[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN111769938A - Key management system and data verification system of block chain sensor - Google Patents

Key management system and data verification system of block chain sensor Download PDF

Info

Publication number
CN111769938A
CN111769938A CN202010608426.0A CN202010608426A CN111769938A CN 111769938 A CN111769938 A CN 111769938A CN 202010608426 A CN202010608426 A CN 202010608426A CN 111769938 A CN111769938 A CN 111769938A
Authority
CN
China
Prior art keywords
blockchain
block chain
key
data
hmac
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010608426.0A
Other languages
Chinese (zh)
Other versions
CN111769938B (en
Inventor
斯雪明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Fulian Technology Co ltd
Original Assignee
Fujian Fulian Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Fulian Technology Co ltd filed Critical Fujian Fulian Technology Co ltd
Priority to CN202010608426.0A priority Critical patent/CN111769938B/en
Publication of CN111769938A publication Critical patent/CN111769938A/en
Application granted granted Critical
Publication of CN111769938B publication Critical patent/CN111769938B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a key management system of block chain sensor, data verification system, including a plurality of block chain nodes that can realize point-to-point communication and a plurality of block chain sensors that correspond with a plurality of block chain nodes and be connected, key management system stores all block chain sensor HMAC keys in this block chain node after the public key encryption of corresponding block chain node, and sign the HMAC key of the corresponding block chain sensor of this block chain node through aggregating the signature, verify all block chain sensor HMAC keys that this block chain node corresponds during the use through aggregating the signature, further guarantee the security of key storage, in order to solve the problem that block chain sensor key reveals easily. The data verification system verifies the data sent by the blockchain sensor to the corresponding blockchain node based on the first HMAC key, and the integrity of the information is protected by using a public key cryptosystem and verified by using an HMAC algorithm, so that the safety of data transmission is ensured.

Description

Key management system and data verification system of block chain sensor
Technical Field
The invention relates to the technical field of blockchain, in particular to a key management system and a data verification system of a blockchain sensor.
Background
The sensor, i.e. a detecting device, can sense the state change of the detected object, which can be expressed by some parameters and converted into data form to meet the requirements of data transmission, processing, storage, display, recording and control. With the advance of hardware bases such as Very Large Scale Integration (VLSI) and Micro Electro Mechanical System (MEMS) technologies, and radio frequency (radio frequency) technologies, the technology development of sensors is faster and wider, and the application range is wider.
Generally, a centralized management mode is adopted to manage sensors applied in the internet of things, and in this case, the credibility of the sensors in the internet of things cannot be guaranteed. For example, a sensor installed in a vehicle may be subjected to manipulation by some centralized mechanism, such as tampering with sensor data, when the vehicle collides with the vehicle, data such as a vehicle driving route, obstacle information, and vehicle driving related parameters recorded by the sensor. Therefore, the data credibility of the internet of things sensor in a centralized scene is questioned, and the credibility of a product detected by the sensor is further influenced. The method is an important means for combining the Internet of things and the block chain to form a credible Internet of things and ensure the credibility of products.
Fig. 1 is a diagram of a trusted internet of things topology combining an internet of things and a block chain, in fig. 1, a current block chain has n block chain link points and n internet of things nodes, each node manages a plurality of block chain sensors correspondingly, for example, an ith node manages mi block chain sensors correspondingly. In a credible internet of things, the credibility of a product is ensured by the credibility of a sensor, and to ensure the credibility of the sensor, the sensor is firstly changed into a block chain sensor, namely, the credibility of the (block chain) sensor is ensured by combining the sensor and the block chain in the internet of things by virtue of the characteristics of decentralization, non-falsification, whole-course trace retention, traceability, collective maintenance, public transparency and the like of the block chain.
In the analysis of the requirements of the blockchain sensor, the key security of the blockchain sensor is an important parameter, once a key is leaked, no matter how strong a cryptographic algorithm is, all cryptographic operations corresponding to the key are not safe, and at present, the key of the blockchain sensor does not have a complete set of key management method, and the security of the blockchain sensor can be seriously threatened by the leaked key.
Disclosure of Invention
The application provides a key management system and a data verification system of a block chain sensor, which aim to solve the problems that a key of the block chain sensor does not have a complete key management method at present and the key is easy to leak.
In one aspect, the present application provides a key management system for a blockchain sensor, including a plurality of blockchain nodes capable of implementing peer-to-peer communication and a plurality of blockchain sensors correspondingly connected to the plurality of blockchain nodes:
the blockchain sensor is configured to store an HMAC key of the blockchain sensor;
the blockchain node stores the same HMAC key, the blockchain node being configured to perform the steps of:
HMAC key encryption step: acquiring public and private key pairs of the block chain nodes and HMAC keys of a plurality of block chain sensors corresponding to each block chain node; for any block chain node, encrypting a plurality of corresponding HMAC keys of the block chain sensors according to the public key of the block chain node to generate a plurality of encrypted data;
a digital signature step: all block chain sensor HMAC keys are encrypted by public keys corresponding to the block chain nodes and then stored in the block chain nodes, and for any block chain node, digital signature is carried out on a plurality of corresponding encrypted data according to the private key of the block chain node to generate a plurality of corresponding digital signature data;
and (3) aggregating and signing: for any block chain node, performing aggregate signature on the corresponding digital signature data to generate aggregate signature data corresponding to the block chain node;
HMAC key verification step: verifying, for any of the blockchain nodes, an HMAC key of the blockchain sensor by the aggregated signature data; if the aggregated signature data passes the verification and the HMAC key passes the verification, the blockchain sensor sends data to the blockchain nodes;
and recording the verified HMAC key as a first HMAC key.
Optionally, the blockchain node is further configured to perform the following steps:
and aiming at any block chain node, when the aggregated signature is carried out for the first time, verifying all digital signature data corresponding to the aggregated signature, and verifying the aggregated signature result when the aggregated signature is initialized, wherein the verification mode of the aggregated signature result is predetermined by the block chain node.
Optionally, the verification mode of the digital signature data is determined by pre-negotiation between the blockchain node and the blockchain sensor.
Optionally, the blockchain node is further configured to perform the following steps:
and storing the public key of the block chain node and the public key of the block chain sensor in a plaintext form, wherein the public key of the block chain node and the public key of the block chain sensor are public to all the block chain link points.
Optionally, the blockchain node is further configured to decrypt the HMAC key by a private key unique to the blockchain node in performing the HMAC key encryption step.
Optionally, the HMAC key is stored in the blockchain sensor and the corresponding blockchain node.
On the other hand, the present application further provides a data verification system for a blockchain sensor, including a plurality of blockchain nodes capable of implementing peer-to-peer communication and a plurality of blockchain sensors correspondingly connected to the plurality of blockchain nodes, where the data verification system verifies, based on a first HMAC key, data sent by the blockchain sensor to the corresponding blockchain node:
the blockchain sensor is configured to perform the steps of:
calculating a second HMAC value: acquiring data sent by any blockchain sensor to the corresponding blockchain node and a second HMAC key of the blockchain sensor; calculating an HMAC value according to the data and the second HMAC key to generate a second HMAC value;
and (3) ciphertext encryption: encrypting the data according to the public key of the corresponding block chain node to generate transmission ciphertext data;
ciphertext digital signature: performing digital signature on the transmission ciphertext data according to a private key of the block chain sensor to generate ciphertext digital signature data;
and sending the second HMAC value, the transmission ciphertext data and the ciphertext digital signature data to the corresponding block chain node.
Optionally, the block link point verifies the integrity of the data based on the first HMAC key:
the blockchain node is configured to perform the steps of:
and (3) ciphertext decryption: decrypting the transmission ciphertext data according to the private key of the corresponding block chain node to generate decrypted data;
and (3) ciphertext digital signature verification: verifying the ciphertext digital signature data according to the public key of the block chain sensor, and if the ciphertext digital signature data passes the verification, approving the decrypted data;
a first HMAC value calculating step: calculating an HMAC value according to the decrypted data and the first HMAC key to generate a first HMAC value;
data integrity verification step: and comparing the first HMAC value with the second HMAC value, and if the first HMAC value is the same as the second HMAC value, the data integrity is verified.
Optionally, the blockchain sensor is further configured to store a public key of the blockchain node.
Optionally, the verification mode of the ciphertext digital signature is determined by pre-negotiation between the block chain node and the block chain sensor.
According to the technical scheme, the key management system and the data verification system of the block chain sensor comprise a plurality of block chain nodes capable of realizing point-to-point communication and a plurality of block chain sensors correspondingly connected with the block chain nodes, the key management system encrypts and stores HMAC keys of all the block chain sensors in the block chain nodes through public keys of the corresponding block chain nodes, signs the HMAC keys of all the block chain sensors corresponding to the block chain nodes through aggregation signatures, and verifies the HMAC keys of all the block chain sensors corresponding to the block chain nodes through the aggregation signatures during use, so that the safety of key storage is further ensured, and the problems that the block chain sensor keys do not have a complete set of key management method at present and the keys are easy to leak are solved. The data verification system verifies data sent by the blockchain sensor to the corresponding blockchain node based on the first HMAC key, the data transmitted by the sensor is protected by a public key cryptosystem, and the integrity of information is verified by using an HMAC algorithm, so that the safety of data transmission is ensured.
Drawings
In order to more clearly explain the technical solution of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious to those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a topological diagram of a key management system of a blockchain sensor according to an embodiment of the present disclosure;
fig. 2 is a flowchart illustrating an actual operation of a key management system of a blockchain sensor according to an embodiment of the present disclosure;
fig. 3 is a flowchart illustrating an actual operation of a data verification system of a blockchain sensor according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application. The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
At present, a set of perfect key management method is not provided for the key of the blockchain sensor, the security of the blockchain sensor is seriously threatened by the leaked key, and in order to solve the problem that the key of the blockchain sensor is easy to leak, the application discloses a key management system of the blockchain sensor and a data verification system of the blockchain sensor.
For the sake of understanding, the related concepts and terms of art appearing in the present application are explained in detail herein. The execution main bodies in the application are two, namely a block chain node and a block chain sensor. The block link point refers to that a computer or other equipment is connected with a network which has an independent address and has the function of transmitting or receiving data, and the node can be a workstation, a client, a network user or a personal computer, and can also be equipment connected with other networks; the blockchain sensors are correspondingly connected with the nodes, one blockchain node can correspond to one or more blockchain sensors, and the blockchain sensors can send data to the corresponding blockchain nodes.
The keys involved in this application fall into two categories: one is a public key and a private key, the public key is published to other people by a holder, and the public key is used for encrypting data; the private key is held by the owner and can not be published, the data encrypted by the public key can only be decrypted by using the private key, and each block chain link point and each block chain sensor in the application are respectively provided with a public and private key pair correspondingly; another type of key is an HMAC key, which can be regarded as a secret parameter of a smart device, and is customized by a product or a user, in this application, the sensor is a smart device, which can carry or be customized with the HMAC key parameter, in this application, the HMAC key parameter carried by or customized to the blockchain sensor is defined as an HMAC key of the blockchain sensor, which is abbreviated as an HMAC key, and the key management system of the blockchain sensor manages the HMAC key.
In the key management system of the block chain sensor, all HMAC keys of the block chain sensor are encrypted by keys of corresponding block chain nodes and then stored in the block chain link points, and the HMAC keys of all block chain sensors corresponding to the block chain link points can be verified through a polymerization signature in use, so that the safety of key storage is further ensured; the data verification system of the block chain sensor protects the data sent by the block chain sensor by using a public key cryptosystem and verifies the integrity of the data by using an HMAC algorithm on the basis of the data verification system of the block chain sensor, thereby ensuring the safety of the sent data.
For convenience of description, the key management system of the blockchain sensor is simply referred to as the key management system, and the data verification system of the blockchain sensor is simply referred to as the data verification system.
In a first aspect, the present application provides a key management system, which includes a plurality of block chain nodes capable of implementing peer-to-peer communication and a plurality of block chain sensors correspondingly connected to the plurality of block chain link points, see fig. 1, fig. 1 is a key management system topology diagram of a block chain sensor provided in an embodiment of the present application, and is also a trusted internet of things topology diagram combining an internet of things and a block chain, as can be seen from fig. 1, there are n block chain nodes capable of implementing peer-to-peer communication in the key management system, mi block chain sensors are common in an i-th block chain link point, each block chain link point corresponds to a set of public key pairs, each block chain sensor stores its own HMAC key, and the block chain link points corresponding to the chain block chain sensors store the same HMAC key (i.e., the HMAC key only has the block chain link points corresponding to the block chain sensors and the block chain link points corresponding to the block chain sensors), in an actual working scenario, for convenience of description, the following description is made on an actual working flow of the key management system by taking the ith block chain node as an example.
Referring to fig. 2, fig. 2 is a flowchart illustrating an actual operation of a key management system of a blockchain sensor according to an embodiment of the present invention, where a public-private key pair of an ith blockchain node is assumed to be { Mpk }i,MskiCorresponding to mi block chain sensors under the ith block chain link point, wherein the HMAC keys of the mi block chain sensors are keys respectivelyi 1、keyi 2……keyi miIn this embodiment, the key is stored in the ith blockchain node corresponding to the blockchain sensor, and the HMAC key of each blockchain sensor is stored in the corresponding blockchain sensori 1、keyi 2……keyi miThe keys are managed in the key management system, that is, the management of the HMAC key of the blockchain sensor stored in any blockchain node is the same for each node key management manner, in this embodiment, taking the ith blockchain node as an example, and referring to fig. 2, a blockchain link point i is configured to perform the following steps:
mi blockchain sensor HMAC keys pass through public key Mpk of corresponding blockchain node iiThe encrypted block chain nodes are stored in the block chain link point i (here, the block chain node i is the ith block chain node), and the HMAC keys of the mi block chain sensors corresponding to the block chain node i are signed by the aggregation signature, specifically:
HMAC key encryption step: according to the public key Mpk of blockchain node iiEncrypting the HMAC keys of the corresponding mi blockchain sensors, wherein the HMAC key of the first blockchain sensor is keyi 1Public key Mpk passing through corresponding blockchain node iiAfter encryption, the result of encrypting the data is EncMpki(keyi 1) Is denoted by w1(ii) a HMAC key of the second blockchain sensori 2Public key Mpk passing through corresponding blockchain node iiAfter encryption, the result of encrypting the data is EncMpki(keyi 2) Is denoted by w2(ii) a By analogy, the result of encrypting the HMAC key of the mi-th blockchain sensor is EncMpki(keyi mi) Is denoted by wmiI.e. public key Mpk passing through corresponding blockchain node iiAfter encryption, the plurality of encrypted data generated by the HMAC keys of the mi blockchain sensors are respectively w1、w2……wmi(ii) a It should be noted that only the blockchain node i can use its own unique private key MskiDecrypt out w1、w2……wmi
A digital signature step: all HMAC keys of the block chain sensor are encrypted by public keys of corresponding block chain nodes and then stored in the block chain nodes, digital signature is carried out on a plurality of corresponding encrypted data according to private keys of the block chain nodes aiming at any block chain node to generate a plurality of corresponding digital signature data, and still taking block chain link point i as an example, the specific process is that the block chain link point i uses a private key MskiTo w1、w2……wmiRespectively carrying out digital signature, wherein the result of the block chain node i on the digital signature data of the encrypted data is as follows: sigMski(w1),……,SigMski(wmi) Are respectively marked as S1,S2,……,Smi
And (3) aggregating and signing: and performing aggregate signature on the plurality of corresponding digital signature data aiming at any block chain node to generate aggregate signature data corresponding to the block chain node. The aggregated signature is a variant signature scheme for aggregating any multiple signatures into one signature, and the aggregated signature is a digital signature with additional properties, which has compression and batch processing properties1,S2,……,SmiThe aggregate signature is AggS (S)1,S2,……,Smi) That is, a plurality of signatures respectively signed by a plurality of users on a plurality of messages can be aggregated into one short signature, and in actual work, the more advantageous factor lies in the generated aggregationThe public signature is verifiable, and in combination with the application, the HMAC key can be verified through the verification of the aggregated signature data.
HMAC key verification step: verifying an HMAC key of a block chain sensor by aggregating signature data aiming at any block chain node; and if the aggregated signature data passes the verification and the HMAC key passes the verification, the block chain sensor sends data to the block chain nodes. In connection with the present application, the blockchain link point i only needs to verify the aggregate signature AggS (S) when verifying the blockchain sensor HMAC key1,S2,……,Smi) Determining S1,S2,……,SmiThe correctness of (1) can be regarded as w1,w2,……,wmiCorresponding keyi 1,……,keyi miAnd (6) passing the verification. For any block chain node, the verification of the aggregated signature comprises two scenes according to actual conditions, when the aggregated signature is performed for the first time, all digital signature data corresponding to the aggregated signature are verified, and when the aggregated signature is initialized, the verification of the aggregated signature result is specifically as follows:
in a first scenario of aggregated signatures, when aggregated signatures are performed for the first time, all digital signature data corresponding to the aggregated signatures need to be verified, and in combination with the application, for a block chain node i, digital signature data S needs to be verified1,S2,……,SmiAll the verifications are carried out. The verification method of the digital signature data is determined by block chain nodes and block chain sensors in advance, for example, one verification method of the digital signature data may be as follows: the summary information is encrypted by the private key of the sender and transmitted to the receiver together with the original text, the receiver decrypts the encrypted summary information by using the public key of the receiver, and then generates summary information for the received original text by using the HASH function, and the summary information is compared with the decrypted summary information. If the two information are the same, the received information is complete and is not modified in the transmission process, otherwise, the information is modified, and therefore the digital signature can verify the integrity of the information. It should be noted that all the digital signature data S need only be subjected to preliminary aggregate signature1,S2,……,SmiAnd (4) verifying, wherein after the first verification is passed, all digital signature data do not need to be verified any more, and only the aggregated signature result needs to be verified.
The other scenario of the aggregated signature verification is to verify the aggregated signature result, and the verification mode of the aggregated signature result is predetermined by the block link point. For example, the aggregated signature result may be a product of each digital signature data, and the verifier only needs to verify the aggregated signature once, so as to be sure whether the signature comes from a designated user and signs a plurality of messages respectively, thereby greatly improving the signature verification and transmission efficiency. The aggregated signature result may also be another algorithm customized by the user according to actual needs, and the application is not particularly limited. In practical application, when a key management system is initialized, initialization authentication needs to be performed, where the initialization includes, for example, a case of starting up or restarting the system every day, the initialization authentication refers to storing any HMAC key of a block chain sensor in a block chain link point after being encrypted by a public key of the corresponding block chain node, and when the system is used, the HMAC keys of all block chain sensors corresponding to the block chain link point can be verified through an aggregation signature, so that the security of key storage is further ensured, the verified HMAC key is denoted as a first HMAC key, and the first HMAC key is used for verifying data sent by the block chain sensor to the corresponding block chain node in a data verification system.
In a second aspect, the present application provides a data verification system, including a plurality of block chain nodes capable of implementing peer-to-peer communication and a plurality of block chain sensors correspondingly connected to the plurality of block chain nodes, where the data verification system verifies data sent to a corresponding block chain node based on a first HMAC key, referring to fig. 3, fig. 3 is an actual work flow diagram of the data verification system for a block chain sensor provided in an embodiment of the present application, the data verification system includes two parts, where the two parts are different execution bodies, the first part is processing of data to be sent by the block chain sensor, the execution body is the block chain sensor, the other part is verifying data sent by a node corresponding to the block chain sensor, and the execution body is the block chain node, and the two parts are respectively described below.
In the first section, the blockchain sensor transmits data to the corresponding blockchain link points. For any blockchain sensor, when sending data to a corresponding blockchain link, the blockchain sensor sends encrypted data, a digital signature and an HMAC value to the corresponding blockchain link based on its HMAC key, specifically, in this process, the blockchain sensor is configured to perform the following steps:
calculating a second HMAC value: and acquiring data sent by any blockchain sensor to the corresponding blockchain node, and calculating an HMAC value of the blockchain sensor transmission data. In this embodiment, it is assumed that the data sent by the jth sensor in the ith block chain node to the block link point i is a Message, and a public-private key pair of the jth sensor in the ith block chain node is a public-private key pair
Figure BDA0002559999190000071
The HMAC key of the jth blockchain sensor itself is
Figure BDA0002559999190000072
To distinguish from the first HMAC key, we will here distinguish the HMAC key of the jth blockchain sensor
Figure BDA0002559999190000073
And calculating an HMAC value according to the data Message and the second HMAC key in the way of calculating as a second HMAC key
Figure BDA0002559999190000074
A second HMAC value is generated.
And (3) ciphertext encryption: the public key of the blockchain node i is also stored in the corresponding blockchain sensor, that is, the jth sensor stores the public key of the corresponding blockchain node, and the public key is used for Mpk according to the public key of the blockchain link point i corresponding to the jth sensoriEncrypting the Message to generate the EncMpki(Message);
Cipher text digital signature step: according to the private key of the jth sensor
Figure BDA0002559999190000075
For transmission ciphertext data EncMpki(Message) digitally signing the data to generate ciphertext digitally signed data
Figure BDA0002559999190000076
Transmitting the second HMAC value of the jth sensor and the transmission ciphertext data EncMpki(Message), ciphertext digital signature data
Figure BDA0002559999190000077
And sending the data Message to the corresponding block link point i, so that the process that the jth sensor in the ith block chain node sends the data Message to the block link point i is completed.
In the second part, the block chain link points verify the data sent by the block chain sensors. After the jth sensor in the ith block chain node sends the data Message to the block chain node point i, the ith block chain node point is to verify the integrity of the data based on the first HMAC key, and in this process, the block chain node is configured to perform the following steps:
and (3) ciphertext decryption: private key Msk according to corresponding block link point iiDecrypting transmission ciphertext data EncMpki(Message) generating decrypted data Message;
and (3) ciphertext digital signature verification: according to the public key of the jth sensor
Figure BDA0002559999190000078
Verifying ciphertext digital signature data
Figure BDA0002559999190000079
(EncMpki(Message)), if the ciphertext digital signature data passes the verification, the decrypted data is approved, wherein the verification mode of the ciphertext digital signature is determined by the block chain node and the block chain sensor in advance through negotiation, and the verification mode of the ciphertext digital signature data and the digital signature data verification of the encrypted dataThe same is true, as already described in the key management system, and the description is not repeated here.
A first HMAC value calculating step: validating a second HMAC value with a blockchain node i
Figure BDA00025599991900000710
If the verification is passed, the transmission information Message can be determined to be correct and complete, and the HMAC value is calculated according to the decrypted data Message and the first HMAC key to generate a first HMAC value;
data integrity verification step: and comparing the first HMAC value with the second HMAC value, if the first HMAC value is the same as the second HMAC value, the data integrity passes the verification, which indicates that the data is not damaged in the transmission process, and if the first HMAC value is different from the second HMAC value, which indicates that the data is damaged or has other abnormality in the transmission process, the data is incomplete.
In the key management system and the data verification system of the blockchain sensor, public keys of all blockchain sensors and blockchain nodes are stored in corresponding blockchain link points in a plaintext form, and are written into a distributed account book through a blockchain consensus mechanism, and all blockchain link points are published for the use of the blockchain nodes or the blockchain sensors, such as encryption calculation, digital signature and the like.
According to the technical scheme, the key management system and the data verification system of the block chain sensor comprise a plurality of block chain nodes capable of realizing point-to-point communication and a plurality of block chain sensors correspondingly connected with the block chain nodes, the key management system encrypts and stores HMAC keys of all the block chain sensors in the block chain nodes through public keys of the corresponding block chain nodes, signs the HMAC keys of all the block chain sensors corresponding to the block chain nodes through aggregation signatures, and verifies the HMAC keys of all the block chain sensors corresponding to the block chain nodes through the aggregation signatures during use, so that the safety of key storage is further ensured, and the problems that the block chain sensor keys do not have a complete set of key management method at present and the keys are easy to leak are solved. The data verification system verifies data sent by the blockchain sensor to the corresponding blockchain node based on the first HMAC key, the data transmitted by the sensor is protected by a public key cryptosystem, and the integrity of information is verified by using an HMAC algorithm, so that the safety of data transmission is ensured.
The embodiments provided in the present application are only a few examples of the general concept of the present application, and do not limit the scope of the present application. Any other embodiments extended according to the scheme of the present application without inventive efforts will be within the scope of protection of the present application for a person skilled in the art.

Claims (10)

1. A key management system of a blockchain sensor comprises a plurality of blockchain nodes capable of realizing point-to-point communication and a plurality of blockchain sensors correspondingly connected with the plurality of blockchain nodes, and is characterized in that:
the blockchain sensor is configured to store an HMAC key of the blockchain sensor;
the blockchain node stores the same HMAC key, the blockchain node being configured to perform the steps of:
HMAC key encryption step: acquiring public and private key pairs of the block chain nodes and HMAC keys of a plurality of block chain sensors corresponding to each block chain node; for any block chain node, encrypting a plurality of corresponding HMAC keys of the block chain sensors according to the public key of the block chain node to generate a plurality of encrypted data;
a digital signature step: all block chain sensor HMAC keys are encrypted by public keys corresponding to the block chain nodes and then stored in the block chain nodes, and for any block chain node, digital signature is carried out on a plurality of corresponding encrypted data according to the private key of the block chain node to generate a plurality of corresponding digital signature data;
and (3) aggregating and signing: for any block chain node, performing aggregate signature on the corresponding digital signature data to generate aggregate signature data corresponding to the block chain node;
HMAC key verification step: verifying, for any of the blockchain nodes, an HMAC key of the blockchain sensor by the aggregated signature data; if the aggregated signature data passes the verification and the HMAC key passes the verification, the blockchain sensor sends data to the blockchain nodes;
and recording the verified HMAC key as a first HMAC key.
2. The key management system for blockchain sensors of claim 1, wherein the blockchain node is further configured to perform the steps of:
and aiming at any block chain node, when the aggregated signature is carried out for the first time, verifying all digital signature data corresponding to the aggregated signature, and verifying the aggregated signature result when the aggregated signature is initialized, wherein the verification mode of the aggregated signature result is predetermined by the block chain node.
3. The key management system of blockchain sensors of claim 1, wherein the verification of the digitally signed data is determined by a pre-negotiation between the blockchain node and the blockchain sensor.
4. The key management system for blockchain sensors of claim 1, wherein the blockchain node is further configured to perform the steps of:
and storing the public key of the block chain node and the public key of the block chain sensor in a plaintext form, wherein the public key of the block chain node and the public key of the block chain sensor are public to all the block chain link points.
5. The key management system of blockchain sensors of claim 1, wherein the blockchain nodes are further configured to decrypt an HMAC key with a private key unique to the blockchain node in performing the HMAC key encryption step.
6. The key management system of blockchain sensors of claim 1, wherein the HMAC key is stored in the blockchain sensor and the corresponding blockchain node.
7. A data verification system of a blockchain sensor comprises a plurality of blockchain nodes capable of realizing point-to-point communication and a plurality of blockchain sensors correspondingly connected with the plurality of blockchain nodes, and is characterized in that the data verification system verifies data sent by the blockchain sensors to the corresponding blockchain nodes based on a first HMAC key, and the data verification system is characterized in that:
the blockchain sensor is configured to perform the steps of:
calculating a second HMAC value: acquiring data sent by any blockchain sensor to the corresponding blockchain node and a second HMAC key of the blockchain sensor; calculating an HMAC value according to the data and the second HMAC key to generate a second HMAC value;
and (3) ciphertext encryption: encrypting the data according to the public key of the corresponding block chain node to generate transmission ciphertext data;
ciphertext digital signature: performing digital signature on the transmission ciphertext data according to a private key of the block chain sensor to generate ciphertext digital signature data;
and sending the second HMAC value, the transmission ciphertext data and the ciphertext digital signature data to the corresponding block chain node.
8. The data verification system for blockchain sensors of claim 7, said blockchain nexus verifying integrity of said data based on said first HMAC key, wherein:
the blockchain node is configured to perform the steps of:
and (3) ciphertext decryption: decrypting the transmission ciphertext data according to the private key of the corresponding block chain node to generate decrypted data;
and (3) ciphertext digital signature verification: verifying the ciphertext digital signature data according to the public key of the block chain sensor, and if the ciphertext digital signature data passes the verification, approving the decrypted data;
a first HMAC value calculating step: calculating an HMAC value according to the decrypted data and the first HMAC key to generate a first HMAC value;
data integrity verification step: and comparing the first HMAC value with the second HMAC value, and if the first HMAC value is the same as the second HMAC value, the data integrity is verified.
9. The data validation system of a blockchain sensor of claim 7, wherein the blockchain sensor is further configured to store a public key of the blockchain node.
10. The data verification system of a blockchain sensor according to claim 7, wherein a verification manner of the ciphertext digital signature is determined by pre-negotiation between the blockchain node and the blockchain sensor.
CN202010608426.0A 2020-06-29 2020-06-29 Key management system and data verification system of block chain sensor Active CN111769938B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010608426.0A CN111769938B (en) 2020-06-29 2020-06-29 Key management system and data verification system of block chain sensor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010608426.0A CN111769938B (en) 2020-06-29 2020-06-29 Key management system and data verification system of block chain sensor

Publications (2)

Publication Number Publication Date
CN111769938A true CN111769938A (en) 2020-10-13
CN111769938B CN111769938B (en) 2023-03-24

Family

ID=72724254

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010608426.0A Active CN111769938B (en) 2020-06-29 2020-06-29 Key management system and data verification system of block chain sensor

Country Status (1)

Country Link
CN (1) CN111769938B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112948886A (en) * 2021-03-26 2021-06-11 重庆倍来电新能源有限公司 Method for improving data transmission security based on block chain
CN113190860A (en) * 2021-05-07 2021-07-30 福建福链科技有限公司 Block chain sensor data authentication method and system based on ring signature
CN113660143A (en) * 2021-08-20 2021-11-16 国网安徽省电力有限公司电力科学研究院 Intelligent sensor protocol testing method
CN113709096A (en) * 2021-06-24 2021-11-26 北京农业信息技术研究中心 Livestock asset management identity authentication method and system
CN113987594A (en) * 2021-10-26 2022-01-28 深圳前海微众银行股份有限公司 Block chain signature management method and device
CN116684095A (en) * 2023-08-02 2023-09-01 杭州希智电子有限公司 Sensor data encryption method and system based on Internet of things

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110300112A (en) * 2019-07-02 2019-10-01 石家庄铁道大学 Block chain key tiered management approach
CN110430039A (en) * 2019-07-19 2019-11-08 瑞纳智能设备股份有限公司 A kind of production management system and method based on block chain
US20200076586A1 (en) * 2017-11-10 2020-03-05 Tencent Technology (Shenzhen) Company Limited Signature generation method, electronic device, and storage medium
CN110944301A (en) * 2019-12-02 2020-03-31 重庆瑞坤科技发展股份有限公司 Intelligent cell equipment monitoring system based on block chain and key management method
CN111275419A (en) * 2020-01-17 2020-06-12 上海佩俪信息科技有限公司 Block chain wallet signature right confirming method, device and system
CN111314067A (en) * 2020-02-05 2020-06-19 腾讯科技(深圳)有限公司 Block storage method and device, computer equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200076586A1 (en) * 2017-11-10 2020-03-05 Tencent Technology (Shenzhen) Company Limited Signature generation method, electronic device, and storage medium
CN110300112A (en) * 2019-07-02 2019-10-01 石家庄铁道大学 Block chain key tiered management approach
CN110430039A (en) * 2019-07-19 2019-11-08 瑞纳智能设备股份有限公司 A kind of production management system and method based on block chain
CN110944301A (en) * 2019-12-02 2020-03-31 重庆瑞坤科技发展股份有限公司 Intelligent cell equipment monitoring system based on block chain and key management method
CN111275419A (en) * 2020-01-17 2020-06-12 上海佩俪信息科技有限公司 Block chain wallet signature right confirming method, device and system
CN111314067A (en) * 2020-02-05 2020-06-19 腾讯科技(深圳)有限公司 Block storage method and device, computer equipment and storage medium

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112948886A (en) * 2021-03-26 2021-06-11 重庆倍来电新能源有限公司 Method for improving data transmission security based on block chain
CN113190860A (en) * 2021-05-07 2021-07-30 福建福链科技有限公司 Block chain sensor data authentication method and system based on ring signature
CN113190860B (en) * 2021-05-07 2024-03-01 福建福链科技有限公司 Block chain sensor data authentication method and system based on ring signature
CN113709096A (en) * 2021-06-24 2021-11-26 北京农业信息技术研究中心 Livestock asset management identity authentication method and system
CN113709096B (en) * 2021-06-24 2023-08-04 北京农业信息技术研究中心 Livestock asset management identity authentication method and system
CN113660143A (en) * 2021-08-20 2021-11-16 国网安徽省电力有限公司电力科学研究院 Intelligent sensor protocol testing method
CN113987594A (en) * 2021-10-26 2022-01-28 深圳前海微众银行股份有限公司 Block chain signature management method and device
CN116684095A (en) * 2023-08-02 2023-09-01 杭州希智电子有限公司 Sensor data encryption method and system based on Internet of things
CN116684095B (en) * 2023-08-02 2023-09-29 杭州希智电子有限公司 Sensor data encryption method and system based on Internet of Things

Also Published As

Publication number Publication date
CN111769938B (en) 2023-03-24

Similar Documents

Publication Publication Date Title
US11323276B2 (en) Mutual authentication of confidential communication
CN111769938B (en) Key management system and data verification system of block chain sensor
US11108565B2 (en) Secure communications providing forward secrecy
US8670563B2 (en) System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
US11223486B2 (en) Digital signature method, device, and system
US11870891B2 (en) Certificateless public key encryption using pairings
US9705683B2 (en) Verifiable implicit certificates
CN110597836B (en) Information inquiry request response method and device based on block chain network
JP6041864B2 (en) Method, computer program, and apparatus for data encryption
CN109309566A (en) A kind of authentication method, device, system, equipment and storage medium
US20220038267A1 (en) Methods and devices for secured identity-based encryption systems with two trusted centers
JP5393594B2 (en) Efficient mutual authentication method, program, and apparatus
CN111565108B (en) Signature processing method, device and system
CN115549910B (en) Data transmission method, equipment and storage medium
Barker Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
JP5004086B2 (en) Authentication system using short sequences
CN116471081B (en) Indoor security anonymous authentication method based on Internet of things technology
CN116599771B (en) Data hierarchical protection transmission method and device, storage medium and terminal
JP3862397B2 (en) Information communication system
CN114240428A (en) Data transmission method and device, data transaction terminal and data supplier

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant