[go: up one dir, main page]

CN118296660B - Trusted terminal implementation method for sensor data acquisition - Google Patents

Trusted terminal implementation method for sensor data acquisition Download PDF

Info

Publication number
CN118296660B
CN118296660B CN202410683450.9A CN202410683450A CN118296660B CN 118296660 B CN118296660 B CN 118296660B CN 202410683450 A CN202410683450 A CN 202410683450A CN 118296660 B CN118296660 B CN 118296660B
Authority
CN
China
Prior art keywords
public key
terminal
private key
account
sensor data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410683450.9A
Other languages
Chinese (zh)
Other versions
CN118296660A (en
Inventor
崔建军
许文波
王志欣
崔瑞祺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Tegao Information Technology Co ltd
Original Assignee
Shanghai Tegao Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Tegao Information Technology Co ltd filed Critical Shanghai Tegao Information Technology Co ltd
Priority to CN202410683450.9A priority Critical patent/CN118296660B/en
Publication of CN118296660A publication Critical patent/CN118296660A/en
Application granted granted Critical
Publication of CN118296660B publication Critical patent/CN118296660B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of blockchain information processing, in particular to a method for realizing a trusted terminal for sensor data acquisition, which comprises the steps of setting a safe area and a non-safe area in terminal equipment of the Internet of things: the terminal equipment of the Internet of things is powered on and enters a security zone, a true random number is generated through the RNG, and account generation of a block chain is performed in the security zone; in the process of sensor data acquisition, the terminal signs acquired data in a safe area, and the private key is always stored in the safe area of the terminal in the whole process, so that the risk of leakage of the private key is reduced, the whole data acquisition and transmission process is safer and more reliable, the transaction tampering can be effectively prevented, and the security is guaranteed.

Description

Trusted terminal implementation method for sensor data acquisition
Technical Field
The invention relates to the technical field of blockchain information processing, in particular to a method for realizing a trusted terminal for sensor data acquisition.
Background
Blockchain technology is an innovative technology based on distributed ledgers and encryption technology. The transaction information is linked together in time sequence in a decentralization mode, and the security and the reliability of the transaction are ensured by using a cryptography method. Each block contains the hash value of the previous block and its own transaction data, forming an ever-increasing chain. Each time a new block is added to the chain, it automatically generates a new block and adds a random number to the hash value of the previous block to ensure that the data of the previous block is not tampered with.
The blockchain technology has the characteristics of decentralization, non-tampering, transparency, traceability and the like, and the characteristics lead the blockchain technology to have wide application prospects in the fields of finance, medical treatment, government affairs and the like. For example, in the financial field, blockchain technology can be used to enable faster, economical and safer cross-border transfers, optimizing management and risk control of trade financing services; in the government field, the non-tamper and transparent traceability of blockchains makes data notarization and auditing more reliable and efficient.
Currently, with the rapid development of blockchain technology, blockchain technology has been applied to various industries. For some low performance terminals' access needs, the traditional approach is to deploy a gateway at the edge and generate a collection of accounts on the gateway and assign to the terminal devices accessing the blockchain through the gateway, which addresses the need for most devices that cannot run blockchain applications to access the blockchain.
However, in the prior art, account information such as public and private keys of terminal equipment is stored in a gateway, so that the purpose that the transaction is completely untampered cannot be achieved, and meanwhile, the security of the mode cannot be guaranteed.
Disclosure of Invention
The invention aims to overcome the problems in the prior art, and provides a method for realizing a trusted terminal for sensor data acquisition, which aims to solve the technical problems that account information such as a public key and a private key of terminal equipment is stored in a gateway in the prior art, is easy to tamper, and cannot guarantee transaction safety.
The above purpose is realized by the following technical scheme:
A method for realizing a trusted terminal for sensor data acquisition comprises the following steps:
setting a safe area and a non-safe area in the terminal equipment of the Internet of things:
step (2) the terminal equipment of the Internet of things is electrified and enters the security zone, a true random number is generated through a random number generator RNG, then a private key P1 is generated through HASH together with an equipment unique serial number SN, and then a public key K1 is derived through a national secret SM2 algorithm;
step (3) generating a temporary private key P2 by the public key K1 and the random number HASH, and then deriving the temporary public key K2 by a national secret SM2 algorithm;
Step (4) adding the private key P1 in step (2) and the temporary private key P2 in step (3) to obtain a private key P3, adding the public key K1 in step (2) and the temporary public key K2 in step (3) to obtain a public key K3, and calculating by the public key K3 to obtain a terminal equipment account a; storing the private key P3 into the secure area, and storing the public key K3 and the terminal equipment account A into the non-secure area;
Step (5) the terminal equipment of the Internet of things collects data through a sensor bus and sends the serialized data D1 into a safety zone;
step (6) in the secure area, signing the data D1 by using the public key K3, and placing signed signature data D2 in the non-secure area;
step (7) the signature data D2, the public key K3 and the terminal equipment account A are sent to a cloud end through a network;
Step (8), after receiving the data in the step (7), the cloud terminal uses the public key K3 to check the signature data D2; after the verification is passed, the verification is stored in a cloud database.
Further, the HASH together with the device unique Serial Number (SN) generates a private key P1, specifically: the SHA512 takes the first 16 bytes as Seed along with the device unique Serial Number (SN), and then obtains the private key P1 via SHA-512 Half.
Further, the random number in step (3) includes: family Number, sequence.
Further, the national secret SM2 algorithm is an SM2 algorithm based on a national secret 3.0 account.
Further, in the step (4), the terminal device account a is obtained by calculating the public key K3, specifically: and obtaining H1 from the public key K3 through SHA256, obtaining H2 from the H1 through RIPEMD160, and then obtaining a terminal equipment account A by encoding the H2 with base 58.
Further, the terminal device account a includes a Type Prefix, an account name AccountID, and a Checksum.
Further, in the step (7), the network includes wifi, nb-iot, 4G, 5G, and other modes of transmission.
According to the method for realizing the trusted terminal for collecting the sensor data, disclosed by the invention, the SM2 elliptic curve of Guomi 3.0 is adopted to generate the blockchain account, and the security of the blockchain account is improved as compared with the prior secp k 1; the data are signed in the security area of the terminal equipment of the Internet of things, the private key is stored in the security area, and the public key and the account of the terminal equipment are stored in the non-security area, so that the risk of leakage of the private key is reduced, the whole data acquisition and transmission process is safer and more credible, the transaction tampering can be effectively prevented, and the security is guaranteed.
Drawings
FIG. 1 is a flow chart of a method for implementing a trusted terminal for sensor data collection according to the present invention;
FIG. 2 is a detailed flowchart of steps (2) - (4) in a trusted terminal implementation method for sensor data acquisition according to the present invention;
fig. 3 is a process of generating a terminal account a in a trusted terminal implementation method for sensor data acquisition according to the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. The described embodiments are only some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
As shown in fig. 1 and 2, in a trusted terminal implementation method for sensor data acquisition, an SM2 algorithm of 3.0 secret is added on a traditional blockchain to generate a blockchain account, an RNG true random number generator is adopted to generate a random seed in the process of generating the account, and the account generation of the blockchain is performed in a safe area; in the process of sensor data acquisition, a terminal signs acquired data in a safe area, and a private key is always stored in the safe area of the terminal in the whole process, so that the data is safer and more reliable, and the method mainly comprises the following steps of:
setting a safe area and a non-safe area in the terminal equipment of the Internet of things:
Step (2) the terminal equipment of the Internet of things is electrified and judges whether a blockchain account exists, if not, the terminal equipment enters the security zone, a true random number is generated through a random number generator RNG, then a private key P1 is generated by HASH together with an equipment unique serial number SN, and then a public key K1 is derived through a national secret SM2 algorithm;
step (3) generating a temporary private key P2 by the public key K1 and the random number HASH, and then deriving the temporary public key K2 by a national secret SM2 algorithm;
Step (4) adding the private key P1 in step (2) and the temporary private key P2 in step (3) to obtain a private key P3, adding the public key K1 in step (2) and the temporary public key K2 in step (3) to obtain a public key K3, and calculating by the public key K3 to obtain a terminal equipment account a; storing the private key P3 into the secure area, and storing the public key K3 and the terminal equipment account A into the non-secure area;
The terminal equipment account A comprises a Type Prefix, an account name AccountID and a Checksum;
Step (5) the terminal equipment of the Internet of things collects data through a sensor bus and sends the serialized data D1 into a safety zone;
step (6) in the secure area, signing the data D1 by using the public key K3, and placing signed signature data D2 in the non-secure area;
Step (7) the signature data D2, the public key K3 and the terminal equipment account A are sent to a cloud end through a network; the network comprises wifi, nb-iot, 4G, 5G and other modes for transmission;
Step (8), after receiving the data in the step (7), the cloud terminal uses the public key K3 to check the signature data D2; after the verification is passed, the verification is stored in a cloud database.
As shown in fig. 2, in step (2) of the present embodiment, the HASH generation private key P1 together with the device unique serial number SN is specifically: the SHA512 takes the first 16 bytes as Seed along with the device unique serial number SN, and then the private key P1 is obtained via SHA-512 Half.
Wherein SHA-512 is a hash algorithm, which is a part of SHA-2 series hash algorithm, and can generate a 512-bit hash value, namely a 128-character hexadecimal number character string, which has irreversibility, avalanche effect, collision resistance and the like.
It should be noted that, in the step (3) of this embodiment, the random number includes: family Number, sequence, etc.
Wherein the Family Number is a mark Number for distinguishing different members of the same Family;
Sequence is typically used to represent an ordered Sequence of values or events, particularly during encryption protocols or key exchanges.
The national secret SM2 algorithm in this embodiment is an SM2 algorithm based on a national secret 3.0 account.
Specifically, the generation of SM2 public key (SM 2 public key derivation) is based on the principles of elliptic curve cryptography and is closely related to the generation of private key. The SM2 algorithm uses a specific elliptic curve and a series of mathematical operations to generate a public key and private key pair, and the SM2 public key generation process can be regarded as a mathematical operation based on the private key and elliptic curve parameters. The public key is a point on the elliptic curve and has specific coordinate values for encryption, decryption, digital signature and other operations in the public key cryptosystem.
As shown in fig. 3, in step (4) of the present embodiment, the terminal account a is calculated from the public key K3, specifically: and obtaining H1 from the public key K3 through SHA256, obtaining H2 from the H1 through RIPEMD160, and then obtaining a terminal equipment account A by encoding the H2 with base 58.
Where SHA256 is a cryptographic hash function, also known as a hash function; the core function is to hash messages of arbitrary length, generating a hash value of fixed length 256 bits, commonly referred to as a message digest. This summary may be represented by a hexadecimal string of length 64, providing a "fingerprint" for the data, such that the amount of data is small and the format is fixed. SHA256 is irreversible, meaning that the original message cannot be reconstructed from the message digest, thus providing high security;
RIPEMD-160 is a cryptographic hash function based on Merkle-Damg å rd structure, is an enhanced version of RIPEMD algorithm, can generate 160-bit output, has strong collision resistance, more compact resource utilization, more efficient overall efficiency of information transmission and storage, and has high safety;
the Base58 code used in this embodiment is a fixed-length code that uses 58 different characters to represent data of any length, and is protected by encryption by the Base58 code to maintain the privacy of the user.
The above description is for the purpose of illustrating the embodiments of the present invention and is not to be construed as limiting the invention, but is intended to cover all modifications, equivalents, improvements and alternatives falling within the spirit and principle of the invention.

Claims (7)

1. The method for realizing the trusted terminal for collecting the sensor data is characterized by comprising the following steps of:
setting a safe area and a non-safe area in the terminal equipment of the Internet of things:
step (2) the terminal equipment of the Internet of things is electrified and enters the security zone, a true random number is generated through a random number generator RNG, then a private key P1 is generated through HASH together with an equipment unique serial number SN, and then a public key K1 is derived through a national secret SM2 algorithm;
step (3) generating a temporary private key P2 by the public key K1 and the random number HASH, and then deriving the temporary public key K2 by a national secret SM2 algorithm;
Step (4) adding the private key P1 in step (2) and the temporary private key P2 in step (3) to obtain a private key P3, adding the public key K1 in step (2) and the temporary public key K2 in step (3) to obtain a public key K3, and calculating by the public key K3 to obtain a terminal equipment account a; storing the private key P3 into the secure area, and storing the public key K3 and the terminal equipment account A into the non-secure area;
Step (5) the terminal equipment of the Internet of things collects data through a sensor bus and sends the serialized data D1 into a safety zone;
step (6) in the secure area, signing the data D1 by using the public key K3, and placing signed signature data D2 in the non-secure area;
step (7) the signature data D2, the public key K3 and the terminal equipment account A are sent to a cloud end through a network;
Step (8), after receiving the data in the step (7), the cloud terminal uses the public key K3 to check the signature data D2; after the verification is passed, the verification is stored in a cloud database.
2. The method for implementing the trusted terminal for sensor data collection according to claim 1, wherein the method comprises the following steps: in the step (2), the HASH together with the device unique serial number SN generates a private key P1, which specifically includes: the SHA512 takes the first 16 bytes as Seed along with the device unique serial number SN, and then the private key P1 is obtained via SHA-512 Half.
3. The method for implementing the trusted terminal for sensor data collection according to claim 1, wherein the method comprises the following steps: the random number in step (3) includes: family Number, sequence.
4. The method for implementing the trusted terminal for sensor data collection according to claim 1, wherein the method comprises the following steps: the SM2 algorithm for the national password is an SM2 algorithm based on a 3.0 account for the national password.
5. The method for implementing the trusted terminal for sensor data collection according to claim 1, wherein the method comprises the following steps: in the step (4), the terminal device account a is obtained by calculating the public key K3, specifically: and obtaining H1 from the public key K3 through SHA256, obtaining H2 from the H1 through RIPEMD160, and then obtaining a terminal equipment account A by encoding the H2 with base 58.
6. A method for implementing a trusted terminal for sensor data collection according to claim 1 or 5, wherein: the terminal device account A comprises a Type Prefix, an account name AccountID and a Checksum.
7. The method for implementing the trusted terminal for sensor data collection according to claim 1, wherein the method comprises the following steps: the network in the step (7) comprises wifi, nb-iot, 4G and 5G.
CN202410683450.9A 2024-05-30 2024-05-30 Trusted terminal implementation method for sensor data acquisition Active CN118296660B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410683450.9A CN118296660B (en) 2024-05-30 2024-05-30 Trusted terminal implementation method for sensor data acquisition

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410683450.9A CN118296660B (en) 2024-05-30 2024-05-30 Trusted terminal implementation method for sensor data acquisition

Publications (2)

Publication Number Publication Date
CN118296660A CN118296660A (en) 2024-07-05
CN118296660B true CN118296660B (en) 2024-08-02

Family

ID=91676518

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410683450.9A Active CN118296660B (en) 2024-05-30 2024-05-30 Trusted terminal implementation method for sensor data acquisition

Country Status (1)

Country Link
CN (1) CN118296660B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105975838A (en) * 2016-06-12 2016-09-28 北京集创北方科技股份有限公司 Secure chip, biological feature identification method and biological feature template registration method
CN108885741A (en) * 2016-02-23 2018-11-23 区块链控股有限公司 Method and system for realizing communication certification on block chain

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111245847A (en) * 2020-01-15 2020-06-05 北京三未信安科技发展有限公司 Lightweight certificateless authentication method, client and system
CN113162772B (en) * 2021-05-08 2023-02-03 国民认证科技(北京)有限公司 PIN identity authentication method and system
CN113656841A (en) * 2021-07-28 2021-11-16 复旦大学 A blockchain terminal security system based on trustzone
US20240113865A1 (en) * 2022-09-23 2024-04-04 Assa Abloy Ab Non-repudiation-free public key authentication protocols
CN116743505B (en) * 2023-08-14 2023-10-20 上海特高信息技术有限公司 Safety transmission encryption method based on national secret
CN117997516A (en) * 2024-01-10 2024-05-07 云南电网有限责任公司信息中心 Bidirectional authentication and secure communication method and system for lightweight Internet of things equipment
CN117938381A (en) * 2024-01-29 2024-04-26 云南电网有限责任公司曲靖供电局 Electric power Internet of things terminal bidirectional authentication method and system based on national secret IBC identification lightweight password

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108885741A (en) * 2016-02-23 2018-11-23 区块链控股有限公司 Method and system for realizing communication certification on block chain
CN105975838A (en) * 2016-06-12 2016-09-28 北京集创北方科技股份有限公司 Secure chip, biological feature identification method and biological feature template registration method

Also Published As

Publication number Publication date
CN118296660A (en) 2024-07-05

Similar Documents

Publication Publication Date Title
CN111628868B (en) Digital signature generation method and device, computer equipment and storage medium
CN110300112B (en) Block chain key hierarchical management method
CN112199649B (en) Anonymous authentication method under mobile edge computing based on blockchain
CN108632028A (en) Certification network
US7000110B1 (en) One-way function generation method, one-way function value generation device, proving device, authentication method, and authentication device
US8139765B2 (en) Elliptical polynomial-based message authentication code
CN104104517A (en) Method and system for verification of one time password
CN111147245A (en) Algorithm for encrypting by using national password in block chain
CN112907375B (en) Data processing method, device, computer equipment and storage medium
CN111262704A (en) SM9 digital signature generation method and device, computer equipment and storage medium
CN113141247B (en) Homomorphic encryption method, homomorphic encryption device, homomorphic encryption system and readable storage medium
CN101714919B (en) Forward Secure Digital Signature Algorithm Based on RSA Algorithm
Penubadi et al. Sustainable electronic document security: A comprehensive framework integrating encryption, digital signature and watermarking algorithms
Kavin et al. A modified digital signature algorithm to improve the biomedical image integrity in cloud environment
US11354427B2 (en) Encrypting/decrypting method for multi-digit number and encrypting/decrypting server
EP1714420B1 (en) One way authentication
CN111490874B (en) Distribution network safety protection method, system, device and storage medium
CN110034936B (en) Pierceable digital signature method
WO2023093278A1 (en) Digital signature thresholding method and apparatus
CN116664123A (en) Digital wallet design method based on blockchain technology
CN115550058A (en) Shared file transparent encryption method and system
CN113507367B (en) Online/offline integrity auditing method for outsourcing data in cloud environment
CN118296660B (en) Trusted terminal implementation method for sensor data acquisition
CN111756531A (en) Communication system and method of LoRa terminal based on CPK
CN113784342B (en) Encryption communication method and system based on Internet of things terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant