技术领域Technical field
本发明属于电力自动化领域,涉及一种基于区块链的电力物联网设备身份认证方法及系统。The invention belongs to the field of electric power automation and relates to a blockchain-based identity authentication method and system for electric power Internet of Things equipment.
背景技术Background technique
近年来,随着社会电力能源需求量不断增加,促使电力行业实现快速发展。其中,电力物联网是其以现代智能电网技术为支撑,结合现代先进信息、通信以及感知技术,实现智能电网信息流、电力流以及业务流的深度融合,从而为电力行业稳定运行提供重要技术支持。同时,电力物联网的广泛应用,也促进了智能电网运行的实时监控与感知,为电网运行的安全稳定提供重要保障。但是,电力物联网应用覆盖范围广泛,很大程度上提高了电力系统的复杂性,使其安全风险上升。随着现代网络应用模式及环境的变化,网络技术的快速发展,电力物联网设施的开放性,导致发电厂各环节运行面临着新的安全隐患。潜在的安全威胁可能以物联网终端为跳板,绕开基于边界安全的防护体系,侵入生产控制区进行攻击破坏。在此背景之下,应加强对电力物联网面临的风险分析,采取有效安全措施构建电力物联网的安全架构,从而避免电力物联网遭受安全威胁,提高电网运行安全性,维护电力企业经济利益。In recent years, with the increasing social demand for electric energy, the electric power industry has achieved rapid development. Among them, the power Internet of Things is supported by modern smart grid technology and combined with modern advanced information, communication and sensing technologies to achieve deep integration of smart grid information flow, power flow and business flow, thereby providing important technical support for the stable operation of the power industry. . At the same time, the widespread application of the power Internet of Things also promotes real-time monitoring and perception of smart grid operations, providing an important guarantee for the safety and stability of power grid operations. However, the wide coverage of power Internet of Things applications has greatly increased the complexity of the power system and increased its security risks. With changes in modern network application models and environments, the rapid development of network technology, and the openness of power Internet of Things facilities, all aspects of the operation of power plants are facing new security risks. Potential security threats may use IoT terminals as a springboard to bypass the perimeter security-based protection system and invade the production control area to carry out attacks and damage. Against this background, we should strengthen the risk analysis of the power Internet of Things and take effective security measures to build the security architecture of the power Internet of Things, so as to avoid security threats to the power Internet of Things, improve the safety of power grid operations, and safeguard the economic interests of power companies.
电力物联网终端位于“云管边端”体系的最底层,是连接物理世界与数字世界的关键节点,采用多种类型的传感设备在各种异构的网络环境中实现状态感知,安全条件复杂。电力物联网终端面临着接入安全的挑战,终端计算资源有限,难以对与其通信的设备进行有效身份认证,攻击者可冒充合法终端进行信息侧和物理侧交替协同攻击。电力物联网设备数量未来将会飞速增长,应用规模更庞大,安全性要求也更高,所以迫切需要实现电力物联网设备的身份认证及可信接入。The power Internet of Things terminal is located at the bottom of the "cloud, pipe and edge" system and is a key node connecting the physical world and the digital world. It uses various types of sensing devices to achieve status awareness and security conditions in various heterogeneous network environments. complex. Power Internet of Things terminals face access security challenges. Terminal computing resources are limited and it is difficult to effectively authenticate the devices communicating with them. Attackers can impersonate legitimate terminals to conduct coordinated attacks on the information side and the physical side alternately. The number of power IoT devices will grow rapidly in the future, the scale of applications will be larger, and security requirements will be higher. Therefore, there is an urgent need to implement identity authentication and trusted access for power IoT devices.
目前,电力系统多采用的基于PKI(公钥基础设施)的终端安防技术,随着物联网规模的不断扩大,这种身份认证协议采用的中心化网络结构的弊端也渐渐突显出来。由于网络规模的不断增大,中心服务器的负担也随之急剧增大,这不仅会导致中心服务器的响应变得缓慢,甚至可能导致其出错崩溃,使得整个网络陷入瘫痪。此外,中心服务器附近的网络也难以支撑如此大量的数据传输,尤其是当系统使用互联网而非专线进行传输时,此问题会变得更为严重,因此,中心服务器成为制约物联网技术的瓶颈。同时,这种电力物联网身份认证机制面临伪造攻击、重放攻击和Dos/DDoS攻击等安全风险。在可信实体与数字身份绑定的过程中,证书颁发机构由于责任过大而被赋予了不利的角色。这种基于可信证书颁发机构的固有中心化:一方面,作为第三方的认证中心由于操作记录难以做到公开透明,其可信度无法得到保障。另一方面,若认证中心出现单点故障或秘钥泄露问题,将导致设备身份信息丢失甚至被篡改,甚至整个信任体系崩溃。At present, power systems mostly use terminal security technology based on PKI (Public Key Infrastructure). As the scale of the Internet of Things continues to expand, the disadvantages of the centralized network structure used in this identity authentication protocol have gradually become apparent. As the scale of the network continues to increase, the burden on the central server also increases dramatically. This will not only cause the central server to respond slowly, but may even cause it to error and crash, paralyzing the entire network. In addition, the network near the central server cannot support such a large amount of data transmission, especially when the system uses the Internet instead of dedicated lines for transmission, this problem will become more serious. Therefore, the central server has become a bottleneck restricting IoT technology. At the same time, this power IoT identity authentication mechanism faces security risks such as forgery attacks, replay attacks, and Dos/DDoS attacks. In the process of binding trusted entities to digital identities, certificate authorities are given an unfavorable role due to their excessive responsibilities. This inherent centralization based on a trusted certificate authority: on the one hand, as a third-party certification center, its credibility cannot be guaranteed because its operation records are difficult to be open and transparent. On the other hand, if a single point of failure or secret key leak occurs in the certification center, the device identity information will be lost or even tampered with, or even the entire trust system will collapse.
发明内容Contents of the invention
本发明的目的在于克服上述现有技术的缺点,提供一种基于区块链的电力物联网设备身份认证方法及系统。The purpose of the present invention is to overcome the shortcomings of the above-mentioned existing technologies and provide a blockchain-based identity authentication method and system for power Internet of Things equipment.
为达到上述目的,本发明采用以下技术方案予以实现:In order to achieve the above objectives, the present invention adopts the following technical solutions to achieve:
本发明第一方面,一种基于区块链的电力物联网设备身份认证方法,包括以下步骤:The first aspect of the present invention, a blockchain-based identity authentication method for power Internet of Things equipment, includes the following steps:
电力物联网设备生成认证请求信息,发送至区块链网络;其中,认证请求信息包括电力物联网设备的设备参数信息和数字证书;The power Internet of Things device generates authentication request information and sends it to the blockchain network; the authentication request information includes the device parameter information and digital certificate of the power Internet of Things device;
区块链网络查询内部的区块链中是否包含目标区块;其中,目标区块为包含电力物联网设备的设备参数信息和数字证书的区块;The blockchain network queries whether the internal blockchain contains the target block; where the target block is the block containing the device parameter information and digital certificate of the power Internet of Things device;
当区块链中包含目标区块时,区块链网络发送可靠性证明消息至电力物联网设备,完成电力物联网设备的身份认证。When the target block is included in the blockchain, the blockchain network sends a reliability certificate message to the power IoT device to complete the identity authentication of the power IoT device.
可选的,还包括:获取电力物联网设备的数字证书,所述获取电力物联网设备的数字证书包括:Optionally, it also includes: obtaining the digital certificate of the power Internet of Things device. The obtaining the digital certificate of the power Internet of Things device includes:
电力物联网设备生成证书注册请求发送至执行代理服务器;其中,证书注册请求包括电力物联网设备的设备参数信息;The power Internet of Things device generates a certificate registration request and sends it to the execution proxy server; where the certificate registration request includes device parameter information of the power Internet of Things device;
执行代理服务器根据电力物联网设备的证书注册请求生成电力物联网设备的证书颁布命令并发送至证书授权服务器;The execution proxy server generates a certificate issuance command for the power Internet of Things device based on the certificate registration request of the power Internet of Things device and sends it to the certificate authorization server;
证书授权服务器根据电力物联网设备的证书颁布命令,生成电力物联网设备的数字证书并发送至执行代理服务器;The certificate authorization server issues a command based on the certificate of the power Internet of Things device, generates a digital certificate of the power Internet of Things device and sends it to the execution proxy server;
执行代理服务器将电力物联网设备的数字证书发送至电力物联网设备,并将电力物联网设备的数字证书和设备参数信息发送至区块链网络;Execute the proxy server to send the digital certificate of the power IoT device to the power IoT device, and send the digital certificate and device parameter information of the power IoT device to the blockchain network;
区块链网络将电力物联网设备的数字证书和设备参数信息,以区块的形式写入区块链。The blockchain network writes the digital certificates and device parameter information of the power Internet of Things equipment into the blockchain in the form of blocks.
可选的,所述电力物联网设备生成证书注册请求发送至执行代理服务器时,将证书注册请求采用执行代理服务器的公钥加密后发送至执行代理服务器;Optionally, when the power Internet of Things device generates a certificate registration request and sends it to the execution proxy server, the certificate registration request is encrypted using the public key of the execution proxy server and then sent to the execution proxy server;
所述执行代理服务器将电力物联网设备的数字证书发送至电力物联网设备时,将电力物联网设备的数字证书采用电力物联网设备的公钥加密后发送至电力物联网设备;When the execution proxy server sends the digital certificate of the electric power Internet of Things device to the electric power Internet of Things device, it encrypts the digital certificate of the electric power Internet of Things device using the public key of the electric power Internet of Things device and sends it to the electric power Internet of Things device;
所述电力物联网设备生成认证请求信息,发送至区块链网络时,将认证请求信息采用电力物联网设备的私钥加密后发送至区块链网络。When the power Internet of Things device generates authentication request information and sends it to the blockchain network, the authentication request information is encrypted using the private key of the power Internet of Things device and then sent to the blockchain network.
可选的,所述电力物联网设备通过随机生成256bit的比特串作为私钥,并根据所述私钥利用椭圆曲线密钥生成算法得到公钥。Optionally, the power Internet of Things device randomly generates a 256-bit bit string as a private key, and uses an elliptic curve key generation algorithm to obtain a public key based on the private key.
可选的,还包括:证书授权服务器以默克尔帕特里树的结构形式存储电力物联网设备的数字证书。Optionally, it also includes: the certificate authority server stores the digital certificate of the power Internet of Things device in the form of a Merkle Patri tree structure.
可选的,所述区块链网络将电力物联网设备的数字证书和设备参数信息,以区块的形式写入区块链时,在区块中添加当前时刻的时间戳。Optionally, when the blockchain network writes the digital certificate and device parameter information of the power Internet of Things device into the blockchain in the form of a block, it adds a timestamp of the current moment in the block.
可选的,还包括:Optional, also includes:
电力物联网设备生成证书更新请求发送至执行代理服务器;The power IoT device generates a certificate update request and sends it to the execution proxy server;
执行代理服务器根据电力物联网设备的证书更新请求生成电力物联网设备的证书更新命令并发送至证书授权服务器;The execution proxy server generates a certificate update command for the power Internet of Things device based on the certificate update request of the power Internet of Things device and sends it to the certificate authority server;
证书授权服务器根据电力物联网设备的证书更新命令,生成电力物联网设备的更新数字证书并发送至执行代理服务器;The certificate authorization server generates an updated digital certificate for the power Internet of Things device according to the certificate update command of the power Internet of Things device and sends it to the execution proxy server;
执行代理服务器将电力物联网设备的更新数字证书发送至电力物联网设备和区块链网络;Execute the proxy server to send the updated digital certificate of the power IoT device to the power IoT device and the blockchain network;
区块链网络查询内部的区块链中是否存在当前电力物联网设备的数字证书,以及当前电力物联网设备的更新数字证书是否为最新签发,当区块链中存在当前电力物联网设备的数字证书且当前电力物联网设备的更新数字证书为最新签发时,撤销电力物联网设备的数字证书,并将当前电力物联网设备的更新数字证书以区块的形式写入区块链。The blockchain network queries whether the digital certificate of the current power IoT device exists in the internal blockchain, and whether the updated digital certificate of the current power IoT device is the latest issued. When the digital certificate of the current power IoT device exists in the blockchain When the certificate is issued and the updated digital certificate of the current power Internet of Things equipment is the latest issued, the digital certificate of the current power Internet of Things equipment is revoked, and the updated digital certificate of the current power Internet of Things equipment is written into the blockchain in the form of a block.
可选的,还包括:Optional, also includes:
电力物联网设备生成证书撤销请求发送至执行代理服务器;其中,证书撤销请求包括待撤销数字证书;The power Internet of Things device generates a certificate revocation request and sends it to the execution proxy server; where the certificate revocation request includes the digital certificate to be revoked;
执行代理服务器根据电力物联网设备的证书撤销请求生成电力物联网设备的证书撤销命令并发送至证书授权服务器;The execution proxy server generates a certificate revocation command for the power Internet of Things device based on the certificate revocation request of the power Internet of Things device and sends it to the certificate authority server;
执行代理服务器将待撤销数字证书发送至区块链网络,区块链网络查询内部的区块链中是否存在待撤销数字证书,当区块链中存在待撤销数字证书时,撤销待撤销数字证书。The execution proxy server sends the digital certificate to be revoked to the blockchain network. The blockchain network queries the internal blockchain to see if there is a digital certificate to be revoked. When there is a digital certificate to be revoked in the blockchain, the digital certificate to be revoked is revoked. .
可选的,还包括:Optional, also includes:
执行代理服务器将电力物联网设备的数字证书与真实身份之间的可链接性加密后,发送至区块链网络并以区块的形式写入区块链。The execution proxy server encrypts the linkability between the digital certificate of the power IoT device and the real identity, then sends it to the blockchain network and writes it into the blockchain in the form of a block.
本发明第二方面,一种基于区块链的电力物联网设备身份认证系统,包括区块链网络、执行代理服务器以及证书授权服务器;区块链网络以及证书授权服务器均与执行代理服务器连接;The second aspect of the present invention is a blockchain-based power Internet of Things device identity authentication system, including a blockchain network, an execution proxy server, and a certificate authorization server; the blockchain network and the certificate authorization server are both connected to the execution proxy server;
执行代理服务器用于接收电力物联网设备的证书注册请求生成电力物联网设备的证书颁布命令并发送至证书授权服务器;以及接收证书授权服务器发送的电力物联网设备的数字证书,并将电力物联网设备的数字证书发送至电力物联网设备,并将电力物联网设备的数字证书和设备参数信息发送至区块链网络;Execute the proxy server to receive the certificate registration request of the power Internet of Things device, generate a certificate issuance command for the power Internet of Things device, and send it to the certificate authority server; and receive the digital certificate of the power Internet of Things device sent by the certificate authority server, and send the power Internet of Things device digital certificate to the power Internet of Things device. The digital certificate of the device is sent to the power Internet of Things device, and the digital certificate and device parameter information of the power Internet of Things device are sent to the blockchain network;
证书授权服务器用于根据电力物联网设备的证书颁布命令,生成电力物联网设备的数字证书;The certificate authorization server is used to issue commands based on the certificate of the power Internet of Things device and generate a digital certificate for the power Internet of Things device;
区块链网络用于接收电力物联网设备发送的认证请求信息,其中,认证请求信息包括电力物联网设备的设备参数信息和数字证书;以及查询内部的区块链中是否包含目标区块;其中,目标区块为包含电力物联网设备的设备参数信息和数字证书的区块;并当区块链中包含目标区块时,发送可靠性证明消息至电力物联网设备,完成电力物联网设备的身份认证。The blockchain network is used to receive the authentication request information sent by the power Internet of Things equipment, where the authentication request information includes the device parameter information and digital certificate of the power Internet of Things equipment; and to query whether the internal blockchain contains the target block; where , the target block is a block containing the device parameter information and digital certificate of the power Internet of Things device; and when the target block is included in the blockchain, a reliability certification message is sent to the power Internet of Things device to complete the verification of the power Internet of Things device. Authentication.
与现有技术相比,本发明具有以下有益效果:Compared with the prior art, the present invention has the following beneficial effects:
本发明基于区块链的电力物联网设备身份认证方法,通过电力物联网设备生成认证请求信息,发送至区块链网络,然后区块链网络查询内部的区块链中是否包含目标区块;当区块链中包含目标区块时,区块链网络发送可靠性证明消息至电力物联网设备,完成电力物联网设备的身份认证。基于区块链技术的安全性、不可逆、不可篡改性和透明性等特性,利用区块链自身的高度去中心化特点,将数字证书等信息存入区块数据结构中,有效地提升了传统公钥基础设施体系的透明度,加强身份认证的可信度,可以抵御多种恶意攻击,实现了高度安全的分布式电力物联网设备身份认证,有效解决电力物联网目前常用的基于公钥基础设施的身份认证过程中存在的兼容性低、抗攻击能力弱以及中心化网络负担重等问题。The invention's blockchain-based power Internet of Things device identity authentication method generates authentication request information through the power Internet of Things device and sends it to the blockchain network, and then the blockchain network queries whether the internal blockchain contains the target block; When the target block is included in the blockchain, the blockchain network sends a reliability certificate message to the power IoT device to complete the identity authentication of the power IoT device. Based on the security, irreversibility, non-tamperability and transparency of blockchain technology, and utilizing the highly decentralized characteristics of the blockchain itself, digital certificates and other information are stored in the block data structure, effectively improving the traditional The transparency of the public key infrastructure system strengthens the credibility of identity authentication, can resist a variety of malicious attacks, and achieves highly secure distributed power IoT device identity authentication, effectively solving the common public key infrastructure-based problems in the power Internet of Things. In the identity authentication process, there are problems such as low compatibility, weak anti-attack capabilities, and heavy burden on the centralized network.
附图说明Description of the drawings
图1为本发明的基于区块链的电力物联网设备身份认证方法流程图;Figure 1 is a flow chart of the blockchain-based power Internet of Things equipment identity authentication method of the present invention;
图2为本发明的数字证书申请过程流程图;Figure 2 is a flow chart of the digital certificate application process of the present invention;
图3为本发明的数字证书更新过程流程图;Figure 3 is a flow chart of the digital certificate update process of the present invention;
图4为本发明的数字证书撤销过程流程图;Figure 4 is a flow chart of the digital certificate revocation process of the present invention;
图5为本发明的基于区块链的电力物联网设备身份认证系统结构框图。Figure 5 is a structural block diagram of the power Internet of Things equipment identity authentication system based on blockchain of the present invention.
具体实施方式Detailed ways
为了使本技术领域的人员更好地理解本发明方案,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分的实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。In order to enable those skilled in the art to better understand the solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only These are some embodiments of the present invention, rather than all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts should fall within the scope of protection of the present invention.
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本发明的实施例能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be noted that the terms "first", "second", etc. in the description and claims of the present invention and the above-mentioned drawings are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances so that the embodiments of the invention described herein are capable of being practiced in sequences other than those illustrated or described herein. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions, e.g., a process, method, system, product, or apparatus that encompasses a series of steps or units and need not be limited to those explicitly listed. Those steps or elements may instead include other steps or elements not expressly listed or inherent to the process, method, product or apparatus.
首先,对本发明中涉及的相关技术术语进行介绍:First, the relevant technical terms involved in the present invention are introduced:
电力物联网:电力物联网终端种类多样,按业务场景可分为配电系统的配变终端、FTU/DTU、一二次融合终端,用电系统的计量表计终端,以及用户表后智能家居终端。按资产归属和攻击破坏后果,主要可分为属于电网资产的配用电终端和属于用户资产的用户智能家居终端。上述物联网终端遭攻击破坏的后果存在明显差异,其中对配用电终端的攻击破坏轻则影响直接关联用户供电、重则侵入生产控制区进而造成大量用户停电,而对智能家居终端的攻击破坏主要涉及用户隐私信息泄露。电力物联网的一个重要特征是电力通信网的泛在化,大量的公共网络协议在电力通信网中进行部署,提高电网监管水平的同时,也为大多数互联网攻击手段提供了适用平台。结合电力物联网架构,分析了电力物联网面临的身份认证风险。伴随电力物联网开放互联的演进,电力物联网存在海量的网络连接,尤其是在移动、泛在、混合、广域互联环境下,电力物联网中部署了传感装置、移动终端、视频监控、智能电表、充电桩、办公计算机等大量的内外网数据采集、控制及管理设备,如何进行身份识别,实现业务系统对海量电力设备的精准定位,是防止身份识别错识破以及恶意仿冒接入必须要面对的一个问题。Power Internet of Things: There are various types of power Internet of Things terminals. According to business scenarios, they can be divided into distribution transformer terminals, FTU/DTU, primary and secondary integration terminals of power distribution systems, meter terminals of power consumption systems, and smart homes behind user meters. terminal. According to asset ownership and attack damage consequences, it can be mainly divided into power distribution and consumption terminals belonging to power grid assets and user smart home terminals belonging to user assets. There are obvious differences in the consequences of the above-mentioned Internet of Things terminals being attacked and damaged. Among them, attacks and damage to power distribution and consumption terminals range from directly affecting the power supply of users to invading production control areas and causing power outages for a large number of users. Attacks and damage to smart home terminals Mainly involves the leakage of user privacy information. An important feature of the power Internet of Things is the ubiquity of power communication networks. A large number of public network protocols are deployed in power communication networks, which not only improves the level of power grid supervision, but also provides a suitable platform for most Internet attack methods. Combined with the power Internet of Things architecture, the identity authentication risks faced by the Power Internet of Things are analyzed. With the evolution of the open interconnection of the power Internet of Things, there are massive network connections in the power Internet of Things, especially in mobile, ubiquitous, hybrid, and wide-area Internet environments. Sensing devices, mobile terminals, video surveillance, For a large number of internal and external network data collection, control and management equipment such as smart meters, charging piles, and office computers, how to identify and achieve accurate positioning of massive power equipment by business systems is a must to prevent mistaken identification and malicious counterfeit access. A problem faced.
区块链网络:区块链网络主要由点对点组网、账本结构、共识机制三部分组成。分布式总账在全网公开,采用去中心化方式管理,全网用户节点通过共识机制达成一致,网络由全体用户共同控制,只有大部分用户一致认可做出某个改变才可生效。每个节点在本地存储了一本分布式总账的副本,记录了点对点网络里所有合法且被共识的交易,任何节点可以通过本地账本找到某个用户的交易信息。Blockchain network: Blockchain network mainly consists of three parts: point-to-point networking, ledger structure, and consensus mechanism. The distributed ledger is open to the entire network and managed in a decentralized manner. User nodes in the entire network reach an agreement through a consensus mechanism. The network is jointly controlled by all users. Only a change that is unanimously approved by a majority of users can take effect. Each node stores a copy of the distributed ledger locally, recording all legal and consensus transactions in the peer-to-peer network. Any node can find a user's transaction information through the local ledger.
身份认证:目前,物联网身份认证的常用方案主要有以下3种:1)在基于公钥基础设施(PKI,publickeyinfrastructure)身份认证方案中,证书授权中心为每个设备分配数字证书,该证书中包含设备的公钥和证书授权中心的数字签名。设备方利用自身私钥生成消息签名,公钥被接收方用于验证签名,此方案在验证过程中不会泄露设备真实身份。2)在基于身份的签名(IBS,identity-basedsignature)方案中,通过设置私钥生成器(PKG,privatekeygenerator)实现设备私钥的分发,通过这种方式可以解决设备公钥传送问题。另外可以利用双线性映射实现强指定验证签名,即使在传输过程中消息被泄露,仍可以实现安全、唯一的身份验证。3)在基于无证书签名(CLS,thecertificatelesssignature)的认证方案中,密钥生成中心(KGC,thekeygenerationcenter)根据物联网设备身份标识号(ID,identitydocument)为其生成对应的部分私钥,设备使用秘密值和部分私钥生成实际的私钥。Identity authentication: Currently, there are three common schemes for identity authentication in the Internet of Things: 1) In the identity authentication scheme based on public key infrastructure (PKI, publickeyinfrastructure), the certificate authority assigns a digital certificate to each device. Contains the device's public key and the digital signature of the certificate authority. The device uses its own private key to generate a message signature, and the public key is used by the recipient to verify the signature. This solution will not reveal the true identity of the device during the verification process. 2) In the identity-based signature (IBS, identity-based signature) scheme, the distribution of the device private key is achieved by setting up a private key generator (PKG, private key generator). In this way, the problem of device public key transmission can be solved. In addition, bilinear mapping can be used to implement strong specified verification signatures. Even if the message is leaked during transmission, secure and unique identity verification can still be achieved. 3) In the authentication scheme based on certificateless signature (CLS, thecertificatelesssignature), the key generation center (KGC, thekeygenerationcenter) generates the corresponding partial private key based on the identity document (ID, identitydocument) of the IoT device, and the device uses the secret value and partial private key to generate the actual private key.
公钥基础设施(Public Key Infrastructure,PKI):PKI体系下的加密认证过程由证书授权机构(Certification Authority,CA)绑定证书持有者的身份和相关的密钥并签发数字证书,并为用户提供证书申请、证书作废、证书获取、证书状态查询等服务,实现通信中各实体的身份认证、完整性、抗抵赖性和保密性。公钥基础设施是一种身份证明和隐私保护的技术,通过可信机构颁发数字证书的方式来绑定身份和公钥。使用私钥签名可以证明用户身份,使用公钥加密可以保护数据隐私。公钥基础设施向公钥及相关的用户身份信息签发数字证书,为用户提供方便的证书申请、证书颁发、证书撤销、证书状态查询的途径,并利用数字证书及证书颁发、黑名单颁发、时间戳服务等相关服务,实现通信中各实体的身份认证、完整性、抗抵赖性和保密性。公钥基础设施主要包括数字证书与私钥、数字证书管理以及数字证书应用三部分内容。Public Key Infrastructure (PKI): The encryption authentication process under the PKI system consists of the Certificate Authority (Certification Authority, CA) binding the identity of the certificate holder and related keys and issuing digital certificates, and issuing digital certificates to users. Provides certificate application, certificate invalidation, certificate acquisition, certificate status query and other services to achieve identity authentication, integrity, non-repudiation and confidentiality of each entity in communication. Public key infrastructure is an identity certification and privacy protection technology that binds identities and public keys through digital certificates issued by trusted institutions. Using private key signatures can prove user identity, and using public key encryption can protect data privacy. The public key infrastructure issues digital certificates to public keys and related user identity information, provides users with convenient ways to apply for certificates, certificate issuance, certificate revocation, and certificate status inquiries, and utilizes digital certificates and certificate issuance, blacklist issuance, and time stamp service and other related services to achieve identity authentication, integrity, non-repudiation and confidentiality of each entity in communication. Public key infrastructure mainly includes three parts: digital certificates and private keys, digital certificate management, and digital certificate applications.
其中,数字证书与私钥:用户或系统只有拥有自己的公私钥对后,才能实现数字签名和加解密功能。由于公钥是随机产生的,无法由公钥确定用户身份。所以,为解决公钥与用户身份的映射问题,公钥基础设施引入了数字证书,用于建立公钥与用户之间的对应关系。由于数字证书具有认证中心的数字签名,因此数字证书具有防伪性。由于数字证书不包含秘密信息,因此数字证书具有公开性。数字证书管理:为解决数字证书的签发问题,公钥基础设施引入了认证中心,由认证中心对数字证书进行集中签发。认证中心拥有自己的公私钥对,认证中心使用自己的私钥对用户签发数字证书。数字证书应用:基于数字证书,可以实现身份认证、保密性、完整性和抗抵赖性等四种基本的安全功能。通过证书接口模块或组件,应用系统可以很方便地使用数字证书技术,从而提高应用系统的身份认证强度、保证应用系统中各种敏感数据的保密性、保证应用系统中各种敏感数据和交易记录的完整性、用户各种操作或交易的不可否认性。Among them, digital certificates and private keys: Only when a user or system has its own public and private key pair can it achieve digital signature and encryption and decryption functions. Since the public key is randomly generated, the user's identity cannot be determined from the public key. Therefore, in order to solve the mapping problem between public keys and user identities, the public key infrastructure introduces digital certificates to establish the corresponding relationship between public keys and users. Because the digital certificate has the digital signature of the certification center, the digital certificate is anti-counterfeiting. Because digital certificates do not contain secret information, digital certificates are public. Digital certificate management: In order to solve the issue of digital certificates, the public key infrastructure introduces a certification center, which centrally issues digital certificates. The certification center has its own public and private key pair, and the certification center uses its own private key to issue digital certificates to users. Digital certificate application: Based on digital certificates, four basic security functions such as identity authentication, confidentiality, integrity and non-repudiation can be realized. Through the certificate interface module or component, the application system can easily use digital certificate technology, thereby improving the identity authentication strength of the application system, ensuring the confidentiality of various sensitive data in the application system, and ensuring various sensitive data and transaction records in the application system. The integrity and non-repudiation of various user operations or transactions.
下面结合附图对本发明做进一步详细描述:The present invention will be described in further detail below in conjunction with the accompanying drawings:
参见图1,本发明一实施例中,提供一种基于区块链的电力物联网设备身份认证方法,在区块链的基础上,结合公钥基础设施技术,对传统的公钥基础设施技术进行改进,利用区块链的安全性、不可逆、不可篡改性和透明性等优势,有效的提升公钥基础设施体系的透明度,加强身份认证的可信度。Referring to Figure 1, in one embodiment of the present invention, a blockchain-based power Internet of Things device identity authentication method is provided. On the basis of the blockchain, combined with public key infrastructure technology, traditional public key infrastructure technology is Make improvements and take advantage of the security, irreversibility, non-tamperability and transparency of the blockchain to effectively enhance the transparency of the public key infrastructure system and strengthen the credibility of identity authentication.
具体的,该基于区块链的电力物联网设备身份认证方法包括以下步骤:Specifically, the blockchain-based power Internet of Things device identity authentication method includes the following steps:
S1:电力物联网设备生成认证请求信息,发送至区块链网络;其中,认证请求信息包括电力物联网设备的设备参数信息和数字证书。S1: The power IoT device generates authentication request information and sends it to the blockchain network; the authentication request information includes the device parameter information and digital certificate of the power IoT device.
具体的,电力物联网设备预先在本地生成一对非对称密钥,可选的,通过随机生成256bit的比特串作为私钥,并根据所述私钥利用椭圆曲线密钥生成算法得到公钥。然后,在将认证请求信息发送至区块链网络时,将认证请求信息通过私钥加密后再发送至区块链网络。其中,认证请求信息还可以包括证书主题、电力物联网设备公钥以及电力物联网设备公钥的有效期等信息。Specifically, the power Internet of Things device generates a pair of asymmetric keys locally in advance. Optionally, a 256-bit bit string is randomly generated as a private key, and the public key is obtained using the elliptic curve key generation algorithm based on the private key. Then, when the authentication request information is sent to the blockchain network, the authentication request information is encrypted with the private key and then sent to the blockchain network. Among them, the certification request information may also include information such as the certificate subject, the public key of the power Internet of Things device, and the validity period of the public key of the power Internet of Things device.
S2:区块链网络查询内部的区块链中是否包含目标区块;其中,目标区块为包含电力物联网设备的设备参数信息和数字证书的区块。S2: The blockchain network queries whether the internal blockchain contains the target block; where the target block is the block containing the device parameter information and digital certificate of the power Internet of Things device.
通过将数字证书的存储与查询、生命周期管理、证书签发中心密钥丢失管理以及撤销列表管理等逻辑加以实现,形成一份完整的智能合约。区块链网络负责系统内所有交易的存储,每一次对智能合约的成功调用,都要经过各个节点背书(签名)、共识和记账三个流程。By implementing the logic of digital certificate storage and query, life cycle management, certificate issuance center key loss management, and revocation list management, a complete smart contract is formed. The blockchain network is responsible for the storage of all transactions in the system. Every successful call to a smart contract must go through the three processes of endorsement (signature), consensus and accounting by each node.
具体的,区块链网络在收到认证请求信息后,通过调用智能合约查询内部的区块链中是否包含目标区块,进而实现电力物联网设备的身份认证。Specifically, after receiving the authentication request information, the blockchain network calls the smart contract to query whether the internal blockchain contains the target block, thereby realizing the identity authentication of the power Internet of Things equipment.
S3:当区块链中包含目标区块时,区块链网络发送可靠性证明消息至电力物联网设备,完成电力物联网设备的身份认证。S3: When the blockchain contains the target block, the blockchain network sends a reliability certificate message to the power IoT device to complete the identity authentication of the power IoT device.
具体的,当区块链中包含目标区块时,即表明当前的电力物联网设备通过了身份认证,区块链网络生成可靠性证明消息,即在区块链查询到的目标区块的内容至电力物联网设备,完成电力物联网设备的身份认证。继而,电力物联网设备可以根据区块链网络发送的可靠性证明消息进行双方验证。Specifically, when the blockchain contains the target block, it means that the current power Internet of Things device has passed the identity authentication, and the blockchain network generates a reliability certificate message, that is, the content of the target block queried in the blockchain to the power Internet of Things device to complete the identity authentication of the power Internet of Things device. In turn, power IoT devices can perform mutual verification based on the reliability proof message sent by the blockchain network.
综上,该基于区块链的电力物联网设备身份认证方法,基于区块链技术具有的不可篡改性,这保证了只要身份信息的录入是正确的,这部分信息就会在网络中永久保存,即使单个节点被攻陷,整个网络仍然可以正确识别身份信息。其次,区块链保存了所有的历史记录,这便允许追踪终端出错信息,设置出错终端识别策略。此外,区块链技术也可以抵抗基于TCP/IP协议的攻击,对IP伪造、IP欺骗等攻击具有很好的防护作用。因此,区块链技术可以很好地加强身份认证协议。通过区块链技术,能够有效地完成网络中数字证书的颁发、更新、撤销等管理功能,减少传统认证技术中对单一认证中心的强依赖性,增强网络中各组件运行过程中的保密性和透明度,保证系统中信任关系的可靠性,提高身份认证的安全性。In summary, this blockchain-based power Internet of Things device identity authentication method is based on the non-tamperability of blockchain technology, which ensures that as long as the identity information is entered correctly, this part of the information will be permanently stored in the network. , even if a single node is compromised, the entire network can still correctly identify identity information. Secondly, the blockchain saves all historical records, which allows tracking terminal error information and setting error terminal identification strategies. In addition, blockchain technology can also resist attacks based on the TCP/IP protocol, and has a good protective effect against attacks such as IP forgery and IP spoofing. Therefore, blockchain technology can well strengthen identity authentication protocols. Through blockchain technology, management functions such as the issuance, update, and revocation of digital certificates in the network can be effectively completed, reducing the strong dependence on a single certification center in traditional authentication technology, and enhancing the confidentiality and security during the operation of each component in the network. Transparency ensures the reliability of trust relationships in the system and improves the security of identity authentication.
在一种可能的实施方式中,所述基于区块链的电力物联网设备身份认证方法,还包括:获取电力物联网设备的数字证书,所述获取电力物联网设备的数字证书包括:电力物联网设备生成证书注册请求发送至执行代理服务器;其中,证书注册请求包括电力物联网设备的设备参数信息;执行代理服务器根据电力物联网设备的证书注册请求生成电力物联网设备的证书颁布命令并发送至证书授权服务器;证书授权服务器根据电力物联网设备的证书颁布命令,生成电力物联网设备的数字证书并发送至执行代理服务器;执行代理服务器将电力物联网设备的数字证书发送至电力物联网设备,并将电力物联网设备的数字证书和设备参数信息发送至区块链网络;区块链网络将电力物联网设备的数字证书和设备参数信息,以区块的形式写入区块链。In a possible implementation, the blockchain-based power Internet of Things device identity authentication method also includes: obtaining a digital certificate of the power Internet of Things device, and obtaining the digital certificate of the power Internet of Things device includes: The networking device generates a certificate registration request and sends it to the execution proxy server; where the certificate registration request includes device parameter information of the power Internet of Things device; the execution proxy server generates a certificate issuance command for the power Internet of Things device based on the certificate registration request of the power Internet of Things device and sends it to the certificate authorization server; the certificate authorization server issues a command based on the certificate of the power Internet of Things device, generates a digital certificate for the power Internet of Things device, and sends it to the execution proxy server; the execution proxy server sends the digital certificate of the power Internet of Things device to the power Internet of Things device. , and sends the digital certificate and equipment parameter information of the power Internet of Things equipment to the blockchain network; the blockchain network writes the digital certificate and equipment parameter information of the power Internet of Things equipment into the blockchain in the form of blocks.
具体的,证书的颁发过程是身份认证中的一个环节,在基于区块链的身份认证中,同样需要经过用户申请、生成证书及发送给用户等关键过程,但所颁发的证书与颁发证书的操作记录,均会通过调用智能合约,被写入区块链中以达到操作公开透明且不可篡改。参见图2,电力物联网设备的数字证书的申请过程如下:Specifically, the certificate issuance process is a link in identity authentication. In blockchain-based identity authentication, it also needs to go through key processes such as user application, certificate generation and sending to the user. However, the issued certificate is different from the one that issued the certificate. Operation records will be written into the blockchain by calling smart contracts to ensure that operations are open, transparent and cannot be tampered with. Referring to Figure 2, the application process for digital certificates for power Internet of Things devices is as follows:
1)申请证书的电力物联网设备选定唯一性的数字证书主体信息,再在本地生成一对非对称密钥。1) The power Internet of Things device applying for a certificate selects the unique digital certificate subject information, and then generates a pair of asymmetric keys locally.
2)电力物联网设备生成证书注册请求信息,其中,包括证书主题、设备公钥以及设备公钥的有效期等信息,向EA(执行代理服务器)提交证书申请请求信息,申请数字证书。2) The power Internet of Things device generates certificate registration request information, which includes certificate subject, device public key, and validity period of the device public key. It submits the certificate application request information to the EA (Execution Agent Server) to apply for a digital certificate.
3)EA收到电力物联网设备的证书注册请求后,对电力物联网设备提交的身份信息进行查验。3) After receiving the certificate registration request from the power IoT device, EA will verify the identity information submitted by the power IoT device.
4)EA审核通过后,向CA(证书授权服务器)发送证书颁发命令。4) After EA passes the review, it sends a certificate issuance command to the CA (Certificate Authorization Server).
5)CA进行电力物联网设备的数字证书制作并向EA发送证书颁布交易。其中,数字证书应包含的信息包含证书版本号、序列号、证书持有者(即申请证书的用户)、证书持有者公钥、证书持有者公钥的有效期、证书签发者(证书签发中心)及其他扩展项。5) CA produces digital certificates for power Internet of Things devices and sends certificate issuance transactions to EA. Among them, the information that the digital certificate should contain includes the certificate version number, serial number, certificate holder (that is, the user applying for the certificate), certificate holder public key, validity period of the certificate holder public key, certificate issuer (certificate issuance center) and other extensions.
6)EA将交易信息打包成新区块Block,广播至区块链网络,区块链完成交易签名校验并将交易写入区块链,从此电力物联网设备的身份透明,并不可篡改。6) EA packages the transaction information into a new block Block and broadcasts it to the blockchain network. The blockchain completes the transaction signature verification and writes the transaction into the blockchain. From then on, the identity of the power IoT device is transparent and cannot be tampered with.
7)EA向电力物联网设备发送数字证书。7) EA sends digital certificates to power Internet of Things devices.
其中,所述电力物联网设备生成证书注册请求发送至执行代理服务器时,将证书注册请求采用执行代理服务器的公钥加密后发送至执行代理服务器;所述执行代理服务器将电力物联网设备的数字证书发送至电力物联网设备时,将电力物联网设备的数字证书采用电力物联网设备的公钥加密后发送至电力物联网设备。通过采用公钥-私钥加密的方式,保证数传输时的安全性。Wherein, when the power Internet of Things device generates a certificate registration request and sends it to the execution proxy server, the certificate registration request is encrypted using the public key of the execution proxy server and then sent to the execution proxy server; the execution proxy server converts the digital number of the power Internet of Things device to the execution proxy server. When the certificate is sent to the electric power Internet of Things device, the digital certificate of the electric power Internet of Things device is encrypted using the public key of the electric power Internet of Things device and then sent to the electric power Internet of Things device. By using public key-private key encryption, the security of data transmission is ensured.
在一种可能的实施方式中,所述基于区块链的电力物联网设备身份认证方法,还包括:证书授权服务器以默克尔帕特里树(MPT)的结构形式存储电力物联网设备的数字证书。将电力物联网设备及其数字证书以键值对形式存储在MPT叶子节点中,MPT随着节点的增加而更新,所有交易及对应更新的MPT根都按时间顺序存储在时序默克尔树(CMT,chronologicalMerkletree)中,最终被打包上链。在电力物联网设备身份认证时,可通过数字证书在MPT中的存储路径查询数字证书的有效性。In a possible implementation, the blockchain-based power Internet of Things device identity authentication method also includes: the certificate authorization server stores the identity of the power Internet of Things device in the form of a Merkel Patri tree (MPT) structure. Digital certificate. The power Internet of Things devices and their digital certificates are stored in MPT leaf nodes in the form of key-value pairs. MPT is updated as the number of nodes increases. All transactions and corresponding updated MPT roots are stored in the time sequence Merkel tree in chronological order ( CMT, chronologicalMerkletree), and finally packaged on the chain. During identity authentication of power Internet of Things devices, the validity of the digital certificate can be queried through the storage path of the digital certificate in the MPT.
在一种可能的实施方式中,该基于区块链的电力物联网设备身份认证方法中,所述区块链网络将电力物联网设备的数字证书和设备参数信息,以区块的形式写入区块链时,在区块中添加当前时刻的时间戳。基于此,所有的区块链交易在封装成区块时均带有时间戳,而共识算法会对数据区块的有效性进行验证,系统会保存有效的数据而丢弃未通过验证的数据。数据的时间维度通过区块链存储方式得以扩大,数据的实时性使得攻击者不能用过时的消息进行攻击。In a possible implementation, in the blockchain-based power Internet of Things device identity authentication method, the blockchain network writes the digital certificate and device parameter information of the power Internet of Things device in the form of blocks. When creating a blockchain, add the timestamp of the current moment in the block. Based on this, all blockchain transactions are timestamped when packaged into blocks, and the consensus algorithm will verify the validity of the data blocks. The system will save valid data and discard data that fails verification. The time dimension of data is expanded through blockchain storage, and the real-time nature of data prevents attackers from using outdated messages to attack.
在一种可能的实施方式中,所述基于区块链的电力物联网设备身份认证方法,还包括:数字证书更新过程,所述数字证书更新过程包括:电力物联网设备生成证书更新请求发送至执行代理服务器;执行代理服务器根据电力物联网设备的证书更新请求生成电力物联网设备的证书更新命令并发送至证书授权服务器;证书授权服务器根据电力物联网设备的证书更新命令,生成电力物联网设备的更新数字证书并发送至执行代理服务器;执行代理服务器将电力物联网设备的更新数字证书发送至电力物联网设备和区块链网络;区块链网络查询内部的区块链中是否存在当前电力物联网设备的数字证书,以及当前电力物联网设备的更新数字证书是否为最新签发,当区块链中存在当前电力物联网设备的数字证书且当前电力物联网设备的更新数字证书为最新签发时,撤销电力物联网设备的数字证书,并将当前电力物联网设备的更新数字证书以区块的形式写入区块链。In a possible implementation, the blockchain-based power Internet of Things device identity authentication method also includes: a digital certificate update process. The digital certificate update process includes: the power Internet of Things device generates a certificate update request and sends it to Execute the proxy server; the execution proxy server generates a certificate update command for the power Internet of Things device according to the certificate update request of the power Internet of Things device and sends it to the certificate authorization server; the certificate authorization server generates a certificate update command for the power Internet of Things device based on the certificate update command of the power Internet of Things device. The updated digital certificate is sent to the execution proxy server; the execution proxy server sends the updated digital certificate of the power IoT device to the power IoT device and the blockchain network; the blockchain network queries whether the current power exists in the internal blockchain The digital certificate of the IoT device and whether the updated digital certificate of the current power IoT device is the latest issued. When the digital certificate of the current power IoT device exists in the blockchain and the updated digital certificate of the current power IoT device is the latest issue. , revoke the digital certificate of the power IoT device, and write the updated digital certificate of the current power IoT device into the blockchain in the form of a block.
具体的,在基于区块链的身份认证系统中,当电力物联网设备存在证书延期、更换域名等需求时,需要在经过审核确认后,调用区块链智能合约的update接口,对电力物联网设备的数字证书进行更新。证书更新只是更新数字证书的内容,并不会更换电力物联网设备的公私钥。其中,电力物联网设备无权自行更新证书。数字证书中的所有信息需要通过EA的审核,才能进行更新颁发。参见图3,数字证书更新过程具体如下:Specifically, in the blockchain-based identity authentication system, when the power IoT equipment has certificate extension, domain name change, etc., it needs to call the update interface of the blockchain smart contract after review and confirmation to perform the power IoT verification. The device's digital certificate is updated. Certificate update only updates the content of the digital certificate and does not replace the public and private keys of the power IoT device. Among them, power IoT devices do not have the right to update certificates on their own. All information in the digital certificate needs to be reviewed by EA before it can be updated and issued. Referring to Figure 3, the digital certificate update process is as follows:
1)申请更新证书的电力物联网设备生成证书更新请求信息,其中,包括证书主题、用户公钥以及用户公钥的新有效期等信息。1) The power Internet of Things device that applies for certificate update generates certificate update request information, which includes information such as the certificate subject, the user's public key, and the new validity period of the user's public key.
2)向EA提交证书更新请求信息,申请更新数字证书。2) Submit the certificate update request information to EA and apply for updating the digital certificate.
3)EA收到该电力物联网设备的更新申请后,对电力物联网设备提交的证书更新信息进行查验。3) After receiving the update application of the power IoT device, EA will check the certificate update information submitted by the power IoT device.
4)EA审核通过后,向CA发送证书更新命令。4) After the EA passes the review, it sends a certificate update command to the CA.
5)CA进行电力物联网设备新的数字证书制作并向EA发送证书颁布交易。其中,更新数字证书应包含的信息有:证书版本号、序列号、证书持有者(即申请证书的用户)、证书持有者公钥、证书持有者公钥的有效期、证书签发者(签发中心)及其他扩展项。5) CA produces new digital certificates for power Internet of Things equipment and sends certificate issuance transactions to EA. Among them, the information that should be included in updating the digital certificate includes: certificate version number, serial number, certificate holder (i.e. the user who applies for the certificate), certificate holder public key, validity period of the certificate holder's public key, certificate issuer ( Issuing Center) and other extensions.
6)EA提供旧的数字证书和更新数字证书,通过调用区块链的智能合约update方法,检查旧的数字证书是否在区块链中存在,更新数字证书是否为最新签发的。6) EA provides the old digital certificate and the updated digital certificate. By calling the smart contract update method of the blockchain, it checks whether the old digital certificate exists in the blockchain and whether the updated digital certificate is the latest one.
7)EA将交易信息打包成新区块Block,将此更新数字证书写入区块链中,区块链网络完成交易签名校验并将交易写入区块链,从此身份透明并不可篡改。7) EA packages the transaction information into a new block Block and writes this updated digital certificate into the blockchain. The blockchain network completes the transaction signature verification and writes the transaction into the blockchain. From now on, the identity is transparent and cannot be tampered with.
8)EA向电力物联网设备发送更新数字证书。8) EA sends an updated digital certificate to the power Internet of Things device.
整个更新数字证书的过程和颁发数字证书的过程类似,但有不同之处在于电力物联网设备申请时要指定旧的数字证书,该数字证书在整个更换结束后,会被撤销,即在区块链中标记为被撤销。The entire process of updating a digital certificate is similar to the process of issuing a digital certificate, but the difference is that the old digital certificate must be specified when the power IoT device applies. The digital certificate will be revoked after the entire replacement is completed, that is, in the block The chain is marked as revoked.
在一种可能的实施方式中,所述基于区块链的电力物联网设备身份认证方法,还包括:数字证书撤销过程,所述数字证书撤销过程包括:电力物联网设备生成证书撤销请求发送至执行代理服务器;其中,证书撤销请求包括待撤销数字证书;执行代理服务器根据电力物联网设备的证书撤销请求生成电力物联网设备的证书撤销命令并发送至证书授权服务器;执行代理服务器将待撤销数字证书发送至区块链网络,区块链网络查询内部的区块链中是否存在待撤销数字证书,当区块链中存在待撤销数字证书时,撤销待撤销数字证书。In a possible implementation, the blockchain-based power Internet of Things device identity authentication method also includes: a digital certificate revocation process. The digital certificate revocation process includes: the power Internet of Things device generates a certificate revocation request and sends it to Execution proxy server; wherein, the certificate revocation request includes the digital certificate to be revoked; the execution proxy server generates a certificate revocation command for the power Internet of Things device based on the certificate revocation request of the power Internet of Things device and sends it to the certificate authorization server; the execution proxy server sends the digital certificate to be revoked The certificate is sent to the blockchain network, and the blockchain network queries whether there is a digital certificate to be revoked in the internal blockchain. When a digital certificate to be revoked exists in the blockchain, the digital certificate to be revoked is revoked.
具体的,在基于区块链的身份认证系统中,当电力物联网设备存在其某一证书撤销的需求时,需要在经过审核确认后,调用智能合约的revoke接口,对电力物联网设备的数字证书进行撤销。除了电力物联网设备可以自己主动撤销证书,也可由于数字证书过期或者使用范围改变等原因,由管理员进行撤销。具体的,参见图4,数字证书撤销的具体过程如下:Specifically, in the blockchain-based identity authentication system, when a power IoT device needs to revoke a certain certificate, it needs to call the revoke interface of the smart contract after review and confirmation to revoke the digital data of the power IoT device. The certificate is revoked. In addition to the power IoT devices that can actively revoke certificates themselves, they can also be revoked by administrators due to expiration of digital certificates or changes in usage scope. Specifically, see Figure 4. The specific process of digital certificate revocation is as follows:
1)申请撤销证书的电力物联网设备生成证书撤销请求信息,其中,包括用户信息、需要申请撤销的数字证书及原因。1) The power Internet of Things device that applies for certificate revocation generates certificate revocation request information, which includes user information, the digital certificate that needs to be revoked and the reason.
2)电力物联网设备向EA提交证书撤销请求信息,申请撤销数字证书。2) The power Internet of Things device submits certificate revocation request information to EA and applies for revocation of the digital certificate.
3)EA收到电力物联网设备的证书撤销申请,对证书撤销信息进行查验。3) EA receives the certificate revocation application from the power Internet of Things device and checks the certificate revocation information.
4)EA审核通过后,向CA发送证书撤销命令。4) After EA passes the review, it sends a certificate revocation command to the CA.
5)EA提供待撤销数字证书,通过调用区块链的智能合约revoke方法,检待撤销数字证书是否在区块链中存在,当区块链中存在待撤销数字证书时,进行待撤销数字证书的撤销。5) EA provides a digital certificate to be revoked, and checks whether the digital certificate to be revoked exists in the blockchain by calling the revoke method of the smart contract of the blockchain. When a digital certificate to be revoked exists in the blockchain, the digital certificate to be revoked is processed. of revocation.
6)EA对撤销证书的记录进行签名并写入区块链中。6) EA signs the record of revoked certificate and writes it into the blockchain.
7)区块链网络通过校验交易签名确认EA身份,将撤销证书的记录写入区块链,并在区块链中标记待撤销数字证书的状态为“撤销”。7) The blockchain network confirms the identity of the EA by verifying the transaction signature, writes the record of the revoked certificate to the blockchain, and marks the status of the digital certificate to be revoked as "revoked" in the blockchain.
8)EA通知电力物联网设备该待撤销数字证书已撤销。8) EA notifies the power Internet of Things device that the pending digital certificate has been revoked.
在一种可能的实施方式中,所述基于区块链的电力物联网设备身份认证方法,还包括:执行代理服务器将电力物联网设备的数字证书与真实身份之间的可链接性加密后,发送至区块链网络并以区块的形式写入区块链。基于此,在有争议的情况下,代理服务器能够显示电力物联网设备的真实身份。In a possible implementation, the blockchain-based power Internet of Things device identity authentication method also includes: executing a proxy server to encrypt the linkability between the digital certificate and the real identity of the power Internet of Things device, Sent to the blockchain network and written to the blockchain in the form of blocks. Based on this, the proxy server is able to reveal the true identity of power IoT devices in disputed situations.
综上,该基于区块链的电力物联网设备身份认证方法,在功能上能够实现颁发证书、撤销证书、更新证书、下载证书、查询状态、撤销列表、更换认证中心密钥和认证中心操作审计等身份认证功能。具有安全性、数据完整性、可追溯性与不可否认性、抗伪造攻击及抗DoS/DDoS攻击等优势。In summary, this blockchain-based power Internet of Things device identity authentication method can functionally implement certificate issuance, certificate revocation, certificate update, certificate download, status query, revocation list, certification center key replacement, and certification center operation audit. and other identity authentication functions. It has the advantages of security, data integrity, traceability and non-repudiation, resistance to forgery attacks and resistance to DoS/DDoS attacks.
具体的,安全性:区块链网络的节点、执行代理服务器以及证书授权服务器,可以通过双向认证实现互信,保证内部通信封闭,不易被攻击。数据完整性:在运行过程中,所有数字证书的操作均是以区块链交易完成的,并且区块链交易都由私钥签名,生成的区块链交易均由区块链节点封装成区块,这些区块由共识算法产生并保存在区块链的分布式账本中。如果某个节点的数据被攻击者删除或篡改,节点之间运行的共识算法会检测出异常并修正,从而保证了数据的完整性。可追溯性与不可否认性:区块链中记录了区块链系统产生的所有数据信息,因此所有历史数据都能够被追溯查询。在区块链交易中,代理或者设备终端使用数字签名来确认交易,由于私钥是唯一的且只有所有者知道,因此代理和设备终端对于所做的所有操作都无法否认,一旦发生错误或者区块产生失败,便于查找原因。抗伪造攻击:伪造攻击是指攻击者伪造合法设备的数据信息从而通过验证,本系统的抗伪造攻击能力是由数字签名技术提供的。设备终端发送的数据交互交易由自身私钥签名,私钥由发送方持有并且高度保密,无法被窃取从而为身份认证阶段提供了保护。抗DoS/DDoS攻击:区块链是分布式架构,分布式系统对比中心化系统而言有着较好的灵活性,其中的点对点、多冗余及集体维护等属性,使得区块链具备抵御拒绝服务攻击(DoS)/分布式拒绝服务攻击(DDoS)的能力。区块链网络中的各个区块链节点会实时同步最新的数据区块,即使某个节点被攻击后无法正常使用,其他节点也不会受到影响。因此,该基于区块链的电力物联网设备身份认证方法能够对DoS/DDoS攻击做出有效抵抗。Specifically, security: The nodes, execution proxy servers and certificate authorization servers of the blockchain network can achieve mutual trust through two-way authentication, ensuring that internal communications are closed and not easily attacked. Data integrity: During the operation process, all digital certificate operations are completed with blockchain transactions, and blockchain transactions are signed by private keys. The generated blockchain transactions are encapsulated into blocks by blockchain nodes. blocks, which are generated by a consensus algorithm and stored in the blockchain’s distributed ledger. If the data of a certain node is deleted or tampered with by an attacker, the consensus algorithm running between the nodes will detect the anomaly and correct it, thereby ensuring the integrity of the data. Traceability and non-repudiation: All data information generated by the blockchain system is recorded in the blockchain, so all historical data can be traced and queried. In a blockchain transaction, the agent or device terminal uses a digital signature to confirm the transaction. Since the private key is unique and known only to the owner, the agent and device terminal cannot deny all operations performed. Once an error or discrepancy occurs, Block generation failed, easy to find the reason. Anti-forgery attack: Forgery attack means that the attacker forges the data information of the legitimate device to pass the verification. The anti-forgery attack capability of this system is provided by digital signature technology. The data interaction transaction sent by the device terminal is signed by its own private key. The private key is held by the sender and is highly confidential and cannot be stolen, thus providing protection for the identity authentication stage. Resist DoS/DDoS attacks: Blockchain is a distributed architecture. Distributed systems have better flexibility than centralized systems. Its point-to-point, multiple redundancy and collective maintenance attributes make blockchain resistant to rejection. Service attack (DoS)/distributed denial of service attack (DDoS) capabilities. Each blockchain node in the blockchain network will synchronize the latest data blocks in real time. Even if a node cannot be used normally after being attacked, other nodes will not be affected. Therefore, this blockchain-based power IoT device identity authentication method can effectively resist DoS/DDoS attacks.
下述为本发明的装置实施例,可以用于执行本发明方法实施例。对于装置实施例中未披露的细节,请参照本发明方法实施例。The following are device embodiments of the present invention, which can be used to perform method embodiments of the present invention. For details not disclosed in the device embodiment, please refer to the method embodiment of the present invention.
参见图5,本发明再一实施例中,提供一种基于区块链的电力物联网设备身份认证系统,能够用于实现上述的基于区块链的电力物联网设备身份认证方法,具体的,该基于区块链的电力物联网设备身份认证系统包括区块链网络、执行代理服务器以及证书授权服务器;其中,区块链网络以及证书授权服务器均与执行代理服务器连接。Referring to Figure 5, in yet another embodiment of the present invention, a blockchain-based power Internet of Things device identity authentication system is provided, which can be used to implement the above-mentioned blockchain-based power Internet of Things device identity authentication method. Specifically, The blockchain-based power Internet of Things device identity authentication system includes a blockchain network, an execution proxy server, and a certificate authorization server; among which, the blockchain network and the certificate authorization server are both connected to the execution proxy server.
其中,执行代理服务器用于接收电力物联网设备的证书注册请求生成电力物联网设备的证书颁布命令并发送至证书授权服务器;以及接收证书授权服务器发送的电力物联网设备的数字证书,并将电力物联网设备的数字证书发送至电力物联网设备,并将电力物联网设备的数字证书和设备参数信息发送至区块链网络;证书授权服务器用于根据电力物联网设备的证书颁布命令,生成电力物联网设备的数字证书;区块链网络用于接收电力物联网设备发送的认证请求信息,其中,认证请求信息包括电力物联网设备的设备参数信息和数字证书;以及查询内部的区块链中是否包含目标区块;其中,目标区块为包含电力物联网设备的设备参数信息和数字证书的区块;并当区块链中包含目标区块时,发送可靠性证明消息至电力物联网设备,完成电力物联网设备的身份认证。Among them, the execution proxy server is used to receive the certificate registration request of the electric power Internet of Things equipment, generate a certificate issuance command for the electric power Internet of Things equipment, and send it to the certificate authorization server; and receive the digital certificate of the electric power Internet of Things equipment sent by the certificate authorization server, and send the electric power Internet of Things equipment digital certificate. The digital certificate of the IoT device is sent to the power IoT device, and the digital certificate and device parameter information of the power IoT device are sent to the blockchain network; the certificate authorization server is used to issue commands based on the certificate of the power IoT device to generate power The digital certificate of the IoT device; the blockchain network is used to receive the authentication request information sent by the power IoT device, where the authentication request information includes the device parameter information and digital certificate of the power IoT device; and to query the internal blockchain Whether the target block is included; where the target block is the block containing the device parameter information and digital certificate of the power Internet of Things device; and when the target block is included in the blockchain, a reliability certification message is sent to the power Internet of Things device , complete the identity authentication of power Internet of Things devices.
具体的,EA的主要职责包括电力物联网设备登记注册,并为其生成身份参数、授权CA颁发数字证书以及向电力物联网设备返回数字证书。EA收集CA传来的交易生成一个区块,并将该区块传递给区块链网络的所有节点进行验证。EA使用其密钥加密电力物联网设备的数字证书与其真实身份之间的可链接性,并将其存储在区块链中,在有争议的情况下通过EA显示电力物联网设备的真实身份。Specifically, the main responsibilities of EA include registering power IoT devices, generating identity parameters for them, authorizing the CA to issue digital certificates, and returning digital certificates to power IoT devices. EA collects transactions from CA to generate a block and passes the block to all nodes of the blockchain network for verification. EA uses its key to encrypt the linkability between the digital certificate of the power IoT device and its true identity and stores it in the blockchain, revealing the true identity of the power IoT device through EA in the event of a dispute.
CA在接收EA的颁布证书命令后,负责区块链网络节点及物联网设备的证书生成,生成证书颁发交易并回传给EA。证书以MPT的结构形式存储。After receiving the certificate issuance command from EA, the CA is responsible for generating certificates for blockchain network nodes and IoT devices, generating certificate issuance transactions and sending them back to EA. Certificates are stored in the structure of MPT.
电力物联网设备接收EA回传的数字证书,同时接收区块链网络的节点传来的可靠性证明消息并进行验证。The power Internet of Things device receives the digital certificate returned by EA, and at the same time receives the reliability certificate message from the node of the blockchain network and verifies it.
区块链网络将数字证书的存储与查询、生命周期管理、证书签发中心密钥丢失管理以及撤销列表管理等逻辑加以实现,形成一份完整的智能合约。区块链网络负责系统内所有交易的存储,每一次对智能合约的成功调用,都要经过各个节点背书(签名)、共识和记账三个流程。具体功能包括:在EA注册身份并接收电力物联网设备的数字证书,结合对EA传来的电力物联网设备的身份参数的处理结果生成预签名,以及将预签名以区块的形式上链并在区块链网络的各节点内广播。以及在电力物联网设备请求接入时,将预签名作为可靠性证明的一部分,接收电力物联网设备的接入请求消息,并验证电力物联网设备的身份,具体为查询包含电力物联网设备的数字证书和身份参数的区块,并将查询到的区块信息返回给电力物联网设备,进行身份验证。The blockchain network implements the logic of digital certificate storage and query, life cycle management, certificate issuance center key loss management, and revocation list management to form a complete smart contract. The blockchain network is responsible for the storage of all transactions in the system. Every successful call to a smart contract must go through the three processes of endorsement (signature), consensus and accounting by each node. Specific functions include: registering an identity with EA and receiving the digital certificate of the power IoT device, generating a pre-signature based on the processing results of the identity parameters of the power IoT device from EA, and uploading the pre-signature to the chain in the form of a block. Broadcast within each node of the blockchain network. And when the power Internet of Things device requests access, the pre-signature is used as part of the reliability certificate, the access request message of the power Internet of Things device is received, and the identity of the power Internet of Things device is verified, specifically querying the information containing the power Internet of Things device. Blocks of digital certificates and identity parameters, and returns the queried block information to the power Internet of Things device for identity verification.
本发明基于区块链的电力物联网设备身份认证方法及系统,为了解决电力物联网目前常用的基于公钥基础设施的身份认证过程中存在的兼容性低、抗攻击能力弱以及中心化网络负担重等问题,结合区块链技术的安全性、不可逆、不可篡改性和透明性等特性,利用区块链自身的高度去中心化特点,将数字证书等信息存入区块数据结构中,并根据密码学相关知识提出了分布式电力物联网设备身份认证机制,设计了设备证书颁发、更新及撤销的详细流程,有效地提升了传统公钥基础设施体系的透明度,加强身份认证的可信度,可以抵御多种恶意攻击,实现了高度安全的分布式电力物联网设备身份认证。The present invention is a blockchain-based power Internet of Things equipment identity authentication method and system, in order to solve the problems of low compatibility, weak attack resistance and centralized network burden in the identity authentication process based on public key infrastructure currently commonly used in the Power Internet of Things. To solve problems such as heavy problems, combine the security, irreversibility, non-tamperability and transparency of blockchain technology, and use the highly decentralized characteristics of the blockchain itself to store digital certificates and other information in the block data structure, and Based on cryptography-related knowledge, a distributed power Internet of Things device identity authentication mechanism is proposed, and a detailed process for issuing, updating and revoking device certificates is designed, effectively improving the transparency of the traditional public key infrastructure system and strengthening the credibility of identity authentication. , can resist a variety of malicious attacks and achieve highly secure distributed power IoT device identity authentication.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present invention may be provided as methods, systems, or computer program products. Thus, the invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each process and/or block in the flowchart illustrations and/or block diagrams, and combinations of processes and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine, such that the instructions executed by the processor of the computer or other programmable data processing device produce a use A device for realizing the functions specified in one process or multiple processes of the flowchart and/or one block or multiple blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that causes a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction means, the instructions The device implements the functions specified in a process or processes of the flowchart and/or a block or blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device, causing a series of operating steps to be performed on the computer or other programmable device to produce computer-implemented processing, thereby executing on the computer or other programmable device. Instructions provide steps for implementing the functions specified in a process or processes of a flowchart diagram and/or a block or blocks of a block diagram.
最后应当说明的是:以上实施例仅用以说明本发明的技术方案而非对其限制,尽管参照上述实施例对本发明进行了详细的说明,所属领域的普通技术人员应当理解:依然可以对本发明的具体实施方式进行修改或者等同替换,而未脱离本发明精神和范围的任何修改或者等同替换,其均应涵盖在本发明的权利要求保护范围之内。Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention and not to limit it. Although the present invention has been described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that the present invention can still be modified. Modifications or equivalent substitutions may be made to the specific embodiments, and any modifications or equivalent substitutions that do not depart from the spirit and scope of the invention shall be covered by the scope of the claims of the invention.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111525769.1ACN114244527B (en) | 2021-12-14 | 2021-12-14 | Block chain-based electric power Internet of things equipment identity authentication method and system |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111525769.1ACN114244527B (en) | 2021-12-14 | 2021-12-14 | Block chain-based electric power Internet of things equipment identity authentication method and system |
| Publication Number | Publication Date |
|---|---|
| CN114244527A CN114244527A (en) | 2022-03-25 |
| CN114244527Btrue CN114244527B (en) | 2023-10-31 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111525769.1AActiveCN114244527B (en) | 2021-12-14 | 2021-12-14 | Block chain-based electric power Internet of things equipment identity authentication method and system |
| Country | Link |
|---|---|
| CN (1) | CN114244527B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114785515B (en)* | 2022-03-29 | 2024-04-23 | 中国科学院信息工程研究所 | Edge computing identity authentication method and system based on block chain |
| CN114819307A (en)* | 2022-04-13 | 2022-07-29 | 西南大学 | Blockchain-based power statistics system and its use method |
| CN114978688B (en)* | 2022-05-23 | 2025-06-17 | 青岛海尔空调器有限总公司 | Method and device for data transmission, router, and Internet of Things device |
| CN115118461B (en)* | 2022-06-07 | 2024-07-26 | 讯飞智元信息科技有限公司 | Data processing method and device, electronic equipment and storage medium |
| CN115174385B (en)* | 2022-06-15 | 2024-04-02 | 桂林电子科技大学 | A blockchain-based method for updating firmware software of industrial IoT devices |
| CN115174234B (en)* | 2022-07-08 | 2023-08-29 | 慧之安信息技术股份有限公司 | Block chain-based Internet of things identifier management method |
| CN116112177B (en)* | 2022-12-27 | 2025-03-18 | 天翼物联科技有限公司 | Processing method and system for identity authentication of IoT devices |
| CN120642296A (en)* | 2023-01-31 | 2025-09-12 | 科鲁赫阿尔格技术工业贸易有限责任公司 | Method for fast authentication and authorization with key update between devices |
| CN115914316B (en)* | 2023-03-14 | 2023-06-06 | 深圳中集智能科技有限公司 | Block chain logistics data transmission method and trusted Internet of things system |
| CN116405289A (en)* | 2023-04-11 | 2023-07-07 | 哈尔滨工程大学 | An identity authentication system for a ship's virtual test platform |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109768988A (en)* | 2019-02-26 | 2019-05-17 | 安捷光通科技成都有限公司 | Decentralization Internet of Things security certification system, facility registration and identity identifying method |
| CN109787987A (en)* | 2019-01-29 | 2019-05-21 | 国网江苏省电力有限公司无锡供电分公司 | Blockchain-based power IoT terminal identity authentication method |
| CN112861106A (en)* | 2021-02-26 | 2021-05-28 | 卓尔智联(武汉)研究院有限公司 | Digital certificate processing method and system, electronic device and storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109617698B (en)* | 2019-01-09 | 2021-08-03 | 腾讯科技(深圳)有限公司 | Method for issuing digital certificate, digital certificate issuing center and medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109787987A (en)* | 2019-01-29 | 2019-05-21 | 国网江苏省电力有限公司无锡供电分公司 | Blockchain-based power IoT terminal identity authentication method |
| CN109768988A (en)* | 2019-02-26 | 2019-05-17 | 安捷光通科技成都有限公司 | Decentralization Internet of Things security certification system, facility registration and identity identifying method |
| CN112861106A (en)* | 2021-02-26 | 2021-05-28 | 卓尔智联(武汉)研究院有限公司 | Digital certificate processing method and system, electronic device and storage medium |
| Title |
|---|
| 基于区块链的分布式物联网设备身份认证机制研究;谭琛;物联网学报;第4卷(第2期);70-77* |
| Publication number | Publication date |
|---|---|
| CN114244527A (en) | 2022-03-25 |
| Publication | Publication Date | Title |
|---|---|---|
| CN114244527B (en) | Block chain-based electric power Internet of things equipment identity authentication method and system | |
| Feng et al. | Blockchain-based cross-domain authentication for intelligent 5G-enabled internet of drones | |
| CN110933108B (en) | Data processing method and device based on block chain network, electronic equipment and storage medium | |
| CN109768988B (en) | Decentralized Internet of things security authentication system, equipment registration and identity authentication method | |
| Zhong et al. | Distributed blockchain‐based authentication and authorization protocol for smart grid | |
| CN106972931B (en) | Method for transparentizing certificate in PKI | |
| Madala et al. | Certificate transparency using blockchain | |
| CN112953727A (en) | Internet of things-oriented equipment anonymous identity authentication method and system | |
| CN109245894B (en) | Distributed cloud storage system based on intelligent contracts | |
| CN114139203B (en) | Blockchain-based heterogeneous identity alliance risk assessment system, method and terminal | |
| CN113079215B (en) | Block chain-based wireless security access method for power distribution Internet of things | |
| CN115345618B (en) | Block chain transaction verification method and system based on mixed quantum digital signature | |
| CN113507370B (en) | Forestry Internet of things equipment authorization authentication access control method based on block chain | |
| CN118764201A (en) | A trusted authentication security chip system and control method for the Internet of Things | |
| WO2023236551A1 (en) | Decentralized trusted access method for cellular base station | |
| CN120090874A (en) | A blockchain-based method for cross-border circulation of personal data | |
| CN118713853A (en) | Identity-driven trust management system for data center collaboration | |
| CN115967941B (en) | Authentication method and authentication system for electric power 5G terminal | |
| Lv et al. | Heterogeneous cross‐domain identity authentication scheme based on proxy resignature in cloud environment | |
| CN118748583B (en) | ICS data trusted circulation system and method based on double-layer blockchain assistance | |
| Wang et al. | SE-CAS: Secure and efficient cross-domain authentication scheme based on blockchain for space TT&C networks | |
| Lyu et al. | JRS: A joint regulating scheme for secretly shared content based on blockchain | |
| EP4412158A1 (en) | Electricity meter and system hardened against attack vectors | |
| CN118368082A (en) | Remote proving method for synchronous code and data providing based on TEE | |
| Akhras et al. | Ecc: Enhancing smart grid communication with ethereum blockchain, asymmetric cryptography, and cloud services |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |