CN111865612A - Identity authentication method and device for power Internet of things terminal - Google Patents

Identity authentication method and device for power Internet of things terminal Download PDF

Info

Publication number
CN111865612A
CN111865612A CN202010699962.6A CN202010699962A CN111865612A CN 111865612 A CN111865612 A CN 111865612A CN 202010699962 A CN202010699962 A CN 202010699962A CN 111865612 A CN111865612 A CN 111865612A
Authority
CN
China
Prior art keywords
terminal
hash value
hash
identity
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010699962.6A
Other languages
Chinese (zh)
Inventor
王小虎
李群
王超
任天宇
郭广鑫
董佳涵
师恩洁
李志浩
叶志远
曹灿
倪鹏程
陈颢
凡恒山
刘宝新
陈巨龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Beijing Electric Power Co Ltd
Anhui Jiyuan Software Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Beijing Electric Power Co Ltd
Anhui Jiyuan Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Beijing Electric Power Co Ltd, Anhui Jiyuan Software Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202010699962.6A priority Critical patent/CN111865612A/en
Publication of CN111865612A publication Critical patent/CN111865612A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses an identity authentication method and device for a power Internet of things terminal. The invention comprises the following steps: the method comprises the steps that a first terminal sends an authentication request to a second terminal, wherein the authentication request comprises an identity hash chain of the first terminal; controlling the second terminal to perform hash operation according to the identity hash chain and obtaining a first hash value, wherein the first hash value is a hash value representing the identity of the first terminal; the second terminal searches a second hash value from the authentication block chain; and judging whether the first terminal passes the identity authentication or not through the first hash value and the second hash value. The invention solves the technical problem that the security threats to key information infrastructures such as a power grid and the like are increasing in the related technology.

Description

Identity authentication method and device for power Internet of things terminal
Technical Field
The invention relates to the technical field of Internet of things, in particular to an identity authentication method and device for a power Internet of things terminal.
Background
In the related technology, with the rise of a new scientific and technological revolution and industrial revolution all over the world, the internet of things shows a rapid development situation in the world, and the popularization and maturity of the application of the internet of things provide a foundation for a new era of interconnection of everything. According to research forecast of Cisco companies, the number of global networking devices reaches 260 billion by 2020, and the market size of the Internet of things reaches 1.9 trillion dollars. The governments of all countries highly attach importance to the industrial opportunity brought by the new development of the internet of things, and all countries can greatly promote the intelligent upgrading of the traditional industries such as industry, manufacturing industry and the like. While the internet of things is built and developed, how to deal with the associated network security problem is a great challenge for governments, enterprises and the public.
In the construction process of national modernization, a power grid is used as a core supporting facility and has a very important role all the time. In the process of planning, constructing and producing the power grid, safety is always taken as the first place, and the safety of the power grid network becomes an important link for the safe operation of the power grid at present. The power internet of things is used as the most widely applied basic technology in the future, becomes the 'nerve' of power grid control, permeates into various aspects of power grid control, and also plays a significant role in the safe and stable operation of a large power grid in the safety of the power internet of things.
Malicious software aiming at a power grid shows that the attack aiming at the terminal of the power internet of things by utilizing a power protocol is realized. The security threat aiming at key information infrastructures such as a power grid and the like is increasing day by day, and the power internet of things which is wide in application, high in linkage and fine in control is necessary to be a key target of attack. Therefore, it is necessary and urgent to develop a safety protection research of the power internet of things, and especially, a key technology needs to be broken through, and a safety problem is solved from a bottom technology to support the safe development of business in each link.
According to the current situation of each link of power grid transmission, transformation, distribution and use, the power internet of things has different safety risks in a terminal layer, a network layer, a platform layer and an application layer.
In view of the above problems in the related art, no effective solution has been proposed.
Disclosure of Invention
The invention mainly aims to provide an identity authentication method and device for a power internet of things terminal, and aims to solve the technical problem that security threats to key information infrastructures such as a power grid are increasing in the related technology.
In order to achieve the above object, according to an aspect of the present invention, an identity authentication method for a terminal of an internet of things of electric power is provided. The invention comprises the following steps: the method comprises the steps that a first terminal sends an authentication request to a second terminal, wherein the authentication request comprises an identity hash chain of the first terminal; controlling the second terminal to perform hash operation according to the identity hash chain and obtaining a first hash value, wherein the first hash value is a hash value representing the identity of the first terminal; the second terminal searches a second hash value from the authentication block chain; and judging whether the first terminal passes the identity authentication or not through the first hash value and the second hash value.
Further, the identity hash chain is hn-i(T1),T1The method for controlling the second terminal to perform the hash operation and obtain the first hash value according to the identity hash chain comprises the following steps: controlling the second terminal to perform hash operation on the identity hash chain according to an operation formula of the terminal to generate the hash chain, wherein the operation formula is as follows: r ═ Hash (h) n-i(T1))。
Further, before the second terminal looks up the second hash value from the authentication block chain, the method includes: it is determined whether the second terminal is an upper terminal of the first terminal or a lower terminal of the first terminal.
Further, the second terminal searching for the second hash value from the authentication block chain includes: if the second terminal is the superior terminal of the first terminal, forward query is carried out on the authentication block chain by a hash verification method or a method of searching for local storage backup so as to obtain a second hash value.
Further, the second terminal searching for the second hash value from the authentication block chain includes: and if the second terminal is a subordinate terminal of the first terminal, controlling the second terminal to send an inquiry request to obtain a second hash value, wherein the inquiry request comprises the ID information of the first terminal.
Further, the determining whether the first terminal passes the identity authentication according to the first hash value and the second hash value includes: comparing the first hash value with the second hash value; if the first hash value is equal to the second hash value, confirming that the first terminal passes the identity authentication and controlling the second terminal to send the authenticated information to the first terminal; and if the first hash value is not equal to the second hash value, confirming that the first terminal fails the identity authentication.
Further, after determining whether the first terminal passes the identity authentication through the first hash value and the second hash value, the method further includes: the identity hash chain of the first terminal is published on the authentication block chain, and node confirmation is carried out on the identity hash chain; and if the terminal nodes with the preset number on the authentication block chain confirm the identity hash chain, writing the identity hash chain and the timestamp information corresponding to the identity hash chain into the authentication block chain.
In order to achieve the above object, according to another aspect of the present invention, an identity authentication apparatus for a terminal of an internet of things of electric power is provided. The device includes: the terminal comprises a sending unit, a receiving unit and a sending unit, wherein the sending unit is used for sending an authentication request to a second terminal through a first terminal, and the authentication request comprises an identity hash chain of the first terminal; the control unit is used for controlling the second terminal to carry out hash operation and obtain a first hash value according to the identity hash chain, wherein the first hash value is a hash value representing the identity of the first terminal; the searching unit is used for searching a second hash value from the authentication block chain through the second terminal; and the first judging unit is used for judging whether the first terminal passes the identity authentication or not through the first hash value and the second hash value.
The invention adopts the following steps: the method comprises the steps that a first terminal sends an authentication request to a second terminal, wherein the authentication request comprises an identity hash chain of the first terminal; controlling the second terminal to perform hash operation according to the identity hash chain and obtaining a first hash value, wherein the first hash value is a hash value representing the identity of the first terminal; the second terminal searches a second hash value from the authentication block chain; whether the first terminal passes the identity authentication or not is judged through the first hash value and the second hash value, the technical problem that the security threats to key information infrastructures such as a power grid and the like are increased day by day in the related technology is solved, and the technical effect of guaranteeing the security of a power network is achieved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a flowchart of an identity authentication method for a terminal of the internet of things of electric power according to an embodiment of the present invention; and
fig. 2 is a schematic diagram of an identity authentication device of a terminal of the internet of things of electric power according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged under appropriate circumstances in order to facilitate the description of the embodiments of the invention herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to the embodiment of the invention, an identity authentication method of a power Internet of things terminal is provided.
Fig. 1 is a flowchart of an identity authentication method for a terminal of the internet of things of electric power according to an embodiment of the present invention. As shown in fig. 1, the present invention comprises the steps of:
step S101, a first terminal sends an authentication request to a second terminal, wherein the authentication request comprises an identity hash chain of the first terminal;
step S102, controlling the second terminal to carry out hash operation and obtain a first hash value according to the identity hash chain, wherein the first hash value is a hash value representing the identity of the first terminal;
step S103, the second terminal searches a second hash value from the authentication block chain;
and step S104, judging whether the first terminal passes the identity authentication or not according to the first hash value and the second hash value.
The application provides an identity authentication method in a block chain identity authentication stage, and identity authentication of a terminal user is realized by adopting a Hash chain and a distributed storage mode in a group lightweight authentication stage.
The identity authentication method of the power internet of things terminal provided by the embodiment of the invention comprises the steps of sending an authentication request to a second terminal through a first terminal, wherein the authentication request comprises an identity hash chain of the first terminal; controlling the second terminal to perform hash operation according to the identity hash chain and obtaining a first hash value, wherein the first hash value is a hash value representing the identity of the first terminal; the second terminal searches a second hash value from the authentication block chain; whether the first terminal passes the identity authentication or not is judged through the first hash value and the second hash value, the technical problem that the security threats to key information infrastructures such as a power grid and the like are increased day by day in the related technology is solved, and the technical effect of guaranteeing the security of a power network is achieved.
The identity authentication mechanism provided by the application meets the high requirement of the power system on timeliness, can resist various common network attacks such as man-in-the-middle attack, DoS attack and the like, and guarantees safe and stable operation of the power system.
Optionally, the identity hash chain is hn-i(T1),T1The method for controlling the second terminal to perform the hash operation and obtain the first hash value according to the identity hash chain comprises the following steps: controlling the second terminal to perform hash operation on the identity hash chain according to an operation formula of the terminal to generate the hash chain, wherein the operation formula is as follows: r ═ Hash (h)n-i(T1))。
In the above, in the embodiment of the present application, the terminal is authenticated by sending a hash chain between the terminals, where the hash chain is a method for generating a plurality of one-time keys or passwords from a single key or password, and a hash function in cryptography is cyclically used for one character string (that is, the obtained hash value is transferred to the hash function again to obtain the hash value).
In the above step, the second terminal pair hn-i(T1) Performing hash operation according to a hash algorithm of a hash chain generated by the terminal to obtain a first hash value r, wherein the formula of the calculation process of the first hash value r is as follows:
r=hn-i+1(T1)=h(hn-i(T1));r=Hash(hn-i(T1))
In order to prevent the second terminal from forging the identity after acquiring the hash value of the identity of the first terminal, the h of the first terminal is usedn-i(T1) Through identity authentication, the terminal interacts with other terminals, wherein the transmission of the hash value uses plaintext, the second terminal can judge the first terminal and cannot obtain specific information of the first terminal, and after the second terminal passes the authentication, the returned information does not contain any information of the first terminal, so that the information privacy of the first terminal is maintained.
Optionally, before the second terminal searches for the second hash value from the authentication block chain, the method includes: it is determined whether the second terminal is an upper terminal of the first terminal or a lower terminal of the first terminal.
Optionally, the second terminal searching for the second hash value from the authentication block chain includes: if the second terminal is the superior terminal of the first terminal, forward query is carried out on the authentication block chain by a hash verification method or a method of searching for local storage backup so as to obtain a second hash value.
Optionally, the second terminal searching for the second hash value from the authentication block chain includes: and if the second terminal is a subordinate terminal of the first terminal, controlling the second terminal to send an inquiry request to obtain a second hash value, wherein the inquiry request comprises the ID information of the first terminal.
In the third step, the information on the block chain is acquired, and the second terminal obtains h according to the ID of the first terminaln-i+1(T1) If the second terminal is the superior terminal and the second terminal is the node of the block chain, the backup data in the block chain can be obtained by Hash verification or searching local storage backup, so that the purpose of forward query can be achieved, and the ID can be used1Querying h for the first terminaln-i+1(T1) If the second terminal is a subordinate terminal, the second terminal is not a node on the block chain, so that the second terminal can only initiate a query request, and the request information includes a tag ID1And the node returns a result to the second terminal, wherein the result has hn-i+1(T1) Of the second hash value R.
Optionally, the determining, by using the first hash value and the second hash value, whether the first terminal passes the identity authentication includes: comparing the first hash value with the second hash value; if the first hash value is equal to the second hash value, confirming that the first terminal passes the identity authentication and controlling the second terminal to send the authenticated information to the first terminal; and if the first hash value is not equal to the second hash value, confirming that the first terminal fails the identity authentication.
Specifically, it is necessary to determine whether the first terminal passes the identity authentication by comparing the first hash value with the second hash value, and if R ≠ R, the second terminal sends the passing confirmation information to the first terminal, and if R ≠ R, the identity of the first terminal does not pass the authentication, and the second terminal issues the information that the security is threatened.
Optionally, after determining whether the first terminal passes the identity authentication through the first hash value and the second hash value, the method further includes: the identity hash chain of the first terminal is published on the authentication block chain, and node confirmation is carried out on the identity hash chain; and if the terminal nodes with the preset number on the authentication block chain confirm the identity hash chain, writing the identity hash chain and the timestamp information corresponding to the identity hash chain into the authentication block chain.
Specifically, after the first terminal passes the identity authentication, the first terminal prepares for the next authentication, and applies for hn-i(T1) And publishing on the chain, then confirming by the node, if the authentication block is connected with more than two thirds of node confirmation, writing the identity hash chain of the first terminal into the block chain, and the node writes h according to a DPos consensus mechanismn-i(T1) The information of (2) and the time stamp information are written in the block chain, and the next terminal authentication is prepared.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
The embodiment of the invention also provides an identity authentication device of the terminal of the power internet of things, and it should be noted that the identity authentication device of the terminal of the power internet of things can be used for executing the identity authentication method for the terminal of the power internet of things provided by the embodiment of the invention. The identity authentication device of the power internet of things terminal provided by the embodiment of the invention is introduced below.
Fig. 2 is a schematic diagram of an identity authentication device of a terminal of the internet of things of electric power according to an embodiment of the present invention. As shown in fig. 2, the apparatus includes: a sending unit 201, configured to send an authentication request to a second terminal through a first terminal, where the authentication request includes an identity hash chain of the first terminal; a control unit 202, configured to control the second terminal to perform hash operation according to the identity hash chain and obtain a first hash value, where the first hash value is a hash value representing an identity of the first terminal; a searching unit 203, configured to search, by the second terminal, a second hash value from the authentication block chain; the first determining unit 204 is configured to determine whether the first terminal passes the identity authentication according to the first hash value and the second hash value.
The identity authentication device of the power internet of things terminal provided by the embodiment of the invention is used for sending an authentication request to a second terminal through a first terminal by a sending unit 201, wherein the authentication request comprises an identity hash chain of the first terminal; a control unit 202, configured to control the second terminal to perform hash operation according to the identity hash chain and obtain a first hash value, where the first hash value is a hash value representing an identity of the first terminal; a searching unit 203, configured to search, by the second terminal, a second hash value from the authentication block chain; the first determining unit 204 is configured to determine whether the first terminal passes the identity authentication through the first hash value and the second hash value, so that the technical problem that security threats to key information infrastructures such as a power grid are increasing in the related art is solved, and a technical effect of guaranteeing the security of the power network is achieved.
Optionally, the identity hash chain is hn-i(T1),T1For the first terminal, i is the authentication frequency of the current identity hash chain, and n is the total authentication frequency of the identity hash chain, the control unit 202 includes: the first control subunit is configured to control the second terminal to perform hash operation on the identity hash chain according to an operation formula for generating the hash chain by the terminal, where the operation formula is: r ═ Hash (h) n-i(T1))。
Optionally, the apparatus comprises: and the second judging unit is used for judging whether the second terminal is a superior terminal of the first terminal or a subordinate terminal of the first terminal before the second terminal searches the second hash value from the authentication block chain.
Optionally, the lookup unit 203 includes: and the query subunit is configured to, when the second terminal is an upper terminal of the first terminal, perform forward query on the authentication blockchain by using a hash verification method or a method of searching for a local storage backup to obtain a second hash value.
Optionally, the lookup unit 203 includes: and the second control subunit is configured to control the second terminal to send an inquiry request to obtain the second hash value when the second terminal is a subordinate terminal of the first terminal, where the inquiry request includes the ID information of the first terminal.
Alternatively, the first judging unit 204 includes: the comparison subunit is used for comparing the first hash value with the second hash value; the third control subunit is configured to, when the first hash value is equal to the second hash value, confirm that the first terminal passes the identity authentication and control the second terminal to send information that the second terminal passes the authentication to the first terminal; and the confirming subunit is used for confirming that the first terminal does not pass the identity authentication under the condition that the first hash value is not equal to the second hash value.
Optionally, the apparatus further comprises: the confirmation unit is used for disclosing the identity hash chain of the first terminal on the authentication block chain and performing node confirmation on the identity hash chain after judging whether the first terminal passes the identity authentication or not through the first hash value and the second hash value; and the writing unit is used for writing the identity hash chain and the timestamp information corresponding to the identity hash chain into the authentication block chain under the condition that the preset number of terminal nodes on the authentication block chain confirm the identity hash chain.
An identity authentication device of an electric power internet of things terminal comprises a processor and a memory, wherein the sending unit 201 and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. One or more kernels can be set, and the technical problem that the security threats of key information infrastructures such as a power grid and the like are increased day by day in the related technology is solved by adjusting kernel parameters.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
The embodiment of the invention provides a storage medium, wherein a program is stored on the storage medium, and when the program is executed by a processor, the identity authentication method of a power internet of things terminal is realized.
The embodiment of the invention provides a processor, which is used for running a program, wherein an identity authentication method of a power internet of things terminal is executed when the program runs.
The embodiment of the invention provides equipment, which comprises a processor, a memory and a program which is stored on the memory and can run on the processor, wherein the processor executes the program and realizes the following steps: the method comprises the steps that a first terminal sends an authentication request to a second terminal, wherein the authentication request comprises an identity hash chain of the first terminal; controlling the second terminal to perform hash operation according to the identity hash chain and obtaining a first hash value, wherein the first hash value is a hash value representing the identity of the first terminal; the second terminal searches a second hash value from the authentication block chain; and judging whether the first terminal passes the identity authentication or not through the first hash value and the second hash value.
Optionally, the identity hash chain is hn-i(T1),T1The method for controlling the second terminal to perform the hash operation and obtain the first hash value according to the identity hash chain comprises the following steps: controlling the second terminal to perform hash operation on the identity hash chain according to an operation formula of the terminal to generate the hash chain, wherein the operation formula is as follows: r ═ Hash (h) n-i(T1))。
Optionally, before the second terminal searches for the second hash value from the authentication block chain, the method includes: it is determined whether the second terminal is an upper terminal of the first terminal or a lower terminal of the first terminal.
Optionally, the second terminal searching for the second hash value from the authentication block chain includes: if the second terminal is the superior terminal of the first terminal, forward query is carried out on the authentication block chain by a hash verification method or a method of searching for local storage backup so as to obtain a second hash value.
Optionally, the second terminal searching for the second hash value from the authentication block chain includes: and if the second terminal is a subordinate terminal of the first terminal, controlling the second terminal to send an inquiry request to obtain a second hash value, wherein the inquiry request comprises the ID information of the first terminal.
Optionally, the determining, by using the first hash value and the second hash value, whether the first terminal passes the identity authentication includes: comparing the first hash value with the second hash value; if the first hash value is equal to the second hash value, confirming that the first terminal passes the identity authentication and controlling the second terminal to send the authenticated information to the first terminal; and if the first hash value is not equal to the second hash value, confirming that the first terminal fails the identity authentication.
Optionally, after determining whether the first terminal passes the identity authentication through the first hash value and the second hash value, the method further includes: the identity hash chain of the first terminal is published on the authentication block chain, and node confirmation is carried out on the identity hash chain; and if the terminal nodes with the preset number on the authentication block chain confirm the identity hash chain, writing the identity hash chain and the timestamp information corresponding to the identity hash chain into the authentication block chain. The device herein may be a server, a PC, a PAD, a mobile phone, etc.
The invention also provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device: the method comprises the steps that a first terminal sends an authentication request to a second terminal, wherein the authentication request comprises an identity hash chain of the first terminal; controlling the second terminal to perform hash operation according to the identity hash chain and obtaining a first hash value, wherein the first hash value is a hash value representing the identity of the first terminal; the second terminal searches a second hash value from the authentication block chain; and judging whether the first terminal passes the identity authentication or not through the first hash value and the second hash value.
Optionally, the identity hash chain is h n-i(T1),T1The method for controlling the second terminal to perform the hash operation and obtain the first hash value according to the identity hash chain comprises the following steps: controlling the second terminal to perform hash operation on the identity hash chain according to an operation formula of the terminal to generate the hash chain, wherein the operation formula is as follows: r ═ Hash (h)n-i(T1))。
Optionally, before the second terminal searches for the second hash value from the authentication block chain, the method includes: it is determined whether the second terminal is an upper terminal of the first terminal or a lower terminal of the first terminal.
Optionally, the second terminal searching for the second hash value from the authentication block chain includes: if the second terminal is the superior terminal of the first terminal, forward query is carried out on the authentication block chain by a hash verification method or a method of searching for local storage backup so as to obtain a second hash value.
Optionally, the second terminal searching for the second hash value from the authentication block chain includes: and if the second terminal is a subordinate terminal of the first terminal, controlling the second terminal to send an inquiry request to obtain a second hash value, wherein the inquiry request comprises the ID information of the first terminal.
Optionally, the determining, by using the first hash value and the second hash value, whether the first terminal passes the identity authentication includes: comparing the first hash value with the second hash value; if the first hash value is equal to the second hash value, confirming that the first terminal passes the identity authentication and controlling the second terminal to send the authenticated information to the first terminal; and if the first hash value is not equal to the second hash value, confirming that the first terminal fails the identity authentication.
Optionally, after determining whether the first terminal passes the identity authentication through the first hash value and the second hash value, the method further includes: the identity hash chain of the first terminal is published on the authentication block chain, and node confirmation is carried out on the identity hash chain; and if the terminal nodes with the preset number on the authentication block chain confirm the identity hash chain, writing the identity hash chain and the timestamp information corresponding to the identity hash chain into the authentication block chain.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present invention, and are not intended to limit the present invention. Various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.

Claims (10)

1. An identity authentication method for a power Internet of things terminal is characterized by comprising the following steps:
a first terminal sends an authentication request to a second terminal, wherein the authentication request comprises an identity hash chain of the first terminal;
controlling the second terminal to perform hash operation according to the identity hash chain and obtain a first hash value, wherein the first hash value is a hash value representing the identity of the first terminal;
the second terminal searches a second hash value from the authentication block chain;
and judging whether the first terminal passes the identity authentication or not according to the first hash value and the second hash value.
2. The method of claim 1, wherein the identity hash chain is hn-i(T1),T1For the first terminal, i is the authentication frequency of the current identity hash chain, n is the total authentication frequency of the identity hash chain, and controlling the second terminal to perform hash operation and obtain a first hash value according to the identity hash chain comprises:
controlling the second terminal to perform hash operation on the identity hash chain according to an operation formula of the terminal to generate the hash chain, wherein the operation formula is as follows:
r=Hash(hn-i(T1))。
3. The method according to claim 1, characterized in that before the second terminal looks up the second hash value from the chain of authentication blocks, the method comprises:
and judging whether the second terminal is a superior terminal of the first terminal or a subordinate terminal of the first terminal.
4. The method of claim 3, wherein the second terminal looking up the second hash value from the authentication block chain comprises:
if the second terminal is the superior terminal of the first terminal, forward query is carried out on the authentication blockchain through a Hash verification method or a method of searching for local storage backup so as to obtain the second Hash value.
5. The method of claim 3, wherein the second terminal looking up the second hash value from the authentication block chain comprises:
and if the second terminal is a subordinate terminal of the first terminal, controlling the second terminal to send an inquiry request to obtain the second hash value, wherein the inquiry request comprises the ID information of the first terminal.
6. The method of claim 1, wherein determining whether the first terminal passes identity authentication according to the first hash value and the second hash value comprises:
Comparing the first hash value with the second hash value;
if the first hash value is equal to the second hash value, confirming that the first terminal passes the identity authentication and controlling the second terminal to send authentication passing information to the first terminal;
and if the first hash value is not equal to the second hash value, confirming that the first terminal fails the identity authentication.
7. The method according to claim 1, wherein after determining whether the first terminal is authenticated according to the first hash value and the second hash value, the method further comprises:
the identity hash chain of the first terminal is published on the authentication block chain, and node confirmation is carried out on the identity hash chain;
and if the terminal nodes with the preset number on the authentication block chain confirm the identity hash chain, writing the identity hash chain and the timestamp information corresponding to the identity hash chain into the authentication block chain.
8. The utility model provides an identity authentication device at electric power thing networking terminal which characterized in that includes:
a sending unit, configured to send an authentication request to a second terminal through a first terminal, where the authentication request includes an identity hash chain of the first terminal;
The control unit is used for controlling the second terminal to carry out hash operation and obtain a first hash value according to the identity hash chain, wherein the first hash value is a hash value representing the identity of the first terminal;
a searching unit, configured to search, by the second terminal, a second hash value from the authentication block chain;
and the first judging unit is used for judging whether the first terminal passes the identity authentication or not according to the first hash value and the second hash value.
9. A "computer-readable storage medium" or "non-volatile storage medium", wherein the "computer-readable storage medium" or "non-volatile storage medium" includes a stored program, and when the program runs, a device in which the "computer-readable storage medium" or "non-volatile storage medium" is controlled to execute the identity authentication method of the power internet of things terminal according to any one of claims 1 to 7.
10. A processor, configured to execute a program, wherein the program executes the method for authenticating the identity of the power internet of things terminal according to any one of claims 1 to 7.
CN202010699962.6A 2020-07-17 2020-07-17 Identity authentication method and device for power Internet of things terminal Pending CN111865612A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010699962.6A CN111865612A (en) 2020-07-17 2020-07-17 Identity authentication method and device for power Internet of things terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010699962.6A CN111865612A (en) 2020-07-17 2020-07-17 Identity authentication method and device for power Internet of things terminal

Publications (1)

Publication Number Publication Date
CN111865612A true CN111865612A (en) 2020-10-30

Family

ID=73001592

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010699962.6A Pending CN111865612A (en) 2020-07-17 2020-07-17 Identity authentication method and device for power Internet of things terminal

Country Status (1)

Country Link
CN (1) CN111865612A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115150109A (en) * 2021-03-29 2022-10-04 中移(上海)信息通信科技有限公司 Authentication method, device and related equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110324331A (en) * 2019-06-28 2019-10-11 国电南瑞科技股份有限公司 Power system security stability contorting terminal identity authentication method based on block chain
CN111382414A (en) * 2020-02-14 2020-07-07 深圳壹账通智能科技有限公司 Information processing method and platform based on block chain and electronic equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110324331A (en) * 2019-06-28 2019-10-11 国电南瑞科技股份有限公司 Power system security stability contorting terminal identity authentication method based on block chain
CN111382414A (en) * 2020-02-14 2020-07-07 深圳壹账通智能科技有限公司 Information processing method and platform based on block chain and electronic equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115150109A (en) * 2021-03-29 2022-10-04 中移(上海)信息通信科技有限公司 Authentication method, device and related equipment

Similar Documents

Publication Publication Date Title
Samaniego et al. Zero-trust hierarchical management in IoT
JP7055206B2 (en) Asset management systems, methods, equipment, and electronic devices
Kumari et al. Blockchain-based massive data dissemination handling in IIoT environment
CN108416577A (en) A kind of block chain service system
Sun et al. Using ethereum blockchain in Internet of Things: A solution for electric vehicle battery refueling
CN108377272B (en) Method and system for managing terminal of Internet of things
Yan et al. A homomorphic encryption and privacy protection method based on blockchain and edge computing
CN104506487B (en) The credible execution method of privacy policy under cloud environment
US20150256542A1 (en) User authentication
CN110149323B (en) Processing device with ten-million-level TPS (platform secure protocol) contract processing capacity
CN112527912A (en) Data processing method and device based on block chain network and computer equipment
CN111488372A (en) Data processing method, device and storage medium
CN111597537B (en) Block chain network-based certificate issuing method, related equipment and medium
Jayapandian Cloud dynamic scheduling for multimedia data encryption using tabu search algorithm
CN113886890A (en) Digital resource co-construction sharing method and device
CN112153038B (en) Method and device for secure login, authentication terminal and readable storage medium
CN111901339A (en) Block chain credible evidence storing method based on extensible distributed system
Duan et al. An edge cloud data integrity protection scheme based on Blockchain
Wu et al. Bring trust to edge: Secure and decentralized IoT framework with BFT and permissioned blockchain
CN111460465A (en) Identity authentication method, equipment and medium based on block chain
Fu et al. Blockchain-enabled device command operation security for Industrial Internet of Things
CN111865612A (en) Identity authentication method and device for power Internet of things terminal
Dong et al. ETSB: energy trading system based on blockchain
CN115208630A (en) Block chain based data acquisition method and system and block chain system
US11941619B2 (en) Validation and storage of transaction data for a blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20201030