system is applied to the edge nodes and comprises the following components:
the terminal comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving an authentication request of the terminal, and the authentication request carries information to be authenticated;
the authentication module authenticates the information to be authenticated by using the first authentication transaction record under the condition that the first authentication transaction record of the terminal is acquired from the blockchain by using the identification information of the terminal;
the sending module is used for sending authentication passing information to the terminal under the condition that the authentication passes;
and the generating module is used for constructing a second authentication transaction record for the information to be authenticated under the condition that the authentication is passed, and uploading the second authentication transaction record to the block chain.
10. The blockchain-based edge computing terminal authentication system of claim 9, wherein the authentication module further comprises:
the legality authentication module extracts an authenticated token from the first authentication transaction record and adopts an authentication token authentication mechanism to carry out legality authentication on the information to be authenticated;
and the identity authentication module is used for performing terminal identity authentication on the information to be authenticated by using the first authentication transaction record under the condition that the validity authentication is passed.
11. The system according to claim 10, wherein the validity authentication module is specifically configured to:
obtaining a hash value of a token to be authenticated from the information to be authenticated;
performing hash calculation on the authenticated token to obtain a hash value of the authenticated token;
and comparing the hash value of the authenticated token with the hash value of the token to be authenticated, and confirming that the validity authentication is passed under the condition that the comparison is passed.
12. The system according to claim 10, wherein the identity authentication module is specifically configured to:
generating a target authentication code by using the shared secret key of the terminal, the identity authentication domain value and the random number provided by the terminal in the information to be authenticated, which are stored in the first authentication transaction record;
comparing the target authentication code with an authentication code to be authenticated provided by the terminal through the information to be transacted, and taking a comparison result as an identity authentication result;
the authentication code to be authenticated is generated by the terminal by using the shared secret key, the identity authentication domain value and the random number stored by the terminal.
13. An edge computing terminal authentication system based on a block chain is characterized in that a network of the block chain is constructed by taking edge nodes as block chain link points, and the edge computing terminal authentication system comprises:
the terminal sends a terminal authentication request carrying information to be authenticated to the edge node;
the edge node receives the terminal authentication request, acquires the authentication transaction record of the terminal from the block chain by using the identification information of the terminal, authenticates the information to be authenticated by using the authentication transaction record, sends authentication passing information to the terminal under the condition of passing authentication, generates a new authentication transaction record for the information to be authenticated, and uploads the new authentication transaction record to the block chain.
14. An edge computing terminal authentication device based on a blockchain, comprising:
a processor;
a memory having stored therein executable instructions of the processor;
wherein the processor is configured to perform the steps of the block chain based edge computing terminal authentication method of any one of claims 1-8 via execution of the executable instructions.
15. A computer-readable storage medium storing a program which, when executed by a processor, performs the steps of the block chain based edge computing terminal authentication method of any one of claims 1 to 8.
CN202111421771.4A 2021-11-26 2021-11-26 Block chain-based edge computing terminal authentication method, system and equipment Pending CN114143312A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111421771.4A CN114143312A (en) 2021-11-26 2021-11-26 Block chain-based edge computing terminal authentication method, system and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111421771.4A CN114143312A (en) 2021-11-26 2021-11-26 Block chain-based edge computing terminal authentication method, system and equipment

Publications (1)

Publication Number Publication Date
CN114143312A true CN114143312A (en) 2022-03-04

Family

ID=80388173

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111421771.4A Pending CN114143312A (en) 2021-11-26 2021-11-26 Block chain-based edge computing terminal authentication method, system and equipment

Country Status (1)

Country Link
CN (1) CN114143312A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114844719A (en) * 2022-06-06 2022-08-02 广东电网有限责任公司 Cross-network terminal identity authentication method, device and system of communication network
CN115776389A (en) * 2022-11-01 2023-03-10 龙应斌 Anti-theft data access security method and system based on trusted authentication link

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161032A (en) * 2015-04-24 2016-11-23 华为技术有限公司 A kind of identity authentication method and device
CN108234135A (en) * 2017-12-29 2018-06-29 中链科技有限公司 A kind of service authentication method, system and computer readable storage medium
CN110177124A (en) * 2019-06-20 2019-08-27 深圳市网心科技有限公司 Identity identifying method and relevant device based on block chain
US20200244464A1 (en) * 2019-01-25 2020-07-30 International Business Machines Corporation Blockchain based authentication
CN111753269A (en) * 2020-06-24 2020-10-09 海南大学 Identity authentication method and device based on block chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161032A (en) * 2015-04-24 2016-11-23 华为技术有限公司 A kind of identity authentication method and device
CN108234135A (en) * 2017-12-29 2018-06-29 中链科技有限公司 A kind of service authentication method, system and computer readable storage medium
US20200244464A1 (en) * 2019-01-25 2020-07-30 International Business Machines Corporation Blockchain based authentication
CN110177124A (en) * 2019-06-20 2019-08-27 深圳市网心科技有限公司 Identity identifying method and relevant device based on block chain
CN111753269A (en) * 2020-06-24 2020-10-09 海南大学 Identity authentication method and device based on block chain

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114844719A (en) * 2022-06-06 2022-08-02 广东电网有限责任公司 Cross-network terminal identity authentication method, device and system of communication network
CN114844719B (en) * 2022-06-06 2023-09-22 广东电网有限责任公司 Cross-network terminal identity authentication method, device and system of communication network
CN115776389A (en) * 2022-11-01 2023-03-10 龙应斌 Anti-theft data access security method and system based on trusted authentication link
CN115776389B (en) * 2022-11-01 2023-11-07 龙应斌 Anti-theft data security access method and system based on trusted authentication link

Similar Documents

Publication Publication Date Title
JP7121810B2 (en) Systems, methods, devices and terminals for secure blockchain transactions and sub-networks
CN110692214B (en) Method and system for ownership verification using blockchain
US10797879B2 (en) Methods and systems to facilitate authentication of a user
CN107210914B (en) Method for secure credential provisioning
EP3435591B1 (en) 1:n biometric authentication, encryption, signature system
CN104715187B (en) Method and apparatus for the node in certification electronic communication system
US9787672B1 (en) Method and system for smartcard emulation
CN109075976A (en) Certificate depending on key authentication is issued
US20190332809A1 (en) Method and server for authenticating and verifying file
US9137224B2 (en) System and method for secure remote access
CN107359998A (en) A kind of foundation of portable intelligent password management system and operating method
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN114143312A (en) Block chain-based edge computing terminal authentication method, system and equipment
US20100241865A1 (en) One-Time Password System Capable of Defending Against Phishing Attacks
US10469264B2 (en) Method and server for authenticating and verifying file
KR20200002501A (en) Method for certificating node of public blockchain, apparatus and system for executing the method
CN115459928A (en) Data sharing method, device, equipment and medium
US20200342459A1 (en) Trusted customer identity systems and methods
US9246677B2 (en) Method and system for secure data communication between a user device and a server
KR102157695B1 (en) Method for Establishing Anonymous Digital Identity
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
JP2019533852A (en) Software-based switch for providing products and / or services to users without compromising privacy
US20190288833A1 (en) System and Method for Securing Private Keys Behind a Biometric Authentication Gateway
US8910260B2 (en) System and method for real time secure image based key generation using partial polygons assembled into a master composite image
CN113545004A (en) Authentication system with reduced attack surface

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination