CN115242440A - Block chain-based Internet of things equipment trusted calling method, device and equipment - Google Patents
Block chain-based Internet of things equipment trusted calling method, device and equipment Download PDFInfo
- Publication number
- CN115242440A CN115242440A CN202210702311.7A CN202210702311A CN115242440A CN 115242440 A CN115242440 A CN 115242440A CN 202210702311 A CN202210702311 A CN 202210702311A CN 115242440 A CN115242440 A CN 115242440A
- Authority
- CN
- China
- Prior art keywords
- public key
- request
- terminal
- blockchain node
- user terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/50—Safety; Security of things, users, data or systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
本申请是申请号为202010684456.X、申请日为2020年07月16日、发明名称为“一种基于区块链的物联网设备安全调用方法、装置及设备”的发明专利申请的分案申请。This application is a divisional application for an invention patent application with an application number of 202010684456.X, an application date of July 16, 2020, and an invention title of "a method, device and device for secure invocation of IoT devices based on blockchain" .
技术领域technical field
本说明书实施例涉及网络安全技术领域,特别涉及一种基于区块链的物联网设备可信调用方法、装置及设备。The embodiments of this specification relate to the technical field of network security, and in particular, to a method, device, and device for trusted invocation of IoT devices based on blockchain.
背景技术Background technique
随着物联网技术的发展,人们可以将越来越多的设备接入互联网,在方便地获取设备数据的同时也能够远程地设备进行控制。例如,针对接入网络的智能摄像头,用户可以直接利用对应的终端设备中的客户端获取到摄像头所拍摄的视频数据,以及发布远程指令对所述智能摄像头的拍摄角度、放大倍数进行调整。With the development of Internet of Things technology, more and more devices can be connected to the Internet, and devices can be controlled remotely while obtaining device data conveniently. For example, for a smart camera connected to the network, the user can directly use the client in the corresponding terminal device to obtain video data captured by the camera, and issue remote instructions to adjust the shooting angle and magnification of the smart camera.
物联网设备能够利用设备中的感知模块获取数据,使得物联网设备对于安全性具有较高的需求。而不法分子可以通过篡改客户端代码或在客户端中植入恶意插件等方式,间接地通过客户端来获取物联网设备的控制权限。由于物联网设备一般是利用自身存储的固件来执行相应的指令,直接在固件中设置固定的验证程序也容易被不法分子所欺骗。因此,目前在用户通过对应的客户端实现对物联网设备的控制时,物联网设备难以对所述客户端的安全性进行验证。IoT devices can use the sensing module in the device to obtain data, which makes IoT devices have high security requirements. Criminals can obtain control rights of IoT devices indirectly through the client by tampering with the client code or implanting malicious plug-ins in the client. Since IoT devices generally use their own stored firmware to execute corresponding instructions, it is also easy to be deceived by criminals by directly setting a fixed verification program in the firmware. Therefore, at present, when a user controls an IoT device through a corresponding client, it is difficult for the IoT device to verify the security of the client.
发明内容SUMMARY OF THE INVENTION
本说明书实施例的目的是提供一种基于区块链的物联网设备可信调用方法、装置及设备,以解决如何确保调用物联网设备的过程的安全性的问题。The purpose of the embodiments of this specification is to provide a method, apparatus and device for trusted invocation of IoT devices based on blockchain, so as to solve the problem of how to ensure the security of the process of invoking IoT devices.
为了解决上述技术问题,本说明书实施例还提出一种基于区块链的物联网设备可信调用方法,包括:接收用户终端发送的设备调用请求;所述设备调用请求包括利用所述用户终端对应的终端私钥加密后的请求;向区块链节点设备发送终端公钥获取请求;所述终端公钥获取请求用于获取所述用户终端上传至所述区块链节点设备中的终端公钥;接收所述区块链节点设备反馈的终端公钥;若利用所述终端公钥实现对所述设备调用请求的解密,向所述用户终端反馈授权信息,以使所述客户端调用物联网设备。In order to solve the above technical problems, the embodiments of this specification also propose a blockchain-based trusted invocation method for IoT devices, including: receiving a device invocation request sent by a user terminal; the device invocation request includes using the user terminal to correspond to request encrypted by the private key of the terminal; send a terminal public key acquisition request to the blockchain node device; the terminal public key acquisition request is used to acquire the terminal public key uploaded by the user terminal to the blockchain node device ; Receive the terminal public key fed back by the blockchain node device; if the terminal public key is used to decrypt the device call request, the authorization information is fed back to the user terminal, so that the client can call the Internet of Things equipment.
在一些实施方式中,所述接收所述区块链节点设备反馈的终端公钥之后,还包括:若利用所述终端公钥无法解密所述设备调用请求,将所述用户终端对应的终端标识作为高危设备标识发送至区块链节点设备,以使与所述区块链节点设备关联的用户终端获取到高危设备标识。In some embodiments, after receiving the terminal public key fed back by the blockchain node device, the method further includes: if the device invocation request cannot be decrypted by using the terminal public key, identifying the terminal identifier corresponding to the user terminal It is sent to the blockchain node device as the high-risk device identifier, so that the user terminal associated with the blockchain node device can obtain the high-risk device identifier.
在一些实施方式中,所述向区块链节点设备发送终端公钥获取请求之前,还包括:向区块链节点设备发送终端查询请求;所述终端查询请求用于获取所述用户终端的安全评价结果;相应的,所述向区块链节点设备发送终端公钥获取请求,包括:若所述区块链节点设备反馈的安全评价结果为安全设备,向区块链节点设备发送终端公钥获取请求。In some embodiments, before sending the terminal public key acquisition request to the blockchain node device, the method further includes: sending a terminal query request to the blockchain node device; the terminal query request is used to acquire the security of the user terminal The evaluation result; correspondingly, the sending the terminal public key acquisition request to the blockchain node device includes: if the security evaluation result fed back by the blockchain node device is a security device, sending the terminal public key to the blockchain node device Get request.
本说明书实施例还提出一种基于区块链的物联网设备可信调用装置,包括:请求接收模块,用于接收用户终端发送的设备调用请求;所述设备调用请求包括利用所述用户终端对应的终端私钥加密后的请求;请求发送模块,用于向区块链节点设备发送终端公钥获取请求;所述终端公钥获取请求用于获取所述用户终端上传至所述区块链节点设备中的终端公钥;公钥接收模块,用于接收所述区块链节点设备反馈的终端公钥;信息反馈模块,用于在利用所述终端公钥实现对所述设备调用请求的解密时,向所述用户终端反馈授权信息,以使所述客户端调用物联网设备。The embodiment of this specification also proposes a blockchain-based IoT device trusted invocation device, including: a request receiving module, configured to receive a device invocation request sent by a user terminal; the device invocation request includes using the user terminal to correspond to The request encrypted by the private key of the terminal; the request sending module is used to send the terminal public key acquisition request to the blockchain node device; the terminal public key acquisition request is used to acquire the user terminal and upload it to the blockchain node The terminal public key in the device; the public key receiving module is used to receive the terminal public key fed back by the blockchain node device; the information feedback module is used to use the terminal public key to decrypt the device call request At the time, the authorization information is fed back to the user terminal, so that the client can call the Internet of Things device.
本说明书实施例还提出一种物联网设备,包括存储器和处理器;所述存储器,用于存储计算机程序指令;所述处理器,用于执行所述计算机程序指令以实现以下步骤:接收用户终端发送的设备调用请求;所述设备调用请求包括利用所述用户终端对应的终端私钥加密后的请求;向区块链节点设备发送终端公钥获取请求;所述终端公钥获取请求用于获取所述用户终端上传至所述区块链节点设备中的终端公钥;接收所述区块链节点设备反馈的终端公钥;若利用所述终端公钥实现对所述设备调用请求的解密,向所述用户终端反馈授权信息,以使所述客户端调用物联网设备。The embodiments of this specification also provide an IoT device, including a memory and a processor; the memory is used to store computer program instructions; the processor is used to execute the computer program instructions to implement the following steps: receiving a user terminal The device invocation request sent; the device invocation request includes a request encrypted with the terminal private key corresponding to the user terminal; a terminal public key acquisition request is sent to the blockchain node device; the terminal public key acquisition request is used to acquire Upload the user terminal to the terminal public key in the blockchain node device; receive the terminal public key fed back by the blockchain node device; if the terminal public key is used to decrypt the device call request, The authorization information is fed back to the user terminal, so that the client can call the Internet of Things device.
本说明书实施例还提出一种基于区块链的物联网设备可信调用方法,包括:利用终端私钥对设备调用请求进行加密;所述设备调用请求包括客户端生成的请求;向物联网设备发送加密后的设备调用请求,以使所述物联网设备在接收到所述设备调用请求后向区块链节点设备发送终端公钥获取请求,并接收所述区块链节点设备反馈的终端公钥;所述终端公钥包括用户终端上传至所述区块链节点设备中的终端公钥;接收物联网设备反馈的授权信息,以使所述客户端调用所述物联网设备;所述授权信息包括物联网设备在利用所述终端公钥实现对所述加密后的设备调用请求的解密后生成的信息。The embodiments of this specification also propose a blockchain-based trusted invocation method for IoT devices, including: encrypting a device invocation request with a terminal private key; the device invocation request includes a request generated by a client; Send an encrypted device call request, so that the IoT device sends a terminal public key acquisition request to the blockchain node device after receiving the device call request, and receives the terminal public key fed back by the blockchain node device. The terminal public key includes the terminal public key uploaded by the user terminal to the blockchain node device; the authorization information fed back by the IoT device is received, so that the client can call the IoT device; the authorization The information includes information generated by the IoT device after decrypting the encrypted device call request by using the terminal public key.
在一些实施方式中,所述向物联网设备发送加密后的设备调用请求之前,还包括:向所述区块链节点设备发送物联网设备查询请求;所述物联网设备查询请求用于获取所述物联网设备的安全评价结果;相应的,所述向物联网设备发送加密后的设备调用请求,包括:若所述区块链节点设备反馈的安全评价结果为安全设备,向物联网设备发送加密后的设备调用请求。In some embodiments, before sending the encrypted device invocation request to the IoT device, the method further includes: sending an IoT device query request to the blockchain node device; the IoT device query request is used to obtain all The security evaluation result of the Internet of Things device; correspondingly, the sending an encrypted device call request to the Internet of Things device includes: if the security evaluation result fed back by the blockchain node device is a security device, sending an encrypted device call request to the Internet of Things device. Encrypted device call request.
在一些实施方式中,所述授权信息包括所述物联网设备利用设备私钥加密后的信息;所述接收物联网设备反馈的授权信息之后,还包括:向区块链节点设备发送设备公钥获取请求;所述设备公钥获取请求用于获取所述物联网设备上传至所述区块链节点设备中的设备公钥;接收所述区块链节点设备反馈的设备公钥;若利用所述设备公钥实现对所述授权信息的解密,利用所述客户端调用物联网设备。In some embodiments, the authorization information includes information encrypted by the IoT device using the device private key; after receiving the authorization information fed back by the IoT device, the authorization further includes: sending the device public key to the blockchain node device Acquisition request; the device public key acquisition request is used to acquire the device public key uploaded by the IoT device to the blockchain node device; receive the device public key fed back by the blockchain node device; The device public key is used to decrypt the authorization information, and the client is used to call the IoT device.
本说明书实施例还提出一种基于区块链的物联网设备可信调用装置,包括:加密模块,用于利用终端私钥对设备调用请求进行加密;所述设备调用请求包括客户端生成的请求;请求发送模块,用于向物联网设备发送加密后的设备调用请求,以使所述物联网设备在接收到所述设备调用请求后向区块链节点设备发送终端公钥获取请求,并接收所述区块链节点设备反馈的终端公钥;所述终端公钥包括用户终端上传至所述区块链节点设备中的终端公钥;信息接收模块,用于接收物联网设备反馈的授权信息,以使所述客户端调用所述物联网设备;所述授权信息包括物联网设备在利用所述终端公钥实现对所述加密后的设备调用请求的解密后生成的信息。The embodiments of this specification also propose a blockchain-based trusted invocation device for IoT devices, including: an encryption module for encrypting a device invocation request using a terminal private key; the device invocation request includes a request generated by a client The request sending module is used to send an encrypted device invocation request to the Internet of Things device, so that the Internet of Things device sends a terminal public key acquisition request to the blockchain node device after receiving the device invocation request, and receives The terminal public key fed back by the blockchain node device; the terminal public key includes the terminal public key uploaded by the user terminal to the blockchain node device; the information receiving module is used to receive authorization information fed back by the IoT device , so that the client can invoke the IoT device; the authorization information includes information generated by the IoT device after decrypting the encrypted device invocation request by using the terminal public key.
本说明书实施例还提出一种用户终端,包括存储器和处理器;所述存储器,用于存储计算机程序指令;所述处理器,用于执行所述计算机程序指令以实现以下步骤:利用终端私钥对设备调用请求进行加密;所述设备调用请求包括客户端生成的请求;向物联网设备发送加密后的设备调用请求,以使所述物联网设备在接收到所述设备调用请求后向区块链节点设备发送终端公钥获取请求,并接收所述区块链节点设备反馈的终端公钥;所述终端公钥包括用户终端上传至所述区块链节点设备中的终端公钥;接收物联网设备反馈的授权信息,以使所述客户端调用所述物联网设备;所述授权信息包括物联网设备在利用所述终端公钥实现对所述加密后的设备调用请求的解密后生成的信息。The embodiments of this specification also provide a user terminal, including a memory and a processor; the memory is used to store computer program instructions; the processor is used to execute the computer program instructions to realize the following steps: using the terminal private key Encrypt the device invocation request; the device invocation request includes a request generated by the client; send the encrypted device invocation request to the Internet of Things device, so that the Internet of Things device receives the device invocation request to the block The chain node device sends a terminal public key acquisition request, and receives the terminal public key fed back by the blockchain node device; the terminal public key includes the terminal public key uploaded by the user terminal to the blockchain node device; the receiver The authorization information fed back by the networked device, so that the client can call the Internet of Things device; the authorization information includes the authorization information generated by the Internet of Things device after decrypting the encrypted device call request by using the terminal public key information.
由以上本说明书实施例提供的技术方案可见,本说明书实施例利用区块链网络中所存储的终端公钥对加密后的设备调用请求进行解密,并在解密成功时授予用户终端调用物联网设备的权限,基于数字签名技术实现了对用户终端身份的校验,避免了在用户终端被劫持时仍然授予其调用设备的权利,确保了调用过程的安全性。It can be seen from the technical solutions provided by the above embodiments of this specification that the embodiments of this specification use the terminal public key stored in the blockchain network to decrypt the encrypted device call request, and grant the user terminal to call the IoT device when the decryption is successful. Based on the digital signature technology, the identity verification of the user terminal is realized, which avoids the right to call the device when the user terminal is hijacked, and ensures the security of the calling process.
附图说明Description of drawings
为了更清楚地说明本说明书实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本说明书中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present specification or the prior art, the following briefly introduces the accompanying drawings required in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments described in this specification. For those of ordinary skill in the art, other drawings can also be obtained based on these drawings without any creative effort.
图1为本说明书实施例一种物联网设备调用系统的框架图;FIG. 1 is a frame diagram of an IoT device calling system according to an embodiment of this specification;
图2为本说明书实施例一种基于区块链的物联网设备安全调用方法的流程图;FIG. 2 is a flowchart of a blockchain-based IoT device security invocation method according to an embodiment of this specification;
图3为本说明书实施例一种基于区块链的物联网设备安全调用方法的流程图;3 is a flowchart of a blockchain-based IoT device security calling method according to an embodiment of this specification;
图4为本说明书实施例一种基于区块链的物联网设备安全调用方法的流程图;4 is a flowchart of a blockchain-based IoT device security calling method according to an embodiment of this specification;
图5为本说明书实施例一种基于区块链的物联网设备可信调用方法的流程图;5 is a flowchart of a blockchain-based trusted calling method for IoT devices according to an embodiment of this specification;
图6为本说明书实施例一种基于区块链的物联网设备可信调用方法的流程图;6 is a flowchart of a blockchain-based trusted calling method for IoT devices according to an embodiment of this specification;
图7为本说明书实施例一种基于区块链的物联网设备可信调用方法的流程图;7 is a flowchart of a blockchain-based trusted calling method for IoT devices according to an embodiment of this specification;
图8为本说明书实施例一种基于区块链的物联网设备安全调用装置的模块图;FIG. 8 is a block diagram of a block chain-based IoT device security invocation device according to an embodiment of this specification;
图9为本说明书实施例一种基于区块链的物联网设备安全调用装置的模块图;FIG. 9 is a block diagram of a block chain-based IoT device security invocation device according to an embodiment of this specification;
图10为本说明书实施例一种基于区块链的物联网设备可信调用装置的模块图;10 is a block diagram of a blockchain-based trusted invocation device for IoT devices according to an embodiment of this specification;
图11为本说明书实施例一种基于区块链的物联网设备可信调用装置的模块图;11 is a block diagram of a blockchain-based trusted invocation device for IoT devices according to an embodiment of this specification;
图12为本说明书实施例一种物联网设备的结构图;FIG. 12 is a structural diagram of an Internet of Things device according to an embodiment of this specification;
图13为本说明书实施例一种用户终端的结构图。FIG. 13 is a structural diagram of a user terminal according to an embodiment of the present specification.
具体实施方式Detailed ways
下面将结合本说明书实施例中的附图,对本说明书实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本说明书一部分实施例,而不是全部的实施例。基于本说明书中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本说明书保护的范围。The technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present specification. Obviously, the described embodiments are only a part of the embodiments of the present specification, rather than all the embodiments. Based on the embodiments in this specification, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the protection scope of this specification.
为了更好地理解本申请的发明构思,首先介绍本说明书实施例中的一种物联网设备调用系统。如图1所示,所述物联网设备调用系统100包括物联网设备110、用户终端120和区块链节点设备130。In order to better understand the inventive concept of the present application, an IoT device calling system in the embodiments of this specification is first introduced. As shown in FIG. 1 , the IoT device calling system 100 includes an IoT device 110 , a user terminal 120 and a blockchain node device 130 .
物联网是通过传感设备按照约定的协议,把各种网络连接起来,进行信息交换和通信,以实现智能化识别、定位、跟踪、监控和管理的一种网络。从逻辑结构上看,物联网大致可以由感知层、网络层和应用层3个层面构成,处于底层的感知层主要通过传感器网络实现,它借助RFID和传感器等对物件信息进行采集和控制,通过传感网将一组传感器的信息汇集,并传送到核心网络。网络层主要由现有基础网络构成,它承担物与物的互联。物联网可用的基础网络可以有很多种,根据应用的需要可以是公共通信网、行业专网甚至是新建的专用于物联网的通信网。处于高层的应用层主要负责信息的处理、决策支持以及业务应用服务。The Internet of Things is a kind of network that connects various networks through sensing devices according to the agreed protocol, exchanges and communicates information, and realizes intelligent identification, positioning, tracking, monitoring and management. From the perspective of logical structure, the Internet of Things can be roughly composed of three layers: the perception layer, the network layer and the application layer. The perception layer at the bottom is mainly realized through the sensor network. It collects and controls the object information with the help of RFID and sensors. The sensor network aggregates information from a set of sensors and transmits it to the core network. The network layer is mainly composed of the existing basic network, which is responsible for the interconnection of things. There are many basic networks available for the Internet of Things. According to the needs of the application, it can be a public communication network, an industry-specific network, or even a newly built communication network dedicated to the Internet of Things. The high-level application layer is mainly responsible for information processing, decision support and business application services.
所述物联网设备110即为连接至物联网中的设备。通过物联网,用户能够通过终端设备远程获取所述物联网设备中的感知数据或所述物联网设备自身的数据。在所述物联网设备具备一定的可操纵性的情况下,通过向所述物联网设备发送指令也能够在一定程度上控制所述物联网设备。例如,在所述物联网设备为智能摄像头时,所述智能摄像头能够基于自身的摄像组件采集视频数据,并将所述视频数据存储于自身的存储模块或传输至云服务器中,使得用户能够通过APP或网页获取到所述视频数据。所述物联网设备不限于上述示例,例如还可以是智能家居机器人等,对此不做赘述。The IoT device 110 is a device connected to the IoT. Through the Internet of Things, a user can remotely acquire the sensing data in the Internet of Things device or the data of the Internet of Things device itself through a terminal device. Under the condition that the IoT device has certain maneuverability, the IoT device can also be controlled to a certain extent by sending an instruction to the IoT device. For example, when the IoT device is a smart camera, the smart camera can collect video data based on its own camera components, and store the video data in its own storage module or transmit it to a cloud server, so that users can The APP or web page acquires the video data. The IoT device is not limited to the above examples, for example, it may also be a smart home robot, etc., which will not be described in detail.
所述用户终端120即为用户所使用的设备。所述用户终端例如可以是智能手机、PC机、智能穿戴设备、服务器等。所述用户终端120可以实现与所述物联网设备之间的通信,从而实现相关指令的发送和接收。所述用户终端上设置有客户端,所述客户端可以是对所述物联网设备110进行调用的小程序、APP、软件程序、网页客户端等。在本说明书实施例中,为了确保物联网设备的安全性,需要对所述客户端的安全性进行验证。The user terminal 120 is the device used by the user. The user terminal may be, for example, a smart phone, a PC, a smart wearable device, a server, and the like. The user terminal 120 can implement communication with the IoT device, so as to implement sending and receiving of related instructions. The user terminal is provided with a client, and the client may be a small program, an APP, a software program, a web client, or the like that calls the IoT device 110 . In the embodiments of this specification, in order to ensure the security of the IoT device, the security of the client needs to be verified.
区块链是一种按照时间先后顺序,将多个数据区块以链式结构进行组织,并以密码学算法保证安全、可追溯、且不可篡改的分布式账本。所述区块链节点设备130可以用于构建区块链网络。所述区块链可以包括公有区块链、联合区块链(也称为联盟区块链)、私有区块链等等。所述分布式账本即由区块链网络中的多个区块链节点设备130共同维护。所述区块链网络由多个区块链节点设备通过共识机制形成。所述区块链网络例如可以包括P2P网络(peer-to-peer network)等。所述共识机制可以基于工作量证明(Proof of Work,POW)、权益证明(Proof of Stake,POS)、股份授权证明(Delegated Proof of Stake,DPOS)、或拜占庭容错(Practical Byzantine Fault Tolerance,PBFT)等算法实现。具体的,多个服务方可以设立多个区块链节点设备。所述多个区块链节点设备可以基于区块链技术建立区块链网络。例如,多个提供第三方支付服务的企业可以设立多个区块链节点设备。所述多个区块链节点设备可以基于区块链技术建立所述区块链网络。Blockchain is a distributed ledger that organizes multiple data blocks in a chain structure in chronological order, and uses cryptographic algorithms to ensure security, traceability, and non-tampering. The blockchain node device 130 can be used to construct a blockchain network. The blockchains may include public blockchains, federated blockchains (also known as consortium blockchains), private blockchains, and the like. The distributed ledger is jointly maintained by multiple blockchain node devices 130 in the blockchain network. The blockchain network is formed by a plurality of blockchain node devices through a consensus mechanism. The blockchain network may include, for example, a P2P network (peer-to-peer network) and the like. The consensus mechanism may be based on Proof of Work (POW), Proof of Stake (POS), Delegated Proof of Stake (DPOS), or Practical Byzantine Fault Tolerance (PBFT) Algorithms are implemented. Specifically, multiple service parties can set up multiple blockchain node devices. The plurality of blockchain node devices may establish a blockchain network based on blockchain technology. For example, multiple companies that provide third-party payment services can set up multiple blockchain node devices. The plurality of blockchain node devices may establish the blockchain network based on the blockchain technology.
在本说明书实施例中,物联网设备110和用户终端120可以将用于验证的信息,例如设备标识等,或者对信息进行加密和解密的密钥,存储至所述区块链节点设备中。由于存储至区块链中的信息具有不可被篡改的特性,确保了存储至区块链节点设备中的验证信息的正确性,从而能够利用所述验证信息实现对于设备身份的验证。In the embodiment of this specification, the IoT device 110 and the user terminal 120 may store information used for verification, such as device identification, or a key for encrypting and decrypting information, in the blockchain node device. Since the information stored in the blockchain has the property that it cannot be tampered with, the correctness of the verification information stored in the blockchain node device is ensured, so that the verification information can be used to realize the verification of the device identity.
基于上述物联网设备调用系统,本说明书实施例提出一种基于区块链的物联网设备安全调用方法,所述物联网设备调用方法的执行主体为所述物联网设备调用系统。如图2所示,所述基于区块链的物联网设备安全调用方法包括以下步骤。Based on the above-mentioned IoT device invocation system, the embodiments of this specification propose a blockchain-based IoT device security invocation method, where the execution subject of the IoT device invocation method is the Internet of Things device invocation system. As shown in FIG. 2 , the blockchain-based method for invoking IoT devices safely includes the following steps.
S210:用户终端将设备调用请求发送至物联网设备。S210: The user terminal sends the device invocation request to the IoT device.
设备调用请求即为获取调用物联网设备的权限的请求。所述设备调用请求可以是由所述用户终端上的第一客户端所生成的请求。所述第一客户端可以是所述用户终端上的对应于物联网设备的客户端。由于所述用户终端可能会被不法分子劫持,从而篡改第一客户端的程序,进而危害物联网设备,因此,需要对所述第一客户端进行验证。A device invocation request is a request to obtain permission to invoke an IoT device. The device invocation request may be a request generated by a first client on the user terminal. The first client may be a client on the user terminal corresponding to an Internet of Things device. Since the user terminal may be hijacked by criminals, thereby tampering with the program of the first client, and thus endangering the IoT device, the first client needs to be authenticated.
在一些实施方式中,所述设备调用请求中包含所述第一客户端的第一客户端标识。所述第一客户端标识用于标识所述第一客户端的身份信息或环境特征。In some embodiments, the device invocation request includes a first client identifier of the first client. The first client identifier is used to identify identity information or environmental characteristics of the first client.
在一个具体的示例中,所述第一客户端标识包括对所述第一客户端的程序和/或插件加密后得到的摘要。具体的,可以是将app中的可执行程序、文件和合法插件利用Hash算法中的SHA256进行加密以得到所述摘要。In a specific example, the first client identifier includes a digest obtained by encrypting the program and/or plug-in of the first client. Specifically, the executable program, files and legal plug-ins in the app may be encrypted by using SHA256 in the Hash algorithm to obtain the digest.
在另一个具体的示例中,所述第一客户端标识可以是所述用户终端的IP地址。所述第一客户端标识不限于上述示例,本领域技术人员基于本申请的技术方案所提出的其他第一客户端标识的示例均在本申请的保护范围内。In another specific example, the first client identifier may be the IP address of the user terminal. The first client identifier is not limited to the above examples, and other examples of the first client identifier proposed by those skilled in the art based on the technical solutions of the present application are all within the protection scope of the present application.
由于在实际应用的过程中,物理网设备也可能会存在基于自身漏洞被不法分子劫持的风险,因此,在一些实施方式中,为了确保物联网设备的安全性,在发送设备调用请求之前,可以先判断所述物联网设备是否安全。In the process of practical application, physical network devices may also be at risk of being hijacked by criminals based on their own vulnerabilities. Therefore, in some embodiments, in order to ensure the security of IoT devices, before sending a device call request, you can First determine whether the IoT device is safe.
在该实施方式中,针对所述物联网设备存在安全评价结果。所述安全评价结果即为针对所述物联网设备的安全性进行评价后所得到的结果。具体的评价过程可以由本领域技术人员根据实际应用的需求进行实施,在此不再赘述。所述安全评价结果例如可以包含安全设备和高危设备。安全设备表示所述物联网设备不存在对数据安全性或设备控制权限造成较大影响的漏洞,可以向所述物联网设备发送设备调用请求;高危设备表示所述物联网设备存在对于安全性影响较高的漏洞,与所述物联网设备之间进行交互可能存在较高风险。对于所述安全评价结果的分类还可以具有其他方式,本领域技术人员根据实际情况可以进行相应调整,在此不再赘述。In this embodiment, there is a security evaluation result for the IoT device. The security evaluation result is the result obtained after evaluating the security of the IoT device. The specific evaluation process can be implemented by those skilled in the art according to the requirements of practical applications, and details are not repeated here. The safety evaluation result may include, for example, safety equipment and high-risk equipment. A secure device indicates that the IoT device does not have a vulnerability that has a greater impact on data security or device control authority, and can send a device call request to the IoT device; a high-risk device indicates that the IoT device has an impact on security. Higher vulnerability, there may be higher risk of interaction with the IoT device. There may also be other ways for the classification of the safety evaluation result, and those skilled in the art can make corresponding adjustments according to the actual situation, which will not be repeated here.
因此,在本实施方式中,用户终端将所述设备调用请求发送至物联网设备之前,还可以向所述区块链节点设备发送物联网设备查询请求,以获取所述物联网设备的安全评价结果,并在安全评价结果为安全设备时,将所述设备调用请求发送至所述物联网设备;在安全评价结果为高危设备时,不再向所述物联网设备发送设备调用请求,若存在调用物联网设备的需求,可以向其他较为安全的物联网设备发送设备调用请求。Therefore, in this embodiment, before sending the device call request to the IoT device, the user terminal may also send the IoT device query request to the blockchain node device to obtain the security evaluation of the IoT device When the safety evaluation result is a safety device, the device invocation request is sent to the Internet of Things device; when the safety evaluation result is a high-risk device, the device invocation request is no longer sent to the Internet of Things device. To meet the needs of invoking IoT devices, you can send device invocation requests to other relatively secure IoT devices.
S220:物联网设备向区块链节点设备发送第二客户端标识获取请求。S220: The IoT device sends a second client identifier acquisition request to the blockchain node device.
物联网设备在接收到所述设备调用请求后,可以向区块链节点设备发送第二客户端标识获取请求。所述第二客户端标识获取请求用于获取第二客户端标识。所述第二客户端标识存储于所述区块链节点设备中。After receiving the device invocation request, the IoT device may send a second client identification acquisition request to the blockchain node device. The second client identifier acquisition request is used to acquire the second client identifier. The second client identifier is stored in the blockchain node device.
所述第二客户端标识是对应于第二客户端的标识。所述第二客户端是具备调用物联网设备的权限的客户端。例如,所述第二客户端可以是开发人员开发并测试通过的客户端,此时的客户端不存在被不法分子篡改的可能,也能够实现对应的功能,相应的具备较高的安全性,可以作为第二客户端。The second client identification is an identification corresponding to the second client. The second client is a client that has the authority to call the IoT device. For example, the second client may be a client developed and tested by a developer. At this time, the client is not likely to be tampered with by criminals, and can also implement corresponding functions, and has correspondingly high security. Can be used as a second client.
所述第二客户端标识的类型与所述第一客户端标识的类型相对应。例如,在所述第一客户端标识为IP地址时,所获取的第二客户端标识为所述用户终端的历史登录IP地址中出现频次最高的IP地址,即该IP地址为用户一般情况下所使用的IP地址,在不符合该IP地址的情况下可能在较为危险的环境中登录;所述第一客户端标识为第一客户端的程序的摘要时,所获取的第二客户端标识为第二客户端的程序的摘要。具体的对应类型可以基于实际应用进行调整,在此不做赘述。The type of the second client identification corresponds to the type of the first client identification. For example, when the first client identifier is an IP address, the acquired second client identifier is the IP address with the highest frequency among the historical login IP addresses of the user terminal, that is, the IP address is the user's normal The IP address used may log in in a more dangerous environment if it does not conform to the IP address; when the first client is identified as a summary of the program of the first client, the obtained second client is identified as A summary of the program for the second client. The specific corresponding type can be adjusted based on the actual application, which is not repeated here.
S230:区块链节点设备向物联网设备反馈第二客户端标识。S230: The blockchain node device feeds back the second client identifier to the IoT device.
区块链节点设备在接收到所述第二客户端标识获取请求,可以通过查询区块链网络中所存储的数据得到第二客户端标识,并将所述第二客户端标识反馈至所述物联网设备。When the blockchain node device receives the second client identification acquisition request, it can obtain the second client identification by querying the data stored in the blockchain network, and feed back the second client identification to the IoT devices.
S240:物联网设备判断第一客户端标识与第二客户端标识是否匹配。S240: The IoT device determines whether the first client identifier matches the second client identifier.
物联网设备在接收到所述第二客户端标识后,判断所述第一客户端标识与所述第二客户端标识是否匹配。匹配过程例如可以是判断所述第一客户端标识与所述第二客户端标识是否相同,也可以是所述第一客户端标识与所述第二客户端标识在预先设置的比较部分上是否相同。具体的比较过程可以基于所述第一客户端标识和第二客户端标识的类型而确定,在此不再赘述。After receiving the second client identifier, the IoT device determines whether the first client identifier matches the second client identifier. The matching process may be, for example, judging whether the first client identification and the second client identification are the same, or whether the first client identification and the second client identification are in a preset comparison part. same. The specific comparison process may be determined based on the types of the first client identifier and the second client identifier, and details are not described herein again.
S250:若匹配,物联网设备向用户终端发送授权信息。S250: If there is a match, the IoT device sends authorization information to the user terminal.
若匹配,表示所述第一客户端并未被篡改,或是所述第一客户端的应用环境较为安全,第一客户端在调用物联网设备时发送恶意指令的可能性较低,可以授予所述第一客户端调用物联网设备的权限。因此,可以向用户终端发送授权信息,所述授权信息,即允许所述第一客户端调用所述物联网设备。If it matches, it means that the first client has not been tampered with, or the application environment of the first client is relatively secure, and the first client is less likely to send malicious instructions when calling the IoT device, and can grant the Describe the authority of the first client to call the IoT device. Therefore, authorization information can be sent to the user terminal, and the authorization information allows the first client to call the IoT device.
在另一些实施方式中,所述第一客户端标识与所述第二客户端标识可能会不匹配,则表明所述第一客户端可能被不法分子篡改,或用户终端处于不安全的应用环境中,若授予第一客户端调用物联网设备的权限可能存在较高的风险。因此,可以反馈警示信息至所述用户终端,所述警示信息,用于提醒用户所述第一客户端缺乏安全性。In some other implementations, the first client identifier may not match the second client identifier, indicating that the first client may be tampered with by criminals, or the user terminal is in an insecure application environment , if the first client is granted the permission to call the IoT device, there may be a high risk. Therefore, warning information can be fed back to the user terminal, and the warning information is used to remind the user that the first client terminal lacks security.
若所述第一客户端标识与所述第二客户端标识不匹配,所述物联网设备还可以将所述第一客户端标识作为高危客户端标识发送至区块链节点设备,以使关联于所述区块链网络的用户终端接收到所述高危客户端标识,进而能够对自身进行排查和检验。If the first client identifier does not match the second client identifier, the IoT device may also send the first client identifier as a high-risk client identifier to the blockchain node device, so as to associate The user terminal in the blockchain network receives the high-risk client identifier, and can then check and test itself.
上述方法通过对第一客户端标识和存储至区块链网络中的第二客户端标识进行比对,实现了对所述第一客户端的验证,避免了由于第一客户端被篡改或用户终端处于危险的应用环境中对第一客户端所造成的影响,确保了设备调用的安全性。The above method realizes the verification of the first client by comparing the first client identifier with the second client identifier stored in the blockchain network, and avoids the first client being tampered with or the user terminal being tampered with. The impact on the first client in a dangerous application environment ensures the security of device calls.
根据图2所对应的基于区块链的物联网设备安全调用方法,本说明书实施例还提出一种基于区块链的物联网设备安全调用方法。所述基于区块链的物联网设备安全调用方法的执行主体为所述物联网设备,如图3所示,所述基于区块链的物联网设备安全调用方法包括以下具体步骤。According to the blockchain-based IoT device security invocation method corresponding to FIG. 2 , an embodiment of this specification further proposes a blockchain-based IoT device security invocation method. The execution subject of the blockchain-based IoT device security invocation method is the IoT device. As shown in FIG. 3 , the blockchain-based IoT device security invocation method includes the following specific steps.
S310:接收用户终端发送的设备调用请求;所述设备调用请求包括由所述用户终端上的第一客户端生成的请求;所述设备调用请求中包含所述第一客户端的第一客户端标识。S310: Receive a device invocation request sent by a user terminal; the device invocation request includes a request generated by a first client on the user terminal; the device invocation request includes a first client identifier of the first client .
对于该步骤的介绍可以参照步骤S210中的描述,在此不再赘述。For the introduction of this step, reference may be made to the description in step S210, which is not repeated here.
S320:向区块链节点设备发送第二客户端标识获取请求;所述区块链节点设备中存储有第二客户端标识。S320: Send a second client identifier acquisition request to the blockchain node device; the blockchain node device stores the second client identifier.
对于该步骤的介绍可以参照步骤S220中的描述,在此不再赘述。For the introduction of this step, reference may be made to the description in step S220, which will not be repeated here.
S330:接收所述区块链节点设备反馈的第二客户端标识;所述第二客户端标识包括第二客户端对应的客户端标识;所述第二客户端具备调用物联网设备的权限。S330: Receive a second client identifier fed back by the blockchain node device; the second client identifier includes a client identifier corresponding to the second client; the second client has the authority to call the IoT device.
对于该步骤的介绍可以参照步骤S230中的描述,在此不再赘述。For the introduction of this step, reference may be made to the description in step S230, which will not be repeated here.
S340:若所述第一客户端标识与所述第二客户端标识相匹配,向所述用户终端反馈授权信息,以使所述第一客户端调用所述物联网设备。S340: If the first client identifier matches the second client identifier, feedback authorization information to the user terminal, so that the first client can call the IoT device.
对于该步骤的介绍可以参照步骤S240、S250中的描述,在此不再赘述。For the introduction of this step, reference may be made to the description in steps S240 and S250, which will not be repeated here.
根据图2所对应的基于区块链的物联网设备安全调用方法,本说明书实施例还提出一种基于区块链的物联网设备安全调用方法。所述基于区块链的物联网设备安全调用方法的执行主体为所述用户终端,如图4所示,所述基于区块链的物联网设备安全调用方法包括以下具体步骤。According to the blockchain-based IoT device security invocation method corresponding to FIG. 2 , an embodiment of this specification further proposes a blockchain-based IoT device security invocation method. The execution subject of the blockchain-based IoT device security invocation method is the user terminal. As shown in FIG. 4 , the blockchain-based IoT device security invocation method includes the following specific steps.
S410:获取第一客户端生成的设备调用请求;所述设备调用请求中包含所述第一客户端的第一客户端标识。S410: Obtain a device invocation request generated by a first client; the device invocation request includes a first client identifier of the first client.
对于该步骤的介绍可以参照步骤S210中的描述,在此不再赘述。For the introduction of this step, reference may be made to the description in step S210, which is not repeated here.
S420:将所述设备调用请求发送至物联网设备,以使所述物联网设备向区块链节点设备发送第二客户端标识获取请求,并接收所述区块链节点设备所反馈的第二客户端标识;所述第二客户端标识包括第二客户端对应的客户端标识;所述第二客户端具备调用物联网设备的权限。S420: Send the device invocation request to the Internet of Things device, so that the Internet of Things device sends a second client identifier acquisition request to the blockchain node device, and receives the second client identifier returned by the blockchain node device. A client identifier; the second client identifier includes a client identifier corresponding to the second client; the second client has the authority to call the IoT device.
对于该步骤的介绍可以参照步骤S210、S220、S230、S240中的描述,在此不再赘述。For the introduction of this step, reference may be made to the descriptions in steps S210 , S220 , S230 and S240 , which will not be repeated here.
S430:接收物联网设备反馈的授权信息,以使所述第一客户端调用所述物联网设备;所述授权信息包括物联网设备在所述第一客户端标识与所述第二客户端标识相匹配的所生成的信息。S430: Receive authorization information fed back by the Internet of Things device, so that the first client can call the Internet of Things device; the authorization information includes the identity of the Internet of Things device in the first client and the identity of the second client match the generated information.
对于该步骤的介绍可以参照步骤S250中的描述,在此不再赘述。For the introduction of this step, reference may be made to the description in step S250, which will not be repeated here.
基于上述物联网设备调用系统,本说明书实施例还提出一种基于区块链的物联网设备可信调用方法,所述物联网设备可信调用方法的执行主体为所述物联网设备调用系统。如图5所示,所述基于区块链的物联网设备可信调用方法包括以下步骤。Based on the above IoT device invocation system, the embodiments of this specification also propose a blockchain-based IoT device trusted invocation method, where the execution subject of the IoT device trusted invocation method is the IoT device invocation system. As shown in FIG. 5 , the blockchain-based method for trusted invocation of IoT devices includes the following steps.
S510:用户终端生成设备调用请求。S510: The user terminal generates a device invocation request.
设备调用请求即为获取调用物联网设备的权限的请求。所述设备调用请求可以是由所述用户终端上的客户端所生成的请求。A device invocation request is a request to obtain permission to invoke an IoT device. The device invocation request may be a request generated by a client on the user terminal.
在一些实施方式中,所述设备调用请求可以是利用用户终端保存的终端私钥进行加密后所得到的请求。终端私钥对应有终端公钥。所述终端私钥存储在用户终端上,所述终端公钥存储在区块链网络中。在终端私钥不被篡改的情况下,利用终端公钥能够对终端私钥所加密的信息进行解密,从而可以根据能否利用终端公钥进行解密判断设备是否被篡改。In some embodiments, the device invocation request may be a request obtained by encrypting the terminal private key saved by the user terminal. The terminal private key corresponds to the terminal public key. The terminal private key is stored on the user terminal, and the terminal public key is stored in the blockchain network. When the terminal private key has not been tampered with, the information encrypted by the terminal private key can be decrypted using the terminal public key, so that whether the device has been tampered can be determined according to whether the terminal public key can be used for decryption.
由于在实际应用的过程中,物理网设备也可能会存在基于自身漏洞被不法分子劫持的风险,因此,在一些实施方式中,为了确保物联网设备的安全性,在发送设备调用请求之前,可以先判断所述物联网设备是否安全。In the process of practical application, physical network devices may also be at risk of being hijacked by criminals based on their own vulnerabilities. Therefore, in some embodiments, in order to ensure the security of IoT devices, before sending a device call request, you can First determine whether the IoT device is safe.
在该实施方式中,针对所述物联网设备存在安全评价结果。所述安全评价结果即为针对所述物联网设备的安全性进行评价后所得到的结果。具体的评价过程可以由本领域技术人员根据实际应用的需求进行实施,在此不再赘述。所述安全评价结果例如可以包含安全设备和高危设备。安全设备表示所述物联网设备不存在对数据安全性或设备控制权限造成较大影响的漏洞,可以向所述物联网设备发送设备调用请求;高危设备表示所述物联网设备存在对于安全性影响较高的漏洞,与所述物联网设备之间进行交互可能存在较高风险。对于所述安全评价结果的分类还可以具有其他方式,本领域技术人员根据实际情况可以进行相应调整,在此不再赘述。In this embodiment, there is a security evaluation result for the IoT device. The security evaluation result is the result obtained after evaluating the security of the IoT device. The specific evaluation process can be implemented by those skilled in the art according to the requirements of practical applications, and details are not repeated here. The safety evaluation result may include, for example, safety equipment and high-risk equipment. A secure device indicates that the IoT device does not have a vulnerability that has a greater impact on data security or device control authority, and can send a device call request to the IoT device; a high-risk device indicates that the IoT device has an impact on security. Higher vulnerability, there may be higher risk of interaction with the IoT device. There may also be other ways for the classification of the safety evaluation result, and those skilled in the art can make corresponding adjustments according to the actual situation, which will not be repeated here.
因此,在本实施方式中,用户终端将所述设备调用请求发送至物联网设备之前,还可以向所述区块链节点设备发送物联网设备查询请求,以获取所述物联网设备的安全评价结果,并在安全评价结果为安全设备时,将所述设备调用请求发送至所述物联网设备;在安全评价结果为高危设备时,不再向所述物联网设备发送设备调用请求,若存在调用物联网设备的需求,可以向其他较为安全的物联网设备发送设备调用请求。Therefore, in this embodiment, before sending the device call request to the IoT device, the user terminal may also send the IoT device query request to the blockchain node device to obtain the security evaluation of the IoT device When the safety evaluation result is a safety device, the device invocation request is sent to the Internet of Things device; when the safety evaluation result is a high-risk device, the device invocation request is no longer sent to the Internet of Things device. To meet the needs of invoking IoT devices, you can send device invocation requests to other relatively secure IoT devices.
S520:用户终端将所述设备调用请求发送至物联网设备。S520: The user terminal sends the device invocation request to the IoT device.
在生成所述设备调用请求后,用户终端可以将所述设备调用请求发送至物联网设备。After generating the device invocation request, the user terminal may send the device invocation request to the Internet of Things device.
S530:物联网设备向区块链节点设备发送终端公钥获取请求。S530: The IoT device sends a terminal public key acquisition request to the blockchain node device.
物联网设备在接收到所述设备调用请求后,可以向区块链节点设备发送终端公钥获取请求。所述终端公钥获取请求用于获取终端公钥。所述终端公钥存储于所述区块链节点设备中。利用所述终端公钥能够对对应的终端私钥所加密的信息进行解密,从而实现用户身份的判断。After receiving the device call request, the IoT device can send a terminal public key acquisition request to the blockchain node device. The terminal public key acquisition request is used to acquire the terminal public key. The terminal public key is stored in the blockchain node device. The information encrypted by the corresponding terminal private key can be decrypted by using the terminal public key, so as to realize the judgment of the user identity.
在一些实施方式中,在获取终端公钥之前,物联网设备可以向区块链节点设备发送终端查询请求,以获取所述用户终端的安全评价结果。若所述区块链节点设备反馈的安全评价结果为安全设备,向区块链节点设备发送终端公钥获取请求。若所述区块链节点设备反馈的安全评价结果不是安全设备,则表明所述用户终端可能存在风险,可以直接拒绝所述设备调用请求。In some embodiments, before obtaining the terminal public key, the IoT device may send a terminal query request to the blockchain node device to obtain the security evaluation result of the user terminal. If the security evaluation result fed back by the blockchain node device is a security device, send a terminal public key acquisition request to the blockchain node device. If the security evaluation result fed back by the blockchain node device is not a security device, it indicates that the user terminal may be at risk, and the device call request can be directly rejected.
S540:区块链节点设备反馈终端公钥至物联网设备。S540: The blockchain node device feeds back the terminal public key to the IoT device.
区块链节点设备在接收到所述终端公钥获取请求后,可以通过查询区块链网络中所存储的数据得到终端公钥,并将所述终端公钥反馈至所述物联网设备。After receiving the terminal public key acquisition request, the blockchain node device can obtain the terminal public key by querying the data stored in the blockchain network, and feed back the terminal public key to the IoT device.
S550:物联网设备判断能否利用所述终端公钥实现对所述设备调用请求的解密。S550: The IoT device determines whether the terminal public key can be used to decrypt the device call request.
在获取到所述终端公钥后,所述物联网设备可以利用所述终端公钥尝试对所述设备调用请求进行解密。由于所述终端公钥被存储于区块链网络中,具有不可被篡改的性质,因此在终端私钥未被改变的情况下,利用所述终端公钥能够对设备调用请求进行解密以验证所述用户终端的身份。After obtaining the terminal public key, the Internet of Things device can try to decrypt the device call request by using the terminal public key. Since the terminal public key is stored in the blockchain network and cannot be tampered with, the terminal public key can be used to decrypt the device call request to verify the Describe the identity of the user terminal.
S560:若能实现,物联网设备向用户终端反馈授权信息。S560: If it can be realized, the IoT device feeds back authorization information to the user terminal.
若能实现,表示所述客户端所使用的终端私钥是正确的私钥,所述客户端是对应于物联网设备的客户端,并未被不法分子所替换,客户端在调用物联网设备时发送恶意指令的可能性较低,可以授予所述客户端调用物联网设备的权限。因此,可以向用户终端发送授权信息,所述授权信息,即允许所述客户端调用所述物联网设备。If it can be realized, it means that the terminal private key used by the client is the correct private key, the client is the client corresponding to the IoT device and has not been replaced by criminals, and the client is calling the IoT device. When the possibility of sending malicious instructions is low, the client can be granted the authority to call the IoT device. Therefore, authorization information can be sent to the user terminal, and the authorization information allows the client to call the IoT device.
在另一些实施方式中,若利用所述终端公钥无法解密所述设备调用请求,则表明所述客户端可能被不法分子篡改,或用户终端处于不安全的应用环境中,若授予客户端调用物联网设备的权限可能存在较高的风险。因此,可以反馈警示信息至所述用户终端,所述警示信息,用于提醒用户所述客户端缺乏安全性。In other embodiments, if the device invocation request cannot be decrypted using the terminal public key, it indicates that the client may be tampered with by criminals, or the user terminal is in an insecure application environment. Permissions for IoT devices can be risky. Therefore, warning information can be fed back to the user terminal, and the warning information is used to remind the user that the client terminal lacks security.
若利用所述终端公钥无法解密所述设备调用请求,所述物联网设备还可以将所述用户终端对应的终端标识作为高危设备标识发送至区块链节点设备,以使关联于所述区块链网络的用户终端接收到所述高危设备标识,进而避免与所述用户终端进行交流,提升安全性。If the device invocation request cannot be decrypted by using the terminal public key, the IoT device may also send the terminal identifier corresponding to the user terminal as a high-risk device identifier to the blockchain node device, so that the device associated with the zone The user terminal of the blockchain network receives the high-risk device identifier, thereby avoiding communication with the user terminal and improving security.
在一些实施方式中,所述授权信息可以是物联网设备对私钥加密后的信息,在接收到所述授权信息之后,所述用户终端可以向区块链节点设备发送设备公钥获取请求,以获取所述物联网设备上传至所述区块链节点设备中的设备公钥,并在接收所述区块链节点设备反馈的设备公钥后,利用所述设备公钥对授权信息进行解密,若所述设备公钥实现了对所述授权信息的解密,则表明物联网设备是安全的设备,可以利用所述客户端调用物联网设备。若未能实现对所述授权信息的解密,则表明物联网设备可能被篡改或替换,继续调用所述物联网设备可能会存在较高的风险,可以获取其他物联网设备进行调用。In some embodiments, the authorization information may be information encrypted by the Internet of Things device on the private key, and after receiving the authorization information, the user terminal may send a request for obtaining the device public key to the blockchain node device, to obtain the device public key uploaded by the IoT device to the blockchain node device, and after receiving the device public key fed back by the blockchain node device, use the device public key to decrypt the authorization information , if the device public key realizes the decryption of the authorization information, it indicates that the IoT device is a secure device, and the client can be used to call the IoT device. If the authorization information cannot be decrypted, it indicates that the IoT device may be tampered with or replaced, and there may be a high risk in continuing to call the IoT device, and other IoT devices can be obtained for calling.
通过上述方法,在接收到设备调用请求后,利用区块链网络中所存储的终端公钥对加密后的设备调用请求进行解密,并在解密成功时授予用户终端调用物联网设备的权限,基于数字签名技术实现了对用户终端身份的校验,避免了在用户终端被劫持时仍然授予其调用设备的权利,确保了调用过程的安全性。Through the above method, after receiving the device invocation request, the encrypted device invocation request is decrypted using the terminal public key stored in the blockchain network, and when the decryption is successful, the user terminal is granted the authority to invoke the Internet of Things device. The digital signature technology realizes the verification of the identity of the user terminal, avoids the right to call the device when the user terminal is hijacked, and ensures the security of the calling process.
基于附图5所对应的基于区块链的物联网设备可信调用方法,本说明书实施例还提出一种基于区块链的物联网设备可信调用方法。所述基于区块链的物联网设备可信调用方法的执行主体为所述物联网设备,如图6所示,所述基于区块链的物联网设备可信调用方法包括以下具体步骤。Based on the blockchain-based IoT device trusted invocation method corresponding to FIG. 5 , an embodiment of the present specification further proposes a blockchain-based IoT device trusted invocation method. The execution subject of the blockchain-based IoT device trusted invocation method is the IoT device. As shown in FIG. 6 , the blockchain-based IoT device trusted invocation method includes the following specific steps.
S610:接收用户终端发送的设备调用请求;所述设备调用请求包括利用所述用户终端对应的终端私钥加密后的请求。S610: Receive a device invocation request sent by a user terminal; the device invocation request includes a request encrypted by using a terminal private key corresponding to the user terminal.
对于该步骤的介绍可以参照步骤S510、S520中的描述,在此不再赘述。For the introduction of this step, reference may be made to the description in steps S510 and S520, and details are not repeated here.
S620:向区块链节点设备发送终端公钥获取请求;所述终端公钥获取请求用于获取所述用户终端上传至所述区块链节点设备中的终端公钥。S620: Send a terminal public key acquisition request to the blockchain node device; the terminal public key acquisition request is used to acquire the terminal public key uploaded by the user terminal to the blockchain node device.
对于该步骤的介绍可以参照步骤S530中的描述,在此不再赘述。For the introduction of this step, reference may be made to the description in step S530, which is not repeated here.
S630:接收所述区块链节点设备反馈的终端公钥。S630: Receive the terminal public key fed back by the blockchain node device.
对于该步骤的介绍可以参照步骤S540中的描述,在此不再赘述。For the introduction of this step, reference may be made to the description in step S540, which will not be repeated here.
S640:若利用所述终端公钥实现对所述设备调用请求的解密,向所述用户终端反馈授权信息,以使所述客户端调用物联网设备。S640: If the terminal public key is used to decrypt the device invocation request, feedback authorization information to the user terminal, so that the client can invoke the Internet of Things device.
对于该步骤的介绍可以参照步骤S550、S560中的描述,在此不再赘述。For the introduction of this step, reference may be made to the description in steps S550 and S560, and details are not repeated here.
基于附图5所对应的基于区块链的物联网设备可信调用方法,本说明书实施例还提出一种基于区块链的物联网设备可信调用方法。所述基于区块链的物联网设备可信调用方法的执行主体为所述用户终端,如图7所示,所述基于区块链的物联网设备可信调用方法包括以下具体步骤。Based on the blockchain-based IoT device trusted invocation method corresponding to FIG. 5 , an embodiment of the present specification further proposes a blockchain-based IoT device trusted invocation method. The execution subject of the blockchain-based IoT device trusted invocation method is the user terminal. As shown in FIG. 7 , the blockchain-based IoT device trusted invocation method includes the following specific steps.
S710:利用终端私钥对设备调用请求进行加密;所述设备调用请求包括客户端生成的请求。S710: Use the terminal private key to encrypt the device invocation request; the device invocation request includes a request generated by the client.
对于该步骤的介绍可以参照步骤S510中的描述,在此不再赘述。For the introduction of this step, reference may be made to the description in step S510, which will not be repeated here.
S720:向物联网设备发送加密后的设备调用请求,以使所述物联网设备在接收到所述设备调用请求后向区块链节点设备发送终端公钥获取请求,并接收所述区块链节点设备反馈的终端公钥;所述终端公钥包括用户终端上传至所述区块链节点设备中的终端公钥。S720: Send an encrypted device invocation request to the Internet of Things device, so that the Internet of Things device sends a terminal public key acquisition request to the blockchain node device after receiving the device invocation request, and receives the blockchain The terminal public key fed back by the node device; the terminal public key includes the terminal public key uploaded by the user terminal to the blockchain node device.
对于该步骤的介绍可以参照步骤S520中的描述,在此不再赘述。For the introduction of this step, reference may be made to the description in step S520, which is not repeated here.
S730:接收物联网设备反馈的授权信息,以使所述客户端调用所述物联网设备;所述授权信息包括物联网设备在利用所述终端公钥实现对所述加密后的设备调用请求的解密后生成的信息。S730: Receive authorization information fed back by the Internet of Things device, so that the client can call the Internet of Things device; the authorization information includes the authorization information that the Internet of Things device uses to implement the encrypted device call request by using the terminal public key Information generated after decryption.
对于该步骤的介绍可以参照步骤S530、S540、S550、S560中的描述,在此不再赘述。For the introduction of this step, reference may be made to the description in steps S530 , S540 , S550 , and S560 , which will not be repeated here.
基于图3所对应的基于区块链的物联网设备安全调用方法,介绍本说明书实施例一种基于区块链的物联网设备安全调用装置。所述基于区块链的物联网设备安全调用装置设置于所述物联网设备,如图8所示,所述基于区块链的物联网设备安全调用装置包括以下模块。Based on the blockchain-based IoT device security invocation method corresponding to FIG. 3 , a blockchain-based IoT device security invocation apparatus according to an embodiment of this specification is introduced. The blockchain-based IoT device security invocation device is set on the IoT device. As shown in FIG. 8 , the blockchain-based IoT device security invocation device includes the following modules.
请求接收模块810,用于接收用户终端发送的设备调用请求;所述设备调用请求包括由所述用户终端上的第一客户端生成的请求;所述设备调用请求中包含所述第一客户端的第一客户端标识;A
请求发送模块820,用于向区块链节点设备发送第二客户端标识获取请求;所述区块链节点设备中存储有第二客户端标识;A
标识接收模块830,用于接收所述区块链节点设备反馈的第二客户端标识;所述第二客户端标识包括第二客户端对应的客户端标识;所述第二客户端具备调用物联网设备的权限;The
信息反馈模块840,用于在所述第一客户端标识与所述第二客户端标识相匹配时,向所述用户终端反馈授权信息,以使所述第一客户端调用所述物联网设备。An
基于图4所对应的基于区块链的物联网设备安全调用方法,介绍本说明书实施例一种基于区块链的物联网设备安全调用装置。所述基于区块链的物联网设备安全调用装置设置于所述用户终端,如图9所示,所述基于区块链的物联网设备安全调用装置包括以下模块。Based on the blockchain-based IoT device security invocation method corresponding to FIG. 4 , a blockchain-based IoT device security invocation apparatus according to an embodiment of this specification is introduced. The blockchain-based IoT device security invocation device is set on the user terminal. As shown in FIG. 9 , the blockchain-based IoT device security invocation device includes the following modules.
请求获取模块910,用于获取第一客户端生成的设备调用请求;所述设备调用请求中包含所述第一客户端的第一客户端标识;a
请求发送模块920,用于将所述设备调用请求发送至物联网设备,以使所述物联网设备向区块链节点设备发送第二客户端标识获取请求,并接收所述区块链节点设备所反馈的第二客户端标识;所述第二客户端标识包括第二客户端对应的客户端标识;所述第二客户端具备调用物联网设备的权限;The
信息接收模块930,用于接收物联网设备反馈的授权信息,以使所述第一客户端调用所述物联网设备;所述授权信息包括物联网设备在所述第一客户端标识与所述第二客户端标识相匹配的所生成的信息。An
基于图6所对应的基于区块链的物联网设备可信调用方法,介绍本说明书实施例一种基于区块链的物联网设备可信调用装置。所述基于区块链的物联网设备可信调用装置设置于所述物联网设备,如图10所示,所述基于区块链的物联网设备可信调用装置包括以下模块。Based on the blockchain-based IoT device trusted invocation method corresponding to FIG. 6 , a blockchain-based IoT device trusted invocation apparatus according to an embodiment of this specification is introduced. The blockchain-based IoT device trusted invocation device is set on the IoT device. As shown in FIG. 10 , the blockchain-based IoT device trusted invocation device includes the following modules.
请求接收模块1010,用于接收用户终端发送的设备调用请求;所述设备调用请求包括利用所述用户终端对应的终端私钥加密后的请求;A
请求发送模块1020,用于向区块链节点设备发送终端公钥获取请求;所述终端公钥获取请求用于获取所述用户终端上传至所述区块链节点设备中的终端公钥;The
公钥接收模块1030,用于接收所述区块链节点设备反馈的终端公钥;A public
信息反馈模块1040,用于在利用所述终端公钥实现对所述设备调用请求的解密时,向所述用户终端反馈授权信息,以使所述客户端调用物联网设备。The
基于图7所对应的基于区块链的物联网设备可信调用方法,介绍本说明书实施例一种基于区块链的物联网设备可信调用装置。所述基于区块链的物联网设备可信调用装置设置于所述用户终端,如图11所示,所述基于区块链的物联网设备可信调用装置包括以下模块。Based on the blockchain-based IoT device trusted invocation method corresponding to FIG. 7 , a blockchain-based IoT device trusted invocation apparatus according to an embodiment of this specification is introduced. The blockchain-based IoT device trusted invocation device is set on the user terminal. As shown in FIG. 11 , the blockchain-based IoT device trusted invocation device includes the following modules.
加密模块1110,用于利用终端私钥对设备调用请求进行加密;所述设备调用请求包括客户端生成的请求;an
请求发送模块1120,用于向物联网设备发送加密后的设备调用请求,以使所述物联网设备在接收到所述设备调用请求后向区块链节点设备发送终端公钥获取请求,并接收所述区块链节点设备反馈的终端公钥;所述终端公钥包括用户终端上传至所述区块链节点设备中的终端公钥;The
信息接收模块1130,用于接收物联网设备反馈的授权信息,以使所述客户端调用所述物联网设备;所述授权信息包括物联网设备在利用所述终端公钥实现对所述加密后的设备调用请求的解密后生成的信息。The
基于附图3所对应的基于区块链的物联网设备安全调用方法,本说明书实施例还提出一种物联网设备,如图12所示,所述物联网设备可以包括存储器和处理器。Based on the blockchain-based IoT device security invocation method corresponding to FIG. 3 , an embodiment of the present specification further proposes an IoT device. As shown in FIG. 12 , the IoT device may include a memory and a processor.
在本实施例中,所述存储器可以按任何适当的方式实现。例如,所述存储器可以为只读存储器、机械硬盘、固态硬盘、或U盘等。所述存储器可以用于存储计算机指令。In this embodiment, the memory may be implemented in any suitable manner. For example, the memory may be a read-only memory, a mechanical hard disk, a solid-state hard disk, or a USB flash drive. The memory may be used to store computer instructions.
在本实施例中,所述处理器可以按任何适当的方式实现。例如,处理器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application SpecificIntegrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式等等。所述处理器可以执行所述计算机指令实现以下步骤:接收用户终端发送的设备调用请求;所述设备调用请求包括由所述用户终端上的第一客户端生成的请求;所述设备调用请求中包含所述第一客户端的第一客户端标识;向区块链节点设备发送第二客户端标识获取请求;所述区块链节点设备中存储有第二客户端标识;接收所述区块链节点设备反馈的第二客户端标识;所述第二客户端标识包括第二客户端对应的客户端标识;所述第二客户端具备调用物联网设备的权限;若所述第一客户端标识与所述第二客户端标识相匹配,向所述用户终端反馈授权信息,以使所述第一客户端调用所述物联网设备。In this embodiment, the processor may be implemented in any suitable manner. For example, a processor may take the form of, for example, a microprocessor or a processor and a computer readable medium storing computer readable program code (eg software or firmware) executable by the (micro)processor, logic gates, switches, application specific integrated circuits ( Application Specific Integrated Circuit, ASIC), programmable logic controller and embedded microcontroller form, etc. The processor may execute the computer instructions to implement the following steps: receiving a device invocation request sent by a user terminal; the device invocation request includes a request generated by a first client on the user terminal; in the device invocation request including the first client identifier of the first client; sending a second client identifier acquisition request to the blockchain node device; storing the second client identifier in the blockchain node device; receiving the blockchain The second client identifier fed back by the node device; the second client identifier includes the client identifier corresponding to the second client; the second client has the authority to call the IoT device; if the first client identifier Matching with the identifier of the second client, the authorization information is fed back to the user terminal, so that the first client can call the IoT device.
基于附图4所对应的基于区块链的物联网设备安全调用方法,本说明书实施例还提出一种用户终端,如图13所示,所述用户终端可以包括存储器和处理器。Based on the blockchain-based IoT device security invocation method corresponding to FIG. 4 , an embodiment of this specification further proposes a user terminal, as shown in FIG. 13 , the user terminal may include a memory and a processor.
在本实施例中,所述存储器可以按任何适当的方式实现。例如,所述存储器可以为只读存储器、机械硬盘、固态硬盘、或U盘等。所述存储器可以用于存储计算机指令。In this embodiment, the memory may be implemented in any suitable manner. For example, the memory may be a read-only memory, a mechanical hard disk, a solid-state hard disk, or a USB flash drive. The memory may be used to store computer instructions.
在本实施例中,所述处理器可以按任何适当的方式实现。例如,处理器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application SpecificIntegrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式等等。所述处理器可以执行所述计算机指令实现以下步骤:获取第一客户端生成的设备调用请求;所述设备调用请求中包含所述第一客户端的第一客户端标识;将所述设备调用请求发送至物联网设备,以使所述物联网设备向区块链节点设备发送第二客户端标识获取请求,并接收所述区块链节点设备所反馈的第二客户端标识;所述第二客户端标识包括第二客户端对应的客户端标识;所述第二客户端具备调用物联网设备的权限;接收物联网设备反馈的授权信息,以使所述第一客户端调用所述物联网设备;所述授权信息包括物联网设备在所述第一客户端标识与所述第二客户端标识相匹配的所生成的信息。In this embodiment, the processor may be implemented in any suitable manner. For example, a processor may take the form of, for example, a microprocessor or a processor and a computer readable medium storing computer readable program code (eg software or firmware) executable by the (micro)processor, logic gates, switches, application specific integrated circuits ( Application Specific Integrated Circuit, ASIC), programmable logic controller and embedded microcontroller form, etc. The processor may execute the computer instructions to implement the following steps: obtaining a device invocation request generated by a first client; the device invocation request includes a first client identifier of the first client; Send to the Internet of Things device, so that the Internet of Things device sends a second client identifier acquisition request to the blockchain node device, and receives the second client identifier fed back by the blockchain node device; the second client identifier The client identifier includes the client identifier corresponding to the second client; the second client has the authority to call the IoT device; and the authorization information fed back by the IoT device is received, so that the first client can call the IoT device device; the authorization information includes information generated by the IoT device when the first client identification matches the second client identification.
基于附图6所对应的基于区块链的物联网设备安全调用方法,本说明书实施例还提出一种物联网设备,如图12所示,所述物联网设备可以包括存储器和处理器。Based on the blockchain-based IoT device security invocation method corresponding to FIG. 6 , the embodiments of this specification further propose an IoT device. As shown in FIG. 12 , the IoT device may include a memory and a processor.
在本实施例中,所述存储器可以按任何适当的方式实现。例如,所述存储器可以为只读存储器、机械硬盘、固态硬盘、或U盘等。所述存储器可以用于存储计算机指令。In this embodiment, the memory may be implemented in any suitable manner. For example, the memory may be a read-only memory, a mechanical hard disk, a solid-state hard disk, or a USB flash drive. The memory may be used to store computer instructions.
在本实施例中,所述处理器可以按任何适当的方式实现。例如,处理器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application SpecificIntegrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式等等。所述处理器可以执行所述计算机指令实现以下步骤:接收用户终端发送的设备调用请求;所述设备调用请求包括利用所述用户终端对应的终端私钥加密后的请求;向区块链节点设备发送终端公钥获取请求;所述终端公钥获取请求用于获取所述用户终端上传至所述区块链节点设备中的终端公钥;接收所述区块链节点设备反馈的终端公钥;若利用所述终端公钥实现对所述设备调用请求的解密,向所述用户终端反馈授权信息,以使所述客户端调用物联网设备。In this embodiment, the processor may be implemented in any suitable manner. For example, a processor may take the form of, for example, a microprocessor or a processor and a computer readable medium storing computer readable program code (eg software or firmware) executable by the (micro)processor, logic gates, switches, application specific integrated circuits ( Application Specific Integrated Circuit, ASIC), programmable logic controller and embedded microcontroller form, etc. The processor may execute the computer instructions to implement the following steps: receiving a device invocation request sent by a user terminal; the device invocation request includes a request encrypted by using the terminal private key corresponding to the user terminal; Sending a terminal public key acquisition request; the terminal public key acquisition request is used to acquire the terminal public key uploaded by the user terminal to the blockchain node device; and receiving the terminal public key fed back by the blockchain node device; If the terminal public key is used to decrypt the device invocation request, authorization information is fed back to the user terminal, so that the client can invoke the Internet of Things device.
基于附图7所对应的基于区块链的物联网设备安全调用方法,本说明书实施例还提出一种用户终端,如图13所示,所述用户终端可以包括存储器和处理器。Based on the blockchain-based IoT device security invocation method corresponding to FIG. 7 , an embodiment of this specification further proposes a user terminal, as shown in FIG. 13 , the user terminal may include a memory and a processor.
在本实施例中,所述存储器可以按任何适当的方式实现。例如,所述存储器可以为只读存储器、机械硬盘、固态硬盘、或U盘等。所述存储器可以用于存储计算机指令。In this embodiment, the memory may be implemented in any suitable manner. For example, the memory may be a read-only memory, a mechanical hard disk, a solid-state hard disk, or a USB flash drive. The memory may be used to store computer instructions.
在本实施例中,所述处理器可以按任何适当的方式实现。例如,处理器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application SpecificIntegrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式等等。所述处理器可以执行所述计算机指令实现以下步骤:利用终端私钥对设备调用请求进行加密;所述设备调用请求包括客户端生成的请求;向物联网设备发送加密后的设备调用请求,以使所述物联网设备在接收到所述设备调用请求后向区块链节点设备发送终端公钥获取请求,并接收所述区块链节点设备反馈的终端公钥;所述终端公钥包括用户终端上传至所述区块链节点设备中的终端公钥;接收物联网设备反馈的授权信息,以使所述客户端调用所述物联网设备;所述授权信息包括物联网设备在利用所述终端公钥实现对所述加密后的设备调用请求的解密后生成的信息。In this embodiment, the processor may be implemented in any suitable manner. For example, a processor may take the form of, for example, a microprocessor or a processor and a computer readable medium storing computer readable program code (eg software or firmware) executable by the (micro)processor, logic gates, switches, application specific integrated circuits ( Application Specific Integrated Circuit, ASIC), programmable logic controller and embedded microcontroller form, etc. The processor may execute the computer instructions to implement the following steps: encrypting the device invocation request by using the terminal private key; the device invocation request includes a request generated by the client; sending the encrypted device invocation request to the Internet of Things device to Make the IoT device send a terminal public key acquisition request to the blockchain node device after receiving the device call request, and receive the terminal public key fed back by the blockchain node device; the terminal public key includes the user The terminal uploads the terminal public key in the blockchain node device; receives authorization information fed back by the IoT device, so that the client can call the IoT device; the authorization information includes the IoT device using the The terminal public key implements the decrypted information generated for the encrypted device invocation request.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的,计算机例如可以为个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules or units described in the above embodiments may be specifically implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a computer. Specifically, the computer can be, for example, a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or A combination of any of these devices.
通过以上的实施方式的描述可知,本领域的技术人员可以清楚地了解到本说明书可借助软件加必需的通用硬件平台的方式来实现。基于这样的理解,本说明书的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本说明书各个实施例或者实施例的某些部分所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that this specification can be implemented by means of software plus a necessary general hardware platform. Based on this understanding, the technical solutions of this specification or the parts that make contributions to the prior art can be embodied in the form of software products, and the computer software products can be stored in storage media, such as ROM/RAM, magnetic disks, etc. , CD, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in various embodiments or some parts of the embodiments in this specification.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the system embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and for related parts, please refer to the partial descriptions of the method embodiments.
本说明书可用于众多通用或专用的计算机系统环境或配置中。例如:个人计算机、服务器计算机、手持设备或便携式设备、平板型设备、多处理器系统、基于微处理器的系统、置顶盒、可编程的消费电子设备、网络PC、小型计算机、大型计算机、包括以上任何系统或设备的分布式计算环境等等。This specification can be used in numerous general purpose or special purpose computer system environments or configurations. For example: personal computers, server computers, handheld or portable devices, tablet devices, multiprocessor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, including A distributed computing environment for any of the above systems or devices, and the like.
本说明书可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本说明书,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。This specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including storage devices.
虽然通过实施例描绘了本说明书,本领域普通技术人员知道,本说明书有许多变形和变化而不脱离本说明书的精神,希望所附的权利要求包括这些变形和变化而不脱离本说明书的精神。Although this specification has been described by way of examples, those of ordinary skill in the art will recognize that there are many modifications and changes to this specification without departing from the spirit of the specification, and it is intended that the appended claims include such modifications and changes without departing from the spirit of the specification.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210702311.7A CN115242440B (en) | 2020-07-16 | 2020-07-16 | Block chain-based internet of things equipment trusted calling method, device and equipment |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010684456.XA CN111835775A (en) | 2020-07-16 | 2020-07-16 | A method, device and device for secure invocation of IoT devices based on blockchain |
| CN202210702311.7A CN115242440B (en) | 2020-07-16 | 2020-07-16 | Block chain-based internet of things equipment trusted calling method, device and equipment |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010684456.XA Division CN111835775A (en) | 2020-07-16 | 2020-07-16 | A method, device and device for secure invocation of IoT devices based on blockchain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115242440A true CN115242440A (en) | 2022-10-25 |
| CN115242440B CN115242440B (en) | 2024-01-26 |
Family
ID=72924122
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010684456.XA Pending CN111835775A (en) | 2020-07-16 | 2020-07-16 | A method, device and device for secure invocation of IoT devices based on blockchain |
| CN202210702311.7A Active CN115242440B (en) | 2020-07-16 | 2020-07-16 | Block chain-based internet of things equipment trusted calling method, device and equipment |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010684456.XA Pending CN111835775A (en) | 2020-07-16 | 2020-07-16 | A method, device and device for secure invocation of IoT devices based on blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN111835775A (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20170083359A (en) * | 2016-01-08 | 2017-07-18 | 주식회사 유비벨록스모바일 | Method for encryption and decryption of IoT(Internet of Things) devices using AES algorithm |
| CN107579817A (en) * | 2017-09-12 | 2018-01-12 | 广州广电运通金融电子股份有限公司 | Block chain-based user authentication method, device and system |
| CN108632284A (en) * | 2018-05-10 | 2018-10-09 | 网易(杭州)网络有限公司 | User data authorization method, medium, device and computing device based on block chain |
| CN109728898A (en) * | 2019-03-08 | 2019-05-07 | 湖南师范大学 | Internet of Things terminal secure communication method based on blockchain technology |
| CN109768988A (en) * | 2019-02-26 | 2019-05-17 | 安捷光通科技成都有限公司 | Decentralization Internet of Things security certification system, facility registration and identity identifying method |
| CN109918878A (en) * | 2019-04-24 | 2019-06-21 | 中国科学院信息工程研究所 | A blockchain-based industrial IoT device identity authentication and secure interaction method |
| CN110336832A (en) * | 2019-07-24 | 2019-10-15 | 深圳传音控股股份有限公司 | A kind of information encryption and decryption method, device, terminal and storage medium |
| KR20190139742A (en) * | 2018-12-31 | 2019-12-18 | 주식회사 미탭스플러스 | Distributed Ledger for logging inquiry time in blockchain |
| CN110601853A (en) * | 2019-09-17 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain private key generation method and equipment |
| CN110781509A (en) * | 2019-10-28 | 2020-02-11 | 腾讯科技(深圳)有限公司 | Data verification method and device, storage medium and computer equipment |
| WO2020082226A1 (en) * | 2018-10-23 | 2020-04-30 | Beijing DIDI Infinity Technology and Development Co., Ltd | Method and system for transferring data in a blockchain system |
Family Cites Families (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8745758B2 (en) * | 2009-11-02 | 2014-06-03 | Time Warner Cable Enterprises Llc | Apparatus and methods for device authorization in a premises network |
| CN103546294B (en) * | 2013-10-10 | 2017-03-29 | 小米科技有限责任公司 | Entrance guard authorization method, device and equipment |
| CN104506510B (en) * | 2014-12-15 | 2017-02-08 | 百度在线网络技术(北京)有限公司 | Method and device for equipment authentication and authentication service system |
| CN105141621A (en) * | 2015-09-16 | 2015-12-09 | 北京星网锐捷网络技术有限公司 | Network access monitoring method and device |
| CN106899547B (en) * | 2015-12-18 | 2020-07-31 | 阿里巴巴集团控股有限公司 | Equipment operation method based on Internet of things and server |
| CN106101147B (en) * | 2016-08-12 | 2019-04-23 | 北京同余科技有限公司 | A method and system for realizing dynamic encrypted communication between intelligent equipment and remote terminal |
| US10356102B2 (en) * | 2017-02-24 | 2019-07-16 | Verizon Patent And Licensing Inc. | Permissions using blockchain |
| GB2565612B (en) * | 2017-03-23 | 2022-04-06 | Pismo Labs Technology Ltd | Method and System for Updating a Whitelist at a Network Node |
| CN108809914A (en) * | 2017-05-05 | 2018-11-13 | 国民技术股份有限公司 | Access control method, device, terminal and Internet of Things house system |
| CN108880797B (en) * | 2018-06-27 | 2021-09-24 | 京信网络系统股份有限公司 | An authentication method for an internet of things device and an internet of things device |
| CN109302415B (en) * | 2018-11-09 | 2019-11-01 | 四川虹微技术有限公司 | A kind of authentication method, block chain node and storage medium |
| CN109462588B (en) * | 2018-11-13 | 2021-04-16 | 上海物融智能科技有限公司 | Decentralized data transaction method and system based on block chain |
| CN109714174B (en) * | 2019-02-18 | 2021-08-17 | 中国科学院合肥物质科学研究院 | A blockchain-based digital identity management system for IoT devices and method thereof |
| CN110493261B (en) * | 2019-09-16 | 2021-07-27 | 腾讯科技(深圳)有限公司 | Verification code obtaining method based on block chain, client, server and storage medium |
| CN110633328B (en) * | 2019-09-25 | 2024-03-22 | 腾讯云计算(北京)有限责任公司 | Information processing method, device and computer readable storage medium |
| CN110597924B (en) * | 2019-09-29 | 2021-08-06 | 腾讯科技(深圳)有限公司 | Block chain-based user identification processing method, device, equipment and storage medium |
| CN111010372A (en) * | 2019-11-20 | 2020-04-14 | 国家信息中心 | Blockchain network identity authentication system, data processing method and gateway device |
-
2020
- 2020-07-16 CN CN202010684456.XA patent/CN111835775A/en active Pending
- 2020-07-16 CN CN202210702311.7A patent/CN115242440B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20170083359A (en) * | 2016-01-08 | 2017-07-18 | 주식회사 유비벨록스모바일 | Method for encryption and decryption of IoT(Internet of Things) devices using AES algorithm |
| CN107579817A (en) * | 2017-09-12 | 2018-01-12 | 广州广电运通金融电子股份有限公司 | Block chain-based user authentication method, device and system |
| CN108632284A (en) * | 2018-05-10 | 2018-10-09 | 网易(杭州)网络有限公司 | User data authorization method, medium, device and computing device based on block chain |
| WO2020082226A1 (en) * | 2018-10-23 | 2020-04-30 | Beijing DIDI Infinity Technology and Development Co., Ltd | Method and system for transferring data in a blockchain system |
| KR20190139742A (en) * | 2018-12-31 | 2019-12-18 | 주식회사 미탭스플러스 | Distributed Ledger for logging inquiry time in blockchain |
| CN109768988A (en) * | 2019-02-26 | 2019-05-17 | 安捷光通科技成都有限公司 | Decentralization Internet of Things security certification system, facility registration and identity identifying method |
| CN109728898A (en) * | 2019-03-08 | 2019-05-07 | 湖南师范大学 | Internet of Things terminal secure communication method based on blockchain technology |
| CN109918878A (en) * | 2019-04-24 | 2019-06-21 | 中国科学院信息工程研究所 | A blockchain-based industrial IoT device identity authentication and secure interaction method |
| CN110336832A (en) * | 2019-07-24 | 2019-10-15 | 深圳传音控股股份有限公司 | A kind of information encryption and decryption method, device, terminal and storage medium |
| CN110601853A (en) * | 2019-09-17 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain private key generation method and equipment |
| CN110781509A (en) * | 2019-10-28 | 2020-02-11 | 腾讯科技(深圳)有限公司 | Data verification method and device, storage medium and computer equipment |
Non-Patent Citations (2)
| Title |
|---|
| DEEPA PAVITHRAN: "Towards Creating Public Key Authentication for IoT Blockchain", 《2019 SIXTH HCT INFORMATION TECHNOLOGY TRENDS (ITT)》 * |
| 周艺华;李洪明;: "基于区块链的数据管理方案", 信息安全研究, no. 01 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115242440B (en) | 2024-01-26 |
| CN111835775A (en) | 2020-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6941146B2 (en) | Data security service | |
| CN112765684B (en) | Block chain node terminal management method, device, equipment and storage medium | |
| US8196186B2 (en) | Security architecture for peer-to-peer storage system | |
| EP3061027B1 (en) | Verifying the security of a remote server | |
| JP5860815B2 (en) | System and method for enforcing computer policy | |
| JP6678457B2 (en) | Data security services | |
| CN111708991A (en) | Service authorization method, service authorization device, computer equipment and storage medium | |
| JP2019531567A (en) | Device authentication system and method | |
| CN113557703B (en) | Authentication method and device of network camera | |
| US20190342083A1 (en) | Data encryption control using multiple controlling authorities | |
| EP4440158A2 (en) | Hearing device with service mode and related method | |
| CN109981680B (en) | Access control implementation method and device, computer equipment and storage medium | |
| CN112995144A (en) | File processing method and system, readable storage medium and electronic device | |
| JP2022534677A (en) | Protecting online applications and web pages that use blockchain | |
| US20090210719A1 (en) | Communication control method of determining whether communication is permitted/not permitted, and computer-readable recording medium recording communication control program | |
| CN108900595B (en) | Method, apparatus, device and computing medium for accessing cloud storage server data | |
| CN114861144A (en) | Blockchain-based data rights processing method | |
| TWI546698B (en) | Login system based on servers, login authentication server, and authentication method thereof | |
| Alzomai et al. | The mobile phone as a multi OTP device using trusted computing | |
| CN115242440B (en) | Block chain-based internet of things equipment trusted calling method, device and equipment | |
| KR102534012B1 (en) | System and method for authenticating security level of content provider | |
| HK40044606B (en) | Method, device, equipment and storage medium for managing block chain node terminal | |
| HK40044606A (en) | Method, device, equipment and storage medium for managing block chain node terminal | |
| CN117728942A (en) | Mutual trust code generation method, equipment verification method and electronic equipment | |
| CN118906905A (en) | Charging security authentication method and device, edge gateway equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |