CN114553547B - Data authentication method and system for manageable blockchain sensor - Google Patents

Data authentication method and system for manageable blockchain sensor Download PDF

Info

Publication number
CN114553547B
CN114553547B CN202210172464.5A CN202210172464A CN114553547B CN 114553547 B CN114553547 B CN 114553547B CN 202210172464 A CN202210172464 A CN 202210172464A CN 114553547 B CN114553547 B CN 114553547B
Authority
CN
China
Prior art keywords
data
sensor
node
group
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210172464.5A
Other languages
Chinese (zh)
Other versions
CN114553547A (en
Inventor
斯雪明
朱自强
谭焕明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Fulian Technology Co ltd
Original Assignee
Fujian Fulian Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Fulian Technology Co ltd filed Critical Fujian Fulian Technology Co ltd
Priority to CN202210172464.5A priority Critical patent/CN114553547B/en
Publication of CN114553547A publication Critical patent/CN114553547A/en
Application granted granted Critical
Publication of CN114553547B publication Critical patent/CN114553547B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data authentication method and a system for a manageable blockchain sensor, wherein first data is acquired by the sensor, encrypted and signed according to a sensor group private key, and second data is generated and sent to a blockchain node; checking the group signature by the block chain node according to the node group private key, judging whether the block chain node is from a sensor registered under the node, if so, entering the next step, otherwise, not receiving the data; performing data verification on the data content of the second data, decrypting the second data and uploading the data if the data verification is passed, otherwise, determining a source sensor of the second data according to the node group private key and the group signature and performing supervision; the identity of the blockchain sensor is verified by utilizing a group signature algorithm, and the safety of sensor data transmission is guaranteed by combining a public key encryption system, so that the sensor with problems can be effectively monitored, the accuracy of uplink data is improved, and the authenticity, the effectiveness and the reliability of data sources are ensured.

Description

Data authentication method and system for manageable blockchain sensor
Technical Field
The invention relates to the technical field of the Internet of things, in particular to a data authentication method and system for a block chain sensor capable of being supervised.
Background
The Internet of things is a core element of a new foundation and is a necessary path for digital transformation. The sensor is a detection device, can sense the measured information and output the information sensed by detection according to a certain form so as to meet the requirements of information transmission, processing, metering, storage and the like. The sensor is the bottommost layer and the forefront of the technology of the Internet of things, and has very important significance for the development of the industry of the Internet of things.
The blockchain integrates the technologies of distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like, has the characteristics of decentralization, distrustation, data untampere, traceability and the like, can provide trust, ownership record, transparency and communication support for the Internet of things, and thus provides a new idea for solving the development problem of the Internet of things industry and expanding the development space of the Internet of things industry. While for the security of the whole network, reliable authentication and data transmission of these sensor devices is critical when accessing the network.
The safety hazard of the sensor comes from three aspects: very limited resources, unreliable communications, and unattended. Because of the lack of unified management and security authentication mechanisms, blockchain sensors are subject to various attacks such as information tampering, information theft, replay and the like, no effective method is available at present to verify the identity and transmitted data of the blockchain sensor, and the data in the sensor is taken as the most basic data, so that the importance is self-evident. Therefore, the authentication of the sensor and the safety and reliability of the data are also the problems to be solved at present.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: the data authentication method and system for the manageable blockchain sensor can ensure the reality, effectiveness and reliability of sensor data transmission in the blockchain.
In order to solve the technical problems, the invention adopts the following technical scheme:
a data authentication method of a manageable blockchain sensor, comprising the steps of:
s1, acquiring first data by a sensor, encrypting the first data, signing according to a sensor group private key, generating second data and sending the second data to a blockchain node;
S2, checking the group signature by the block link point according to the node group private key, judging whether the group signature is from a sensor registered under the node, if so, entering a step S3, otherwise, not receiving the data;
S3, carrying out data verification on the data content of the second data, decrypting the second data and uploading the data if the data verification is passed, otherwise, determining a source sensor of the second data according to a node group private key and the group signature and carrying out supervision.
In order to solve the technical problems, the invention adopts another technical scheme that:
A data authentication system of a manageable blockchain sensor, comprising a sensor and a blockchain node, the sensor comprising a first processor, a first memory and a first computer program stored in the first memory and executable on the first processor, the blockchain node comprising a second processor, a second memory and a second computer program stored in the second memory and executable on the second processor, characterized in that the first processor, when executing the first computer program, implements the steps performed by the sensor in the data authentication method of the above-mentioned one manageable blockchain sensor, and the second processor, when executing the second computer program, implements the steps performed by the blockchain node in the data authentication method of the above-mentioned one manageable blockchain sensor.
The invention has the beneficial effects that: according to the data authentication method and system for the manageable blockchain sensor, the identity of the blockchain sensor is verified by utilizing the group signature algorithm, the safety of sensor data transmission is guaranteed by combining a public key encryption system, and the traceability of the group signature improves the management and supervision of the sensor, so that the sensor with problems can be effectively supervised, the accuracy of uplink data is improved, the efficiency of a blockchain network is maintained, and the authenticity, the effectiveness and the reliability of a data source are guaranteed.
Drawings
FIG. 1 is a flow chart of a method for data authentication of a chain of custody sensor in accordance with an embodiment of the present invention;
FIG. 2 is a block diagram of a data authentication system of a manageable blockchain sensor according to an embodiment of the invention;
FIG. 3 is a schematic diagram illustrating a communication connection of a method for authenticating data of a chain of custodial blockable sensor according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of partial data communication of a method for authenticating data of a chain of custodial blockable sensor according to an embodiment of the invention;
description of the reference numerals:
1. A data authentication system capable of supervising a blockchain sensor; 2. a sensor; 3. a first processor; 4. a first memory; 5. a blockchain node; 6. a second processor; 7. and a second memory.
Detailed Description
In order to describe the technical contents, the achieved objects and effects of the present invention in detail, the following description will be made with reference to the embodiments in conjunction with the accompanying drawings.
IPFS: the system is a point-to-point distributed file system, any node has no privileges, the IPFS network adopts a multi-point backup mechanism, no single point failure exists, and data loss caused by the failure of a certain node does not exist, so that the nodes do not need to trust each other. The file is stored to IPFS, the node calculates a unique corresponding hash value according to the content of the file, and the data cannot be deleted and permanently stored.
Group signature: in group signing, the group members can anonymously represent the group to sign, and the verifier can only verify whether the signer is signed by the group members, and cannot determine the true identity of the signer. If necessary, the group administrator may open the group signature to track the true identity of the group signature.
Referring to fig. 1, 3 and 4, a data authentication method of a chain of block sensor capable of supervision includes the steps of:
s1, acquiring first data by a sensor, encrypting the first data, signing according to a sensor group private key, generating second data and sending the second data to a blockchain node;
S2, checking the group signature by the block link point according to the node group private key, judging whether the group signature is from a sensor registered under the node, if so, entering a step S3, otherwise, not receiving the data;
S3, carrying out data verification on the data content of the second data, decrypting the second data and uploading the data if the data verification is passed, otherwise, determining a source sensor of the second data according to a node group private key and the group signature and carrying out supervision.
From the above description, the beneficial effects of the invention are as follows: according to the data authentication method and system for the manageable blockchain sensor, the identity of the blockchain sensor is verified by utilizing the group signature algorithm, the safety of sensor data transmission is guaranteed by combining a public key encryption system, and the traceability of the group signature improves the management and supervision of the sensor, so that the sensor with problems can be effectively supervised, the accuracy of uplink data is improved, the efficiency of a blockchain network is maintained, and the authenticity, the effectiveness and the reliability of a data source are guaranteed.
Further, the step S1 further includes the following steps:
s01, registering a blockchain system by a blockchain node i, and generating a node group public-private key pair { Gpk i,Gski };
s02, applying authentication to the blockchain node i by the sensor j;
s03, generating a unique identity for the sensor j by the blockchain node i And based on the node group public key Gpk i and the unique identity/>Generating a sensor group private key/>, for sensor jAnd private key/>, of the sensor groupSend to sensor j;
in the step S3, the determining, according to the node group private key and the group signature, the source sensor of the second data specifically includes:
Opening the group signature according to the node group private key Gsk i, and acquiring a unique identity in the group signature According to the unique identity mark/>A source sensor of the second data is determined.
From the above description, the composition of the sensor group private key includes the node group public key and the unique identity of the sensor, thereby enabling the blockchain node to verify the group signature generated by the sensor from the node group private key and to determine the identity to the sensor.
Further, the step S03 further includes the steps of:
s031, using blockchain node i to identify the unique identity of sensor j Adding the data to a registration list;
In the step S3, determining the source sensor of the second data according to the node group private key and the group signature, and performing supervision specifically includes:
opening the group signature according to the node group private key and acquiring the unique identity mark therein According to the unique identity mark/>Determining a source sensor of the second data and identifying/>, the unique identityAnd deleting the data from the registration list, and not receiving the data sent by the sensor j.
As can be seen from the above description, the blockchain node stores its unique identity in the registration list when registering the sensor, and when there is a problem with the sensor data, deletes the information corresponding to the sensor from the registration list, and no longer receives the data of the sensor.
Further, in the step S01, the generation of the public and private group key pair { Gpk i,Gski } is specifically:
Setting system parameters Gpara = (G 1,G2,GT,g1,g2, e, p) by blockchain node i, and constructing two hash function mappings H 0:{0,1}*→G1 and H 1:{0,1}*→ZP;
Wherein, G 1、G2 and G T are p-order cyclic groups, G 1 and G 2 are generator elements of G 1 and G 2 respectively, e, G 1*G2→GT is a bilinear map, and p is prime number;
Random selection γ∈ZP、v1,v2∈G1、k1,k2∈ZP、g2∈G2 and g 1,h,u∈G1, set And meet/>
Generating a group public key:
Gpki=(p,G1,G2,GT,e,g1,g2,h,u,v1,v2,ω,H0,H1);
Group private key:
Gski=(k1,k2,γ)。
as is clear from the above description, the group public-private key pair is generated in the above manner.
Further, in the step S01, the registering from the blockchain node i to the blockchain system specifically includes:
Applying for registration from the blockchain node i to the blockchain system to obtain a node public-private key pair { Mpk i,Mski };
The step S03 includes the step of privately keying the sensor group The sending to the sensor j is specifically:
Private key of sensor group And node public key Mpk i of the blockchain node is sent to sensor j;
In the step S1, encrypting the first data and signing according to the sensor group private key, generating second data and sending the second data to the block link point specifically includes the steps of:
s11, encrypting data comprising the first data m acquired in real time by a sensor through the public key Mpk i of the blockchain node i to obtain a ciphertext CT;
S12, the sensor is used for private key according to the sensor group And carrying out group signature on the data comprising the ciphertext CT to obtain second data and sending the second data to a blockchain node.
As can be seen from the above description, in the second data, the collected first data m is encrypted and transmitted through the public key of the blockchain node, so that the blockchain node can obtain the first data m and meanwhile, the security of the data is improved.
Further, the sensor group private keyAnd the node public key Mpk i of the blockchain node is sent to the sensor j specifically:
Private key of sensor group The unique identity is/>And node public key Mpk i of the blockchain node is sent to sensor j;
The step S11 specifically includes:
The unique identity is included by the sensor through the node public key Mpk i pair Encrypting the data of the first data m acquired in real time to obtain a ciphertext CT;
The step S12 specifically includes:
private key based on sensor group by sensor Performing group signature on the data comprising the ciphertext CT and the unique identity to obtain second data and sending the second data to a blockchain node;
The step S3 of performing data verification on the data content of the second data specifically includes the steps of:
S31, decrypting the ciphertext CT by the blockchain node according to the node private key Msk i to obtain the first data m and the unique identity of the sensor j
S32, obtaining the unique identity mark by decryptionAnd a unique identity contained in the second data at the time of transmissionAnd (5) performing consistency verification.
As can be seen from the above description, the second data and the ciphertext CT both include unique identifiers of the sensor, and the blockchain node ensures accuracy of data sources by checking the two unique identifiers, so as to ensure that the data is not tampered.
Further, the step S02 specifically includes:
Generating a sensor public-private key pair { pk j,skj } by a sensor j, submitting the sensor public-private key pair { pk j,skj } to a blockchain node i, and applying for authentication;
The step S12 specifically includes:
The ciphertext CT is signed by the sensor j according to the sensor public key And including the ciphertext CT and the/>, according to the sensor group private key pairPerforming group signature on the data of the block chain node to obtain second data and transmitting the second data to the block chain node;
The step S3 of performing data verification on the data content of the second data specifically includes the steps of:
S33, according to the sensor private key sk j, the method And (5) checking.
From the above description, the sensor also uses the sensor public key to sign the ciphertext CT, and the blockchain checks the ciphertext CT according to the sensor private key, so as to ensure the accuracy of the data source.
Further, the step S12 specifically includes:
Calculating a hash value H (CT) of the ciphertext CT by a sensor j, carrying out group signature on data comprising the ciphertext CT and the H (CT) according to the sensor group private key to obtain second data, and sending the second data to a blockchain node;
The step S3 of performing data verification on the data content of the second data specifically includes the steps of:
S34, carrying out hash operation on the ciphertext CT to obtain H (CT) 'and carrying out consistency check on the H (CT)' and the H (CT) contained in the second data.
As can be seen from the above description, the second data includes the hash value of the ciphertext CT, and the blockchain node can ensure that the ciphertext CT is not tampered by calculating the hash value of the ciphertext CT and comparing the hash value with the hash value included in the second data.
Referring to fig. 2, a data authentication system of a manageable blockchain sensor includes a sensor and a blockchain node, the sensor includes a first processor, a first memory and a first computer program stored in the first memory and executable on the first processor, the blockchain node includes a second processor, a second memory and a second computer program stored in the second memory and executable on the second processor, the steps executed by the sensor in the data authentication method of the above-mentioned manageable blockchain sensor are implemented when the first computer program is executed by the first processor, and the steps executed by the blockchain node in the data authentication method of the above-mentioned manageable blockchain sensor are implemented when the second computer program is executed by the second processor.
The data authentication method and system of the manageable blockchain sensor are suitable for the situations that the identity of the sensor and the transmitted data need to be checked in the blockchain environment, and the reality, effectiveness and reliability of the sensor data transmission in the blockchain are guaranteed.
Referring to fig. 1, 3 and 4, a first embodiment of the present invention is as follows:
A data authentication method of a manageable blockchain sensor, performed primarily by blockchain node i (i=1, 2,..n) and blockchain sensor j (j=1, 2,..n), where i and j are both natural numbers, comprising the steps of:
s01, registering a blockchain system by a blockchain node i, and generating a node group public-private key pair { Gpk i,Gski };
In the step S01, the registering from the blockchain node i to the blockchain system specifically includes:
Applying for registration from the blockchain node i to the blockchain system to obtain a node public-private key pair { Mpk i,Mski };
The generating of the public and private key pair { Gpk i,Gski } in the step S01 specifically includes:
Setting system parameters Gpara = (G 1,G2,GT,g1,g2, e, p) by blockchain node i, and constructing two hash function mappings H 0:{0,1}*→G1 and H 1:{0,1}*→ZP;
Wherein, G 1、G2 and G T are p-order cyclic groups, G 1 and G 2 are generator elements of G 1 and G 2 respectively, e, G 1*G2→GT is a bilinear map, and p is prime number;
Random selection γ∈ZP、v1,v2∈G1、k1,k2∈ZP、g2∈G2 and g 1,h,u∈G1, set And meet/>
Generating a group public key:
Gpki=(p,G1,G2,GT,e,g1,g2,h,u,v1,v2,ω,H0,H1);
Group private key:
Gski=(k1,k2,γ)。
In this embodiment, system initialization is required, after the blockchain node i is successfully registered, an encryption and decryption public-private key pair { Mpk i,Mski } is obtained, then a group public-private key pair { Gpk i,Gski } is regenerated, the group public key Gpk i is disclosed, and the group private key Gpk i is safely stored by the node itself. The generation mode of the group public and private keys is as described above.
S02, applying authentication to the blockchain node i by the sensor j;
the step S02 specifically includes:
Generating a sensor public-private key pair { pk j,skj } by a sensor j, submitting the sensor public-private key pair { pk j,skj } to a blockchain node i, and applying for authentication.
In this embodiment, the sensor j can be activated and used only after the sensor j is authenticated by the blockchain node i, so that the sensor j needs to submit the public-private key pair { pk j,skj } to the blockchain node i and apply for authentication after generating the public-private key pair { pk j,skj }.
S03, generating a unique identity for the sensor j by the blockchain node iAnd based on the node group public key Gpk i and the unique identity/>Generating a sensor group private key/>, for sensor jAnd private key/>, of the sensor groupSend to sensor j;
The step S03 includes the step of privately keying the sensor group The sending to the sensor j is specifically:
Private key of sensor group The unique identity is/>And node public key Mpk i of the blockchain node is sent to sensor j;
The step S03 further includes the steps of:
s031, using blockchain node i to identify the unique identity of sensor j Added to the registration list.
In this embodiment, the block link point first generates a unique identifier of the sensor according to the public key pk j and a random number rand of the sensor
Then according to the unique identity mark of the sensorPublic key pk j and self-generated group public key Gpk i to generate a group private key/>, for the sensor
For group signing messages.
In this embodiment, the blockchain node i uses its own public key Mpk i and the sensor's group private keyUnique identity of sensor/>Send to sensor j and identify sensor j's unique identity/>Group private key of sensor/>And the public-private key pair { pk j,skj } of the sensor is saved in the registration list RL to complete the registration of the sensor j.
S1, acquiring first data by a sensor, encrypting the first data, signing according to a sensor group private key, generating second data and sending the second data to a blockchain node;
In the step S1, encrypting the first data and signing according to the sensor group private key, generating second data and sending the second data to the block link point specifically includes the steps of:
s11, encrypting data comprising the first data m acquired in real time by a sensor through the public key Mpk i of the blockchain node i to obtain a ciphertext CT;
The step S11 specifically includes:
The unique identity is included by the sensor through the node public key Mpk i pair And encrypting the data of the first data m acquired in real time to obtain a ciphertext CT.
In this embodiment, the sensor j is deployed in the preset area to start operation after registration is completed. The sensor j encrypts the first data m acquired in real time together with the timestamp time through the public key Mpk i of the blockchain node i to obtain an encrypted ciphertext:
S12, the sensor is used for private key according to the sensor group And carrying out group signature on the data comprising the ciphertext CT to obtain second data and sending the second data to a blockchain node.
The step S12 specifically includes:
Calculating a hash value H (CT) of the ciphertext CT by a sensor j, and signing the ciphertext CT according to a sensor public key to obtain And including the ciphertext CT, the H (CT), and the/>, according to the sensor group private key pairAnd (3) carrying out group signature on the data of the block chain node to obtain second data and sending the second data to the block chain node.
In this embodiment, the sensor j marks the ciphertext CT and the unique identityCiphertext hash H (CT) and/>By own group private key/>Group signature is carried out to obtain second data sigma:
The second data σ is then sent to blockchain node i.
S2, checking the group signature by the block link point according to the node group private key, judging whether the group signature is from a sensor registered under the node, if so, entering a step S3, otherwise, not receiving the data;
In this embodiment, after receiving the information uploaded by the sensor j, the blockchain node i first uses its own group private key Gsk i to verify whether σ is from the sensor in the range of the node (whether to register with the node).
S3, performing data verification on the data content of the second data, decrypting the second data and uploading the data if the data verification is passed, otherwise, determining a source sensor of the second data according to a node group private key and the group signature and performing supervision;
The step S3 of performing data verification on the data content of the second data specifically includes the steps of:
S31, decrypting the ciphertext CT by the blockchain node according to the node private key Msk i to obtain the first data m and the unique identity of the sensor j
S32, obtaining the unique identity mark by decryptionAnd a unique identity contained in the second data at the time of transmissionPerforming consistency verification;
in this embodiment, the blockchain node i decrypts the ciphertext CT, and verifies the unique identity obtained by decryption And the unique identity tag/>, contained in the second data at the time of transmissionIf equal, equal returns 0, otherwise return 1.
S33, according to the sensor private key sk j, the methodChecking;
in this embodiment, the blockchain node i also needs to verify the signature information And returns 0 if correct, and 1 otherwise.
S34, carrying out hash operation on the ciphertext CT to obtain H (CT) 'and carrying out consistency check on the H (CT)' and the H (CT) contained in the second data.
In this embodiment, the blockchain node i hashes the ciphertext CT to obtain H (CT)', verifies whether the hashed ciphertext H (CT) in the second data is equal to the hashed ciphertext H (CT), and returns 0 if not, and returns 1.
In the step S3, the determining, according to the node group private key and the group signature, the source sensor of the second data specifically includes:
Opening the group signature according to the node group private key Gsk i, and acquiring a unique identity in the group signature According to the unique identity mark/>Determining a source sensor of the second data;
In the step S3, determining the source sensor of the second data according to the node group private key and the group signature, and performing supervision specifically includes:
opening the group signature according to the node group private key and acquiring the unique identity mark therein According to the unique identity mark/>Determining a source sensor of the second data and identifying/>, the unique identityAnd deleting the data from the registration list, and not receiving the data sent by the sensor j.
In this embodiment, if the above verification is correct, the blockchain node i gets the decrypted first data m to IPFS (INTERPLANETARY FILE SYSTEM, distributed file system) to obtain the corresponding address hashBlockchain node i hashes the address/>And the ciphertext hash H (CT) is packaged and is uplink, and the blockchain node only needs to store the ciphertext hash and the IPFS address hash, so that the storage burden on the face is reduced. If the verification is wrong, the block link point opens the group signature by using the group private key to obtain the corresponding unique identity mark and find the corresponding identity information in the registration list, the signature and the identity information of the sensor are corresponding, the sensor j is added into the revocation list, the data of the sensor j cannot be linked, the correctness of the uplink information is improved, the supervision of the block chain is improved, the generation of data replay, false data and the like after the sensor is maliciously attacked can be prevented, the uplink of wrong information is avoided, and the burden of the block chain is lightened.
Referring to fig. 2, a second embodiment of the present invention is as follows:
A data authentication system 1 of a supervisable blockchain sensor, comprising a sensor 2 and a blockchain node 5, the sensor comprising a first processor 3, a first memory 4 and a first computer program stored in the first memory 4 and executable on the first processor 3, the blockchain node 5 comprising a second processor 6, a second memory 7 and a second computer program stored in the second memory 7 and executable on the second processor 6, the first processor 3 implementing the steps performed by the sensor 2 of one of the above embodiments when the first computer program is executed, the second processor 6 implementing the steps performed by the blockchain node 5 of one of the above embodiments when the second computer program is executed.
The invention relates to a data authentication method and a system for a manageable block chain sensor, which mainly comprise the following principles: the identity of the sensor is distributed and verified by utilizing the characteristics of the group signature algorithm, and the security of the sensor data transmission is ensured by combining a public key encryption system.
In summary, the data authentication method and system for the manageable blockchain sensor provided by the invention verify the identity of the blockchain sensor by utilizing the group signature algorithm, ensure the safety of sensor data transmission by combining a public key encryption system, improve the traceability of the group signature, manage and supervise the sensor, cancel authority of a fault sensor, improve the accuracy of uplink data, maintain the efficiency of the blockchain network and ensure the authenticity, the effectiveness and the reliability of data sources. Meanwhile, the hash value of the ciphertext and the unique identity mark contained in different layers in the transmission are checked, so that the data safety is further ensured.
The foregoing description is only illustrative of the present invention and is not intended to limit the scope of the invention, and all equivalent changes made by the specification and drawings of the present invention, or direct or indirect application in the relevant art, are included in the scope of the present invention.

Claims (4)

1. A method of data authentication for a chain of custody sensor, comprising the steps of:
S1, acquiring first data by a sensor, encrypting the first data, carrying out group signature according to a sensor group private key, generating second data and sending the second data to a blockchain node;
s2, checking the group signature by the block chain node according to the node group private key, judging whether the group signature is from a sensor registered under the node, if so, entering a step S3, otherwise, not receiving the data;
s3, performing data verification on the data content of the second data, decrypting the second data and uploading the data if the data verification is passed, otherwise, determining a source sensor of the second data according to a node group private key and the group signature and performing supervision;
the step S1 further includes the following steps:
S01, registering the blockchain system by the blockchain node i, and generating a node group public-private key pair
S02, applying authentication to the blockchain node i by the sensor j;
s03, generating a unique identity for the sensor j by the blockchain node i And according to node group public key/>Said unique identity/>Generating a sensor group private key/>, for sensor jAnd private key/>, of the sensor groupSend to sensor j;
in the step S3, the determining, according to the node group private key and the group signature, the source sensor of the second data specifically includes:
private key according to the node group Opening the group signature and acquiring unique identity identification/>, therefromAccording to the unique identity mark/>Determining a source sensor of the second data;
The public and private key pairs of the group in the step S01 The generation of (1) is specifically as follows:
Setting system parameters by blockchain node i And construct two hash function mappings/>/>
Wherein, therein、/>And/>For/>Order cycle group,/>And/>Respectively/>And/>Is used for generating the generation element of (a),For a bilinear map,/>Is prime;
Random selection 、/>、/>、/>/>Set/>And meet/>、/>
Generating a group public key:
Group private key:
In the step S01, the registering from the blockchain node i to the blockchain system specifically includes:
applying for registration from the blockchain node i to the blockchain system to obtain a node public-private key pair of the blockchain node
The step S03 includes the step of privately keying the sensor groupThe sending to the sensor j is specifically:
Private key of sensor group Node public key/>, of blockchain nodeSend to sensor j;
In the step S1, encrypting the first data and signing according to the sensor group private key, generating second data and sending the second data to the block link point specifically includes the steps of:
s11, enabling the sensor to pass data comprising the first data m acquired in real time through the public key of the blockchain node i Encrypting to obtain a ciphertext CT;
S12, the sensor is used for private key according to the sensor group Performing group signature on the data comprising the ciphertext CT to obtain second data and sending the second data to a blockchain node;
The sensor group private key Node public key/>, of blockchain nodeThe sending to the sensor j is specifically:
Private key of sensor group Said unique identity/>Node public key/>, of blockchain nodeSend to sensor j;
The step S11 specifically includes:
by sensors through the node public key For including the unique identity/>Encrypting the data of the first data m acquired in real time to obtain a ciphertext CT;
The step S12 specifically includes:
private key based on sensor group by sensor Performing group signature on the data comprising the ciphertext CT and the unique identity to obtain second data and sending the second data to a blockchain node;
The step S3 of performing data verification on the data content of the second data specifically includes the steps of:
S31, the block chain node generates a private key according to the node Decrypting the ciphertext CT to obtain the first data m and the unique identity of sensor j/>
S32, obtaining the unique identity mark by decryptionAnd the unique identity tag/>, contained in the second data at the time of transmissionPerforming consistency verification;
the step S02 specifically includes:
Generating a sensor public-private key pair by sensor j Submitting the sensor public-private key pair to a blockchain node iAnd apply for authentication;
The step S12 specifically includes:
The ciphertext CT is signed by the sensor j according to the sensor public key And including the ciphertext CT and the/>, according to the sensor group private key pairPerforming group signature on the data of the block chain node to obtain second data and transmitting the second data to the block chain node;
The step S3 of performing data verification on the data content of the second data specifically includes the steps of:
s33, according to the sensor private key For the/>And (5) checking.
2. The method for authenticating data of a chain of custody sensor of claim 1, wherein said step S03 further comprises the steps of:
s031, using blockchain node i to identify the unique identity of sensor j Adding the data to a registration list;
In the step S3, determining the source sensor of the second data according to the node group private key and the group signature, and performing supervision specifically includes:
opening the group signature according to the node group private key and acquiring the unique identity mark therein According to the unique identity mark/>Determining a source sensor of the second data and identifying/>, the unique identityAnd deleting the data from the registration list, and not receiving the data sent by the sensor j.
3. The method for authenticating data of a chain of custody sensor of claim 1, wherein the step S12 is specifically:
calculating a hash value of the ciphertext CT by a sensor j And including the ciphertext CT and the/>, according to the sensor group private key pairPerforming group signature on the data of the block chain node to obtain second data and transmitting the second data to the block chain node;
The step S3 of performing data verification on the data content of the second data specifically includes the steps of:
S34, carrying out hash operation on the ciphertext CT to obtain And for the/>And said/>, contained in the second dataAnd (5) performing consistency verification.
4. A data authentication system of a supervisable blockchain sensor, comprising a sensor and a blockchain node, the sensor comprising a first processor, a first memory and a first computer program stored in the first memory and executable on the first processor, the blockchain node comprising a second processor, a second memory and a second computer program stored in the second memory and executable on the second processor, characterized in that the first processor, when executing the first computer program, implements the steps performed by the sensor in a data authentication method of a supervisable blockchain sensor of any of claims 1-3, and the second processor, when executing the second computer program, implements the steps performed by the blockchain node in a data authentication method of a supervisable blockchain sensor of any of claims 1-3.
CN202210172464.5A 2022-02-24 2022-02-24 Data authentication method and system for manageable blockchain sensor Active CN114553547B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210172464.5A CN114553547B (en) 2022-02-24 2022-02-24 Data authentication method and system for manageable blockchain sensor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210172464.5A CN114553547B (en) 2022-02-24 2022-02-24 Data authentication method and system for manageable blockchain sensor

Publications (2)

Publication Number Publication Date
CN114553547A CN114553547A (en) 2022-05-27
CN114553547B true CN114553547B (en) 2024-06-07

Family

ID=81678376

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210172464.5A Active CN114553547B (en) 2022-02-24 2022-02-24 Data authentication method and system for manageable blockchain sensor

Country Status (1)

Country Link
CN (1) CN114553547B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117579256B (en) * 2023-10-12 2024-04-23 智慧工地科技(广东)有限公司 Internet of things data management method and device

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768992A (en) * 2018-05-17 2018-11-06 深圳前海微众银行股份有限公司 Information anonymous transmission method, equipment and readable storage medium storing program for executing based on block chain
CN109636599A (en) * 2018-11-07 2019-04-16 广西师范大学 License block chain secret protection and monitoring and managing method based on group ranking
CN111010280A (en) * 2019-12-09 2020-04-14 中山大学 Group signature-based construction method for monitorable block chain
CN112055025A (en) * 2020-09-10 2020-12-08 广西师范大学 Privacy data protection method based on block chain
CN112435024A (en) * 2020-11-17 2021-03-02 浙江大学 Alliance chain cross-chain privacy protection method based on group signature and CA multi-party authentication
CN112543106A (en) * 2020-12-07 2021-03-23 昆明理工大学 Vehicle privacy anonymous protection method based on block chain and group signature
CN113190860A (en) * 2021-05-07 2021-07-30 福建福链科技有限公司 Block chain sensor data authentication method and system based on ring signature
CN113259116A (en) * 2021-05-13 2021-08-13 福建福链科技有限公司 Sensor data uplink method and system based on aggregated signature
CN113554436A (en) * 2020-04-24 2021-10-26 中国科学院信息工程研究所 User identity anonymization method, tracking method and system for block chain system
CN113886883A (en) * 2021-10-18 2022-01-04 支付宝(杭州)信息技术有限公司 Internet of things data management method and device

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768992A (en) * 2018-05-17 2018-11-06 深圳前海微众银行股份有限公司 Information anonymous transmission method, equipment and readable storage medium storing program for executing based on block chain
CN109636599A (en) * 2018-11-07 2019-04-16 广西师范大学 License block chain secret protection and monitoring and managing method based on group ranking
CN111010280A (en) * 2019-12-09 2020-04-14 中山大学 Group signature-based construction method for monitorable block chain
CN113554436A (en) * 2020-04-24 2021-10-26 中国科学院信息工程研究所 User identity anonymization method, tracking method and system for block chain system
CN112055025A (en) * 2020-09-10 2020-12-08 广西师范大学 Privacy data protection method based on block chain
CN112435024A (en) * 2020-11-17 2021-03-02 浙江大学 Alliance chain cross-chain privacy protection method based on group signature and CA multi-party authentication
CN112543106A (en) * 2020-12-07 2021-03-23 昆明理工大学 Vehicle privacy anonymous protection method based on block chain and group signature
CN113190860A (en) * 2021-05-07 2021-07-30 福建福链科技有限公司 Block chain sensor data authentication method and system based on ring signature
CN113259116A (en) * 2021-05-13 2021-08-13 福建福链科技有限公司 Sensor data uplink method and system based on aggregated signature
CN113886883A (en) * 2021-10-18 2022-01-04 支付宝(杭州)信息技术有限公司 Internet of things data management method and device

Also Published As

Publication number Publication date
CN114553547A (en) 2022-05-27

Similar Documents

Publication Publication Date Title
US11838415B2 (en) Blockchain-implemented method and system
CN106789090B (en) Public key infrastructure system based on block chain and semi-random combined certificate signature method
ES2692900T3 (en) Cryptographic certification of secure hosted execution environments
US20050283826A1 (en) Systems and methods for performing secure communications between an authorized computing platform and a hardware component
CN107493271A (en) Credible and secure network system
TW200939063A (en) Record system and method based on one-way hash function
CN101179380A (en) Bidirectional authentication method, system and network terminal
JP2008507203A (en) Method for transmitting a direct proof private key in a signed group to a device using a distribution CD
CN101682628A (en) Secure communications
CN106790045B (en) distributed virtual machine agent device based on cloud environment and data integrity guarantee method
CN113708935B (en) Internet of things equipment unified authentication method and system based on block chain and PUF
CN113014394B (en) Electronic data certification method and system based on alliance chain
Yu et al. Decim: Detecting endpoint compromise in messaging
CN113536329A (en) Electronic device for cryptographic communication and cryptographic communication system
CN114553547B (en) Data authentication method and system for manageable blockchain sensor
CN115062292A (en) Equipment safety starting and authentication method and device based on hierarchical encryption
CN114629713A (en) Identity verification method, device and system
CN107026729B (en) Method and device for transmitting software
CN114362958B (en) Intelligent home data security storage auditing method and system based on blockchain
CN113285934B (en) Method and device for detecting IP (Internet protocol) of server cryptographic machine client based on digital signature
CN111651740B (en) Trusted platform sharing system for distributed intelligent embedded system
CN113326527A (en) Credible digital signature system and method based on block chain
CN116996331B (en) Block chain-based data processing method, device, equipment and medium
Runde et al. Automated decentralized IT security supervision in automation networks
Wu et al. Enhancing Cloud Data Integrity Verification Scheme with User Legitimacy Check

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant