CN114244527A - Block chain-based power Internet of things equipment identity authentication method and system - Google Patents

Block chain-based power Internet of things equipment identity authentication method and system Download PDF

Info

Publication number
CN114244527A
CN114244527A CN202111525769.1A CN202111525769A CN114244527A CN 114244527 A CN114244527 A CN 114244527A CN 202111525769 A CN202111525769 A CN 202111525769A CN 114244527 A CN114244527 A CN 114244527A
Authority
CN
China
Prior art keywords
power internet
things equipment
certificate
block chain
digital certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111525769.1A
Other languages
Chinese (zh)
Other versions
CN114244527B (en
Inventor
姜琳
朱朝阳
周亮
缪思薇
朱亚运
张晓娟
王海翔
蔺子卿
曹靖怡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electric Power Research Institute Co Ltd CEPRI
Original Assignee
China Electric Power Research Institute Co Ltd CEPRI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Electric Power Research Institute Co Ltd CEPRI filed Critical China Electric Power Research Institute Co Ltd CEPRI
Priority to CN202111525769.1A priority Critical patent/CN114244527B/en
Publication of CN114244527A publication Critical patent/CN114244527A/en
Application granted granted Critical
Publication of CN114244527B publication Critical patent/CN114244527B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/35Utilities, e.g. electricity, gas or water
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y20/00Information sensed or collected by the things
    • G16Y20/20Information sensed or collected by the things relating to the thing itself
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention belongs to the field of electric power automation, and discloses a block chain-based electric power Internet of things equipment identity authentication method and system, which comprises the following steps: the power Internet of things equipment generates authentication request information and sends the authentication request information to the block chain network; the authentication request information comprises equipment parameter information and a digital certificate of the power Internet of things equipment; the block chain network inquires whether the internal block chain contains a target block; the target block is a block containing equipment parameter information and a digital certificate of the power Internet of things equipment; when the block chain comprises the target block, the block chain network sends a reliability certification message to the electric power Internet of things equipment to complete identity authentication of the electric power Internet of things equipment. The problems of low compatibility, weak attack resistance, heavy centralized network burden and the like in the identity authentication process based on public key infrastructure commonly used in the power internet of things at present are effectively solved, and the highly safe identity authentication of the distributed power internet of things equipment is realized.

Description

Block chain-based power Internet of things equipment identity authentication method and system
Technical Field
The invention belongs to the field of electric power automation, and relates to an electric power Internet of things equipment identity authentication method and system based on a block chain.
Background
In recent years, with the increasing demand of social electric power energy, the rapid development of the electric power industry is promoted. The electric power internet of things is supported by a modern smart grid technology, and the deep fusion of smart grid information flow, electric power flow and business flow is realized by combining modern advanced information, communication and perception technologies, so that important technical support is provided for stable operation of the electric power industry. Meanwhile, the wide application of the power internet of things promotes the real-time monitoring and sensing of the operation of the smart power grid, and provides important guarantee for the safety and stability of the operation of the power grid. However, the application coverage range of the power internet of things is wide, the complexity of a power system is greatly improved, and the safety risk of the power system is increased. With the change of modern network application modes and environments, the rapid development of network technologies and the openness of power internet of things facilities, each link of a power plant faces new potential safety hazards in operation. The potential security threat may take the internet of things terminal as a springboard, bypass a protection system based on boundary security, and invade a production control area to attack and destroy. Under the background, risk analysis of the power internet of things is enhanced, and effective safety measures are taken to construct a safety framework of the power internet of things, so that the power internet of things is prevented from being threatened safely, the operation safety of a power grid is improved, and the economic benefits of power enterprises are maintained.
The electric power internet of things terminal is positioned at the bottommost layer of a cloud pipe side end system, is a key node for connecting a physical world and a digital world, realizes state perception in various heterogeneous network environments by adopting various types of sensing equipment, and is complex in safety condition. The electric power internet of things terminal faces the challenge of access security, the terminal computing resources are limited, effective identity authentication of equipment communicating with the terminal is difficult, and an attacker can pretend to be a legal terminal to perform alternate collaborative attack on an information side and a physical side. The number of the electric power internet of things equipment will rapidly increase in the future, the application scale is larger, and the safety requirement is higher, so that the identity authentication and the credible access of the electric power internet of things equipment are urgently needed to be realized.
At present, most of terminal security technologies based on PKI (public key infrastructure) adopted by electric power systems have the drawback of a centralized network structure adopted by the identity authentication protocol gradually highlighted along with the continuous expansion of the scale of the internet of things. Due to the increasing network size, the burden of the central server is also increased sharply, which not only causes the response of the central server to become slow, but also may cause the central server to crash in error, so that the whole network is paralyzed. In addition, it is difficult for the network near the central server to support such a large amount of data transmission, especially when the system uses the internet instead of a dedicated line for transmission, which becomes more serious, and therefore, the central server becomes a bottleneck limiting the technology of the internet of things. Meanwhile, the identity authentication mechanism of the power internet of things faces security risks such as counterfeiting attack, replay attack and Dos/DDoS attack. In the process of binding a trusted entity with a digital identity, the certificate authority is given an adverse role due to excessive liability. This is based on the inherent centralisation of trusted certificate authorities: on one hand, the operation records of the authentication center as a third party are difficult to be made public and transparent, and the credibility of the authentication center cannot be guaranteed. On the other hand, if the authentication center has a single point of failure or a key leakage problem, the device identity information is lost or even tampered, and even the whole trust system is broken down.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a power internet of things equipment identity authentication method and system based on a block chain.
In order to achieve the purpose, the invention adopts the following technical scheme to realize the purpose:
in a first aspect of the invention, a block chain-based power internet of things equipment identity authentication method comprises the following steps:
the power Internet of things equipment generates authentication request information and sends the authentication request information to the block chain network; the authentication request information comprises equipment parameter information and a digital certificate of the power Internet of things equipment;
the block chain network inquires whether the internal block chain contains a target block; the target block is a block containing equipment parameter information and a digital certificate of the power Internet of things equipment;
when the block chain comprises the target block, the block chain network sends a reliability certification message to the electric power Internet of things equipment to complete identity authentication of the electric power Internet of things equipment.
Optionally, the method further includes: obtain the digital certificate of electric power thing networking equipment, obtain the digital certificate of electric power thing networking equipment and include:
the power Internet of things equipment generates a certificate registration request and sends the certificate registration request to the execution proxy server; the certificate registration request comprises equipment parameter information of the power Internet of things equipment;
the execution proxy server generates a certificate issuing command of the electric power Internet of things equipment according to the certificate registration request of the electric power Internet of things equipment and sends the certificate issuing command to the certificate authorization server;
the certificate authorization server generates a digital certificate of the electric power Internet of things equipment according to a certificate issuing command of the electric power Internet of things equipment and sends the digital certificate to the execution proxy server;
the execution proxy server sends the digital certificate of the power Internet of things equipment to the power Internet of things equipment and sends the digital certificate of the power Internet of things equipment and equipment parameter information to the block chain network;
and the block chain network writes the digital certificate and the equipment parameter information of the power Internet of things equipment into a block chain in a block form.
Optionally, when the power internet of things device generates a certificate registration request and sends the certificate registration request to the execution proxy server, the certificate registration request is encrypted by using a public key of the execution proxy server and then sent to the execution proxy server;
when the execution proxy server sends the digital certificate of the power Internet of things equipment to the power Internet of things equipment, the digital certificate of the power Internet of things equipment is encrypted by a public key of the power Internet of things equipment and then sent to the power Internet of things equipment;
the electric power Internet of things equipment generates authentication request information, and when the authentication request information is sent to the block chain network, the authentication request information is encrypted by a private key of the electric power Internet of things equipment and then sent to the block chain network.
Optionally, the electric power internet of things device randomly generates a 256-bit string as a private key, and obtains a public key according to the private key by using an elliptic curve key generation algorithm.
Optionally, the method further includes: the certificate authority server stores the digital certificate of the power internet of things device in the structural form of a Merckel patricia tree.
Optionally, when the digital certificate and the device parameter information of the power internet of things device are written into the block chain in the form of a block, the block chain network adds a timestamp of the current time to the block.
Optionally, the method further includes:
the power Internet of things equipment generates a certificate updating request and sends the certificate updating request to the execution proxy server;
the execution proxy server generates a certificate updating command of the electric power Internet of things equipment according to the certificate updating request of the electric power Internet of things equipment and sends the certificate updating command to the certificate authorization server;
the certificate authorization server generates an updated digital certificate of the power Internet of things equipment according to a certificate updating command of the power Internet of things equipment and sends the updated digital certificate to the execution proxy server;
the execution proxy server sends the updated digital certificate of the power Internet of things equipment to the power Internet of things equipment and the blockchain network;
the method comprises the steps that a block chain network inquires whether a digital certificate of current electric power Internet of things equipment exists in an internal block chain or not and whether an updated digital certificate of the current electric power Internet of things equipment is issued latest or not, and when the digital certificate of the current electric power Internet of things equipment exists in the block chain and the updated digital certificate of the current electric power Internet of things equipment is issued latest, the digital certificate of the electric power Internet of things equipment is cancelled, and the updated digital certificate of the current electric power Internet of things equipment is written into the block chain in a block form.
Optionally, the method further includes:
the power Internet of things equipment generates a certificate revocation request and sends the certificate revocation request to the execution proxy server; the certificate revocation request comprises a digital certificate to be revoked;
the execution proxy server generates a certificate revocation command of the electric power Internet of things equipment according to the certificate revocation request of the electric power Internet of things equipment and sends the certificate revocation command to the certificate authorization server;
the execution proxy server sends the digital certificate to be revoked to the block chain network, the block chain network inquires whether the digital certificate to be revoked exists in an internal block chain, and when the digital certificate to be revoked exists in the block chain, the digital certificate to be revoked is revoked.
Optionally, the method further includes:
and the execution proxy server encrypts the linkable property between the digital certificate and the real identity of the power Internet of things equipment, and then sends the encrypted digital certificate and the real identity to the block chain network and writes the encrypted digital certificate and the real identity into the block chain in a block form.
In a second aspect of the invention, an identity authentication system for power internet of things equipment based on a block chain comprises a block chain network, an execution proxy server and a certificate authorization server; the block chain network and the certificate authorization server are both connected with the execution proxy server;
the execution proxy server is used for receiving a certificate registration request of the power Internet of things equipment, generating a certificate issuing command of the power Internet of things equipment and sending the certificate issuing command to the certificate authorization server; receiving a digital certificate of the power Internet of things equipment sent by the certificate authorization server, sending the digital certificate of the power Internet of things equipment to the power Internet of things equipment, and sending the digital certificate of the power Internet of things equipment and equipment parameter information to the block chain network;
the certificate authorization server is used for issuing a command according to the certificate of the power Internet of things equipment to generate a digital certificate of the power Internet of things equipment;
the block chain network is used for receiving authentication request information sent by the power Internet of things equipment, wherein the authentication request information comprises equipment parameter information and a digital certificate of the power Internet of things equipment; inquiring whether the internal block chain contains the target block or not; the target block is a block containing equipment parameter information and a digital certificate of the power Internet of things equipment; and when the block chain comprises the target block, sending a reliability certification message to the electric power Internet of things equipment to complete the identity authentication of the electric power Internet of things equipment.
Compared with the prior art, the invention has the following beneficial effects:
the identity authentication method of the power Internet of things equipment based on the block chain comprises the steps that authentication request information is generated through the power Internet of things equipment and is sent to a block chain network, and then the block chain network inquires whether an internal block chain comprises a target block; when the block chain comprises the target block, the block chain network sends a reliability certification message to the electric power Internet of things equipment to complete identity authentication of the electric power Internet of things equipment. Based on the characteristics of security, non-reversibility, non-tamper-resistance, transparency and the like of a block chain technology, information such as a digital certificate and the like is stored in a block data structure by utilizing the high decentralization characteristic of a block chain, so that the transparency of a traditional public key infrastructure system is effectively improved, the reliability of identity authentication is enhanced, various malicious attacks can be resisted, the identity authentication of highly-safe distributed power internet-of-things equipment is realized, and the problems of low compatibility, weak attack resistance, heavy load of a centralized network and the like in the identity authentication process based on the public key infrastructure commonly used in the power internet-of-things at present are effectively solved.
Drawings
Fig. 1 is a flow chart of an identity authentication method for power internet of things equipment based on a block chain according to the invention;
FIG. 2 is a flow chart of a digital certificate application process of the present invention;
FIG. 3 is a flow diagram of a digital certificate update process of the present invention;
FIG. 4 is a flow diagram of a digital certificate revocation process of the present invention;
fig. 5 is a block diagram of a block chain-based power internet of things device identity authentication system according to the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
First, related technical terms related to the present invention are introduced:
electric power thing networking: the electric power internet of things terminal is various in types, and can be divided into a distribution transformer terminal, an FTU/DTU, a primary and secondary fusion terminal of a power distribution system, a meter metering terminal of a power utilization system and a user post-meter intelligent home terminal according to a service scene. According to asset attribution and attack damage consequences, the method can be mainly divided into a power distribution and utilization terminal belonging to power grid assets and a user intelligent home terminal belonging to user assets. The consequences of the attack damage of the internet of things terminal are obviously different, wherein the attack damage to the power distribution and utilization terminal affects the power supply of a direct-associated user on the light side and invades a production control area on the heavy side to cause power failure of a large number of users, and the attack damage to the intelligent home terminal mainly relates to the leakage of user privacy information. An important characteristic of the power internet of things is the ubiquitous power communication network, a large number of public network protocols are deployed in the power communication network, the power grid supervision level is improved, and meanwhile, an applicable platform is provided for most internet attack means. And the identity authentication risk faced by the power Internet of things is analyzed by combining the power Internet of things architecture. Along with the evolution of the open interconnection of the power internet of things, the power internet of things has massive network connection, especially under the environment of mobile, ubiquitous, hybrid and wide area interconnection, a large amount of internal and external network data acquisition, control and management equipment such as a sensing device, a mobile terminal, video monitoring, an intelligent electric meter, a charging pile and an office computer are deployed in the power internet of things, so that the identity recognition is realized, the accurate positioning of a service system on massive power equipment is realized, and the problem that the false identity recognition and the malicious counterfeit access must be faced is solved.
Block chain network: the block chain network mainly comprises a point-to-point networking part, an account book structure and a consensus mechanism. The distributed general ledger is disclosed in the whole network, a decentralized mode is adopted for management, user nodes in the whole network are agreed through a consensus mechanism, the network is controlled by all users together, and only when most users agree to make a certain change, the change can be effective. Each node locally stores a copy of the distributed general ledger, records all legal and commonly recognized transactions in the point-to-point network, and any node can find the transaction information of a certain user through the local ledger.
Identity authentication: at present, the following 3 general schemes of the identity authentication of the internet of things are mainly used: 1) in a Public Key Infrastructure (PKI) based identity authentication scheme, a certificate authority assigns each device a digital certificate that includes the device's public key and the certificate authority's digital signature. The device side generates a message signature by using a private key of the device side, and the public key is used for verifying the signature by the receiving side, so that the real identity of the device cannot be revealed in the verification process. 2) In an identity-based signature (IBS) scheme, distribution of device private keys is achieved by setting a Private Key Generator (PKG), and in this way, the problem of device public key transmission can be solved. In addition, strong designated verification signature can be realized by utilizing bilinear mapping, and even if the message is leaked in the transmission process, safe and unique identity verification can be realized. 3) In an authentication scheme based on certificateless signature (CLS), a Key Generation Center (KGC) generates a corresponding partial private key for the device according to an internet of things device identity identification number (ID), and the device generates an actual private key by using a secret value and the partial private key.
Public Key Infrastructure (PKI): in the encryption authentication process under the PKI system, a Certificate Authority (CA) binds the identity of a certificate holder and a related secret key and issues a digital certificate, and provides services such as certificate application, certificate revocation, certificate acquisition, certificate status inquiry and the like for a user, so that identity authentication, integrity, resistance to denial and confidentiality of each entity in communication are realized. Public key infrastructure is a technology for proof of identity and privacy protection, binding identity and public keys by way of a digital certificate issued by a trusted authority. The private key signature can be used for proving the identity of the user, and the public key encryption can be used for protecting the data privacy. The public key infrastructure signs and issues a digital certificate to the public key and the related user identity information, provides a convenient way for a user to apply for a certificate, issue the certificate, revoke the certificate and inquire the state of the certificate, and utilizes the digital certificate and the related services such as the issue of the certificate, the issue of a blacklist, the service of a timestamp and the like to realize identity authentication, integrity, resistance to denial and confidentiality of each entity in communication. The public key infrastructure mainly comprises three parts of contents, namely a digital certificate and a private key, digital certificate management and digital certificate application.
Wherein, the digital certificate and the private key: the user or the system can realize the functions of digital signature, encryption and decryption only after possessing the own public and private key pair. Since the public key is randomly generated, the user identity cannot be determined from the public key. Therefore, in order to solve the mapping problem between the public key and the user identity, the public key infrastructure introduces a digital certificate for establishing the corresponding relationship between the public key and the user. The digital certificate has the digital signature of the authentication center, so the digital certificate has anti-counterfeiting property. Since the digital certificate does not contain secret information, the digital certificate is public. Digital certificate management: in order to solve the issue of issuing digital certificates, public key infrastructure introduces an authentication center, and the authentication center issues digital certificates in a centralized manner. The authentication center has a private and public key pair, and uses the private key to issue a digital certificate to the user. Digital certificate application: based on the digital certificate, four basic security functions of identity authentication, confidentiality, integrity, denial resistance and the like can be realized. Through the certificate interface module or component, the application system can conveniently use the digital certificate technology, thereby improving the identity authentication strength of the application system, ensuring the confidentiality of various sensitive data in the application system, ensuring the integrity of various sensitive data and transaction records in the application system, and the non-repudiation of various operations or transactions of a user.
The invention is described in further detail below with reference to the accompanying drawings:
referring to fig. 1, in an embodiment of the present invention, an identity authentication method for an electric power internet of things device based on a block chain is provided, where a public key infrastructure technology is combined on the basis of the block chain, a conventional public key infrastructure technology is improved, and the advantages of security, irreversibility, tamper resistance, transparency and the like of the block chain are utilized to effectively improve the transparency of a public key infrastructure system and enhance the reliability of identity authentication.
Specifically, the identity authentication method for the power internet of things equipment based on the block chain comprises the following steps:
s1: the power Internet of things equipment generates authentication request information and sends the authentication request information to the block chain network; the authentication request information comprises equipment parameter information and a digital certificate of the power Internet of things equipment.
Specifically, the power internet of things equipment locally generates a pair of asymmetric keys in advance, optionally, a 256-bit string is randomly generated to serve as a private key, and a public key is obtained according to the private key by using an elliptic curve key generation algorithm. Then, when the authentication request information is sent to the block chain network, the authentication request information is encrypted by a private key and then sent to the block chain network. The authentication request information may further include information such as a certificate subject, an electric power internet of things device public key, and a validity period of the electric power internet of things device public key.
S2: the block chain network inquires whether the internal block chain contains a target block; the target block is a block containing equipment parameter information and a digital certificate of the power Internet of things equipment.
The storage and query of the digital certificate, the life cycle management, the key loss management of the certificate issuing center, the revocation list management and other logics are realized to form a complete intelligent contract. The block chain network is responsible for storing all transactions in the system, and each successful call of the intelligent contract is processed through three processes of endorsement (signature), consensus and accounting of each node.
Specifically, after receiving the authentication request information, the block chain network queries whether a target block is included in an internal block chain by calling an intelligent contract, so that identity authentication of the power internet of things equipment is realized.
S3: when the block chain comprises the target block, the block chain network sends a reliability certification message to the electric power Internet of things equipment to complete identity authentication of the electric power Internet of things equipment.
Specifically, when the block chain includes the target block, it is indicated that the current power internet of things device passes the identity authentication, the block chain network generates a reliability certification message, that is, the content of the target block inquired in the block chain is sent to the power internet of things device, and the identity authentication of the power internet of things device is completed. Then, the electric power internet of things equipment can perform both-side verification according to the reliability certification message sent by the block chain network.
In conclusion, the identity authentication method for the power internet of things based on the block chain is based on the non-tamper property of the block chain technology, so that as long as the entry of the identity information is correct, the part of the identity information is permanently stored in the network, and even if a single node is attacked, the identity information can still be correctly identified in the whole network. Secondly, the blockchain keeps all the history records, which allows tracking the terminal error information and setting the error terminal identification strategy. In addition, the block chain technology can resist attacks based on a TCP/IP protocol, and has good protection effect on attacks such as IP counterfeiting and IP cheating. Therefore, the block chain technology can well strengthen the identity authentication protocol. Through the block chain technology, management functions of issuing, updating, revoking and the like of digital certificates in the network can be effectively completed, strong dependence on a single authentication center in the traditional authentication technology is reduced, confidentiality and transparency in the operation process of each component in the network are enhanced, reliability of a trust relationship in a system is guaranteed, and safety of identity authentication is improved.
In a possible implementation manner, the identity authentication method for the power internet of things device based on the blockchain further includes: obtain the digital certificate of electric power thing networking equipment, obtain the digital certificate of electric power thing networking equipment and include: the power Internet of things equipment generates a certificate registration request and sends the certificate registration request to the execution proxy server; the certificate registration request comprises equipment parameter information of the power Internet of things equipment; the execution proxy server generates a certificate issuing command of the electric power Internet of things equipment according to the certificate registration request of the electric power Internet of things equipment and sends the certificate issuing command to the certificate authorization server; the certificate authorization server generates a digital certificate of the electric power Internet of things equipment according to a certificate issuing command of the electric power Internet of things equipment and sends the digital certificate to the execution proxy server; the execution proxy server sends the digital certificate of the power Internet of things equipment to the power Internet of things equipment and sends the digital certificate of the power Internet of things equipment and equipment parameter information to the block chain network; and the block chain network writes the digital certificate and the equipment parameter information of the power Internet of things equipment into a block chain in a block form.
Specifically, the process of issuing a certificate is a link in identity authentication, and in identity authentication based on a block chain, key processes such as user application, certificate generation, and sending to a user are also required to be performed, but the issued certificate and the operation record of the issued certificate are written into the block chain by calling an intelligent contract to achieve transparent operation and tamper-proof. Referring to fig. 2, the application process of the digital certificate of the power internet of things device is as follows:
1) the power Internet of things equipment applying for the certificate selects unique digital certificate main body information and then locally generates a pair of asymmetric keys.
2) The power Internet of things equipment generates certificate registration request information, wherein the certificate registration request information comprises information such as certificate subjects, equipment public keys and the validity periods of the equipment public keys, and submits the certificate application request information to an Execution Agent (EA) to apply for digital certificates.
3) And after receiving the certificate registration request of the power Internet of things equipment, the EA checks the identity information submitted by the power Internet of things equipment.
4) And after the EA audit is passed, sending a certificate issuing command to a CA (certificate authority server).
5) And the CA makes a digital certificate of the power Internet of things equipment and sends a certificate issuing transaction to the EA. The information that the digital certificate should contain includes a certificate version number, a serial number, a certificate holder (i.e., a user applying for a certificate), a certificate holder public key, a validity period of the certificate holder public key, a certificate issuer (certificate issuing center), and other extensions.
6) And the EA packages the transaction information into a new Block Block, broadcasts the new Block to a Block chain network, the Block chain finishes transaction signature verification and writes the transaction into the Block chain, and the identity of the power Internet of things equipment is transparent and cannot be tampered.
7) And the EA sends the digital certificate to the power Internet of things equipment.
When the electric power Internet of things equipment generates a certificate registration request and sends the certificate registration request to the execution proxy server, encrypting the certificate registration request by using a public key of the execution proxy server and sending the encrypted certificate registration request to the execution proxy server; when the execution proxy server sends the digital certificate of the electric power Internet of things equipment to the electric power Internet of things equipment, the digital certificate of the electric power Internet of things equipment is encrypted by a public key of the electric power Internet of things equipment and then sent to the electric power Internet of things equipment. The security of data transmission is ensured by adopting a public key-private key encryption mode.
In a possible implementation manner, the identity authentication method for the power internet of things device based on the blockchain further includes: the certificate authority server stores the digital certificate of the power internet-of-things device in the structural form of a Merkel Patricia Tree (MPT). Storing the power internet of things equipment and the digital certificate thereof in MPT leaf nodes in a key value pair mode, updating the MPT along with the increase of the nodes, and storing all transactions and the corresponding updated MPT roots in a time sequence merkele tree (CMT) in a time sequence merkelee tree (CRT) in a packaging mode, and finally packaging and uploading. When the identity of the power internet of things equipment is authenticated, the validity of the digital certificate can be inquired through a storage path of the digital certificate in the MPT.
In a possible implementation manner, in the identity authentication method for the power internet of things equipment based on the blockchain, when the digital certificate and the equipment parameter information of the power internet of things equipment are written into the blockchain in the form of a block by the blockchain network, a timestamp of the current time is added to the block. Based on this, all blockchain transactions have time stamps when packaged into blocks, the consensus algorithm verifies the validity of the data blocks, and the system saves valid data and discards data that fails to be verified. The time dimension of the data is enlarged through a block chain storage mode, and the real-time property of the data prevents an attacker from attacking the data by using outdated information.
In a possible implementation manner, the identity authentication method for the power internet of things device based on the blockchain further includes: a digital certificate update process, the digital certificate update process comprising: the power Internet of things equipment generates a certificate updating request and sends the certificate updating request to the execution proxy server; the execution proxy server generates a certificate updating command of the electric power Internet of things equipment according to the certificate updating request of the electric power Internet of things equipment and sends the certificate updating command to the certificate authorization server; the certificate authorization server generates an updated digital certificate of the power Internet of things equipment according to a certificate updating command of the power Internet of things equipment and sends the updated digital certificate to the execution proxy server; the execution proxy server sends the updated digital certificate of the power Internet of things equipment to the power Internet of things equipment and the blockchain network; the method comprises the steps that a block chain network inquires whether a digital certificate of current electric power Internet of things equipment exists in an internal block chain or not and whether an updated digital certificate of the current electric power Internet of things equipment is issued latest or not, and when the digital certificate of the current electric power Internet of things equipment exists in the block chain and the updated digital certificate of the current electric power Internet of things equipment is issued latest, the digital certificate of the electric power Internet of things equipment is cancelled, and the updated digital certificate of the current electric power Internet of things equipment is written into the block chain in a block form.
Specifically, in the identity authentication system based on the block chain, when the power internet of things equipment has requirements for certificate deferral, domain name replacement and the like, an update interface of a block chain intelligent contract needs to be called after audit confirmation, so as to update the digital certificate of the power internet of things equipment. The certificate updating only updates the content of the digital certificate, and the public and private keys of the electric power internet of things equipment cannot be replaced. The electric power internet of things equipment does not have the right to update the certificate. All information in the digital certificate needs to be audited by the EA before update issuance can take place. Referring to fig. 3, the digital certificate update process is specifically as follows:
1) the power internet of things equipment applying for updating the certificate generates certificate updating request information, wherein the certificate updating request information comprises information such as a certificate theme, a user public key and a new validity period of the user public key.
2) And submitting certificate updating request information to the EA to apply for updating the digital certificate.
3) And after receiving the update application of the electric power Internet of things equipment, the EA checks the certificate update information submitted by the electric power Internet of things equipment.
4) And after the EA audit is passed, sending a certificate updating command to the CA.
5) And the CA makes a new digital certificate of the power Internet of things equipment and sends a certificate issuing transaction to the EA. The information that should be included in the updated digital certificate is: certificate version number, serial number, certificate holder (i.e., the user applying for the certificate), certificate holder public key, validity period of the certificate holder public key, certificate issuer (issuing authority), and other extensions.
6) The EA provides an old digital certificate and an updated digital certificate, and checks whether the old digital certificate exists in the blockchain or not and whether the updated digital certificate is newly issued or not by calling an intelligent contract update method of the blockchain.
7) And the EA packs the transaction information into a new Block, writes the updated digital certificate into a Block chain, and writes the transaction into the Block chain after the Block chain network completes transaction signature verification, so that the identity is transparent and cannot be tampered.
8) And the EA sends the updated digital certificate to the power Internet of things equipment.
The whole process of updating the digital certificate is similar to the process of issuing the digital certificate, but the difference is that the old digital certificate is assigned when the power internet of things device applies for, and the digital certificate is revoked after the whole replacement is finished, namely, marked as revoked in the block chain.
In a possible implementation manner, the identity authentication method for the power internet of things device based on the blockchain further includes: a digital certificate revocation process, the digital certificate revocation process comprising: the power Internet of things equipment generates a certificate revocation request and sends the certificate revocation request to the execution proxy server; the certificate revocation request comprises a digital certificate to be revoked; the execution proxy server generates a certificate revocation command of the electric power Internet of things equipment according to the certificate revocation request of the electric power Internet of things equipment and sends the certificate revocation command to the certificate authorization server; the execution proxy server sends the digital certificate to be revoked to the block chain network, the block chain network inquires whether the digital certificate to be revoked exists in an internal block chain, and when the digital certificate to be revoked exists in the block chain, the digital certificate to be revoked is revoked.
Specifically, in the identity authentication system based on the block chain, when the power internet of things device has a requirement for revoking a certain certificate, a revoke interface of an intelligent contract needs to be called after auditing and confirmation, so as to revoke the digital certificate of the power internet of things device. Except that the power internet of things equipment can actively revoke the certificate, the revocation can also be performed by an administrator due to the reasons of the expired digital certificate or the changed use range and the like. Specifically, referring to fig. 4, the specific process of digital certificate revocation is as follows:
1) the power internet of things equipment applying for revoking the certificate generates certificate revoking request information, wherein the certificate revoking request information comprises user information, a digital certificate needing to be applied for revoking and reasons.
2) And the power Internet of things equipment submits certificate revocation request information to the EA to apply for revoking the digital certificate.
3) And the EA receives the certificate revocation application of the power Internet of things equipment and checks the certificate revocation information.
4) And after the EA audit is passed, sending a certificate revocation command to the CA.
5) The EA provides a digital certificate to be revoked, detects whether the digital certificate to be revoked exists in a block chain by calling an intelligent contract revoke method of the block chain, and revokes the digital certificate to be revoked when the digital certificate to be revoked exists in the block chain.
6) The EA signs the record of the revoked certificate and writes into the blockchain.
7) And the block chain network confirms the identity of the EA by checking the transaction signature, writes the record of the certificate to be revoked into the block chain, and marks the state of the digital certificate to be revoked as 'revoked' in the block chain.
8) And the EA informs the power Internet of things equipment that the digital certificate to be revoked is revoked.
In a possible implementation manner, the identity authentication method for the power internet of things device based on the blockchain further includes: and the execution proxy server encrypts the linkable property between the digital certificate and the real identity of the power Internet of things equipment, and then sends the encrypted digital certificate and the real identity to the block chain network and writes the encrypted digital certificate and the real identity into the block chain in a block form. Based on this, under the circumstances of disputing, the real identity of electric power thing networking equipment can be shown to the proxy server.
In conclusion, the identity authentication method of the power internet of things equipment based on the block chain can functionally realize identity authentication functions such as certificate issuing, certificate revocation, certificate updating, certificate downloading, state inquiry, revocation list, certificate center key replacement, certificate center operation audit and the like. The method has the advantages of safety, data integrity, traceability and non-repudiation, anti-counterfeiting attack, anti-DoS/DDoS attack and the like.
Specifically, safety: the nodes, the execution proxy server and the certificate authorization server of the block chain network can realize mutual trust through bidirectional authentication, and ensure that internal communication is closed and is not easy to attack. Data integrity: in the operation process, all the operations of the digital certificates are completed by blockchain transactions, the blockchain transactions are signed by private keys, the generated blockchain transactions are packaged into blocks by blockchain nodes, and the blocks are generated by a consensus algorithm and stored in a distributed account book of the blockchain. If the data of a certain node is deleted or tampered by an attacker, the consensus algorithm running among the nodes can detect the abnormity and correct the abnormity, so that the integrity of the data is ensured. Traceability and non-repudiation: all data information generated by the blockchain system is recorded in the blockchain, so all historical data can be searched retrospectively. In the blockchain transaction, the agent or the equipment terminal confirms the transaction by using the digital signature, and because the private key is unique and only known by an owner, the agent and the equipment terminal cannot deny all operations done by the agent and the equipment terminal, and once an error occurs or a block fails, the reason is conveniently found. Anti-counterfeiting attack: the forgery attack means that an attacker forges data information of a legal device, so that the forgery attack resistance of the system is provided by a digital signature technology through verification. The data interaction transaction sent by the equipment terminal is signed by a private key of the equipment terminal, and the private key is held by a sender and is highly secret and cannot be stolen, so that protection is provided for the identity authentication stage. Resisting DoS/DDoS attacks: the block chain is a distributed architecture, and the distributed system has better flexibility compared with a centralized system, wherein the attributes of point-to-point, multiple redundancy, collective maintenance and the like enable the block chain to have the capability of resisting denial of service attacks (DoS)/distributed denial of service attacks (DDoS). Each blockchain node in the blockchain network can synchronize the latest data block in real time, and even if a certain node cannot be normally used after being attacked, other nodes cannot be influenced. Therefore, the block chain-based power internet of things equipment identity authentication method can effectively resist DoS/DDoS attacks.
The following are embodiments of the apparatus of the present invention that may be used to perform embodiments of the method of the present invention. For details not disclosed in the device embodiments, reference is made to the method embodiments of the invention.
Referring to fig. 5, in a further embodiment of the present invention, an identity authentication system for an electric power internet of things device based on a block chain is provided, which can be used to implement the above identity authentication method for an electric power internet of things device based on a block chain, and specifically, the identity authentication system for an electric power internet of things device based on a block chain includes a block chain network, an execution proxy server, and a certificate authorization server; the blockchain network and the certificate authority server are connected with the execution proxy server.
The execution proxy server is used for receiving a certificate registration request of the power Internet of things equipment, generating a certificate issuing command of the power Internet of things equipment and sending the certificate issuing command to the certificate authorization server; receiving a digital certificate of the power Internet of things equipment sent by the certificate authorization server, sending the digital certificate of the power Internet of things equipment to the power Internet of things equipment, and sending the digital certificate of the power Internet of things equipment and equipment parameter information to the block chain network; the certificate authorization server is used for issuing a command according to the certificate of the power Internet of things equipment to generate a digital certificate of the power Internet of things equipment; the block chain network is used for receiving authentication request information sent by the power Internet of things equipment, wherein the authentication request information comprises equipment parameter information and a digital certificate of the power Internet of things equipment; inquiring whether the internal block chain contains the target block or not; the target block is a block containing equipment parameter information and a digital certificate of the power Internet of things equipment; and when the block chain comprises the target block, sending a reliability certification message to the electric power Internet of things equipment to complete the identity authentication of the electric power Internet of things equipment.
Specifically, the main responsibilities of the EA include registering and registering the power internet of things device, generating identity parameters for the device, issuing a digital certificate to an authorized CA, and returning the digital certificate to the power internet of things device. The EA collects the transactions from the CA to generate a block, and transmits the block to all nodes of the blockchain network for verification. The EA uses the key to encrypt the linkability between the digital certificate of the power Internet of things equipment and the real identity of the power Internet of things equipment, stores the linkability in a block chain, and displays the real identity of the power Internet of things equipment through the EA under the dispute condition.
And after receiving the certificate issuing command of the EA, the CA is responsible for generating certificates of the blockchain network nodes and the Internet of things equipment, generating a certificate issuing transaction and returning the certificate issuing transaction to the EA. The certificate is stored in the form of the structure of the MPT.
And the electric power Internet of things equipment receives the digital certificate returned by the EA, and simultaneously receives and verifies the reliability certification message transmitted by the nodes of the block chain network.
The block chain network realizes the storage and inquiry of the digital certificate, life cycle management, certificate signing and issuing center key loss management, revocation list management and other logics to form a complete intelligent contract. The block chain network is responsible for storing all transactions in the system, and each successful call of the intelligent contract is processed through three processes of endorsement (signature), consensus and accounting of each node. The specific functions include: the identity is registered in the EA, the digital certificate of the electric power Internet of things equipment is received, a pre-signature is generated according to the processing result of the identity parameter of the electric power Internet of things equipment transmitted from the EA, and the pre-signature is linked in a block form and is broadcasted in each node of a block chain network. And when the electric power internet of things equipment requests to access, the pre-signature is used as a part of the reliability certificate, the access request message of the electric power internet of things equipment is received, the identity of the electric power internet of things equipment is verified, specifically, a block containing a digital certificate and identity parameters of the electric power internet of things equipment is inquired, the inquired block information is returned to the electric power internet of things equipment, and identity verification is carried out.
The invention relates to an identity authentication method and system of power internet-of-things equipment based on a block chain, which aims to solve the problems of low compatibility, weak attack resistance, heavy centralized network load and the like in the identity authentication process based on public key infrastructure commonly used in the power internet-of-things at present, combines the characteristics of the block chain technology such as safety, irreversible property, tamper resistance, transparency and the like, utilizes the high de-centralization characteristic of the block chain to store information such as a digital certificate and the like into a block data structure, and provides a distributed power Internet of things equipment identity authentication mechanism according to relevant knowledge of cryptography, designs detailed procedures of equipment certificate issuing, updating and revocation, effectively improves the transparency of the traditional public key infrastructure system, strengthens the reliability of identity authentication, the distributed power Internet of things equipment identity authentication method can resist various malicious attacks and realize high-safety distributed power Internet of things equipment identity authentication.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.

Claims (10)

1. An identity authentication method for power Internet of things equipment based on a block chain is characterized by comprising the following steps:
the power Internet of things equipment generates authentication request information and sends the authentication request information to the block chain network; the authentication request information comprises equipment parameter information and a digital certificate of the power Internet of things equipment;
the block chain network inquires whether the internal block chain contains a target block; the target block is a block containing equipment parameter information and a digital certificate of the power Internet of things equipment;
when the block chain comprises the target block, the block chain network sends a reliability certification message to the electric power Internet of things equipment to complete identity authentication of the electric power Internet of things equipment.
2. The identity authentication method for the power internet of things equipment based on the block chain according to claim 1, further comprising: obtain the digital certificate of electric power thing networking equipment, obtain the digital certificate of electric power thing networking equipment and include:
the power Internet of things equipment generates a certificate registration request and sends the certificate registration request to the execution proxy server; the certificate registration request comprises equipment parameter information of the power Internet of things equipment;
the execution proxy server generates a certificate issuing command of the electric power Internet of things equipment according to the certificate registration request of the electric power Internet of things equipment and sends the certificate issuing command to the certificate authorization server;
the certificate authorization server generates a digital certificate of the electric power Internet of things equipment according to a certificate issuing command of the electric power Internet of things equipment and sends the digital certificate to the execution proxy server;
the execution proxy server sends the digital certificate of the power Internet of things equipment to the power Internet of things equipment and sends the digital certificate of the power Internet of things equipment and equipment parameter information to the block chain network;
and the block chain network writes the digital certificate and the equipment parameter information of the power Internet of things equipment into a block chain in a block form.
3. The identity authentication method for the power internet of things equipment based on the block chain as claimed in claim 2, wherein when the power internet of things equipment generates a certificate registration request and sends the certificate registration request to the execution proxy server, the certificate registration request is encrypted by a public key of the execution proxy server and then sent to the execution proxy server;
when the execution proxy server sends the digital certificate of the power Internet of things equipment to the power Internet of things equipment, the digital certificate of the power Internet of things equipment is encrypted by a public key of the power Internet of things equipment and then sent to the power Internet of things equipment;
the electric power Internet of things equipment generates authentication request information, and when the authentication request information is sent to the block chain network, the authentication request information is encrypted by a private key of the electric power Internet of things equipment and then sent to the block chain network.
4. The identity authentication method of the power Internet of things equipment based on the block chain as claimed in claim 3, wherein the power Internet of things equipment randomly generates a 256-bit string as a private key, and obtains a public key according to the private key by using an elliptic curve key generation algorithm.
5. The identity authentication method for the power internet of things equipment based on the blockchain according to claim 2, further comprising: the certificate authority server stores the digital certificate of the power internet of things device in the structural form of a Merckel patricia tree.
6. The identity authentication method for the power internet of things equipment based on the blockchain as claimed in claim 2, wherein the blockchain network writes the digital certificate and the equipment parameter information of the power internet of things equipment into the blockchain in a form of a block, and adds a timestamp of the current time to the block.
7. The identity authentication method for the power internet of things equipment based on the blockchain according to claim 2, further comprising:
the power Internet of things equipment generates a certificate updating request and sends the certificate updating request to the execution proxy server;
the execution proxy server generates a certificate updating command of the electric power Internet of things equipment according to the certificate updating request of the electric power Internet of things equipment and sends the certificate updating command to the certificate authorization server;
the certificate authorization server generates an updated digital certificate of the power Internet of things equipment according to a certificate updating command of the power Internet of things equipment and sends the updated digital certificate to the execution proxy server;
the execution proxy server sends the updated digital certificate of the power Internet of things equipment to the power Internet of things equipment and the blockchain network;
the method comprises the steps that a block chain network inquires whether a digital certificate of current electric power Internet of things equipment exists in an internal block chain or not and whether an updated digital certificate of the current electric power Internet of things equipment is issued latest or not, and when the digital certificate of the current electric power Internet of things equipment exists in the block chain and the updated digital certificate of the current electric power Internet of things equipment is issued latest, the digital certificate of the electric power Internet of things equipment is cancelled, and the updated digital certificate of the current electric power Internet of things equipment is written into the block chain in a block form.
8. The identity authentication method for the power internet of things equipment based on the blockchain according to claim 2, further comprising:
the power Internet of things equipment generates a certificate revocation request and sends the certificate revocation request to the execution proxy server; the certificate revocation request comprises a digital certificate to be revoked;
the execution proxy server generates a certificate revocation command of the electric power Internet of things equipment according to the certificate revocation request of the electric power Internet of things equipment and sends the certificate revocation command to the certificate authorization server;
the execution proxy server sends the digital certificate to be revoked to the block chain network, the block chain network inquires whether the digital certificate to be revoked exists in an internal block chain, and when the digital certificate to be revoked exists in the block chain, the digital certificate to be revoked is revoked.
9. The identity authentication method for the power internet of things equipment based on the blockchain according to claim 2, further comprising:
and the execution proxy server encrypts the linkable property between the digital certificate and the real identity of the power Internet of things equipment, and then sends the encrypted digital certificate and the real identity to the block chain network and writes the encrypted digital certificate and the real identity into the block chain in a block form.
10. An electric power Internet of things equipment identity authentication system based on a block chain is characterized by comprising a block chain network, an execution proxy server and a certificate authorization server; the block chain network and the certificate authorization server are both connected with the execution proxy server;
the execution proxy server is used for receiving a certificate registration request of the power Internet of things equipment, generating a certificate issuing command of the power Internet of things equipment and sending the certificate issuing command to the certificate authorization server; receiving a digital certificate of the power Internet of things equipment sent by the certificate authorization server, sending the digital certificate of the power Internet of things equipment to the power Internet of things equipment, and sending the digital certificate of the power Internet of things equipment and equipment parameter information to the block chain network;
the certificate authorization server is used for issuing a command according to the certificate of the power Internet of things equipment to generate a digital certificate of the power Internet of things equipment;
the block chain network is used for receiving authentication request information sent by the power Internet of things equipment, wherein the authentication request information comprises equipment parameter information and a digital certificate of the power Internet of things equipment; inquiring whether the internal block chain contains the target block or not; the target block is a block containing equipment parameter information and a digital certificate of the power Internet of things equipment; and when the block chain comprises the target block, sending a reliability certification message to the electric power Internet of things equipment to complete the identity authentication of the electric power Internet of things equipment.
CN202111525769.1A 2021-12-14 2021-12-14 Block chain-based electric power Internet of things equipment identity authentication method and system Active CN114244527B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111525769.1A CN114244527B (en) 2021-12-14 2021-12-14 Block chain-based electric power Internet of things equipment identity authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111525769.1A CN114244527B (en) 2021-12-14 2021-12-14 Block chain-based electric power Internet of things equipment identity authentication method and system

Publications (2)

Publication Number Publication Date
CN114244527A true CN114244527A (en) 2022-03-25
CN114244527B CN114244527B (en) 2023-10-31

Family

ID=80755695

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111525769.1A Active CN114244527B (en) 2021-12-14 2021-12-14 Block chain-based electric power Internet of things equipment identity authentication method and system

Country Status (1)

Country Link
CN (1) CN114244527B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114785515A (en) * 2022-03-29 2022-07-22 中国科学院信息工程研究所 Edge calculation identity authentication method and system based on block chain
CN115174234A (en) * 2022-07-08 2022-10-11 慧之安信息技术股份有限公司 Internet of things identification management method based on block chain
CN115174385A (en) * 2022-06-15 2022-10-11 桂林电子科技大学 Industrial Internet of things equipment firmware software updating method based on block chain
CN115914316A (en) * 2023-03-14 2023-04-04 深圳中集智能科技有限公司 Logistics data transmission method of block chain and credible Internet of things system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109768988A (en) * 2019-02-26 2019-05-17 安捷光通科技成都有限公司 Decentralization Internet of Things security certification system, facility registration and identity identifying method
CN109787987A (en) * 2019-01-29 2019-05-21 国网江苏省电力有限公司无锡供电分公司 Electric power internet-of-things terminal identity identifying method based on block chain
CN112861106A (en) * 2021-02-26 2021-05-28 卓尔智联(武汉)研究院有限公司 Digital certificate processing method and system, electronic device and storage medium
US20210167972A1 (en) * 2019-01-09 2021-06-03 Tencent Technology (Shenzhen) Company Limited Method for issuing digital certificate, digital certificate issuing center, and medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210167972A1 (en) * 2019-01-09 2021-06-03 Tencent Technology (Shenzhen) Company Limited Method for issuing digital certificate, digital certificate issuing center, and medium
CN109787987A (en) * 2019-01-29 2019-05-21 国网江苏省电力有限公司无锡供电分公司 Electric power internet-of-things terminal identity identifying method based on block chain
CN109768988A (en) * 2019-02-26 2019-05-17 安捷光通科技成都有限公司 Decentralization Internet of Things security certification system, facility registration and identity identifying method
CN112861106A (en) * 2021-02-26 2021-05-28 卓尔智联(武汉)研究院有限公司 Digital certificate processing method and system, electronic device and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
谭琛: "基于区块链的分布式物联网设备身份认证机制研究", 物联网学报, vol. 4, no. 2, pages 70 - 77 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114785515A (en) * 2022-03-29 2022-07-22 中国科学院信息工程研究所 Edge calculation identity authentication method and system based on block chain
CN114785515B (en) * 2022-03-29 2024-04-23 中国科学院信息工程研究所 Edge computing identity authentication method and system based on block chain
CN115174385A (en) * 2022-06-15 2022-10-11 桂林电子科技大学 Industrial Internet of things equipment firmware software updating method based on block chain
CN115174385B (en) * 2022-06-15 2024-04-02 桂林电子科技大学 Firmware software updating method for industrial Internet of things equipment based on blockchain
CN115174234A (en) * 2022-07-08 2022-10-11 慧之安信息技术股份有限公司 Internet of things identification management method based on block chain
CN115174234B (en) * 2022-07-08 2023-08-29 慧之安信息技术股份有限公司 Block chain-based Internet of things identifier management method
CN115914316A (en) * 2023-03-14 2023-04-04 深圳中集智能科技有限公司 Logistics data transmission method of block chain and credible Internet of things system

Also Published As

Publication number Publication date
CN114244527B (en) 2023-10-31

Similar Documents

Publication Publication Date Title
US20230120246A1 (en) Method and system for signing and authenticating electronic documents via a signature authority which may act in concert with software controlled by the signer
CN113411384B (en) System and method for privacy protection in data security sharing process of Internet of things
CN106972931B (en) Method for transparentizing certificate in PKI
CN114244527B (en) Block chain-based electric power Internet of things equipment identity authentication method and system
CN114186248B (en) Zero-knowledge proof verifiable certificate digital identity management system and method based on block chain intelligent contracts
CN103490881B (en) Authentication service system, user authentication method, and authentication information processing method and system
Zhong et al. Distributed blockchain-based authentication and authorization protocol for smart grid
US20060206433A1 (en) Secure and authenticated delivery of data from an automated meter reading system
CN109450843B (en) SSL certificate management method and system based on block chain
US20140013110A1 (en) Non-hierarchical infrastructure for managing twin-security keys of physical persons or of elements (igcp/pki)
CN114329529A (en) Asset data management method and system based on block chain
El-Hajj et al. Ethereum for secure authentication of iot using pre-shared keys (psks)
CN109309645A (en) A kind of software distribution security guard method
Aung et al. Ethereum-based emergency service for smart home system: Smart contract implementation
CN114172740A (en) Distribution network certificate verification-based power distribution network secure access method
CN116388986B (en) Certificate authentication system and method based on post quantum signature
CN110945833B (en) Method and system for multi-mode identification network privacy protection and identity management
Kumagai et al. Distributed Public Key Certificate‐Issuing Infrastructure for Consortium Certificate Authority Using Distributed Ledger Technology
CN114944941B (en) Block chain-based Internet of things service distributed access control method
Goodrich et al. Notarized federated identity management for web services
Alharbi et al. A Blockchain Review: A Comparative Study Between Public Key Infrastructure and Identity Based Encryption
Xu et al. Blockchain-based Certificate Management with Multi-Party Authentication
Esparza et al. Punishing malicious hosts with the cryptographic traces approach
Herath Mudiyanselage Next-generation web public-key infrastructure technologies
CN114219433A (en) Block chain-based proxy cloud storage public auditing system and method for low-performance terminal equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant