CN114372245A - Block chain-based Internet of things terminal authentication method, system, device and medium - Google Patents
Block chain-based Internet of things terminal authentication method, system, device and medium Download PDFInfo
- Publication number
- CN114372245A CN114372245A CN202111652282.XA CN202111652282A CN114372245A CN 114372245 A CN114372245 A CN 114372245A CN 202111652282 A CN202111652282 A CN 202111652282A CN 114372245 A CN114372245 A CN 114372245A
- Authority
- CN
- China
- Prior art keywords
- terminal
- character string
- internet
- block chain
- things
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention provides a block chain-based Internet of things terminal authentication method, system, device and medium, wherein the method comprises the following steps: encrypting according to terminal information of the Internet of things terminal to be authenticated to form a ciphertext and a signature, and combining according to the ciphertext and the signature to form a first characteristic character string; encrypting the first characteristic character string to obtain a first encryption character string, and storing the first encryption character string to the block chain; acquiring a registration request, acquiring a second encrypted character string from the block chain according to the registration request, and decrypting the second encrypted character string to obtain a second characteristic character string; the method and the system have the advantages that the first characteristic character string and the second characteristic character string are matched, identity authentication is conducted on the terminal of the Internet of things to be authenticated according to the matching result, the block chain and the Internet of things are combined, simplification of terminal implementation and diversification of service requirements are comprehensively considered, data leakage of the characteristic string can be effectively avoided, safety of terminal authentication is improved, and the method and the system can be widely applied to the technical field of the Internet of things.
Description
Technical Field
The invention relates to the technical field of Internet of things, in particular to a block chain-based Internet of things terminal authentication method, system, equipment and storage medium.
Background
With the rise of intelligent hardware technology, the internet of things market shows exponential growth situation in recent years, and the internet of things platform is in a soft and hard combined junction position in the world of everything interconnection, and is more and more important in the industrial ecology of the internet of things. Meanwhile, the security events of the internet of things are also in an explosive growth situation, particularly, the terminal of the internet of things becomes a key attack target, and data leakage events occur frequently. The private data mainly comprises cloud end and Internet of things terminal equipment, and on one hand, a cloud end service platform is likely to suffer from external attack or internal disclosure, or sensitive data is likely to be disclosed due to reasons such as weak password authentication of cloud service users; on the other hand, there is also a possibility of data leakage from device to device.
Disclosure of Invention
In view of this, to at least partially solve one of the above technical problems, embodiments of the present invention provide a block chain-based terminal authentication method for internet of things, which can effectively avoid data leakage and has higher security; meanwhile, the technical scheme of the application also provides a system, equipment and a computer readable and writable storage medium which can correspondingly realize the method.
On one hand, the technical scheme provides a block chain-based terminal authentication method for the Internet of things, and the method comprises the following steps:
encrypting according to terminal information of the terminal of the Internet of things to be authenticated to form a ciphertext and a signature, and combining according to the ciphertext and the signature to form a first characteristic character string;
encrypting the first characteristic character string to obtain a first encryption character string, and storing the first encryption character string to a block chain;
acquiring a registration request, acquiring a second encrypted character string from the block chain according to the registration request, and decrypting the second encrypted character string to obtain a second characteristic character string;
and matching the first characteristic character string with the second characteristic character string, and performing identity authentication on the terminal of the Internet of things to be authenticated according to a matching result.
In a feasible embodiment of the scheme of the application, before the step of encrypting to form a ciphertext and a signature according to the terminal information of the terminal of the internet of things, the authentication method includes:
initializing the terminal of the Internet of things to be authenticated, and generating a public key and a private key of the terminal of the Internet of things to be authenticated;
generating a root key according to the user information in the terminal of the Internet of things to be authenticated;
the public key is used for encrypting the first characteristic character string to obtain a first encrypted character string; the private key is used for decrypting the second encrypted character string to obtain the second characteristic character string; and the root key is used for encrypting the ciphertext to obtain the signature.
In a possible embodiment of the present disclosure, the step of storing the first encrypted string to a blockchain includes:
acquiring a data uplink request;
determining a main node of the block chain service, and sequencing and packaging the first encryption character string through the main node according to the data uplink request to obtain a data packet;
and storing the data packet in the block chain, and generating a data uplink certificate.
In a possible embodiment of the present disclosure, the data uplink request includes first token information; after the step of acquiring the uplink data request, the authentication method comprises the following steps:
and authenticating the first token information, determining that the authentication is passed, calling a data certificate storage interface of the block chain service, and uploading the first encrypted character string through the data certificate storage interface.
In a possible embodiment of the present disclosure, the registration request includes second token information; after the step of obtaining the registration request, the authentication method includes:
authenticating the second token information, determining that the authentication is passed, calling a data query interface of the block chain service,
and acquiring the second encrypted character through the data query interface.
In a practical embodiment of the present disclosure, the step of obtaining a data packet by the primary node sequencing and packaging the first encrypted string according to the data uplink request includes:
sequencing and packaging the first encrypted character string to obtain a data packet, and performing first verification on the data packet to generate legal verification information;
broadcasting the legal verification information in the block chain so that a non-main node performs second verification on the data packet to generate second verification information;
and comparing the second verification information with the legal verification information, and writing the data packet into the non-host node according to a comparison result.
In a possible embodiment of the present application, before the step of sorting and packaging the first encrypted string to obtain a data packet, the authentication method includes:
and determining the hash value of the data packet according to the Mercker tree.
On the other hand, this application technical scheme still provides thing networking terminal authentication system based on block chain, includes:
the data encryption unit is used for encrypting according to terminal information of the Internet of things terminal to be authenticated to form a ciphertext and a signature, and combining according to the ciphertext and the signature to form a first characteristic character string; encrypting the first characteristic character string to obtain a first encryption character string, and storing the first encryption character string to a block chain;
a terminal registration unit for acquiring a registration request;
the data decryption unit is used for acquiring a second encrypted character string from the block chain according to the registration request and decrypting the second encrypted character string to obtain a second characteristic character string;
and the identity authentication unit is used for matching the first characteristic character string with the second characteristic character string and authenticating the identity of the terminal of the Internet of things to be authenticated according to the matching result.
On the other hand, the technical scheme of the invention also provides an internet of things terminal authentication device based on the block chain, which comprises the following components:
at least one processor;
at least one memory for storing at least one program;
when the at least one program is executed by the at least one processor, the at least one processor is enabled to execute the method for authenticating the terminal of the internet of things based on the block chain.
In another aspect, the present invention further provides a storage medium, in which a processor-executable program is stored, and the processor-executable program is used to execute the method for authenticating a terminal of an internet of things based on a block chain as described above when executed by a processor.
Advantages and benefits of the present invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention:
the technical scheme of the application is based on a core technology of a block chain distributed storage and consensus mechanism, a ciphertext and a signature are formed by encrypting terminal information, a characteristic character string is formed according to the combination of the ciphertext and the signature, and the characteristic character string is further stored in a block chain in an encrypted manner; when the terminal requests registration, the encrypted character string is obtained from the block chain and decrypted to obtain the characteristic character string, and the identity authentication of terminal access is carried out. In addition, the terminal does not need to preset the characteristic string in the scheme, so that the problem that the terminal is burned again when the platform is migrated is effectively avoided, and the diversified development of the terminal service is promoted; the scheme combines the block chain and the Internet of things, comprehensively considers simplification of terminal realization and diversification of service requirements, can effectively avoid data leakage of the characteristic string, and improves the security of terminal authentication.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart illustrating steps of a block chain-based terminal authentication method for internet of things according to an embodiment of the present invention;
fig. 2 is an interaction flow chart of the terminal and the internet of things platform in the terminal authentication process in the embodiment of the invention;
FIG. 3 is a flow chart of the interaction in the process of feature string generation and uplink transmission according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention. The step numbers in the following embodiments are provided only for convenience of illustration, the order between the steps is not limited at all, and the execution order of each step in the embodiments can be adapted according to the understanding of those skilled in the art.
In combination with the technical problems or defects clearly indicated in the foregoing background art, it should be further supplemented to explain that, in a relatively common application scenario, an internet of things platform generally needs to bear access of a large number of internet of things terminals, and in order to ensure security of terminal access, the platform performs identity authentication on the accessed internet of things terminals. In the related technology, the platform provides various modes such as cryptographic algorithm authentication, certificate authentication and feature string authentication aiming at equipment with different protocols; taking the feature string authentication as an example, the platform allocates the feature string for the terminal, wherein the feature string can uniquely identify the terminal, a terminal developer needs to introduce the feature string into the terminal, and when the terminal logs in the platform, the terminal security identity authentication information needs to be carried to complete the terminal authentication. At present, the characteristic string authentication process of the internet of things platform in the related technology is too simple, after the platform distributes the characteristic string for the terminal, a terminal developer needs to manually copy the characteristic string from a platform portal and write the characteristic string into the terminal, and if the characteristic string changes, the characteristic string needs to be re-burned, so that inconvenience is brought to the terminal developer, privacy protection on the characteristic string data is lacked, and great potential safety hazards exist.
Based on the above obvious defects in the related art, on one hand, as shown in fig. 1, an embodiment of the present application provides a block chain-based terminal authentication method for internet of things, where the method includes steps S100 to S400:
s100, encrypting according to terminal information of the terminal of the Internet of things to be authenticated to form a ciphertext and a signature, and combining according to the ciphertext and the signature to form a first characteristic character string;
the terminal of the internet of things to be authenticated is initialized and needs to be accessed to the terminal of the internet of things platform in the embodiment, and in the scheme of the application, the default communication protocol mode is to communicate by using the mobile cellular network mainly for the terminal of the internet of things which uses the mobile cellular network to communicate. Specifically, in this embodiment, the first characteristic character string is a characteristic character string formed by combining a ciphertext and a signature, where the ciphertext is obtained by a first round of encryption by a terminal whose identity is verified to be legitimate, and the signature is obtained by performing a second round of encryption on the ciphertext.
In some alternative embodiments, before the process of encrypting to form a ciphertext and a signature according to the terminal information of the terminal of the internet of things in step S100, the method may include steps S001 and S002:
s001, initializing the terminal of the Internet of things to be authenticated, and generating a public key and a private key of the terminal of the Internet of things to be authenticated;
s002, generating a root key according to user information in the terminal of the Internet of things to be authenticated;
in steps S001-S002, the public key is used to encrypt the first characteristic string to obtain a first encrypted string; the private key is used for decrypting the second encrypted character string to obtain a second characteristic character string; the root key is used for encrypting the ciphertext to obtain a signature.
Specifically, in the embodiment, as shown in fig. 2, first, the embodiment acquires unique identification information of a user, for example, a platform account registered by the user and a mobile phone number bound to the platform account, and first, the embodiment performs real-name authentication on the unique identification information of the user, and then, the platform generates a root key RootKey for the user. After real-name authentication, the embodiment performs Device initialization operation on the cellular internet of things terminal needing to be accessed to the internet of things platform, and generates the terminal independent public key PK _ Device and private key SK _ Device.
In addition, in an embodiment, after logging in the internet of things platform, the platform may create an internet of things blockchain product, which is a set of terminals of the same type; in the user interaction window provided by the platform, the user can select or set product classification, for example, communication protocol selects mobile cellular network, and authentication mode selects characteristic string authentication.
After a good product is created in the platform of the internet of things, the embodiment can add the terminal by inputting information such as a terminal name, a terminal number, a terminal public key and the like, wherein the input terminal is the terminal of the internet of things to be authenticated. In the embodiment, after the internet of things platform receives a new device instruction, firstly, a device ID is generated as a unique identifier of the terminal on the platform, then information such as the terminal ID is encrypted by using Base64 to generate a payload ciphertext, then the payload ciphertext is encrypted by using a root key obtained in the step S002 to generate a signature by using HMAC-SHA256, and the signature is added to the payload ciphertext to form a feature string token; for example, token is: dj9pt7s7fEbk9VOzicmQ8834Lp4IRDCwtWkva1yPQW 8.
S200, encrypting the first characteristic character string to obtain a first encryption character string, and storing the first encryption character string to a block chain;
the first encrypted string is a string encrypted by the public key generated in step S001. Specifically, in the embodiment, a terminal management unit in the internet of things platform encrypts the feature string PK _ device (token) through a terminal public key, and then calls a data evidence storage interface of the block chain service to store the feature string ciphertext into the internet of things block chain.
S300, acquiring a registration request, acquiring a second encrypted character string from the block chain according to the registration request, and decrypting the second encrypted character string to obtain a second characteristic character string;
the second encrypted string is a string obtained by querying a data block stored in the block chain according to the ID of the terminal that initiated the registration request, and the second characteristic string is a string obtained by decrypting the second encrypted string with the private key in step S001.
In a specific embodiment, the internet of things platform obtains a registration request initiated by the internet of things terminal to be authenticated, obtains a registration message through analyzing the registration request, calls a data query interface according to a device ID identifier in the registration message to obtain a feature string ciphertext of the terminal from the block chain service module, and returns the ciphertext to the terminal. After receiving the feature string ciphertext, the terminal decrypts SK _ device (token) by using a private key to obtain the feature string.
S400, matching is carried out according to the first characteristic character string and the second characteristic character string, and identity authentication is carried out on the terminal of the Internet of things to be authenticated according to a matching result;
specifically, in the embodiment, after the terminal decrypts the characteristic string, the login message carrying the characteristic string is sent to the internet of things platform, and after the internet of things platform analyzes the message, the HMAC-SHA256 is used to generate the characteristic string token according to the terminal ID and the user root key, and the characteristic string token is compared with the token carried in the terminal login message to verify the validity of the characteristic string, complete the identity authentication of the terminal, and return the login result to the terminal. If the terminal access authentication is successful, the platform can display that the terminal is on line, and the terminal can communicate with the platform for data reporting and the like.
In some alternative embodiments, the step S200 of storing the first encrypted string to the blockchain may include steps S210 to S230:
s210, acquiring a data uplink request;
s220, determining a main node of the block chain service, and sequencing and packaging the first encryption character string through the main node according to the data uplink request to obtain a data packet;
s230, storing the data packet in a block chain, and generating a data uplink certificate;
specifically, in the embodiment, after receiving the data uplink request, the blockchain service dynamically selects a Primary node Primary that is responsible for sequencing and packaging all messages of the internet of things terminal, where the message content includes, but is not limited to, the data uplink request, a registration request, and the like.
In some optional embodiments, in the process of deploying the blockchain basic chain, the bottom-layer capability of the blockchain can be encapsulated, and the internet-of-things platform terminal management module interacts with the blockchain service in a unified manner; therefore, in the embodiment, both the uplink data request and the registration request can carry corresponding token information. Furthermore, before the process of acquiring the data uplink request in step S210, the method according to the embodiment may further include step S201:
s201, authenticating the first token information, determining that the authentication is passed, calling a data evidence storage interface of the block chain service, and uploading a first encryption character string through the data evidence storage interface.
In addition, after the process of acquiring the registration request in the method step S300, the embodiment may further include the step S301:
s301, authenticating the second token information, determining that the authentication is passed, calling a data query interface of the block chain service, and acquiring a second encrypted character through the data query interface.
Specifically, in the embodiment, as shown in fig. 3, the blockchain service may allocate a global token, and the internet of things platform needs to carry token information when calling the API, so as to perform authentication, thereby ensuring interface access security. When data are linked up, the terminal management module calls a data evidence storage API of the block chain service; and when the terminal is authenticated, the terminal management module calls a data query API of the block chain service to obtain the feature string data.
In some alternative embodiments, the method step S220 is to determine a primary node of the block chain service, and obtain the data packet by the process of the primary node sorting and packaging the first encryption string according to the uplink data request, which may include steps S221 to S223:
s221, sequencing and packaging the first encrypted character strings to obtain a data packet, and performing first verification on the data packet to generate legal verification information;
s222, broadcasting the legal verification information in the block chain so that the non-main node performs second verification on the data packet to generate second verification information;
and S223, comparing the second verification information with the legal verification information, and writing the data packet into the non-host node according to the comparison result.
In the embodiment, the block chain service adopts an RBFT consensus algorithm; according to the robust Byzantine fault-tolerant algorithm RBFT, a transaction verification link is inserted in the primary PBFT algorithm, and the stability of the scheme is improved. The RBFT consensus retains the original three-stage processing flows (PrePrepar, Prepar, Commit) of the PBFT, and simultaneously adds an important transaction verification (valid) link, thereby ensuring the consensus on the transaction execution sequence and the consensus on the block verification result. The RBFT consensus algorithm provides a dynamic data automatic recovery mechanism, adds a function of maintaining the dynamic addition and deletion of nodes of the cluster under the condition of non-stop, and enhances the availability of the consensus module.
Specifically, in the embodiment, the master node packages the transactions into blocks and then verifies the transactions in advance, and the verification result is included in the Preprepare message for broadcast over the network, so that the Preprepare message includes both the ordered transaction information and the block verification result. After receiving the Preprepare message of the master node, the slave node checks the validity of the message, and broadcasts the Preprepare message after checking to show that the slave node agrees with the sequencing result of the master node; after receiving the prefix information of which the number of nodes (quorum-1) is required by consensus, the slave nodes start to verify the block, the verification result is compared with the verification result of the master node, if the comparison result is consistent, Commit is broadcasted to indicate that the slave nodes agree with the verification result of the master node, otherwise, ViewChange is directly initiated to indicate that the slave nodes consider that the master node has abnormal behavior.
In some alternative embodiments, the method may determine the hash value of the packet through the merkel tree.
In the embodiment, distributed storage such as a merkel tree is adopted, and the hash value of the data block is recorded, so that the storage architecture of the block chain is optimized, and the storage efficiency of the block chain is improved. Illustratively, when constructing the Merkle tree, a hash value is first calculated for the data block, and in the embodiment, a hash algorithm such as SHA-256 is used. But if only data is prevented from being inadvertently corrupted or tampered with, some less secure but more efficient checksum algorithm, such as CRC, may be used instead. Then pairwise matching the hash values calculated by the data blocks (if the number is odd, the last one is paired with the data blocks), calculating the hash value of the upper layer, and repeating the step until the root hash value is calculated.
The whole implementation process of the scheme of the application is described in detail in conjunction with the attached figure 2 as follows:
(1) a user registers a platform account number by using a mobile phone number, and performs real-name authentication, and the platform generates a root key RootKey for the user;
(2) a user performs equipment initialization operation on a cellular Internet of things terminal to generate a public key PK _ Device and a private key SK _ Device which are independent of the terminal;
(3) a user logs in an Internet of things platform, creates an Internet of things block chain product (the product is a set of terminals of the same type), selects product classification, and selects a mobile cellular network by paying attention to a communication protocol and a characteristic string authentication by an authentication mode;
(4) the user adds the terminal by inputting information such as terminal name, terminal number, terminal public key and the like under the created product. After receiving the instruction of the newly added device, the platform terminal management module firstly generates a device ID as a unique identifier of the terminal on the platform, then encrypts information such as the terminal ID and the like by using Base64 to generate a payload ciphertext, encrypts the payload ciphertext by using the root key in the step (1) and generates a signature by using HMAC-SHA256, and combines the payload ciphertext and the signature into a feature string token, for example: dj9pt7s7fEbk9VOzicmQ8834Lp4IRDCwtWkva1yPQW 8);
(5) the terminal management module encrypts the feature string PK _ device (token) by using a terminal public key, and then calls a data evidence storage interface of the block chain service to store the feature string ciphertext to the Internet of things block chain;
(6) after the block chain service receives the data uplink request, the master node Primary dynamically selected by the block chain service is responsible for sequencing and packaging the client messages, data is brought into the block chain for storage by adopting an RBFT (radial basis function) consensus algorithm, and the block chain service returns a data uplink certificate.
(7) The terminal sends a registration request to the platform, and the terminal access module analyzes the registration message and sends the request to the terminal management. And the terminal management calls a data query interface to obtain the feature string ciphertext of the terminal from the block chain service module according to the equipment ID identification, and returns the ciphertext to the terminal.
(8) After receiving the feature string ciphertext, the terminal decrypts SK _ device (token) by using a private key to obtain the feature string, then sends a login message carrying the feature string to the platform, and the terminal access module forwards the message to the terminal management module after analyzing the message.
(9) And the terminal management module generates a feature string token by using HMAC-SHA256 according to the terminal ID and the user root key, compares the feature string token with the token carried in the terminal login message, verifies the legality of the feature string, completes the identity authentication of the terminal, and returns the login result to the terminal.
(10) If the terminal access authentication is successful, the platform can display that the terminal is on line, and the terminal can communicate with the platform for data reporting and the like.
In a second aspect, the technical solution of the present application further provides a terminal authentication system of the internet of things based on a block chain, where the system includes two main objects: the system comprises a cellular terminal and an Internet of things platform; in the thing networking platform, mainly include:
the data encryption unit is used for encrypting according to terminal information of the Internet of things terminal to be authenticated to form a ciphertext and a signature, and combining according to the ciphertext and the signature to form a first characteristic character string; encrypting the first characteristic character string to obtain a first encryption character string, and storing the first encryption character string to the block chain;
a terminal registration unit for acquiring a registration request;
the data decryption unit is used for acquiring a second encrypted character string from the block chain according to the registration request and decrypting the second encrypted character string to obtain a second characteristic character string;
and the identity authentication unit is used for matching the first characteristic character string with the second characteristic character string and authenticating the identity of the terminal of the Internet of things to be authenticated according to the matching result.
In some alternative embodiments, the functional units in the internet of things may be subdivided, for example, in the platform of the piconet in some embodiments, the method further includes:
a terminal access unit: the system comprises a processing unit, a characteristic string generating unit and a processing unit, wherein the processing unit is used for receiving and responding a terminal login message and verifying the characteristic string;
a terminal management unit: the public key encryption device is used for generating and storing the characteristic string, encrypting the characteristic string by the public key and interacting with the block chain service;
block chain service unit: the system is used for storing terminal characteristic string information on a chain and providing a data certificate and a query interface for the outside.
In a third aspect, the technical solution of the present application further provides an internet of things terminal authentication device based on a block chain, which includes:
at least one processor; at least one memory for storing at least one program; when the at least one program is executed by the at least one processor, the at least one processor is caused to execute the block chain based internet of things terminal authentication method as in the first aspect.
The embodiment of the invention also provides a program stored in the storage medium, and the program is executed by the processor, so that the block chain-based terminal authentication method of the Internet of things is realized.
From the above specific implementation process, it can be concluded that the technical solution provided by the present invention has the following advantages or advantages compared to the prior art:
1. and data storage is safe. When the existing mainstream Internet of things platform accesses and authenticates the cellular Internet of things equipment, feature string authentication is generally adopted, the feature string plaintext is displayed at a platform portal, and the privacy of the feature string cannot be ensured.
2. The authentication process is simple. According to the technical scheme, the public key/private key of the equipment is used for encrypting/decrypting the characteristic string, the authentication process is simplified on the premise of improving the authentication security of the terminal, and the development workload of the terminal side is reduced. The terminal does not directly interact with the block chain service, and the terminal interaction flow is reduced.
In alternative embodiments, the functions/acts noted in the block diagrams may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved. Furthermore, the embodiments presented and described in the flow charts of the present invention are provided by way of example in order to provide a more thorough understanding of the technology. The disclosed methods are not limited to the operations and logic flows presented herein. Alternative embodiments are contemplated in which the order of various operations is changed and in which sub-operations described as part of larger operations are performed independently.
Furthermore, although the present invention is described in the context of functional modules, it should be understood that, unless otherwise stated to the contrary, one or more of the functions and/or features may be integrated in a single physical device and/or software module, or one or more of the functions and/or features may be implemented in a separate physical device or software module. It will also be appreciated that a detailed discussion of the actual implementation of each module is not necessary for an understanding of the present invention. Rather, the actual implementation of the various functional modules in the apparatus disclosed herein will be understood within the ordinary skill of an engineer, given the nature, function, and internal relationship of the modules. Accordingly, those skilled in the art can, using ordinary skill, practice the invention as set forth in the claims without undue experimentation. It is also to be understood that the specific concepts disclosed are merely illustrative of and not intended to limit the scope of the invention, which is defined by the appended claims and their full scope of equivalents.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.
While the preferred embodiments of the present invention have been illustrated and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. The method for authenticating the terminal of the Internet of things based on the block chain is characterized by comprising the following steps:
encrypting according to terminal information of the terminal of the Internet of things to be authenticated to form a ciphertext and a signature, and combining according to the ciphertext and the signature to form a first characteristic character string;
encrypting the first characteristic character string to obtain a first encryption character string, and storing the first encryption character string to a block chain;
acquiring a registration request, acquiring a second encrypted character string from the block chain according to the registration request, and decrypting the second encrypted character string to obtain a second characteristic character string;
and matching according to the first characteristic character string and the second characteristic character string, and performing identity authentication on the Internet of things terminal to be authenticated according to a matching result.
2. The method for authenticating the terminal of the internet of things based on the block chain as claimed in claim 1, wherein before the step of encrypting according to the terminal information of the terminal of the internet of things to form a ciphertext and a signature, the method comprises:
initializing the terminal of the Internet of things to be authenticated, and generating a public key and a private key of the terminal of the Internet of things to be authenticated;
generating a root key according to the user information in the terminal of the Internet of things to be authenticated;
the public key is used for encrypting the first characteristic character string to obtain a first encrypted character string; the private key is used for decrypting the second encrypted character string to obtain the second characteristic character string; and the root key is used for encrypting the ciphertext to obtain the signature.
3. The method for authenticating the terminal of the internet of things based on the blockchain according to claim 1, wherein the step of storing the first encryption string to the blockchain comprises:
acquiring a data uplink request;
determining a main node of the block chain service, and sequencing and packaging the first encryption character string through the main node according to the data uplink request to obtain a data packet;
and storing the data packet in the block chain, and generating a data uplink certificate.
4. The method of claim 3, wherein the data uplink request includes first token information; after the step of acquiring the uplink data request, the authentication method comprises the following steps:
and authenticating the first token information, determining that the authentication is passed, calling a data certificate storage interface of the block chain service, and uploading the first encrypted character string through the data certificate storage interface.
5. The method for authenticating the terminal of the internet of things based on the block chain as claimed in claim 4, wherein the registration request comprises second token information; after the step of obtaining the registration request, the authentication method includes:
and authenticating the second token information, determining that the authentication is passed, calling a data query interface of the block chain service, and acquiring the second encrypted character through the data query interface.
6. The method for authenticating the terminal of the internet of things based on the block chain according to claim 3, wherein the step of obtaining the data packet by sequencing and packaging the first encryption character string according to the data uplink request through the primary node comprises:
sequencing and packaging the first encrypted character string to obtain a data packet, and performing first verification on the data packet to generate legal verification information;
broadcasting the legal verification information in the block chain so that a non-main node performs second verification on the data packet to generate second verification information;
and comparing the second verification information with the legal verification information, and writing the data packet into the non-host node according to a comparison result.
7. The authentication method of the internet of things based on the blockchain as claimed in claim 6, wherein before the step of sequencing and packaging the first encrypted string to obtain the data packet, the authentication method comprises:
and determining the hash value of the data packet according to the Mercker tree.
8. Thing networking terminal authentication system based on block chain, its characterized in that includes:
the data encryption unit is used for encrypting according to terminal information of the Internet of things terminal to be authenticated to form a ciphertext and a signature, and combining according to the ciphertext and the signature to form a first characteristic character string; encrypting the first characteristic character string to obtain a first encryption character string, and storing the first encryption character string to a block chain;
a terminal registration unit for acquiring a registration request;
the data decryption unit is used for acquiring a second encrypted character string from the block chain according to the registration request and decrypting the second encrypted character string to obtain a second characteristic character string;
and the identity authentication unit is used for matching the first characteristic character string with the second characteristic character string and authenticating the identity of the terminal of the Internet of things to be authenticated according to the matching result.
9. Thing networking terminal authentication equipment based on block chain, its characterized in that includes:
at least one processor;
at least one memory for storing at least one program;
when executed by the at least one processor, the at least one program causes the at least one processor to execute the method for authenticating a terminal of the internet of things based on a blockchain according to any one of claims 1 to 7.
10. A storage medium having stored therein a processor-executable program, wherein the processor-executable program, when executed by a processor, is configured to execute the method for authenticating a terminal of the internet of things based on a blockchain according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111652282.XA CN114372245A (en) | 2021-12-30 | 2021-12-30 | Block chain-based Internet of things terminal authentication method, system, device and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111652282.XA CN114372245A (en) | 2021-12-30 | 2021-12-30 | Block chain-based Internet of things terminal authentication method, system, device and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114372245A true CN114372245A (en) | 2022-04-19 |
Family
ID=81142220
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111652282.XA Pending CN114372245A (en) | 2021-12-30 | 2021-12-30 | Block chain-based Internet of things terminal authentication method, system, device and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114372245A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115914316A (en) * | 2023-03-14 | 2023-04-04 | 深圳中集智能科技有限公司 | Logistics data transmission method of block chain and credible Internet of things system |
-
2021
- 2021-12-30 CN CN202111652282.XA patent/CN114372245A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115914316A (en) * | 2023-03-14 | 2023-04-04 | 深圳中集智能科技有限公司 | Logistics data transmission method of block chain and credible Internet of things system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11516011B2 (en) | Blockchain data processing methods and apparatuses based on cloud computing | |
| CN110933108B (en) | Data processing method and device based on block chain network, electronic equipment and storage medium | |
| US11038682B2 (en) | Communication method, apparatus and system, electronic device, and computer readable storage medium | |
| US6895501B1 (en) | Method and apparatus for distributing, interpreting, and storing heterogeneous certificates in a homogenous public key infrastructure | |
| CN112422532B (en) | Service communication method, system and device and electronic equipment | |
| CN110287654B (en) | Media client device authentication using hardware trust root | |
| WO2016107203A1 (en) | Identity authentication method and device | |
| JP5062870B2 (en) | Ensuring security of voluntary communication services | |
| US20180006823A1 (en) | Multi-hop secure content routing based on cryptographic partial blind signatures and embedded terms | |
| JP2004280284A (en) | Control processor, electronic equipment, and program starting method for electronic equipment, and system module updating method for electronic equipment | |
| CN114584307B (en) | Trusted key management method and device, electronic equipment and storage medium | |
| US9524394B2 (en) | Method and apparatus for providing provably secure user input/output | |
| US11722303B2 (en) | Secure enclave implementation of proxied cryptographic keys | |
| CN116491098A (en) | Certificate-based security using post-use quantum cryptography | |
| CN115580413B (en) | Zero-trust multi-party data fusion calculation method and device | |
| CN112765637A (en) | Data processing method, password service device and electronic equipment | |
| EP4096160A1 (en) | Shared secret implementation of proxied cryptographic keys | |
| CN114499892B (en) | Firmware starting method and device, computer equipment and readable storage medium | |
| CN111414640B (en) | Key access control method and device | |
| JP2023533319A (en) | FIRMWARE DATA VERIFICATION APPARATUS AND METHOD AND FIRMWARE UPDATE APPARATUS, METHOD AND SYSTEM | |
| CN110401640B (en) | Trusted connection method based on trusted computing dual-system architecture | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| US20220006654A1 (en) | Method to establish an application level ssl certificate hierarchy between master node and capacity nodes based on hardware level certificate hierarchy | |
| CN114372245A (en) | Block chain-based Internet of things terminal authentication method, system, device and medium | |
| CN109474431A (en) | Client certificate method and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |