WO2023273269A1 - Robot authentication system and method - Google Patents

Robot authentication system and method Download PDF

Info

Publication number
WO2023273269A1
WO2023273269A1 PCT/CN2021/143326 CN2021143326W WO2023273269A1 WO 2023273269 A1 WO2023273269 A1 WO 2023273269A1 CN 2021143326 W CN2021143326 W CN 2021143326W WO 2023273269 A1 WO2023273269 A1 WO 2023273269A1
Authority
WO
WIPO (PCT)
Prior art keywords
robot
target
authentication
information
blockchain
Prior art date
Application number
PCT/CN2021/143326
Other languages
French (fr)
Chinese (zh)
Inventor
黄晓庆
李冬
张跃洋
Original Assignee
达闼机器人股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 达闼机器人股份有限公司 filed Critical 达闼机器人股份有限公司
Publication of WO2023273269A1 publication Critical patent/WO2023273269A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Definitions

  • the present disclosure relates to the technical field of robots, and in particular, to a robot authentication system and method.
  • robots have been more and more widely used in various industries.
  • the capabilities of robots are becoming stronger and stronger, which in turn leads to the gradual strengthening of the destructiveness brought about by robots when they are illegally invaded.
  • a robot account and password can be preset in the robot, so that the robot can go to the robot authentication center for authentication through the robot account and password.
  • this method still faces security risks, and also increases the burden on the robot certification center.
  • the purpose of the present disclosure is to provide a robot authentication system and method to solve the above related technical problems.
  • a robot authentication system including one or more robot authentication centers, and the robot authentication center can obtain the blockchain ledger in the blockchain network, so
  • the blockchain account book includes the registration information of the registered robot, and the registration information includes the blockchain address of the robot and the identification code corresponding to the blockchain address;
  • Any one of the robot authentication centers is used to receive the authentication request of the target robot, the authentication request includes the first verification information and verification parameters, and obtains the target blockchain address from the blockchain account book according to the verification parameters.
  • the target identification code of the target robot and calculate the second verification information according to the verification parameters and the target identification code;
  • the target blockchain address is the blockchain address of the target robot
  • the first verification information is calculated by the target robot based on the verification parameters and the target identification code, and in the first verification information
  • the target robot is certified by the robot certification center.
  • the verification parameters include: the target blockchain address, a timestamp, and a random number generated by the target robot;
  • the target robot is configured to use the target identification code as a key and the verification parameter as calculated data to obtain the first verification information through HMAC-SHA256 algorithm calculation.
  • the robot certification center is also used for:
  • the access token is used for the interaction terminal to verify the interaction request of the target robot.
  • the first authentication management terminal is a block chain node with robot registration authority, and is used to write the registration information in the registration request into the block when receiving the robot registration request chain ledger; and send the startup node information of the block chain network to the robot, wherein the registration information includes the block chain address and identification code of the robot;
  • the robot is used for saving the starting node information, and accessing the block chain network based on the starting node information.
  • the second authentication management terminal is a block chain node with robot registration authority, and is used to generate a private key, a public key, and a block corresponding to the robot when receiving a registration request from the robot.
  • chain address, identification information and identification code ; write the public key, blockchain address and identification code into the blockchain ledger as the registration information of the robot; and send the blockchain network to the robot.
  • the robot is used to store the private key, the identification information, and the startup node information, access the blockchain network based on the startup node information, and retrieve the information from the blockchain ledger based on the identification information. Obtain the blockchain address and identification code of the robot.
  • the third authentication management terminal, the third authentication management terminal is a block chain node with robot cancellation authority, used to determine the robot to be canceled according to the robot identification in the cancellation request when receiving the robot cancellation request, and The registration information of the robot to be canceled in the blockchain ledger is updated to an invalid state.
  • the fourth authentication management terminal is a block chain node with the registration authority of the robot certification center, and is used to write the registration information in the registration request when receiving the registration request from the robot certification center Into the blockchain ledger, the registration information includes the blockchain address and public key of the robot certification center.
  • a robot authentication method for a robot authentication center, and the robot authentication center can obtain a blockchain ledger in a blockchain network, and the blockchain ledger includes The registration information of the registered robot, the registration information including the block chain address of the robot and the identification code corresponding to the block chain address, the method includes:
  • the authentication request includes first verification information and verification parameters
  • the target identification code of the target robot from the blockchain account book according to the target blockchain address in the verification parameter, and the target blockchain address is the blockchain address of the target robot;
  • the first verification information is calculated by the target robot based on the verification parameters and the target identification code.
  • the verification parameters include the target robot's blockchain address, a time stamp, and a random number generated by the target robot, and the second verification information is calculated according to the verification parameters and the target identification code.
  • the target identification code is used as a key, and the verification parameter is used as calculated data to obtain the second verification information through HMAC-SHA256 algorithm calculation.
  • a robot authentication method for a target robot comprising:
  • the verification parameters including the block chain address of the target robot
  • the robot certification center can obtain the blockchain ledger in the blockchain network, the blockchain ledger includes the registration information of the registered robot, and the registration information includes the blockchain address of the robot and An identification code corresponding to the block chain address; the robot certification center obtains the target identification code of the target robot from the block chain account book based on the target block chain address in the verification parameter, and according to the The verification parameters and the target identification code are calculated to obtain second verification information, and if the first verification information is the same as the second verification information, the target robot is certified by the robot certification center.
  • a computer program including computer readable code, when the computer readable code is run on a computing processing device, the computing processing device is made to perform any of the above-mentioned second aspects. one of the methods described.
  • a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the steps of any one of the methods described in the above-mentioned second aspect are implemented.
  • a computing processing device including:
  • a processor configured to execute the computer program in the memory, so as to implement the steps of any one of the methods in the second aspect above.
  • a computer program including computer readable code, which, when the computer readable code is run on a computing processing device, causes the computing processing device to execute the program described in the third aspect above. described method.
  • a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the steps of the method described in the above-mentioned third aspect are implemented.
  • a computing processing device including:
  • a processor configured to execute the computer program in the memory, so as to implement the steps of the method in the above third aspect.
  • the robot certification center can obtain the blockchain ledger in the blockchain network, and the blockchain ledger includes the registration information of the registered robot.
  • the robot authentication center receives the authentication request from the robot, it can obtain the identification code of the robot from the blockchain ledger, and calculate the second verification information according to the verification parameters and the identification code.
  • the robot authentication center can authenticate the registered robot, thereby improving security.
  • the robot certification center no longer needs to maintain the robot's registration information. In this way, the pressure and load on the robot certification center can be reduced, and at the same time, the centralization problem faced by the robot certification center when maintaining robot registration information is avoided.
  • Fig. 1 is a schematic diagram of a scenario of robot authentication shown in an exemplary embodiment of the present disclosure.
  • Fig. 2 is a schematic diagram of a scenario of robot authentication shown in an exemplary embodiment of the present disclosure.
  • Fig. 3 is a schematic diagram of a scenario of robot authentication shown in an exemplary embodiment of the present disclosure.
  • Fig. 4 is a flow chart of a robot authentication method shown in an exemplary embodiment of the present disclosure.
  • Fig. 5 is a flowchart of a robot authentication method shown in an exemplary embodiment of the present disclosure.
  • Fig. 6 is a schematic structural diagram of a computing processing device shown in an exemplary embodiment of the present disclosure.
  • Fig. 7 is a schematic diagram of a program code storage unit for implementing the method of the present disclosure shown in an exemplary embodiment of the present disclosure.
  • Fig. 8 is a schematic structural diagram of a computing processing device shown in an exemplary embodiment of the present disclosure.
  • Fig. 9 is a schematic diagram of a program code storage unit for implementing the method of the present disclosure shown in an exemplary embodiment of the present disclosure.
  • a robot account and password can be preset in the robot, so that the robot can go to the robot authentication center for authentication through the robot account and password.
  • robots can be authenticated in a manner similar to authentication for mobile network access.
  • the robot certification center is a centralized component that manages, stores and maintains the account and password information of all robots. Once the robot certification center is out of control, the robot may be counterfeited. At the same time, when the robot certification center stops its service due to related reasons (natural disasters, power outages, etc.), it may also happen that the robot cannot be certified, which will affect business availability. In addition, since all robot certifications are performed in the robot certification center, the complexity of the robot certification center is relatively high. Moreover, in the case of a large number of robots, the robot certification center may also have a performance bottleneck.
  • the present disclosure provides a robot authentication system, which includes a robot authentication center.
  • the robot certification center can be set as a node in the blockchain network, for example.
  • the robot authentication center can be used as a node in the blockchain network, so as to communicate with other blockchain nodes in the blockchain network (blockchain in the figure) Nodes 1-3 are shown) to interact.
  • the robot authentication center can also be set up in a distributed manner.
  • the robot certification center can obtain the blockchain ledger in the blockchain network, and the blockchain ledger includes the registration information of the registered robot.
  • the registration information may include, for example, a blockchain address of the robot and an identification code corresponding to the blockchain address.
  • the identification code can be the corresponding PIN (Personal Identification Number, personal identification code) code of each robot, and keep the identification codes between the robots different.
  • the robot can generate a public key, a private key, and an identification code, and generate a blockchain address based on the public key. In this way, the robot can be registered based on the blockchain address and identification code. After successful registration, the robot's blockchain address and identification code are written into the blockchain ledger.
  • the robot's registration information may also include robot-related information, such as robot type, public key, robot ID (Identity document, identity mark), etc., which is not limited in the present disclosure.
  • the robot authentication center is configured to receive an authentication request of a target robot, and the authentication request includes first verification information and verification parameters. Obtain the target identification code of the target robot from the blockchain ledger according to the target blockchain address in the verification parameter, and calculate the second verification information according to the verification parameter and the target identification code.
  • the target blockchain address is the blockchain address of the target robot
  • the first verification information is calculated by the target robot based on the verification parameters and the target identification code.
  • the verification parameters may include: a target blockchain address, a timestamp, and a random number generated by the target robot;
  • the target robot is configured to use the target identification code as a key and the verification parameter as calculated data to obtain the first verification information through HMAC-SHA256 algorithm calculation.
  • the target robot can obtain its own target blockchain address robot-did, identification code pin-code, and local timestamp timestamp (for example, it can be relative to the timestamp of January 1, 1970 at 0:00:00) , the length is 8 bytes, the unit is millisecond, GMT+00:00), and a random number random (such as 32 bytes) is generated.
  • the target robot can calculate the HMAC result mac1 (32 bytes) based on the HMAC-SHA256 algorithm, using the pin-code as the HMAC key and random
  • means splicing.
  • the target robot can send an authentication request to the robot authentication center, and the authentication request includes the first verification information mac1, the target blockchain address robot-did, the random number random, and the timestamp.
  • the robot can also splice mac1, random, timestamp, and robot-id to obtain OTP (One Time Password, one-time password).
  • the authentication request includes the OTP.
  • the robot certification center After receiving the authentication request from the target robot, the robot certification center can analyze and obtain the target blockchain address robot-did, random number random and timestamp. And the target identification code of the target robot is obtained from the blockchain ledger based on the target blockchain address. In this way, based on the HMAC-SHA256 algorithm, the robot certification center can also use the obtained pin-code as the HMAC key, use random
  • the robot authentication center can authenticate the target robot. For example, if the first verification information is the same as the second verification information, the target robot is certified by the robot certification center. If the first verification information is different from the second verification information, the authentication fails.
  • the above embodiments illustrate the robot authentication process of the present disclosure by taking verification parameters as an example of a target blockchain address, a timestamp, and a random number generated by the target robot.
  • the above parameters may also be adjusted accordingly (for example, adding relevant robot information).
  • the one-way hash function used in HMAC may not be limited to the above example, and a related high-strength one-way hash function (such as SHA-1) may also be used in HMAC, which is not limited in the present disclosure.
  • the robot certification center can obtain the blockchain ledger in the blockchain network, and the blockchain ledger includes the registration information of the registered robot.
  • the robot authentication center receives the authentication request from the robot, it can obtain the identification code of the robot from the blockchain ledger, and calculate the second verification information according to the verification parameters and the identification code.
  • the robot authentication center can authenticate the registered robot, thereby improving security.
  • the robot certification center no longer needs to maintain the robot's registration information. In this way, the pressure and load on the robot certification center can be reduced, and at the same time, the centralization problem faced by the robot certification center in maintaining robot registration information can be avoided.
  • the robot certification center is also used for:
  • an access token (access-token) is sent to the target robot and the interaction terminal corresponding to the target robot.
  • the interaction end may be, for example, a robot management system, a business system, etc. involved in the target robot.
  • the access token is used by the interaction terminal to verify the interaction request of the target robot.
  • the access token may also correspond to the robot's identity (such as an ID number).
  • the robot authentication center may also send the identity of the target robot and the corresponding access token to the interaction terminal corresponding to the target robot when the target robot passes the authentication.
  • the access token may also include a corresponding validity period, such as 1 hour, one day, and so on.
  • a corresponding validity period such as 1 hour, one day, and so on.
  • the target robot can interact with the robot interaction terminal through the access token.
  • the target robot needs to re-authenticate with the robot authentication center according to the above process.
  • robot information and robot certification center information recorded in the blockchain ledger are important data for access certification. Therefore, in some implementation scenarios, related permission control policies may also be set for the process of adding and modifying the robot and the robot certification center.
  • authority control may be performed based on a permission chain.
  • permission chain it is possible to restrict whether different blockchain accounts have the permission to write and modify certain data.
  • data write permissions and data modification permissions can be configured for blockchain accounts in OSS (Business Support System, business support system) and/or BSS (Operation Support System, operation support system), and for robots and robot certification centers
  • OSS Business Support System, business support system
  • BSS Opera Support System, operation support system
  • robots and robot certification centers The blockchain account involved sets the data read permission.
  • the robot and the relevant data of the robot certification center can also be managed based on the formulated smart contract.
  • corresponding smart contracts can be written to store information through smart contracts.
  • the smart contract can provide interfaces such as registration, modification, cancellation, and query. Among them, assign the calling authority of the registration, modification, cancellation, query and other interfaces to the blockchain account corresponding to the OSS/BSS, and set the blockchain account corresponding to the robot and the robot certification center to have the calling authority of the query interface.
  • the system may further include a first authentication management terminal.
  • the first authentication management terminal is a blockchain node with robot registration authority, which can correspond to the relevant account of OSS/BSS.
  • the first authentication management terminal is used to, when receiving a robot registration request, write the registration information in the registration request into the blockchain ledger; and write the startup node information of the blockchain network sent to the robot, wherein the registration information includes the robot's blockchain address and identification code;
  • the robot is used for saving the starting node information, and accessing the block chain network based on the starting node information.
  • the robot can generate a public key, a private key, and an identification code, and generate a blockchain address through the public key. In this way, the robot can send a registration request including the blockchain address and the identification code to the first authentication management terminal.
  • the first authentication management terminal After the first authentication management terminal receives the registration request, it can write the robot's blockchain address and identification code into the blockchain ledger by sending a transaction to the blockchain network, thereby Complete the registration.
  • the robot's registration information may also include the robot's type, serial number, public key, and so on.
  • the first authentication management terminal may also verify the relevant information of the robot, which is not limited in the present disclosure.
  • the first authentication management terminal can also send the startup node information of the blockchain network to the robot.
  • the robot can be used to save the starting node information, and access to the blockchain network based on the starting node information.
  • the robot can connect to the blockchain network through the blockchain connection protocol, light node protocol or RPC according to the recorded starting node information.
  • the robot can send an authentication request to any robot certification center in the blockchain network, and then perform authentication.
  • the first authentication management terminal may also correspond to relevant management accounts, and these management accounts may not correspond to OSS/BSS.
  • the registration process of the robot can be managed by setting the first authentication management terminal, and at the same time, the writing authority of the robot information can be controlled.
  • the system further includes a second authentication management terminal, the second authentication management terminal is a blockchain node with robot registration authority, which may correspond to the relevant account of OSS/BSS.
  • the second authentication management terminal is used to, when receiving the registration request of the robot, generate the private key, public key, block chain address, identification information and identification code corresponding to the robot;
  • the address and the identification code are written into the blockchain account book as the registration information of the robot; and the startup node information, the identification information and the private key of the blockchain network are sent to the robot;
  • the robot is used to store the private key, the identification information, and the startup node information, access the blockchain network based on the startup node information, and retrieve the information from the blockchain ledger based on the identification information. Obtain the blockchain address and identification code of the robot.
  • the robot's public key, blockchain address, identification information, and identification code are generated by relevant nodes of OSS/BSS and saved on the chain. Every time the robot authenticates, it obtains its own blockchain address and identification code from the chain, and then performs authentication.
  • the authentication process of the robot does not require an account password, and the relevant information (blockchain address, identification code, etc.) involved in the authentication process is not maintained locally by the robot. Therefore, the above technical solution avoids the risk of the robot's account leaking, and also reduces the risk of the robot being counterfeited.
  • the system may further include a third authentication management terminal.
  • the third authentication management terminal is a block chain node with robot logout authority, which can correspond to the relevant account of OSS/BSS.
  • the third authentication management terminal is used to, when receiving a robot logout request, determine the robot to be canceled according to the robot identification in the logout request, and store the robot's ID in the block chain ledger
  • the registration information is updated to an invalid state.
  • the robot logout request may be sent by the relevant robot management terminal or sent by the robot.
  • the robot logout request may also be automatically generated by the third authentication management terminal based on preset rules. For example, when a robot is registered, a corresponding valid time interval can be set for each robot, and a robot logout request is automatically generated after the valid time interval is exceeded.
  • the robot identifier in the robot logout request may be, for example, an identifier that can distinguish robots such as a robot number, which is not limited in the present disclosure.
  • the third authentication management terminal when it receives the robot logout request, it can determine the robot to be logged out according to the robot identifier in the logout request.
  • the third authentication management terminal can also update the registration information of the robot to be canceled in the block chain account book to an invalid state by sending a transaction to the block network. Since the registration information is updated to an invalid state, the robot to be deregistered can no longer pass the authentication of the robot authentication center.
  • the registered robot can be managed based on the third authentication management terminal, and at the same time, the logout authority of the robot information can be controlled.
  • the system further includes a fourth authentication management terminal, which is a blockchain node with the registration authority of the robot certification center, which can communicate with the relevant account of the OSS/BSS. correspond.
  • a fourth authentication management terminal which is a blockchain node with the registration authority of the robot certification center, which can communicate with the relevant account of the OSS/BSS. correspond.
  • the fourth authentication management terminal is used to write the registration information in the registration request into the block chain ledger when receiving the registration request from the robot authentication center, the registration information including the robot authentication The central blockchain address and public key.
  • the robot certification center can generate a public key and a private key, and generate a blockchain address through the public key. In this way, the robot certification center can send a registration request including the blockchain address and public key to the fourth certification management terminal.
  • the fourth authentication management terminal After the fourth authentication management terminal receives the registration request, it can write the blockchain address and public key of the robot certification center into the blockchain ledger by sending a transaction to the blockchain network , to complete the registration.
  • the registration process of the robot certification center can be managed by setting the fourth certification management terminal, and at the same time, the writing authority of the robot certification center information can be controlled.
  • the embodiments described in the specification belong to preferred embodiments, and the parts involved are not necessarily essential to the present invention.
  • the first authentication management terminal, the second authentication management terminal, the third authentication management terminal and the fourth authentication management terminal may be independent system components or the same system component during specific implementation.
  • the first authentication management terminal, the second authentication management terminal, the third authentication management terminal and the fourth authentication management terminal may also correspond to relevant blockchain management accounts, and these blockchain management accounts may not be related to OSS/BSS Correspondingly, the present disclosure does not limit this.
  • the present disclosure also provides a robot authentication method used in a robot authentication center.
  • the robot certification center may be the robot certification center described in any of the above embodiments.
  • the robot certification center can obtain the blockchain ledger in the blockchain network, and the blockchain ledger includes the registration information of the registered robot.
  • the registration information may include, for example, a blockchain address of the robot and an identification code corresponding to the blockchain address.
  • the identification code can be the corresponding PIN code of each robot, and keep the identification codes between the robots different.
  • the robot can generate a public key, a private key, and an identification code, and generate a blockchain address based on the public key. In this way, the robot can be registered based on the blockchain address and identification code. After successful registration, the robot's blockchain address and identification code are written into the blockchain ledger.
  • the registration information of the robot may also include related information of the robot, such as robot type, public key, robot ID, etc., which is not limited in the present disclosure.
  • Fig. 4 is a flow chart of a robot authentication method shown in the present disclosure, the method comprising:
  • S41 Receive an authentication request from the target robot, where the authentication request includes first verification information and verification parameters;
  • the first verification information is calculated by the target robot based on the verification parameters and the target identification code.
  • the verification parameters may include: a target blockchain address, a timestamp, and a random number generated by the target robot.
  • the target robot calculates the first verification information by using the target identification code as a key and the verification parameter as calculated data through HMAC-SHA256 algorithm.
  • the target robot can obtain its own target blockchain address robot-did, identification code pin-code, and local timestamp timestamp, and generate a random number random (such as 32 bytes).
  • the target robot can calculate the HMAC result mac1 (32 bytes) based on the HMAC-SHA256 algorithm, using the pin-code as the HMAC key and random
  • means splicing.
  • the target robot can send an authentication request to the robot authentication center, and the authentication request includes the first verification information mac1, the target blockchain address robot-did, the random number random, and the timestamp.
  • the robot can also splicing mac1, random, timestamp, robot-id to get OTP.
  • the authentication request includes the OTP.
  • the robot certification center After receiving the authentication request from the target robot, the robot certification center can analyze and obtain the target blockchain address robot-did, random number random and timestamp. And based on the target blockchain address, the target identification code of the target robot is obtained from the blockchain ledger. Similar to the calculation process of mac1, the robot certification center can also use the obtained pin-code as the HMAC key and random
  • the robot authentication center can authenticate the target robot. For example, if the first verification information is the same as the second verification information, the target robot is certified by the robot certification center. If the first verification information is different from the second verification information, the authentication fails.
  • the robot certification center can obtain the blockchain ledger in the blockchain network, and the blockchain ledger includes the registration information of the registered robot.
  • the robot authentication center receives the authentication request from the robot, it can obtain the identification code of the robot from the blockchain ledger, and calculate the second verification information according to the verification parameters and the identification code.
  • the robot authentication center can authenticate the registered robot, thereby improving security.
  • the present disclosure also provides a robot authentication method for a target robot, and the target robot may be the robot described in the foregoing embodiments.
  • the method includes:
  • the robot certification center can obtain the blockchain ledger in the blockchain network, the blockchain ledger includes the registration information of the registered robot, and the registration information includes the blockchain address of the robot and An identification code corresponding to the block chain address; the robot certification center obtains the target identification code of the target robot from the block chain account book based on the target block chain address in the verification parameter, and according to the The verification parameters and the target identification code are calculated to obtain second verification information, and if the first verification information is the same as the second verification information, the target robot is certified by the robot certification center.
  • the robot certification center can obtain the blockchain ledger in the blockchain network, and the blockchain ledger includes the registration information of the registered robot.
  • the robot authentication center receives the authentication request of the robot, it can obtain the identification code of the robot from the blockchain ledger, and calculate the second verification information according to the verification parameters and the identification code.
  • the robot authentication center can authenticate the registered robot, thereby improving security.
  • the robot certification center no longer needs to maintain the robot's registration information. In this way, the pressure and load on the robot certification center can be reduced, and at the same time, the problem that the robot cannot be certified due to the failure of the robot certification center can be avoided.
  • the present disclosure also provides a computer-readable storage medium on which a computer program is stored.
  • the program is executed by a processor, the steps of the robot authentication method applied to the robot authentication center provided by the present disclosure are implemented.
  • a computer program product comprising a computer program executable by a programmable device, the computer program having a function for performing the above-mentioned The code section of the bot authentication method that applies to the bot authentication authority.
  • the present disclosure also provides a computing processing device, including:
  • One or more processors when the computer readable code is executed by the one or more processors, the computing processing device executes the steps of the robot authentication method applied to the robot authentication center provided by the present disclosure.
  • FIG. 6 is a schematic structural diagram of a computing processing device provided by the present disclosure.
  • the computing processing device may include a processor 610 and a computer program product or computer readable medium in the form of memory 630 .
  • Memory 630 may be electronic memory such as flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk, or ROM.
  • the memory 630 may include a storage space 650, which may include program codes for performing any method steps in the methods described above.
  • the storage space 650 may include various program codes 551 for respectively implementing various steps in the above robot authentication method applied to the robot authentication center. These program codes can be read from or written into one or more computer program products.
  • These computer program products comprise program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks.
  • Such a computer program product is typically a portable or fixed storage unit as shown in FIG. 7 .
  • the storage unit may have storage segments, storage spaces, etc. arranged similarly to the memory 630 in the computing processing device of FIG. 6 .
  • the program code can, for example, be compressed in a suitable form.
  • the memory unit may include computer readable code 651', i.e. code readable by a processor such as 610 which, when executed by the server, causes the server to perform the above-described application to the Robot Certification Center. Steps in the bot authentication method.
  • the present disclosure also provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the steps of the robot authentication method applied to a robot provided in the present disclosure are implemented.
  • a computer program product comprising a computer program executable by a programmable device, the computer program having a function for performing the above-mentioned The code section of the bot authentication method applied to the bot.
  • the present disclosure also provides a computing processing device, including:
  • One or more processors when the computer readable code is executed by the one or more processors, the computing processing device executes the steps of the robot authentication method applied to robots provided by the present disclosure.
  • FIG. 8 is a schematic structural diagram of a computing processing device provided by the present disclosure.
  • the computing processing device may include a processor 810 and a computer program product or computer readable medium in the form of memory 830 .
  • Memory 830 may be electronic memory such as flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk, or ROM.
  • the memory 830 may include a storage space 850, and the storage space 850 may include program codes for performing any method steps in the methods described above.
  • the storage space 850 may include various program codes 851 for respectively implementing various steps in the above robot authentication method applied to a robot. These program codes can be read from or written into one or more computer program products.
  • These computer program products comprise program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks.
  • Such a computer program product is typically a portable or fixed storage unit as shown in FIG. 9 .
  • the storage unit may have storage segments, storage spaces, etc. arranged similarly to the memory 830 in the computing processing device of FIG. 8 .
  • the program code can, for example, be compressed in a suitable form.
  • the storage unit may include computer readable code 851', i.e. code readable by a processor such as 810, which when executed by the server causes the server to perform the robot authentication described above for the robot. steps in the method.
  • any combination of various implementations of the present disclosure can also be made, as long as they do not violate the idea of the present disclosure, they should also be regarded as the content disclosed in the present disclosure.

Abstract

The present disclosure relates to a robot authentication system and method. The system comprises one or more robot authentication centers, wherein the robot authentication center can acquire a blockchain ledger in a blockchain network, the blockchain ledger comprising registration information of registered robots; any robot authentication center is used for receiving an authentication request of a target robot, which authentication request comprises first verification information and a verification parameter, and the robot authentication center is also used for acquiring, from the blockchain ledger, a target identification code of the target robot according to a target blockchain address in the verification parameter, and for performing calculation according to the verification parameter and the target identification code to obtain second verification information, with the target blockchain address being a blockchain address of the target robot, and the first verification information being obtained by means of the target robot performing calculation on the basis of the verification parameter and the target identification code; and when the first verification information is identical to the second verification information, the target robot passes authentication of the robot authentication center.

Description

机器人认证系统及方法System and method for robot authentication
相关申请的交叉引用Cross References to Related Applications
本公开要求在2021年06月29日提交中国专利局、申请号为202110726632.6、名称为“机器人认证系统及方法”的中国专利申请的优先权,其全部内容通过引用结合在本公开中。This disclosure claims the priority of a Chinese patent application with application number 202110726632.6 and titled "Robot Authentication System and Method" filed with the China Patent Office on June 29, 2021, the entire contents of which are incorporated herein by reference.
技术领域technical field
本公开涉及机器人技术领域,具体地,涉及一种机器人认证系统及方法。The present disclosure relates to the technical field of robots, and in particular, to a robot authentication system and method.
背景技术Background technique
当前,机器人已经越来越广泛地应用于各行各业。并且,随着人工智能技术的发展,机器人的能力也越来越强,进而导致机器人被非法入侵时所带来的破坏性也逐渐变强。At present, robots have been more and more widely used in various industries. Moreover, with the development of artificial intelligence technology, the capabilities of robots are becoming stronger and stronger, which in turn leads to the gradual strengthening of the destructiveness brought about by robots when they are illegally invaded.
为了提升安全性,机器人的管理与控制需在机器人通过认证后才能进行。例如在相关技术中,可以在机器人中预置机器人账号和密码,这样,机器人可以通过所述机器人账号和密码到机器人认证中心进行认证。然而,这样的方式仍面临着安全风险,同时也增大了机器人认证中心的负担。In order to improve safety, the management and control of the robot can only be carried out after the robot has passed the certification. For example, in related technologies, a robot account and password can be preset in the robot, so that the robot can go to the robot authentication center for authentication through the robot account and password. However, this method still faces security risks, and also increases the burden on the robot certification center.
发明内容Contents of the invention
本公开的目的是提供一种机器人认证系统及方法,以解决上述相关技术问题。The purpose of the present disclosure is to provide a robot authentication system and method to solve the above related technical problems.
为了实现上述目的,根据本公开实施例的第一方面,提供一种机器人认证系统,包括一个或多个机器人认证中心,所述机器人认证中心能够获取区块链网络中的区块链账本,所述区块链账本中包括已注册的机器人的注册信息,所述注册信息包括所述机器人的区块链地址以及与所述区块链地址相对应的识别码;In order to achieve the above purpose, according to the first aspect of the embodiments of the present disclosure, a robot authentication system is provided, including one or more robot authentication centers, and the robot authentication center can obtain the blockchain ledger in the blockchain network, so The blockchain account book includes the registration information of the registered robot, and the registration information includes the blockchain address of the robot and the identification code corresponding to the blockchain address;
任一所述机器人认证中心用于,接收目标机器人的认证请求,所述认证请求包括第一验证信息以及验证参数,根据所述验证参数中的目标区块链地址从区块链账本中获取所述目标机器人的目标识别码,并根据所述验证参数以及所述目标识别码计算得到第二验证信息;Any one of the robot authentication centers is used to receive the authentication request of the target robot, the authentication request includes the first verification information and verification parameters, and obtains the target blockchain address from the blockchain account book according to the verification parameters. The target identification code of the target robot, and calculate the second verification information according to the verification parameters and the target identification code;
其中,所述目标区块链地址为所述目标机器人的区块链地址,所述第一验证信息由所述目标机器人基于所述验证参数以及目标识别码计算得到,在所述第一验证信息与所 述第二验证信息相同的情况下,所述目标机器人通过所述机器人认证中心的认证。Wherein, the target blockchain address is the blockchain address of the target robot, the first verification information is calculated by the target robot based on the verification parameters and the target identification code, and in the first verification information In the case of being the same as the second verification information, the target robot is certified by the robot certification center.
可选地,所述验证参数包括:所述目标区块链地址、时间戳以及所述目标机器人生成的随机数;Optionally, the verification parameters include: the target blockchain address, a timestamp, and a random number generated by the target robot;
所述目标机器人用于,将所述目标识别码作为密钥,将所述验证参数作为被计算数据,通过HMAC-SHA256算法计算得到所述第一验证信息。The target robot is configured to use the target identification code as a key and the verification parameter as calculated data to obtain the first verification information through HMAC-SHA256 algorithm calculation.
可选地,所述机器人认证中心还用于:Optionally, the robot certification center is also used for:
在所述目标机器人通过所述机器人认证中心的认证的情况下,向所述目标机器人以及所述目标机器人所对应的交互端发送访问令牌;When the target robot is authenticated by the robot authentication center, sending an access token to the target robot and the interaction terminal corresponding to the target robot;
其中,所述访问令牌用于所述交互端对所述目标机器人的交互请求进行验证。Wherein, the access token is used for the interaction terminal to verify the interaction request of the target robot.
可选地,还包括:Optionally, also include:
第一认证管理端,所述第一认证管理端为具备机器人注册权限的区块链节点,用于在接收到机器人注册请求时,将所述注册请求中的注册信息写入至所述区块链账本中;并将所述区块链网络的启动节点信息发送至所述机器人,其中,所述注册信息包括所述机器人的区块链地址以及识别码;The first authentication management terminal, the first authentication management terminal is a block chain node with robot registration authority, and is used to write the registration information in the registration request into the block when receiving the robot registration request chain ledger; and send the startup node information of the block chain network to the robot, wherein the registration information includes the block chain address and identification code of the robot;
所述机器人用于,保存所述启动节点信息,并基于所述启动节点信息接入至所述区块链网络。The robot is used for saving the starting node information, and accessing the block chain network based on the starting node information.
可选地,还包括:Optionally, also include:
第二认证管理端,所述第二认证管理端为具备机器人注册权限的区块链节点,用于在接收到机器人的注册请求时,生成对应于所述机器人的私钥、公钥、区块链地址、标识信息以及识别码;将所述公钥、区块链地址以及识别码作为所述机器人的注册信息写入至区块链账本中;并向所述机器人发送所述区块链网络的启动节点信息、所述标识信息以及所述私钥;The second authentication management terminal, the second authentication management terminal is a block chain node with robot registration authority, and is used to generate a private key, a public key, and a block corresponding to the robot when receiving a registration request from the robot. chain address, identification information and identification code; write the public key, blockchain address and identification code into the blockchain ledger as the registration information of the robot; and send the blockchain network to the robot The startup node information, the identification information and the private key;
所述机器人用于,保存所述私钥、所述标识信息以及所述启动节点信息,基于所述启动节点信息接入至所述区块链网络,并基于所述标识信息从区块链账本中获取所述机器人的区块链地址以及识别码。The robot is used to store the private key, the identification information, and the startup node information, access the blockchain network based on the startup node information, and retrieve the information from the blockchain ledger based on the identification information. Obtain the blockchain address and identification code of the robot.
可选地,还包括:Optionally, also include:
第三认证管理端,所述第三认证管理端为具备机器人注销权限的区块链节点,用于在接收到机器人注销请求时,根据所述注销请求中的机器人标识确定待注销的机器人,并将所述区块链账本中的所述待注销的机器人的注册信息更新为失效状态。The third authentication management terminal, the third authentication management terminal is a block chain node with robot cancellation authority, used to determine the robot to be canceled according to the robot identification in the cancellation request when receiving the robot cancellation request, and The registration information of the robot to be canceled in the blockchain ledger is updated to an invalid state.
可选地,还包括:Optionally, also include:
第四认证管理端,所述第四认证管理端为具备机器人认证中心注册权限的区块链节点,用于在接收到机器人认证中心的注册请求时,将所述注册请求中的注册信息写入至所述区块链账本中,所述注册信息包括所述机器人认证中心的区块链地址和公钥。The fourth authentication management terminal, the fourth authentication management terminal is a block chain node with the registration authority of the robot certification center, and is used to write the registration information in the registration request when receiving the registration request from the robot certification center Into the blockchain ledger, the registration information includes the blockchain address and public key of the robot certification center.
根据本公开实施例的第二方面,提供一种机器人认证方法,用于机器人认证中心,所述机器人认证中心能够获取区块链网络中的区块链账本,所述区块链账本中包括已注册的机器人的注册信息,所述注册信息包括所述机器人的区块链地址以及与所述区块链地址相对应的识别码,所述方法包括:According to the second aspect of the embodiments of the present disclosure, a robot authentication method is provided for a robot authentication center, and the robot authentication center can obtain a blockchain ledger in a blockchain network, and the blockchain ledger includes The registration information of the registered robot, the registration information including the block chain address of the robot and the identification code corresponding to the block chain address, the method includes:
接收目标机器人的认证请求,所述认证请求包括第一验证信息以及验证参数;receiving an authentication request from a target robot, where the authentication request includes first verification information and verification parameters;
根据所述验证参数中的目标区块链地址从区块链账本中获取所述目标机器人的目标识别码,所述目标区块链地址为所述目标机器人的区块链地址;Obtain the target identification code of the target robot from the blockchain account book according to the target blockchain address in the verification parameter, and the target blockchain address is the blockchain address of the target robot;
根据所述验证参数以及所述目标识别码计算得到第二验证信息;calculating and obtaining second verification information according to the verification parameter and the target identification code;
在所述第一验证信息与所述第二验证信息相同的情况下,确定所述目标机器人通过认证;If the first verification information is the same as the second verification information, determine that the target robot is authenticated;
其中,所述第一验证信息由所述目标机器人基于所述验证参数以及目标识别码计算得到。Wherein, the first verification information is calculated by the target robot based on the verification parameters and the target identification code.
可选地,所述验证参数包括所述目标机器人的区块链地址、时间戳以及所述目标机器人生成的随机数,所述根据所述验证参数以及所述目标识别码计算得到第二验证信息,包括:Optionally, the verification parameters include the target robot's blockchain address, a time stamp, and a random number generated by the target robot, and the second verification information is calculated according to the verification parameters and the target identification code. ,include:
将所述目标识别码作为密钥,将所述验证参数作为被计算数据,通过HMAC-SHA256算法计算得到所述第二验证信息。The target identification code is used as a key, and the verification parameter is used as calculated data to obtain the second verification information through HMAC-SHA256 algorithm calculation.
根据本公开实施例的第三方面,提供一种机器人认证方法,用于目标机器人,所述方法包括:According to a third aspect of an embodiment of the present disclosure, there is provided a robot authentication method for a target robot, the method comprising:
获取验证参数以及所述目标机器人的目标识别码,所述验证参数包括所述目标机器人的区块链地址;Acquiring verification parameters and the target identification code of the target robot, the verification parameters including the block chain address of the target robot;
根据所述验证参数以及所述目标识别码计算得到第一验证信息;calculating and obtaining first verification information according to the verification parameter and the target identification code;
向机器人认证中心发送包括所述第一验证信息以及所述验证参数的认证请求;sending an authentication request including the first authentication information and the authentication parameters to the robot authentication center;
其中,所述机器人认证中心能够获取区块链网络中的区块链账本,所述区块链账本中包括已注册的机器人的注册信息,所述注册信息包括所述机器人的区块链地址以及与 所述区块链地址相对应的识别码;所述机器人认证中心基于所述验证参数中的目标区块链地址从区块链账本中获取所述目标机器人的目标识别码,并根据所述验证参数以及所述目标识别码计算得到第二验证信息,在所述第一验证信息与所述第二验证信息相同的情况下,所述目标机器人通过所述机器人认证中心的认证。Wherein, the robot certification center can obtain the blockchain ledger in the blockchain network, the blockchain ledger includes the registration information of the registered robot, and the registration information includes the blockchain address of the robot and An identification code corresponding to the block chain address; the robot certification center obtains the target identification code of the target robot from the block chain account book based on the target block chain address in the verification parameter, and according to the The verification parameters and the target identification code are calculated to obtain second verification information, and if the first verification information is the same as the second verification information, the target robot is certified by the robot certification center.
根据本公开实施例的第四方面,提供一种计算机程序,包括计算机可读代码,当所述计算机可读代码在计算处理设备上运行时,使得所述计算处理设备执行上述第二方面中任一项所述的方法。According to a fourth aspect of the embodiments of the present disclosure, there is provided a computer program, including computer readable code, when the computer readable code is run on a computing processing device, the computing processing device is made to perform any of the above-mentioned second aspects. one of the methods described.
根据本公开实施例的第五方面,提供一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现上述第二方面中任一项所述方法的步骤。According to a fifth aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium, on which a computer program is stored, and when the program is executed by a processor, the steps of any one of the methods described in the above-mentioned second aspect are implemented.
根据本公开实施例的第六方面,提供一种计算处理设备,包括:According to a sixth aspect of the embodiments of the present disclosure, there is provided a computing processing device, including:
存储器,其上存储有计算机程序;a memory on which a computer program is stored;
处理器,用于执行所述存储器中的所述计算机程序,以实现上述第二方面中任一项所述方法的步骤。A processor, configured to execute the computer program in the memory, so as to implement the steps of any one of the methods in the second aspect above.
根据本公开实施例的第七方面,提供一种计算机程序,包括计算机可读代码,当所述计算机可读代码在计算处理设备上运行时,使得所述计算处理设备执行上述第三方面中所述的方法。According to a seventh aspect of the embodiments of the present disclosure, there is provided a computer program, including computer readable code, which, when the computer readable code is run on a computing processing device, causes the computing processing device to execute the program described in the third aspect above. described method.
根据本公开实施例的第八方面,提供一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现上述第三方面中所述方法的步骤。According to an eighth aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium, on which a computer program is stored, and when the program is executed by a processor, the steps of the method described in the above-mentioned third aspect are implemented.
根据本公开实施例的第九方面,提供一种计算处理设备,包括:According to a ninth aspect of the embodiments of the present disclosure, there is provided a computing processing device, including:
存储器,其上存储有计算机程序;a memory on which a computer program is stored;
处理器,用于执行所述存储器中的所述计算机程序,以实现上述第三方面中所述方法的步骤。A processor, configured to execute the computer program in the memory, so as to implement the steps of the method in the above third aspect.
上述技术方案中,机器人认证中心能够获取区块链网络中的区块链账本,所述区块链账本中包括已注册的机器人的注册信息。这样,所述机器人认证中心在接收到机器人的认证请求之后,可以从区块链账本中获取所述机器人的识别码,并根据验证参数以及所述识别码计算第二验证信息。通过对比所述第二验证信息以及机器人的认证请求中的第一验证信息,所述机器人认证中心可以对已注册的机器人进行认证,从而提升安全性。In the above technical solution, the robot certification center can obtain the blockchain ledger in the blockchain network, and the blockchain ledger includes the registration information of the registered robot. In this way, after the robot authentication center receives the authentication request from the robot, it can obtain the identification code of the robot from the blockchain ledger, and calculate the second verification information according to the verification parameters and the identification code. By comparing the second verification information with the first verification information in the robot's authentication request, the robot authentication center can authenticate the registered robot, thereby improving security.
此外,由于机器人的注册信息存储在区块链账本中,可以由区块链系统进行维护和管理,因此机器人认证中心无需再维护机器人的注册信息。采用这样的方式,能够降低 机器人认证中心的压力和负载,同时也避免了机器人认证中心维护机器人注册信息时所面临的中心化问题。In addition, since the robot's registration information is stored in the blockchain ledger and can be maintained and managed by the blockchain system, the robot certification center no longer needs to maintain the robot's registration information. In this way, the pressure and load on the robot certification center can be reduced, and at the same time, the centralization problem faced by the robot certification center when maintaining robot registration information is avoided.
本公开的其他特征和优点将在随后的具体实施方式部分予以详细说明。Other features and advantages of the present disclosure will be described in detail in the detailed description that follows.
附图说明Description of drawings
附图是用来提供对本公开的进一步理解,并且构成说明书的一部分,与下面的具体实施方式一起用于解释本公开,但并不构成对本公开的限制。在附图中:The accompanying drawings are used to provide a further understanding of the present disclosure, and constitute a part of the description, together with the following specific embodiments, are used to explain the present disclosure, but do not constitute a limitation to the present disclosure. In the attached picture:
图1是本公开一示例性实施例所示出的一种机器人认证的场景示意图。Fig. 1 is a schematic diagram of a scenario of robot authentication shown in an exemplary embodiment of the present disclosure.
图2是本公开一示例性实施例所示出的一种机器人认证的场景示意图。Fig. 2 is a schematic diagram of a scenario of robot authentication shown in an exemplary embodiment of the present disclosure.
图3是本公开一示例性实施例所示出的一种机器人认证的场景示意图。Fig. 3 is a schematic diagram of a scenario of robot authentication shown in an exemplary embodiment of the present disclosure.
图4是本公开一示例性实施例所示出的一种机器人认证方法的流程图。Fig. 4 is a flow chart of a robot authentication method shown in an exemplary embodiment of the present disclosure.
图5是本公开一示例性实施例所示出的一种机器人认证方法的流程图。Fig. 5 is a flowchart of a robot authentication method shown in an exemplary embodiment of the present disclosure.
图6是本公开一示例性实施例所示出的一种计算处理设备的结构示意图。Fig. 6 is a schematic structural diagram of a computing processing device shown in an exemplary embodiment of the present disclosure.
图7是本公开一示例性实施例所示出的一种用于实现本公开的方法的程序代码的存储单元的示意图。Fig. 7 is a schematic diagram of a program code storage unit for implementing the method of the present disclosure shown in an exemplary embodiment of the present disclosure.
图8是本公开一示例性实施例所示出的一种计算处理设备的结构示意图。Fig. 8 is a schematic structural diagram of a computing processing device shown in an exemplary embodiment of the present disclosure.
图9是本公开一示例性实施例所示出的一种用于实现本公开的方法的程序代码的存储单元的示意图。Fig. 9 is a schematic diagram of a program code storage unit for implementing the method of the present disclosure shown in an exemplary embodiment of the present disclosure.
具体实施方式detailed description
以下结合附图对本公开的具体实施方式进行详细说明。应当理解的是,此处所描述的具体实施方式仅用于说明和解释本公开,并不用于限制本公开。Specific embodiments of the present disclosure will be described in detail below in conjunction with the accompanying drawings. It should be understood that the specific embodiments described here are only used to illustrate and explain the present disclosure, and are not intended to limit the present disclosure.
在介绍本公开的机器人认证系统及方法之前,首先对本公开的应用场景进行介绍,本公开所提供的各实施例例如可以用于机器人的认证场景。Before introducing the robot authentication system and method of the present disclosure, the application scenarios of the present disclosure are firstly introduced, and the various embodiments provided in the present disclosure can be used in robot authentication scenarios, for example.
为了提升机器人的安全性,机器人的管理与控制必须在机器人通过认证后才能进行。相关技术中,可以在机器人中预置机器人账号和密码,这样,机器人可以通过所述机器人账号和密码到机器人认证中心进行认证。In order to improve the safety of the robot, the management and control of the robot must be carried out after the robot has passed the certification. In related technologies, a robot account and password can be preset in the robot, so that the robot can go to the robot authentication center for authentication through the robot account and password.
在一些实施场景中,也可以在机器人中预置对称密钥(每个机器人中的对称密钥不同),并在机器人认证中心中保存其管理范围内的机器人的预置对称密钥。这样,可以采 用类似于移动网络接入认证的方式对机器人进行认证。In some implementation scenarios, it is also possible to preset a symmetric key in the robot (the symmetric key is different in each robot), and save the preset symmetric key of the robots within its management scope in the robot certification center. In this way, robots can be authenticated in a manner similar to authentication for mobile network access.
然而,采用这样的方式,机器人需要本地保存机器人账号信息或者对称密钥,存在泄密风险。为了提高安全性,需定期更改账号信息。并且,机器人认证中心是中心化的组件,其管理、存储和维护所有机器人的账号及密码信息,一旦机器人认证中心失控,机器人就可能被假冒。同时,当机器人认证中心因为相关原因(自然灾害、停电等)停止服务时,也可能出现机器人无法认证的现象,进而影响业务可用性。此外,由于所有的机器人认证都在机器人认证中心进行,导致机器人认证中心的复杂度较高。并且,在机器人数量较多的情况下,机器人认证中心还可能出现性能瓶颈。However, in this way, the robot needs to save the robot account information or symmetric key locally, and there is a risk of leakage. To improve security, account information needs to be changed periodically. Moreover, the robot certification center is a centralized component that manages, stores and maintains the account and password information of all robots. Once the robot certification center is out of control, the robot may be counterfeited. At the same time, when the robot certification center stops its service due to related reasons (natural disasters, power outages, etc.), it may also happen that the robot cannot be certified, which will affect business availability. In addition, since all robot certifications are performed in the robot certification center, the complexity of the robot certification center is relatively high. Moreover, in the case of a large number of robots, the robot certification center may also have a performance bottleneck.
为此,本公开提供一种机器人认证系统,所述系统包括机器人认证中心。其中,机器人认证中心例如可以设置为区块链网络中的节点。参照图1所示出的一种机器人认证的场景示意图,所述机器人认证中心可以作为区块链网络中的节点,从而与区块链网络中的其他区块链节点(图中以区块链节点1-3示意)进行交互。To this end, the present disclosure provides a robot authentication system, which includes a robot authentication center. Among them, the robot certification center can be set as a node in the blockchain network, for example. Referring to the schematic diagram of a robot authentication scenario shown in Figure 1, the robot authentication center can be used as a node in the blockchain network, so as to communicate with other blockchain nodes in the blockchain network (blockchain in the figure) Nodes 1-3 are shown) to interact.
当然,参照图2所示出的一种机器人认证的场景示意图,所述机器人认证中心也可以以分布式的方式进行设置。在这种情况下,所述机器人认证中心的数量可以为多个。例如在图2的示例中,机器人认证中心的数量为2个。Of course, referring to the schematic diagram of a robot authentication scenario shown in FIG. 2 , the robot authentication center can also be set up in a distributed manner. In this case, there may be multiple robot certification centers. For example, in the example shown in FIG. 2 , there are two robot certification centers.
通过这样的设置,机器人认证中心能够获取区块链网络中的区块链账本,所述区块链账本中包括已注册的机器人的注册信息。这里,注册信息例如可以包括机器人的区块链地址以及与所述区块链地址相对应的识别码。所述识别码可以是每一机器人所对应的PIN(Personal Identification Number,个人识别密码)码,并保持各机器人之间的识别码不同。Through such a setting, the robot certification center can obtain the blockchain ledger in the blockchain network, and the blockchain ledger includes the registration information of the registered robot. Here, the registration information may include, for example, a blockchain address of the robot and an identification code corresponding to the blockchain address. The identification code can be the corresponding PIN (Personal Identification Number, personal identification code) code of each robot, and keep the identification codes between the robots different.
示例地,机器人可以产生公钥、私钥以及识别码,并基于公钥生成区块链地址。这样,所述机器人可以基于所述区块链地址以及识别码进行注册。在注册成功之后,所述机器人的区块链地址以及识别码被写入至区块链账本中。For example, the robot can generate a public key, a private key, and an identification code, and generate a blockchain address based on the public key. In this way, the robot can be registered based on the blockchain address and identification code. After successful registration, the robot's blockchain address and identification code are written into the blockchain ledger.
在一些实施场景中,机器人的注册信息还可以包括机器人的相关信息,如机器人类型、公钥、机器人ID(Identity document,身份标识)等等,本公开对此不做限制。In some implementation scenarios, the robot's registration information may also include robot-related information, such as robot type, public key, robot ID (Identity document, identity mark), etc., which is not limited in the present disclosure.
参照图1,所述机器人认证中心用于,接收目标机器人的认证请求,所述认证请求包括第一验证信息以及验证参数。根据所述验证参数中的目标区块链地址从区块链账本中获取所述目标机器人的目标识别码,并根据所述验证参数以及所述目标识别码计算得到第二验证信息。Referring to FIG. 1 , the robot authentication center is configured to receive an authentication request of a target robot, and the authentication request includes first verification information and verification parameters. Obtain the target identification code of the target robot from the blockchain ledger according to the target blockchain address in the verification parameter, and calculate the second verification information according to the verification parameter and the target identification code.
其中,所述目标区块链地址为所述目标机器人的区块链地址,所述第一验证信息由所述目标机器人基于所述验证参数以及目标识别码计算得到。例如在一些实施场景中,所述验证参数可以包括:目标区块链地址、时间戳以及所述目标机器人生成的随机数;Wherein, the target blockchain address is the blockchain address of the target robot, and the first verification information is calculated by the target robot based on the verification parameters and the target identification code. For example, in some implementation scenarios, the verification parameters may include: a target blockchain address, a timestamp, and a random number generated by the target robot;
所述目标机器人用于,将所述目标识别码作为密钥,将所述验证参数作为被计算数据,通过HMAC-SHA256算法计算得到所述第一验证信息。The target robot is configured to use the target identification code as a key and the verification parameter as calculated data to obtain the first verification information through HMAC-SHA256 algorithm calculation.
具体来讲,目标机器人可以获取自身的目标区块链地址robot-did、识别码pin-code以及本机时间戳timestamp(例如可以相对于1970年1月1日0时0分0秒的时间戳,长度8字节,单位毫秒,GMT+00:00时间),并产生随机数random(如32字节)。Specifically, the target robot can obtain its own target blockchain address robot-did, identification code pin-code, and local timestamp timestamp (for example, it can be relative to the timestamp of January 1, 1970 at 0:00:00) , the length is 8 bytes, the unit is millisecond, GMT+00:00), and a random number random (such as 32 bytes) is generated.
在获得上述信息之后,目标机器人可以基于HMAC-SHA256算法,以pin-code作为HMAC的密钥,以random||timestamp||robot-did作为被计算数据,计算得到HMAC结果mac1(32字节)作为所述第一验证信息。其中,“||”表示拼接。After obtaining the above information, the target robot can calculate the HMAC result mac1 (32 bytes) based on the HMAC-SHA256 algorithm, using the pin-code as the HMAC key and random||timestamp||robot-did as the calculated data. as the first verification information. Among them, "||" means splicing.
这样,目标机器人可以向机器人认证中心发送认证请求,所述认证请求包括第一验证信息mac1、目标区块链地址robot-did、随机数random以及timestamp。当然,在一些场景中,机器人也可以拼接mac1、random、timestamp、robot-id,得到OTP(One Time Password,一次性密码)。在这种情况下,所述认证请求包括所述OTP。In this way, the target robot can send an authentication request to the robot authentication center, and the authentication request includes the first verification information mac1, the target blockchain address robot-did, the random number random, and the timestamp. Of course, in some scenarios, the robot can also splice mac1, random, timestamp, and robot-id to obtain OTP (One Time Password, one-time password). In this case, the authentication request includes the OTP.
机器人认证中心在接收到目标机器人的认证请求之后,可以解析获得所述目标区块链地址robot-did、随机数random以及timestamp。并基于目标区块链地址从区块链账本中获取所述目标机器人的目标识别码。这样,机器人认证中心也可以基于HMAC-SHA256算法,以获取到的pin-code作为HMAC的密钥,以random||timestamp||robot-did作为被计算数据,计算得到HMAC结果mac2作为第二验证信息。After receiving the authentication request from the target robot, the robot certification center can analyze and obtain the target blockchain address robot-did, random number random and timestamp. And the target identification code of the target robot is obtained from the blockchain ledger based on the target blockchain address. In this way, based on the HMAC-SHA256 algorithm, the robot certification center can also use the obtained pin-code as the HMAC key, use random||timestamp||robot-did as the calculated data, and calculate the HMAC result mac2 as the second verification information.
通过对比所述第一验证信息与所述第二验证信息,机器人认证中心可以对目标机器人进行认证。例如,在所述第一验证信息与所述第二验证信息相同的情况下,所述目标机器人通过所述机器人认证中心的认证。在所述第一验证信息与所述第二验证信息不同的情况下,则认证不通过。By comparing the first verification information with the second verification information, the robot authentication center can authenticate the target robot. For example, if the first verification information is the same as the second verification information, the target robot is certified by the robot certification center. If the first verification information is different from the second verification information, the authentication fails.
需要说明的是,以上实施例以验证参数为目标区块链地址、时间戳以及所述目标机器人生成的随机数为例对本公开的机器人认证过程进行了示例性说明。本领域技术人员应当知晓,在具体实施时,上述参数也可以进行相应的调整(例如增加相关的机器人信息)。同时,HMAC中所使用的单向散列函数可以不限于上述示例,相关的高强度的单向散列函数(例如SHA-1)也可以被用于HMAC,本公开对此不做限制。It should be noted that, the above embodiments illustrate the robot authentication process of the present disclosure by taking verification parameters as an example of a target blockchain address, a timestamp, and a random number generated by the target robot. Those skilled in the art should know that during specific implementation, the above parameters may also be adjusted accordingly (for example, adding relevant robot information). Meanwhile, the one-way hash function used in HMAC may not be limited to the above example, and a related high-strength one-way hash function (such as SHA-1) may also be used in HMAC, which is not limited in the present disclosure.
上述技术方案中,机器人认证中心能够获取区块链网络中的区块链账本,所述区块链账本中包括已注册的机器人的注册信息。这样,所述机器人认证中心在接收到机器人的认证请求之后,可以从区块链账本中获取所述机器人的识别码,并根据验证参数以及所述识别码计算第二验证信息。通过对比所述第二验证信息以及机器人的认证请求中的第一验证信息,所述机器人认证中心可以对已注册的机器人进行认证,从而提升安全性。In the above technical solution, the robot certification center can obtain the blockchain ledger in the blockchain network, and the blockchain ledger includes the registration information of the registered robot. In this way, after the robot authentication center receives the authentication request from the robot, it can obtain the identification code of the robot from the blockchain ledger, and calculate the second verification information according to the verification parameters and the identification code. By comparing the second verification information with the first verification information in the robot's authentication request, the robot authentication center can authenticate the registered robot, thereby improving security.
此外,由于机器人的注册信息存储在区块链账本中,可以由区块链系统进行维护和管理,因此机器人认证中心无需再维护机器人的注册信息。采用这样的方式,能够降低机器人认证中心的压力和负载,同时也避免了机器人认证中心维护机器人注册信息时所面临的中心化问题。In addition, since the robot's registration information is stored in the blockchain ledger and can be maintained and managed by the blockchain system, the robot certification center no longer needs to maintain the robot's registration information. In this way, the pressure and load on the robot certification center can be reduced, and at the same time, the centralization problem faced by the robot certification center in maintaining robot registration information can be avoided.
在一种可能的实施方式中,所述机器人认证中心还用于:In a possible implementation manner, the robot certification center is also used for:
在所述目标机器人通过所述机器人认证中心的认证的情况下,向所述目标机器人以及所述目标机器人所对应的交互端发送访问令牌(access-token)。When the target robot is authenticated by the robot authentication center, an access token (access-token) is sent to the target robot and the interaction terminal corresponding to the target robot.
其中,所述交互端例如可以是目标机器人所涉及的机器人管理系统、业务系统等等。所述访问令牌用于所述交互端对所述目标机器人的交互请求进行验证。Wherein, the interaction end may be, for example, a robot management system, a business system, etc. involved in the target robot. The access token is used by the interaction terminal to verify the interaction request of the target robot.
在一些实施场景中,访问令牌还可以与机器人的身份标识(例如编号ID)相对应。在这种情况下,机器人认证中心还可以在所述目标机器人通过认证的情况下,向所述目标机器人所对应的交互端发送目标机器人的身份标识以及对应的访问令牌。In some implementation scenarios, the access token may also correspond to the robot's identity (such as an ID number). In this case, the robot authentication center may also send the identity of the target robot and the corresponding access token to the interaction terminal corresponding to the target robot when the target robot passes the authentication.
在一些实施场景中,所述访问令牌还可以包括对应的有效期,如1小时、一天等。在访问令牌的有效期内,目标机器人可以通过所述访问令牌与机器人交互端进行交互。在所述访问令牌有效期满后,目标机器人需按上述流程重新与机器人认证中心进行认证。In some implementation scenarios, the access token may also include a corresponding validity period, such as 1 hour, one day, and so on. During the validity period of the access token, the target robot can interact with the robot interaction terminal through the access token. After the validity period of the access token expires, the target robot needs to re-authenticate with the robot authentication center according to the above process.
通过这样的方式,能够对通过认证的机器人进行管理,有助于提升机器人的安全性。In this way, certified robots can be managed, which helps to improve the safety of the robot.
此外值得说明的是,区块链账本中所记录的机器人信息、机器人认证中心信息是接入认证的重要数据。因此,在一些实施场景中,还可以对机器人、机器人认证中心的添加修改过程设置相关的权限控制策略。In addition, it is worth noting that the robot information and robot certification center information recorded in the blockchain ledger are important data for access certification. Therefore, in some implementation scenarios, related permission control policies may also be set for the process of adding and modifying the robot and the robot certification center.
例如,在一种可能的实施方式中,可以基于许可链进行权限控制。在所述许可链中,可以限制不同区块链账户是否具有对某些数据的写入和修改权限。例如,可以为OSS(Business Support System,业务支撑系统)和/或BSS(Operation Support System,运营支撑系统)中的区块链账户配置数据写入权限和数据修改权限,并为机器人、机器人认证中心所涉及的区块链账户设置数据读取权限。For example, in a possible implementation manner, authority control may be performed based on a permission chain. In the permission chain, it is possible to restrict whether different blockchain accounts have the permission to write and modify certain data. For example, data write permissions and data modification permissions can be configured for blockchain accounts in OSS (Business Support System, business support system) and/or BSS (Operation Support System, operation support system), and for robots and robot certification centers The blockchain account involved sets the data read permission.
在一些可能的实施方式中,也可以基于制定的智能合约对机器人以及机器人认证中心的相关数据进行管理。例如,可以编写对应的智能合约,通过智能合约实现信息的存储。所述智能合约可以提供注册、修改、注销、查询等接口。其中,将注册、修改、注销、查询等接口的调用权限分配至OSS/BSS所对应的区块链账户,并设置机器人、机器人认证中心所对应的区块链账户具有查询接口的调用权限。In some possible implementations, the robot and the relevant data of the robot certification center can also be managed based on the formulated smart contract. For example, corresponding smart contracts can be written to store information through smart contracts. The smart contract can provide interfaces such as registration, modification, cancellation, and query. Among them, assign the calling authority of the registration, modification, cancellation, query and other interfaces to the blockchain account corresponding to the OSS/BSS, and set the blockchain account corresponding to the robot and the robot certification center to have the calling authority of the query interface.
这样,在一些实施场景中,所述系统还可以包括第一认证管理端。参照图3所示出的一种机器人认证的场景示意图,所述第一认证管理端为具备机器人注册权限的区块链节点,其可以与OSS/BSS的相关账户相对应。In this way, in some implementation scenarios, the system may further include a first authentication management terminal. Referring to the schematic diagram of a robot authentication scenario shown in FIG. 3 , the first authentication management terminal is a blockchain node with robot registration authority, which can correspond to the relevant account of OSS/BSS.
所述第一认证管理端用于,在接收到机器人注册请求时,将所述注册请求中的注册信息写入至所述区块链账本中;并将所述区块链网络的启动节点信息发送至所述机器人,其中,所述注册信息包括所述机器人的区块链地址以及识别码;The first authentication management terminal is used to, when receiving a robot registration request, write the registration information in the registration request into the blockchain ledger; and write the startup node information of the blockchain network sent to the robot, wherein the registration information includes the robot's blockchain address and identification code;
所述机器人用于,保存所述启动节点信息,并基于所述启动节点信息接入至所述区块链网络。The robot is used for saving the starting node information, and accessing the block chain network based on the starting node information.
示例地,机器人可以产生公钥、私钥以及识别码,并通过公钥生成区块链地址。这样,所述机器人可以向所述第一认证管理端发送包括所述区块链地址以及识别码的注册请求。For example, the robot can generate a public key, a private key, and an identification code, and generate a blockchain address through the public key. In this way, the robot can send a registration request including the blockchain address and the identification code to the first authentication management terminal.
所述第一认证管理端在接收到所述注册请求之后,可以通过向区块链网络中发送交易的方式将所述机器人的区块链地址以及识别码写入至区块链账本中,从而完成注册。After the first authentication management terminal receives the registration request, it can write the robot's blockchain address and identification code into the blockchain ledger by sending a transaction to the blockchain network, thereby Complete the registration.
当然,在一些实施方式中,机器人的注册信息还可以包括机器人的类型、编号、公钥等等。所述第一认证管理端在接收到所述注册请求之后,也可以对所述机器人的相关信息进行校验,本公开对此不做限制。Of course, in some implementations, the robot's registration information may also include the robot's type, serial number, public key, and so on. After receiving the registration request, the first authentication management terminal may also verify the relevant information of the robot, which is not limited in the present disclosure.
此外,第一认证管理端还可以将区块链网络的启动节点信息发送至所述机器人。相应的,机器人可以用于,保存所述启动节点信息,并基于所述启动节点信息接入至所述区块链网络。In addition, the first authentication management terminal can also send the startup node information of the blockchain network to the robot. Correspondingly, the robot can be used to save the starting node information, and access to the blockchain network based on the starting node information.
示例地,机器人可以根据记录的启动节点信息,通过区块链连接协议,采用轻节点协议或RPC的方式,连接至区块链网络。这样,在连接至区块链网络之后,所述机器人可以向区块链网络中的任一机器人认证中心发送认证请求,进而进行认证。For example, the robot can connect to the blockchain network through the blockchain connection protocol, light node protocol or RPC according to the recorded starting node information. In this way, after connecting to the blockchain network, the robot can send an authentication request to any robot certification center in the blockchain network, and then perform authentication.
当然,基于应用需求的不同,在一些可能的实施方式中,第一认证管理端也可以对应于相关的管理账户,这些管理账户也可以不与OSS/BSS相对应。Of course, based on different application requirements, in some possible implementation manners, the first authentication management terminal may also correspond to relevant management accounts, and these management accounts may not correspond to OSS/BSS.
采用上述技术方案,能够通过设置第一认证管理端来对机器人的注册过程进行管理,同时也对机器人信息的写入权限进行了控制。By adopting the above technical solution, the registration process of the robot can be managed by setting the first authentication management terminal, and at the same time, the writing authority of the robot information can be controlled.
在一些实施场景中,所述系统还包括第二认证管理端,所述第二认证管理端为具备机器人注册权限的区块链节点,其可以与OSS/BSS的相关账户相对应。In some implementation scenarios, the system further includes a second authentication management terminal, the second authentication management terminal is a blockchain node with robot registration authority, which may correspond to the relevant account of OSS/BSS.
第二认证管理端用于,在接收到机器人的注册请求时,生成对应于所述机器人的私钥、公钥、区块链地址、标识信息以及识别码;将所述公钥、区块链地址以及识别码作为所述机器人的注册信息写入至区块链账本中;并向所述机器人发送所述区块链网络的启动节点信息、所述标识信息以及所述私钥;The second authentication management terminal is used to, when receiving the registration request of the robot, generate the private key, public key, block chain address, identification information and identification code corresponding to the robot; The address and the identification code are written into the blockchain account book as the registration information of the robot; and the startup node information, the identification information and the private key of the blockchain network are sent to the robot;
所述机器人用于,保存所述私钥、所述标识信息以及所述启动节点信息,基于所述启动节点信息接入至所述区块链网络,并基于所述标识信息从区块链账本中获取所述机器人的区块链地址以及识别码。The robot is used to store the private key, the identification information, and the startup node information, access the blockchain network based on the startup node information, and retrieve the information from the blockchain ledger based on the identification information. Obtain the blockchain address and identification code of the robot.
通过这样的方式,机器人的公钥、区块链地址、标识信息以及识别码由OSS/BSS的相关节点生成并保存至链上。机器人在每一次认证时,都从链上获取自身的区块链地址以及识别码,进而进行认证。In this way, the robot's public key, blockchain address, identification information, and identification code are generated by relevant nodes of OSS/BSS and saved on the chain. Every time the robot authenticates, it obtains its own blockchain address and identification code from the chain, and then performs authentication.
也就是说,机器人的认证过程无需账号密码,同时认证过程所涉及的相关信息(区块链地址、识别码等)不在机器人本地维护。因此,上述技术方案避免了机器人的账号泄密风险,也降低了机器人被假冒的风险。That is to say, the authentication process of the robot does not require an account password, and the relevant information (blockchain address, identification code, etc.) involved in the authentication process is not maintained locally by the robot. Therefore, the above technical solution avoids the risk of the robot's account leaking, and also reduces the risk of the robot being counterfeited.
在一些实施场景中,所述系统还可以包括第三认证管理端。所述第三认证管理端为具备机器人注销权限的区块链节点,其可以与OSS/BSS的相关账户相对应。In some implementation scenarios, the system may further include a third authentication management terminal. The third authentication management terminal is a block chain node with robot logout authority, which can correspond to the relevant account of OSS/BSS.
所述第三认证管理端用于,在接收到机器人注销请求时,根据所述注销请求中的机器人标识确定待注销的机器人,并将所述区块链账本中的所述待注销的机器人的注册信息更新为失效状态。The third authentication management terminal is used to, when receiving a robot logout request, determine the robot to be canceled according to the robot identification in the logout request, and store the robot's ID in the block chain ledger The registration information is updated to an invalid state.
这里,机器人注销请求可以是由相关的机器人管理端发送的也可以是由机器人发送的。在一些实施方式中,所述机器人注销请求也可以是所述第三认证管理端基于预设的规则自动生成的。例如,在机器人注册时,可以为每一机器人设置对应的有效时间区间,当超过有效时间区间之后则自动生成机器人注销请求。所述机器人注销请求中的机器人标识例如可以是机器人编号等能够对机器人进行区分的标识,本公开对此不做限制。Here, the robot logout request may be sent by the relevant robot management terminal or sent by the robot. In some implementation manners, the robot logout request may also be automatically generated by the third authentication management terminal based on preset rules. For example, when a robot is registered, a corresponding valid time interval can be set for each robot, and a robot logout request is automatically generated after the valid time interval is exceeded. The robot identifier in the robot logout request may be, for example, an identifier that can distinguish robots such as a robot number, which is not limited in the present disclosure.
这样,第三认证管理端在接收到机器人注销请求时,可以根据所述注销请求中的机器人标识确定待注销的机器人。所述第三认证管理端还可以通过向区块网络中发送交易 的方式,将所述区块链账本中的所述待注销的机器人的注册信息更新为失效状态。由于注册信息被更新为失效状态,因此所述待注销的机器人无法再通过机器人认证中心的认证。In this way, when the third authentication management terminal receives the robot logout request, it can determine the robot to be logged out according to the robot identifier in the logout request. The third authentication management terminal can also update the registration information of the robot to be canceled in the block chain account book to an invalid state by sending a transaction to the block network. Since the registration information is updated to an invalid state, the robot to be deregistered can no longer pass the authentication of the robot authentication center.
通过这样的方式,能够基于第三认证管理端对已注册的机器人进行管理,同时也对机器人信息的注销权限进行了控制。In this way, the registered robot can be managed based on the third authentication management terminal, and at the same time, the logout authority of the robot information can be controlled.
在一种可能的实施方式中,所述系统还包括第四认证管理端,所述第四认证管理端为具备机器人认证中心注册权限的区块链节点,其可以与OSS/BSS的相关账户相对应。In a possible implementation manner, the system further includes a fourth authentication management terminal, which is a blockchain node with the registration authority of the robot certification center, which can communicate with the relevant account of the OSS/BSS. correspond.
所述第四认证管理端用于,在接收到机器人认证中心的注册请求时,将所述注册请求中的注册信息写入至所述区块链账本中,所述注册信息包括所述机器人认证中心的区块链地址和公钥。The fourth authentication management terminal is used to write the registration information in the registration request into the block chain ledger when receiving the registration request from the robot authentication center, the registration information including the robot authentication The central blockchain address and public key.
示例地,机器人认证中心可以产生公钥和私钥,并通过公钥生成区块链地址。这样,所述机器人认证中心可以向第四认证管理端发送包括所述区块链地址以及公钥的注册请求。Exemplarily, the robot certification center can generate a public key and a private key, and generate a blockchain address through the public key. In this way, the robot certification center can send a registration request including the blockchain address and public key to the fourth certification management terminal.
所述第四认证管理端在接收到所述注册请求之后,可以通过向区块链网络中发送交易的方式将所述机器人认证中心的区块链地址以及公钥写入至区块链账本中,从而完成注册。After the fourth authentication management terminal receives the registration request, it can write the blockchain address and public key of the robot certification center into the blockchain ledger by sending a transaction to the blockchain network , to complete the registration.
采用上述技术方案,能够通过设置第四认证管理端来对机器人认证中心的注册过程进行管理,同时也对机器人认证中心信息的写入权限进行了控制。By adopting the above technical solution, the registration process of the robot certification center can be managed by setting the fourth certification management terminal, and at the same time, the writing authority of the robot certification center information can be controlled.
此外值得说明的是,为了描述的方便和简洁,说明书中所描述的实施例均属于优选实施例,其所涉及的部分并不一定是本发明所必须的。例如,所述第一认证管理端、第二认证管理端、第三认证管理端以及第四认证管理端,在具体实施时可以是相互独立的系统组件也可以是同一个系统组件。此外,第一认证管理端、第二认证管理端、第三认证管理端以及第四认证管理端也可以对应于相关的区块链管理账户,这些区块链管理账户也可以不与OSS/BSS相对应,本公开对此不做限制。In addition, it is worth noting that, for convenience and brevity of description, the embodiments described in the specification belong to preferred embodiments, and the parts involved are not necessarily essential to the present invention. For example, the first authentication management terminal, the second authentication management terminal, the third authentication management terminal and the fourth authentication management terminal may be independent system components or the same system component during specific implementation. In addition, the first authentication management terminal, the second authentication management terminal, the third authentication management terminal and the fourth authentication management terminal may also correspond to relevant blockchain management accounts, and these blockchain management accounts may not be related to OSS/BSS Correspondingly, the present disclosure does not limit this.
本公开还提供一种机器人认证方法,用于机器人认证中心。所述机器人认证中心可以是上述任一实施例中所述的机器人认证中心。所述机器人认证中心能够获取区块链网络中的区块链账本,所述区块链账本中包括已注册的机器人的注册信息。The present disclosure also provides a robot authentication method used in a robot authentication center. The robot certification center may be the robot certification center described in any of the above embodiments. The robot certification center can obtain the blockchain ledger in the blockchain network, and the blockchain ledger includes the registration information of the registered robot.
这里,注册信息例如可以包括机器人的区块链地址以及与所述区块链地址相对应的识别码。所述识别码可以是每一机器人所对应的PIN码,并保持各机器人之间的识别码 不同。Here, the registration information may include, for example, a blockchain address of the robot and an identification code corresponding to the blockchain address. The identification code can be the corresponding PIN code of each robot, and keep the identification codes between the robots different.
示例地,机器人可以产生公钥、私钥以及识别码,并基于公钥生成区块链地址。这样,所述机器人可以基于所述区块链地址以及识别码进行注册。在注册成功之后,所述机器人的区块链地址以及识别码被写入至区块链账本中。For example, the robot can generate a public key, a private key, and an identification code, and generate a blockchain address based on the public key. In this way, the robot can be registered based on the blockchain address and identification code. After successful registration, the robot's blockchain address and identification code are written into the blockchain ledger.
在一些实施场景中,机器人的注册信息还可以包括机器人的相关信息,如机器人类型、公钥、机器人ID等等,本公开对此不做限制。In some implementation scenarios, the registration information of the robot may also include related information of the robot, such as robot type, public key, robot ID, etc., which is not limited in the present disclosure.
图4是本公开所示出的一种机器人认证方法的流程图,所述方法包括:Fig. 4 is a flow chart of a robot authentication method shown in the present disclosure, the method comprising:
S41,接收目标机器人的认证请求,所述认证请求包括第一验证信息以及验证参数;S41. Receive an authentication request from the target robot, where the authentication request includes first verification information and verification parameters;
S42,根据所述验证参数中的目标区块链地址从区块链账本中获取所述目标机器人的目标识别码,所述目标区块链地址为所述目标机器人的区块链地址;S42. Obtain the target identification code of the target robot from the blockchain ledger according to the target blockchain address in the verification parameter, where the target blockchain address is the blockchain address of the target robot;
S43,根据所述验证参数以及所述目标识别码计算得到第二验证信息;S43. Calculate and obtain second verification information according to the verification parameter and the target identification code;
S44,在所述第一验证信息与所述第二验证信息相同的情况下,确定所述目标机器人通过认证;S44. If the first verification information is the same as the second verification information, determine that the target robot has passed the verification;
其中,所述第一验证信息由所述目标机器人基于所述验证参数以及目标识别码计算得到。Wherein, the first verification information is calculated by the target robot based on the verification parameters and the target identification code.
示例地,所述验证参数可以包括:目标区块链地址、时间戳以及所述目标机器人生成的随机数。所述目标机器人通过将所述目标识别码作为密钥,将所述验证参数作为被计算数据,通过HMAC-SHA256算法计算得到所述第一验证信息。Exemplarily, the verification parameters may include: a target blockchain address, a timestamp, and a random number generated by the target robot. The target robot calculates the first verification information by using the target identification code as a key and the verification parameter as calculated data through HMAC-SHA256 algorithm.
具体来讲,目标机器人可以获取自身的目标区块链地址robot-did、识别码pin-code以及本机时间戳timestamp,并产生随机数random(如32字节)。Specifically, the target robot can obtain its own target blockchain address robot-did, identification code pin-code, and local timestamp timestamp, and generate a random number random (such as 32 bytes).
在获得上述信息之后,目标机器人可以基于HMAC-SHA256算法,以pin-code作为HMAC的密钥,以random||timestamp||robot-did作为被计算数据,计算得到HMAC结果mac1(32字节)作为所述第一验证信息。其中,“||”表示拼接。After obtaining the above information, the target robot can calculate the HMAC result mac1 (32 bytes) based on the HMAC-SHA256 algorithm, using the pin-code as the HMAC key and random||timestamp||robot-did as the calculated data. as the first verification information. Among them, "||" means splicing.
这样,目标机器人可以向机器人认证中心发送认证请求,所述认证请求包括第一验证信息mac1、目标区块链地址robot-did、随机数random以及timestamp。当然,在一些场景中,机器人也可以拼接mac1、random、timestamp、robot-id,得到OTP。在这种情况下,所述认证请求包括所述OTP。In this way, the target robot can send an authentication request to the robot authentication center, and the authentication request includes the first verification information mac1, the target blockchain address robot-did, the random number random, and the timestamp. Of course, in some scenarios, the robot can also splicing mac1, random, timestamp, robot-id to get OTP. In this case, the authentication request includes the OTP.
机器人认证中心在接收到目标机器人的认证请求之后,可以解析获得所述目标区块链地址robot-did、随机数random以及timestamp。并基于目标区块链地址从区块链账本 中获取所述目标机器人的目标识别码。与mac1的计算过程相似,机器人认证中心也可以基于HMAC-SHA256算法,以获取到的pin-code作为HMAC的密钥,以random||timestamp||robot-did作为被计算数据,计算得到HMAC结果mac2作为第二验证信息。After receiving the authentication request from the target robot, the robot certification center can analyze and obtain the target blockchain address robot-did, random number random and timestamp. And based on the target blockchain address, the target identification code of the target robot is obtained from the blockchain ledger. Similar to the calculation process of mac1, the robot certification center can also use the obtained pin-code as the HMAC key and random||timestamp||robot-did as the calculated data based on the HMAC-SHA256 algorithm to calculate the HMAC result mac2 is used as the second verification information.
通过对比所述第一验证信息与所述第二验证信息,机器人认证中心可以对目标机器人进行认证。例如,在所述第一验证信息与所述第二验证信息相同的情况下,所述目标机器人通过所述机器人认证中心的认证。在所述第一验证信息与所述第二验证信息不同的情况下,则认证不通过。By comparing the first verification information with the second verification information, the robot authentication center can authenticate the target robot. For example, if the first verification information is the same as the second verification information, the target robot is certified by the robot certification center. If the first verification information is different from the second verification information, the authentication fails.
上述技术方案中,机器人认证中心能够获取区块链网络中的区块链账本,所述区块链账本中包括已注册的机器人的注册信息。这样,所述机器人认证中心在接收到机器人的认证请求之后,可以从区块链账本中获取所述机器人的识别码,并根据验证参数以及所述识别码计算第二验证信息。通过对比所述第二验证信息以及机器人的认证请求中的第一验证信息,所述机器人认证中心可以对已注册的机器人进行认证,从而提升安全性。In the above technical solution, the robot certification center can obtain the blockchain ledger in the blockchain network, and the blockchain ledger includes the registration information of the registered robot. In this way, after the robot authentication center receives the authentication request from the robot, it can obtain the identification code of the robot from the blockchain ledger, and calculate the second verification information according to the verification parameters and the identification code. By comparing the second verification information with the first verification information in the robot's authentication request, the robot authentication center can authenticate the registered robot, thereby improving security.
本公开还提供一种机器人认证方法,用于目标机器人,所述目标机器人可以是上述实施例中所述的机器人。参照图5所示出的一种机器人认证方法的流程图,所述方法包括:The present disclosure also provides a robot authentication method for a target robot, and the target robot may be the robot described in the foregoing embodiments. Referring to the flow chart of a robot authentication method shown in Figure 5, the method includes:
S51,获取验证参数以及所述目标机器人的目标识别码,所述验证参数包括所述目标机器人的区块链地址;S51. Obtain a verification parameter and a target identification code of the target robot, where the verification parameter includes a blockchain address of the target robot;
S52,根据所述验证参数以及所述目标识别码计算得到第一验证信息;S52. Calculate and obtain first verification information according to the verification parameter and the target identification code;
S53,向机器人认证中心发送包括所述第一验证信息以及所述验证参数的认证请求;S53. Send an authentication request including the first authentication information and the authentication parameters to the robot authentication center;
其中,所述机器人认证中心能够获取区块链网络中的区块链账本,所述区块链账本中包括已注册的机器人的注册信息,所述注册信息包括所述机器人的区块链地址以及与所述区块链地址相对应的识别码;所述机器人认证中心基于所述验证参数中的目标区块链地址从区块链账本中获取所述目标机器人的目标识别码,并根据所述验证参数以及所述目标识别码计算得到第二验证信息,在所述第一验证信息与所述第二验证信息相同的情况下,所述目标机器人通过所述机器人认证中心的认证。Wherein, the robot certification center can obtain the blockchain ledger in the blockchain network, the blockchain ledger includes the registration information of the registered robot, and the registration information includes the blockchain address of the robot and An identification code corresponding to the block chain address; the robot certification center obtains the target identification code of the target robot from the block chain account book based on the target block chain address in the verification parameter, and according to the The verification parameters and the target identification code are calculated to obtain second verification information, and if the first verification information is the same as the second verification information, the target robot is certified by the robot certification center.
其中,目标机器人与机器人认证中心之间的认证流程请参照上述实施例说明,为了说明书的简洁,本公开在此不做赘述。For the authentication process between the target robot and the robot authentication center, please refer to the description of the above embodiments, and for the sake of brevity, the present disclosure does not repeat it here.
上述技术方案中,机器人认证中心能够获取区块链网络中的区块链账本,所述区块链账本中包括已注册的机器人的注册信息。这样,所述机器人认证中心在接收到机器人 的认证请求之后,可以从区块链账本中获取所述机器人的识别码,并根据验证参数以及所述识别码计算第二验证信息。通过对比所述第二验证信息以及机器人的认证请求中的第一验证信息,所述机器人认证中心可以对已注册的机器人进行认证,从而提升安全性。In the above technical solution, the robot certification center can obtain the blockchain ledger in the blockchain network, and the blockchain ledger includes the registration information of the registered robot. In this way, after the robot authentication center receives the authentication request of the robot, it can obtain the identification code of the robot from the blockchain ledger, and calculate the second verification information according to the verification parameters and the identification code. By comparing the second verification information with the first verification information in the robot's authentication request, the robot authentication center can authenticate the registered robot, thereby improving security.
此外,由于机器人的注册信息存储在区块链账本中,可以由区块链系统进行维护和管理,因此机器人认证中心无需再维护机器人的注册信息。采用这样的方式,能够降低机器人认证中心的压力和负载,同时也避免了因机器人认证中心故障导致的机器人无法认证的问题。In addition, since the robot's registration information is stored in the blockchain ledger and can be maintained and managed by the blockchain system, the robot certification center no longer needs to maintain the robot's registration information. In this way, the pressure and load on the robot certification center can be reduced, and at the same time, the problem that the robot cannot be certified due to the failure of the robot certification center can be avoided.
本公开还提供一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现本公开所提供的应用于机器人认证中心的机器人认证方法的步骤。The present disclosure also provides a computer-readable storage medium on which a computer program is stored. When the program is executed by a processor, the steps of the robot authentication method applied to the robot authentication center provided by the present disclosure are implemented.
在另一示例性实施例中,还提供一种计算机程序产品,该计算机程序产品包含能够由可编程的装置执行的计算机程序,该计算机程序具有当由该可编程的装置执行时用于执行上述的应用于机器人认证中心的机器人认证方法的代码部分。In another exemplary embodiment, there is also provided a computer program product comprising a computer program executable by a programmable device, the computer program having a function for performing the above-mentioned The code section of the bot authentication method that applies to the bot authentication authority.
本公开还提供一种计算处理设备,包括:The present disclosure also provides a computing processing device, including:
存储器,其中存储有计算机可读代码;以及a memory having computer readable code stored therein; and
一个或多个处理器,当所述计算机可读代码被所述一个或多个处理器执行时,所述计算处理设备执行本公开所提供的应用于机器人认证中心的机器人认证方法的步骤。One or more processors, when the computer readable code is executed by the one or more processors, the computing processing device executes the steps of the robot authentication method applied to the robot authentication center provided by the present disclosure.
图6为本公开所提供的一种计算处理设备的结构示意图。该计算处理设备可以包括处理器610和以存储器630形式的计算机程序产品或者计算机可读介质。存储器630可以是诸如闪存、EEPROM(电可擦除可编程只读存储器)、EPROM、硬盘或者ROM之类的电子存储器。存储器630可以包括存储空间650,存储空间650可以包括用于执行上述方法中的任何方法步骤的程序代码。例如,存储空间650可以包括分别用于实现上面的应用于机器人认证中心的机器人认证方法中的各种步骤的各个程序代码551。这些程序代码可以从一个或者多个计算机程序产品中读出或者写入到这一个或者多个计算机程序产品中。这些计算机程序产品包括诸如硬盘,紧致盘(CD)、存储卡或者软盘之类的程序代码载体。这样的计算机程序产品通常为如图7所示的便携式或者固定存储单元。该存储单元可以具有与图6的计算处理设备中的存储器630类似布置的存储段、存储空间等。程序代码例如可以以适当形式进行压缩。这里,存储单元可以包括计算机可读代码651’,即可以由诸如610之类的处理器读取的代码,当这些代码由服务器运行时,使得该服务器执行上面所描述的应用于机器人认证中心的机器人认证方法中的各个步骤。FIG. 6 is a schematic structural diagram of a computing processing device provided by the present disclosure. The computing processing device may include a processor 610 and a computer program product or computer readable medium in the form of memory 630 . Memory 630 may be electronic memory such as flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk, or ROM. The memory 630 may include a storage space 650, which may include program codes for performing any method steps in the methods described above. For example, the storage space 650 may include various program codes 551 for respectively implementing various steps in the above robot authentication method applied to the robot authentication center. These program codes can be read from or written into one or more computer program products. These computer program products comprise program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks. Such a computer program product is typically a portable or fixed storage unit as shown in FIG. 7 . The storage unit may have storage segments, storage spaces, etc. arranged similarly to the memory 630 in the computing processing device of FIG. 6 . The program code can, for example, be compressed in a suitable form. Here, the memory unit may include computer readable code 651', i.e. code readable by a processor such as 610 which, when executed by the server, causes the server to perform the above-described application to the Robot Certification Center. Steps in the bot authentication method.
本公开还提供一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现本公开所提供的应用于机器人的机器人认证方法的步骤。The present disclosure also provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the steps of the robot authentication method applied to a robot provided in the present disclosure are implemented.
在另一示例性实施例中,还提供一种计算机程序产品,该计算机程序产品包含能够由可编程的装置执行的计算机程序,该计算机程序具有当由该可编程的装置执行时用于执行上述的应用于机器人的机器人认证方法的代码部分。In another exemplary embodiment, there is also provided a computer program product comprising a computer program executable by a programmable device, the computer program having a function for performing the above-mentioned The code section of the bot authentication method applied to the bot.
本公开还提供一种计算处理设备,包括:The present disclosure also provides a computing processing device, including:
存储器,其中存储有计算机可读代码;以及a memory having computer readable code stored therein; and
一个或多个处理器,当所述计算机可读代码被所述一个或多个处理器执行时,所述计算处理设备执行本公开所提供的应用于机器人的机器人认证方法的步骤。One or more processors, when the computer readable code is executed by the one or more processors, the computing processing device executes the steps of the robot authentication method applied to robots provided by the present disclosure.
图8为本公开所提供的一种计算处理设备的结构示意图。该计算处理设备可以包括处理器810和以存储器830形式的计算机程序产品或者计算机可读介质。存储器830可以是诸如闪存、EEPROM(电可擦除可编程只读存储器)、EPROM、硬盘或者ROM之类的电子存储器。存储器830可以包括存储空间850,存储空间850可以包括用于执行上述方法中的任何方法步骤的程序代码。例如,存储空间850可以包括分别用于实现上面的应用于机器人的机器人认证方法中的各种步骤的各个程序代码851。这些程序代码可以从一个或者多个计算机程序产品中读出或者写入到这一个或者多个计算机程序产品中。这些计算机程序产品包括诸如硬盘,紧致盘(CD)、存储卡或者软盘之类的程序代码载体。这样的计算机程序产品通常为如图9所示的便携式或者固定存储单元。该存储单元可以具有与图8的计算处理设备中的存储器830类似布置的存储段、存储空间等。程序代码例如可以以适当形式进行压缩。这里,存储单元可以包括计算机可读代码851’,即可以由诸如810之类的处理器读取的代码,当这些代码由服务器运行时,使得该服务器执行上面所描述的应用于机器人的机器人认证方法中的各个步骤。FIG. 8 is a schematic structural diagram of a computing processing device provided by the present disclosure. The computing processing device may include a processor 810 and a computer program product or computer readable medium in the form of memory 830 . Memory 830 may be electronic memory such as flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk, or ROM. The memory 830 may include a storage space 850, and the storage space 850 may include program codes for performing any method steps in the methods described above. For example, the storage space 850 may include various program codes 851 for respectively implementing various steps in the above robot authentication method applied to a robot. These program codes can be read from or written into one or more computer program products. These computer program products comprise program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks. Such a computer program product is typically a portable or fixed storage unit as shown in FIG. 9 . The storage unit may have storage segments, storage spaces, etc. arranged similarly to the memory 830 in the computing processing device of FIG. 8 . The program code can, for example, be compressed in a suitable form. Here, the storage unit may include computer readable code 851', i.e. code readable by a processor such as 810, which when executed by the server causes the server to perform the robot authentication described above for the robot. steps in the method.
以上结合附图详细描述了本公开的优选实施方式,但是,本公开并不限于上述实施方式中的具体细节,在本公开的技术构思范围内,可以对本公开的技术方案进行多种简单变型,这些简单变型均属于本公开的保护范围。The preferred embodiments of the present disclosure have been described in detail above in conjunction with the accompanying drawings. However, the present disclosure is not limited to the specific details of the above embodiments. Within the scope of the technical concept of the present disclosure, various simple modifications can be made to the technical solutions of the present disclosure. These simple modifications all belong to the protection scope of the present disclosure.
另外需要说明的是,在上述具体实施方式中所描述的各个具体技术特征,在不矛盾的情况下,可以通过任何合适的方式进行组合,为了避免不必要的重复,本公开对各种可能的组合方式不再另行说明。In addition, it should be noted that the various specific technical features described in the above specific embodiments can be combined in any suitable manner if there is no contradiction. The combination method will not be described separately.
此外,本公开的各种不同的实施方式之间也可以进行任意组合,只要其不违背本公 开的思想,其同样应当视为本公开所公开的内容。In addition, any combination of various implementations of the present disclosure can also be made, as long as they do not violate the idea of the present disclosure, they should also be regarded as the content disclosed in the present disclosure.

Claims (13)

  1. 一种机器人认证系统,其特征在于,包括一个或多个机器人认证中心,所述机器人认证中心能够获取区块链网络中的区块链账本,所述区块链账本中包括已注册的机器人的注册信息,所述注册信息包括所述机器人的区块链地址以及与所述区块链地址相对应的识别码;A robot certification system, characterized in that it includes one or more robot certification centers, the robot certification center can obtain blockchain ledgers in the blockchain network, and the blockchain ledgers include registered robots. Registration information, the registration information including the block chain address of the robot and the identification code corresponding to the block chain address;
    任一所述机器人认证中心用于,接收目标机器人的认证请求,所述认证请求包括第一验证信息以及验证参数,根据所述验证参数中的目标区块链地址从区块链账本中获取所述目标机器人的目标识别码,并根据所述验证参数以及所述目标识别码计算得到第二验证信息;Any one of the robot authentication centers is used to receive the authentication request of the target robot, the authentication request includes the first verification information and verification parameters, and obtains the target blockchain address from the blockchain account book according to the verification parameters. The target identification code of the target robot, and calculate the second verification information according to the verification parameters and the target identification code;
    其中,所述目标区块链地址为所述目标机器人的区块链地址,所述第一验证信息由所述目标机器人基于所述验证参数以及目标识别码计算得到,在所述第一验证信息与所述第二验证信息相同的情况下,所述目标机器人通过所述机器人认证中心的认证。Wherein, the target blockchain address is the blockchain address of the target robot, the first verification information is calculated by the target robot based on the verification parameters and the target identification code, and in the first verification information In the case of being the same as the second verification information, the target robot is certified by the robot certification center.
  2. 根据权利要求1所述的机器人认证系统,其特征在于,所述验证参数包括:所述目标区块链地址、时间戳以及所述目标机器人生成的随机数;The robot authentication system according to claim 1, wherein the verification parameters include: the target block chain address, a timestamp and a random number generated by the target robot;
    所述目标机器人用于,将所述目标识别码作为密钥,将所述验证参数作为被计算数据,通过HMAC-SHA256算法计算得到所述第一验证信息。The target robot is configured to use the target identification code as a key and the verification parameter as calculated data to obtain the first verification information through HMAC-SHA256 algorithm calculation.
  3. 根据权利要求1所述的机器人认证系统,其特征在于,所述机器人认证中心还用于:The robot authentication system according to claim 1, wherein the robot authentication center is also used for:
    在所述目标机器人通过所述机器人认证中心的认证的情况下,向所述目标机器人以及所述目标机器人所对应的交互端发送访问令牌;When the target robot is authenticated by the robot authentication center, sending an access token to the target robot and the interaction terminal corresponding to the target robot;
    其中,所述访问令牌用于所述交互端对所述目标机器人的交互请求进行验证。Wherein, the access token is used for the interaction terminal to verify the interaction request of the target robot.
  4. 根据权利要求1所述的机器人认证系统,其特征在于,还包括:The robot authentication system according to claim 1, further comprising:
    第一认证管理端,所述第一认证管理端为具备机器人注册权限的区块链节点,用于在接收到机器人注册请求时,将所述注册请求中的注册信息写入至所述区块链账本中;并将所述区块链网络的启动节点信息发送至所述机器人,其中,所述注册信息包括所述机器人的区块链地址以及识别码;The first authentication management terminal, the first authentication management terminal is a block chain node with robot registration authority, and is used to write the registration information in the registration request into the block when receiving the robot registration request chain ledger; and send the startup node information of the block chain network to the robot, wherein the registration information includes the block chain address and identification code of the robot;
    所述机器人用于,保存所述启动节点信息,并基于所述启动节点信息接入至所述区 块链网络。The robot is used for storing the starting node information, and accessing the block chain network based on the starting node information.
  5. 根据权利要求1所述的机器人认证系统,其特征在于,还包括:The robot authentication system according to claim 1, further comprising:
    第二认证管理端,所述第二认证管理端为具备机器人注册权限的区块链节点,用于在接收到机器人的注册请求时,生成对应于所述机器人的私钥、公钥、区块链地址、标识信息以及识别码;将所述公钥、区块链地址以及识别码作为所述机器人的注册信息写入至区块链账本中;并向所述机器人发送所述区块链网络的启动节点信息、所述标识信息以及所述私钥;The second authentication management terminal, the second authentication management terminal is a block chain node with robot registration authority, and is used to generate a private key, a public key, and a block corresponding to the robot when receiving a registration request from the robot. chain address, identification information and identification code; write the public key, blockchain address and identification code into the blockchain ledger as the registration information of the robot; and send the blockchain network to the robot The startup node information, the identification information and the private key;
    所述机器人用于,保存所述私钥、所述标识信息以及所述启动节点信息,基于所述启动节点信息接入至所述区块链网络,并基于所述标识信息从区块链账本中获取所述机器人的区块链地址以及识别码。The robot is used to store the private key, the identification information, and the startup node information, access the blockchain network based on the startup node information, and retrieve the information from the blockchain ledger based on the identification information. Obtain the blockchain address and identification code of the robot.
  6. 根据权利要求1所述的机器人认证系统,其特征在于,还包括:The robot authentication system according to claim 1, further comprising:
    第三认证管理端,所述第三认证管理端为具备机器人注销权限的区块链节点,用于在接收到机器人注销请求时,根据所述注销请求中的机器人标识确定待注销的机器人,并将所述区块链账本中的所述待注销的机器人的注册信息更新为失效状态。The third authentication management terminal, the third authentication management terminal is a block chain node with robot cancellation authority, used to determine the robot to be canceled according to the robot identification in the cancellation request when receiving the robot cancellation request, and The registration information of the robot to be canceled in the blockchain ledger is updated to an invalid state.
  7. 根据权利要求1所述的机器人认证系统,其特征在于,还包括:The robot authentication system according to claim 1, further comprising:
    第四认证管理端,所述第四认证管理端为具备机器人认证中心注册权限的区块链节点,用于在接收到机器人认证中心的注册请求时,将所述注册请求中的注册信息写入至所述区块链账本中,所述注册信息包括所述机器人认证中心的区块链地址和公钥。The fourth authentication management terminal, the fourth authentication management terminal is a block chain node with the registration authority of the robot certification center, and is used to write the registration information in the registration request when receiving the registration request from the robot certification center Into the blockchain ledger, the registration information includes the blockchain address and public key of the robot certification center.
  8. 一种机器人认证方法,其特征在于,用于机器人认证中心,所述机器人认证中心能够获取区块链网络中的区块链账本,所述区块链账本中包括已注册的机器人的注册信息,所述注册信息包括所述机器人的区块链地址以及与所述区块链地址相对应的识别码,所述方法包括:A robot authentication method, characterized in that, it is used in a robot authentication center, and the robot authentication center can obtain a blockchain account book in a blockchain network, and the blockchain account book includes registration information of a registered robot, The registration information includes a block chain address of the robot and an identification code corresponding to the block chain address, and the method includes:
    接收目标机器人的认证请求,所述认证请求包括第一验证信息以及验证参数;receiving an authentication request from a target robot, where the authentication request includes first verification information and verification parameters;
    根据所述验证参数中的目标区块链地址从区块链账本中获取所述目标机器人的目标识别码,所述目标区块链地址为所述目标机器人的区块链地址;Obtain the target identification code of the target robot from the blockchain account book according to the target blockchain address in the verification parameter, and the target blockchain address is the blockchain address of the target robot;
    根据所述验证参数以及所述目标识别码计算得到第二验证信息;calculating and obtaining second verification information according to the verification parameter and the target identification code;
    在所述第一验证信息与所述第二验证信息相同的情况下,确定所述目标机器人通过认证;If the first verification information is the same as the second verification information, determine that the target robot is authenticated;
    其中,所述第一验证信息由所述目标机器人基于所述验证参数以及目标识别码计算得到。Wherein, the first verification information is calculated by the target robot based on the verification parameters and the target identification code.
  9. 根据权利要求8所述的方法,其特征在于,所述验证参数包括所述目标机器人的区块链地址、时间戳以及所述目标机器人生成的随机数,所述根据所述验证参数以及所述目标识别码计算得到第二验证信息,包括:The method according to claim 8, wherein the verification parameters include the target robot's block chain address, a timestamp, and a random number generated by the target robot, and according to the verification parameters and the The target identification code is calculated to obtain the second verification information, including:
    将所述目标识别码作为密钥,将所述验证参数作为被计算数据,通过HMAC-SHA256算法计算得到所述第二验证信息。The target identification code is used as a key, and the verification parameter is used as calculated data to obtain the second verification information through HMAC-SHA256 algorithm calculation.
  10. 一种机器人认证方法,其特征在于,用于目标机器人,所述方法包括:A robot authentication method, characterized in that it is used for a target robot, the method comprising:
    获取验证参数以及所述目标机器人的目标识别码,所述验证参数包括所述目标机器人的区块链地址;Acquiring verification parameters and the target identification code of the target robot, the verification parameters including the block chain address of the target robot;
    根据所述验证参数以及所述目标识别码计算得到第一验证信息;calculating and obtaining first verification information according to the verification parameter and the target identification code;
    向机器人认证中心发送包括所述第一验证信息以及所述验证参数的认证请求;sending an authentication request including the first authentication information and the authentication parameters to the robot authentication center;
    其中,所述机器人认证中心能够获取区块链网络中的区块链账本,所述区块链账本中包括已注册的机器人的注册信息,所述注册信息包括所述机器人的区块链地址以及与所述区块链地址相对应的识别码;所述机器人认证中心基于所述验证参数中的目标区块链地址从区块链账本中获取所述目标机器人的目标识别码,并根据所述验证参数以及所述目标识别码计算得到第二验证信息,在所述第一验证信息与所述第二验证信息相同的情况下,所述目标机器人通过所述机器人认证中心的认证。Wherein, the robot certification center can obtain the blockchain ledger in the blockchain network, the blockchain ledger includes the registration information of the registered robot, and the registration information includes the blockchain address of the robot and An identification code corresponding to the block chain address; the robot certification center obtains the target identification code of the target robot from the block chain account book based on the target block chain address in the verification parameter, and according to the The verification parameters and the target identification code are calculated to obtain second verification information, and if the first verification information is the same as the second verification information, the target robot is certified by the robot certification center.
  11. 一种计算机程序,其特征在于,包括计算机可读代码,当所述计算机可读代码在计算处理设备上运行时,使得所述计算处理设备执行根据权利要求8至10中任一项所述的方法。A computer program, characterized in that it comprises computer readable code, when the computer readable code is run on a computing processing device, it causes the computing processing device to execute the method according to any one of claims 8 to 10 method.
  12. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,该程序被处理器执行时实现权利要求8至10中任一项所述方法的步骤。A computer-readable storage medium, on which a computer program is stored, characterized in that, when the program is executed by a processor, the steps of the method according to any one of claims 8 to 10 are realized.
  13. 一种计算处理设备,其特征在于,包括:A computing processing device, characterized in that it includes:
    存储器,其上存储有计算机程序;a memory on which a computer program is stored;
    处理器,用于执行所述存储器中的所述计算机程序,以实现权利要求8至10中任一项所述方法的步骤。A processor configured to execute the computer program in the memory to implement the steps of the method according to any one of claims 8 to 10.
PCT/CN2021/143326 2021-06-29 2021-12-30 Robot authentication system and method WO2023273269A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110726632.6 2021-06-29
CN202110726632.6A CN115242418A (en) 2021-06-29 2021-06-29 Robot authentication system and method

Publications (1)

Publication Number Publication Date
WO2023273269A1 true WO2023273269A1 (en) 2023-01-05

Family

ID=83666357

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/143326 WO2023273269A1 (en) 2021-06-29 2021-12-30 Robot authentication system and method

Country Status (2)

Country Link
CN (1) CN115242418A (en)
WO (1) WO2023273269A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108702622A (en) * 2017-11-30 2018-10-23 深圳前海达闼云端智能科技有限公司 Mobile network's access authentication method, device, storage medium and block chain node
CN109729080A (en) * 2018-12-20 2019-05-07 全链通有限公司 Access attack guarding method and system based on block chain domain name system
CN110213263A (en) * 2019-05-30 2019-09-06 全链通有限公司 Auth method, equipment and storage medium based on alliance's block chain
CN111835520A (en) * 2019-04-19 2020-10-27 株式会社理光 Method for device authentication, method for service access control, device and storage medium
US20200382304A1 (en) * 2019-05-30 2020-12-03 Wanin International Co., Ltd. User identity verification method for secure transaction environment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109088865B (en) * 2018-08-02 2021-10-12 京东方科技集团股份有限公司 User identity authentication method and device, readable storage medium and computer equipment
KR102196478B1 (en) * 2019-10-04 2020-12-30 주식회사 레인보우브레인 Method and system for providing verification services of result of artificial intelligence robot automation software execution based on blockchain
CN110602691B (en) * 2019-10-18 2022-07-22 中国联合网络通信集团有限公司 Mobile communication method and device based on block chain network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108702622A (en) * 2017-11-30 2018-10-23 深圳前海达闼云端智能科技有限公司 Mobile network's access authentication method, device, storage medium and block chain node
CN109729080A (en) * 2018-12-20 2019-05-07 全链通有限公司 Access attack guarding method and system based on block chain domain name system
CN111835520A (en) * 2019-04-19 2020-10-27 株式会社理光 Method for device authentication, method for service access control, device and storage medium
CN110213263A (en) * 2019-05-30 2019-09-06 全链通有限公司 Auth method, equipment and storage medium based on alliance's block chain
US20200382304A1 (en) * 2019-05-30 2020-12-03 Wanin International Co., Ltd. User identity verification method for secure transaction environment

Also Published As

Publication number Publication date
CN115242418A (en) 2022-10-25

Similar Documents

Publication Publication Date Title
US10771459B2 (en) Terminal apparatus, server apparatus, blockchain and method for FIDO universal authentication using the same
US10541806B2 (en) Authorizing account access via blinded identifiers
US10511593B2 (en) Cross cloud application access
US8549326B2 (en) Method and system for extending encrypting file system
US9047458B2 (en) Network access protection
KR101418799B1 (en) System for providing mobile OTP service
US10819526B2 (en) Identity-based certificate authority system architecture
CN110675144A (en) Enhancing non-repudiation of blockchain transactions
EP3639499B1 (en) Cross cloud tenant discovery
CN111314340B (en) Authentication method and authentication platform
JP2010531516A (en) Device provisioning and domain join emulation over insecure networks
KR102118962B1 (en) Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network
US20180041520A1 (en) Data access method based on cloud computing platform, and user terminal
KR102116235B1 (en) Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network
US20210314293A1 (en) Method and system for using tunnel extensible authentication protocol (teap) for self-sovereign identity based authentication
CN109388937B (en) Single sign-on method and sign-on system for multi-factor identity authentication
KR102118935B1 (en) Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network
WO2023093500A1 (en) Access verification method and apparatus
EP3570517B1 (en) Authentication technique making use of emergency credential
KR102118947B1 (en) Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network
WO2023273279A1 (en) Network authentication system and method for robot
WO2023273269A1 (en) Robot authentication system and method
JP2021089657A (en) Authentication approving system and method for approving authentication
WO2023273277A1 (en) Robot authentication system and method
CN116438778A (en) Persistent source value of assumed alternate identity

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21948191

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE