CN111865612A - Identity authentication method and device for power Internet of things terminal - Google Patents
Identity authentication method and device for power Internet of things terminal Download PDFInfo
- Publication number
- CN111865612A CN111865612A CN202010699962.6A CN202010699962A CN111865612A CN 111865612 A CN111865612 A CN 111865612A CN 202010699962 A CN202010699962 A CN 202010699962A CN 111865612 A CN111865612 A CN 111865612A
- Authority
- CN
- China
- Prior art keywords
- terminal
- hash value
- hash
- identity
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 74
- 238000003860 storage Methods 0.000 claims description 27
- 238000012790 confirmation Methods 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 7
- 230000006855 networking Effects 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 11
- 238000004590 computer program Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 10
- 230000008569 process Effects 0.000 description 9
- 230000006870 function Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 210000005036 nerve Anatomy 0.000 description 1
- 239000012466 permeate Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an identity authentication method and device for a power Internet of things terminal. The invention comprises the following steps: the method comprises the steps that a first terminal sends an authentication request to a second terminal, wherein the authentication request comprises an identity hash chain of the first terminal; controlling the second terminal to perform hash operation according to the identity hash chain and obtaining a first hash value, wherein the first hash value is a hash value representing the identity of the first terminal; the second terminal searches a second hash value from the authentication block chain; and judging whether the first terminal passes the identity authentication or not through the first hash value and the second hash value. The invention solves the technical problem that the security threats to key information infrastructures such as a power grid and the like are increasing in the related technology.
Description
Technical Field
The invention relates to the technical field of Internet of things, in particular to an identity authentication method and device for a power Internet of things terminal.
Background
In the related technology, with the rise of a new scientific and technological revolution and industrial revolution all over the world, the internet of things shows a rapid development situation in the world, and the popularization and maturity of the application of the internet of things provide a foundation for a new era of interconnection of everything. According to research forecast of Cisco companies, the number of global networking devices reaches 260 billion by 2020, and the market size of the Internet of things reaches 1.9 trillion dollars. The governments of all countries highly attach importance to the industrial opportunity brought by the new development of the internet of things, and all countries can greatly promote the intelligent upgrading of the traditional industries such as industry, manufacturing industry and the like. While the internet of things is built and developed, how to deal with the associated network security problem is a great challenge for governments, enterprises and the public.
In the construction process of national modernization, a power grid is used as a core supporting facility and has a very important role all the time. In the process of planning, constructing and producing the power grid, safety is always taken as the first place, and the safety of the power grid network becomes an important link for the safe operation of the power grid at present. The power internet of things is used as the most widely applied basic technology in the future, becomes the 'nerve' of power grid control, permeates into various aspects of power grid control, and also plays a significant role in the safe and stable operation of a large power grid in the safety of the power internet of things.
Malicious software aiming at a power grid shows that the attack aiming at the terminal of the power internet of things by utilizing a power protocol is realized. The security threat aiming at key information infrastructures such as a power grid and the like is increasing day by day, and the power internet of things which is wide in application, high in linkage and fine in control is necessary to be a key target of attack. Therefore, it is necessary and urgent to develop a safety protection research of the power internet of things, and especially, a key technology needs to be broken through, and a safety problem is solved from a bottom technology to support the safe development of business in each link.
According to the current situation of each link of power grid transmission, transformation, distribution and use, the power internet of things has different safety risks in a terminal layer, a network layer, a platform layer and an application layer.
In view of the above problems in the related art, no effective solution has been proposed.
Disclosure of Invention
The invention mainly aims to provide an identity authentication method and device for a power internet of things terminal, and aims to solve the technical problem that security threats to key information infrastructures such as a power grid are increasing in the related technology.
In order to achieve the above object, according to an aspect of the present invention, an identity authentication method for a terminal of an internet of things of electric power is provided. The invention comprises the following steps: the method comprises the steps that a first terminal sends an authentication request to a second terminal, wherein the authentication request comprises an identity hash chain of the first terminal; controlling the second terminal to perform hash operation according to the identity hash chain and obtaining a first hash value, wherein the first hash value is a hash value representing the identity of the first terminal; the second terminal searches a second hash value from the authentication block chain; and judging whether the first terminal passes the identity authentication or not through the first hash value and the second hash value.
Further, the identity hash chain is hn-i(T1),T1The method for controlling the second terminal to perform the hash operation and obtain the first hash value according to the identity hash chain comprises the following steps: controlling the second terminal to perform hash operation on the identity hash chain according to an operation formula of the terminal to generate the hash chain, wherein the operation formula is as follows: r ═ Hash (h) n-i(T1))。
Further, before the second terminal looks up the second hash value from the authentication block chain, the method includes: it is determined whether the second terminal is an upper terminal of the first terminal or a lower terminal of the first terminal.
Further, the second terminal searching for the second hash value from the authentication block chain includes: if the second terminal is the superior terminal of the first terminal, forward query is carried out on the authentication block chain by a hash verification method or a method of searching for local storage backup so as to obtain a second hash value.
Further, the second terminal searching for the second hash value from the authentication block chain includes: and if the second terminal is a subordinate terminal of the first terminal, controlling the second terminal to send an inquiry request to obtain a second hash value, wherein the inquiry request comprises the ID information of the first terminal.
Further, the determining whether the first terminal passes the identity authentication according to the first hash value and the second hash value includes: comparing the first hash value with the second hash value; if the first hash value is equal to the second hash value, confirming that the first terminal passes the identity authentication and controlling the second terminal to send the authenticated information to the first terminal; and if the first hash value is not equal to the second hash value, confirming that the first terminal fails the identity authentication.
Further, after determining whether the first terminal passes the identity authentication through the first hash value and the second hash value, the method further includes: the identity hash chain of the first terminal is published on the authentication block chain, and node confirmation is carried out on the identity hash chain; and if the terminal nodes with the preset number on the authentication block chain confirm the identity hash chain, writing the identity hash chain and the timestamp information corresponding to the identity hash chain into the authentication block chain.
In order to achieve the above object, according to another aspect of the present invention, an identity authentication apparatus for a terminal of an internet of things of electric power is provided. The device includes: the terminal comprises a sending unit, a receiving unit and a sending unit, wherein the sending unit is used for sending an authentication request to a second terminal through a first terminal, and the authentication request comprises an identity hash chain of the first terminal; the control unit is used for controlling the second terminal to carry out hash operation and obtain a first hash value according to the identity hash chain, wherein the first hash value is a hash value representing the identity of the first terminal; the searching unit is used for searching a second hash value from the authentication block chain through the second terminal; and the first judging unit is used for judging whether the first terminal passes the identity authentication or not through the first hash value and the second hash value.
The invention adopts the following steps: the method comprises the steps that a first terminal sends an authentication request to a second terminal, wherein the authentication request comprises an identity hash chain of the first terminal; controlling the second terminal to perform hash operation according to the identity hash chain and obtaining a first hash value, wherein the first hash value is a hash value representing the identity of the first terminal; the second terminal searches a second hash value from the authentication block chain; whether the first terminal passes the identity authentication or not is judged through the first hash value and the second hash value, the technical problem that the security threats to key information infrastructures such as a power grid and the like are increased day by day in the related technology is solved, and the technical effect of guaranteeing the security of a power network is achieved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a flowchart of an identity authentication method for a terminal of the internet of things of electric power according to an embodiment of the present invention; and
fig. 2 is a schematic diagram of an identity authentication device of a terminal of the internet of things of electric power according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged under appropriate circumstances in order to facilitate the description of the embodiments of the invention herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to the embodiment of the invention, an identity authentication method of a power Internet of things terminal is provided.
Fig. 1 is a flowchart of an identity authentication method for a terminal of the internet of things of electric power according to an embodiment of the present invention. As shown in fig. 1, the present invention comprises the steps of:
step S101, a first terminal sends an authentication request to a second terminal, wherein the authentication request comprises an identity hash chain of the first terminal;
step S102, controlling the second terminal to carry out hash operation and obtain a first hash value according to the identity hash chain, wherein the first hash value is a hash value representing the identity of the first terminal;
step S103, the second terminal searches a second hash value from the authentication block chain;
and step S104, judging whether the first terminal passes the identity authentication or not according to the first hash value and the second hash value.
The application provides an identity authentication method in a block chain identity authentication stage, and identity authentication of a terminal user is realized by adopting a Hash chain and a distributed storage mode in a group lightweight authentication stage.
The identity authentication method of the power internet of things terminal provided by the embodiment of the invention comprises the steps of sending an authentication request to a second terminal through a first terminal, wherein the authentication request comprises an identity hash chain of the first terminal; controlling the second terminal to perform hash operation according to the identity hash chain and obtaining a first hash value, wherein the first hash value is a hash value representing the identity of the first terminal; the second terminal searches a second hash value from the authentication block chain; whether the first terminal passes the identity authentication or not is judged through the first hash value and the second hash value, the technical problem that the security threats to key information infrastructures such as a power grid and the like are increased day by day in the related technology is solved, and the technical effect of guaranteeing the security of a power network is achieved.
The identity authentication mechanism provided by the application meets the high requirement of the power system on timeliness, can resist various common network attacks such as man-in-the-middle attack, DoS attack and the like, and guarantees safe and stable operation of the power system.
Optionally, the identity hash chain is hn-i(T1),T1The method for controlling the second terminal to perform the hash operation and obtain the first hash value according to the identity hash chain comprises the following steps: controlling the second terminal to perform hash operation on the identity hash chain according to an operation formula of the terminal to generate the hash chain, wherein the operation formula is as follows: r ═ Hash (h)n-i(T1))。
In the above, in the embodiment of the present application, the terminal is authenticated by sending a hash chain between the terminals, where the hash chain is a method for generating a plurality of one-time keys or passwords from a single key or password, and a hash function in cryptography is cyclically used for one character string (that is, the obtained hash value is transferred to the hash function again to obtain the hash value).
In the above step, the second terminal pair hn-i(T1) Performing hash operation according to a hash algorithm of a hash chain generated by the terminal to obtain a first hash value r, wherein the formula of the calculation process of the first hash value r is as follows:
r=hn-i+1(T1)=h(hn-i(T1));r=Hash(hn-i(T1))
In order to prevent the second terminal from forging the identity after acquiring the hash value of the identity of the first terminal, the h of the first terminal is usedn-i(T1) Through identity authentication, the terminal interacts with other terminals, wherein the transmission of the hash value uses plaintext, the second terminal can judge the first terminal and cannot obtain specific information of the first terminal, and after the second terminal passes the authentication, the returned information does not contain any information of the first terminal, so that the information privacy of the first terminal is maintained.
Optionally, before the second terminal searches for the second hash value from the authentication block chain, the method includes: it is determined whether the second terminal is an upper terminal of the first terminal or a lower terminal of the first terminal.
Optionally, the second terminal searching for the second hash value from the authentication block chain includes: if the second terminal is the superior terminal of the first terminal, forward query is carried out on the authentication block chain by a hash verification method or a method of searching for local storage backup so as to obtain a second hash value.
Optionally, the second terminal searching for the second hash value from the authentication block chain includes: and if the second terminal is a subordinate terminal of the first terminal, controlling the second terminal to send an inquiry request to obtain a second hash value, wherein the inquiry request comprises the ID information of the first terminal.
In the third step, the information on the block chain is acquired, and the second terminal obtains h according to the ID of the first terminaln-i+1(T1) If the second terminal is the superior terminal and the second terminal is the node of the block chain, the backup data in the block chain can be obtained by Hash verification or searching local storage backup, so that the purpose of forward query can be achieved, and the ID can be used1Querying h for the first terminaln-i+1(T1) If the second terminal is a subordinate terminal, the second terminal is not a node on the block chain, so that the second terminal can only initiate a query request, and the request information includes a tag ID1And the node returns a result to the second terminal, wherein the result has hn-i+1(T1) Of the second hash value R.
Optionally, the determining, by using the first hash value and the second hash value, whether the first terminal passes the identity authentication includes: comparing the first hash value with the second hash value; if the first hash value is equal to the second hash value, confirming that the first terminal passes the identity authentication and controlling the second terminal to send the authenticated information to the first terminal; and if the first hash value is not equal to the second hash value, confirming that the first terminal fails the identity authentication.
Specifically, it is necessary to determine whether the first terminal passes the identity authentication by comparing the first hash value with the second hash value, and if R ≠ R, the second terminal sends the passing confirmation information to the first terminal, and if R ≠ R, the identity of the first terminal does not pass the authentication, and the second terminal issues the information that the security is threatened.
Optionally, after determining whether the first terminal passes the identity authentication through the first hash value and the second hash value, the method further includes: the identity hash chain of the first terminal is published on the authentication block chain, and node confirmation is carried out on the identity hash chain; and if the terminal nodes with the preset number on the authentication block chain confirm the identity hash chain, writing the identity hash chain and the timestamp information corresponding to the identity hash chain into the authentication block chain.
Specifically, after the first terminal passes the identity authentication, the first terminal prepares for the next authentication, and applies for hn-i(T1) And publishing on the chain, then confirming by the node, if the authentication block is connected with more than two thirds of node confirmation, writing the identity hash chain of the first terminal into the block chain, and the node writes h according to a DPos consensus mechanismn-i(T1) The information of (2) and the time stamp information are written in the block chain, and the next terminal authentication is prepared.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
The embodiment of the invention also provides an identity authentication device of the terminal of the power internet of things, and it should be noted that the identity authentication device of the terminal of the power internet of things can be used for executing the identity authentication method for the terminal of the power internet of things provided by the embodiment of the invention. The identity authentication device of the power internet of things terminal provided by the embodiment of the invention is introduced below.
Fig. 2 is a schematic diagram of an identity authentication device of a terminal of the internet of things of electric power according to an embodiment of the present invention. As shown in fig. 2, the apparatus includes: a sending unit 201, configured to send an authentication request to a second terminal through a first terminal, where the authentication request includes an identity hash chain of the first terminal; a control unit 202, configured to control the second terminal to perform hash operation according to the identity hash chain and obtain a first hash value, where the first hash value is a hash value representing an identity of the first terminal; a searching unit 203, configured to search, by the second terminal, a second hash value from the authentication block chain; the first determining unit 204 is configured to determine whether the first terminal passes the identity authentication according to the first hash value and the second hash value.
The identity authentication device of the power internet of things terminal provided by the embodiment of the invention is used for sending an authentication request to a second terminal through a first terminal by a sending unit 201, wherein the authentication request comprises an identity hash chain of the first terminal; a control unit 202, configured to control the second terminal to perform hash operation according to the identity hash chain and obtain a first hash value, where the first hash value is a hash value representing an identity of the first terminal; a searching unit 203, configured to search, by the second terminal, a second hash value from the authentication block chain; the first determining unit 204 is configured to determine whether the first terminal passes the identity authentication through the first hash value and the second hash value, so that the technical problem that security threats to key information infrastructures such as a power grid are increasing in the related art is solved, and a technical effect of guaranteeing the security of the power network is achieved.
Optionally, the identity hash chain is hn-i(T1),T1For the first terminal, i is the authentication frequency of the current identity hash chain, and n is the total authentication frequency of the identity hash chain, the control unit 202 includes: the first control subunit is configured to control the second terminal to perform hash operation on the identity hash chain according to an operation formula for generating the hash chain by the terminal, where the operation formula is: r ═ Hash (h) n-i(T1))。
Optionally, the apparatus comprises: and the second judging unit is used for judging whether the second terminal is a superior terminal of the first terminal or a subordinate terminal of the first terminal before the second terminal searches the second hash value from the authentication block chain.
Optionally, the lookup unit 203 includes: and the query subunit is configured to, when the second terminal is an upper terminal of the first terminal, perform forward query on the authentication blockchain by using a hash verification method or a method of searching for a local storage backup to obtain a second hash value.
Optionally, the lookup unit 203 includes: and the second control subunit is configured to control the second terminal to send an inquiry request to obtain the second hash value when the second terminal is a subordinate terminal of the first terminal, where the inquiry request includes the ID information of the first terminal.
Alternatively, the first judging unit 204 includes: the comparison subunit is used for comparing the first hash value with the second hash value; the third control subunit is configured to, when the first hash value is equal to the second hash value, confirm that the first terminal passes the identity authentication and control the second terminal to send information that the second terminal passes the authentication to the first terminal; and the confirming subunit is used for confirming that the first terminal does not pass the identity authentication under the condition that the first hash value is not equal to the second hash value.
Optionally, the apparatus further comprises: the confirmation unit is used for disclosing the identity hash chain of the first terminal on the authentication block chain and performing node confirmation on the identity hash chain after judging whether the first terminal passes the identity authentication or not through the first hash value and the second hash value; and the writing unit is used for writing the identity hash chain and the timestamp information corresponding to the identity hash chain into the authentication block chain under the condition that the preset number of terminal nodes on the authentication block chain confirm the identity hash chain.
An identity authentication device of an electric power internet of things terminal comprises a processor and a memory, wherein the sending unit 201 and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. One or more kernels can be set, and the technical problem that the security threats of key information infrastructures such as a power grid and the like are increased day by day in the related technology is solved by adjusting kernel parameters.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
The embodiment of the invention provides a storage medium, wherein a program is stored on the storage medium, and when the program is executed by a processor, the identity authentication method of a power internet of things terminal is realized.
The embodiment of the invention provides a processor, which is used for running a program, wherein an identity authentication method of a power internet of things terminal is executed when the program runs.
The embodiment of the invention provides equipment, which comprises a processor, a memory and a program which is stored on the memory and can run on the processor, wherein the processor executes the program and realizes the following steps: the method comprises the steps that a first terminal sends an authentication request to a second terminal, wherein the authentication request comprises an identity hash chain of the first terminal; controlling the second terminal to perform hash operation according to the identity hash chain and obtaining a first hash value, wherein the first hash value is a hash value representing the identity of the first terminal; the second terminal searches a second hash value from the authentication block chain; and judging whether the first terminal passes the identity authentication or not through the first hash value and the second hash value.
Optionally, the identity hash chain is hn-i(T1),T1The method for controlling the second terminal to perform the hash operation and obtain the first hash value according to the identity hash chain comprises the following steps: controlling the second terminal to perform hash operation on the identity hash chain according to an operation formula of the terminal to generate the hash chain, wherein the operation formula is as follows: r ═ Hash (h) n-i(T1))。
Optionally, before the second terminal searches for the second hash value from the authentication block chain, the method includes: it is determined whether the second terminal is an upper terminal of the first terminal or a lower terminal of the first terminal.
Optionally, the second terminal searching for the second hash value from the authentication block chain includes: if the second terminal is the superior terminal of the first terminal, forward query is carried out on the authentication block chain by a hash verification method or a method of searching for local storage backup so as to obtain a second hash value.
Optionally, the second terminal searching for the second hash value from the authentication block chain includes: and if the second terminal is a subordinate terminal of the first terminal, controlling the second terminal to send an inquiry request to obtain a second hash value, wherein the inquiry request comprises the ID information of the first terminal.
Optionally, the determining, by using the first hash value and the second hash value, whether the first terminal passes the identity authentication includes: comparing the first hash value with the second hash value; if the first hash value is equal to the second hash value, confirming that the first terminal passes the identity authentication and controlling the second terminal to send the authenticated information to the first terminal; and if the first hash value is not equal to the second hash value, confirming that the first terminal fails the identity authentication.
Optionally, after determining whether the first terminal passes the identity authentication through the first hash value and the second hash value, the method further includes: the identity hash chain of the first terminal is published on the authentication block chain, and node confirmation is carried out on the identity hash chain; and if the terminal nodes with the preset number on the authentication block chain confirm the identity hash chain, writing the identity hash chain and the timestamp information corresponding to the identity hash chain into the authentication block chain. The device herein may be a server, a PC, a PAD, a mobile phone, etc.
The invention also provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device: the method comprises the steps that a first terminal sends an authentication request to a second terminal, wherein the authentication request comprises an identity hash chain of the first terminal; controlling the second terminal to perform hash operation according to the identity hash chain and obtaining a first hash value, wherein the first hash value is a hash value representing the identity of the first terminal; the second terminal searches a second hash value from the authentication block chain; and judging whether the first terminal passes the identity authentication or not through the first hash value and the second hash value.
Optionally, the identity hash chain is h n-i(T1),T1The method for controlling the second terminal to perform the hash operation and obtain the first hash value according to the identity hash chain comprises the following steps: controlling the second terminal to perform hash operation on the identity hash chain according to an operation formula of the terminal to generate the hash chain, wherein the operation formula is as follows: r ═ Hash (h)n-i(T1))。
Optionally, before the second terminal searches for the second hash value from the authentication block chain, the method includes: it is determined whether the second terminal is an upper terminal of the first terminal or a lower terminal of the first terminal.
Optionally, the second terminal searching for the second hash value from the authentication block chain includes: if the second terminal is the superior terminal of the first terminal, forward query is carried out on the authentication block chain by a hash verification method or a method of searching for local storage backup so as to obtain a second hash value.
Optionally, the second terminal searching for the second hash value from the authentication block chain includes: and if the second terminal is a subordinate terminal of the first terminal, controlling the second terminal to send an inquiry request to obtain a second hash value, wherein the inquiry request comprises the ID information of the first terminal.
Optionally, the determining, by using the first hash value and the second hash value, whether the first terminal passes the identity authentication includes: comparing the first hash value with the second hash value; if the first hash value is equal to the second hash value, confirming that the first terminal passes the identity authentication and controlling the second terminal to send the authenticated information to the first terminal; and if the first hash value is not equal to the second hash value, confirming that the first terminal fails the identity authentication.
Optionally, after determining whether the first terminal passes the identity authentication through the first hash value and the second hash value, the method further includes: the identity hash chain of the first terminal is published on the authentication block chain, and node confirmation is carried out on the identity hash chain; and if the terminal nodes with the preset number on the authentication block chain confirm the identity hash chain, writing the identity hash chain and the timestamp information corresponding to the identity hash chain into the authentication block chain.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present invention, and are not intended to limit the present invention. Various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.
Claims (10)
1. An identity authentication method for a power Internet of things terminal is characterized by comprising the following steps:
a first terminal sends an authentication request to a second terminal, wherein the authentication request comprises an identity hash chain of the first terminal;
controlling the second terminal to perform hash operation according to the identity hash chain and obtain a first hash value, wherein the first hash value is a hash value representing the identity of the first terminal;
the second terminal searches a second hash value from the authentication block chain;
and judging whether the first terminal passes the identity authentication or not according to the first hash value and the second hash value.
2. The method of claim 1, wherein the identity hash chain is hn-i(T1),T1For the first terminal, i is the authentication frequency of the current identity hash chain, n is the total authentication frequency of the identity hash chain, and controlling the second terminal to perform hash operation and obtain a first hash value according to the identity hash chain comprises:
controlling the second terminal to perform hash operation on the identity hash chain according to an operation formula of the terminal to generate the hash chain, wherein the operation formula is as follows:
r=Hash(hn-i(T1))。
3. The method according to claim 1, characterized in that before the second terminal looks up the second hash value from the chain of authentication blocks, the method comprises:
and judging whether the second terminal is a superior terminal of the first terminal or a subordinate terminal of the first terminal.
4. The method of claim 3, wherein the second terminal looking up the second hash value from the authentication block chain comprises:
if the second terminal is the superior terminal of the first terminal, forward query is carried out on the authentication blockchain through a Hash verification method or a method of searching for local storage backup so as to obtain the second Hash value.
5. The method of claim 3, wherein the second terminal looking up the second hash value from the authentication block chain comprises:
and if the second terminal is a subordinate terminal of the first terminal, controlling the second terminal to send an inquiry request to obtain the second hash value, wherein the inquiry request comprises the ID information of the first terminal.
6. The method of claim 1, wherein determining whether the first terminal passes identity authentication according to the first hash value and the second hash value comprises:
Comparing the first hash value with the second hash value;
if the first hash value is equal to the second hash value, confirming that the first terminal passes the identity authentication and controlling the second terminal to send authentication passing information to the first terminal;
and if the first hash value is not equal to the second hash value, confirming that the first terminal fails the identity authentication.
7. The method according to claim 1, wherein after determining whether the first terminal is authenticated according to the first hash value and the second hash value, the method further comprises:
the identity hash chain of the first terminal is published on the authentication block chain, and node confirmation is carried out on the identity hash chain;
and if the terminal nodes with the preset number on the authentication block chain confirm the identity hash chain, writing the identity hash chain and the timestamp information corresponding to the identity hash chain into the authentication block chain.
8. The utility model provides an identity authentication device at electric power thing networking terminal which characterized in that includes:
a sending unit, configured to send an authentication request to a second terminal through a first terminal, where the authentication request includes an identity hash chain of the first terminal;
The control unit is used for controlling the second terminal to carry out hash operation and obtain a first hash value according to the identity hash chain, wherein the first hash value is a hash value representing the identity of the first terminal;
a searching unit, configured to search, by the second terminal, a second hash value from the authentication block chain;
and the first judging unit is used for judging whether the first terminal passes the identity authentication or not according to the first hash value and the second hash value.
9. A "computer-readable storage medium" or "non-volatile storage medium", wherein the "computer-readable storage medium" or "non-volatile storage medium" includes a stored program, and when the program runs, a device in which the "computer-readable storage medium" or "non-volatile storage medium" is controlled to execute the identity authentication method of the power internet of things terminal according to any one of claims 1 to 7.
10. A processor, configured to execute a program, wherein the program executes the method for authenticating the identity of the power internet of things terminal according to any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010699962.6A CN111865612A (en) | 2020-07-17 | 2020-07-17 | Identity authentication method and device for power Internet of things terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010699962.6A CN111865612A (en) | 2020-07-17 | 2020-07-17 | Identity authentication method and device for power Internet of things terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111865612A true CN111865612A (en) | 2020-10-30 |
Family
ID=73001592
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010699962.6A Pending CN111865612A (en) | 2020-07-17 | 2020-07-17 | Identity authentication method and device for power Internet of things terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111865612A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115150109A (en) * | 2021-03-29 | 2022-10-04 | 中移(上海)信息通信科技有限公司 | Authentication method, device and related equipment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110324331A (en) * | 2019-06-28 | 2019-10-11 | 国电南瑞科技股份有限公司 | Power system security stability contorting terminal identity authentication method based on block chain |
CN111382414A (en) * | 2020-02-14 | 2020-07-07 | 深圳壹账通智能科技有限公司 | Information processing method and platform based on block chain and electronic equipment |
-
2020
- 2020-07-17 CN CN202010699962.6A patent/CN111865612A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110324331A (en) * | 2019-06-28 | 2019-10-11 | 国电南瑞科技股份有限公司 | Power system security stability contorting terminal identity authentication method based on block chain |
CN111382414A (en) * | 2020-02-14 | 2020-07-07 | 深圳壹账通智能科技有限公司 | Information processing method and platform based on block chain and electronic equipment |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115150109A (en) * | 2021-03-29 | 2022-10-04 | 中移(上海)信息通信科技有限公司 | Authentication method, device and related equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Samaniego et al. | Zero-trust hierarchical management in IoT | |
JP7055206B2 (en) | Asset management systems, methods, equipment, and electronic devices | |
Kumari et al. | Blockchain-based massive data dissemination handling in IIoT environment | |
CN108416577A (en) | A kind of block chain service system | |
Sun et al. | Using ethereum blockchain in Internet of Things: A solution for electric vehicle battery refueling | |
CN108377272B (en) | Method and system for managing terminal of Internet of things | |
Yan et al. | A homomorphic encryption and privacy protection method based on blockchain and edge computing | |
CN104506487B (en) | The credible execution method of privacy policy under cloud environment | |
US20150256542A1 (en) | User authentication | |
CN110149323B (en) | Processing device with ten-million-level TPS (platform secure protocol) contract processing capacity | |
CN112527912A (en) | Data processing method and device based on block chain network and computer equipment | |
CN111488372A (en) | Data processing method, device and storage medium | |
CN111597537B (en) | Block chain network-based certificate issuing method, related equipment and medium | |
Jayapandian | Cloud dynamic scheduling for multimedia data encryption using tabu search algorithm | |
CN113886890A (en) | Digital resource co-construction sharing method and device | |
CN112153038B (en) | Method and device for secure login, authentication terminal and readable storage medium | |
CN111901339A (en) | Block chain credible evidence storing method based on extensible distributed system | |
Duan et al. | An edge cloud data integrity protection scheme based on Blockchain | |
Wu et al. | Bring trust to edge: Secure and decentralized IoT framework with BFT and permissioned blockchain | |
CN111460465A (en) | Identity authentication method, equipment and medium based on block chain | |
Fu et al. | Blockchain-enabled device command operation security for Industrial Internet of Things | |
CN111865612A (en) | Identity authentication method and device for power Internet of things terminal | |
Dong et al. | ETSB: energy trading system based on blockchain | |
CN115208630A (en) | Block chain based data acquisition method and system and block chain system | |
US11941619B2 (en) | Validation and storage of transaction data for a blockchain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201030 |