CN115250192A - Robot network authentication system and method - Google Patents
Robot network authentication system and method Download PDFInfo
- Publication number
- CN115250192A CN115250192A CN202110729431.1A CN202110729431A CN115250192A CN 115250192 A CN115250192 A CN 115250192A CN 202110729431 A CN202110729431 A CN 202110729431A CN 115250192 A CN115250192 A CN 115250192A
- Authority
- CN
- China
- Prior art keywords
- robot
- vpn
- network
- block chain
- pop
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 230000002457 bidirectional effect Effects 0.000 claims abstract description 20
- 239000002957 persistent organic pollutant Substances 0.000 claims abstract 30
- 238000012795 verification Methods 0.000 claims description 32
- 230000000977 initiatory effect Effects 0.000 claims description 4
- 238000004590 computer program Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The utility model relates to a robot network authentication system and method, the system comprises a plurality of VPN POPs, each VPN POP can obtain a block chain account book in a block chain network, and the block chain account book comprises registered robot registration information; any of the VPN POPs is configured to, upon receiving a network authentication request of a target robot, determine whether the target robot is registered based on registration information in the blockchain book, and perform bidirectional authentication with the target robot when the target robot is registered. Multiple VPNPOPs in the system can synchronize robot information based on a blockchain system without synchronization of robot information by a VPN Controller. Therefore, the technical scheme can reduce the cost and complexity of the VPN network and simultaneously improve the reliability of the VPN network.
Description
Technical Field
The present disclosure relates to the field of robotics, and in particular, to a system and a method for authenticating a robot network.
Background
Currently, robots have been increasingly used in various industries. Moreover, with the development of artificial intelligence technology, the capability of the robot is stronger and stronger, and further, the destructiveness of the robot caused by illegal invasion is stronger and stronger.
In order to improve the safety of the robot, in the related art, a management control flow of the robot is set to be performed in a safe Network environment, and such a safe Network generally adopts a Virtual Private Network (VPN). For example, the robot may authenticate to the VPN Controller and access the VPN network. However, such an approach still faces security risks while also increasing the burden on the VPN Controller.
Disclosure of Invention
The present disclosure is directed to a system and a method for authenticating a robot network, so as to solve the above-mentioned related technical problems.
In order to achieve the above object, according to a first aspect Of the embodiments Of the present disclosure, a robot network authentication system is provided, which includes a plurality Of VPN POPs (Point Of Presence, network service providing points), where each VPN POP can obtain a block chain ledger in a block chain network, where the block chain ledger includes registration information Of a registered robot;
any of the VPN POPs is configured to, upon receiving a network authentication request of a target robot, determine whether the target robot is registered based on registration information in the blockchain book, and perform bidirectional authentication with the target robot when the target robot is registered.
Optionally, the method further comprises:
the first authentication management terminal is a block chain node with a robot registration authority and is used for writing registration information in a registration request into the block chain account book when the registration request of a robot is received; sending starting node information of the block chain network to the robot, wherein the registration information comprises a block chain address and a public key of the robot;
and the robot is used for storing the starting node information and accessing to the block chain network based on the starting node information.
Optionally, the method further comprises:
and the second authentication management terminal is a block chain node with a robot logout authority and is used for determining a robot to be logout according to a robot identifier in a logout request and updating the registration state of the robot to be logout in the block chain book to be a logout state when the robot logout request is received.
Optionally, the method further comprises:
and the second authentication management end is a block chain node with VPN POP registration authority and is used for writing registration information in the registration request into the block chain account book when receiving the registration request of the VPN POP, wherein the registration information comprises a block chain address and a public key of the VPN POP.
Optionally, the VPN POPs have robot registration authority, and any VPN POP is further configured to, when a registration request of a robot is received, write registration information in the registration request into the block chain account book; sending starting node information of the block chain network to the robot, wherein the registration information comprises a block chain address and a public key of the robot;
and the robot is used for storing the starting node information and accessing to the block chain network based on the starting node information.
Optionally, the VPN POPs have a robot logout authority, and any VPN POP is further configured to, when a robot logout request is received, determine a robot to be logout according to a robot identifier in the logout request, and update a registration state of the robot to be logout in the block chain book to a logout state.
Optionally, any VPN POP is further configured to send authentication failure information to the target robot when authentication fails for the target robot;
the target robot is further configured to send a network authentication request to another VPN POP of the plurality of VPN POPs after receiving the authentication failure information.
According to a second aspect of the embodiments of the present disclosure, there is provided a robot network authentication method applied to any VPN POP in a blockchain network, where the blockchain network includes multiple VPN POPs, each VPN POP can obtain a blockchain ledger in the blockchain network, and the blockchain ledger includes registration information of a registered robot, the method including:
receiving a network authentication request of a target robot, wherein the network authentication request comprises registration verification information;
determining whether the target robot is registered according to the registration verification information and the registration information in the block chain account book;
and initiating a mutual authentication process with the target robot when the target robot is registered.
Optionally, the mutual authentication procedure includes:
sending a first random number and a first blockchain address of the VPN POP to the target robot;
receiving first identity verification information sent by the target robot, wherein the first identity verification information is obtained by encrypting the first random number by the target robot through a private key of the target robot;
decrypting and verifying the first identity verification information based on the public key of the target robot; and the number of the first and second antennas is increased,
and sending second identity verification information to the target robot under the condition of successful decryption verification, wherein the second identity verification information is obtained by encrypting a second random number by the VPN POP through a private key of the VPN POP, the second random number is generated by the target robot, and the second identity verification information is used for authenticating the VPN POP by the target robot.
According to a third aspect of the embodiments of the present disclosure, there is provided a robot network authentication method applied to a target robot, the method including:
sending a network authentication request to any VPN POP in the block chain network; the block chain network comprises a plurality of VPN POPs (virtual private network POPs), each VPN POP can acquire a block chain account book in the block chain network, the block chain account book comprises registration information of a registered robot, the network authentication request comprises registration verification information of the target robot, and the registration verification information is used for determining whether the target robot is registered by the VPN POPs and initiating a bidirectional authentication process with the target robot under the condition that the target robot is registered;
and under the condition that the VPN POP initiates a bidirectional authentication process, performing bidirectional authentication with the VPN POP.
According to the technical scheme, the plurality of VPN POPs are arranged in the block chain network, so that any VPN POP can perform network authentication on the registered robot, and the performance bottleneck problem and the safety risk which are caused when a single VPN Controller performs network authentication on the robot are avoided. In addition, the plurality of VPN POPs can synchronize robot information based on a block chain system without the need of maintaining robot data by a VPN Controller. Therefore, the technical scheme can also reduce the cost and complexity of the VPN network and improve the reliability of the VPN network.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure, but do not constitute a limitation of the disclosure. In the drawings:
fig. 1 is a schematic diagram of a robot network authentication system according to an exemplary embodiment of the present disclosure.
Fig. 2 is a schematic diagram of a robot network authentication system according to an exemplary embodiment of the disclosure.
Fig. 3 is a flowchart illustrating a method for authenticating a robot network according to an exemplary embodiment of the present disclosure.
Fig. 4 is a flowchart illustrating a method for authenticating a robot network according to an exemplary embodiment of the present disclosure.
Detailed Description
The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
Before introducing the robot network authentication system and method of the present disclosure, an application scenario of the present disclosure is first introduced, and various embodiments provided by the present disclosure may be used in a network authentication scenario of a robot, for example.
In order to improve the safety of the robot, in the related art, the management control process of the robot is performed in a safe network environment, and such a safe network generally employs a VPN. For example, VPN software may be installed on the robot and authenticated to the VPN Controller by a VPN account number (username/password), and after authentication is passed, a connection to the VPN network may be made.
However, in this way, the robot needs to locally store VPN account information, which may cause a risk of disclosure. In order to improve the security, the account information needs to be changed periodically. Also, the VPN Controller is a centralized component that manages, stores, and maintains VPN account information for all robots, which may be counterfeited once the VPN Controller is out of control. Meanwhile, when the VPN Controller stops service due to a related reason (natural disaster, power outage, etc.), a phenomenon that the robot cannot access the network may occur, thereby affecting service availability. In addition, since all the robot authentications are performed in the VPN Controller, the VPN Controller may have a performance bottleneck in the case of a large number of robots.
In some implementation scenarios, robot network authentication may be based on a VPN POP and a VPN Controller. For example, a digital certificate may be pre-set on the robot to authenticate to the VPN POP via the digital certificate. However, in order to support authentication of a robot at a VPN POP, the VPN Controller needs to manage, store, and maintain information of all robots, and synchronize the information among VPN POPs, which in turn causes complexity of a VPN network to increase.
To this end, the present disclosure provides a robot network authentication system. Fig. 1 is a schematic diagram of a robotic network authentication system shown in the present disclosure, the system including multiple VPN POPs (illustrated in fig. 1 as 4 VPN POPs), as shown in fig. 1. Each VPN POP can acquire a block chain account book in a block chain network, and the block chain account book comprises registered information of the registered robots.
Here, the registration information may include, for example, a blockchain address of the robot, a public key, and the like. For example, the robot may generate a public key and a private key and generate a blockchain address based on the public key. In this way, the robot can register based on the public key and the blockchain address. After registration is successful, the public key and blockchain address of the robot are written into a blockchain ledger.
In some implementation scenarios, the registration information of the robot may further include related information of the robot, such as a robot type, an Identity Document (ID), and the like, which is not limited by the present disclosure.
Still referring to fig. 1, any VPN POP in the robot network authentication system is configured to, upon receiving a network authentication request for a target robot, determine whether the target robot is registered based on registration information in the blockchain book, and perform mutual authentication with the target robot if the target robot is registered.
Illustratively, the target robot may send a network authentication request to any VPN POP, which may include, for example, a second blockchain address of the target robot and a second random number a. In this way, the VPN POP that receives the network authentication request may query the blockchain address in the blockchain ledger. In the case where the VPN POP does not inquire the second blockchain address, it can be determined that the target robot is unregistered, and thus the authentication procedure can be terminated. When the VPN POP inquires the second blockchain address, it can be determined that the target robot is registered, and a mutual authentication procedure can be initiated.
The following is an exemplary description of the flow of mutual authentication. For example, the VPN POP may send a first random number B to the target robot along with a first blockchain address of the VPN POP.
The target robot can receive the first random number B and the first block chain address, SIGN the first random number B based on a private key of the target robot to obtain a signature result SIGN (A), and send the SIGN (A) to the VPN POP.
The VPN POP can obtain a public key PK (A) of the target robot by inquiring a block chain account book based on the second block chain address of the target robot, and decrypt and verify the SIGN (A) through the public key PK (A). And when the decryption fails and/or the decryption result is not the first random number B, the authentication fails and the authentication process is terminated. And when the decryption is successful and the decryption result is the first random number B, the authentication is successful. In this way, the VPN POP can SIGN the second random number a based on its own private key to obtain SIGN (B), and send SIGN (B) to the target robot, so that the target robot authenticates the VPN POP.
Correspondingly, the target robot can obtain a public key PK (B) of the VPN POP by inquiring a block chain account book based on the first block chain address, and decrypt and verify the SIGN (B) through the public key PK (B). And when the decryption is successful and the decryption result is the second random number A, the authentication is successful. And when the decryption fails and/or the decryption result is not the second random number A, the authentication fails.
The above embodiment exemplifies the bidirectional authentication flow between the target robot and the VPN POP of the present disclosure. However, those skilled in the art should understand that, in a specific implementation, there may be multiple ways of performing bidirectional authentication through an asymmetric cryptographic mechanism (for example, there may be corresponding variations in the bidirectional authentication ways under different communication standards), and for brevity of the description, the present disclosure is not described herein again.
The technical scheme has the following beneficial effects:
after the robot passes the registration, the registration information is written into the blockchain account book. Therefore, network authentication can be performed based on registration information (block chain addresses, public keys and the like), so that the robot does not need to locally maintain VPN account information, and the risk of divulging the account is avoided. Moreover, the registration information of the robot is managed, stored and maintained by the blockchain system, the blockchain network is decentralized, and meanwhile, only the registration information of the robot is stored in the blockchain account book, so that the phenomenon that the robot is counterfeited due to the fact that a certain link is out of control is avoided.
Meanwhile, a plurality of VPN POPs are arranged in the block chain network, so that any VPN POP can carry out network authentication on the registered robot, and the problem of performance bottleneck when a single VPN Controller carries out the network authentication on the robot is solved.
In addition, unlike the way in which the VPN Controller manages the robot information and synchronizes the information among the VPN POPs, in the above technical solution, the registration information of the robot may be stored by the block chain system and synchronized among the VPN POPs based on the block chain system. In this way, the complexity of the VPN network (VPN Controller/VPN POP) can be reduced, the cost can be reduced, and the reliability of the VPN network can be improved.
In some implementation scenarios, the VPN POP is provided with robot registration authority. In this case, any VPN POP in the robot network authentication system is further configured to, when a registration request of a robot is received, write registration information in the registration request into the blockchain book; and sending the starting node information of the blockchain network to the robot, wherein the registration information comprises a blockchain address and a public key of the robot.
For example, the robot may generate a public key and a private key and generate the blockchain address from the public key. In this way, the robot may send a registration request including the block chain address and the public key to a VPN POP. Of course, the robot may also delegate a third party to generate a public key, a private key, and a blockchain address, which is not limited by this disclosure.
After receiving the registration request, the VPN POP may write the blockchain address and the public key of the robot into a blockchain ledger by sending a transaction to a blockchain network, thereby completing registration. In this way, the registration process of the robot can be managed based on the VPN POP.
It is noted that in some embodiments, the registration information of the robot may also include the type, number, etc. of the robot. After receiving the registration request, the VPN POP may also check the relevant information of the robot, which is not limited in this disclosure.
In addition, the VPN POP can also send starting node information of the block chain network to the robot. Correspondingly, the robot may be configured to store the start node information and access to the blockchain network based on the start node information.
Illustratively, the robot may connect to the VPN POP via a wireless network and connect to the blockchain network via a blockchain connection protocol in a manner of a Remote Procedure Call (RPC) or a light node protocol according to the recorded start node information. The Wireless network may be, for example, wiFi (Wireless Fidelity), 4G, 5G, or the like. In this way, after connecting to the blockchain network, the robot can send a network authentication request to any VPN POP in the blockchain network, and then perform network authentication.
In some implementation scenarios, the VPN POP is provided with robot logoff authority. In this case, any VPN POP in the robot network authentication system is further configured to, when a robot logout request is received, determine a robot to be logout according to a robot identifier in the logout request, and update a registration state of the robot to be logout in the block chain ledger to a logout state.
Here, the robot logout request may be transmitted by the relevant robot management side or may be transmitted by the robot. The robot identifier in the robot logout request may be, for example, an identifier that can distinguish a robot, such as a robot number, and the disclosure does not limit this.
Thus, when receiving a robot logout request, the VPN POP can determine the robot to be logout according to the robot identification in the logout request. The VPN POP may further update the registration state of the robot to be deregistered in the blockchain ledger to a deregistration state by sending a transaction to a blockchain network. Since the registration state is updated to the deregistration state, the robot to be deregistered can no longer pass the network authentication of the VPN POP. In this way, the registered robot can be managed based on the VPN POP.
It should be noted that the robot information and the VPN POP information recorded in the blockchain account book are important data for network access authentication. Therefore, in some implementation scenarios, the addition of the robot and the VPN POP can be added to modify the process to set the related authority control strategy.
For example, in one possible implementation, the rights control may be based on a chain of permissions. In the license chain, it may be restricted whether different blockchain accounts have write and modify rights to certain data. For example, data write permission and data modification permission may be configured for a block chain account in an OSS (Business Support System) and/or a BSS (Operation Support System), and data read permission may be set for a block chain account related to a robot, a VPN POP, and a VPN Controller.
In some possible embodiments, the relevant data for the robot and VPN POP may also be managed based on established intelligent contracts. For example, a corresponding intelligent contract may be written, and the storage of information may be achieved through the intelligent contract. The intelligent contracts may provide interfaces for registration, modification, deregistration, querying, etc. The calling authorities of the interfaces such as registration, modification, logout and inquiry are distributed to the block chain accounts corresponding to the OSS/BSS, and the block chain accounts corresponding to the robot and the VPN POP are set to have the calling authorities of the inquiry interfaces.
As such, in some implementation scenarios, the system may further include a first authentication manager. Referring to fig. 2, a schematic diagram of a robot network authentication system is shown, where the first authentication management terminal is a block link point with a robot registration authority, and may correspond to an account related to an OSS/BSS.
The first authentication management terminal is used for writing the registration information in the registration request into the block chain account book when receiving the registration request of the robot; sending starting node information of the blockchain network to the robot, wherein the registration information comprises a blockchain address and a public key of the robot;
and the robot is used for storing the starting node information and accessing to the block chain network based on the starting node information.
For example, the robot may generate a public key and a private key and generate the blockchain address from the public key. In this way, the robot may send a registration request including the block chain address and a public key to the first authentication manager.
After receiving the registration request, the first authentication management terminal may write the blockchain address and the public key of the robot into the blockchain ledger by sending a transaction to the blockchain network, thereby completing registration.
Of course, in some embodiments, the registration information of the robot may also include the type, number, etc. of the robot. After receiving the registration request, the first authentication management end may also check the relevant information of the robot, which is not limited by the present disclosure.
In addition, the first authentication management terminal can also send starting node information of the block chain network to the robot. Correspondingly, the robot may be configured to store the start node information and access to the blockchain network based on the start node information.
Illustratively, the robot can be connected to the VPN POP through a wireless network and is connected to the block chain network through a block chain connection protocol in a light node protocol or RPC mode according to the recorded starting node information. In this way, after connecting to the blockchain network, the robot can send a network authentication request to any VPN POP in the blockchain network, and then perform network authentication.
Of course, based on different application requirements, in some possible embodiments, the first authentication management terminal may also correspond to related management accounts, and these management accounts may also not correspond to the OSS/BSS.
By adopting the technical scheme, the registration process of the robot can be managed by setting the first authentication management terminal, and the writing authority of the robot information is controlled.
In some implementations, the system can also include a second authentication manager. Referring to fig. 2, the second authentication management terminal is a block link point having a robot logout authority, and may correspond to an account related to the OSS/BSS.
And the second authentication management terminal is used for determining the robot to be logged out according to the robot identification in the logging-out request and updating the registration state of the robot to be logged out in the block chain account book to be the logging-out state when the logging-out request of the robot is received.
Here, the robot logout request may be transmitted by the relevant robot management side or may be transmitted by the robot. In some embodiments, the robot logout request may also be automatically generated by the second authentication management terminal based on a preset rule. For example, when the robots register, a corresponding valid time interval may be set for each robot, and when the valid time interval is exceeded, the robot logout request is automatically generated. The robot identifier in the robot logout request may be, for example, an identifier that can distinguish a robot, such as a robot number, and the disclosure does not limit this.
In this way, when the second authentication management terminal receives the robot logout request, the robot to be logout can be determined according to the robot identifier in the logout request. The second authentication management terminal may further update the registration state of the robot to be deregistered in the block chain ledger to a deregistration state by sending a transaction to a block network. Since the registration state is updated to the deregistration state, the robot to be deregistered can no longer pass the network authentication of the VPN POP.
In this way, the registered robot can be managed based on the second authentication management terminal, and the logout authority of the robot information can be controlled.
In a possible implementation manner, the system further includes a third authentication management terminal, where the second authentication management terminal is a block link point with VPN POP registration authority, and may correspond to an account related to the OSS/BSS.
And the third authentication management terminal is used for writing the registration information in the registration request into the block chain account book when receiving the registration request of the VPN POP, wherein the registration information comprises the block chain address and the public key of the VPN POP.
Illustratively, the VPN POP may generate a public key and a private key and generate a blockchain address from the public key. In this way, the VPN POP may transmit a registration request including the block link address and the public key to the third authentication management side.
After receiving the registration request, the third authentication management terminal can write the blockchain address and the public key of the VPN POP into a blockchain ledger by sending a transaction to a blockchain network, so that registration is completed.
By adopting the technical scheme, the registration process of the VPN POP can be managed by arranging the third authentication management terminal, and the write-in authority of the VPN POP information is controlled.
Furthermore, it should be noted that the embodiments described in the specification are preferred embodiments for convenience and brevity of description, and the related portions are not necessarily essential to the present invention. For example, the first authentication management terminal, the second authentication management terminal, and the third authentication management terminal may be independent system components or may be the same system component in specific implementation. In addition, the first authentication management terminal, the second authentication management terminal, and the third authentication management terminal may also correspond to related blockchain management accounts, and these blockchain management accounts may also not correspond to the OSS/BSS, which is not limited in this disclosure.
In a possible implementation, any VPN POP in the robot network authentication system is further configured to send authentication failure information to the target robot when authentication fails for the target robot;
the target robot is further configured to send a network authentication request to another VPN POP of the plurality of VPN POPs after receiving the authentication failure information.
Taking fig. 1 as an example, when the robot receives authentication failure information sent by the VPN POP 4, the robot may also resend the network authentication request to any one of the VPN POPs 1 to 3. By the method, the problem that the robot cannot access the VPN network due to the fact that a certain VPN POP stops service can be solved, and the usability of the system is improved.
The disclosure also provides a robot network authentication method applied to any VPN POP in the block chain network. The block chain network comprises a plurality of VPN POPs, each VPN POP can acquire a block chain account book in the block chain network, and the block chain account book comprises registration information of registered robots.
Here, the registration information may include, for example, a blockchain address of the robot, a public key, and the like. For example, the robot may generate a public key and a private key and generate a blockchain address based on the public key. In this way, the robot can register based on the public key and the blockchain address. After registration is successful, the public key and blockchain address of the robot are written into a blockchain ledger.
In some implementation scenarios, the registration information of the robot may further include relevant information of the robot, such as a robot type, a robot ID, and the like, which is not limited by the present disclosure.
Fig. 3 is a flowchart of a method of authentication of a robot network shown in the present disclosure, the method including:
and S31, receiving a network authentication request of the target robot, wherein the network authentication request comprises registration verification information.
Illustratively, the target robot may send a network authentication request to any VPN POP, which may include, for example, registration verification information of the target robot. Here, the registration verification information may be, for example, a second blockchain address of the target robot.
And S32, determining whether the target robot is registered according to the registration verification information and the registration information in the block chain account book.
For example, the VPN POP that receives the network authentication request may query the blockchain address in a blockchain ledger. In the case where the VPN POP does not inquire the second blockchain address, it can be determined that the target robot is unregistered, and thus the authentication procedure can be terminated.
When the VPN POP inquires the second blockchain address, it is determined that the target robot is registered, and in S33, when the target robot is registered, a bidirectional authentication procedure with the target robot is initiated.
The following is an exemplary description of the flow of mutual authentication. In one possible implementation, the bidirectional authentication procedure includes:
the VPN POP sends a first random number B and a first blockchain address of the VPN POP to the target robot.
The target robot can receive the first random number B and the first block chain address, SIGN the first random number B based on a private key of the target robot to obtain a signature result SIGN (A), and send the SIGN (A) to the VPN POP.
The VPN POP may receive the first authentication information, i.e. signature result SIGN (a), sent by the target robot. In addition, the VPN POP may decrypt and verify the first authentication information based on the public key of the target robot. Illustratively, the VPN POP may obtain a public key PK (a) of the target robot by querying a blockchain ledger based on the second blockchain address, and decrypt and verify SIGN (a) through the public key PK (a). And when the decryption fails and/or the decryption result is not the first random number B, the authentication fails and the authentication process is terminated. And when the decryption is successful and the decryption result is the first random number B, the decryption verification is successful.
And under the condition that decryption verification is successful, the VPN POP sends second identity verification information to the target robot. Continuing with the above example, the second authentication information may be SIGN (B) obtained by the VPN POP encrypting a second random number a by a private key of the VPN POP, the second random number a being generated by the target robot, the second authentication information being used for the target robot to authenticate the VPN POP.
Correspondingly, the target robot can obtain a public key PK (B) of the VPN POP by inquiring a block chain account book based on the first block chain address, and decrypt and verify the SIGN (B) through the public key PK (B). And when the decryption is successful and the decryption result is the second random number A, the authentication is successful. And when the decryption fails and/or the decryption result is not the second random number A, the authentication fails.
The above embodiment exemplifies the bidirectional authentication flow between the target robot and the VPN POP of the present disclosure. However, those skilled in the art should understand that, in a specific implementation, there may be a plurality of ways of performing bidirectional authentication through an asymmetric cryptographic mechanism (for example, there may be corresponding variations in the bidirectional authentication way under different communication standards), and for brevity of the description, the present disclosure is not described herein again.
The technical scheme has the following beneficial effects:
after the robot passes the registration, the registration information is written into the blockchain account book. Therefore, network authentication can be performed based on registration information (block chain addresses, public keys and the like), so that the robot does not need to locally maintain VPN account information, and the risk of divulging the account is avoided. Moreover, the registration information of the robot is managed, stored and maintained by the blockchain system, the blockchain network is decentralized, and meanwhile, only the registration information of the robot is stored in the blockchain account book, so that the phenomenon that the robot is counterfeited due to the fact that a certain link is out of control is avoided.
Meanwhile, a plurality of VPN POPs are arranged in the block chain network, so that any VPN POP can carry out network authentication on the registered robot, and the problem of performance bottleneck when a single VPN Controller carries out the network authentication on the robot is solved.
In addition, unlike the way in which the VPN Controller manages the robot information and synchronizes the information among the VPN POPs, in the above technical solution, the registration information of the robot may be stored by the block chain system and synchronized among the VPN POPs based on the block chain system. In this way, the complexity of the VPN network (VPN Controller/VPN POP) can be reduced, the cost can be reduced, and the reliability of the VPN network can be improved.
The present disclosure also provides a robot network authentication method applied to a target robot, which may be, for example, the robot described in any of the above embodiments. Referring to fig. 4, a flow chart of a method for authentication of a robot network is shown, the method comprising:
s41, sending a network authentication request to any VPN POP in the block chain network.
The block chain network comprises a plurality of VPN POPs, each VPN POP can acquire a block chain account book in the block chain network, and the block chain account book comprises registration information of registered robots. The network authentication request includes registration verification information of the target robot, the registration verification information being used for the VPN POP to determine whether the target robot is registered. In some embodiments, the enrollment verification information may be, for example, a second blockchain address of the target robot.
And S42, performing bidirectional authentication with the VPN POP under the condition that the VPN POP initiates a bidirectional authentication process.
For example, the VPN POP that receives the network authentication request may query the blockchain address in a blockchain ledger. In the case where the VPN POP does not inquire the second blockchain address, it can be determined that the target robot is unregistered, and thus the authentication procedure can be terminated. When the VPN POP inquires the second blockchain address, it can be determined that the target robot is registered, and a bidirectional authentication procedure with the target robot can be initiated.
For brevity of the description, the disclosure is not repeated herein.
The technical scheme has the following beneficial effects:
after the robot passes the registration, the registration information is written into the blockchain account book. Therefore, network authentication can be performed based on registration information (block chain addresses, public keys and the like), so that the robot does not need to locally maintain VPN account information, and the risk of divulging the account is avoided. Moreover, the registration information of the robot is managed, stored and maintained by the blockchain system, the blockchain network is decentralized, and meanwhile, only the registration information of the robot is stored in the blockchain account book, so that the phenomenon that the robot is counterfeited due to the fact that a certain link is out of control is avoided.
Meanwhile, a plurality of VPN POPs are arranged in the block chain network, so that any VPN POP can carry out network authentication on the registered robot, and the problem of performance bottleneck when a single VPN Controller carries out the network authentication on the robot is solved.
In addition, unlike the way in which the VPN Controller manages the robot information and synchronizes the information among the VPN POPs, in the above technical solution, the registration information of the robot may be stored by the block chain system and synchronized among the VPN POPs based on the block chain system. In this way, the complexity of the VPN network (VPN Controller/VPN POP) can be reduced, the cost can be reduced, and the reliability of the VPN network can be improved.
In another exemplary embodiment, a computer program product is also provided, which includes a computer program executable by a programmable device, the computer program having code portions for performing the above-described method of robotic network authentication for VPN POP when executed by the programmable device.
In another exemplary embodiment, a computer program product is also provided, which comprises a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-mentioned robot network authentication method applied to a robot when executed by the programmable apparatus.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the above embodiments, the various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various possible combinations will not be further described in the present disclosure.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.
Claims (10)
1. A robot network authentication system is characterized by comprising a plurality of virtual private network service access points (VPN POPs), wherein each VPN POP can acquire a block chain account book in a block chain network, and the block chain account book comprises registered information of a registered robot;
any of the VPN POPs is configured to, upon receiving a network authentication request of a target robot, determine whether the target robot is registered based on registration information in the blockchain book, and perform bidirectional authentication with the target robot when the target robot is registered.
2. The robot network authentication system according to claim 1, further comprising:
the first authentication management terminal is a blockchain node with a robot registration authority and is used for writing registration information in a registration request into the blockchain account book when the registration request of the robot is received; sending starting node information of the blockchain network to the robot, wherein the registration information comprises a blockchain address and a public key of the robot;
and the robot is used for storing the starting node information and accessing to the block chain network based on the starting node information.
3. The robot network authentication system according to claim 1, further comprising:
and the second authentication management terminal is a block chain node with a robot logout authority and is used for determining a robot to be logout according to a robot identifier in a logout request when the robot logout request is received, and updating the registration state of the robot to be logout in the block chain account book to be a logout state.
4. The robot network authentication system according to claim 1, further comprising:
and the second authentication management end is a block chain node with VPN POP registration authority and is used for writing registration information in the registration request into the block chain account book when receiving the registration request of the VPN POP, wherein the registration information comprises a block chain address and a public key of the VPN POP.
5. The system of claim 1, wherein the VPN POPs have robot registration authority, and wherein any of the VPN POPs is further configured to, upon receiving a robot registration request, write registration information in the registration request into the blockchain ledger; sending starting node information of the blockchain network to the robot, wherein the registration information comprises a blockchain address and a public key of the robot;
and the robot is used for storing the starting node information and accessing to the block chain network based on the starting node information.
6. The system of claim 1, wherein the VPN POPs have a robot logout authority, and any one of the VPN POPs is further configured to, upon receiving a robot logout request, determine a robot to be logout according to a robot identifier in the logout request, and update a registration state of the robot to be logout in the block chain ledger to a logout state.
7. The robot network authentication system according to any one of claims 1 to 6, wherein any one of the VPN POPs is further configured to transmit authentication failure information to the target robot when authentication of the target robot fails;
the target robot is further configured to send a network authentication request to another VPN POP of the plurality of VPN POPs after receiving the authentication failure information.
8. A robot network authentication method is characterized in that the method is applied to any VPN POP in a block chain network, wherein the block chain network comprises a plurality of VPN POPs, each VPN POP can acquire a block chain account book in the block chain network, the block chain account book comprises registration information of registered robots, and the method comprises the following steps:
receiving a network authentication request of a target robot, wherein the network authentication request comprises registration verification information;
determining whether the target robot is registered according to the registration verification information and the registration information in the block chain account book;
and initiating a mutual authentication process with the target robot when the target robot is registered.
9. The method of claim 8, wherein the mutual authentication procedure comprises:
sending a first random number and a first blockchain address of the VPN POP to the target robot;
receiving first identity verification information sent by the target robot, wherein the first identity verification information is obtained by encrypting the first random number by the target robot through a private key of the target robot;
decrypting and verifying the first identity verification information based on the public key of the target robot; and the number of the first and second electrodes,
and sending second identity verification information to the target robot under the condition of successful decryption verification, wherein the second identity verification information is obtained by encrypting a second random number by the VPN POP through a private key of the VPN POP, the second random number is generated by the target robot, and the second identity verification information is used for authenticating the VPN POP by the target robot.
10. A robot network authentication method applied to a target robot, the method comprising:
sending a network authentication request to any VPN POP in the block chain network; the block chain network comprises a plurality of VPN POPs (virtual private network POPs), each VPN POP can acquire a block chain account book in the block chain network, the block chain account book comprises registration information of a registered robot, the network authentication request comprises registration verification information of the target robot, and the registration verification information is used for determining whether the target robot is registered by the VPN POPs and initiating a bidirectional authentication process with the target robot under the condition that the target robot is registered;
and under the condition that the VPN POP initiates a bidirectional authentication process, performing bidirectional authentication with the VPN POP.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110729431.1A CN115250192A (en) | 2021-06-29 | 2021-06-29 | Robot network authentication system and method |
| PCT/CN2021/143779 WO2023273279A1 (en) | 2021-06-29 | 2021-12-31 | Network authentication system and method for robot |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110729431.1A CN115250192A (en) | 2021-06-29 | 2021-06-29 | Robot network authentication system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115250192A true CN115250192A (en) | 2022-10-28 |
Family
ID=83697232
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110729431.1A Pending CN115250192A (en) | 2021-06-29 | 2021-06-29 | Robot network authentication system and method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN115250192A (en) |
| WO (1) | WO2023273279A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11895090B2 (en) * | 2021-10-22 | 2024-02-06 | AVAST Software s.r.o. | Privacy preserving malicious network activity detection and mitigation |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108702622A (en) * | 2017-11-30 | 2018-10-23 | 深圳前海达闼云端智能科技有限公司 | Mobile network's access authentication method, device, storage medium and block chain node |
| CN109088865A (en) * | 2018-08-02 | 2018-12-25 | 京东方科技集团股份有限公司 | Method for authenticating user identity, device, readable storage medium storing program for executing and computer equipment |
| CN110602691A (en) * | 2019-10-18 | 2019-12-20 | 中国联合网络通信集团有限公司 | Mobile communication method and device based on block chain network |
| KR102196478B1 (en) * | 2019-10-04 | 2020-12-30 | 주식회사 레인보우브레인 | Method and system for providing verification services of result of artificial intelligence robot automation software execution based on blockchain |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110107414A1 (en) * | 2009-11-03 | 2011-05-05 | Broadcom Corporation | System and Method for Location Assisted Virtual Private Networks |
| US10637662B2 (en) * | 2017-08-28 | 2020-04-28 | International Business Machines Corporation | Identity verification using biometric data and non-invertible functions via a blockchain |
| US11153070B2 (en) * | 2018-09-11 | 2021-10-19 | International Business Machines Corporation | Access to data broadcast in encrypted form based on blockchain |
| CN110602695B (en) * | 2019-10-18 | 2022-08-19 | 中国联合网络通信集团有限公司 | Block chain-based spectrum sharing method, device and system |
-
2021
- 2021-06-29 CN CN202110729431.1A patent/CN115250192A/en active Pending
- 2021-12-31 WO PCT/CN2021/143779 patent/WO2023273279A1/en unknown
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108702622A (en) * | 2017-11-30 | 2018-10-23 | 深圳前海达闼云端智能科技有限公司 | Mobile network's access authentication method, device, storage medium and block chain node |
| CN109088865A (en) * | 2018-08-02 | 2018-12-25 | 京东方科技集团股份有限公司 | Method for authenticating user identity, device, readable storage medium storing program for executing and computer equipment |
| KR102196478B1 (en) * | 2019-10-04 | 2020-12-30 | 주식회사 레인보우브레인 | Method and system for providing verification services of result of artificial intelligence robot automation software execution based on blockchain |
| CN110602691A (en) * | 2019-10-18 | 2019-12-20 | 中国联合网络通信集团有限公司 | Mobile communication method and device based on block chain network |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2023273279A1 (en) | 2023-01-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9686076B2 (en) | Apparatus and methods for storing electronic access clients | |
| US10271213B2 (en) | Methods and apparatus for providing management capabilities for access control clients | |
| US10826704B2 (en) | Blockchain key storage on SIM devices | |
| CN104813634B (en) | The method and system based on strategy for managing access control | |
| JP6033291B2 (en) | Service access authentication method and system | |
| CN102595404B (en) | For storing and executing the method and device of access control clients | |
| JP2017050875A (en) | Mobile apparatus supporting plural access control clients, and corresponding methods | |
| US9025769B2 (en) | Method of registering smart phone when accessing security authentication device and method of granting access permission to registered smart phone | |
| US20200259667A1 (en) | Distributed management system for remote devices and methods thereof | |
| EP3425842B1 (en) | Communication system and communication method for certificate generation | |
| EP3684005A1 (en) | Method and system for recovering cryptographic keys of a blockchain network | |
| CN106559213B (en) | Equipment management method, equipment and system | |
| US11516194B2 (en) | Apparatus and method for in-vehicle network communication | |
| TWI469655B (en) | Methods and apparatus for large scale distribution of electronic access clients | |
| CN108352982B (en) | Communication device, communication method, and recording medium | |
| US10090997B2 (en) | Method for changing an authentication key | |
| CN115250192A (en) | Robot network authentication system and method | |
| GB2526619A (en) | Service provisioning | |
| US20220295281A1 (en) | System, module, circuitry and method | |
| JP7312279B2 (en) | MOBILE NETWORK ACCESS SYSTEM, METHOD, STORAGE MEDIUM AND ELECTRONIC DEVICE | |
| CN115242480A (en) | Device access method, system and non-volatile computer storage medium | |
| KR101757692B1 (en) | Remote control system of home network device using token server authentication and method thereof | |
| CN115225428B (en) | Robot authentication system and method | |
| CN108924828B (en) | APN self-adaptation method, server and terminal | |
| CN115242418A (en) | Robot authentication system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20221028 |
|
| RJ01 | Rejection of invention patent application after publication |