CN114500088B - Internet of things equipment access authentication method and system based on blockchain and edge calculation - Google Patents
Internet of things equipment access authentication method and system based on blockchain and edge calculation Download PDFInfo
- Publication number
- CN114500088B CN114500088B CN202210166418.4A CN202210166418A CN114500088B CN 114500088 B CN114500088 B CN 114500088B CN 202210166418 A CN202210166418 A CN 202210166418A CN 114500088 B CN114500088 B CN 114500088B
- Authority
- CN
- China
- Prior art keywords
- internet
- authentication
- equipment
- blockchain
- edge gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000004364 calculation method Methods 0.000 title claims abstract description 18
- 238000012795 verification Methods 0.000 claims abstract description 6
- 238000001816 cooling Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 abstract description 4
- 230000008569 process Effects 0.000 description 5
- 230000008901 benefit Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006855 networking Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention discloses an Internet of things equipment access authentication method and system based on blockchain and edge calculation, wherein the method comprises two stages of equipment initial registration and access authentication, and the equipment access authentication stage comprises the following steps: the internet of things device sends an access request, a device ID and an identity certificate to the nearest edge gateway, if the identity certificate exists in the edge gateway, the blockchain side chain and the blockchain main chain, and the authentication module of the edge gateway returns an 'successful access authentication' through a verification protocol, and the access request of the device is passed; otherwise, return "access authentication failed". According to the invention, the access authentication of the Internet of things equipment is completed by utilizing the priority sequences of a plurality of edge nodes, blockchain side chains and blockchain main chains, so that the problems that the throughput of single blockchain authentication is low and different blockchains cannot be authenticated mutually are solved; the plurality of blockchains are mutually not trusted, the problems of large inter-chain communication delay and low bandwidth are solved, the pressure of access authentication of the Internet of things equipment is dispersed, and the authentication efficiency and the security are improved.
Description
Technical Field
The invention relates to the technical field of blockchains, in particular to an access authentication method, an access authentication system and a computer readable medium for Internet of things equipment based on blockchains and edge calculation.
Background
The internet of things (IoT, internet of things) collects any object or process needing to be monitored, connected and interacted in real time through various information sensors, radio frequency identification technology, global positioning system, infrared sensors, laser scanners and other devices and technologies, so that the interconnection and intercommunication of people, machines and objects at any time and any place are realized, and intelligent sensing, identification and management of objects and processes are realized. The intelligent resource allocation method is widely applied to the fields of industry, agriculture, environment, traffic, logistics, security and the like, effectively promotes the intelligent development of the aspects, ensures more reasonable use and allocation of limited resources, and improves the industry efficiency and benefit. The method has the advantages that the method is greatly improved in the aspects of service range, service mode, service quality and the like in the fields of home furnishing, medical health, education, finance, service industry, travel industry and the like which are closely related to life, and the life quality of people is greatly improved.
As an emerging product, the internet of things has more complex architecture, no unified standard and more prominent safety problems in all aspects. For example: the key realization technology is that the RFID is put into an article in advance to achieve a real-time monitoring state, so that the owners of part of the labels tend to be exposed in personal privacy, and the security of personal information is problematic. Not only personal information security, but also cooperation between enterprises and countries is quite common nowadays, and once the network is attacked, the result is rather inconceivable.
In addition, the number of the Internet of things equipment is huge, the throughput of single block chain authentication is low, and different block chains cannot be authenticated mutually; and the block chains have the problems of mutual distrust, large inter-chain communication delay and low bandwidth.
In view of this, an improvement is needed to be made on the existing access authentication mode of the internet of things device, so as to improve the security of the internet of things and improve the efficiency of the access authentication of the internet of things device.
Disclosure of Invention
Aiming at the defects, the technical problem to be solved by the invention is to provide an access authentication method, an access authentication system and a computer readable medium for the Internet of things equipment based on block chain and edge calculation, so as to solve the problems of potential safety hazards and low access authentication efficiency of the Internet of things equipment in the prior art.
Therefore, the invention provides an Internet of things equipment access authentication method based on blockchain and edge calculation, which comprises an equipment initial registration stage and an equipment access authentication stage,
the initial registration stage of the device comprises the following steps:
the method comprises the steps that the Internet of things equipment sends a registration request and an equipment ID of the Internet of things equipment to a registration module of a nearest edge gateway;
if the equipment identity certificate corresponding to the equipment ID exists in the edge gateway, the blockchain side chain and the blockchain main chain, the registration module of the edge gateway returns a registration failure, and a corresponding error code is recorded in a system log; otherwise, generating an identity certificate of the Internet of things equipment according to the equipment ID, writing the identity certificate into a secure storage built in an edge gateway, finishing registration of the Internet of things equipment, and returning a 'registration success';
the device access authentication phase comprises the following steps:
the internet of things equipment sends an access request, an equipment ID and an identity certificate to an authentication module of the nearest edge gateway, if the identity certificate exists in the edge gateway, a blockchain side chain and a blockchain main chain, and through a verification protocol, the internet of things equipment is subjected to access authentication according to an authentication method supported by the equipment identity certificate (such as a challenge-response type protocol based on an X.509 certificate), after the authentication is passed, the edge gateway returns an access authentication success to the internet of things equipment, and the access request of the equipment is passed; if the certificate does not exist or the certificate does not pass, returning an access authentication failure, and recording a corresponding error code in a system log;
the blockchain side chains are formed by a plurality of edge gateways as independent nodes.
In the above method, preferably, the device access authentication phase further includes the steps of: and the authentication module of the edge gateway judges whether the identity certificate of the Internet of things equipment is out of date, if so, the authentication request of the Internet of things equipment is refused, and a corresponding error code is recorded in a system log.
In the above method, preferably, the edge gateway stores a certificate revocation list, and the device access authentication phase further includes the steps of:
and the edge gateway judges whether the identity certificate of the Internet of things equipment is in a certificate revocation list, if so, the authentication request of the Internet of things equipment is refused, and a corresponding error code is recorded in a system log.
In the above method, preferably, determining whether the identity certificate of the internet of things device exists in the edge gateway, the blockchain side chain and the blockchain main chain includes the following steps:
the edge gateway searches whether an identity certificate of the Internet of things equipment exists in the secure storage of the edge gateway, and if so, the edge gateway completes authentication with the Internet of things equipment according to an authentication method supported by the identity certificate;
if the identity certificate does not exist, the edge gateway broadcasts and inquires the identity certificate of the Internet of things equipment to the blockchain side chain where the edge gateway exists, if the identity certificate exists in the blockchain side chain, the identity certificate of the Internet of things equipment is written into the safe storage of the edge gateway, and authentication is completed with the Internet of things equipment according to an authentication method supported by the identity certificate;
if all blockchain side chains added by the edge gateway cannot find the identity certificate of the Internet of things equipment, the edge gateway initiates an identity certificate inquiry of the Internet of things equipment to the blockchain main chain, if the identity certificate of the Internet of things equipment exists on the blockchain main chain, the identity card of the Internet of things equipment is written into a safe storage of the edge gateway, and authentication is completed with the Internet of things equipment according to an authentication method supported by the identity certificate; if the identity certificate of the Internet of things equipment does not exist in the block chain main chain, returning an access authentication failure to the Internet of things equipment, and recording a corresponding error code in a system log.
In the above method, preferably, when the "access authentication failure" is returned to the internet of things device, the time of the authentication failure is recorded, and the access of the internet of things device is continuously denied in the next "authentication failure cooling time" period.
In the above method, preferably, the step of revoking the identity certificate of the internet of things device is as follows:
when the identity certificate of the internet of things equipment is lost or other conditions occur in the validity period, a system administrator can write the relevant identity card into a certificate revocation list, write the certificate revocation list into a blockchain main chain and various side chains, and finally synchronize the certificate revocation list into the safe storage of the edge gateway.
The invention also provides an Internet of things equipment access authentication system based on block chain and edge calculation, which comprises the following steps:
the block chain main chain is arranged at the cloud end and is used for storing an identity certificate of the Internet of things equipment;
the blockchain side chain is used for storing an identity certificate of the Internet of things equipment and consists of a plurality of edge gateways serving as independent nodes;
the registration module is arranged on the edge gateway and used for generating an identity certificate of the Internet of things equipment according to a registration request and an equipment ID of the Internet of things equipment, writing the identity certificate into a secure storage built in the edge gateway and finishing registration of the Internet of things equipment;
the authentication module is arranged on the edge gateway and used for returning 'successful access authentication' or 'failed access authentication' to the Internet of things equipment by judging whether the identity certificate exists in the edge gateway, the blockchain side chain and the blockchain main chain or not and passing a verification protocol according to an authentication request, an equipment ID and the identity certificate of the Internet of things equipment; when authentication fails, a corresponding error code is recorded in the system log.
In the above system, preferably, the edge gateway stores a certificate revocation list, which is used for rejecting an authentication request of the internet of things device according to the identity certificate of the internet of things device when the certificate revocation list is in, and recording a corresponding error code in a system log.
In the above system, preferably, the system further includes a certificate revocation module, configured to write an identity card of the internet of things device into the certificate revocation list, and write the certificate revocation list into the blockchain main chain and each side chain, and finally synchronize the certificate revocation list into the secure storage of the edge gateway.
The invention also provides a computer readable medium, on which a computer program is stored, which when executed by a processor, implements the above-described blockchain and edge calculation-based internet of things device access authentication method.
According to the technical scheme, the access authentication method, the system and the computer readable medium for the Internet of things equipment based on the blockchain and the edge calculation solve the problems of potential safety hazards and low access authentication efficiency of the Internet of things equipment in the prior art. Compared with the prior art, the invention has the following beneficial effects:
firstly, the problem of unique identity of the Internet of things equipment is solved by using a mode of 'blockchain + polygonal edge node fault tolerance + main chain support + PKI certificate', and safety is improved.
Secondly, the pressure of the access authentication of the internet of things equipment is dispersed by utilizing a plurality of edge nodes, so that the authentication efficiency is improved.
Thirdly, the DDoS (distributed denial of service attack) attack is prevented by utilizing a plurality of edge nodes and authentication failure cooling time, so that the safety is improved.
Fourth, finish the apparatus access authentication of the thing networking by using the priority order of a plurality of edge nodes, block chain side chains and block chain main chains, solve the throughput of the authentication of single block chain low, different block chains can't authenticate each other; and the block chains are not trusted, so that the inter-chain communication delay is large and the bandwidth is low.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following description will make brief description and illustrations of the drawings used in the description of the embodiments of the present invention or the prior art. It is obvious that the drawings in the following description are only some embodiments of the present invention and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
FIG. 1 is a flowchart of an initial registration method of an Internet of things device based on blockchain and edge calculation in the invention;
FIG. 2 is a flow chart of an access authentication method of an Internet of things device based on blockchain and edge calculation in the invention;
fig. 3 is a schematic diagram of an internet of things device access authentication system based on blockchain and edge calculation.
Detailed Description
The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present invention, and it is apparent that the embodiments described below are only some embodiments of the present invention, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without making any inventive effort are intended to fall within the scope of the present invention.
In order to make the explanation and the description of the technical solution and the implementation of the present invention clearer, several preferred embodiments for implementing the technical solution of the present invention are described below.
In this document, the terms "inner, outer", "front, rear", and "left, right" are expressions based on the usage status of the product, and it is apparent that the usage of the corresponding terms does not limit the scope of the present solution.
The invention provides an Internet of things equipment access authentication method based on blockchain and edge calculation, which comprises an equipment initial registration stage and an equipment access authentication stage.
As shown in fig. 1, the initial registration phase of the device includes the steps of:
in step 110, the internet of things device sends a registration request and a device ID of the internet of things device to a registration module of the nearest edge gateway.
The device ID may be an internet of things hardware device code, such as an international mobile equipment identity (IMEI, international Mobile Station Equipment Identity) or a mobile equipment identity (MEID, mobile Station Equipment Identifier).
Step 120, the registration module of the edge gateway judges whether an identity certificate corresponding to the equipment ID exists in the edge gateway, the blockchain side chain and the blockchain main chain, if the identity certificate exists, the registration failure is returned to the equipment of the Internet of things, and corresponding error codes are recorded in a system log; otherwise, generating an identity certificate of the Internet of things equipment according to the equipment ID, writing the identity certificate into a secure storage built in the edge gateway, finishing registration of the Internet of things equipment, and returning a 'successful registration'.
As shown in fig. 2, the device access authentication phase includes the steps of:
in step 210, the internet of things device sends an access request, a device ID, and an identity certificate to an authentication module of the nearest edge gateway.
Step 220, the authentication module of the edge gateway judges whether the identity certificate of the internet of things equipment is expired, if so, the authentication request of the internet of things equipment is refused, and a corresponding error code is recorded in a system log to exit authentication; otherwise, step 230 is performed.
Step 230, the authentication module of the edge gateway judges whether the identity certificate of the internet of things device is in a certificate revocation list, if so, the authentication request of the internet of things device is refused, and corresponding error codes are recorded in a system log to exit the authentication; otherwise, step 240 is performed.
The certificate revocation list is stored on the edge gateway and is generated by the operation of revoked identity certificates of the internet of things equipment.
Step 240, the edge gateway uses the device ID to find whether the identity certificate of the internet of things device exists in the secure storage, if the identity certificate exists, the internet of things device is subjected to access authentication according to the authentication method supported by the identity certificate of the device (such as challenge-response type protocol based on the x.509 certificate), after the authentication is passed, the edge gateway returns "access authentication success" to the internet of things device, the authentication is not passed, the edge gateway returns "access authentication failure" to the internet of things device, and corresponding error codes are recorded in the system log; if an identity credential does not exist, step 250 is performed.
Step 250, the edge gateway uses the device ID to broadcast and inquire the identity certificate of the internet of things device to the blockchain side chain where the edge gateway is located, if the identity certificate exists in the blockchain side chain, the identity card of the internet of things device is written into the secure storage of the edge gateway (e.g. trust zone of ARM), and authentication is completed with the internet of things device according to the authentication method supported by the identity certificate; if all blockchain side chains added by the traversal edge gateway itself cannot query the identity certificate of the internet of things device, step 260 is performed.
Step 260, the edge gateway initiates an identity certificate inquiry of the internet of things device to the blockchain main chain by using the device ID, if the identity certificate exists on the blockchain main chain, the identity card of the internet of things device is written into a safe storage of the edge gateway, and authentication is completed with the internet of things device according to an authentication method supported by the identity certificate; if the identity certificate of the Internet of things equipment does not exist in the block chain main chain, returning an 'access authentication failure' to the Internet of things equipment, recording a corresponding error code and a time t of the authentication failure in a system log, and continuously rejecting the access of the Internet of things equipment in a next t1 time period.
Wherein t1 is called as 'authentication failure cooling time', and is a system preset parameter, and can be customized according to different equipment and different security levels, for example, the daily working environment t1 takes 10 minutes, and when the security level is required to be increased, t1 takes 24 hours.
In the invention, if the identity certificate of the equipment of the Internet of things does not exist and the cooling time of authentication failure is not finished, the authentication request of the equipment is refused.
In the invention, the steps of revoking the identity certificate of the internet of things device are as follows:
when the identity certificate of the internet of things equipment is lost or other conditions occur in the validity period, a system administrator can write the identity card of the related internet of things equipment into a certificate revocation list, write the certificate revocation list into a blockchain main chain and each side chain, and finally synchronize the certificate revocation list into the safe storage of the edge gateway. Therefore, after the edge gateway receives the access request and the identity certificate of the internet of things device, the access request of the internet of device is refused because the identity certificate is in the certificate revocation list.
The access management of the Internet of things equipment can be conveniently carried out through the certificate revocation list, and the phenomenon that the Internet of things equipment is falsely used after being lost or some networking equipment is temporarily shielded is avoided.
Based on the method, the invention also provides an internet of things equipment access authentication system based on block chain and edge calculation, as shown in fig. 3, the authentication system comprises:
the block chain main chain is arranged at the cloud end and is used for storing an identity certificate of the Internet of things equipment;
the blockchain side chain is used for storing an identity certificate of the Internet of things equipment and consists of a plurality of edge gateways serving as independent nodes;
the registration module is arranged on the edge gateway and used for generating an identity certificate of the Internet of things equipment according to a registration request and an equipment ID of the Internet of things equipment, writing the identity certificate into a secure storage built in the edge gateway and finishing registration of the Internet of things equipment;
the authentication module is arranged on the edge gateway and used for returning 'successful access authentication' or 'failed access authentication' to the Internet of things equipment to finish equipment access authentication by judging whether the identity certificate exists in the edge gateway, the blockchain side chain and the blockchain main chain or not and passing a verification protocol according to an authentication request, an equipment ID and the identity certificate of the Internet of things equipment; if authentication fails, a corresponding error code is recorded in the system log.
The edge gateway stores a certificate revocation list, and is used for rejecting an authentication request of the internet of things device according to the fact that the identity certificate of the internet of things device is in the certificate revocation list.
The system also comprises a certificate revocation module which is used for writing the identity card of the Internet of things equipment into a certificate revocation list, writing the certificate revocation list into a blockchain main chain and each side chain, and finally synchronizing the certificate revocation list into the safe storage of the edge gateway.
The certificate revocation list and the operation method and specific operation of the certificate revocation module have been described in detail in the foregoing methods, and are not described in detail herein.
The above-mentioned access authentication method of the internet of things device based on blockchain and edge calculation can be implemented as a computer software program. For example, the present invention also provides a computer readable medium having stored thereon a computer program which, when executed by a processor, implements the above-described blockchain and edge calculation based internet of things device access authentication method. The computer program is executed by a processor on the edge gateway.
By combining the description of the specific embodiments, the method, the system and the computer readable medium for authenticating the access of the Internet of things equipment based on the blockchain and the edge calculation have the following advantages compared with the prior art:
firstly, the problem of unique identity of the Internet of things equipment is solved by using a mode of 'blockchain + polygonal edge node fault tolerance + main chain support + PKI certificate', and safety is improved.
Secondly, the pressure of the access authentication of the internet of things equipment is dispersed by utilizing a plurality of edge nodes, so that the authentication efficiency is improved.
Thirdly, the DDoS (distributed denial of service attack) attack is prevented by utilizing a plurality of edge nodes and authentication failure cooling time, so that the safety is improved.
Fourth, finish the apparatus access authentication of the thing networking by using the priority order of a plurality of edge nodes, block chain side chains and block chain main chains, solve the throughput of the authentication of single block chain low, different block chains can't authenticate each other; and the block chains are not trusted, so that the inter-chain communication delay is large and the bandwidth is low.
Finally, it is also noted that the terms "comprises," "comprising," or any other variation thereof, as used herein, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The present invention is not limited to the above-mentioned preferred embodiments, and any person who can learn the structural changes made under the teaching of the present invention can fall within the scope of the present invention if the present invention has the same or similar technical solutions.
Claims (10)
1. The method for authenticating the access of the Internet of things equipment based on blockchain and edge calculation comprises an equipment initial registration stage and an equipment access authentication stage, and is characterized in that:
the initial registration stage of the device comprises the following steps:
the method comprises the steps that the Internet of things equipment sends a registration request and an equipment ID of the Internet of things equipment to a registration module of a nearest edge gateway;
if the equipment identity certificate corresponding to the equipment ID exists in the edge gateway, the blockchain side chain and the blockchain main chain, the registration module of the edge gateway returns a registration failure, and a corresponding error code is recorded in a system log; otherwise, generating an identity certificate of the Internet of things equipment according to the equipment ID, writing the identity certificate into a secure storage built in an edge gateway, finishing registration of the Internet of things equipment, and returning a 'registration success';
the device access authentication phase comprises the following steps:
the method comprises the steps that an internet of things device sends an access request, a device ID and an identity certificate to an authentication module of a nearest edge gateway, if the identity certificate exists in the edge gateway, a blockchain side chain and a blockchain main chain, and through a verification protocol, the internet of things device is subjected to access authentication according to an authentication method supported by the identity certificate of the internet of things device, after the authentication is passed, the edge gateway returns an 'successful access authentication' to the internet of things device, and the access request of the device is passed; if the certificate does not exist or the certificate does not pass, returning an access authentication failure, and recording a corresponding error code in a system log;
the blockchain side chains are formed by a plurality of edge gateways as independent nodes.
2. The method of claim 1, wherein the device access authentication phase further comprises the steps of: and the authentication module of the edge gateway judges whether the identity certificate of the Internet of things equipment is out of date, if so, the authentication request of the Internet of things equipment is refused, and a corresponding error code is recorded in a system log.
3. The method of claim 2, wherein the edge gateway has stored thereon a certificate revocation list, the device access authentication phase further comprising the steps of:
and the edge gateway judges whether the identity certificate of the Internet of things equipment is in a certificate revocation list, if so, the authentication request of the Internet of things equipment is refused, and a corresponding error code is recorded in a system log.
4. The method of claim 1, wherein determining whether an identity credential for the internet of things device exists in the edge gateway, the blockchain side chain, and the blockchain backbone comprises the steps of:
the edge gateway searches whether the identity certificate of the Internet of things equipment exists in the secure storage of the edge gateway, and if so, the edge gateway completes authentication with the Internet of things equipment according to an authentication method supported by the equipment identity certificate;
if the identity certificate does not exist, the edge gateway broadcasts and inquires the identity certificate of the Internet of things equipment to the blockchain side chain where the edge gateway exists, if the identity certificate exists in the blockchain side chain, the identity certificate of the Internet of things equipment is written into the safe storage of the edge gateway, and authentication is completed with the Internet of things equipment according to an authentication method supported by the equipment identity certificate;
if all blockchain side chains added by the edge gateway cannot find the identity certificate of the Internet of things equipment, the edge gateway initiates an identity certificate inquiry of the Internet of things equipment to the blockchain main chain, if the identity certificate of the Internet of things equipment exists on the blockchain main chain, the identity card of the Internet of things equipment is written into a safe storage of the edge gateway, and authentication is completed with the Internet of things equipment according to an authentication method supported by the equipment identity certificate; if the identity certificate of the Internet of things equipment does not exist on the block chain main chain, returning an access authentication failure to the Internet of things equipment, and recording a corresponding error code in a system log.
5. The method of claim 4, further comprising the step of: and returning an 'access authentication failure' to the Internet of things equipment, recording the moment of the authentication failure, and continuously rejecting the access of the Internet of things equipment in the next 'authentication failure cooling time' period.
6. The method of claim 1, wherein the step of revoking the identity certificate of the internet of things device is as follows:
when the identity certificate of the internet of things equipment is lost or other conditions occur in the validity period, a system administrator can write the relevant identity card into a certificate revocation list, write the certificate revocation list into a blockchain main chain and various side chains, and finally synchronize the certificate revocation list into the safe storage of the edge gateway.
7. An internet of things device access authentication system based on blockchain and edge computation, comprising:
the block chain main chain is arranged at the cloud end and is used for storing an identity certificate of the Internet of things equipment;
the blockchain side chain is used for storing an identity certificate of the Internet of things equipment and consists of a plurality of edge gateways serving as independent nodes;
the registration module is arranged on the edge gateway, the Internet of things equipment sends a registration request and an equipment ID of the Internet of things equipment to the registration module of the nearest edge gateway, the registration module returns a registration failure according to the existence of equipment identity certificates corresponding to the equipment ID in the edge gateway, the blockchain side chain and the blockchain main chain, and corresponding error codes are recorded in a system log; otherwise, generating an identity certificate of the Internet of things equipment according to the equipment ID, writing the identity certificate into a secure storage built in an edge gateway, finishing registration of the Internet of things equipment, and returning a 'registration success';
the authentication module is arranged on the edge gateway and used for returning 'successful access authentication' or 'failed access authentication' to the Internet of things equipment by judging whether the identity certificate exists in the edge gateway, the blockchain side chain and the blockchain main chain or not and passing a verification protocol according to an authentication request, an equipment ID and the identity certificate of the Internet of things equipment; if authentication fails, a corresponding error code is recorded in the system log.
8. The system of claim 7, wherein the edge gateway stores a certificate revocation list for rejecting an authentication request of the internet of things device and recording a corresponding error code in a system log when the identity certificate of the internet of things device is in the certificate revocation list.
9. The system of claim 7, further comprising a certificate revocation module for writing an identity card of the internet of things device into the certificate revocation list and into the blockchain backbone and each side chain, ultimately synchronizing the certificate revocation list into the secure store of the edge gateway.
10. A computer readable medium having stored thereon a computer program, which when executed by a processor, implements the blockchain and edge computing based internet of things device access authentication method of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210166418.4A CN114500088B (en) | 2022-02-23 | 2022-02-23 | Internet of things equipment access authentication method and system based on blockchain and edge calculation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210166418.4A CN114500088B (en) | 2022-02-23 | 2022-02-23 | Internet of things equipment access authentication method and system based on blockchain and edge calculation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114500088A CN114500088A (en) | 2022-05-13 |
| CN114500088B true CN114500088B (en) | 2024-02-23 |
Family
ID=81482989
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210166418.4A Active CN114500088B (en) | 2022-02-23 | 2022-02-23 | Internet of things equipment access authentication method and system based on blockchain and edge calculation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114500088B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115297117B (en) * | 2022-10-08 | 2022-12-23 | 中国人民解放军国防科技大学 | Cloud edge-side safe and trusted interactive computing system and device based on block chain |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109981689A (en) * | 2019-04-29 | 2019-07-05 | 清华大学 | Cross-domain logical is isolated by force and safety access control method and device under scenes of internet of things |
| CN112636977A (en) * | 2020-12-23 | 2021-04-09 | 四川虹微技术有限公司 | Internet of things equipment management method, registration method, device and system and electronic equipment |
| CN113162949A (en) * | 2021-05-13 | 2021-07-23 | 北京工业大学 | Cross-domain identity authentication scheme of industrial Internet of things equipment based on block chain |
| CN113938496A (en) * | 2021-10-11 | 2022-01-14 | 上海万向区块链股份公司 | Block chain network method and system based on Internet of things equipment |
| CN113987431A (en) * | 2021-09-26 | 2022-01-28 | 国网信息通信产业集团有限公司北京分公司 | Internet of things terminal identity authentication method based on block chain |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101979586B1 (en) * | 2018-12-19 | 2019-05-17 | 주식회사 마크애니 | IoT DEVICE MANAGED BASED ON BLOCK CHAIN, SYSTEM AND METHOD THEREOF |
| US11902448B2 (en) * | 2018-12-28 | 2024-02-13 | The Flowchain Foundation Limited | Hybrid blockchain architecture with computing pool |
-
2022
- 2022-02-23 CN CN202210166418.4A patent/CN114500088B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109981689A (en) * | 2019-04-29 | 2019-07-05 | 清华大学 | Cross-domain logical is isolated by force and safety access control method and device under scenes of internet of things |
| CN112636977A (en) * | 2020-12-23 | 2021-04-09 | 四川虹微技术有限公司 | Internet of things equipment management method, registration method, device and system and electronic equipment |
| CN113162949A (en) * | 2021-05-13 | 2021-07-23 | 北京工业大学 | Cross-domain identity authentication scheme of industrial Internet of things equipment based on block chain |
| CN113987431A (en) * | 2021-09-26 | 2022-01-28 | 国网信息通信产业集团有限公司北京分公司 | Internet of things terminal identity authentication method based on block chain |
| CN113938496A (en) * | 2021-10-11 | 2022-01-14 | 上海万向区块链股份公司 | Block chain network method and system based on Internet of things equipment |
Non-Patent Citations (1)
| Title |
|---|
| 基于主从链的物联终端可信认证机制;王丰宁;硕士学位论文;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114500088A (en) | 2022-05-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111010376B (en) | Master-slave chain-based Internet of things authentication system and method | |
| US11201778B2 (en) | Authorization processing method, device, and system | |
| US8751791B2 (en) | Method and device for confirming authenticity of a public key infrastructure (PKI) transaction event | |
| CN101163010B (en) | Method of authenticating request message and related equipment | |
| US11546173B2 (en) | Methods, application server, IoT device and media for implementing IoT services | |
| US9774593B2 (en) | Private simultaneous authentication of equals | |
| CN103517273A (en) | Authentication method, managing platform and Internet-of-Things equipment | |
| US10321306B2 (en) | Network device selective synchronization | |
| CN101631113A (en) | Security access control method of wired LAN and system thereof | |
| CN101163000A (en) | Secondary authentication method and system | |
| CN101631114B (en) | Identity authentication method based on public key certificate and system thereof | |
| CN113055363A (en) | Identification analysis system implementation method based on block chain trust mechanism | |
| CN101599967A (en) | Authority control method and system based on the 802.1x Verification System | |
| CN114500088B (en) | Internet of things equipment access authentication method and system based on blockchain and edge calculation | |
| CN115580488B (en) | Vehicle-mounted network message authentication method based on block chain and physical unclonable function | |
| CN111490968A (en) | Block chain technology-based alliance multi-node network identity authentication method | |
| CN114125773A (en) | Vehicle networking identity management system and management method based on block chain and identification password | |
| CN114338242A (en) | Cross-domain single sign-on access method and system based on block chain technology | |
| CN116260656B (en) | Main body trusted authentication method and system in zero trust network based on blockchain | |
| CN116684179A (en) | Equipment identity authentication method, system, equipment and medium based on blockchain | |
| CN103118025A (en) | Single sign-on method based on network access certification, single sign-on device and certificating server | |
| Angelogianni et al. | Comparative evaluation of pki and daa-based architectures for v2x communication security | |
| CN116074061A (en) | Data processing method and device for rail transit, electronic equipment and storage medium | |
| Karthick et al. | Formalization and analysis of a resource allocation security protocol for secure service migration | |
| CN113572844A (en) | Industrial internet identification analysis method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |