CN114462099A - Data uplink method, system, device, equipment and medium of terminal equipment - Google Patents
Data uplink method, system, device, equipment and medium of terminal equipment Download PDFInfo
- Publication number
- CN114462099A CN114462099A CN202111676903.8A CN202111676903A CN114462099A CN 114462099 A CN114462099 A CN 114462099A CN 202111676903 A CN202111676903 A CN 202111676903A CN 114462099 A CN114462099 A CN 114462099A
- Authority
- CN
- China
- Prior art keywords
- data
- trusted entity
- information
- terminal device
- transaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Economics (AREA)
- Marketing (AREA)
- Technology Law (AREA)
- Development Economics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data chaining method, a system, a device, computer equipment and a medium of terminal equipment, wherein the method comprises the following steps: when the registration transaction information of the terminal equipment is received, the registration transaction contained in the registration transaction information is obtained, the registration transaction is activated on the block chain to obtain a credible entity, account activation and on-chain authority updating are carried out on the credible entity, and when the acquired data of the credible entity is received, the acquired data is stored to the block chain.
Description
Technical Field
The present invention relates to the field of data processing, and in particular, to a method, a system, an apparatus, a computer device, and a medium for data uplink of a terminal device.
Background
At present, there are various technical solutions for making a data uplink of a terminal device, which respectively include:
scheme 1: the device sends data to the cloud server, and after the cloud server receives the data, the cloud server uses a private key stored in the cloud server to sign the data and sends the data to the block chain.
Scheme 2: the device locally stores the private key, signs the collected data and sends the signed data to the block chain.
Scheme 3: the device stores the private key in a trusted execution environment in an unreadable manner, signs the data and then sends the data to the block chain.
The first scheme is that the private key is not stored in the terminal device but delegated to the cloud server, the security of the private key is delegated to the cloud server, if the server is attacked, all physical devices hosted by the server are listed as untrusted devices, and the uploaded data cannot be listed as trusted data. In the second scheme, the private key is usually stored in an internal memory or an external memory in a plaintext form and is easy to be read maliciously, and the signature process is carried out in an open environment and is easy to be tampered maliciously, so that potential safety hazards exist. Compared with the second scheme, although the private key is stored in an unreadable manner, malicious acquisition can be avoided, confidentiality, integrity and access authority of resources and data can be guaranteed in a trusted execution environment, and security of signature can be guaranteed, the third scheme has the defects that the device unique information cannot be strongly bound with the block chain address, and when the public and private keys are replaced by the device, the address on the block chain is changed, so that uniqueness of the device cannot be really achieved on the block chain.
In addition, the prior art lacks a management mechanism for device permissions, which cannot achieve fine-grained management of devices, for example, cannot limit the use of public and private keys of produced but not enabled devices for performing the function of storing certificates on the blockchain data, and cannot limit the devices from calling other functions of the blockchain except the function of storing certificates.
Disclosure of Invention
Embodiments of the present invention provide a data uplink method, system, apparatus, computer device and storage medium for a terminal device, so as to improve the efficiency and security of data uplink of the terminal device.
In order to solve the foregoing technical problem, an embodiment of the present invention provides a data uplink method for a terminal device, including the following steps performed by a block chain system:
when the registered transaction information of the terminal equipment is received, acquiring the registered transaction contained in the registered transaction information, and activating the registered transaction on a block chain to obtain a trusted entity, wherein the registered transaction carries signature information, batch number and encryption information generated in a trusted execution environment;
performing account activation and on-chain permission updating on the trusted entity;
when collected data of a trusted entity is received, the collected data is stored to a blockchain, wherein the data types comprise data streams and analytic data.
Optionally, the activating the device information on the blockchain to obtain the trusted entity includes:
acquiring a uniform batch key corresponding to the batch number;
decrypting the encrypted information to obtain a public key and a hardware unique number;
and verifying the signature of the signature information by adopting the public key, if the signature passes the verification, generating a primary account corresponding to the terminal equipment based on the hardware unique number, and updating the authority information corresponding to the primary account.
Optionally, the activating the account and updating the chain authority of the trusted entity includes:
when an update permission request carrying the hardware unique number is received, transaction validity verification is carried out on the update permission request to obtain a validity verification result;
when the result of the validity check is passed, inquiring a primary account corresponding to the trusted entity based on the hardware unique number, and generating a target authority management strategy based on the inquiry result;
and sending the target authority management strategy to a chain for voting, and determining the updating of the authority according to the obtained voting result and the content of the target authority management strategy after the voting is finished.
Optionally, after acquiring the registration transaction included in the registration transaction information and performing activation processing on the blockchain by using the registration transaction when receiving the registration transaction information of the terminal device, and obtaining the trusted entity, the data uplink method of the terminal device further includes:
if an upgrade firmware package containing signature information sent by a management end is received, carrying out upgrade validity verification on the signature information of the upgrade firmware package;
when the upgrade validity is verified, generating a unique version number of the upgrade firmware package, and storing the firmware upgrade package;
receiving a hardware unique number and a unique version number of an upgrading firmware package sent by a management terminal to obtain trusted entity firmware information to be upgraded;
after a trusted entity is started, establishing query transaction, and judging whether the trusted entity needs to be upgraded or not based on the firmware information of the trusted entity to be upgraded;
if the trusted entity needs to be upgraded, acquiring the firmware information of the trusted entity to be upgraded corresponding to the trusted entity, and acquiring a corresponding firmware upgrade package as a target firmware upgrade package based on the unique version number;
and upgrading the firmware of the trusted entity by adopting the target firmware upgrading package.
In order to solve the foregoing technical problem, an embodiment of the present invention further provides a data uplink method for a terminal device, including the following steps executed by a terminal system:
when data is acquired, monitoring response content in data interaction according to a data type corresponding mode to obtain message data;
carrying out data preprocessing on the message data to obtain target data;
packaging the target data by adopting a custom format to obtain a packaging message and generate a deposit transaction;
sending the packaging message and the hardware unique number into a trusted environment for signing to obtain a signing result;
and verifying the validity of the signature result, the authority corresponding to the trusted entity and the transaction content of the deposit transaction, and if the validity is verified, storing the transaction content of the deposit transaction as collected data to a block chain.
Optionally, the performing data preprocessing on the message data to obtain target data includes:
filtering and cleaning the message data to obtain cleaned message data;
and assembling and analyzing the cleaned message data to obtain the target data.
In order to solve the above technical problem, an embodiment of the present invention further provides a data uplink system of a terminal device, including a hardware layer, a system layer and an application layer, wherein,
the hardware layer is used for acquiring data and performing trusted execution environment signature on the data, and is communicated with the block chain through a network, and comprises a system operation and monitoring module, a data acquisition and analysis module, a password management and calculation module and a network sending and receiving module;
the system layer is used for controlling the system to normally execute logic and exception processing and analyzing message data;
the application layer comprises a trusted device account management module, a key updating module and an authority updating module and is used for managing accounts, authorities and firmware of the trusted device.
In order to solve the foregoing technical problem, an embodiment of the present invention further provides a data uplink apparatus of a terminal device, and a block chain system, where the block chain system includes:
the entity registration module is used for acquiring a registration transaction contained in registration transaction information when the registration transaction information of the terminal equipment is received, and activating the registration transaction on a block chain to obtain a trusted entity, wherein the registration transaction carries signature information, batch number and encryption information generated in a trusted execution environment;
the authority updating module is used for carrying out account activation and on-chain authority updating on the trusted entity;
and the data uplink module is used for storing the acquired data to the block chain when the acquired data of the trusted entity is received, wherein the data type comprises data flow and analytic data.
Optionally, the entity registration module includes:
the batch key acquiring unit is used for acquiring a uniform batch key corresponding to the batch number;
the encrypted information decryption unit is used for decrypting the encrypted information to obtain a public key and a hardware unique number;
and the account authority generating unit is used for verifying and signing the signature information by adopting the public key, generating a primary account corresponding to the terminal equipment based on the hardware unique number if the signature verification is passed, and updating the authority information corresponding to the primary account.
Optionally, the permission updating module includes:
the authority validity verifying unit is used for verifying the transaction validity of the update authority request to obtain a validity verifying result when receiving the update authority request carrying the unique hardware number;
the authority policy generating unit is used for inquiring the primary account corresponding to the trusted entity based on the hardware unique number when the validity check result is passed, and generating a target authority management policy based on the inquiry result;
and the authority updating unit is used for sending the target authority management strategy to a chain for voting, and determining the updating of the authority according to the obtained voting result and the content of the target authority management strategy after the voting is finished.
Optionally, the apparatus for uplink data of the terminal device further includes:
the upgrading validity verification module is used for verifying the upgrading validity of the signature information of the upgrading firmware package if the upgrading firmware package containing the signature information sent by the management terminal is received;
the unique version number generation module is used for generating the unique version number of the upgrade firmware package and storing the firmware upgrade package when the upgrade validity is verified;
the trusted entity information to be upgraded production module is used for receiving the hardware unique number and the unique version number of the upgrade firmware package sent by the management terminal to obtain trusted entity firmware information to be upgraded;
the upgrading judgment module is used for constructing query transaction after the trusted entity is detected to be started and judging whether the trusted entity needs to be upgraded or not based on the information of the trusted entity to be upgraded;
the upgrading package obtaining module is used for obtaining the information of the trusted entity to be upgraded corresponding to the trusted entity if the trusted entity needs to be upgraded, and obtaining a corresponding firmware upgrading package as a target firmware upgrading package based on the unique version number of the upgrading firmware package in the information of the trusted entity to be upgraded;
and the firmware upgrading module is used for upgrading the firmware of the trusted entity by adopting the target firmware upgrading packet.
In order to solve the foregoing technical problem, an embodiment of the present application further provides a data uplink apparatus for a terminal device, including the terminal device, where the terminal device includes: the message acquisition module is used for intercepting response content in data interaction according to a data type corresponding mode when data is acquired to obtain message data;
the data preprocessing module is used for preprocessing the message data to obtain target data;
the transaction generation module is used for packaging the target data by adopting a custom format to obtain a packaging message and generate deposit transaction;
the message signature module is used for sending the packaging message and the hardware unique number into a trusted environment for signature to obtain a signature result;
and the data verification storage module is used for verifying the validity of the signature result, the authority corresponding to the trusted entity and the transaction content of the deposit transaction, and if the validity is verified, the transaction content of the deposit transaction is stored to the block chain as collected data.
Optionally, the data preprocessing module includes:
the data cleaning unit is used for filtering and cleaning the message data to obtain cleaned message data;
and the data assembling and analyzing unit is used for assembling and analyzing the cleaned message data to obtain the target data.
In order to solve the above technical problem, an embodiment of the present application further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the data uplink method of the terminal device when executing the computer program.
In order to solve the above technical problem, an embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored, and the computer program, when executed by a processor, implements the steps of the data uplink method of the terminal device.
According to the data uplink method and device of the terminal equipment, the computer equipment and the storage medium, when the registration transaction information of the terminal equipment is received, the registration transaction contained in the registration transaction information is obtained, the registration transaction is activated on the block chain to obtain the trusted entity, the account activation and the on-chain authority updating are carried out on the trusted entity, and when the collected data of the trusted entity are received, the collected data are stored in the block chain, so that the data uplink can be rapidly carried out on any terminal equipment, and the data uplink efficiency and the data uplink safety of the terminal equipment are improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flowchart of an embodiment of a data uplink method of a terminal equipment of the present application;
fig. 3 is a schematic structural diagram of an embodiment of a data uplink apparatus of a terminal device according to the present application;
FIG. 4 is a schematic block diagram of one embodiment of a computer device according to the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "including" and "having," and any variations thereof in the description and claims of this application and the description of the figures above, are intended to cover non-exclusive inclusions. The terms "first," "second," and the like in the description and claims of this application or in the above-described drawings are used for distinguishing between different objects and not for describing a particular order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, as shown in fig. 1, fig. 1 is a schematic diagram of an application environment of a method for managing a flow node for bidding according to an embodiment of the present invention, which can be applied to the application environment of fig. 1, wherein a block chain is composed of a plurality of nodes capable of communicating with each other, each node can be regarded as a block storage, each block storage is used for storing data, each data node contains all data, the block storage data has a complete history record and can be rapidly restored and expanded, an area chain is divided into a public chain, a private chain and a federation chain, the public chain is open for any node, each organization/node can participate in the calculation of the block chain, and any organization/node can download and obtain the data of the complete block chain, the private chain is a block chain that some block chains do not want to participate in any person, the block chain backup system is not disclosed externally, and is suitable for internal data management and audit or open test of a specific organization, the authority of each node is completely equivalent in a alliance chain, people can realize trusted exchange of data without complete mutual trust, each node of the alliance chain is generally organized by a corresponding entity organization, the node can be added into and quit the network after authorization, in the process of using the whole block chain backup system, a hash function, a public key of a sender and a private key of the sender are required to be signed by using digital, the digital signature designs a hash function, the public key of the sender and a private key of the sender, the block chain has a complete distributed storage characteristic, and the basic data is actually stored in a larger network data while a data structure in a 'hash algorithm' form is used for storing basic data.
Referring to fig. 2, fig. 2 shows a data uplink method of a terminal device according to an embodiment of the present invention, which is detailed as follows:
s201: and when the registered transaction information of the terminal equipment is received, acquiring the registered transaction contained in the registered transaction information, and activating the registered transaction on the block chain to obtain a trusted entity, wherein the registered transaction carries signature information, batch number and encryption information generated in a trusted execution environment.
Specifically, a public key certificate and a batch unified key which are issued by an authorized factory CA are built in a block chain by an account administrator, after the equipment is started for the first time, a hardware unique number of the equipment is read, a public key is read from a trusted storage environment, the built-in batch unified key is read, the public key, the hardware unique number and the batch number are encrypted by the unified key, a registration transaction consisting of the batch number and encryption information is sent to a trusted execution environment for signature, the registration transaction with the signature is sent to the block chain, the block chain firstly obtains the batch key according to the batch number and then decrypts the encryption information, the batch numbers are verified to be the same, meanwhile, the signature information is verified to be signed by the public key, if the batch number is legal, a block chain account is generated according to the hardware unique number, life cycle management is started for the account, and related rights are given to the account. If the result is illegal, the steps are called, and the activation result is returned to the equipment end.
Optionally, performing activation processing on the blockchain by using the device information, and obtaining the trusted entity includes:
acquiring a uniform batch key corresponding to the batch number;
decrypting the encrypted information to obtain a public key and a hardware unique number;
and verifying the signature information by adopting the public key, if the signature passes the verification, generating a primary account corresponding to the terminal equipment based on the hardware unique number, and updating the authority information corresponding to the primary account.
S202: and carrying out account activation and on-chain authority updating on the trusted entity.
Optionally, the account activation and the chain authority update of the trusted entity include:
when an update permission request carrying a hardware unique number is received, transaction validity verification is carried out on the update permission request to obtain a validity verification result;
when the result of the validity check is passed, inquiring an initial account corresponding to the trusted entity based on the hardware unique number, and generating a target authority management strategy based on the inquiry result;
and sending the target authority management strategy to a chain for voting, and determining the updating of the authority according to the obtained voting result and the content of the target authority management strategy after the voting is finished.
S203: when collected data of a trusted entity are received, the collected data are stored to a block chain, wherein the data types comprise data streams and analytic data. .
In another embodiment, after acquiring the data, the terminal device performs a check and listen check on the data, and stores the data in the block chain when the check result is qualified, which specifically includes:
when receiving data, monitoring response content in data interaction according to a data type corresponding mode to obtain message data;
carrying out data preprocessing on the message data to obtain target data;
packaging the target data by adopting a custom format to obtain a packaging message and generate a deposit transaction;
sending the encapsulation message and the hardware unique number into a trusted environment for signing to obtain a signing result;
and verifying the validity of the signature result, the authority corresponding to the trusted entity and the transaction content of the deposit transaction, and if the validity is verified, storing the transaction content of the deposit transaction as collected data to the block chain.
Further, the data preprocessing the message data to obtain the target data includes:
filtering and cleaning the message data to obtain cleaned message data;
and assembling and analyzing the cleaned message data to obtain target data.
In this embodiment, when the registration transaction information of the terminal device is received, the registration transaction included in the registration transaction information is acquired, the registration transaction is activated on the blockchain to obtain the trusted entity, the account activation and the on-chain authority updating are performed on the trusted entity, and when the collected data of the trusted entity is received, the collected data is stored in the blockchain, so that data chaining can be rapidly performed on any terminal device, and the data chaining efficiency and the security of the terminal device are improved.
In an embodiment, after step S203, that is, when the registration transaction information of the terminal device is received, the registration transaction included in the registration transaction information is obtained, and the activation processing is performed on the blockchain by using the registration transaction, so as to obtain the trusted entity, the data uplink method of the terminal device further includes:
if an upgrade firmware package containing signature information sent by a management end is received, carrying out upgrade validity verification on the signature information of the upgrade firmware package;
when the upgrade validity is verified, generating a unique version number of the upgrade firmware package, and storing the firmware upgrade package;
receiving a hardware unique number and a unique version number of an upgrading firmware package sent by a management terminal to obtain trusted entity firmware information to be upgraded;
after the trusted entity is started, the trusted entity builds an inquiry transaction and judges whether the trusted entity needs to be upgraded or not based on the firmware information of the trusted entity to be upgraded;
if the trusted entity needs to be upgraded, acquiring the firmware information of the trusted entity to be upgraded corresponding to the trusted entity, and acquiring a corresponding firmware upgrade package as a target firmware upgrade package based on the unique version number of the upgrade firmware package in the information of the trusted entity to be upgraded;
and adopting the target firmware upgrade package to upgrade the firmware of the trusted entity.
Optionally, the method further includes deregistering the trusted entity, specifically including active deregistration and passive deregistration, where the active deregistration includes:
initiating a logout transaction by carrying a hardware unique number, and sending the transaction to a block chain after the transaction is signed by a private key;
and verifying the transaction validity by the block chain, logging off the account after the verification is passed, canceling the authority of the account, and returning a logging-off result to the terminal equipment.
Wherein, the passive logout flow is as follows:
directly initiating a logout transaction on a block chain by a block chain account administrator through carrying a hardware unique number, and sending the transaction to the block chain after the transaction is signed by a private key;
and verifying the transaction validity by the block chain, logging off the account after the transaction validity is verified, canceling the authority of the account, and returning a logging-off result to the administrator.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Fig. 3 is a schematic block diagram of a data uplink apparatus of a terminal device corresponding to the data uplink method of the terminal device according to the foregoing embodiment. As shown in fig. 3, the data uplink apparatus of the terminal equipment includes a block chain system, which includes a physical registration module 31, a permission update module 32 and a data uplink module 33. The functional modules are explained in detail as follows:
the entity registration module 31 is configured to, when receiving registration transaction information of the terminal device, acquire a registration transaction included in the registration transaction information, and perform activation processing on a blockchain by using the registration transaction to obtain a trusted entity, where the registration transaction carries signature information, a batch number, and encryption information generated in a trusted execution environment;
the authority updating module 32 is used for performing account activation and on-chain authority updating on the trusted entity;
and a data uplink module 33, configured to store the collected data to the blockchain when the collected data of the trusted entity is received, where the data type includes data flow and analytic data.
Optionally, the entity registration module 31 includes:
the batch key acquiring unit is used for acquiring a uniform batch key corresponding to the batch number;
the encrypted information decryption unit is used for decrypting the encrypted information to obtain a public key and a hardware unique number;
and the account authority generating unit is used for verifying the signature information by adopting the public key, generating a primary account corresponding to the terminal equipment based on the hardware unique number if the signature passes the verification, and updating the authority information corresponding to the primary account.
Optionally, the permission updating module 32 includes:
the authority validity verifying unit is used for verifying the transaction validity of the update authority request to obtain a validity verifying result when receiving the update authority request carrying the unique hardware number;
the authority policy generation unit is used for inquiring the primary account corresponding to the trusted entity based on the hardware unique number when the validity check result is passed, and generating a target authority management policy based on the inquiry result;
and the authority updating unit is used for sending the target authority management strategy to the chain for voting, and determining the updating of the authority according to the obtained voting result and the content of the target authority management strategy after the voting is finished.
Optionally, the data uplink apparatus of the terminal device further includes:
the upgrading validity verifying module is used for verifying the upgrading validity of the signature information of the upgrading firmware package if the upgrading firmware package containing the signature information sent by the management terminal is received;
the unique version number generation module is used for generating the unique version number of the firmware upgrading package and storing the firmware upgrading package when the upgrading validity is verified;
the trusted entity information to be upgraded production module is used for receiving the hardware unique number and the unique version number of the upgrade firmware package sent by the management terminal to obtain trusted entity firmware information to be upgraded;
the upgrading judgment module is used for constructing query transaction after the trusted entity is started and judging whether the trusted entity needs to be upgraded or not based on the information of the trusted entity to be upgraded;
the upgrading package obtaining module is used for obtaining the information of the credible entity to be upgraded corresponding to the credible entity if the credible entity needs to be upgraded, and obtaining the corresponding firmware upgrading package as a target firmware upgrading package based on the unique version number of the upgrading firmware package in the information of the credible entity to be upgraded;
and the firmware upgrading module is used for upgrading the firmware of the trusted entity by adopting the target firmware upgrading packet.
The data uplink device of the terminal equipment further comprises the terminal equipment, and the terminal equipment comprises:
the message acquisition module is used for intercepting response content in data interaction according to a data type corresponding mode when data is acquired to obtain message data;
the data preprocessing module is used for preprocessing the message data to obtain target data;
the transaction generation module is used for packaging the target data by adopting a custom format to obtain a packaging message and generating deposit transaction;
the message signature module is used for sending the packaged message and the hardware unique number into a trusted environment for signature to obtain a signature result;
and the data verification storage module is used for verifying the validity of the signature result, the authority corresponding to the trusted entity and the transaction content of the deposit transaction, and storing the transaction content of the deposit transaction to the block chain if the validity verification is passed.
Optionally, the data preprocessing module includes:
the data cleaning unit is used for filtering and cleaning the message data to obtain the cleaned message data;
and the data assembling and analyzing unit is used for assembling and analyzing the cleaned message data to obtain target data.
For specific limitations of the data uplink apparatus of the terminal device, reference may be made to the above limitations of the data uplink method of the terminal device, and details are not described herein again. All or part of the modules in the data uplink device of the terminal equipment can be realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
To solve the above technical problem, an embodiment of the present invention further provides a data uplink system of a terminal device, where the data uplink system of the terminal device includes a hardware layer, a system layer and an application layer, where,
the hardware layer is used for acquiring data and performing trusted execution environment signature on the data, and is communicated with the block chain through a network, and comprises a system operation and monitoring module, a data acquisition and analysis module, a password management and calculation module and a network sending and receiving module;
the system layer is used for controlling the system to normally execute logic and exception processing and analyzing message data;
the application layer comprises a trusted device account management module, a key updating module and an authority updating module and is used for managing accounts, authorities and firmware of the trusted device.
Specifically, the hardware layer can be divided into a system operation and monitoring module, a data acquisition and analysis module, a password management and calculation module, and a network sending and receiving module. The system operation and monitoring module comprises hardware devices and circuits thereof, wherein the hardware devices comprise a CPU, a UART, an RTC, an SD, a GPIO, a USB and the like, the CPU is responsible for executing system operation instructions, the UART is responsible for communicating with external equipment, the RTC is responsible for real-time clock management, the SD is responsible for external storage, the GPIO is responsible for external equipment control, and the USB is responsible for communicating and debugging with an upper computer; the data acquisition and analysis module consists of hardware interfaces such as I2C, SPI, Bluetooth, RS485, CAN, RFID and the like, and CAN interact and communicate with an external data source through the interfaces to achieve the aim of acquiring data; the password management and calculation module consists of a trusted execution environment and a trusted storage environment, the trusted execution environment is responsible for executing password calculation operation in a secure environment, and the trusted storage environment is responsible for securely storing the secret key to prevent the secret key from being stolen; the network sending module is composed of hardware devices such as 2G/4G, Wifi and circuits thereof, wherein the 2G/4G is responsible for communicating with the block chain through a 2G/4G network, and the Wifi is responsible for communicating with the block chain through a Wifi network.
The system layer can be divided into a system operation and monitoring module, a data acquisition and analysis module, a password management and calculation module and a network sending and receiving module. The system operation and monitoring module comprises an operation state machine, a file system, system monitoring, an external drive and other software logics, wherein the operation state machine is responsible for controlling the system to normally execute logics and perform exception handling, the file system is responsible for managing and storing files in a Fat32 format, the system monitoring is responsible for monitoring and tracking the system state in real time, and the external drive is responsible for driving the external hardware so that the external hardware can normally work and interact with a CPU; the data acquisition and analysis module is composed of software logics such as signal monitoring, hardware driving, logic interaction, message analysis and the like, the signal monitoring is responsible for monitoring level signals on a hardware interface so as to trigger related operation logics in time when data arrive, and the hardware driving is responsible for driving the hardware interface so that the hardware interface can work normally and interact with a data source with the same type of hardware interface; the logic interaction module is responsible for realizing interaction logic of a specific communication protocol, and the message analysis module is responsible for disassembling and packaging data messages into physical values with practical significance according to the communication protocol. The password management and calculation module is composed of software logics such as a security signature and a key escrow, wherein the security signature is responsible for sending data to be signed into a trusted execution environment for signing and obtaining a signature result; the key escrow is responsible for generating a public and private key pair in the trusted storage environment through the true random number generator, and acquiring public information such as a public key from the trusted storage environment. The network sending and receiving module is composed of software logics such as HTTP/HTTPS and MQTT, the HTTP/HTTPS is responsible for realizing HTTP and HTTPs protocols, and the MQTT is responsible for realizing an MQTT protocol.
The application layer can be divided into functions of equipment registration activation, equipment account logout, equipment key updating, equipment authority updating, data acquisition and processing, remote upgrading and the like. The equipment registration activation is responsible for activating the equipment on the block chain; the equipment account logout is responsible for logging out the equipment on the block chain; the device key update is responsible for updating keys on the block chain; the device authority updating is responsible for updating the access authority of the device on the block chain; the data acquisition and processing is responsible for acquiring external data and system state data, and sending the external data and the system state data to the block chain for storing the certificate after signature; remote upgrade is responsible for trusted upgrade of devices through a blockchain.
In order to solve the technical problem, the embodiment of the application further provides computer equipment. Referring to fig. 4, fig. 4 is a block diagram of a basic structure of a computer device according to the present embodiment.
The computer device 4 comprises a memory 41, a processor 42, a network interface 43 communicatively connected to each other via a system bus. It is noted that only the computer device 4 having the components connection memory 41, processor 42, network interface 43 is shown, but it is understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead. As will be understood by those skilled in the art, the computer device is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices. The computer equipment can carry out man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch panel or voice control equipment and the like.
The memory 41 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or D interface display memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the memory 41 may be an internal storage unit of the computer device 4, such as a hard disk or a memory of the computer device 4. In other embodiments, the memory 41 may also be an external storage device of the computer device 4, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the computer device 4. Of course, the memory 41 may also include both internal and external storage devices of the computer device 4. In this embodiment, the memory 41 is generally used for storing an operating system installed in the computer device 4 and various types of application software, such as program codes for controlling electronic files. Further, the memory 41 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 42 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 42 is typically used to control the overall operation of the computer device 4. In this embodiment, the processor 42 is configured to execute the program code stored in the memory 41 or process data, such as program code for executing control of an electronic file.
The network interface 43 may comprise a wireless network interface or a wired network interface, and the network interface 43 is generally used for establishing communication connection between the computer device 4 and other electronic devices.
The present application further provides another embodiment, which is to provide a computer-readable storage medium, which stores an interface display program, where the interface display program is executable by at least one processor to cause the at least one processor to execute the steps of the data uplink method of the terminal device as described above.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
It is to be understood that the above-described embodiments are merely illustrative of some, but not restrictive, of the broad invention, and that the appended drawings illustrate preferred embodiments of the invention and do not limit the scope of the invention. This application is capable of embodiments in many different forms and is provided for the purpose of enabling a thorough understanding of the disclosure of the application. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to one skilled in the art that the present application may be practiced without modification or with equivalents of some of the features described in the foregoing embodiments. All equivalent structures made by using the contents of the specification and the drawings of the present application are directly or indirectly applied to other related technical fields, and all the equivalent structures are within the protection scope of the present application.
Claims (10)
1. A data uplink method of a terminal device is applied to a block chain, and the data uplink method of the terminal device comprises the following steps executed by a block chain system:
when the registered transaction information of the terminal equipment is received, acquiring the registered transaction contained in the registered transaction information, and activating the registered transaction on a block chain to obtain a trusted entity, wherein the registered transaction carries signature information, batch number and encryption information generated in a trusted execution environment;
performing account activation and on-chain permission updating on the trusted entity;
when collected data of a trusted entity is received, the collected data is stored to a blockchain, wherein the data types comprise data streams and analytic data.
2. The method for uplink data of a terminal device according to claim 1, wherein the performing activation processing on a block chain using the device information to obtain a trusted entity comprises:
acquiring a uniform batch key corresponding to the batch number;
decrypting the encrypted information to obtain a public key and a hardware unique number;
and verifying the signature of the signature information by adopting the public key, if the signature passes the verification, generating a primary account corresponding to the terminal equipment based on the hardware unique number, and updating the authority information corresponding to the primary account.
3. The method for uplink data of a terminal device according to claim 2, wherein the account activation and uplink permission update for the trusted entity includes:
when an update permission request carrying the hardware unique number is received, transaction validity verification is carried out on the update permission request to obtain a validity verification result;
when the result of the validity check is passed, inquiring a primary account corresponding to the trusted entity based on the hardware unique number, and generating a target authority management strategy based on the inquiry result;
and sending the target authority management strategy to a chain for voting, and determining the updating of the authority according to the obtained voting result and the content of the target authority management strategy after the voting is finished.
4. The method of any one of claims 1 to 3, wherein the method for uplink data of the terminal device, after acquiring the registration transaction included in the registration transaction information and performing activation processing on the blockchain using the registration transaction to obtain a trusted entity when receiving the registration transaction information of the terminal device, further comprises:
if an upgrade firmware package containing signature information sent by a management end is received, carrying out upgrade validity verification on the signature information of the upgrade firmware package;
when the upgrade validity is verified, generating a unique version number of the upgrade firmware package, and storing the firmware upgrade package;
receiving a hardware unique number and a unique version number of an upgrading firmware package sent by a management terminal to obtain trusted entity firmware information to be upgraded;
after the trusted entity is started, the trusted entity actively constructs a query transaction, and judges whether the trusted entity needs to be upgraded or not based on the information of the trusted entity to be upgraded;
if the trusted entity needs to be upgraded, acquiring the firmware information of the trusted entity to be upgraded corresponding to the trusted entity, and acquiring a corresponding firmware upgrade package as a target firmware upgrade package based on the unique version number of the upgrade firmware package in the firmware information of the trusted entity to be upgraded;
and upgrading the firmware of the trusted entity by adopting the target firmware upgrading package.
5. A data uplink method of a terminal device is characterized in that the data uplink method of the terminal device comprises the following steps executed by the terminal device:
when data is acquired, monitoring response content in data interaction according to a data type corresponding mode to obtain message data;
carrying out data preprocessing on the message data to obtain target data;
packaging the target data by adopting a custom format to obtain a packaging message and generate a deposit transaction;
sending the packaging message and the hardware unique number into a trusted environment for signing to obtain a signing result;
and verifying the validity of the signature result, the authority corresponding to the trusted entity and the transaction content of the deposit transaction, and if the validity is verified, storing the transaction content of the deposit transaction as collected data to a block chain.
6. The method for uplink data of a terminal device according to claim 5, wherein the performing data preprocessing on the message data to obtain target data includes:
filtering and cleaning the message data to obtain cleaned message data;
and assembling and analyzing the cleaned message data to obtain the target data.
7. A data uplink system of a terminal device, wherein the data uplink system of the terminal device comprises a hardware layer, a system layer and an application layer, and wherein:
the hardware layer is used for acquiring data and performing trusted execution environment signature on the data, and is communicated with the block chain through a network, and comprises a system operation and monitoring module, a data acquisition and analysis module, a password management and calculation module and a network sending and receiving module;
the system layer is used for controlling the system to normally execute logic and exception processing and analyzing message data;
the application layer comprises a trusted device account management module, a key updating module and an authority updating module and is used for managing accounts, authorities and firmware of the trusted device.
8. A data uplink apparatus of a terminal device, wherein the data uplink apparatus of the terminal device comprises:
the entity registration module is used for acquiring a registration transaction contained in registration transaction information when the registration transaction information of the terminal equipment is received, and activating the registration transaction on a block chain to obtain a trusted entity, wherein the registration transaction carries signature information, batch number and encryption information generated in a trusted execution environment;
the authority updating module is used for carrying out account activation and on-chain authority updating on the trusted entity;
and the data uplink module is used for storing the acquired data to the block chain when the acquired data of the trusted entity is received, wherein the data type comprises data flow and analytic data.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor when executing the computer program implements the data uplink method of the terminal device according to any one of claims 1 to 4, or wherein the processor when executing the computer program implements the data uplink method of the terminal device according to claim 5 or 6.
10. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, implements a data uplink method of a terminal device according to any one of claims 1 to 4, or which, when being executed by the processor, implements a data uplink method of a terminal device according to claim 5 or 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111676903.8A CN114462099A (en) | 2021-12-31 | 2021-12-31 | Data uplink method, system, device, equipment and medium of terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111676903.8A CN114462099A (en) | 2021-12-31 | 2021-12-31 | Data uplink method, system, device, equipment and medium of terminal equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114462099A true CN114462099A (en) | 2022-05-10 |
Family
ID=81407576
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111676903.8A Pending CN114462099A (en) | 2021-12-31 | 2021-12-31 | Data uplink method, system, device, equipment and medium of terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114462099A (en) |
-
2021
- 2021-12-31 CN CN202111676903.8A patent/CN114462099A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109472166B (en) | Electronic signature method, device, equipment and medium | |
| US11240222B2 (en) | Registry apparatus, agent device, application providing apparatus and corresponding methods | |
| US20210350013A1 (en) | Security systems and methods for continuous authorized access to restricted access locations | |
| US9860235B2 (en) | Method of establishing a trusted identity for an agent device | |
| EP3451222B1 (en) | Post-manufacture certificate generation | |
| CN1953375B (en) | Account management in a system and method for providing code signing services | |
| US20080003980A1 (en) | Subsidy-controlled handset device via a sim card using asymmetric verification and method thereof | |
| CN102171971B (en) | Releasing a service on an electronic appliance | |
| CN103929307A (en) | Password input method, intelligent secret key device and client device | |
| WO2018142143A2 (en) | Terminal for conducting electronic transactions | |
| GB2530028A (en) | Registry apparatus, agent device, application providing apparatus and corresponding methods | |
| CN104869114A (en) | Security model for industrial devices | |
| CN103095457A (en) | Login and verification method for application program | |
| CN106936588B (en) | Hosting method, device and system of hardware control lock | |
| CN102111271B (en) | Network security certification method and device thereof | |
| WO2015056009A1 (en) | Method of establishing a trusted identity for an agent device | |
| US10579830B1 (en) | Just-in-time and secure activation of software | |
| CN111628863B (en) | Data signature method and device, electronic equipment and storage medium | |
| TW202137199A (en) | Method of authenticating biological payment device, apparatus, electronic device, and computer-readable medium | |
| US20080229433A1 (en) | Digital certificate based theft control for computers | |
| Cooijmans et al. | Secure key storage and secure computation in Android | |
| US20060272004A1 (en) | Granting an access to a computer-based object | |
| CN114462096A (en) | Block chain-based Internet of things equipment control method and device, computer equipment and storage medium | |
| CN114462099A (en) | Data uplink method, system, device, equipment and medium of terminal equipment | |
| CN111489211A (en) | Billing processing method, billing processing device and billing processing medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |