CN113271290A - Digital identity management device based on block chain - Google Patents
Digital identity management device based on block chain Download PDFInfo
- Publication number
- CN113271290A CN113271290A CN202011596050.2A CN202011596050A CN113271290A CN 113271290 A CN113271290 A CN 113271290A CN 202011596050 A CN202011596050 A CN 202011596050A CN 113271290 A CN113271290 A CN 113271290A
- Authority
- CN
- China
- Prior art keywords
- module
- key
- intelligent equipment
- public key
- intelligent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract description 13
- 238000007726 management method Methods 0.000 claims description 112
- 230000005540 biological transmission Effects 0.000 claims description 40
- 238000006243 chemical reaction Methods 0.000 claims description 10
- 230000007175 bidirectional communication Effects 0.000 claims description 8
- 230000007704 transition Effects 0.000 claims description 8
- 230000006854 communication Effects 0.000 claims description 7
- 238000001514 detection method Methods 0.000 claims description 6
- 230000002457 bidirectional effect Effects 0.000 claims description 4
- 239000000284 extract Substances 0.000 claims description 4
- 230000001960 triggered effect Effects 0.000 claims description 3
- 238000004088 simulation Methods 0.000 claims 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a block chain-based digital identity management device, which comprises a storage device, an identity management main body and a right management body; the intelligent equipment is managed in a centralized way, safety information containing the intelligent equipment and identity information of the intelligent equipment are managed, inquiry service is provided, and the integrity of the whole process is ensured through the cooperation of all modules.
Description
Technical Field
The invention relates to the field of application of block chains, in particular to a digital identity management device based on a block chain.
Background
Basically, digital identity is a key point in the transparency and trust of the connected world, and trust is future hard currency. When hundreds of millions of people connect to countless interrelated machines and devices, all of their identity, contact, transaction, data integrity, and privacy must be optimally managed and protected. If the legitimacy of the identity authentication or transaction, or the protection and integrity of the data, is not trusted, there is no sustainable business. There is no key point for tracking digital identity authentication explicitly. The blockchain provides a possibility for tracking the digital identity of the smart device.
Disclosure of Invention
The present invention provides a block chain based digital identity management device that solves or partially solves the above-mentioned problems.
In order to achieve the effect of the technical scheme, the technical scheme of the invention is as follows: the digital identity management device comprises a storage device, an identity management main body and a right management body; the storage device comprises a bridging module, a key module, a safety guarantee module and a cooperation module, and is used for generating and storing a private key and a public key of the intelligent device; the identity management body comprises a bidirectional communication module and an implementation module, the identity management body is used for providing a service for managing and inquiring related information of the intelligent equipment for a user, the authority management body comprises a summarizing module and a declaration module, and the authority management body is used for storing the information of the intelligent equipment for the intelligent equipment; the digital identity management device is provided with a main management user and a plurality of auxiliary management users, the main management user is used for managing the digital identity management device, and the auxiliary management users are used for cooperating the main management user to manage the digital identity management device;
an implementation module on the identity management main body is responsible for building a user interface of the digital identity management device, a user can apply for adding intelligent equipment on the digital identity management device on the user interface, once each intelligent equipment is added, the intelligent equipment applies to a bridging module through a two-way communication module, after receiving the application, the bridging module informs a safety guarantee module, the safety guarantee module immediately initializes and creates a private key and a public key group and stores the private key and the public key group, the public key group comprises one or more public keys of the intelligent equipment, wherein the safety guarantee module designates a public key in the public key group as an identity public key of the intelligent equipment, the identity public key is used for representing the ID number of the intelligent equipment on the digital identity management device, the private key is added into a secret key module, the identity public key is copied and transmitted to the two-way communication module through the bridging module, and the two-way communication module is stored in the implementation module, the user can check the identity public key of the intelligent equipment through the user interface, the management node can manage the identity public key, and the public keys except the identity public key in the public key group are used for corresponding to the functions of the intelligent equipment, namely one public key corresponds to the function of each intelligent equipment and is used for replacing the function representing the intelligent equipment in the digital identity management device;
the cooperation module is responsible for storing all simulators of the intelligent equipment added to the digital identity management device, and each simulator is an agent node of each intelligent equipment on the digital identity management device, namely the intelligent equipment added to the digital identity device exists on the digital identity device in the form of the agent node; the safety guarantee module is responsible for marking an identity public key on the analog body so as to distinguish different intelligent devices, and configuring a key interface for the analog body, wherein the key interface is used for providing a private key or a public key of the intelligent device; the key interface is provided with two interface modes, namely an interface mode I and an interface mode II which respectively correspond to a public key of the provided intelligent equipment and a private key of the provided intelligent equipment, and the interface mode is used for representing the two modes of the key interface and distinguishing the public key or the private key of the provided intelligent equipment; the cooperation module establishes conversion triggering between the two interface modes, wherein the conversion triggering S (w, b) is triggered by an analog body or a main management user, the conversion triggering is restrained by an effective value w and a conversion value b, and the conversion triggering is used for representing conversion between the two interface modes of the key interface; the valid value w is used for controlling the closing and opening of the key interface, and when the valid value w is 1, the key interface is opened to provide a private key or a public key of the intelligent device; when the effective value w is 0, the key interface is closed, and the private key or the public key of the intelligent device is not provided; when the conversion value b is 1, the interface mode is a private key mode which indicates that a private key of the intelligent device is provided, and when the conversion value b is 0, the interface mode is a public key mode which indicates that a secret key interface provides all public keys of the intelligent device; when the effective value w is set by a master management user, w of all simulators changes uniformly, when the effective value w is set to be 0, the key interfaces of all simulators are closed, when the effective value w is set to be 1, the key interfaces of all simulators with b being 1 are in an interface mode II, the private keys of the intelligent equipment are provided uniformly, and the key interfaces of all simulators with b being 0 are in an interface mode I, and the public keys of the intelligent equipment are provided uniformly; when the effective value w is set by the analog body independently, the w is set to be 1, the b of the analog body is set to be 1, the key interface is in the interface mode II and provides a private key of the intelligent device, the b of the analog body is 0, the key interface is in the interface mode I and provides a public key of the intelligent device, the w is set to be 0, and the key interface of the analog body is closed; wherein S represents a transition trigger; after w is set to 1, w is automatically changed to 0 after p minutes, and p is a positive integer and is specified by a main management user;
the primary management user designates a query period, the secondary management user can query the public key and the private key of the intelligent device through a user interface built on the identity management main body in the query period, the query period is used for limiting the time for the secondary management user to query the public key and the private key of the intelligent device, meanwhile, the primary management user designates a communicator among the users, the communicator designates more than one special time number in the query period, the special time number is a positive integer which is more than or equal to 0, the special time number is used for limiting the query of the secondary management user, when the assistant management user inquires the public key and the private key of the intelligent device through the user interface in the inquiry period, the implementation module extracts the time of inquiry, randomly extracting the time value of the time in minutes or the time value of the time in seconds during query, and allowing the application transmission to continue when the extracted time value is equal to the special time number;
the bidirectional transmission module constructs a transmission channel during transmission, the transmission channel is used for a channel for transmission between the bridging module and the bidirectional transmission module, an address is owned by the storage device and is used for distinguishing the transmission channel from other transmission channels, the address of the transmission channel on the identity management main body is equal to a value obtained by inputting a special time number with an extracted time value to a transmission address function g, the transmission address function g is used for calculating the address of the transmission channel, and the transmission channel is replaced after each query time period; after the address of the transmission channel is obtained, whether the transmission channel is used or not is checked, if the transmission channel is used, the right of the auxiliary management user to continue inquiring in the current inquiring period is cancelled, if the transmission channel is not used, the auxiliary management user continues inquiring, the auxiliary management user can provide the identity public key of the intelligent equipment needing inquiring, a key interface of the simulator is found according to the identity public key of the intelligent equipment needing inquiring, and a private key or a public key of the intelligent equipment is provided according to an interface mode of the key interface; if w is set to 1 by the primary management user, the secondary management user can inquire the public keys or the private keys of all the intelligent devices;
the authority management body comprises a summarizing module and a declaration module; the summarizing module is responsible for creating identity information of the intelligent equipment, a detection process is carried out before the identity information is created, and the detection process is used for testing whether the intelligent equipment has the right of the identity information of the created intelligent equipment; the identity information comprises a public key group of the intelligent equipment, and the public key group is extracted from the safety guarantee module by the bridging module and then added; the added declaration module is added to create the auxiliary information for the intelligent equipment, the added auxiliary information needs double encryption, the first double encryption is used for encrypting the private key of the owner of the intelligent equipment, and the second double encryption is used for encrypting the private key of the intelligent equipment; the accessory information comprises attribute information of the intelligent equipment which is authenticated by a third party, and comprises an equipment model, an equipment price, an equipment delivery date, an equipment owner and the use of the intelligent equipment corresponding to each public key in the public key group;
before the summarizing module creates the identity information of the intelligent equipment, the detection process is as follows:
firstly, the intelligent equipment applies for linking to a digital identity management device from a summarizing module; the digital identity management device generates a nested random statement and sends the nested random statement to the intelligent equipment, wherein the nested random statement is a set containing more than one random number, the contained random numbers have priorities, and the lower the priority, the lower the number of bits of the random numbers, the higher the priority, the more the number of bits of the random numbers; the intelligent equipment encrypts a random number in the nested random statement by using a private key generated by initialization, assigns a priority and sends the encrypted nested random statement to a summarizing module; the summarizing module decrypts the encrypted nested random statement, decrypts the nested random statement from low to high according to the priority specified in the encrypted nested random statement, and compares the decrypted nested random statement with the original nested random statement, and if one random number is unequal, the right of creating the identity information of the intelligent equipment for the intelligent equipment is cancelled; if the decrypted nested random statement is equal to all random numbers in the nested random statement, the identity information of the intelligent device can be created;
the bridging module is responsible for being connected with the bidirectional communication module so as to establish communication with the identity management main body; the key module stores the private keys of all the intelligent devices; the safety guarantee module is responsible for creating a private key and a public key for the intelligent equipment and setting the identity public key; the cooperation module performs cooperation service in the storage device to complete the inquiry service of the private key and the public key of the intelligent device; the bidirectional communication module is responsible for communicating with the bridging module to complete data transmission when the inquiry service of the private key and the public key of the intelligent equipment is completed; the implementation module specifically completes work in the identity management main body and provides user service during query; the summarizing module is used for creating the identity information of the intelligent equipment, and the declaring module is used for adding supplementary information into the identity information of the intelligent equipment.
The beneficial results of the invention are: the invention provides a block chain-based digital identity management device, which is used for carrying out centralized management on intelligent equipment, managing safety information containing the intelligent equipment and identity information of the intelligent equipment, providing query service and ensuring the integrity of the whole process through the cooperation of all modules.
Detailed Description
In order to make the technical problems, technical solutions and advantageous effects to be solved by the present invention more apparent, the present invention is described in detail below with reference to the embodiments. It should be noted that the specific embodiments described herein are only for illustrating the present invention and are not to be construed as limiting the present invention, and products that can achieve the same functions are included in the scope of the present invention.
Example 1: in the present invention, for example, the query time is 14 hours, 50 minutes and 24 seconds, the time value in minutes is equal to 50, and the time value in seconds is equal to 24; the effective value w can be uniformly triggered by the management user, namely if the effective value w is set for the management user, the effective value of the intelligent device is changed into 1 or 0, if the effective value w is set for the management user, all the effective values w are changed into 1 or 0, when the user needs to apply for transmitting data in a key interface and add data into a key module, the user needs to apply for the bridging module, the bridging module builds a query period, extracts the last value of the minimum unit of time when applying for transmission, detects the last value and detects whether the last value is equal to a special time number;
in the invention, the process of adding the authentication declaration to the equipment identity is as follows:
1. connecting intelligent equipment to equipment identity management system through permission module
2. An external third party, e.g. the owner of the device, signs the information of the device, e.g. the purchase price, the current owner's ID, using its own private key (digital identity). An authentication assertion addition request is then created, the request comprising mainly information of the device, the device digital identity, ID, and the signature.
3. The device identity management system sends the request to the smart device, which signs the request with its own private key and then returns to the device identity management system.
4. The equipment identity management system sends the request to a block chain digital identity intelligent contract to complete the adding process of the authentication statement.
Example 2: the intelligent device comprises a communication module, a private key storage and a security chip, the private key of the intelligent device is stored in the security chip, the private key cannot be acquired from the outside, and the security chip provides an encryption interface and a decryption interface. The smart device provides an interface for the public key to which the external private key corresponds.
The blockchain digital intelligent contract represents the digital identity of each device on the blockchain and has a unique ID. The blockchain digital identity smart contract internally includes all public keys and signed authentication assertions for devices. The public key of the device functions as a device digital certificate, and one device can have a plurality of public keys exposed in the blockchain digital identity intelligent contract so as to realize different purposes, such as encryption or signature. The authentication declaration of the device refers to attribute information of the device that is authenticated by a third party, such as a model number of the device, a price of the device, a date of factory shipment of the device, an owner of the device, and the like.
Device key initialization
1. When the equipment leaves factory, a pair of public and private keys are generated in a safe environment and are safely stored in the intelligent equipment
Creating digital identities for devices
1. Connecting intelligent equipment to equipment identity management system through permission module
2. The equipment identity management system sends a random number to the equipment
3. The equipment encrypts the random number by using the private key to generate a ciphertext C, and returns the ciphertext C and the public key of the equipment to the equipment identity management system
4. And the equipment identity management system decrypts the ciphertext C by using the equipment public key to obtain a plaintext M, compares whether the plaintext M is equal to the random number in the step 2, and if the plaintext M is equal to the random number, considers that the public key returned by the equipment is matched with the built-in private key of the equipment and is not tampered.
5. Creating a digital identity on the blockchain, and setting the public key of the equipment as the management key of the digital identity (any subsequent operation of the blockchain intelligent contract must be provided with the signature of the corresponding private key of the public key, otherwise, the operation is not authorized)
6. Creating a digital identity on a blockchain actually amounts to deploying a digital identity intelligence contract for a device, the contract having an address as the unique digital identity ID of the device. The special number of times is used to specify the time in minutes or seconds for which transmission is granted during the query period,
adding authentication assertions to device identities
1. Connecting intelligent equipment to equipment identity management system through permission module
2. An external third party, e.g. the owner of the device, signs the information of the device, e.g. the purchase price, the current owner's ID, using its own private key (digital identity). An authentication assertion addition request is then created, the request comprising mainly information of the device, the device digital identity, ID, and the signature.
3. The device identity management system sends the request to the smart device, which signs the request with its own private key and then returns to the device identity management system.
4. The equipment identity management system sends the request to a block chain digital identity intelligent contract to complete the adding process of the authentication statement.
The beneficial results of the invention are: the invention provides a block chain-based digital identity management device, which is used for carrying out centralized management on intelligent equipment, managing safety information containing the intelligent equipment and identity information of the intelligent equipment, providing query service and ensuring the integrity of the whole process through the cooperation of all modules.
The above description is only for the preferred embodiment of the present invention, and should not be used to limit the scope of the claims of the present invention. While the foregoing description will be understood and appreciated by those skilled in the relevant art, other equivalents may be made thereto without departing from the scope of the claims.
Claims (1)
1. A block chain-based digital identity management device is characterized by comprising the following steps:
the digital identity management device comprises a storage device, an identity management main body and an authority management body; the storage device comprises a bridging module, a key module, a safety guarantee module and a cooperation module, and is used for generating and storing a private key and a public key of the intelligent device; the identity management body comprises a bidirectional communication module and an implementation module, the identity management body is used for providing a service for managing and inquiring related information of the intelligent equipment for a user, the authority management body comprises a summarizing module and a declaration module, and the authority management body is used for storing the information of the intelligent equipment for the intelligent equipment; the digital identity management device is provided with a main management user and a plurality of auxiliary management users, the main management user is used for managing the digital identity management device, and the auxiliary management users are used for cooperating the main management user to manage the digital identity management device;
the implementation module on the identity management main body is responsible for building a user interface of the digital identity management device, a user can apply for adding intelligent equipment on the digital identity management device on the user interface, once each intelligent equipment is added, the intelligent equipment applies to the bridging module through the two-way communication module, after receiving the application, the bridging module informs the security assurance module, the security assurance module immediately initializes and creates a private key and a public key group and stores the private key and the public key group, the public key group comprises one or more public keys of the intelligent equipment, wherein the security assurance module designates a public key in the public key group as an identity public key of the intelligent equipment, the identity public key is used for representing the ID number of the intelligent equipment on the digital identity management device, and the private key is added into the secret key module, the identity public key is copied and transmitted to the bidirectional communication module through the bridging module, the bidirectional communication module is stored in the implementation module, a user can check the identity public key of the intelligent device through the user interface, a management node can manage the identity public key, and public keys except the identity public key in the public key group are used for corresponding to functions of the intelligent device, namely one public key corresponds to the function of each intelligent device and is used for replacing the function representing the intelligent device in the digital identity management device;
the cooperation module is responsible for storing all simulative bodies of the intelligent equipment added to the digital identity management device, and the simulative bodies are agent nodes of each intelligent equipment on the digital identity management device, namely the intelligent equipment added to the digital identity device exists on the digital identity device in the form of the agent nodes; the safety guarantee module is responsible for marking the identity public key on the simulation body so as to distinguish different intelligent devices, and configuring a key interface for the simulation body, wherein the key interface is used for providing a private key or a public key of the intelligent device; the key interface is provided with two interface modes, namely an interface mode I and an interface mode II, which respectively correspond to a public key of the provided intelligent equipment and a private key of the provided intelligent equipment, and the interface modes are used for representing the two modes of the key interface and distinguishing the public key or the private key of the provided intelligent equipment; the collaboration module establishes a transition trigger between two interface modes, the transition trigger S (w, b) being triggered by the mock-up or a master management user, the transition trigger being bound by a valid value w and a transition value b, the transition trigger being used to represent a transition between two interface modes of the key interface; the effective value w is used for controlling the closing and opening of the key interface, and when the effective value w is 1, the key interface is opened to provide a private key or a public key of the intelligent device; when the valid value w is 0, the key interface is closed and does not provide the private key or the public key of the intelligent device; when the conversion value b is 1, the interface mode is a private key mode and represents that a private key of the intelligent device is provided, and when the conversion value b is 0, the interface mode is a public key mode and represents that the secret key interface provides all public keys of the intelligent device; when the effective value w is set by a master management user, w of all simulators changes uniformly, when the effective value w is set to be 0, the key interfaces of all simulators are closed, when the effective value w is set to be 1, the key interfaces of all simulators with b being 1 are in an interface mode II, the private keys of the intelligent equipment are provided uniformly, and the key interfaces of all simulators with b being 0 are in an interface mode I, and the public keys of the intelligent equipment are provided uniformly; when the effective value w is set by the analog body independently, the w is set to be 1, the b of the analog body is set to be 1, the key interface is in the interface mode II and provides a private key of the intelligent device, the b of the analog body is 0, the key interface is in the interface mode I and provides a public key of the intelligent device, the w is set to be 0, and the key interface of the analog body is closed; wherein S represents a transition trigger; after w is set to 1, w is automatically changed to 0 after p minutes, and p is a positive integer and is specified by a main management user;
the method comprises the steps that a main management user designates a query period, a secondary management user can query a public key and a private key of the intelligent device through a user interface built on an identity management main body in the query period, the query period is used for limiting the time of the secondary management user for querying the public key and the private key of the intelligent device, meanwhile, the main management user designates a communicator in the user, the communicator designates more than one special time number in the query period, the special time number is a positive integer which is more than or equal to 0, the special time number is used for limiting the query of the secondary management user, when the secondary management user queries the public key and the private key of the intelligent device through the user interface in the query period, an implementation module extracts the time in the query period and randomly extracts a time value of the time in minutes or a time value in seconds, and when the extracted time value is equal to the special time number, only allows the application transmission to proceed;
the bidirectional transmission module constructs a transmission channel during transmission, the transmission channel is used for a channel for transmission between the bridging module and the bidirectional transmission module, the storage device has an address, the address is used for distinguishing the transmission channel from other transmission channels, the address of the transmission channel on the identity management main body is equal to a value obtained by inputting the extracted special time number with the time value equal to the time value to a transmission address function g, the transmission address function g is used for calculating the address of the transmission channel, and the transmission channel is replaced after each query period; after the address of the transmission channel is obtained, whether the transmission channel is used or not is checked, if the transmission channel is used, the right of the auxiliary management user to continue inquiring in the current inquiring period is cancelled, if the transmission channel is not used, the auxiliary management user continues inquiring, the auxiliary management user can provide the identity public key of the intelligent equipment needing inquiring, a key interface of the simulator is found according to the identity public key of the intelligent equipment needing inquiring, and a private key or a public key of the intelligent equipment is provided according to an interface mode of the key interface; if w is set to 1 by the primary management user, the secondary management user can inquire the public keys or the private keys of all the intelligent devices;
the authority management body comprises a summarizing module and a declaration module; the summarizing module is responsible for creating identity information of the intelligent equipment, and a detection process is carried out before the identity information is created, wherein the detection process is used for testing whether the intelligent equipment has the right of the identity information of the created intelligent equipment; the identity information comprises a public key group of the intelligent equipment, and the public key group is extracted from the safety guarantee module and then added by the bridging module; adding the accessory information created by the declaration module for the intelligent equipment, wherein the added accessory information needs double encryption, the first double encryption is used for encrypting the private key of the owner of the intelligent equipment, and the second double encryption is used for encrypting the private key of the intelligent equipment; the accessory information comprises attribute information of the intelligent equipment which is authenticated by a third party, and comprises an equipment model, an equipment price, an equipment delivery date, an equipment owner and the use of the intelligent equipment corresponding to each public key in the public key group;
before the summarizing module creates the identity information of the intelligent equipment, the detection process is as follows:
firstly, the intelligent equipment applies for linking to the digital identity management device from the summarizing module; the digital identity management device generates a nested random statement and sends the nested random statement to the intelligent equipment, wherein the nested random statement is a set containing more than one random number, the contained random numbers have priorities, and the lower the priority, the lower the number of bits of the random numbers, the higher the priority, the more the number of bits of the random numbers; the intelligent device encrypts a random number in the nested random statement by using a private key generated by initialization, assigns a priority and sends the encrypted nested random statement to the summarizing module; the summarizing module decrypts the encrypted nested random statement, decrypts the nested random statement from low to high according to the priority specified in the encrypted nested random statement, compares the decrypted nested random statement with the original nested random statement, and cancels the right of creating the identity information of the intelligent equipment for the intelligent equipment as long as one random number is not equal; if the decrypted nested random statement is equal to all random numbers in the nested random statement, the identity information of the intelligent device can be created;
the bridging module is responsible for being connected with the bidirectional communication module so as to establish communication with the identity management main body; the key module stores the private keys of all the intelligent devices; the security guarantee module is responsible for creating a private key and a public key for the intelligent equipment and setting an identity public key; the cooperation module performs cooperation service in the storage device to complete the inquiry service of the private key and the public key of the intelligent device; the bidirectional communication module is responsible for communicating with the bridging module to complete data transmission when the inquiry service of the private key and the public key of the intelligent equipment is completed; the implementation module specifically completes work in the identity management main body and provides user service during query; the summarizing module is used for creating identity information of the intelligent equipment, and the declaring module is used for adding supplementary information into the identity information of the intelligent equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011596050.2A CN113271290B (en) | 2020-12-29 | 2020-12-29 | Digital identity management device based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011596050.2A CN113271290B (en) | 2020-12-29 | 2020-12-29 | Digital identity management device based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113271290A true CN113271290A (en) | 2021-08-17 |
| CN113271290B CN113271290B (en) | 2023-03-31 |
Family
ID=77227874
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011596050.2A Active CN113271290B (en) | 2020-12-29 | 2020-12-29 | Digital identity management device based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113271290B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5390359A (en) * | 1992-03-20 | 1995-02-14 | International Business Machines Corporation | Storing and retrieving records in a computer system |
| JP2004005267A (en) * | 2002-05-31 | 2004-01-08 | Le Tekku:Kk | Game machine control chip and game machine control method |
| CN1725344A (en) * | 2004-07-19 | 2006-01-25 | 上海乐金广电电子有限公司 | Video output mode switching method for optical disc device |
| US20080076386A1 (en) * | 2006-09-22 | 2008-03-27 | Amit Khetawat | Method and apparatus for preventing theft of service in a communication system |
| RU2009129730A (en) * | 2009-08-03 | 2011-02-10 | Государственное образовательное учреждение высшего профессионального образования "ВОЕННАЯ АКАДЕМИЯ СВЯЗИ имени С.М. Буденного" Минист | METHOD FOR PROTECTING A COMPUTER NETWORK WITH A DIVIDED SERVER |
| JP2012137874A (en) * | 2010-12-24 | 2012-07-19 | Canon Marketing Japan Inc | Authority management device, control method thereof, and program |
| US20140109186A1 (en) * | 2012-10-14 | 2014-04-17 | Artases OIKONOMIDIS | Website Access Parental Management |
| CN106874813A (en) * | 2015-12-11 | 2017-06-20 | 北京数码视讯科技股份有限公司 | A kind of method and smart card for automatically selecting M1 cards |
| CN109391612A (en) * | 2018-08-17 | 2019-02-26 | 杭州微链区块链科技有限公司 | A kind of identification confirmation system and method based on block chain |
-
2020
- 2020-12-29 CN CN202011596050.2A patent/CN113271290B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5390359A (en) * | 1992-03-20 | 1995-02-14 | International Business Machines Corporation | Storing and retrieving records in a computer system |
| JP2004005267A (en) * | 2002-05-31 | 2004-01-08 | Le Tekku:Kk | Game machine control chip and game machine control method |
| CN1725344A (en) * | 2004-07-19 | 2006-01-25 | 上海乐金广电电子有限公司 | Video output mode switching method for optical disc device |
| US20080076386A1 (en) * | 2006-09-22 | 2008-03-27 | Amit Khetawat | Method and apparatus for preventing theft of service in a communication system |
| RU2009129730A (en) * | 2009-08-03 | 2011-02-10 | Государственное образовательное учреждение высшего профессионального образования "ВОЕННАЯ АКАДЕМИЯ СВЯЗИ имени С.М. Буденного" Минист | METHOD FOR PROTECTING A COMPUTER NETWORK WITH A DIVIDED SERVER |
| JP2012137874A (en) * | 2010-12-24 | 2012-07-19 | Canon Marketing Japan Inc | Authority management device, control method thereof, and program |
| US20140109186A1 (en) * | 2012-10-14 | 2014-04-17 | Artases OIKONOMIDIS | Website Access Parental Management |
| CN106874813A (en) * | 2015-12-11 | 2017-06-20 | 北京数码视讯科技股份有限公司 | A kind of method and smart card for automatically selecting M1 cards |
| CN109391612A (en) * | 2018-08-17 | 2019-02-26 | 杭州微链区块链科技有限公司 | A kind of identification confirmation system and method based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| 孙亚秋等: "分层远程网络管理", 《北京航空航天大学学报》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113271290B (en) | 2023-03-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108768988B (en) | Block chain access control method, block chain access control equipment and computer readable storage medium | |
| WO2021179449A1 (en) | Mimic defense system based on certificate identity authentication, and certificate issuing method | |
| CN106161402B (en) | Encryption equipment key injected system, method and device based on cloud environment | |
| CN104283688B (en) | A kind of USBKey security certification systems and safety certifying method | |
| WO2007111410A1 (en) | Method and apparatus for user centric private data management | |
| CN111815816B (en) | Electronic lock security system and key distribution method thereof | |
| CN112543105A (en) | Role-based complete access control method under intelligent contract | |
| CN110120866A (en) | The user management method of field device | |
| CN111815812B (en) | Third-party unlocking control method and system for electronic lock | |
| CN111815814B (en) | Electronic lock security system and binding authentication method thereof | |
| Gittler et al. | The DCE security service | |
| EP3395004A1 (en) | A method for encrypting data and a method for decrypting data | |
| CN110138548A (en) | Based on unsymmetrical key pond to and DH agreement quantum communications service station cryptographic key negotiation method and system | |
| CN111815817A (en) | Access control safety control method and system | |
| CN112653553A (en) | Internet of things equipment identity management system | |
| CN104125230A (en) | Short message authentication service system and authentication method | |
| CN110309673A (en) | A kind of adaptively customized encryption cloud Database Systems and encryption method | |
| CN110098925A (en) | Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system | |
| CN109544765A (en) | A kind of electric power lock management method and system | |
| CN109389710A (en) | Intelligent door lock system based on RSA Algorithm Yu BLE low-power consumption bluetooth | |
| CN111815810A (en) | Safe unlocking method and device for electronic lock | |
| CN111815815A (en) | Electronic lock safety system | |
| CN111325548A (en) | Switched blockchain system and corresponding general blockchain interoperation method and network | |
| CN113271290B (en) | Digital identity management device based on block chain | |
| EP3853676A1 (en) | Constrained operation of a field device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 200,135 Building C3, No. 101, Eshan Road, China (Shanghai) Pilot Free Trade Zone, Pudong New Area, Shanghai Applicant after: Shanghai Lingshuzhonghe Information Technology Co.,Ltd. Address before: 18ef, China Resources Times Plaza, 500 Zhangyang Road, Pudong New Area, Shanghai, 200120 Applicant before: NENG LIAN TECH. LTD. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |