CN117978397A - Internet of things gateway identity authentication method and system based on alliance chain - Google Patents

Internet of things gateway identity authentication method and system based on alliance chain Download PDF

Info

Publication number
CN117978397A
CN117978397A CN202311579350.3A CN202311579350A CN117978397A CN 117978397 A CN117978397 A CN 117978397A CN 202311579350 A CN202311579350 A CN 202311579350A CN 117978397 A CN117978397 A CN 117978397A
Authority
CN
China
Prior art keywords
internet
things
gateway
equipment
identity authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311579350.3A
Other languages
Chinese (zh)
Inventor
郭建波
贾丽云
陆玲玲
沈国来
尹书辉
姚青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Hexing Electric Power Technology Co ltd
Hainan Haixing International Technology Development Co ltd
Shenzhen Hexing Power Technology Co ltd
Hangzhou Haixing Zeke Information Technology Co ltd
Hangzhou Hexing Electrical Co Ltd
Ningbo Henglida Technology Co Ltd
Original Assignee
Guangdong Hexing Electric Power Technology Co ltd
Hainan Haixing International Technology Development Co ltd
Shenzhen Hexing Power Technology Co ltd
Hangzhou Haixing Zeke Information Technology Co ltd
Hangzhou Hexing Electrical Co Ltd
Ningbo Henglida Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Hexing Electric Power Technology Co ltd, Hainan Haixing International Technology Development Co ltd, Shenzhen Hexing Power Technology Co ltd, Hangzhou Haixing Zeke Information Technology Co ltd, Hangzhou Hexing Electrical Co Ltd, Ningbo Henglida Technology Co Ltd filed Critical Guangdong Hexing Electric Power Technology Co ltd
Priority to CN202311579350.3A priority Critical patent/CN117978397A/en
Publication of CN117978397A publication Critical patent/CN117978397A/en
Pending legal-status Critical Current

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the specification discloses an Internet of things gateway identity authentication method and system based on a alliance chain. The method comprises the steps that a first identity authentication request is sent to an authentication platform end, the authentication platform end is used for inquiring a alliance chain on an alliance chain network end according to the first identity authentication request, determining identity information and a public key of gateway equipment of the Internet of things and sending a first identity authentication response to the gateway equipment end; after the first identity authentication is determined to be successful based on the first identity authentication response, uploading the equipment data to a alliance chain by using a public key, wherein the alliance chain is used for determining the trust degree of the gateway equipment of the Internet of things according to the equipment data, and performing second identity authentication on the gateway equipment of the Internet of things based on the trust degree. According to the embodiment of the specification, the identity authentication and communication security of the gateway equipment are ensured by authenticating the gateway equipment of the Internet of things twice based on the alliance chain.

Description

Internet of things gateway identity authentication method and system based on alliance chain
Technical Field
One or more embodiments of the present disclosure relate to the field of communications security technologies, and in particular, to an internet of things gateway identity authentication method and system based on a federation chain.
Background
With the rapid development of the internet of things technology, the number of internet of things devices is rapidly increased, and the safety problem of the internet of things system is increasingly prominent. The gateway of the Internet of things serves as an important component of the Internet of things system and plays a key role in connecting equipment and a cloud platform. However, since the gateway of the internet of things involves a large number of physical devices and data transmission, the security of the gateway of the internet of things faces many challenges, such as identity authentication, data encryption, and the like. In a traditional internet of things acquisition system, a reliable trust mechanism is lacked to ensure identity authentication and communication security of gateway equipment.
For example, the prior art published patent document CN106487777B discloses an identity authentication method, an internet of things gateway device and an authentication gateway device, wherein a lookup table is firstly established by the internet of things gateway device, and the lookup table comprises a legal medium access control address list and a legal received signal strength index range of at least one legal client device. When the internet of things gateway device receives a connection request sent by the client device, the internet of things gateway device obtains a medium access control address and a received signal strength index of the client device according to the connection request, and compares the medium access control address and the received signal strength index of the client device with a legal medium access control address list and a legal received signal strength index range in a lookup table to judge whether the client device is a legal client device. Although the gateway device of the internet of things can authenticate the client device according to the received signal strength index, the gateway device of the invention cannot ensure the identity authentication and communication security of gateway equipment.
Disclosure of Invention
The embodiment of the specification provides an internet of things gateway identity authentication method and system based on a alliance chain, and the technical scheme is as follows:
In a first aspect, an embodiment of the present disclosure provides an internet of things gateway identity authentication method based on a federation chain, which is applied to a gateway device side, and includes: the method comprises the steps that a first identity authentication request is sent to an authentication platform end, the authentication platform end is used for inquiring a alliance chain on an alliance chain network end according to the first identity authentication request, determining identity information and a public key of gateway equipment of the Internet of things and sending a first identity authentication response to the gateway equipment end; after the first identity authentication is determined to be successful based on the first identity authentication response, uploading the equipment data to a alliance chain by using a public key, wherein the alliance chain is used for determining the trust degree of the gateway equipment of the Internet of things according to the equipment data, and performing second identity authentication on the gateway equipment of the Internet of things based on the trust degree.
In a second aspect, an embodiment of the present disclosure provides an internet of things gateway identity authentication method based on a federation chain, which is applied to an authentication platform end, and includes: receiving a first identity authentication request sent by a gateway equipment end; inquiring a alliance chain on the alliance chain network end according to the first identity authentication request, determining identity information and a public key of gateway equipment of the Internet of things, and sending a first identity authentication response to the gateway equipment end; the gateway equipment end is used for uploading equipment data to the alliance chain by using the public key after determining that the first identity authentication is successful based on the first identity authentication response; the alliance chain is used for determining the trust degree of the gateway equipment of the Internet of things according to the equipment data and carrying out second identity authentication on the gateway equipment of the Internet of things based on the trust degree.
In a third aspect, an embodiment of the present disclosure provides an internet of things gateway identity authentication method based on a federation chain, which is applied to a federation chain network end, and includes: receiving equipment data sent by a gateway equipment end; determining the trust degree of the gateway equipment of the Internet of things according to the equipment data, and performing second identity authentication on the gateway equipment of the Internet of things based on the trust degree; the gateway equipment end is used for sending a first identity authentication request to the authentication platform end, and when the first identity authentication is determined to be successful based on the first identity authentication response, the public key is used for uploading equipment data to a alliance chain on the alliance chain network end; the authentication platform end is used for inquiring the alliance chain according to the first identity authentication request, determining the identity information and the public key of the gateway equipment of the Internet of things and sending a first identity authentication response to the gateway equipment end.
In a fourth aspect, an embodiment of the present disclosure provides an internet of things gateway identity authentication system based on a federation chain, including a gateway device end, an authentication platform end, and a federation chain network end, where the gateway device end includes: the first authentication module is used for sending a first identity authentication request to the authentication platform end, the authentication platform end is used for inquiring the alliance chain on the alliance chain network end according to the first identity authentication request, determining the identity information and the public key of the gateway equipment of the Internet of things and sending a first identity authentication response to the gateway equipment end; and the second authentication module is used for uploading the equipment data to a alliance chain by using the public key after the first authentication is successful based on the first authentication response, wherein the alliance chain is used for determining the trust degree of the gateway equipment of the Internet of things according to the equipment data and carrying out second authentication on the gateway equipment of the Internet of things based on the trust degree.
In a fifth aspect, embodiments of the present disclosure provide an electronic device comprising a processor and a memory; the processor is connected with the memory; a memory for storing executable program code; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for performing the steps of the gateway identity authentication method of the internet of things based on the federation chain of the first aspect, the second aspect, the third aspect or the fourth aspect of the above embodiments.
In a fourth aspect, embodiments of the present disclosure provide a computer storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the steps of the gateway identity authentication method for the internet of things based on a federation chain in the first aspect, the second aspect, the third aspect or the fourth aspect of the embodiments.
The technical scheme provided by some embodiments of the present specification has the following beneficial effects:
The embodiment of the specification provides an internet of things gateway identity authentication method based on a alliance chain, which can inquire the alliance chain on an alliance chain network end through an authentication platform end to perform first identity authentication on internet of things gateway equipment, when the first identity authentication is determined to be successful based on a first identity authentication response, equipment data is uploaded to the alliance chain by using a public key, and the alliance chain is used for determining the trust degree of the internet of things gateway equipment according to the equipment data and performing second identity authentication on the internet of things gateway equipment based on the trust degree. According to the embodiment of the specification, the identity authentication and communication security of the gateway equipment are ensured by authenticating the gateway equipment of the Internet of things twice based on the alliance chain. According to the embodiment of the specification, the identity authentication between the gateway of the Internet of things and the authentication platform and between the gateway of the Internet of things and the alliance chain are realized, and the safety of data transmission is ensured; meanwhile, a decentralised and trusted environment is provided through the alliance chain, so that the safety and reliability of the system are further enhanced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present description, the drawings that are required in the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present description, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an application scenario of an internet of things gateway identity authentication system based on a alliance chain provided in the present specification.
Fig. 2 is a schematic flow chart of an internet of things gateway identity authentication method based on a alliance chain provided in the present specification.
Fig. 3 is a schematic flow chart of another gateway identity authentication method of the internet of things based on a alliance chain provided in the present specification.
Fig. 4 is a schematic flow chart of another gateway identity authentication method of the internet of things based on a alliance chain provided in the present specification.
Fig. 5 is a schematic structural diagram of an electronic device provided in the present specification.
Detailed Description
The technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification.
The terms first, second and the like in the description and in the claims and in the above-described figures are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order. Furthermore, the term "include" and any variations thereof is intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.
Before describing in detail an internet of things gateway identity authentication method based on a coalition chain in combination with one or more embodiments, the present disclosure introduces a scenario in which the internet of things gateway identity authentication method based on a coalition chain is applied.
Referring to fig. 1, fig. 1 is a schematic view of a scenario of an internet of things gateway identity authentication system 100 based on a federation chain according to an embodiment of the present invention, the internet of things gateway identity authentication system 100 based on the federation chain may include a gateway device end 110, an authentication platform end 120, a federation chain network end 130, and the like, where the gateway device end 110, the authentication platform end 120, and the federation chain network end 130 are connected in a communication manner.
The gateway device 110 corresponds to one or more internet of things gateway devices 116, where the internet of things gateway devices 116 are various internet of things terminal devices, such as a sensor, an actuator, an intelligent device, a data acquisition device, a monitoring camera, an RFID reader, and the like, connected to the internet of things gateway and used for realizing functions of data acquisition, transmission, control, and the like.
The gateway device 110 may be integrated on an electronic device, which may be a terminal, a server, or the like. The terminal can be a mobile phone, a tablet computer, an intelligent Bluetooth device, a notebook computer, a personal computer (Personal Computer, PC) or the like; the server may be a single server or a server cluster composed of a plurality of servers. The gateway device 110 may also be integrated in a plurality of electronic devices, for example, the gateway device 110 may be integrated in a plurality of servers, and the plurality of servers implement the gateway identity authentication method of the internet of things based on the alliance chain of the present application.
The authentication platform 120 may also be integrated on an electronic device, which may be a terminal, a server, or the like. The terminal can be a mobile phone, a tablet personal computer, an intelligent Bluetooth device, a notebook computer or a personal computer; the server may be a single server or a server cluster composed of a plurality of servers. The authentication platform end 120 may also be integrated in a plurality of electronic devices, for example, the authentication platform end 120 may be integrated in a plurality of servers, and the plurality of servers implement the gateway identity authentication method of the internet of things based on the alliance chain.
The federated chain network side 130 comprises a federated chain network of one or more nodes corresponding to a number of organization participants. The node may be an electronic device such as a terminal or a server. Each organization participant commonly manages and maintains a coalition chain, in a coalition chain network, the organization participants can share data, execute chain codes and rely on the non-tamper-resistant and distributed characteristics of the coalition chain to enhance the security and the credibility of the data.
In this embodiment, the gateway device 110 includes: a first authentication module 112 and a second authentication module 114, wherein: the first authentication module 112 is configured to send a first identity authentication request to an authentication platform, where the authentication platform is configured to query a coalition chain on a coalition chain network end according to the first identity authentication request, determine identity information and a public key of an internet of things gateway device, and send a first identity authentication response to the gateway device end; the second authentication module 114 is configured to upload the device data to a federation chain using a public key after determining that the first identity authentication is successful based on the first identity authentication response, where the federation chain is configured to determine a trust degree of the gateway device of the internet of things according to the device data, and perform a second identity authentication on the gateway device of the internet of things based on the trust degree.
In some embodiments, the gateway device side 110 further includes an information sending module, where the information sending module is configured to: the method comprises the steps that equipment information is sent to an authentication platform end, and the authentication platform end is used for storing the equipment information on a alliance chain and generating a unique identifier of gateway equipment of the Internet of things; the device information includes device identity information and a public key.
In some embodiments, the gateway device side 110 further includes a network construction module configured to: setting a distributed account book platform and a dependency library for realizing the function of the distributed account book, and establishing connection between the dependency library and a network of the distributed account book platform; defining an organization participant participating in the gateway of the internet of things, wherein the organization participant comprises an identifier, a network verification parameter and an identity verification parameter; setting one or more nodes for the organization participants, configuring network resources for the nodes, wherein the nodes are used for connecting to a alliance chain network and participating in consensus and data verification; the nodes comprise an endorsement node and a sequencing node, wherein the endorsement node is used for executing intelligent contracts and maintaining account books, and the sequencing node is used for consensus and sequencing transactions; setting a chain code, wherein the chain code is used for realizing an identity authentication flow of the gateway equipment of the Internet of things so as to ensure that only the gateway equipment of the Internet of things which is successfully authenticated by the first identity authentication can access and participate in a alliance chain network; deploying the chain code to the nodes of the alliance chain, and verifying that all the nodes successfully access and execute the chain code; based on the identity authentication mechanism, identity management and access control configuration of the alliance chain, the authority and access control rules of the alliance chain network are set so as to verify that only authorized gateway equipment and nodes of the Internet of things can access and use the chain code.
In some embodiments, the network construction module further comprises an organization setting module for: respectively defining roles and functions of a certificate issuing mechanism and a public key registration mechanism; setting a certificate issuing organization according to the roles and functions of the certificate issuing organization, wherein a root certificate organization is an organization for issuing and managing digital certificates in a alliance chain network; and setting a public key registration mechanism according to the roles and functions of the public key registration mechanism, wherein the public key registration mechanism is a mechanism for verifying the identity of the gateway equipment of the Internet of things and submitting a certificate application to a certificate issuing mechanism.
In some embodiments, the second authentication module 114 includes a trust determination module for: determining the data quality degree, the equipment stability and the equipment compliance corresponding to the gateway equipment of the Internet of things according to the equipment data based on the chain code on the alliance chain; determining the trust degree of the gateway equipment of the Internet of things according to the data quality degree, the equipment stability and the equipment compliance; when the trust degree of the gateway equipment of the Internet of things is lower than a preset trust degree threshold, judging that the second identity authentication of the gateway equipment of the Internet of things fails, and marking the gateway equipment of the Internet of things as an unreliable equipment.
In some embodiments, the second authentication module 114 further comprises a blacklist management module for: removing the un-trusted device from the coalition chain network by updating the chain code; adding the un-trusted device into the blacklist, and managing the blacklist through the alliance chain.
In this embodiment, the authentication platform 120 includes a first authentication module, where the first authentication module is configured to: receiving a first identity authentication request sent by a gateway equipment end; inquiring a alliance chain on the alliance chain network end according to the first identity authentication request, determining identity information and a public key of gateway equipment of the Internet of things, and sending a first identity authentication response to the gateway equipment end; the gateway equipment end is used for uploading equipment data to the alliance chain by using the public key after determining that the first identity authentication is successful based on the first identity authentication response; the alliance chain is used for determining the trust degree of the gateway equipment of the Internet of things according to the equipment data and carrying out second identity authentication on the gateway equipment of the Internet of things based on the trust degree.
In this embodiment, the authentication platform 120 further includes an information receiving module, where the information receiving module is configured to: receiving equipment information sent by a gateway equipment end; storing the equipment information on a alliance chain, and generating a unique identifier of the gateway equipment of the Internet of things; the device information includes device identity information and a public key.
In this embodiment, the federated link network end 130 includes a second identity authentication module, where the second identity authentication module is configured to: receiving equipment data sent by a gateway equipment end; determining the trust degree of the gateway equipment of the Internet of things according to the equipment data, and performing second identity authentication on the gateway equipment of the Internet of things based on the trust degree; the gateway equipment end is used for sending a first identity authentication request to the authentication platform end, and when the first identity authentication is determined to be successful based on the first identity authentication response, the public key is used for uploading equipment data to a alliance chain on the alliance chain network end; the authentication platform end is used for inquiring the alliance chain according to the first identity authentication request, determining the identity information and the public key of the gateway equipment of the Internet of things and sending a first identity authentication response to the gateway equipment end.
Based on the content of the gateway identity authentication system of the internet of things based on the alliance chain in the embodiments of the present specification, it can be known that the embodiment of the present specification ensures the identity authentication and the communication security of the gateway device by performing authentication on the gateway device of the internet of things based on the alliance chain twice. According to the embodiment of the specification, the identity authentication between the gateway of the Internet of things and the authentication platform and between the gateway of the Internet of things and the alliance chain are realized, and the safety of data transmission is ensured; meanwhile, a decentralised and trusted environment is provided through the alliance chain, so that the safety and reliability of the system are further enhanced.
It should be noted that, the schematic view of the gateway identity authentication system of the internet of things based on the alliance chain shown in fig. 1 is merely an example, and the gateway identity authentication system of the internet of things based on the alliance chain and the scene described in the embodiments of the present invention are for more clearly describing the technical solution of the embodiments of the present invention, and do not form a limitation on the technical solution provided in the embodiments of the present invention, and as a person of ordinary skill in the art knows, the technical solution provided in the embodiments of the present invention is equally applicable to similar technical problems with the evolution of the gateway identity authentication system of the internet of things based on the alliance chain and the appearance of new scenes.
The following detailed description is given, respectively, of the embodiments, and the description sequence of the following embodiments is not to be taken as a limitation of the preferred sequence of the embodiments.
The embodiments of the present specification will be described from the perspective of the gateway device side 110, and the gateway device side 110 may be integrated in a computer device, which may be a server or the like.
Referring to fig. 2, an embodiment of the present disclosure provides an internet of things gateway identity authentication method based on a federation chain, which is applied to a gateway device 110, and the specific flow includes:
200. The method comprises the steps of sending a first identity authentication request to an authentication platform end, wherein the authentication platform end is used for inquiring a alliance chain on an alliance chain network end according to the first identity authentication request, determining identity information and a public key of gateway equipment of the Internet of things and sending a first identity authentication response to the gateway equipment end.
In this embodiment, the first authentication request is a request sent by the gateway device end 110 to the authentication platform end for verifying device information such as identity and public key of the gateway device of the internet of things.
In this embodiment, a root certificate authority may be provided, which is responsible for issuing and managing digital certificates in the federated chain network. The root certificate authority is a trusted entity in the federated chain network, and the digital certificates that it issues are extremely reliable.
When the gateway device of the internet of things performs identity authentication through the alliance chain network, a digital certificate issued by a root certificate authority is used as an identity certificate, and the digital certificate contains a public key and other related information of the gateway device of the internet of things. The authentication platform end confirms the validity of the public key and the identity information of the gateway equipment of the Internet of things requesting to carry out identity authentication through inquiring the alliance chain of the alliance chain network, so that the gateway equipment of the Internet of things is safely verified and identified.
In some embodiments, before sending the first authentication request to the authentication platform, the method further includes: and the equipment information is sent to an authentication platform end, and the authentication platform end is used for storing the equipment information on a alliance chain and generating a unique identifier of the gateway equipment of the Internet of things.
In this embodiment, the device information includes device identity information, a public key, and the like.
Before sending the first identity authentication request to the authentication platform end, the embodiment can register the internet of things gateway equipment through the authentication platform end, namely, before the internet of things gateway equipment leaves a factory, the internet of things gateway equipment registers with the authentication platform and provides data such as identity information, public keys and the like. The authentication platform stores the identity information, public key and other data of the gateway equipment of the Internet of things on the alliance chain, and generates a unique identifier of the equipment.
In some embodiments, the authentication platform end is configured to query, according to a first identity authentication request, a federation chain on a federation chain network end, where a process for constructing the federation chain network includes: setting a distributed account book platform and a dependency library for realizing the function of the distributed account book, and establishing connection between the dependency library and a network of the distributed account book platform; defining an organization participant participating in the gateway of the internet of things, wherein the organization participant comprises an identifier, a network verification parameter and an identity verification parameter; setting one or more nodes for the organization participants, and configuring network resources for the nodes; setting a chain code, wherein the chain code is used for realizing an identity authentication flow of the gateway equipment of the Internet of things so as to ensure that only the gateway equipment of the Internet of things which is successfully authenticated by the first identity authentication can access and participate in a alliance chain network; deploying the chain code to the nodes of the alliance chain, and verifying that all the nodes successfully access and execute the chain code; based on the identity authentication mechanism, identity management and access control configuration of the alliance chain, the authority and access control rules of the alliance chain network are set so as to verify that only authorized gateway equipment and nodes of the Internet of things can access and use the chain code.
In this embodiment, the dependency library may be a blockchain framework, an encryption algorithm library, a network communication library, etc. required for implementing the distributed ledger function. The node is used for connecting to the alliance chain network and participating in consensus and data verification; the nodes comprise an endorsement node and a sequencing node, wherein the endorsement node is used for executing intelligent contracts and maintaining an account book, and the sequencing node is used for consensus and sequencing transactions.
For example, in this embodiment, an organization entity (i.e. an organization participant) participating in the gateway of the internet of things may be defined in the yaml file: such as the gateway device manufacturer, and assign a unique identifier to the organization, configuring its corresponding network and authentication parameters. The present embodiment may also support the addition of multiple organization entities, such as device operators, data service providers, etc. Wherein yaml file is a file in a human-readable data serialization format for configuration files and data transmission. The yaml file uses indentation and behavior delimiters to represent the data structure.
The present embodiment may provide one or more nodes for each organization entity to connect to the blockchain network and participate in consensus and data verification, thereby maintaining blockchain integrity.
For example, this embodiment may set 4 nodes with sufficient computing and storage capabilities for each organization entity: 2 endorsement nodes and 2 ordering nodes. 2 endorsement nodes are used to execute intelligent contracts and maintain an account book, and 2 ordering nodes are used to consensus and order transactions. In this embodiment, the endorsement node and the ordering node may be configured on different virtual machines, and corresponding network resources may be allocated.
The network resources may include, among other things, computing resources, storage resources, network bandwidth, and the like. The computing resources include processors and memory. Nodes in the federated chain network require sufficient computing resources to perform smart contracts, verify transactions, and participate in the consensus process. Storage resources: that is, the endorsement node needs enough memory to store the ledger copy of the blockchain and the data needed to execute the intelligent contract. The ordering node needs to store the data required for transaction ordering and block generation. Network bandwidth: i.e., nodes in the federated chain network require sufficient network bandwidth to handle the transmission of transaction information and communication during consensus. The embodiment can also configure proper standby resources and security measures to ensure the reliability and security of the nodes.
In this embodiment, a chain code may be further set, that is, an intelligent contract is written to implement the identity authentication logic and flow of the gateway device of the internet of things, so as to ensure that only the gateway device of the internet of things after identity authentication can access and participate in the alliance chain network.
In this embodiment, the chain code may be deployed, that is, the written chain code is deployed to the nodes of the federation chain, and it is ensured that all the nodes can access and execute the chain code. Thus, each node can verify and execute the identity authentication request from the gateway equipment of the Internet of things.
In this embodiment, the authority and access control may also be configured, that is, the authority and access control rule of the gateway of the internet of things may be set through the identity authentication mechanism, the identity management and the access control configuration of the federation chain, so as to ensure that only authorized devices and organizations can access and use the chain code.
In this embodiment, by establishing a federation chain network, a decentralised and trusted environment is implemented, and the gateway device of the internet of things can perform identity authentication in the federation chain, so as to ensure that only legal and verified devices can participate in the federation chain network, and implement related business logic through a chain code.
In some embodiments, the process of building a federated chain network further includes setting a public key infrastructure on the federated chain network; setting up public key infrastructure on a federated chain network, comprising: respectively defining roles and functions of a certificate issuing mechanism and a public key registration mechanism; setting a certificate issuing organization according to the roles and functions of the certificate issuing organization, wherein a root certificate organization is an organization for issuing and managing digital certificates in a alliance chain network; and setting a public key registration mechanism according to the roles and functions of the public key registration mechanism, wherein the public key registration mechanism is a mechanism for verifying the identity of the gateway equipment of the Internet of things and submitting a certificate application to a certificate issuing mechanism.
In this embodiment, implementing the public key infrastructure on the federated chain network includes: defining roles and functions of certificate authorities, configuring and setting certificate authorities, defining settings of public key registration authorities, generating and distributing digital certificates, and certificate revocation and renewal. The role and function of a certificate authority are defined, namely the certificate authority is an authority responsible for issuing and managing digital certificates in a alliance chain network, and can verify entity identities, generate certificate signatures, distribute digital certificates, cancel certificates and the like. A certificate authority is configured and arranged, namely a certificate authority server is built to be responsible for issuing certificates, and corresponding security policies are set. The setting of the public key registration mechanism is defined, namely the mechanism that the public key registration mechanism is responsible for verifying the identity of the gateway of the internet of things and submitting a certificate application to a certificate issuing mechanism. The public key registration mechanism is mainly responsible for implementing identity verification, and then submits a verification result to the certificate issuing mechanism for issuing the certificate. In addition, in the certificate revocation and update, that is, in the coalition chain network of the embodiment, the identity of the gateway of the internet of things may need to be updated periodically in consideration of the dynamic property of the identity of the gateway of the internet of things, so that the certificate for identity authentication of the gateway of the internet of things is revoked and updated through a certificate issuing authority, and the accuracy and the effectiveness of the certificate are ensured.
210. After the first identity authentication is determined to be successful based on the first identity authentication response, uploading the equipment data to a alliance chain by using a public key, wherein the alliance chain is used for determining the trust degree of the gateway equipment of the Internet of things according to the equipment data, and performing second identity authentication on the gateway equipment of the Internet of things based on the trust degree.
In this embodiment, the gateway device of the internet of things may perform secure data exchange after the first identity authentication based on the authentication platform end passes. In the data exchange process, the public key of the equipment is used for encryption and decryption, so that confidentiality and integrity of data transmission are ensured. The node on the alliance chain can evaluate the trust degree of the gateway equipment of the Internet of things and perform second identity authentication on the gateway equipment of the Internet of things based on the trust degree.
In some embodiments, determining the trust level of the gateway device of the internet of things according to the device data, and performing the second identity authentication on the gateway device of the internet of things based on the trust level, includes: determining the data quality degree, the equipment stability and the equipment compliance corresponding to the gateway equipment of the Internet of things according to the equipment data based on the chain code on the alliance chain; determining the trust degree of the gateway equipment of the Internet of things according to the data quality degree, the equipment stability and the equipment compliance; when the trust degree of the gateway equipment of the Internet of things is lower than a preset trust degree threshold, judging that the second identity authentication of the gateway equipment of the Internet of things fails, and marking the gateway equipment of the Internet of things as an unreliable equipment.
In this embodiment, the device data acquired in the current time period may be compared with the device data corresponding to the historical time period, the similarity may be obtained, and the data quality degree and the like may be comprehensively determined through the similarity and whether the data has an abnormal value, a missing value, and the like. The embodiment can also determine the stability of the device and the like based on factors such as whether to frequently power up and power down, whether to frequently send a registration request, on-line time length and the like. The embodiment can also determine the equipment compliance and the like according to the equipment data based on the data compliance preset condition.
The embodiment can establish a trust evaluation mechanism on the alliance chain, including designing and setting the trust evaluation mechanism, acquiring device data, evaluating the trust degree, eliminating the un-trusted devices and the like. The trust evaluation mechanism is designed and set, namely, the trust degree of the gateway equipment of the Internet of things is determined according to the data quality degree, the equipment stability and the equipment compliance degree of the gateway equipment of the Internet of things, a set of evaluation rules and standards are formulated, and the running state and the data of the equipment are evaluated. And acquiring equipment data, namely collecting various data from the running gateway equipment of the Internet of things, including the running state of the equipment, the quality of the transmission data and the like, and taking the data as the basis for evaluating the trust degree of the equipment. The trust level is then evaluated, i.e., the device is evaluated for trust based on the collected data using the intelligent contracts (i.e., chain codes) on the federation chain. The embodiment can comprehensively evaluate the trust degree of the gateway equipment of the Internet of things based on factors such as data quality, equipment stability, compliance and the like. And rejecting the unreliable equipment, namely when the trust degree of certain Internet of things gateway equipment is lower than a preset trust degree threshold, marking the Internet of things gateway equipment as the unreliable equipment, and rejecting the Internet of things gateway equipment under the condition that the intelligent updating is approximately required.
In some embodiments, after marking the internet of things gateway device as an untrusted device, comprising: removing the un-trusted device from the coalition chain network by updating the chain code; adding the un-trusted device into the blacklist, and managing the blacklist through the alliance chain.
In this embodiment, the trust evaluation mechanism established on the federation chain may also include device blacklist management and the like. And the device blacklist management is to add the rejected untrusted gateway devices into the set blacklist and manage the trusted gateway devices on a alliance chain. Other nodes can judge the trust degree of the equipment by inquiring the blacklist and make corresponding decisions.
The present description embodiment is based on the public key infrastructure architecture of a federation chain: by adopting the alliance chain as a basic technology, the identity authentication and the data transmission security of the gateway of the Internet of things are realized. The alliance chain provides a decentralised and trusted environment, is independent of a centralized certification authority, reduces the risks of single-point faults and attacks, and enhances the safety and reliability of the system. According to the embodiment of the specification, the trust range of the authentication domain is greatly expanded based on the public key infrastructure architecture of the alliance chain, so that tens of thousands of gateway devices of the Internet of things can more conveniently establish trust relations in the Internet. According to the embodiment of the specification, the unique identity identifier is generated for the gateway equipment of the Internet of things, and each gateway of the Internet of things is granted with the unique identity identifier in the alliance chain network, so that the uniqueness and the reliability of the identity are ensured.
Referring to fig. 3, an embodiment of the present disclosure provides another gateway identity authentication method of the internet of things based on a federation chain, which is applied to an authentication platform end 120, and the specific flow includes:
300. And receiving a first identity authentication request sent by the gateway equipment side.
In this embodiment, before receiving the first identity authentication request sent by the gateway device of the internet of things, the method further includes: receiving equipment information sent by a gateway equipment end; storing the equipment information on a alliance chain, and generating a unique identifier of the gateway equipment of the Internet of things; the device information includes device identity information and a public key.
310. Inquiring a alliance chain on the alliance chain network end according to the first identity authentication request, determining identity information and a public key of gateway equipment of the Internet of things, and sending a first identity authentication response to the gateway equipment end.
In this embodiment, the gateway device is configured to upload device data to the federation chain using the public key after determining that the first authentication is successful based on the first authentication response; the alliance chain is used for determining the trust degree of the gateway equipment of the Internet of things according to the equipment data and carrying out second identity authentication on the gateway equipment of the Internet of things based on the trust degree.
Referring to fig. 4, the embodiment of the present disclosure provides another gateway identity authentication method of the internet of things based on a federation chain, which is applied to a federation chain network end 130, and the specific flow includes:
400. receiving equipment data sent by a gateway equipment end;
410. and determining the trust degree of the gateway equipment of the Internet of things according to the equipment data, and carrying out second identity authentication on the gateway equipment of the Internet of things based on the trust degree.
In this embodiment, the gateway device is configured to send a first authentication request to the authentication platform, and when it is determined that the first authentication is successful based on the first authentication response, upload device data to the federation chain on the federation chain network by using the public key; the authentication platform end is used for inquiring the alliance chain according to the first identity authentication request, determining the identity information and the public key of the gateway equipment of the Internet of things and sending a first identity authentication response to the gateway equipment end.
The embodiment of the specification provides an internet of things gateway identity authentication method based on a alliance chain, which can inquire the alliance chain on an alliance chain network end through an authentication platform end to perform first identity authentication on internet of things gateway equipment, when the first identity authentication is determined to be successful based on a first identity authentication response, equipment data is uploaded to the alliance chain by using a public key, and the alliance chain is used for determining the trust degree of the internet of things gateway equipment according to the equipment data and performing second identity authentication on the internet of things gateway equipment based on the trust degree. According to the embodiment of the specification, the identity authentication and communication security of the gateway equipment are ensured by authenticating the gateway equipment of the Internet of things twice based on the alliance chain. According to the embodiment of the specification, the identity authentication between the gateway of the Internet of things and the authentication platform and between the gateway of the Internet of things and the alliance chain are realized, and the safety of data transmission is ensured; meanwhile, a decentralised and trusted environment is provided through the alliance chain, so that the safety and reliability of the system are further enhanced.
The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are mutually referred to, and each embodiment mainly describes differences from other embodiments. In particular, for the embodiment of the gateway identity authentication system of the internet of things based on the alliance chain, since the embodiment of the gateway identity authentication system of the internet of things based on the alliance chain is basically similar to the embodiment of the gateway identity authentication method of the internet of things based on the alliance chain, the description is simpler, and relevant matters are only needed to see the part of the description of the embodiment of the method.
Please refer to fig. 5, which illustrates a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
As shown in fig. 5, the electronic device 500 may include: at least one processor 501, at least one network interface 504, a user interface 503, a memory 505, and at least one communication bus 502.
Wherein the communication bus 502 may be used to enable connectivity communication of the various components described above.
The user interface 503 may include keys, and the optional user interface may also include a standard wired interface, a wireless interface, among others.
The network interface 504 may include, but is not limited to, a bluetooth module, an NFC module, a Wi-Fi module, and the like.
Wherein the processor 501 may include one or more processing cores. The processor 501 utilizes various interfaces and lines to connect various portions of the overall electronic device 500, perform various functions of the electronic device 500, and process data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 505, and invoking data stored in the memory 505. Alternatively, the processor 501 may be implemented in at least one hardware form of DSP, FPGA, PLA. The processor 501 may integrate one or a combination of several of a CPU, GPU, modem, etc. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing the content required to be displayed by the display screen; the modem is used to handle wireless communications. It will be appreciated that the modem may not be integrated into the processor 501 and may be implemented by a single chip.
The memory 505 may include RAM or ROM. Optionally, the memory 405 includes a non-transitory computer readable medium. Memory 505 may be used to store instructions, programs, code sets, or instruction sets. The memory 505 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the above-described various method embodiments, etc.; the storage data area may store data or the like referred to in the above respective method embodiments. The memory 505 may also optionally be at least one storage device located remotely from the processor 501. An operating system, a network communication module, a user interface module, and a federation chain-based internet of things gateway authentication application may be included in memory 505 as one type of computer storage medium. The processor 501 may be configured to invoke the federation chain based internet of things gateway identity authentication application stored in the memory 505 and perform the steps of the federation chain based internet of things gateway identity authentication mentioned in the foregoing embodiments.
The present description also provides a computer-readable storage medium having instructions stored therein, which when executed on a computer or processor, cause the computer or processor to perform the steps of one or more of the embodiments shown in fig. 2-4 described above. The above-described constituent modules of the electronic apparatus may be stored in a computer-readable storage medium if implemented in the form of software functional units and sold or used as independent products.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions in accordance with embodiments of the present description are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted across a computer-readable storage medium. The computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line (Digital Subscriber Line, DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). Computer readable storage media can be any available media that can be accessed by a computer or data storage devices, such as servers, data centers, etc., that contain an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a digital versatile disk (DIGITAL VERSATILE DISC, DVD)), or a semiconductor medium (e.g., a Solid state disk (Solid STATE DISK, SSD)), or the like.
Those skilled in the art will appreciate that implementing all or part of the above-described embodiment methods may be accomplished by way of a computer program, which may be stored in a computer-readable storage medium, instructing relevant hardware, and which, when executed, may comprise the embodiment methods as described above. And the aforementioned storage medium includes: various media capable of storing program code, such as ROM, RAM, magnetic or optical disks. The technical features in the present examples and embodiments may be arbitrarily combined without conflict.
The above embodiments are merely illustrative of the preferred embodiments of the present invention and are not intended to limit the scope of the present invention, and various modifications and improvements made by those skilled in the art to the technical solution of the present invention should fall within the protection scope defined by the claims of the present invention without departing from the design spirit of the present invention.

Claims (10)

1. An internet of things gateway identity authentication method based on a alliance chain is applied to a gateway equipment end and comprises the following steps:
the method comprises the steps that a first identity authentication request is sent to an authentication platform end, and the authentication platform end is used for inquiring a alliance chain on an alliance chain network end according to the first identity authentication request, determining identity information and a public key of gateway equipment of the Internet of things and sending a first identity authentication response to the gateway equipment end;
And after the first identity authentication is determined to be successful based on the first identity authentication response, uploading the equipment data to the alliance chain by using the public key, wherein the alliance chain is used for determining the trust degree of the gateway equipment of the Internet of things according to the equipment data, and performing second identity authentication on the gateway equipment of the Internet of things based on the trust degree.
2. The method of claim 1, further comprising, prior to sending the first authentication request to the authentication platform,:
The equipment information is sent to the authentication platform end, and the authentication platform end is used for storing the equipment information on the alliance chain and generating a unique identifier of the gateway equipment of the Internet of things; the device information includes device identity information and a public key.
3. The method of claim 2, wherein the authentication platform end is configured to query, according to the first identity authentication request, a federation chain on a federation chain network end, a process for constructing a federation chain network, including:
Setting a distributed account book platform and a dependency library for realizing the function of the distributed account book, and establishing connection between the dependency library and a network of the distributed account book platform;
defining an organization participant participating in the gateway of the internet of things, wherein the organization participant comprises an identifier, a network verification parameter and an identity verification parameter;
Setting one or more nodes for the organization participants, and configuring network resources for the nodes, wherein the nodes are used for connecting to the alliance chain network and participating in consensus and data verification; the nodes comprise an endorsing node and a sequencing node, wherein the endorsing node is used for executing intelligent contracts and maintaining an account book, and the sequencing node is used for consensus and sequencing transactions;
setting a chain code, wherein the chain code is used for realizing an identity authentication flow of the gateway equipment of the Internet of things so as to ensure that only the gateway equipment of the Internet of things which is successfully authenticated by the first identity authentication can access and participate in the alliance chain network;
deploying the chain code to nodes of the alliance chain, and verifying that all nodes successfully access and execute the chain code;
Based on the identity authentication mechanism, identity management and access control configuration of the alliance chain, the authority and access control rules of the alliance chain network are set to verify that only authorized gateway devices and nodes of the internet of things can access and use the chain code.
4. The method of claim 1, the federation chain network construction process further comprising setting a public key infrastructure on the federation chain network;
the setting public key infrastructure on the alliance chain network comprises the following steps:
respectively defining roles and functions of a certificate issuing mechanism and a public key registration mechanism;
Setting a certificate issuing organization according to the roles and functions of the certificate issuing organization, wherein the root certificate organization is an organization for issuing and managing digital certificates in a alliance chain network;
And setting a public key registration mechanism according to the roles and functions of the public key registration mechanism, wherein the public key registration mechanism is a mechanism for verifying the identity of the gateway equipment of the Internet of things and submitting a certificate application to a certificate issuing mechanism.
5. The method of claim 1, wherein the determining the trust level of the gateway device of the internet of things according to the device data, and performing the second identity authentication on the gateway device of the internet of things based on the trust level, includes:
based on the chain code on the alliance chain, determining the data quality degree, the equipment stability and the equipment compliance corresponding to the gateway equipment of the Internet of things according to the equipment data;
determining the trust degree of the gateway equipment of the Internet of things according to the data quality degree, the equipment stability and the equipment compliance;
and when the trust degree of the gateway equipment of the Internet of things is lower than a preset trust degree threshold, judging that the second identity authentication of the gateway equipment of the Internet of things fails, and marking the gateway equipment of the Internet of things as an untrusted equipment.
6. The method of claim 5, after marking the internet of things gateway device as an untrusted device, comprising:
rejecting the untrusted device from the federated chain network by updating the chain code;
Adding the untrusted device into a blacklist, and managing the blacklist through the alliance chain.
7. An internet of things gateway identity authentication method based on a alliance chain is applied to an authentication platform end and comprises the following steps:
receiving a first identity authentication request sent by a gateway equipment end;
inquiring a alliance chain on an alliance chain network end according to the first identity authentication request, determining identity information and a public key of gateway equipment of the Internet of things, and sending a first identity authentication response to the gateway equipment end;
The gateway equipment end is used for uploading equipment data to the alliance chain by using the public key after the first identity authentication is determined to be successful based on the first identity authentication response;
the alliance chain is used for determining the trust degree of the gateway equipment of the Internet of things according to the equipment data and carrying out second identity authentication on the gateway equipment of the Internet of things based on the trust degree.
8. The method of claim 7, further comprising, prior to receiving the first authentication request sent by the gateway device of the internet of things:
Receiving equipment information sent by the gateway equipment end;
Storing the equipment information on the alliance chain and generating a unique identifier of the gateway equipment of the Internet of things; the device information includes device identity information and a public key.
9. An internet of things gateway identity authentication method based on a alliance chain is applied to an alliance chain network end and comprises the following steps:
Receiving equipment data sent by a gateway equipment end;
Determining the trust degree of the gateway equipment of the Internet of things according to the equipment data, and performing second identity authentication on the gateway equipment of the Internet of things based on the trust degree;
the gateway equipment end is used for sending a first identity authentication request to the authentication platform end, and when the first identity authentication is determined to be successful based on the first identity authentication response, the public key is used for uploading equipment data to a alliance chain on the alliance chain network end;
The authentication platform end is used for inquiring the alliance chain according to the first identity authentication request, determining the identity information and the public key of the gateway equipment of the Internet of things and sending a first identity authentication response to the gateway equipment end.
10. The gateway identity authentication system of the Internet of things based on the alliance chain comprises a gateway equipment end, an authentication platform end and an alliance chain network end, wherein the gateway equipment end comprises:
The first authentication module is used for sending a first identity authentication request to the authentication platform end, wherein the authentication platform end is used for inquiring a alliance chain on the alliance chain network end according to the first identity authentication request, determining identity information and a public key of gateway equipment of the Internet of things and sending a first identity authentication response to the gateway equipment end;
And the second authentication module is used for uploading the equipment data to the alliance chain by using the public key after the first authentication is successful based on the first authentication response, wherein the alliance chain is used for determining the trust degree of the internet of things gateway equipment according to the equipment data and carrying out second authentication on the internet of things gateway equipment based on the trust degree.
CN202311579350.3A 2023-11-24 2023-11-24 Internet of things gateway identity authentication method and system based on alliance chain Pending CN117978397A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311579350.3A CN117978397A (en) 2023-11-24 2023-11-24 Internet of things gateway identity authentication method and system based on alliance chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311579350.3A CN117978397A (en) 2023-11-24 2023-11-24 Internet of things gateway identity authentication method and system based on alliance chain

Publications (1)

Publication Number Publication Date
CN117978397A true CN117978397A (en) 2024-05-03

Family

ID=90862016

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311579350.3A Pending CN117978397A (en) 2023-11-24 2023-11-24 Internet of things gateway identity authentication method and system based on alliance chain

Country Status (1)

Country Link
CN (1) CN117978397A (en)

Similar Documents

Publication Publication Date Title
AU2021206913B2 (en) Systems and methods for distributed data sharing with asynchronous third-party attestation
CN110598394B (en) Authority verification method and device and storage medium
KR102002509B1 (en) Privite blockchain system including notarizing center and notarial method thereof
JP5961638B2 (en) System and method for application certification
CN108293045A (en) Single-sign-on Identity Management between local and remote system
CN110602050A (en) Authentication method and device for block chain access, storage medium and electronic device
CN108965469B (en) Dynamic management method, device, equipment and storage medium for members of block chain network
WO2019033116A1 (en) Systems and methods for rights control of network-connected or iot devices using information stored in a distributed ledger
CN111742531B (en) Profile information sharing
CN109299333B (en) Block chain network account book member management method, device, equipment and storage medium
CN111291394B (en) False information management method, false information management device and storage medium
CN110636057B (en) Application access method and device and computer readable storage medium
JP2024505692A (en) Data processing methods, devices and computer equipment based on blockchain networks
Garba et al. LightLedger: a novel blockchain-based domain certificate authentication and validation scheme
CN113256297A (en) Data processing method, device and equipment based on block chain and readable storage medium
CN112182522A (en) Access control method and device
García et al. Identity federation with VOMS in cloud infrastructures
Alizadeh et al. Comparative analysis of decentralized identity approaches
CN109388923B (en) Program execution method and device
KR102294569B1 (en) Block Chain Management System To Build Block Chain Network
CN108228280A (en) The configuration method and device of browser parameters, storage medium, electronic equipment
Durán et al. An architecture for easy onboarding and key life-cycle management in blockchain applications
JP2001202332A (en) Authentication program managing system
CN117978397A (en) Internet of things gateway identity authentication method and system based on alliance chain
CN111769956B (en) Service processing method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination