CN115085926A - Data acquisition method and system based on block chain and Internet of things data aggregation gateway - Google Patents

Data acquisition method and system based on block chain and Internet of things data aggregation gateway Download PDF

Info

Publication number
CN115085926A
CN115085926A CN202210171036.0A CN202210171036A CN115085926A CN 115085926 A CN115085926 A CN 115085926A CN 202210171036 A CN202210171036 A CN 202210171036A CN 115085926 A CN115085926 A CN 115085926A
Authority
CN
China
Prior art keywords
data
node
request message
message
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210171036.0A
Other languages
Chinese (zh)
Inventor
林宁
郑锐生
曾嘉炜
刘淑霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongtong Service Zhongrui Technology Co ltd
Guangdong Communications Services Co Ltd
Original Assignee
Zhongtong Service Zhongrui Technology Co ltd
Guangdong Communications Services Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongtong Service Zhongrui Technology Co ltd, Guangdong Communications Services Co Ltd filed Critical Zhongtong Service Zhongrui Technology Co ltd
Priority to CN202210171036.0A priority Critical patent/CN115085926A/en
Publication of CN115085926A publication Critical patent/CN115085926A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to the technical field of Internet of things, and provides a data acquisition method and a system based on a block chain and an Internet of things data aggregation gateway, which comprises the following steps: acquiring source-end original data, encrypting the acquired original data by using a public key of a data aggregation gateway, and transmitting the encrypted data to the data aggregation gateway after signing by using a private key; the data aggregation gateway verifies the encrypted data by adopting multi-factor verification; after passing the verification, decrypting by using a private key to obtain original data; the data aggregation gateway encapsulates original data into a request message, encrypts the request message by using a public key of a block link node, signs the request message by using a private key to obtain the encrypted request message, and sends an exchange uplink request to the block link node; the block link node performs signature verification on the received request message, and decrypts the verified request message by using a private key to obtain the request message; and the block link nodes adopt a high-speed consensus algorithm to perform consensus on the decrypted request message.

Description

Data acquisition method and system based on block chain and Internet of things data aggregation gateway
Technical Field
The invention relates to the technical field of Internet of things, in particular to a data acquisition method and system based on a block chain and an Internet of things data aggregation gateway.
Background
In the existing data acquisition method based on the internet of things, data are mainly collected by a mobile terminal, the mobile terminal monitors system information sent by a first base station, the mobile terminal monitors a synchronous signal sent by a second base station, and the mobile terminal determines the link condition of a second communication link between the mobile terminal and the second base station based on the synchronous signal sent by the second base station; in response to determining the link condition of the second communication link, determining, by the mobile terminal, whether the link condition of the second communication link is greater than a first link quality threshold; if the link condition of the second communication link is judged to be larger than the first link quality threshold, the mobile terminal sends a base station addition measurement report to the first base station; in response to receiving the base station addition measurement report, determining, by the first base station, whether the second base station is capable of communicating with the mobile terminal. In a traditional data acquisition method, in order to master more data and ensure continuous updating of the data, more data needs to be collected anytime and anywhere through the internet of things technology, but many pieces of internet of things equipment often cannot receive strong base station signals, and the data of the internet of things equipment is often transmitted without protection and encryption, and under the condition, how to ensure that the internet of things equipment can quickly and safely transmit the data to a base station becomes a very important technical problem.
Disclosure of Invention
The invention provides a data acquisition method based on a block chain and an Internet of things data aggregation gateway and a data acquisition system based on the block chain and the Internet of things data aggregation gateway, aiming at solving the problems that the data of Internet of things equipment in the prior art is too dependent on a base station and the safety of the data and the efficiency of data transmission are difficult to ensure under the condition of weak base station signals.
In order to solve the technical problems, the technical scheme of the invention is as follows:
a data acquisition method based on a block chain and an Internet of things data aggregation gateway comprises the following steps:
s1, collecting source-end original data, encrypting the collected original data by using a public key of the data convergence gateway, and transmitting the encrypted original data to the data convergence gateway after carrying out message signature by using a private key;
s2, the data convergence gateway adopts multi-factor verification to the received encrypted original data for data source verification; after passing the verification, decrypting the encrypted original data by using a private key of the data convergence gateway to obtain the original data;
s3, the data aggregation gateway encapsulates the decrypted original data into a request message, encrypts the request message by using a public key of the block link node, signs the request message by using a private key of the data aggregation gateway to obtain the encrypted request message, and sends an exchange uplink request to the block link node directly connected with the data aggregation gateway;
s4, the block chain link points perform signature verification on the received request message, and the request message passing the signature verification is decrypted by adopting a private key of the block chain link points to obtain a request message;
and S5, the block chain link points adopt a high-speed consensus algorithm to carry out consensus on the decrypted request message, and the storage or execution of the original data on the block chain is completed.
In the technical scheme, the data convergence gateway is additionally arranged at the convergence position of the Internet of things equipment and used for encrypting original data and transmitting the encrypted data in a full transmission link, so that the data transmission mode of the Internet of things is converted from an unprotected state into credible data acquisition through the block chain Internet of things gateway. On the data aggregation gateway of the Internet of things, a Multi-Factor Authentication (Multi-Factor Authentication) mode is adopted to authenticate data sources, and the condition that the acquired information of the Internet of things comes from a credible Internet of things acquisition terminal authenticated through a block chain is ensured.
Further, the invention also provides a data acquisition system based on the block chain and the data convergence gateway of the Internet of things, and the data acquisition system is applied to the data acquisition method. Wherein, data acquisition system includes:
the internet of things acquisition terminal is used for acquiring source end original data; the Internet of things acquisition terminal comprises a CPU with a TEE trusted execution environment, a WiFi communication module and a general input/output module;
the block chain node is used for uploading the original data acquired by the source end to a block chain network, and storing the data after consensus; the block chain node comprises a CPU with a TEE trusted execution environment and an Ethernet communication module;
the data aggregation gateway is used for connecting the Internet of things acquisition terminal and the block link points; the data convergence gateway comprises a CPU with a TEE trusted execution environment, a WiFi communication module and an Ethernet communication module; the data convergence gateway adopts a WiFi communication module to receive encrypted original data sent by an Internet of things acquisition terminal, and adopts an Ethernet communication module to send an exchange uplink request to a block link point directly connected with the data convergence gateway.
Compared with the prior art, the technical scheme of the invention has the beneficial effects that: according to the invention, the data aggregation gateway is additionally arranged between the source end and the block link points, so that the whole process of data encryption transmission of the traditional transmission mode of the Internet of things is changed from an unprotected transparent transmission state into the transmission mode of the data aggregation gateway of the Internet of things, and the integrity and the safety of the acquired data of the Internet of things in the transmission process are effectively guaranteed; through the data convergence gateway of the Internet of things, a multi-factor verification mode is adopted, the source authentication of the collected information of the Internet of things is realized, the collected information of the Internet of things is ensured to come from a credible terminal of the Internet of things, and the possibility of data counterfeiting is reduced.
Drawings
Fig. 1 is a flowchart of a data acquisition method based on a blockchain and an internet of things data aggregation gateway in embodiment 1.
FIG. 2 is a flow chart of data source verification using multi-factor verification in example 2.
Fig. 3 is a flowchart of consensus using a high-speed consensus algorithm for the decrypted request message in embodiment 2.
Fig. 4 is an architecture diagram of a data acquisition system based on a blockchain and an internet of things data aggregation gateway according to embodiment 3.
Detailed Description
The drawings are for illustrative purposes only and are not to be construed as limiting the patent;
it will be understood by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The technical solution of the present invention is further described below with reference to the accompanying drawings and examples.
Example 1
The embodiment provides a data acquisition method based on a block chain and an internet of things data aggregation gateway, and as shown in fig. 1, the data acquisition method is a flowchart of the data acquisition method based on the block chain and the internet of things data aggregation gateway.
The data acquisition method based on the block chain and the internet of things data convergence gateway provided by the embodiment comprises the following steps:
s1, collecting source end original data, encrypting the collected original data by using a public key of the data convergence gateway, and transmitting the encrypted original data to the data convergence gateway after carrying out message signature by using a private key.
S2, the data convergence gateway adopts multi-factor verification to the received encrypted original data for data source verification; after the verification, the encrypted original data is decrypted by using a private key of the data convergence gateway to obtain the original data.
And S3, the data aggregation gateway encapsulates the decrypted original data into a request message, encrypts the request message by using the public key of the block link node, signs the request message by using the private key of the data aggregation gateway to obtain the encrypted request message, and sends a transaction uplink request to any block link node directly connected with the data aggregation gateway.
And S4, the block chain link point performs signature verification on the received trade uplink request, and the trade uplink request passing the signature verification is decrypted by adopting a private key of the block chain node to obtain a request message.
And S5, the block chain link points adopt a high-speed consensus algorithm to carry out consensus on the decrypted request message, and the storage or execution of the original data on the block chain is completed.
In a specific implementation process, the collected source end original data is encrypted in a TEE trusted execution environment; in the data convergence gateway, the encrypted original data is subjected to data source verification and data encryption and decryption processing in a TEE trusted execution environment; in the blockchain node, the received request message is also verified and agreed upon in the TEE trusted execution environment.
In the embodiment, the data gathering gateway is additionally arranged at the gathering position of the source end of the internet of things, the acquired original data is encrypted in the data gathering gateway, the encrypted data is transmitted in the block chain network full transmission link, the data acquisition operation of the internet of things is converted from an unprotected state into credible data acquisition of the block chain internet of things data gathering gateway, and the safety of data acquisition is improved. Further, in the data aggregation gateway, the embodiment adopts multi-factor verification to verify the data source, so as to ensure that the internet of things acquisition information comes from the credible internet of things acquisition terminal passing block chain authentication.
Example 2
The embodiment is further defined on the basis of the data acquisition method based on the block chain and the internet of things data convergence gateway provided in embodiment 1.
The data acquisition method based on the block chain and the internet of things data convergence gateway provided by the embodiment comprises the following steps:
s1, collecting source end original data, encrypting the collected original data by using a public key of the data convergence gateway, and transmitting the encrypted original data to the data convergence gateway after carrying out message signature by using a private key.
In this embodiment, the acquired original data is encrypted and signed in the TEE trusted execution environment.
S2, the data convergence gateway adopts multi-factor verification to the received encrypted original data for data source verification; after the verification, the encrypted original data is decrypted by using a private key of the data convergence gateway to obtain the original data.
In this step, the step of performing data source verification on the received encrypted original data by adopting multi-factor verification includes:
s2.1, the data convergence gateway obtains the MAC Header in a CCMP (Counter CBC-MAC Protocol) frame of the encrypted original data based on the WPA2-PSK Protocol, and obtains the corresponding equipment unique identifier ID through the MAC Header on the block chain 1
S2.2, the data convergence gateway searches a public key of a source end (a message sender) in a memory of the data convergence gateway in a TEE trusted execution environment, uses the public key of the source end to sign and decrypt encrypted original data, performs identity verification on the source end, and executes the step S2.3 after source end identity information is obtained; if the decryption is not possible, the source returns the uplink failure information and goes to step S1.
S2.3, the data convergence gateway searches the corresponding equipment unique identifier ID in the block chain network according to the source end identity information 2 And with the device unique identifier ID obtained from the MAC Header 1 Comparing, and if the comparison is consistent, indicating that the data source verification is passed; otherwise, the data is discarded, and the source end returns the uplink failure information, and the step S1 is skipped.
As shown in fig. 2, a flowchart of data source verification by multi-factor verification in this embodiment is shown.
In the embodiment, the data source verification is performed by adopting multi-factor verification, so that the internet of things collection information can be ensured to come from a credible internet of things collection terminal (source terminal) which passes block chain authentication.
And S3, the data aggregation gateway encapsulates the decrypted original data into a request message, encrypts the request message by using the public key of the block link node, signs the request message by using the private key of the data aggregation gateway to obtain the encrypted request message, and sends an exchange uplink request to the block link node directly connected with the data aggregation gateway.
In this step, the step of encapsulating the decrypted original data into a request message includes: calculating a data abstract D (m) in the original data m, and encapsulating the original data m, the data abstract D (m) and the data convergence gateway signature into a Request message Request.
And S4, the block chain link points perform signature verification on the received Request message Request, confirm the message source, and then decrypt the Request message passing the signature verification by using the private key of the block chain nodes to obtain the unencrypted Request message Request.
And S5, the block chain link points adopt a high-speed consensus algorithm to carry out consensus on the decrypted request message, and the storage or execution of the original data on the block chain is completed.
In this step, the consensus is performed on the decrypted request message by using a high-speed consensus algorithm, which includes:
s5.1, the block chain node encapsulates the Request message which passes the signature verification into a Pre-preamble message, then the Pre-preamble message is signed and broadcasted to other secondary nodes, and the Request message is added into a cache pool of a main node of the current block chain network.
The Request messages Request stored in the cache pool of the main node are sorted by the number Seq thereof. In this embodiment, only the master node has the right to perform the write and delete operations.
When the primary node and the secondary node receive the Pre-prepare message, the Pre-prepare phase is entered.
S5.2, the main node executes a polling operation after updating the known consensus condition, and selects a target auxiliary node n from the auxiliary nodes receiving the Pre-prepare message k
When a polling operation is executed, the method specifically comprises the following steps:
s5.2.1, the master node updates the known consensus condition, wherein the consensus condition comprises the number Seq of the request message; the total number of the secondary nodes is N-1, wherein N is the total number of the nodes of the block chain network; a secondary node number i, wherein i ═ 1, 2.., N-1; check task queue length q of all secondary nodes i (ii) a Calculation reference calculation force h of all secondary nodes i (ii) a Master node polling operationsCounting j; maximum system throughput T of blockchain network max
The number of a first piece of data uploaded by the source end is Seq which is 1, and the Seq is increased by 1 when the source end uploads a piece of data, and the number is not cleared and reset; the secondary node number i is updated at the time of primary node switching.
Check task queue length q of all secondary nodes i Needs to be updated in real time and reported to the main node, and the calculation reference calculation power h of the auxiliary node i And updating when the corresponding node is added into the block chain for the fixed attribute.
The initial value of the polling operation count j of the main node is set to be 0, the data is automatically increased by 1 when the main node executes the sequential polling operation, and the main node is reset by zero clearing after the main node is replaced.
Maximum system throughput T of blockchain network max A high arrangement in the block chain setting is required.
S5.2.2, the master node determines the number i of the currently polled secondary node according to the current polling operation count j, and the expression is as follows:
i=j MOD(N-1)
in the formula, MOD () is a remainder operation function.
S5.2.3 primary node calculating secondary node n i Processing load tq of i =q i /h i
S5.2.4, the master node connects the slave node n i Performance efficiency and maximum system throughput T max And (3) comparison: if tq is satisfied i <1/T max Then with the current secondary node n i As a target secondary node n k (ii) a If tq i ≥1/T max Then, the processing load of other secondary nodes is calculated, and the primary node selects the secondary node with the lowest processing load from the other secondary nodes as the target secondary node n k (ii) a The master node polling operation count j is set to j + 1.
In addition, when there are a plurality of secondary nodes with the smallest processing load, one of the secondary nodes satisfying k-i is selected>0, and the sub-node is set as the target sub-node n k
S5.3, the main node randomly generates a verification character string char and adds the verification character string char into the header of the request message with the number of Seq.
S5.4, the main node packages the number Seq and the verification character string char of the request message into an access token T seq Then, the access token T is used seq To the secondary node n k
S5.5, secondary node n k According to the access token T seq The number Seq in (2) searches a corresponding request message in a cache pool of the main node; if finding that the request message exists, the secondary node n k Will access token T seq The verification character string char in (1) is sent to the main node, the main node verifies the consistency of the verification character string, and when the verification is passed, the main node sends a complete request message to the secondary node n k (ii) a Otherwise, discarding the illegal transaction, returning the uplink failure information to the source end, and jumping to the step S1.
S5.6, auxiliary node n k And after receiving the complete request message, the master node feeds back the complete request message, and deletes the corresponding request message in the cache pool after receiving the feedback.
In this step, the secondary node n k And replying an ACK message to the main node after receiving the complete request message, and deleting the data which is numbered as the Seq in the cache pool after the main node receives the ACK message.
S5.7, auxiliary node n k The consistency check of the data abstract is carried out on the received request message, after the consistency check is passed, the check passing result is packaged into a Prepare message, the Prepare message is signed and then is broadcasted to all nodes in the block chain network, and at the moment, the secondary node n k The verification of a transaction is completed and then the Commit phase validation continues.
Wherein, the secondary node n k The step of performing a consistency check of the data digest on the received request message comprises: and calculating a digest D '(m) in the request message with the sequence number acquired from the cache pool of the master node, comparing the digest D' (m) with a data digest D (m) in the Pre-prepare message, judging that the request message passes the consistency check if the digest D (m) is consistent with the data digest D (m), otherwise, discarding the message, returning uplink failure information to the source end, and skipping to the step S1.
Fig. 3 is a flowchart illustrating consensus on the decrypted request message by using a high-speed consensus algorithm according to this embodiment.
Further, in the Commit stage:
s5.8, when the master node and other auxiliary nodes receive the Prepare message, the node verifies the signature of the Prepare message, and carries out consistency check on the data digest in the Prepare message and the data digest in the Pre-Prepare message, if the data digest does not pass the check, the message is discarded, and if the data digest passes the consistency check, the message is sent to the auxiliary node n k And returning a Prepare message encapsulated with the verification passing.
When the secondary node n k And 2f +1 Prepare messages packaged with verification passing are received, and then a Commit message is broadcasted to the block chain network. Wherein f represents the maximum number of tolerable failure nodes, fault nodes or rogue nodes in the block chain network; the Commit message includes a data digest, raw data, and a node signature.
S5.9, when the main node and other auxiliary nodes receive the Commit message, the signature of the Commit message is verified firstly, the data abstract in the Commit message and the data abstract in the Pre-prepare message are checked for consistency, if the check is not passed, the message is discarded, and if the check is passed, the message is sent to the auxiliary node n k And returning a Commit message encapsulated with the verification passing.
When the secondary node n k When 2f +1 Commit messages packaged with verification pass are received, which indicates that most nodes in the front block chain network reach consensus, the corresponding request operation of the original data of the source end is operated, and the Reply message packaged with the operation result is returned to the source end.
When the source end receives f +1 Reply messages encapsulated with operation results, the request initiated by the source end is proved to have achieved the whole network consensus; otherwise, the source end judges whether to resend the request to the host node.
The Commit message is fed back to represent that one trusted collection of data is completed.
According to the embodiment, a traditional transmission mode of the Internet of things is changed from an unprotected transparent transmission state into a whole-process data encryption transmission mode through the Internet of things data convergence gateway, and the integrity and the safety of the collected data of the Internet of things in the transmission process are guaranteed. Through the internet of things data aggregation gateway, a multi-factor verification mode is adopted, the source authentication of the internet of things collected information is realized, the internet of things collected information is ensured to come from a credible internet of things terminal, and the possibility of data counterfeiting is reduced. And further, data transmitted through the data convergence gateway of the Internet of things is stored in a chain-linked and distributed mode on the block chain, and the integrity and the traceability of the data are guaranteed by means of the non-tampering characteristic of the block chain. According to the method and the device, the credibility and the controllability of the whole process from the original data collected by the source end to the block chain storage can be effectively guaranteed, the problem that the data collected by the Internet of things is possibly tampered is solved, the problem that the authenticity of the data of the source end cannot be guaranteed by the block chain technology is solved, and the credible collection of the data of the Internet of things is guaranteed.
Example 3
The embodiment provides a data acquisition system based on a block chain and an internet of things data aggregation gateway, and applies the data acquisition method based on the block chain and the internet of things data aggregation gateway provided in embodiment 1 or embodiment 2. As shown in fig. 4, an architecture diagram of a data acquisition system based on a blockchain and an internet of things data convergence gateway is provided for this embodiment.
In the data acquisition system based on the block chain and the internet of things data aggregation gateway provided by the embodiment, the data acquisition system comprises an internet of things acquisition terminal, block chain link points and the data aggregation gateway.
The internet of things acquisition terminal in the embodiment is used for acquiring source end original data, and comprises a CPU with a TEE trusted execution environment, a WiFi communication module and a general input/output module (GPIO), and other elements (RAM, NAND, internal bus and the like) for supporting normal operation of the internet of things acquisition terminal.
The block link node in this embodiment is used to upload raw data collected by a source end to a block link network, perform consensus, and store the data, where the block link node includes a CPU with a TEE trusted execution environment and an ethernet communication module.
In this embodiment, a data aggregation gateway is additionally arranged between the internet of things acquisition terminal and the block link points, and is used for connecting the internet of things acquisition terminal and the block link points. The system comprises a CPU with a TEE trusted execution environment, a WiFi communication module and an Ethernet communication module.
The data aggregation gateway in this embodiment adopts WiFi communication module to receive the encrypted raw data sent by the internet of things acquisition terminal, and the data aggregation gateway adopts ethernet communication module to send the transaction cochain request to the block chain link point that is directly connected with the data aggregation gateway.
In a specific implementation process, the acquired original data are transmitted to the internet of things acquisition terminal through the GPIO, and then transmitted to the CPU with the TEE trusted execution environment in the internet of things acquisition terminal through the internal bus of the internet of things acquisition terminal for data processing. Specifically, the acquired original data are encrypted by using a public key of the internet of things data convergence gateway, then message signing is performed by using a private key of the internet of things acquisition terminal, and then the encrypted original data are transmitted to the data convergence gateway through the internal bus of the internet of things acquisition terminal and the WiFi communication module.
The data convergence gateway receives encrypted original data sent by the Internet of things acquisition terminal through a WiFi communication module of the data convergence gateway, acquires an MAC Header in a CCMP frame through a WiFi authentication protocol WPA2-PSK, and acquires a corresponding equipment unique identifier ID through the MAC Header on a block chain 1 . And the encrypted original data is transmitted to a TEE trusted execution environment in a CPU (central processing unit) of the data convergence gateway through an internal bus of the data convergence gateway, and the encrypted original data is subjected to data processing.
Specifically, the data convergence gateway searches a public key of a message sender from a memory of the data convergence gateway in a TEE trusted execution environment of the data convergence gateway, and uses the public key to perform signature decryption so as to verify a signature and confirm the identity of the message sender, thereby realizing identity verification. The data convergence gateway searches the corresponding equipment unique identifier ID on the block chain according to the source end identity information 2 And with a device unique identifier ID 1 And comparing, and if the comparison is consistent, passing the data source verification. And after the identity authentication is passed, decrypting the encrypted message by using a private key of the data convergence gateway to obtain the original data.
The data aggregation gateway encapsulates decrypted original data into a request message in a TEE trusted execution environment, encrypts the request message by using a public key of a block chain node, signs the request message by using a private key of the data aggregation gateway to obtain an encrypted request message, transmits the encrypted request message to an Ethernet communication module of the data aggregation gateway through an internal bus, transmits the encrypted request message to the block chain node directly connected with the data aggregation gateway through the Ethernet, and sends an uplink transaction request to the block chain node.
And after receiving the encrypted request message, the Ethernet communication module in the block chain node transmits the encrypted request message to a CPU of a trusted execution environment to be TEE for data processing through an internal bus of the Ethernet communication module. Specifically, the blockchain node verifies the signature of the request message in its TEE trusted execution environment, confirming the source of the message. And then, the encrypted request message is decrypted by using the private key of the block chain node to obtain the unencrypted request message. And then the block chain link points carry out consensus on the decrypted request message by adopting a high-speed consensus algorithm to finish the storage or execution of the original data on the block chain.
It should be understood that the above-described embodiments of the present invention are merely examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the claims of the present invention.

Claims (10)

1. The data acquisition method based on the block chain and the Internet of things data aggregation gateway is characterized by comprising the following steps:
s1, collecting source-end original data, encrypting the collected original data by using a public key of the data convergence gateway, and transmitting the encrypted original data to the data convergence gateway after carrying out message signature by using a private key;
s2, the data convergence gateway adopts multi-factor verification to the received encrypted original data for data source verification; after the verification is passed, decrypting the encrypted original data by using a private key of the data aggregation gateway to obtain the original data;
s3, the data aggregation gateway encapsulates the decrypted original data into a request message, encrypts the request message by using a public key of the block link node, signs the request message by using a private key of the data aggregation gateway to obtain the encrypted request message, and sends a transaction uplink request to any block link node directly connected with the data aggregation gateway;
s4, the block chain link point performs signature verification on the received trade uplink request, and the trade uplink request passing the signature verification is decrypted by adopting a private key of the block chain node to obtain a request message;
and S5, the block chain link points adopt a high-speed consensus algorithm to carry out consensus on the decrypted request message, and the storage or execution of the original data on the block chain is completed.
2. The data acquisition method based on the blockchain and internet of things data convergence gateway as claimed in claim 1, wherein in the step of S2, the step of performing data source verification on the received encrypted original data by multi-factor verification comprises:
s2.1, the data convergence gateway obtains the MAC Header in the CCMP frame of the encrypted original data based on the WPA2-PSK protocol, and obtains the corresponding equipment unique identifier ID through the MAC Header on the block chain 1
S2.2, the data convergence gateway searches a public key of a source end in a TEE trusted execution environment and a memory of the TEE trusted execution environment, uses the public key of the source end to sign and decrypt encrypted original data, performs identity verification on the source end, and executes the step S2.3 after source end identity information is obtained; if the decryption is impossible, returning uplink failure information to the source end, and jumping to the step S1;
s2.3, the data convergence gateway searches the corresponding equipment unique identifier ID on the block chain according to the source end identity information 2 And with a device unique identifier ID 1 Comparing, and if the comparison is consistent, passing the data source verification; otherwise, the source end returns the uplink failure information and jumps to step S1.
3. The data acquisition method based on the blockchain and internet of things data convergence gateway as claimed in claim 1, wherein in the step of S3, the step of encapsulating the decrypted original data into the request message comprises: calculating a data abstract D (m) in the original data m, and encapsulating the original data m, the data abstract D (m) and the data convergence gateway signature into request information.
4. The data acquisition method based on the blockchain and internet of things data convergence gateway as claimed in claim 3, wherein in the step of S5, the step of consensus on the decrypted request message by using a high-speed consensus algorithm comprises:
s5.1, the block chain node encapsulates the request message passing the signature verification into a Pre-prepare message, then the Pre-prepare message is signed and broadcasted to other nodes, and the request message is added into a cache pool of a main node of the current block chain network;
s5.2, the main node executes a polling operation after updating the known consensus condition, and selects a target auxiliary node n from the auxiliary nodes receiving the Pre-prepare message k
S5.3, the main node randomly generates a verification character string char and adds the verification character string char into the header of the request message;
s5.4, the main node packages the number Seq and the verification character string char of the request message into an access token T seq Then, the access token T is used seq To the secondary node n k
S5.5, secondary node n k According to the access token T seq The serial number Seq in (2) searches a corresponding request message in a cache pool of the main node; if finding that the request message exists, the secondary node n k Will access token T seq The authentication string char in (2) is sent to the primary node,the master node verifies the consistency of the verification character strings, and when the verification is passed, the master node sends a complete request message to the secondary node n k (ii) a Otherwise, returning the uplink failure information to the source end, and jumping to the step S1;
s5.6, auxiliary node n k After receiving the complete request message, the master node feeds back the complete request message, and after receiving the feedback, the master node deletes the corresponding request message in the cache pool;
s5.7, auxiliary node n k Performing consistency check on the data abstract on the received request message, packaging a check passing result into a Prepare message after the consistency check is passed, and broadcasting the Prepare message to all nodes in the block chain network after signing the Prepare message;
s5.8, when the master node and other auxiliary nodes receive the Prepare message, the signature of the Prepare message is verified, the data digest in the Prepare message and the data digest in the Pre-Prepare message are subjected to consistency check, if the data digest in the Prepare message and the data digest in the Pre-Prepare message do not pass the check, the message is discarded, and if the data digest passes the consistency check, the message is sent to the auxiliary node n k Returning a Prepare message encapsulated with the verification passing;
when the secondary node n k If 2f +1 Prepare messages packaged with verification passing are received, broadcasting Commit messages to the block chain network; wherein f represents the maximum number of tolerable failure nodes, fault nodes or rogue nodes in the block chain network;
s5.9, when the main node and other auxiliary nodes receive the Commit message, the signature of the Commit message is verified, the data abstract in the Commit message and the data abstract in the Pre-prepare message are subjected to consistency check, if the data abstract does not pass the check, the message is discarded, and if the data abstract passes the consistency check, the message is sent to the auxiliary node n k Returning a Commit message encapsulated with verification passing;
when the secondary node n k And when 2f +1 Commit messages packaged with the passed verification are received, the block chain network achieves most of consensus and returns Reply messages packaged with the operation results to the source end.
5. The data collection method based on the blockchain and internet of things data convergence gateway as claimed in claim 4, wherein the Commit message comprises a data digest, raw data and a node signature.
6. The data acquisition method based on the blockchain and internet of things data convergence gateway as claimed in claim 4, wherein the step of S5 further comprises the steps of: when the source end receives f +1 Reply messages encapsulated with operation results, the request initiated by the source end achieves the common identification of the whole network; otherwise, the source end judges whether to resend the request to the host node.
7. The data acquisition method based on the blockchain and internet of things data convergence gateway as claimed in claim 4, wherein in the step S5.2, the known consensus condition for updating the master node comprises a number Seq of the request message; the total number of the secondary nodes is N-1, wherein N is the total number of the nodes of the block chain network; a secondary node number i, where i ═ 1, 2., N-1; check task queue length q of all secondary nodes i (ii) a Calculation reference calculation force h of all auxiliary nodes i (ii) a A master node polling operation count j; maximum system throughput T of blockchain network max
8. The data acquisition method based on the blockchain and the internet of things data convergence gateway as claimed in claim 7, wherein in the step S5.2, the step of executing a polling operation after the master node updates the known consensus condition includes:
s5.2.1, updating the known consensus condition by the master node;
s5.2.2, the master node determines the number i of the currently polled secondary node according to the current polling operation count j, and the expression is as follows:
i=j MOD(N-1);
s5.2.3 primary node calculating secondary node n i Processing load tq of i =q i /h i
S5.2.4, the master node connects the slave node n i Performance efficiency and maximum system throughput T max And (3) comparison: if tq is satisfied i <1/T max Then, it is as followsFront minor node n i As a target secondary node n k (ii) a If tq i ≥1/T max Then, the processing load of other secondary nodes is calculated, and the primary node selects the secondary node with the lowest processing load from the other secondary nodes as the target secondary node n k (ii) a The master node polling operation count j is set to j + 1.
9. The data acquisition method based on the blockchain and internet of things data convergence gateway as claimed in claim 4, wherein in the step S5.7, the secondary node n is used as the secondary node k The step of performing a consistency check of the data digest on the received request message comprises: and calculating the abstract D '(m) in the request message with the serial number of Seq acquired from the cache pool of the master node, comparing the abstract D' (m) with the data abstract D (m) in the Pre-prepare message, judging that the consistency check is passed if the abstract D (m) is consistent with the data abstract D (m), otherwise, discarding the message, returning uplink failure information to the source end, and jumping to the step S1.
10. A data acquisition system based on a block chain and an Internet of things data aggregation gateway is applied to the data acquisition method of any one of claims 1 to 9, and is characterized by comprising the following steps:
the internet of things acquisition terminal is used for acquiring source end original data; the Internet of things acquisition terminal comprises a CPU with a TEE trusted execution environment, a WiFi communication module and a general input/output module;
the block chain node is used for uploading the original data acquired by the source end to a block chain network, and storing the data after consensus; the block chain node comprises a CPU with a TEE trusted execution environment and an Ethernet communication module;
the data aggregation gateway is used for connecting the Internet of things acquisition terminal and the block link points; the data convergence gateway comprises a CPU with a TEE trusted execution environment, a WiFi communication module and an Ethernet communication module; the data aggregation gateway adopts WiFi communication module to receive encrypted original data sent by the Internet of things acquisition terminal, and adopts Ethernet communication module to send an exchange chaining request to the block chain link point of the data aggregation gateway direct connection.
CN202210171036.0A 2022-02-23 2022-02-23 Data acquisition method and system based on block chain and Internet of things data aggregation gateway Pending CN115085926A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210171036.0A CN115085926A (en) 2022-02-23 2022-02-23 Data acquisition method and system based on block chain and Internet of things data aggregation gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210171036.0A CN115085926A (en) 2022-02-23 2022-02-23 Data acquisition method and system based on block chain and Internet of things data aggregation gateway

Publications (1)

Publication Number Publication Date
CN115085926A true CN115085926A (en) 2022-09-20

Family

ID=83245999

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210171036.0A Pending CN115085926A (en) 2022-02-23 2022-02-23 Data acquisition method and system based on block chain and Internet of things data aggregation gateway

Country Status (1)

Country Link
CN (1) CN115085926A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115632800A (en) * 2022-12-22 2023-01-20 广东省电信规划设计院有限公司 Internet of things source end data storage method and device based on block chain consensus

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115632800A (en) * 2022-12-22 2023-01-20 广东省电信规划设计院有限公司 Internet of things source end data storage method and device based on block chain consensus

Similar Documents

Publication Publication Date Title
CN109241087B (en) Data processing method and terminal of alliance chain
US10681540B2 (en) Communication network system, transmission node, reception node, and message checking method
Dutta et al. Securing the deluge network programming system
US20120011566A1 (en) System and method for sensor network authentication based on xor chain
CN102474724A (en) Method for securely broadcasting sensitive data in a wireless network
CN111447276A (en) Encryption continuous transmission method with key agreement function
US11558361B2 (en) Communication method between mesh network and cloud server, mesh network system and node device thereof
CN102082664A (en) Network data safety transmission system and network data safety transmission method
Saxena et al. Efficient signature scheme for delivering authentic control commands in the smart grid
TW201628379A (en) Packet transmission device, packet-receiving device, packet transmission program, and packet-receiving program
WO2017004828A1 (en) Method and device for upgrading cryptographic algorithm
CN115085926A (en) Data acquisition method and system based on block chain and Internet of things data aggregation gateway
CN104468074A (en) Method and equipment for authentication between applications
CN1864386A (en) Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains
CN110620776A (en) Data transfer information transmission method and device
CN114830572A (en) Data transmission method, device, equipment, system and storage medium
WO2007035461A2 (en) Changing states of communication links in computer networks in an authenticated manner
CN102422592A (en) Wireless communication apparatus and wireless communication method
CN112714070A (en) Communication method, device, system and storage medium
CN102970134A (en) Method and system for encapsulating PKCS#7 (public-key cryptography standard #7) data by algorithm of hardware password equipment
CN103414703A (en) Safe subscription publishing system and method based on wireless sensor network and cloud computing
Min et al. A secure data aggregation approach in hierarchical wireless sensor networks
Liu et al. A WPKI-based security mechanism for IEEE 802.16 e
JPWO2010032391A1 (en) COMMUNICATION SYSTEM, COMMUNICATION DEVICE, COMMUNICATION METHOD AND PROGRAM USING THEM
Baoyi et al. Research on WSN secure communication method based on digital watermark for the monitoring of electric transmission lines

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination