CN115622719A - Internet of things data processing method, device and system - Google Patents

Internet of things data processing method, device and system Download PDF

Info

Publication number
CN115622719A
CN115622719A CN202110789228.3A CN202110789228A CN115622719A CN 115622719 A CN115622719 A CN 115622719A CN 202110789228 A CN202110789228 A CN 202110789228A CN 115622719 A CN115622719 A CN 115622719A
Authority
CN
China
Prior art keywords
service end
internet
data
things
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110789228.3A
Other languages
Chinese (zh)
Other versions
CN115622719B (en
Inventor
韩宇龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile IoT Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile IoT Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile IoT Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202110789228.3A priority Critical patent/CN115622719B/en
Priority claimed from CN202110789228.3A external-priority patent/CN115622719B/en
Publication of CN115622719A publication Critical patent/CN115622719A/en
Application granted granted Critical
Publication of CN115622719B publication Critical patent/CN115622719B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a method, a device and a system for processing data of an Internet of things, wherein the method comprises the following steps: receiving an access request for requesting to access the data of the Internet of things of a second service end from a first service end, wherein the access request carries a temporary certificate of the second service end, and the temporary certificate adopts an identity private key of the first service end to carry out digital signature; decrypting the temporary certificate by using a decryption private key and verifying the digital signature of the first service end through the block chain system so as to verify the validity of the first service end; after the first service end is verified to be legal, target Internet of things data corresponding to the temporary certificate is obtained through a block chain system and an interplanetary file system IPFS system; and sending the acquired target Internet of things data to a first service end.

Description

Internet of things data processing method, device and system
Technical Field
The invention relates to the technical field of data processing, in particular to a method, a device and a system for processing data of an internet of things.
Background
With the development of the internet of things technology, various internet of things data are increased rapidly, the data volume is larger and larger, and the requirements on data storage, data sharing and data security are higher and higher. At present, data storage, data sharing and data security are performed by adopting a block chain technology, an interplanetary file system (IPFS), an electronic signature technology, a HyperLegger Fabric database and the like.
Regarding the blockchain, the blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, and an encryption algorithm. In a narrow sense, the blockchain is a distributed account book which is a chained data structure formed by combining data blocks in a sequential connection mode according to a time sequence and is guaranteed to be not falsified and not forged in a cryptographic mode. Broadly, the blockchain technique is a completely new distributed infrastructure and computing approach that utilizes blockchain data structures to authenticate and store data, distributed node consensus algorithms to generate and update data, cryptography to secure data transmission and access, and intelligent contracts composed of automated script code to program and manipulate data. From the data perspective, the block chain combines the data blocks in a sequential connection mode into a chain data structure according to the time sequence, and the data structure is guaranteed to be not falsifiable and not to be forged in a cryptographic mode. From a technical perspective, the blockchain technology integrates a plurality of different technologies, and by constructing a blockchain network, each node in the network is allowed to obtain a complete copy of a data block, and updates of the blockchain-based data blocks are maintained based on a consensus mechanism and competition calculation. Therefore, the decentralization and the distrust of data storage and management are realized through an end-to-end network formed by multi-node communication.
With respect to IPFS, IPFS is a network transport protocol intended to create persistent and distributed storage and shared files, which is a content addressable peer-to-peer hypermedia distribution protocol. The nodes in the IPFS network will constitute a distributed file system. IPFS is a peer-to-peer distributed file system that attempts to connect to the same file system for all computing devices. In some respects, IPFS is similar to the world Wide Web, but it can also be viewed as an independent BitTorrent swarm, exchanging objects in the same Git warehouse. IPFS provides a high throughput, content-addressable block storage model, and content-related hyperlinks. This forms a generalized Merkle Directed Acyclic Graph (DAG). IPFS combines a distributed hash table, encouraging block swapping, and a self-authenticating namespace. IPFS has no single point of failure and the nodes do not need to trust each other. Distributed content delivery can save bandwidth and can prevent DDoS attacks that HTTP schemes may encounter.
With respect to electronic signatures, implementation of electronic signature techniques requires the use of asymmetric encryption (e.g., RSA algorithm) and message digest (e.g., HASH algorithm). Asymmetric encryption means that a user has two keys, one is a public key, the other is a private key, the public key is public and can be used by anyone, the private key is secret and can be used by only the user, and the public key and the private key are in a corresponding relationship. The user can encrypt information by using the public key of the other party and transmit the information to the other party, and the other party uses the private key of the other party to unlock the ciphertext. The public and private keys are mutually decrypted and absolutely no third party can be inserted. The message abstract utilizes the HASH algorithm to operate any information to be transmitted to generate a 128-bit message abstract, and different contents of information can generate different message abstracts, so that the message abstract becomes a 'fingerprint' of electronic information.
For asymmetric encryption algorithms, two keys are required for asymmetric encryption algorithms: public keys (public keys for short) and private keys (private keys for short). The public key and the private key are a pair, and if data is encrypted by the public key, the data can be decrypted only by the corresponding private key. This algorithm is called asymmetric encryption algorithm because two different keys are used for encryption and decryption. The basic process of realizing confidential information exchange by the asymmetric encryption algorithm is as follows: the first party generates a pair of secret keys and discloses the public keys, and other roles (the second party) needing to send information to the first party encrypt the confidential information by using the secret keys (the public keys of the first party) and then send the encrypted confidential information to the first party; and the first party decrypts the encrypted information by using the private key of the first party. The method is characterized in that when the party A wants to reply to the party B, the opposite is true, the public key of the party B is used for encrypting data, and similarly, the party B uses the private key of the party B for decrypting. The asymmetric cryptosystem has the characteristics that: the algorithm is complex in strength and security, depends on the algorithm and the secret key, but the encryption and decryption speed is not as fast as the symmetric encryption and decryption speed due to the complex algorithm. The symmetric cryptosystem has only one kind of key and is not public, and if the key is required to be decrypted, the opposite party can know the key. Therefore, the security of the key is ensured, and the asymmetric key body is provided with two keys, wherein one of the two keys is public, so that the key of the other side does not need to be transmitted like a symmetric cipher, and the security is much higher.
With respect to the HyperLegger Fabric database, fabric has two types of databases: one is a ledger and one is a status database. Where the ledger is the actual "blockchain," it is a file-based ledger that stores serialized blocks. Each block has one or more transactions, each transaction containing a read-write set for modifying one or more key/value pairs. Ledgers are the ultimate source of authority and are immutable. The state database holds the last known commit value for any given key, which will be populated when each peer validates and commits the transaction. The state database can always be rebuilt by reprocessing ledgers, there are two state database options: embedded level db or external CouchDB.
However, in the existing data processing method, the internet of things data file plaintext is usually stored in the IPFS, and the encrypted ciphertext of the Hash of the block chain storage-side data file Hash is generated, so that the data security is poor because the whole set of system does not encrypt and store the internet of things data.
Disclosure of Invention
The invention aims to provide a method, a device and a system for processing data of the Internet of things, which solve the problem of poor data security of the Internet of things in the prior art.
In order to achieve the above object, an embodiment of the present invention provides an internet of things data processing method, which is applied to a server and includes:
receiving an access request for requesting to access the data of the Internet of things of a second service end from a first service end, wherein the access request carries a temporary certificate of the second service end, and the temporary certificate adopts an identity private key of the first service end to carry out digital signature;
decrypting the temporary certificate by adopting a decryption private key and verifying the digital signature of the first service end through a block chain system so as to verify the validity of the first service end;
after the first service end is verified to be legal, target Internet of things data corresponding to the temporary certificate is obtained through a block chain system and an interplanetary file system IPFS system;
and sending the acquired target Internet of things data to a first service end.
Optionally, the transient credential comprises at least one of: the data type, the time period, the decryption private key, the identification ID of the second service end, the identification ID of the first service end and the signature of the second service end.
Optionally, obtaining target internet of things data corresponding to the temporary certificate through the blockchain system and the interplanetary file system IPFS system includes:
reading a file Hash corresponding to the data type described in the temporary certificate from the blockchain system;
reading an Internet of things data cipher text corresponding to the file Hash from the IPFS system;
and decrypting the Internet of things data ciphertext by using a decryption private key in the temporary certificate to obtain plaintext target Internet of things data.
Optionally, before receiving, from the first service end, an access request for requesting access to data of the internet of things at the second service end, the method further includes:
and establishing a data sharing protocol between the first service end and the second service end, and issuing the temporary certificate of the second service end to the first service end.
Optionally, before receiving, from the first service end, an access request for requesting access to data of the internet of things at the second service end, the method further includes:
acquiring an encryption and decryption public and private key pair of a server side, wherein the encryption and decryption public and private key pair comprises a decryption private key and an encryption public key;
and locally storing the decryption private key, and sending the encryption public key to the first service end and the second service end.
Optionally, before receiving, from the first service end, an access request for requesting access to data of the internet of things of the second service end, the method further includes:
receiving Internet of things data of Internet of things equipment corresponding to a second service end, wherein the Internet of things data is digitally signed by adopting an identity private key of the second service end;
verifying the digital signature of the second service end through a block chain system so as to verify the validity of the second service end;
and after the second service end is verified to be legal, caching the data of the Internet of things to a corresponding data sequence according to the type of the data of the Internet of things.
Optionally, according to the type of the internet of things data, after caching the internet of things data into a corresponding data sequence, the method further includes:
after a preset interval or after a preset cache capacity is reached, reading an encryption public key of the second service end aiming at the type of the data of the Internet of things from the block chain system;
encrypting the data of the Internet of things by using the read encryption public key, and storing the data in an IPFS system to obtain a corresponding file Hash;
storing the file Hash in the block chain system.
Optionally, a decryption private key for the type of the internet of things data corresponding to the encryption public key for the type of the internet of things data is stored in the second service end.
In order to achieve the above object, an embodiment of the present invention provides an internet of things data processing method, which is applied to a first service end, and includes:
sending an access request for requesting access to the data of the Internet of things of the second service end to the server end, wherein the access request carries a temporary certificate of the second service end, and the temporary certificate carries out digital signature by adopting an identity private key of the first service end;
and receiving target Internet of things data corresponding to the temporary certificate from the server, wherein the target Internet of things data is acquired by the server through the blockchain system and the interplanetary file system IPFS after the server verifies that the first service end is legal.
Optionally, the transient credential comprises at least one of: the data type, the time period, the decryption private key, the identification ID of the second service end, the identification ID of the first service end and the signature of the second service end.
Optionally, before sending, to the server, an access request for requesting access to the data of the internet of things of the second service end, the method further includes:
establishing a data sharing protocol with the second service end;
and receiving the temporary certificate of the second service end.
Optionally, before sending, to the server, an access request for requesting access to the data of the internet of things of the second service end, the method further includes:
and receiving an encrypted public key of a server, wherein a decryption private key corresponding to the encrypted public key of the server is stored in the server.
Optionally, before sending, to the server, an access request for requesting access to the data of the internet of things of the second service end, the method further includes:
obtaining an identity public and private key pair of the first service end, wherein the identity public and private key pair comprises: the identity signature verification public key and the identity signature private key;
locally storing the identity signature private key and sending the identity signature private key to the server;
and sending the identity signature verification public key to the block chain system.
In order to achieve the above object, an embodiment of the present invention provides an internet of things data processing apparatus, applied to a server, including:
the first receiving module is used for receiving an access request for requesting to access the data of the internet of things of the second service end from the first service end, wherein the access request carries a temporary certificate of the second service end, and the temporary certificate adopts an identity private key of the first service end to carry out digital signature;
the first verification module is used for decrypting the temporary certificate by adopting a decryption private key and verifying the digital signature of the first service end through the block chain system so as to verify the validity of the first service end;
the first acquisition module is used for acquiring target Internet of things data corresponding to the temporary certificate through the block chain system and the interplanetary file system IPFS system after the first service end is verified to be legal;
and the first sending module is used for sending the obtained target Internet of things data to the first service end.
Optionally, the transient credential comprises at least one of: the data type, the time period, the decryption private key, the identification ID of the second service end, the identification ID of the first service end and the signature of the second service end.
Optionally, the first obtaining module includes:
a first reading unit, configured to read, from the blockchain system, a file Hash corresponding to a data type described in the temporary certificate;
the second reading unit is used for reading the Internet of things data ciphertext corresponding to the file Hash from the IPFS system;
and the first decryption unit is used for decrypting the Internet of things data ciphertext by using the decryption private key in the temporary certificate to obtain plaintext target Internet of things data.
Optionally, the data processing apparatus of the internet of things further includes:
a first establishing module, configured to establish a data sharing protocol between the first service end and the second service end,
and the second sending module is used for issuing the temporary certificate of the second service end to the first service end.
Optionally, the internet of things data processing apparatus further includes:
the second acquisition module is used for acquiring an encryption and decryption public and private key pair of the server side, wherein the encryption and decryption public and private key pair comprises a decryption private key and an encryption public key;
a first storage module for locally storing the decryption private key,
and the third sending module is used for sending the encrypted public key to the first service end and the second service end.
Optionally, the internet of things data processing apparatus further includes:
the second receiving module is used for receiving the Internet of things data of the Internet of things equipment corresponding to the second service end, and the Internet of things data is digitally signed by adopting the identity private key of the second service end;
the second verification module is used for verifying the digital signature of the second service end through a block chain system so as to verify the validity of the second service end;
and the cache module is used for caching the data of the Internet of things to a corresponding data sequence according to the type of the data of the Internet of things after the second service end is verified to be legal.
Optionally, the internet of things data processing apparatus further includes:
the first reading module is used for reading the encrypted public key of the second service end aiming at the type of the data of the Internet of things from the block chain system after a preset interval or a preset cache capacity is reached;
the encryption module is used for encrypting the data of the Internet of things by adopting the read encryption public key;
the second storage module is used for storing the encrypted Internet of things data in an IPFS system to obtain a corresponding file Hash;
and the third storage module is used for storing the file Hash in the block chain system.
Optionally, a decryption private key for the type of the internet of things data corresponding to the encryption public key for the type of the internet of things data is stored in the second service end.
In order to achieve the above object, an embodiment of the present invention provides an internet of things data processing apparatus, which is applied to a first service end, and includes:
the fourth sending module is used for sending an access request for requesting to access the data of the internet of things of the second service end to the server end, wherein the access request carries a temporary certificate of the second service end, and the temporary certificate adopts the identity private key of the first service end to carry out digital signature;
and the third receiving module is used for receiving target Internet of things data corresponding to the temporary certificate from the server, wherein the target Internet of things data is acquired by the server through the blockchain system and the interplanetary file system IPFS system after the first service end is verified to be legal.
Optionally, the transient credential comprises at least one of: the data type, the time period, the decryption private key, the identification ID of the second service end, the identification ID of the first service end and the signature of the second service end.
Optionally, the data processing apparatus of the internet of things further includes:
the second establishing module is used for establishing a data sharing protocol with the second service end;
and the fourth receiving module is used for receiving the temporary certificate of the second service end.
Optionally, the internet of things data processing apparatus further includes:
and the fifth receiving module is used for receiving the encrypted public key of the server, and a decryption private key corresponding to the encrypted public key of the server is stored in the server.
Optionally, the data processing apparatus of the internet of things further includes:
a third obtaining module, configured to obtain an identity public and private key pair of the first service end, where the identity public and private key pair includes: the identity signature verification public key and the identity signature private key;
a fourth storage module for locally storing the identity signing private key,
a fifth sending module, configured to send the identity signature private key to the server;
and the sixth sending module is used for sending the identity signature verification public key to the block chain system.
To achieve the above object, an embodiment of the present invention provides an internet of things data processing system, including: a server, a first service end, a second service end, a block chain system, an interplanetary file system IPFS system and an Internet of things device,
a first service end sends an access request for requesting to access the data of the Internet of things of a second service end to a server end;
the server receives an access request, wherein the access request carries a temporary certificate of a second service end, and the temporary certificate adopts an identity private key of a first service end to carry out digital signature;
the server side decrypts the temporary certificate by adopting a decryption private key and verifies the digital signature of the first service side through the block chain system so as to verify the validity of the first service side;
after the server side verifies that the first service side is legal, target Internet of things data corresponding to the temporary certificate is obtained through the block chain system and the IPFS system;
the server side sends the acquired target Internet of things data to a first service side;
and the first service end receives target Internet of things data corresponding to the temporary certificate.
To achieve the above object, an embodiment of the present invention provides a readable storage medium, on which a program or instructions are stored, and the program or instructions, when executed by a processor, implement the steps in the data processing method of the internet of things of the server or the first service end as above.
The technical scheme of the invention has the following beneficial effects:
according to the embodiment of the invention, the data sharing authorization is provided in the form of the temporary certificate, so that the data of the Internet of things can be obtained only by submitting the temporary certificate to the server by a compliant owner, and a data visitor can not obtain sensitive and private information such as a decryption private key, and the privacy security is improved.
Drawings
Fig. 1 is a flowchart of a data processing method of the internet of things at a server side in an embodiment of the present invention;
FIG. 2 is a flow chart illustrating a data sharing process according to an embodiment of the present invention;
FIG. 3 is a flow chart illustrating an authorization process according to an embodiment of the present invention;
FIG. 4 is a flow chart illustrating a data storage process according to an embodiment of the present invention;
FIG. 5 is a diagram illustrating a data structure of enterprise identity information, in accordance with an embodiment of the present invention;
fig. 6 is a schematic diagram of a data structure of identity information of an internet of things device according to an embodiment of the present invention;
fig. 7 is a schematic flowchart of a data processing method of the internet of things of the first service end in the embodiment of the present invention;
fig. 8 is a schematic structural diagram of an internet of things data processing device of a server in an embodiment of the present invention;
fig. 9 is a schematic structural diagram of an internet of things data processing apparatus at a first service end in an embodiment of the present invention;
fig. 10 is a system architecture diagram of a physical network data processing system according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments.
It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
In various embodiments of the present invention, it should be understood that the sequence numbers of the following processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
In addition, the terms "system" and "network" are often used interchangeably herein.
In the embodiments provided herein, it should be understood that "B corresponding to a" means that B is associated with a from which B can be determined. It should also be understood that determining B from a does not mean determining B from a alone, but may be determined from a and/or other information.
As shown in fig. 1, the method for processing data of the internet of things according to the embodiment of the present invention is applied to a server, and includes, but is not limited to, the following steps:
step 11: and receiving an access request for requesting to access the data of the Internet of things of the second service end from the first service end, wherein the access request carries a temporary certificate of the second service end, and the temporary certificate adopts the identity private key of the first service end to carry out digital signature.
The first business end corresponds to a first enterprise, the second business end corresponds to a second enterprise, each enterprise has a business end, and the enterprises can apply for accessing the Internet of things data of other enterprises through the business ends. The first service end and the second service end can both be used as data access parties or data sharing parties, in this embodiment, only the first service end is used as a data access party, the second service end is used as a data sharing party, the identities of the first service end and the second service end can be interchanged, and the first service end and the second service end are any two service ends in the data processing system of the internet of things, and are not specific.
Optionally, the transient credential comprises at least one of: the data type, the time period, the decryption private key, the identity ID of the second service end, the identity ID of the first service end and the signature of the second service end, so that the temporary certificate can specify the data type and the time period; and the use time or times can be limited by specifying the validity period of the temporary certificate, so that the data access flexibility is improved.
Step 12: and decrypting the temporary certificate by adopting a decryption private key and verifying the digital signature of the first service end through the block chain system so as to verify the validity of the first service end.
By verifying the validity of the first service end, only the qualified owner is allowed to submit the temporary certificate to the server end to obtain the data of the Internet of things, and the security of data access can be improved.
Step 13: and after the first service end is verified to be legal, acquiring target Internet of things data corresponding to the temporary certificate through the block chain system and the interplanetary file system IPFS system.
The data security can be improved by storing the Internet of things data together by the blockchain system and the IPFS system.
Optionally, step 13 comprises: reading a file Hash corresponding to the data type described in the temporary certificate from the block chain system; reading an Internet of things data cipher text corresponding to the file Hash from the IPFS system; and decrypting the Internet of things data ciphertext by using a decryption private key in the temporary certificate to obtain plaintext target Internet of things data. Therefore, the data file ciphertext of the Internet of things is stored in the IPFS, and the data security is fundamentally improved.
Step 14: and sending the acquired target Internet of things data to a first service end.
Optionally, step 11 is preceded by: and establishing a data sharing protocol of the first service end and the second service end, and issuing the temporary certificate of the second service end to the first service end.
The data sharing process in the data processing method of the internet of things is introduced above, and a more complete data sharing process will be further described with reference to the accompanying drawings.
As shown in fig. 2, the data sharing process includes, but is not limited to, the following steps:
step 21: each enterprise has a business end, and the enterprise applies for accessing the internet of things data of other enterprises, such as accessing the internet of things data of a certain data type and in a certain time period, to the server end.
Step 22: after other enterprises and enterprises reach an agreement, the other enterprises generate the temporary certificate through the business terminal and issue the temporary certificate to the enterprises. The temporary certificate comprises a data type, a time period, a decryption private key, a data sharing party ID, a data accessing party ID, a data sharing party signature and the like.
Step 23: the enterprise submits the temporary certificate to the server and digitally signs the temporary certificate by using the identity private key.
Step 24: the server side uses the block chain to verify the validity of the enterprise identity, analyzes and verifies the temporary certificate, for example, the server side decryption private key is used to decrypt the temporary certificate, and the block chain is used to verify the digital signature of the certificate issuer in the temporary certificate.
Step 25: and the server reads the file Hash corresponding to the data type described in the temporary certificate from the blockchain.
Step 26: and the server side reads the Internet of things data ciphertext corresponding to the file Hash from the IPFS system.
Step 27: and the server decrypts the ciphertext by using the decryption private key in the temporary certificate to obtain the plaintext original Internet of things data.
Step 28: and the server returns the plaintext original Internet of things data to the enterprise.
Optionally, the data processing method of the internet of things in the embodiment of the present invention further includes an authorization process in addition to the data sharing process, so as to ensure that only authorized devices and service terminals can access the system, and improve the security of the system.
Optionally, before step 11, the method further comprises: acquiring an encryption and decryption public and private key pair of a server, wherein the encryption and decryption public and private key pair comprises a decryption private key and an encryption public key; and storing the decryption private key locally, and sending the encrypted public key to the first service end and the second service end. Therefore, the private key for decryption is only stored in the server side and not stored in the data access side (the first service side), and the privacy security can be guaranteed.
The authorization process of the present invention is briefly introduced above, and a more complete authorization process will be further described with reference to the accompanying drawings.
As shown in fig. 3, the authorization process includes, but is not limited to, the following steps:
step 31: and generating an identity public and private key pair of the equipment of the Internet of things, the enterprise business end and the server end by using a third-party security mechanism, a block chain or the server end.
Step 32: the Internet of things equipment, the enterprise business end and the server end locally store the identity private key, and the block chain storage card corresponds to the identity public key.
Step 33: and generating a public and private key pair for encryption and decryption of the server by using a third-party security mechanism, a block chain or the server.
Step 34: the server side locally stores the decryption private key and distributes the encryption public key to all enterprise service sides.
Step 35: and generating an encryption and decryption public and private key pair for each data type by the enterprise business side by using a third-party security mechanism, a block chain or a server side.
Step 36: the enterprise business end locally stores the decryption private key, and the block chaining certificate corresponds to the encryption public key.
In the embodiment, the identity information of the IOT equipment and the enterprise service end is stored by using the block chain and an identity verification mechanism is provided, so that only authorized equipment and the service end can be accessed into the system, and the system safety is improved.
Optionally, the data processing method of the internet of things in the embodiment of the present invention further includes a data storage process in addition to the data sharing process and the authorization process, so as to ensure that only authorized devices can store data, and improve the security of the system.
Optionally, before step 11, the method further comprises: receiving Internet of things data of the Internet of things equipment corresponding to the second service end, wherein the Internet of things data is digitally signed by adopting an identity private key of the second service end; verifying the digital signature of the second service end through the block chain system so as to verify the validity of the second service end; and after the second service end is verified to be legal, caching the data of the Internet of things to a corresponding data sequence according to the type of the data of the Internet of things.
Optionally, after caching the internet of things data into a corresponding data sequence according to the type of the internet of things data, the method further includes:
after a preset time interval or after a preset cache capacity is reached, reading an encryption public key of the second service end aiming at the type of the data of the Internet of things from the block chain system; encrypting the data of the Internet of things by using the read encryption public key, and storing the data in an IPFS system to obtain a corresponding file Hash; the file Hash is stored in the blockchain system. Therefore, the data file ciphertext of the Internet of things is stored in the IPFS, and the data security is fundamentally improved.
Optionally, a decryption private key for the type of the data of the internet of things corresponding to the encryption public key for the type of the data of the internet of things is stored in the second service end.
The data storage process is briefly described above, and a more complete data storage process is further described below with reference to the accompanying drawings.
As shown in fig. 4, the data storage process includes, but is not limited to:
step 41: each enterprise has a plurality of internet of things devices, and the internet of things devices upload internet of things data to the server and use the identity private key to attach a digital signature.
Step 42: and the server side verifies the identity validity of the equipment of the Internet of things by using the block chain. Namely, the server obtains the identity public key of the internet of things device from the block chain and verifies and signs the digital signature by using the public key.
Step 43: if the signature passes the check, the server caches the legal data according to the data type and enters different sequences.
And step 44: and after the preset time interval or the preset cache capacity is reached, the server side reads the encryption public key of the corresponding enterprise and the corresponding data type from the block chain and encrypts the cached data series.
Step 45: and the server side stores the ciphertext in the IPFS system and obtains the file Hash.
Step 46: and the server side stores the file Hash in the block chain.
In the embodiment of the invention, when the internet of things equipment uploads data, the identity authentication only uses the block chain query type operation (without consensus authentication), and only the process that the server writes the cache data into the IPFS uses the block chain invoke type operation (with consensus authentication), so that the system safety is improved and the system concurrency capability is ensured.
In the embodiment of the present invention, the data structure of the block chain stores 2 types of identity information data structures: an enterprise identity information data structure and an equipment identity information data structure.
One possible enterprise identity information data structure is shown in fig. 5. Wherein "Business description" describes a Business introduction; the 'enterprise identity public key' describes enterprise identity verification information; "data type and encrypted public key, file Hash mapping" describes a list (list), each element of the list is a mapping (map), the key (key) of the mapping is the data type, the value (value) is a mapping and the mapping includes the encrypted public key and the file Hash.
One possible device identity information data structure is shown in fig. 6. Wherein "device description" describes a device introduction; "Enterprise identity ID" describes to which enterprise the device belongs; the "device identity public key" describes device authentication information.
In addition, the temporary certificate in the embodiment of the present invention is encrypted information that is encrypted by using the server-side encryption public key, and the encrypted content includes a data type, a time period, a decryption private key, a data sharing party ID, a data accessing party ID, a data sharing party signature, and the like.
In the embodiment of the invention, enterprise A applies for accessing the Internet of things data of enterprise B, and needs the temporary certificate provided by enterprise B. After receiving the temporary certificate, the server decrypts the encrypted information by using a server decryption private key to obtain a plaintext comprising a data type, a time period, a decryption private key, a data sharing party ID, a data accessing party ID, a data sharing party signature and the like; then, the signature of the data sharing party is verified through the identity public key of the data sharing party of the block chain certificate; and after the signature verification is passed, obtaining a plaintext corresponding to the Internet of things data ciphertext in the corresponding IPFS according to the data type, the time period and the decryption private key. Therefore, the data of the Internet of things can be obtained only by submitting the temporary certificate to the server side by the compliant owner, and the temporary certificate can specify the data type and the time period so as to improve the flexibility of data sharing.
According to the data processing method of the Internet of things, the data sharing authorization is provided in the form of the temporary certificate, it is guaranteed that the data of the Internet of things can be obtained only when a compliant owner submits the temporary certificate to the server side, and a data visitor cannot obtain sensitive and private information such as a decryption private key, so that privacy safety is improved.
The data processing method of the internet of things of the embodiment of the present invention is introduced from the server side, and the data processing method of the internet of things of the first service side will be further described with reference to the accompanying drawings.
As shown in fig. 7, the data processing method of the internet of things according to the embodiment of the present invention is applied to a first service end, and includes, but is not limited to, the following steps:
step 71: and sending an access request for requesting to access the data of the Internet of things of the second service end to the server end, wherein the access request carries a temporary certificate of the second service end, and the temporary certificate adopts the identity private key of the first service end to carry out digital signature.
Step 72: and receiving target Internet of things data corresponding to the temporary certificate from the server, wherein the target Internet of things data is acquired by the server through the blockchain system and the interplanetary file system IPFS after the first service end is verified to be legal.
Optionally, the transient credential comprises at least one of: the method comprises the steps of data type, time period, decryption private key, identification ID of a second service end, identification ID of a first service end and signature of the second service end.
Optionally, before step 71, the method further comprises: establishing a data sharing protocol with a second service end; and receiving the temporary certificate of the second service end.
Optionally, before step 71, the method further comprises: and receiving the encrypted public key of the server, and storing a decryption private key corresponding to the encrypted public key of the server in the server.
Optionally, before step 71, the method further comprises: obtaining an identity public and private key pair of a first service end, wherein the identity public and private key pair comprises: the identity signature verification public key and the identity signature private key; the identity signature private key is stored locally, and the identity signature private key is sent to the server side; and sending the identity signature verification public key to the block chain system.
The embodiment of the first service end side corresponds to the embodiment of the method of the service end side, all implementation modes of the embodiment of the method of the service end side are applicable to the embodiment and can achieve similar technical effects, the embodiment of the invention provides data sharing authorization in a temporary certificate mode, and ensures that only a compliant owner submits the temporary certificate to the service end to obtain the data of the internet of things, and a data visitor cannot obtain sensitive and private information such as a decryption private key, so that the privacy security is improved.
The internet of things data processing method of the server and the first service end is introduced above, and the corresponding apparatuses will be further described in the following embodiment with reference to the accompanying drawings.
As shown in fig. 8, an embodiment of the present invention provides an internet of things data processing apparatus 800, which is applied to a server, and includes but is not limited to the following functional modules:
a first receiving module 810, configured to receive, from a first service end, an access request for requesting access to data of the internet of things of a second service end, where the access request carries a temporary certificate of the second service end, and the temporary certificate is digitally signed by using an identity private key of the first service end;
the first verification module 820 is configured to decrypt the temporary certificate with the decryption private key and verify the digital signature of the first service end through the blockchain system, so as to verify the validity of the first service end;
the first obtaining module 830 is configured to obtain, after verifying that the first service end is legal, target internet of things data corresponding to the temporary certificate through the blockchain system and the interplanetary file system IPFS system;
the first sending module 840 is configured to send the obtained target internet of things data to the first service end.
Optionally, the transient credential comprises at least one of: the method comprises the steps of data type, time period, decryption private key, identification ID of a second service end, identification ID of a first service end and signature of the second service end.
Optionally, the first obtaining module 830 includes:
the first reading unit is used for reading a file Hash corresponding to the data type described in the temporary certificate from the blockchain system;
the second reading unit is used for reading an Internet of things data ciphertext corresponding to the file Hash from the IPFS system;
and the first decryption unit is used for decrypting the Internet of things data ciphertext by using the decryption private key in the temporary certificate to obtain the target Internet of things data of the plaintext.
Optionally, the internet of things data processing apparatus 800 further includes:
a first establishing module for establishing a data sharing protocol between a first service end and a second service end,
and the second sending module is used for issuing the temporary certificate of the second service end to the first service end.
Optionally, the internet of things data processing apparatus 800 further includes:
the second acquisition module is used for acquiring an encryption and decryption public and private key pair of the server, wherein the encryption and decryption public and private key pair comprises a decryption private key and an encryption public key;
a first storage module for locally storing the decryption private key,
and the third sending module is used for sending the encrypted public key to the first service end and the second service end.
Optionally, the internet of things data processing apparatus 800 further includes:
the second receiving module is used for receiving the Internet of things data of the Internet of things equipment corresponding to the second service end, and the Internet of things data is digitally signed by adopting an identity private key of the second service end;
the second verification module is used for verifying the digital signature of the second service end through the block chain system so as to verify the validity of the second service end;
and the cache module is used for caching the data of the Internet of things to a corresponding data sequence according to the type of the data of the Internet of things after the second service end is verified to be legal.
Optionally, the internet of things data processing apparatus 800 further includes:
the first reading module is used for reading the encrypted public key of the second service end aiming at the type of the data of the Internet of things from the block chain system after a preset interval or a preset cache capacity is reached;
the encryption module is used for encrypting the data of the Internet of things by using the read encryption public key;
the second storage module is used for storing the encrypted Internet of things data in an IPFS system to obtain a corresponding file Hash;
and the third storage module is used for storing the file Hash in the block chain system.
Optionally, a decryption private key for the type of the data of the internet of things corresponding to the encryption public key for the type of the data of the internet of things is stored in the second service end.
As shown in fig. 9, an embodiment of the present invention further provides an internet of things data processing apparatus 900, which is applied to a first service end, and includes but is not limited to the following functional modules:
a fourth sending module 910, configured to send, to the server, an access request for requesting access to data of the internet of things at the second service end, where the access request carries a temporary certificate at the second service end, and the temporary certificate performs digital signature by using an identity private key at the first service end;
the third receiving module 920 is configured to receive, from the server, target internet of things data corresponding to the temporary certificate, where the target internet of things data is obtained by the server through the blockchain system and the interplanetary file system IPFS system after the server verifies that the first service end is legal.
Optionally, the transient credential comprises at least one of: the method comprises the steps of data type, time period, decryption private key, identification ID of a second service end, identification ID of a first service end and signature of the second service end.
Optionally, the internet of things data processing apparatus 900 further includes:
the second establishing module is used for establishing a data sharing protocol with a second service end;
and the fourth receiving module is used for receiving the temporary certificate of the second service end.
Optionally, the internet of things data processing apparatus 900 further includes:
and the fifth receiving module is used for receiving the encrypted public key of the server, and a decryption private key corresponding to the encrypted public key of the server is stored in the server.
Optionally, the internet of things data processing apparatus 900 further includes:
a third obtaining module, configured to obtain an identity public and private key pair of the first service end, where the identity public and private key pair includes: the identity signature verification public key and the identity signature private key;
a fourth storage module for locally storing the identity signing private key,
the fifth sending module is used for sending the identity signature private key to the server;
and the sixth sending module is used for sending the identity signature verification public key to the block chain system.
With the above description of the data processing method and apparatus for the internet of things according to the embodiments of the present invention, a data processing system for the internet of things will be further described with reference to the accompanying drawings.
As shown in fig. 10, the data processing system of the internet of things according to the embodiment of the present invention includes: a service end, a first service end, a second service end, a block chain system, an interplanetary file system IPFS system and Internet of things equipment, wherein,
a first service end sends an access request for requesting to access the data of the Internet of things of a second service end to a server end;
the server receives an access request, wherein the access request carries a temporary certificate of a second service end, and the temporary certificate adopts an identity private key of a first service end to carry out digital signature;
the server side decrypts the temporary certificate by adopting a decryption private key and verifies the digital signature of the first service side through the block chain system so as to verify the validity of the first service side;
after the server side verifies that the first service side is legal, target Internet of things data corresponding to the temporary certificate is obtained through the blockchain system and the IPFS system;
the server side sends the acquired target Internet of things data to a first service side;
and the first service end receives target Internet of things data corresponding to the temporary certificate.
The embodiment of the invention provides an Internet of things data processing system which mainly comprises a block chain system, an IPFS system, a server, a plurality of service ends (a first service end, a second service end and the like) and a plurality of Internet of things devices and is mainly used for enterprise management of massive Internet of things data and multi-party data sharing. The main process comprises a data storage process and a data sharing process, wherein the data storage process comprises the following steps: each enterprise has a plurality of pieces of Internet of things equipment, and the Internet of things equipment uploads Internet of things data to a server; the server side verifies the identity validity of the Internet of things equipment by using the block chain, and caches the valid data according to the data type to enter different sequences; after a preset time interval or preset cache capacity is reached, the server side encrypts cache data by using the encryption public keys of the corresponding service sides (one service side corresponds to one enterprise) and the corresponding data types stored in the block chain; and the server side stores the ciphertext in the IPFS system and obtains a file Hash, and then stores the file Hash in the block chain. The data sharing process comprises the following steps: each enterprise has a business end, and applies for accessing the Internet of things data of other enterprises in a certain data type and a certain time period through the business end; the enterprise firstly obtains a temporary certificate (the temporary certificate comprises a data type, a time period, a decryption private key, a data sharing party ID, a data accessing party ID, a data sharing party signature and the like) of the enterprise applying for accessing the data, and submits the temporary certificate to a server; the service end uses the block chain to verify the identity validity of the service end (or called as an enterprise), and analyzes and verifies the temporary certificate; the server side reads a file Hash corresponding to the data type described in the temporary certificate from the blockchain; the server side reads an internet of things data ciphertext corresponding to the file Hash from the IPFS system; the server decrypts the ciphertext by using the decryption private key of the temporary certificate, and obtains plaintext original Internet of things data; and the server side returns the plaintext original Internet of things data to the corresponding service side (enterprise).
The device and the system for processing the data of the internet of things in the embodiment of the invention correspond to the method embodiment, the implementation modes of the method embodiment can be suitable for the device and the system embodiment, the same technical effect can be achieved, the data sharing authorization is provided in the form of the temporary certificate, and the data of the internet of things can be obtained only when a compliant owner submits the temporary certificate to the server; the data visitor cannot get sensitive and private information such as the decryption private key, and therefore privacy security is improved.
The readable storage medium of the embodiment of the present invention stores a program or an instruction thereon, and the program or the instruction, when executed by the processor, implements the steps in the data processing method for the internet of things as described above, and can achieve the same technical effect, and in order to avoid repetition, the detailed description is omitted here.
The readable storage medium includes a computer readable storage medium, such as a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
It is further noted that the terminals described in this specification include, but are not limited to, smart phones, tablets, etc., and that many of the functional components described are referred to as modules in order to more particularly emphasize their implementation independence.
In embodiments of the present invention, modules may be implemented in software for execution by various types of processors. An identified module of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions which may, for instance, be constructed as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different bits which, when joined logically together, comprise the module and achieve the stated purpose for the module.
Indeed, a module of executable code may be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices. Likewise, operational data may be identified within the modules and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different storage devices, and may exist, at least partially, merely as electronic signals on a system or network.
When a module can be implemented by software, considering the level of existing hardware technology, a module implemented by software may build a corresponding hardware circuit to implement a corresponding function, without considering cost, and the hardware circuit may include a conventional Very Large Scale Integration (VLSI) circuit or a gate array and an existing semiconductor such as a logic chip, a transistor, or other discrete components. A module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.
The exemplary embodiments described above are described with reference to the drawings, and many different forms and embodiments of the invention may be made without departing from the spirit and teachings of the invention, and therefore, the invention should not be construed as limited to the exemplary embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. In the drawings, the size and relative sizes of elements may be exaggerated for clarity. The terminology used herein is for the purpose of describing particular example embodiments only and is not intended to be limiting. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. Unless otherwise indicated, a range of values, when stated, includes the upper and lower limits of the range, and any subranges therebetween.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (17)

1. A data processing method of the Internet of things is applied to a server and is characterized by comprising the following steps:
receiving an access request for requesting to access data of the internet of things of a second service end from a first service end, wherein the access request carries a temporary certificate of the second service end, and the temporary certificate adopts an identity private key of the first service end to carry out digital signature;
decrypting the temporary certificate by adopting a decryption private key and verifying the digital signature of the first service end through a block chain system so as to verify the validity of the first service end;
after the first service end is verified to be legal, target Internet of things data corresponding to the temporary certificate is obtained through the block chain system and the interplanetary file system IPFS;
and sending the acquired target Internet of things data to the first service end.
2. The data processing method of the internet of things as claimed in claim 1, wherein the temporary certificate comprises at least one of: the data type, the time period, the decryption private key, the identification ID of the second service end, the identification ID of the first service end and the signature of the second service end.
3. The data processing method of the internet of things as claimed in claim 2, wherein obtaining target internet of things data corresponding to the temporary certificate through the blockchain system and the interplanetary file system IPFS system comprises:
reading a file Hash corresponding to the data type described in the temporary certificate from the blockchain system;
reading an Internet of things data ciphertext corresponding to the file Hash from the IPFS system;
and decrypting the Internet of things data ciphertext by using a decryption private key in the temporary certificate to obtain plaintext target Internet of things data.
4. The data processing method of the internet of things of claim 1, wherein before receiving the access request for requesting access to the data of the internet of things of the second service end from the first service end, the method further comprises:
and establishing a data sharing protocol of the first service end and the second service end, and issuing a temporary certificate of the second service end to the first service end.
5. The method for processing data in the internet of things of claim 1, wherein before receiving an access request for requesting access to the data in the internet of things of the second service end from the first service end, the method further comprises:
acquiring an encryption and decryption public and private key pair of a server, wherein the encryption and decryption public and private key pair comprises a decryption private key and an encryption public key;
and locally storing the decryption private key, and sending the encryption public key to the first service end and the second service end.
6. The method for processing data in the internet of things of claim 1, wherein before receiving an access request for requesting access to the data in the internet of things of the second service end from the first service end, the method further comprises:
receiving Internet of things data of Internet of things equipment corresponding to a second service end, wherein the Internet of things data is digitally signed by adopting an identity private key of the second service end;
verifying the digital signature of the second service end through a block chain system so as to verify the validity of the second service end;
and after the second service end is verified to be legal, caching the data of the Internet of things to a corresponding data sequence according to the type of the data of the Internet of things.
7. The data processing method of the internet of things as claimed in claim 6, wherein caching the internet of things data after the corresponding data sequence according to the type of the internet of things data further comprises:
after a preset interval or after a preset cache capacity is reached, reading an encryption public key of the second service end aiming at the type of the data of the Internet of things from the block chain system;
encrypting the data of the Internet of things by using the read encryption public key, and storing the data in an IPFS system to obtain a corresponding file Hash;
storing the file Hash in the block chain system.
8. The data processing method of the internet of things of claim 7, wherein a decryption private key for the type of the internet of things data corresponding to the encryption public key for the type of the internet of things data is stored in the second service end.
9. A data processing method of the Internet of things is applied to a first service end and is characterized by comprising the following steps:
sending an access request for requesting to access the data of the internet of things of a second service end to a server end, wherein the access request carries a temporary certificate of the second service end, and the temporary certificate adopts an identity private key of the first service end to carry out digital signature;
and receiving target Internet of things data corresponding to the temporary certificate from the server, wherein the target Internet of things data is acquired by the server through a block chain system and an interplanetary file system (IPFS) system after the server verifies that the first service end is legal.
10. The data processing method of the internet of things as claimed in claim 9, wherein the temporary certificate comprises at least one of: the data type, the time period, the decryption private key, the identification ID of the second service end, the identification ID of the first service end and the signature of the second service end.
11. The data processing method of the internet of things of claim 9, wherein before sending the access request for requesting access to the data of the internet of things of the second service end to the server end, the method further comprises:
establishing a data sharing protocol with the second service end;
and receiving the temporary certificate of the second service end.
12. The data processing method of the internet of things of claim 9, wherein before sending the access request for requesting access to the data of the internet of things of the second service end to the server end, the method further comprises:
and receiving an encrypted public key of a server, wherein a decryption private key corresponding to the encrypted public key of the server is stored in the server.
13. The data processing method of the internet of things of claim 9, wherein before sending the access request for requesting access to the data of the internet of things of the second service end to the server end, the method further comprises:
obtaining an identity public and private key pair of the first service end, wherein the identity public and private key pair comprises: the identity signature verification public key and the identity signature private key;
locally storing the identity signature private key and sending the identity signature private key to the server;
and sending the identity verification public key to the block chain system.
14. The utility model provides a thing networking data processing apparatus, is applied to the server side, its characterized in that includes:
the first receiving module is used for receiving an access request for requesting to access the data of the internet of things of a second service end from a first service end, wherein the access request carries a temporary certificate of the second service end, and the temporary certificate adopts an identity private key of the first service end to carry out digital signature;
the first verification module is used for decrypting the temporary certificate by adopting a decryption private key and verifying the digital signature of the first service end through a block chain system so as to verify the validity of the first service end;
the first obtaining module is used for obtaining target internet of things data corresponding to the temporary certificate through the block chain system and the interplanetary file system IPFS after the first service end is verified to be legal;
and the first sending module is used for sending the acquired target Internet of things data to the first service end.
15. The utility model provides a thing networking data processing apparatus, is applied to first business end, its characterized in that includes:
a fourth sending module, configured to send, to a server, an access request for requesting access to data of the internet of things at a second service end, where the access request carries a temporary certificate at the second service end, and the temporary certificate performs digital signature by using an identity private key at the first service end;
and the third receiving module is used for receiving target Internet of things data corresponding to the temporary certificate from the server, wherein the target Internet of things data is acquired by the server through a block chain system and an interplanetary file system (IPFS) system after the first service end is verified to be legal.
16. An internet of things data processing system, comprising: a service end, a first service end, a second service end, a block chain system, an interplanetary file system IPFS system and Internet of things equipment, wherein,
the first service end sends an access request for requesting access to the data of the Internet of things of the second service end to a server end;
the server receives the access request, wherein the access request carries a temporary certificate of the second service end, and the temporary certificate adopts an identity private key of the first service end to carry out digital signature;
the server side decrypts the temporary certificate by adopting a decryption private key and verifies the digital signature of the first service side through the block chain system so as to verify the validity of the first service side;
after the server side verifies that the first service side is legal, target Internet of things data corresponding to the temporary certificate is obtained through the blockchain system and the IPFS system;
the server side sends the acquired target Internet of things data to the first service side;
and the first service end receives the target Internet of things data corresponding to the temporary certificate.
17. A readable storage medium on which a program or instructions are stored, wherein the program or instructions, when executed by a processor, implement the steps in the data processing method of the internet of things according to any one of claims 1 to 13.
CN202110789228.3A 2021-07-13 Internet of things data processing method, device and system Active CN115622719B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110789228.3A CN115622719B (en) 2021-07-13 Internet of things data processing method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110789228.3A CN115622719B (en) 2021-07-13 Internet of things data processing method, device and system

Publications (2)

Publication Number Publication Date
CN115622719A true CN115622719A (en) 2023-01-17
CN115622719B CN115622719B (en) 2024-07-02

Family

ID=

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103248479A (en) * 2012-02-06 2013-08-14 中兴通讯股份有限公司 Cloud storage safety system, data protection method and data sharing method
CN104202168A (en) * 2014-09-19 2014-12-10 浪潮电子信息产业股份有限公司 Cloud data integrity verification method based on trusted third party
CN108462568A (en) * 2018-02-11 2018-08-28 西安电子科技大学 A kind of secure file storage and sharing method based on block chain
CN109918878A (en) * 2019-04-24 2019-06-21 中国科学院信息工程研究所 A kind of industrial internet of things equipment authentication and safety interacting method based on block chain
CN112003832A (en) * 2020-07-29 2020-11-27 北京科技大学 Block chain-based Internet of things data privacy protection method
CN112073479A (en) * 2020-08-26 2020-12-11 重庆邮电大学 Method and system for controlling de-centering data access based on block chain
CN112187826A (en) * 2020-10-14 2021-01-05 深圳壹账通智能科技有限公司 Data authorization and data access method and system in block chain network
CN112333176A (en) * 2020-03-11 2021-02-05 合肥达朴汇联科技有限公司 Data transmission method, system, equipment and storage medium based on data receiving party
CN112417519A (en) * 2020-11-25 2021-02-26 重庆邮电大学 Supply chain logistics data secure sharing method based on block chain
CN112564912A (en) * 2020-11-24 2021-03-26 北京金山云网络技术有限公司 Method, system and device for establishing secure connection and electronic equipment

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103248479A (en) * 2012-02-06 2013-08-14 中兴通讯股份有限公司 Cloud storage safety system, data protection method and data sharing method
CN104202168A (en) * 2014-09-19 2014-12-10 浪潮电子信息产业股份有限公司 Cloud data integrity verification method based on trusted third party
CN108462568A (en) * 2018-02-11 2018-08-28 西安电子科技大学 A kind of secure file storage and sharing method based on block chain
CN109918878A (en) * 2019-04-24 2019-06-21 中国科学院信息工程研究所 A kind of industrial internet of things equipment authentication and safety interacting method based on block chain
CN112333176A (en) * 2020-03-11 2021-02-05 合肥达朴汇联科技有限公司 Data transmission method, system, equipment and storage medium based on data receiving party
CN112003832A (en) * 2020-07-29 2020-11-27 北京科技大学 Block chain-based Internet of things data privacy protection method
CN112073479A (en) * 2020-08-26 2020-12-11 重庆邮电大学 Method and system for controlling de-centering data access based on block chain
CN112187826A (en) * 2020-10-14 2021-01-05 深圳壹账通智能科技有限公司 Data authorization and data access method and system in block chain network
CN112564912A (en) * 2020-11-24 2021-03-26 北京金山云网络技术有限公司 Method, system and device for establishing secure connection and electronic equipment
CN112417519A (en) * 2020-11-25 2021-02-26 重庆邮电大学 Supply chain logistics data secure sharing method based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
谷宁静;: "基于区块链的电子政务数据共享设计研究", 信息安全与通信保密, no. 04, 10 April 2020 (2020-04-10) *

Similar Documents

Publication Publication Date Title
TWI737240B (en) Improving integrity of communications between blockchain networks and external data sources
CN109829326B (en) Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain
US9565180B2 (en) Exchange of digital certificates in a client-proxy-server network configuration
USRE49673E1 (en) Systems and methods for secure data exchange
KR101569818B1 (en) Entity Network Translation, ENT
US8010795B2 (en) Secure information transfer using dedicated public key pairs
CN109327481B (en) Block chain-based unified online authentication method and system for whole network
US20210218720A1 (en) Systems and methods for secure custodial service
CN111523133B (en) Block chain and cloud data collaborative sharing method
CN109450843B (en) SSL certificate management method and system based on block chain
CN111526197B (en) Cloud data secure sharing method
WO2016122646A1 (en) Systems and methods for providing data security services
Xu et al. Authentication‐Based Vehicle‐to‐Vehicle Secure Communication for VANETs
US8613057B2 (en) Identity management facilitating minimum disclosure of user data
CN113536329A (en) Electronic device for cryptographic communication and cryptographic communication system
CN114499876B (en) Internet of things data storage and verification method based on blockchain and NB-IoT chip
JP4807944B2 (en) Challenge-based authentication that does not require knowledge of secret authentication data
Garba et al. LightCERT4IoTs: Blockchain-based lightweight certificates authentication for IoT applications
US10764260B2 (en) Distributed processing of a product on the basis of centrally encrypted stored data
Sun et al. Anonymous authentication and key agreement scheme combining the group key for vehicular ad hoc networks
CN115913513A (en) Distributed credible data transaction method, system and device supporting privacy protection
CN115622719B (en) Internet of things data processing method, device and system
CN111682941B (en) Centralized identity management, distributed authentication and authorization method based on cryptography
CN117176353A (en) Method and device for processing data
CN115277078A (en) Method, apparatus, device and medium for processing gene data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant