阅读说明：本技术 物联网感知数据共享交易平台、控制方法、设备、终端 (Internet of things perception data sharing transaction platform, control method, equipment and terminal ) 是由 李晖 尚超 曹进 罗玙榕 李致远 何握瑜 闫宇辰 叶文汇 于 2021-08-14 设计创作，主要内容包括：本发明属于通信网络安全技术领域,公开了一种物联网感知数据共享交易平台、控制方法、设备、终端,所述物联网感知数据共享交易平台,包括感知汇聚层、控制传输层、共享交易层、应用交互层、区块链底层平台、区块链网络以及区块链底层架构。本发明基于云雾混构数据架构,采用边缘雾节点收集、加密、发布同一管理域中的感知数据,云服务器作为中转点存储交易数据的方案,实现去中心化且可扩展的身份管理、可信认证及数据交易环境,负责感知设备管理的雾节点及数据消费者加入联盟链,无需选取可信中心组织交易,平台节点进行对等自由的交易协商,利用智能合约灵活自治,即时调整云服务器数据访问权限实现数据安全共享,并具有交易可追溯的优势。(The invention belongs to the technical field of communication network safety, and discloses an Internet of things perception data sharing transaction platform, a control method, equipment and a terminal. The cloud server is used as a transfer point to store transaction data, decentralized and extensible identity management, credible authentication and data transaction environments are realized, the cloud nodes and data consumers in charge of sensing equipment management are added into an alliance chain, a credible center is not required to be selected to organize transactions, platform nodes conduct peer-to-peer free transaction negotiation, intelligent contracts are used for flexible autonomy, data access rights of the cloud server are adjusted in real time to achieve data security sharing, and the cloud server has the advantage of transaction traceability.)

1. The IOT perception data sharing transaction platform is characterized by comprising a perception convergence layer, a control transmission layer, a sharing transaction layer, an application interaction layer, a block chain bottom layer platform, a block chain network and a block chain bottom layer framework;

the perception convergence layer is used for perceiving and collecting the environment/operation data by various Internet of things terminal equipment;

the control transmission layer is used for collecting data by a control center of the equipment group, carrying out transmission safety control on the data and is responsible for making and executing an access control strategy and establishing a data safety transmission channel;

the shared transaction layer is used for implementing data transaction or sharing by a data supplier, a demander and the cloud storage server and is used for implementing a security authentication and key agreement protocol and an intelligent contract;

the application interaction layer is used for providing perception data acquisition/safety convergence result display and user data transaction application interaction;

the block chain bottom platform is used for realizing uplink storage of the data of the IOT (Internet of things) perception data sharing transaction platform;

the block chain network is used for node identity registration, transaction group creation, intelligent contract operation and data security sharing;

the block chain bottom layer framework is used for constructing a block chain network.

2. The internet of things aware data sharing transaction platform of claim 1, wherein the awareness convergence layer comprises a multi-type internet of things terminal awareness device group; the multi-type Internet of things terminal sensing equipment group is used for sensing or collecting execution environment/operation data;

the control transmission layer comprises an Internet of things equipment group control center and a safety transmission channel; the Internet of things equipment group control center is used for carrying out transmission safety control on data, and the transmission safety control comprises formulation and execution of an access control strategy; the secure transport channel is used to perform a group authentication and key agreement protocol.

3. The control method of the IOT sensing data sharing transaction platform for operating the IOT sensing data sharing transaction platform according to any one of claims 1-2 is characterized by comprising the following steps:

the method comprises the following steps that firstly, nodes participating in data transaction complete node identity registration of the IOT perception data sharing transaction platform with the assistance of a blockchain service node;

step two, a data supplier issues a data announcement or a data consumer initiates a data request to create a transaction group of the Internet of things perception data sharing transaction platform;

step three, the data supplier and the data consumer execute group authentication and key agreement protocol by using zero knowledge proof and aggregation key, and simultaneously authenticate a plurality of entities of both parties of transaction to negotiate data protection key;

step four, the data supplier and the data consumer carry out data bidding/payment negotiation work; if the data supplier approves the transaction, issuing block chain data authorization transaction, and performing data authorization on the successfully purchased consumers;

after the data authorization transaction is confirmed, triggering an intelligent contract, and creating/updating a data access authority list by the cloud server and the data consumer application end;

and sixthly, the data supplier encrypts the data by using a state secret symmetric encryption algorithm SM4 and a data protection key, after uploading the data to the cloud server, an authorized data consumer accesses the downloaded data, and decrypts the data by using the protection key to obtain the data.

4. The method for controlling an internet of things aware data sharing transaction platform according to claim 3, wherein in the first step, the node identity registration includes:

(1) a data transaction node i wishing to join a platform sends a registration request (i-specific, S) to a blockchain service node_i) Wherein the i-specific is a user self-selected identity, and comprises a user name and a transaction identity combination thereof; s_iSecret information is selected for a user, wherein the secret information comprises passwords for logging in a platform;

(2) the platform generates a platform unique identity ID for the user_iThe block chain service node generates a user i public and private key pair and a certificate return ((PK)_i,SK_i) Cert) to a user.

5. The method for controlling an internet of things aware data sharing transaction platform according to claim 3, wherein in step two, the creating of the transaction group comprises:

(1) for registered users, if the registered users are data suppliers, selecting data labels for data to be sold, adding channels pointed by the corresponding data labels, and setting uniform data label numbers on the platform; if the data consumer is the data consumer, adding a corresponding data transaction Channel according to the requirement; wherein, Channel refers to a Channel created in the Fabric platform, namely a transaction group;

(2) the data supplier sends data transaction information by broadcasting in the Channel, a data consumer (1-i) purchasing the data joins the transaction group, and executes group authentication and key agreement protocol with the data supplier; the data transaction information comprises data volume, data content abstract and data price.

6. The method for controlling an internet of things aware data sharing transaction platform according to claim 3, wherein in step three, the group authentication and key agreement protocol comprises:

(1) the transaction platform BS carries out authentication initialization, and selects a security parameter k E Z⁺The steps of generating authentication system parameters are as follows:

selecting an elliptic curve with prime number q as an orderBase point is P, self-selecting keyPublic key is P_BS＝s_BSP；

Selecting 4 hash functions and publishing public parameters; wherein the hash function is as follows:

H₁:H₂:H_i:

wherein i is 3 or 4;

(2) transaction platform BS is data consumer DC in Channel_i(i 1 to N) generating a partial private key K by the following procedure_1i：

Selecting random numbersCalculation of R_i＝r_iP and h_1i＝H₁(ID_DCi,R_i,P_BS)；

② calculating partial private key k_1i＝r_i+(s_BSh_1imod q) and key information K_1i＝(k_i,R_i) Transmitting to DC over secure channel_i；

(3) Data consumer DC_iGenerating an aggregated signed public-private key pair (APK)_i,ASK_i) The method comprises the following steps:

receiving K_1i＝(k_i,R_i) Check-after equation k_iP＝R_i+h_1iP_BSIf yes, the part of the private key is approved;

② using its registration phase discretionary key s_DCiCalculating K_2i＝s_DCiP, then DC to the data consumer_iIts public key is APK_i＝(K_2i,R_i) The private key is ASK_i＝(k_i,s_DCi)；

(4) The transaction platform BS generates zero-knowledge identification parameters for the data supplier, and the steps are as follows:

call NIZK (σ, τ) ← Setup (R), whereinIs (ID)_DPMI) is some public information indicating the identity of the data provider and the shared data,is composed ofGenerating a relation R when a₀When the time is 0:

wherein t (X) is an n-2 th degree polynomial;

wherein, DP selects random number GS as group encryption key and random number RN calculation

② DC random selectionThe BS randomly selects the values of β, γ, δ,selecting G, H as a groupDefine τ ═ (α, β, γ, x), and calculate the public validation parameter σ as:

statements and sigma are used as data and identity public information of the DP;

(5) the authentication and key distribution protocol comprises the following steps:

firstly, a data supplier DP calls pro to calculate an identity certificate, a random number r is selected, s belongs to Z_PCalculations prove pi ═ (a, B, C), where:

group sending authentication request M₁＝(π,T₁) To data consumers needing to purchase data;

secondly, the data consumer obtains the identity proof pi and the message timestamp, and calls Verify equation to determine whether the message freshness is up after checking the message freshness:

if the equation is true, the authentication request is proved to come from the data supplier DP;

for each data consumer DC_iSelecting a random number y_1i,And the current time stamp T_2iSigning the hash value H (pi) of the message pi, and calculating: y is_1i＝y_1iP and Y_2i＝[(y_2is_DCi+h_2ik_i)mod q]P_BS＝(U_i,V_i) And finally calculating:

W_i＝[U_I(Y_1i+h_3is_DCi)+h_4ik_i]mod q；

wherein the content of the first and second substances,

h_2i＝H₂(H(π),ID_DCi,Y_1i),h_3i＝H₃(H(π),ID_DCi,APK_i,T_2i),

h_4i＝H₄(H(π),ID_DCi,APK_i,T_2i)

back to data supplier M_2i＝(ID_DCi,Y_1i,U_i,W_i,T_2i)；

Integration of authentication return message M in a period of time by data supplier_2i(i ═ 1 to N), aggregate messages and validate:

computing

AuthenticationIf yes, authenticating the data consumer DC_i(i is 1 to N), if not, individually verifying each consumer message, wherein the verification equation is as follows:

W_iP-U_i(Y_1i+h_3ik_2i)＝h_4i(R_i+h_1iP_BS)；

data supplier DP generating messageRespectively sent to the data consumers DC with successful purchase and successful authentication_i(i＝1～N)；

The data consumer receives the message and then decrypts the message to obtain a data encryption key GS, and verifies whether the equation is established:

judging whether the GS is tampered, verifying whether the MI is a correct signature, and if the verification is successful, accepting the GS as a data encryption key;

if it needs to be confirmed that it received the key, the data consumer may choose to use the aggregated signature to send the message (GS, T)_4i) The signature is sent to the data provider.

7. The method for controlling an internet of things aware data sharing transaction platform according to claim 3, wherein in step four, the data security sharing includes:

(1) the data supplier issues a transaction block, and records the transaction:

the intelligent contract receiving function is the calling of recording transaction, obtains a unique transaction ID, and binds a signature of a data provider, a data address, a data demand party and transaction amount information; the data supplier defines an index number which is set as a user name and a data number of the data supplier; performing transaction rationality detection, and detecting whether a user exists or not and whether repeated purchasing conditions exist or not; after the detection is finished, storing the key information into a state database, and recording the uplink;

(2) updating an access list on the cloud server, updating the access authority of the consumer:

the intelligent contract receives the call of the function for upgrading the access list, determines the reasonability of the authority, inquires the transaction information related to the user, and determines whether the related user and the transaction exist or not; constructing an updating request, serializing request parameters, sending the request parameters to a cloud server, and updating the authority list after the cloud server receives the updating request;

(3) the data supplier uploads the encrypted data:

the data supplier encrypts data by using the encryption key GS through an SM4 cryptographic algorithm, uploads the encrypted data to a cloud server, and provides a data address for subsequent data consumer indexing;

(4) data consumer access data:

the data consumer has the authority to access the data by the cloud server, and the cloud server authenticates the data according to the access list; and downloading the data by the authenticated data consumer, and decrypting by using the protection key to obtain the data.

8. The control method of the internet of things perception data sharing transaction platform according to claim 3, wherein in the fifth step, the intelligent contract adopts a Hyperhedger Fabric platform, adopts multiple channels to set data labels, realizes transaction classification isolation, and adopts Fabric-CA to realize identity certificate management.

9. A computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of:

the nodes participating in the data transaction complete the identity registration of the data transaction platform under the assistance of the blockchain service node; issuing data announcements by data suppliers or initiating data requests by data consumers to create transaction groups; the data supplier and the data consumer execute group authentication and key agreement protocol by using zero knowledge proof and aggregation key, and simultaneously authenticate a plurality of entities of both transaction parties to negotiate data protection key; the data supplier then performs data bidding/payment negotiation work with the data consumer;

if the data supplier approves the transaction, issuing block chain data authorization transaction, and performing data authorization on the successfully purchased consumers; after the data authorization transaction is confirmed, an intelligent contract is triggered, and a data access authority list is created/updated by the cloud server and the data consumer application end; and the data supplier encrypts the data by using a state secret symmetric encryption algorithm SM4 and a data protection key, and after uploading the data to the cloud server, authorized data consumers access the downloaded data and decrypt the downloaded data by using the protection key to obtain the data.

10. An information data processing terminal, characterized in that the information data processing terminal is used for realizing the internet of things perception data sharing transaction platform according to any one of claims 1-2.

Technical Field

The invention belongs to the technical field of communication network security, and particularly relates to an Internet of things perception data sharing transaction platform, a control method, equipment and a terminal.

Background

At present, the development of sensing technology, wireless communication, embedded computing and other technologies of the internet gradually forms a global billion 'object-person-service' connecting platform, namely an intelligent internet of things, so that fast-rhythm interaction of any entity at any time and any place can be realized, and richer and higher-quality extensive intelligent services and applications are brought to people. The scale of the Internet of things is rapidly expanded, large-scale multi-mode data are also manufactured, the general intelligent application needs deep fusion and intelligent cooperative support of multi-source data, effective management, safe sharing and rolling application of the data are the basis of the safety construction of the Internet of things, but the data in the wide-area Internet of things have the characteristics of large data quantity, complex sources, various data types, rich sensitive information and the like, and great challenges are brought to the design of the data safety application scheme of the Internet of things.

The big data transaction starts from the concept generated in 2008, the development has been carried out for more than ten years, and although a large number of third-party data transaction platforms are born, the development and progress are very slow in nature. The reason for this is that, on one hand, these internet of things big data trading platforms basically adopt a centralized architecture, that is, all data storage and transmission are completed on a single central control system. With the popularization and application of cloud computing technology, most of existing third-party data transaction platforms can provide storage and data transmission services for all intelligent devices of the internet of things, which are added into the platforms, through a server cluster at the cloud end. However, at present, the growth speed of the equipment accessed to the internet of things is extremely fast, and the growth speed of the equipment in the geometric progression level is increased continuously, so that more and more data resource holders are added into the data transaction platform, and the rapid increase of the data transaction amount is also brought, thereby causing the expenses of the central transaction platform in the aspects of calculation, storage, transmission and the like to be increased continuously until the expenses cannot be borne. On the other hand, most of data transacted on the third-party data transaction platform is enterprise-level data, and sporadic data mastered by individual users is often not asked for much transaction, so that the platform cannot attract a large number of data holders to share data. Therefore, the third-party data transaction platform is still in an immature stage, and meanwhile, the data transaction platform facing to the common individual data holder is still in a starting stage.

Most existing data markets are mainly designed in terms of data bidding, auction strategies and the like, and some data markets are designed without safety schemes and are directly based on application schemes of existing architectures. Secondly, the data sharing scheme based on the cloud server architecture mainly adopts the traditional encryption based on attribute control for access control, and one-to-many data sharing cannot be performed on some parts, so that identity authentication and management are mostly lacked, and the requirement for identity management of equipment in the internet of things cannot be met.

Through the above analysis, the problems and defects of the prior art are as follows:

(1) the existing data transaction platform has high expenditure in the aspects of calculation, storage, transmission and the like, and often has little time for the scattered data mastered by individual users.

(2) The existing third-party data transaction platform is still in an immature stage, and meanwhile, the data transaction platform facing to a common individual data holder is still in a starting stage.

(3) The existing data transaction platform is not designed with a safety scheme and is directly based on an application scheme of an existing architecture; and access control is carried out by adopting the traditional encryption based on attribute control, one-to-many data sharing cannot be carried out, identity authentication and management are mostly lacked, the requirement for identity management of equipment in the Internet of things cannot be met, data stored in a platform is easy to be maliciously invaded, and the confidentiality and the integrity of the data cannot be ensured.

The difficulty in solving the above problems and defects is: the Internet of things data unified transaction platform is lacked; the trusted transaction environment of widely distributed equipment is difficult to construct; the security requirements and expected efficiency of sensitive data sharing schemes are difficult to balance. Specifically, the method comprises the following steps: the block chain-based transaction platform composition nodes are all linked up to be unfavorable for efficiency, and meanwhile, the safety mechanism based on the block chain ensures that the transaction can also influence the efficiency to a great extent; the efficiency of realizing access control by taking the block chain as a proxy signature server is not high, and the block chain as a center is responsible for authentication and other operations, which can cause over-high consumption; storing a portion of the data on a blockchain can result in a rapid increase in the chain volume.

The significance of solving the problems and the defects is as follows: the difficulties of credible center selection, uniform safety mechanism and the like caused by the capacity differentiation and the domain-based management of the sensing equipment of the Internet of things are overcome, and flexible and efficient safe sharing and transaction of large-scale sensing data are realized. Specifically, the method comprises the following steps: the decentralized and extensible identity management, credible authentication and data transaction environment are realized; peer-to-peer free transaction negotiation is carried out, the data access authority of the cloud server can be adjusted immediately to realize data security sharing, and transaction traceability and non-repudiation can be realized; the method has the advantages that a private transaction channel is realized, the block chain storage consumption is effectively reduced, one-to-many data is safely shared, transaction sensitive information is protected, meanwhile, the calculation consumption of a data supplier is reduced, and the sharing efficiency is improved.

Disclosure of Invention

Aiming at the problems in the prior art, the invention provides an Internet of things perception data sharing transaction platform, a control method, equipment and a terminal, and particularly relates to the Internet of things perception data sharing transaction platform, the control method, the equipment and the terminal based on a block chain.

The invention discloses an Internet of things perception data sharing transaction platform, which comprises a perception convergence layer, a control transmission layer, a sharing transaction layer, an application interaction layer, a block chain bottom layer platform, a block chain network and a block chain bottom layer framework. The invention adopts a layered architecture, namely, a scheme that the edge fog nodes collect, encrypt and release the perception data in the same management domain, and the cloud server is used as a transfer point to store transaction data, thereby solving the problems of data encryption, transmission difficulty and the like caused by large performance difference of perception equipment and limited computing resources.

The perception convergence layer is used for perceiving and collecting the environment/operation data by various Internet of things terminal equipment;

the control transmission layer is used for collecting data by a control center of the equipment group, carrying out transmission safety control on the data and is responsible for making and executing an access control strategy and establishing a data safety transmission channel;

the shared transaction layer is used for implementing data transaction or sharing by a data supplier, a demander and the cloud storage server and is used for implementing a security authentication and key agreement protocol and an intelligent contract;

the application interaction layer is used for providing perception data acquisition/safety convergence result display and user data transaction application interaction;

the block chain bottom platform is used for realizing uplink storage of the data of the IOT (Internet of things) perception data sharing transaction platform;

the block chain network is used for node identity registration, transaction group creation, intelligent contract operation and data security sharing;

the block chain bottom layer framework is used for constructing a block chain network.

Further, the perception convergence layer comprises a multi-type internet of things terminal perception device group; the multi-type Internet of things terminal perception device group is used for perceiving or collecting execution environment/operation data.

The control transmission layer comprises an Internet of things equipment group control center and a safety transmission channel; the Internet of things equipment group control center is used for carrying out transmission safety control on data, and the transmission safety control comprises formulation and execution of an access control strategy; the secure transport channel is used to perform a group authentication and key agreement protocol.

Another object of the present invention is to provide a method for controlling an internet of things aware data sharing transaction platform using the internet of things aware data sharing transaction platform, including the following steps:

the method comprises the following steps that firstly, nodes participating in data transaction complete node identity registration of the IOT perception data sharing transaction platform with the assistance of a blockchain service node; and a trusted center is not required to be selected to organize transactions, and decentralized and extensible identity management, trusted authentication and data transaction environments are realized.

Step two, a data supplier issues a data announcement or a data consumer initiates a data request to create a transaction group of the Internet of things perception data sharing transaction platform; the platform user classifies and labels the perception data and joins the transaction group according to the requirement, so that a private transaction channel is realized and the block chain storage consumption is effectively reduced.

Step three, the data supplier and the data consumer execute group authentication and key agreement protocol by using zero knowledge proof and aggregation key, and simultaneously authenticate a plurality of entities of both parties of transaction to negotiate data protection key; the group authentication and key agreement protocol based on zero knowledge proof can realize one-to-many data security sharing, reduce the calculation consumption of data suppliers while protecting transaction sensitive information, and improve the sharing efficiency.

Step four, the data supplier and the data consumer carry out data bidding/payment negotiation work; if the data supplier approves the transaction, issuing block chain data authorization transaction, and performing data authorization on the successfully purchased consumers; and the downlink negotiation avoids the uplink of redundant information and improves the sharing efficiency.

After the data authorization transaction is confirmed, triggering an intelligent contract, and creating/updating a data access authority list by the cloud server and the data consumer application end; the cloud server data access list is maintained, updated and controlled autonomously by the intelligent contract to complete reliable circulation and efficient sharing of perception data of large-scale distributed intelligent equipment, and the cloud server data access list has the advantages of being traceable and undeniable in transaction and the like.

And sixthly, the data supplier encrypts the data by using a state secret symmetric encryption algorithm SM4 and a data protection key, after uploading the data to the cloud server, an authorized data consumer accesses the downloaded data, and decrypts the data by using the protection key to obtain the data. And a national cryptographic algorithm is used for encryption in the data uploading and downloading processes, so that data leakage caused by malicious intrusion in the data transmission process is prevented.

Further, in step one, the node identity registration includes:

(1) a data transaction node i wishing to join a platform sends a registration request (i-specific, S) to a blockchain service node_i) Wherein the i-specific is a user self-selected identity, and comprises a user name and a transaction identity combination thereof; s_iSecret information is selected for a user, wherein the secret information comprises passwords for logging in a platform;

(2) the platform generates a platform unique identity ID for the user_iThe block chain service node generates a user i public and private key pair and a certificate return ((PK)_i,SK_i) Cert) to a user.

Further, in step two, the creating of the transaction group includes:

(1) for registered users, if the registered users are data suppliers, selecting data labels for data to be sold, adding channels pointed by the corresponding data labels, and setting uniform data label numbers on the platform; if the data consumer is the data consumer, adding a corresponding data transaction Channel according to the requirement; wherein, Channel refers to a Channel created in the Fabric platform, namely a transaction group;

(2) the data supplier sends data transaction information by broadcasting in the Channel, a data consumer (1-i) purchasing the data joins the transaction group, and executes group authentication and key agreement protocol with the data supplier; the data transaction information comprises data volume, data content abstract and data price.

Further, in step three, the group authentication and key agreement protocol includes:

(1) the transaction platform BS carries out authentication initialization, and selects a security parameter k E Z⁺The steps of generating authentication system parameters are as follows:

selecting an elliptic curve with prime number q as an orderBase point is P, self-selecting keyPublic key is P_BS＝s_BSP；

Selecting 4 hash functions and publishing public parameters; wherein the hash function is as follows:

wherein i is 3 or 4.

(2) Transaction platform BS is data consumer DC in Channel_i(i 1 to N) generating a partial private key K by the following procedure_1i：

Selecting random numbersCalculation of R_i＝r_iP and h_1i＝H₁(ID_DCi,R_i,P_BS)；

② calculating partial private key k_1i＝r_i+(s_BSh_1imod q) and key information K_1i＝(k_i,R_i) Transmitting to DC over secure channel_i。

(3) Data consumer DC_iGenerating an aggregated signed public-private key pair (APK)_i,ASK_i) The method comprises the following steps:

receiving K_1i＝(k_i,R_i) Check-after equation k_iP＝R_i+h_1iP_BSIf yes, the part of the private key is approved;

② using its registration phase discretionary key s_DCiCalculating K_2i＝s_DCiP, then DC to the data consumer_iIts public key is APK_i＝(K_2i,R_i) The private key is ASK_i＝(k_i,s_DCi)。

(4) The transaction platform BS generates zero-knowledge identification parameters for the data supplier, and the steps are as follows:

call NIZK (σ, τ) ← Setup (R), whereinIs (ID)_DPMI) is some public information indicating the identity of the data provider and the shared data,is composed ofGenerating a relation R when a₀When the time is 0:

wherein t (X) is an n-2 th degree polynomial;

wherein, DP selects random number GS as group encryption key and random number RN calculation

② DC random selectionThe BS randomly selects the values of β, γ, δ,selecting G, H as a groupDefine τ ═ (α, β, γ, x), and calculate the public validation parameter σ as:

and the statuses and sigma serve as data and identity public information of the DP.

(5) The authentication and key distribution protocol comprises the following steps:

firstly, a data supplier DP calls pro to calculate an identity certificate, a random number r is selected, s belongs to Z_PCalculations prove pi ═ (a, B, C), where:

group sending authentication request M₁＝(π,T₁) To data consumers needing to purchase data;

secondly, the data consumer obtains the identity proof pi and the message timestamp, and calls Verify equation to determine whether the message freshness is up after checking the message freshness:

if the equation is true, the authentication request is certified as coming from the data provider DP.

For each data consumer DC_iSelecting a random number y_1i,And the current time stamp T_2iSigning the hash value H (pi) of the message pi, and calculating: y is_1i＝y_1iP and Y_2i＝[(y_2is_DCi+h_2ik_i)mod q]P_BS＝(U_i,V_i) And finally calculating:

W_i＝[U_I(Y_1i+h_3is_DCi)+h_4ik_i]mod q；

wherein the content of the first and second substances,

h_2i＝H₂(H(π),ID_DCi,Y_1i),h_3i＝H₃(H(π),ID_DCi,APK_i,T_2i),

h_4i＝H₄(H(π),ID_DCi,APK_i,T_2i)

back to data supplier M_2i＝(ID_DCi,Y_1i,U_i,W_i,T_2i)；

Integration of authentication return message M in a period of time by data supplier_2i(i ═ 1 to N), aggregate messages and validate:

computing

AuthenticationIf yes, authenticating the data consumer DC_i(i is 1 to N), if not, individually verifying each consumer message, wherein the verification equation is as follows:

W_iP-U_i(Y_1i+h_3ik_2i)＝h_4i(R_i+h_1iP_BS)；

data supplier DP generating messageRespectively sent to the data consumers DC with successful purchase and successful authentication_i(i＝1～N)；

The data consumer receives the message and then decrypts the message to obtain a data encryption key GS, and verifies whether the equation is established:

judging whether the GS is tampered, verifying whether the MI is a correct signature, and if the verification is successful, accepting the GS as a data encryption key;

if it needs to be confirmed that it received the key, the data consumer may choose to use the aggregated signature to send the message (GS, T)_4i) The signature is sent to the data provider.

Further, in step four, the data security sharing includes:

(1) the data supplier issues a transaction block, and records the transaction:

the intelligent contract receiving function is the calling of recording transaction, obtains a unique transaction ID, and binds a signature of a data provider, a data address, a data demand party and transaction amount information; the data supplier defines an index number which is set as a user name and a data number of the data supplier; performing transaction rationality detection, and detecting whether a user exists or not and whether repeated purchasing conditions exist or not; and after the detection is finished, storing the key information into a state database, and recording the uplink.

(2) Updating an access list on the cloud server, updating the access authority of the consumer:

the intelligent contract receives the call of the function for upgrading the access list, determines the reasonability of the authority, inquires the transaction information related to the user, and determines whether the related user and the transaction exist or not; and constructing an updating request, serializing request parameters, sending the request parameters to a cloud server, and updating the authority list after the cloud server receives the updating request.

(3) The data supplier uploads the encrypted data:

and the data supplier encrypts data by using the encryption key GS through an SM4 cryptographic algorithm, uploads the encrypted data to a cloud server, and provides a data address for subsequent data consumer indexing.

(4) Data consumer access data:

the data consumer has the authority to access the data by the cloud server, and the cloud server authenticates the data according to the access list; and downloading the data by the authenticated data consumer, and decrypting by using the protection key to obtain the data.

Further, in the fifth step, the intelligent contract adopts a HyperLedgerFaric platform, adopts multiple channels to set a data label, realizes transaction classification isolation, and adopts Fabric-CA to realize identity certificate management.

It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:

the nodes participating in the data transaction complete the identity registration of the data transaction platform under the assistance of the blockchain service node; issuing data announcements by data suppliers or initiating data requests by data consumers to create transaction groups; the data supplier and the data consumer execute group authentication and key agreement protocol by using zero knowledge proof and aggregation key, and simultaneously authenticate a plurality of entities of both transaction parties to negotiate data protection key; the data supplier then performs data bidding/payment negotiation work with the data consumer;

if the data supplier approves the transaction, issuing block chain data authorization transaction, and performing data authorization on the successfully purchased consumers; after the data authorization transaction is confirmed, an intelligent contract is triggered, and a data access authority list is created/updated by the cloud server and the data consumer application end; and the data supplier encrypts the data by using a state secret symmetric encryption algorithm SM4 and a data protection key, and after uploading the data to the cloud server, authorized data consumers access the downloaded data and decrypt the downloaded data by using the protection key to obtain the data.

The invention also aims to provide an information data processing terminal, which is used for realizing the internet of things perception data sharing transaction platform.

By combining all the technical schemes, the invention has the advantages and positive effects that: the invention is based on a decentralized framework of a block chain, solves the defects of a central transaction platform, namely: a) the overhead in the aspects of calculation, storage and transmission is large; b) data sharing cannot be realized; the invention has the advantages of equal transaction information, simple transaction process, adoption of intelligent contracts, non-repudiation and traceability, and suitability for individual data owners. The invention innovatively adopts frames and technologies such as cloud and mist mixed structure, a Fabric alliance chain, an intelligent contract, zero knowledge proof, aggregation signature and the like, provides a scheme design of a relatively complete Internet of things data security sharing platform, breaks through a data circulation barrier caused by equipment domain management, adopts edge mist nodes to collect, encrypt and release sensing data in the same management domain, adopts a cloud server as a transfer point to store transaction data, introduces a block chain mechanism, realizes decentralized and extensible identity management, credible authentication and data transaction environments to classify and label the sensing data, adds the sensing data into a transaction group according to requirements, and utilizes Fabric Channel to realize a private transaction Channel and effectively reduce block chain storage consumption.

The invention provides an Internet of things perception data sharing transaction platform which comprises a perception convergence layer, a control transmission layer, a sharing transaction layer and an application interaction layer; the bottom sensing convergence layer is used for sensing and collecting the environment/operation data by various Internet of things terminal equipment; the middle control transmission layer collects data by a control center of the equipment group and carries out transmission safety control on the data, and is responsible for formulation and execution of an access control strategy and establishment of a data safety transmission channel; the upper layer shared transaction layer implements data transaction or sharing by a data supplier, a demander and a cloud storage server, and implements a security authentication and key agreement protocol and an intelligent contract; and the top application interaction layer provides perception data acquisition/safety convergence result display and user data transaction application interaction.

The block chain-based Internet of things perception data sharing transaction platform provided by the invention adopts a cloud and mist layered mixed data sharing model, introduces a Hyperhedge Fabric alliance chain technology, designs a group identity authentication and key agreement protocol based on non-interactive zero knowledge proof, and utilizes an intelligent contract to complete reliable circulation and efficient sharing of perception data of large-scale distributed intelligent equipment. The method solves the problems of data encryption, transmission difficulty and the like caused by large performance difference of sensing equipment and limited computing resources in the transaction process, has the advantages of transaction traceability, undeniability and the like, can overcome the pain points of lack of a unified transaction platform of the data of the Internet of things, difficulty in constructing a credible transaction environment of equipment which is widely distributed, difficulty in balancing safety requirements and expected efficiency of a sensitive data sharing scheme and the like, supports the intellectualization and the collaborative development of the Internet of things, and has a certain application value.

The invention provides a scheme for safely guaranteeing cross-domain data sharing of an Internet of things entity, aiming at the problems that a unified transaction platform of the Internet of things data is lack, a trusted transaction environment of widely distributed equipment is difficult to construct, the safety requirement and the expected efficiency of a sensitive data sharing scheme are difficult to balance and the like. The method and the system combine a alliance chain and a traditional cloud center data sharing framework to provide an identity credible authentication and data transaction control environment for distributed nodes, support autonomous and convenient data transaction and sharing of various differentiation capability nodes/node clusters, and communicate a sensing equipment cluster data island of internet of things node domain management. The platform user classifies and labels the perception data, and adds the perception data into a transaction group according to the requirement, and the Fabric Channel is utilized to realize a private transaction Channel and effectively reduce the block chain storage consumption. The zero-knowledge proof-based group authentication and key agreement protocol designed in the invention can realize one-to-many data secure sharing, reduce the calculation consumption of data suppliers while protecting transaction sensitive information, and improve the sharing efficiency.

The cloud server is used as a transfer point to store transaction data, so that the problems of data encryption, transmission difficulty and the like caused by large performance difference of sensing equipment and limited computing resources are solved; a block chain mechanism is introduced to realize decentralized and extensible identity management, credible authentication and data transaction environments, a fog node and a data consumer which are responsible for sensing equipment management are added into an alliance chain, a credible center is not required to be selected to organize transactions, a platform node can conduct peer-to-peer free transaction negotiation, intelligent contract flexibility and autonomy are utilized, cloud server data access authority is adjusted timely to realize data security sharing, and the cloud server data access authority management platform has the advantages of being traceable and undeniable in transactions and the like.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a flowchart of a control method of an internet of things perception data sharing transaction platform according to an embodiment of the present invention.

Fig. 2 is a system architecture diagram of an internet of things aware data sharing transaction platform according to an embodiment of the present invention.

Fig. 3 is a hierarchical structure diagram of a system of an internet of things perception data sharing transaction platform according to an embodiment of the present invention.

Fig. 4 is a data transaction operation step diagram of the internet of things aware data sharing transaction platform system according to the embodiment of the present invention.

Fig. 5 is a flow chart of mutual authentication and key distribution between nodes of the internet of things aware data sharing transaction platform system according to the embodiment of the present invention.

Fig. 6 is a flowchart of system group authentication of the internet of things aware data sharing transaction platform according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

Aiming at the problems in the prior art, the invention provides an internet of things perception data sharing transaction platform, a control method, equipment and a terminal, which are suitable for other types of data sharing transactions such as intelligent household equipment (such as an intelligent television, an intelligent sound box and the like) or other types of personal equipment such as personal wearable equipment (such as an intelligent bracelet, an intelligent watch and the like), internet of things equipment (such as a wind sensor, a temperature sensor, a humidity sensor and the like) in a smart city and the like, intelligent automobile equipment (such as electronic control unit equipment in a vehicle, external sensor equipment in the vehicle, internet of vehicles and the like), industrial internet of things equipment (industrial application sensors and the like) and the like. The present invention will be described in detail below with reference to the accompanying drawings.

As shown in fig. 1, the control method for the internet of things perception data sharing transaction platform provided by the embodiment of the invention includes the following steps:

s101, the nodes participating in data transaction complete node identity registration of the Internet of things perception data sharing transaction platform with the assistance of the blockchain service node;

s102, a data supplier issues a data announcement or a data consumer initiates a data request, and a transaction group of the Internet of things perception data sharing transaction platform is established;

s103, the data supplier and the data consumer execute a group authentication and key agreement protocol by using a zero-knowledge proof and an aggregation key, and simultaneously authenticate a plurality of entities of both transaction parties to negotiate a data protection key;

s104, the data supplier and the data consumer carry out data bidding/payment negotiation work; if the data supplier approves the transaction, issuing block chain data authorization transaction, and performing data authorization on the successfully purchased consumers;

s105, after the data authorization transaction is confirmed, an intelligent contract is triggered, and a data access authority list is created/updated by the cloud server and the data consumer application end;

and S106, encrypting the data by the data supplier by using a state secret symmetric encryption algorithm SM4 and a data protection key, uploading the data to the cloud server, accessing the downloaded data by an authorized data consumer, and decrypting the data by using the protection key to obtain the data.

The technical solution of the present invention will be further described with reference to the following examples.

The invention relates to an Internet of things perception data sharing transaction platform based on a block chain, which comprises a perception convergence layer, a control transmission layer, a sharing transaction layer and an application interaction layer; the bottom sensing convergence layer is used for sensing and collecting the environment/operation data by various Internet of things terminal equipment; the middle control transmission layer collects data by a control center of the equipment group and carries out transmission safety control on the data, and is responsible for formulation and execution of an access control strategy and establishment of a data safety transmission channel; the upper layer shared transaction layer implements data transaction or sharing by a data supplier, a demander and a cloud storage server, and implements a security authentication and key agreement protocol and an intelligent contract; and the top application interaction layer provides perception data acquisition/safety convergence result display and user data transaction application interaction.

As shown in fig. 2-3, in this embodiment, the data sharing transaction platform includes a sensing convergence layer, a control transmission layer, a sharing transaction layer, and an application interaction layer;

the perception convergence layer is used for perceiving and collecting the environment/operation data by various Internet of things terminal equipment;

the control transmission layer collects data by a control center of the equipment group, performs transmission safety control on the data, and is responsible for formulation and execution of an access control strategy and establishment of a data safety transmission channel;

the shared transaction layer implements data transaction or sharing by a data supplier, a demander and a cloud storage server, and implements a security authentication and key agreement protocol and an intelligent contract;

the application interaction layer provides perception data acquisition/safety convergence result display and user data transaction application interaction.

In this embodiment, the sensing convergence layer includes a multi-type internet of things terminal sensing device group;

the multi-type Internet of things terminal perception device group is used for perceiving or collecting execution environment/operation data.

In this embodiment, the control transmission layer includes an internet of things device group control center and a secure transmission channel;

the Internet of things equipment group control center is used for carrying out transmission safety control on data, and the transmission safety control comprises formulation and execution of an access control strategy;

the secure transport channel is used to perform a group authentication and key agreement protocol.

In this embodiment, the shared transaction layer includes a blockchain bottom platform, a blockchain network, and a blockchain bottom architecture;

the block chain bottom platform is used for realizing uplink storage of the data of the IOT (Internet of things) perception data sharing transaction platform;

the block chain network is used for node identity registration, transaction group establishment, intelligent contract operation and data security sharing;

the block chain bottom architecture is used for constructing a block chain network.

In order to clearly illustrate the technical solutions of the present invention, the meanings of the technical terms in the present invention are defined first.

TABLE 2 symbol mapping table

In this embodiment, the node identity registration method of the internet of things perception data sharing transaction platform is as follows:

1) a data transaction node i wishing to join a platform sends a registration request (i-specific, S) to a blockchain service node_i) Wherein the i-specific is a user self-selected identity, such as a user name and a transaction identity combination thereof. s_iSecret information, such as passwords for logging into the platform, is selected for the user.

2) The platform generates a platform unique identity ID for the user_iThe block chain service node generates a user i public and private key pair and a certificate return ((PK)_i,SK_i) Cert) to a user.

In this embodiment, the method for creating the transaction group of the internet of things perception data sharing transaction platform is as follows:

1) and for the registered user, if the registered user is a data provider, selecting a data label for the data to be sold, and adding the Channel pointed by the corresponding data label. The platform is provided with uniform data tag numbers as shown in table 1. If the data consumer is the data consumer, the corresponding data transaction Channel can be added according to the requirement. Wherein Channel refers to a Channel created in the Fabric platform, i.e., a transaction group.

TABLE 1 data type and tag number correspondence

Data type	Smart home	Smart manufacturing	Intelligent city	Internet of vehicles	Context awareness	Intelligent medical treatment
							Data tag numbering	01	02	03	04	05	06

2) The data supplier sends data transaction information such as data volume size, data content summary, data price, etc. by broadcasting in the Channel. A data consumer (1-i) wishing to purchase the data joins the transaction group and performs a group authentication and key agreement protocol with the data provider.

In this embodiment, the group authentication and key agreement protocol of the internet of things aware data sharing transaction platform is specifically as follows:

1) the transaction platform BS carries out authentication initialization, and selects a security parameter k E Z⁺The steps of generating authentication system parameters are as follows:

selecting an elliptic curve with prime number q as an orderThe base point is P. His own selected keyIts public key is P_BS＝s_BSP；

Selecting 4 hash functions, wherein i is 3 or 4, the hash functions are as follows, and publishing public parameters

2) Transaction platform BS is data consumer DC in Channel_i(i 1 to N) generating a partial private key K by the following procedure_1i：

Selecting random numbersCalculation of R_i＝r_iP and h_1i＝H₁(ID_DCi,R_i,P_BS)；

② calculating partial private key k_1i＝r_i+(s_BSh_1imod q) and key information K_1i＝(k_i,R_i) Transmitting to DC over secure channel_i。

3) Data consumer DC_iGenerating an aggregated signed public-private key pair (APK)_i,ASK_i) The method comprises the following steps:

receiving K_1i＝(k_i,R_i) Check-after equation k_iP＝R_i+h_1iP_BSIf yes, the part of the private key is approved;

② using its registration phase discretionary key s_DCiCalculating K_2i＝s_DCiP, then DC to the data consumer_iIts public key is APK_i＝(K_2i,R_i) The private key is ASK_i＝(k_i,s_DCi)。

4) The transaction platform BS generates zero-knowledge identification parameters for the data supplier, and the steps are as follows:

call NIZK (σ, τ) ← Setup (R), whereinIs (ID)_DPMI) is some public information indicating the identity of the data provider and the shared data,is composed ofGenerating a relation R when a₀When the time is 0:

wherein t (X) is an n-2 th degree polynomial;

wherein DP selects a random number GS as the group encryption key and random number RN calculation

② DC random selectionThe BS randomly selects the values of β, γ, δ,selecting G, H as a groupDefine τ ═ (α, β, γ, x), and calculate the public validation parameter σ as:

and the statuses and sigma serve as data and identity public information of the DP.

5) The authentication and key distribution protocol comprises the following steps:

firstly, a data supplier DP calls pro to calculate an identity certificate, a random number r is selected, s belongs to Z_PCalculations prove pi ═ (a, B, C), where:

group sending authentication request M₁＝(π,T₁) To data consumers needing to purchase data;

secondly, the data consumer obtains the identity proof pi and the message timestamp, and calls Verify equation to determine whether the message freshness is up after checking the message freshness:

if the equation is true, the authentication request is certified as coming from the data provider DP.

For each data consumer DC_iSelecting a random number y_1i,And the current time stamp T_2iSigning the hash value H (pi) of the message pi, and calculating: y is_1i＝y_1iP and Y_2i＝[(y_2is_DCi+h_2ik_i)mod q]P_BS＝(U_i,V_i) And finally calculating:

W_i＝[U_I(Y_1i+h_3is_DCi)+h_4ik_i]mod q

wherein the content of the first and second substances,

h_2i＝H₂(H(π),ID_DCi,Y_1i),h_3i＝H₃(H(π),ID_DCi,APK_i,T_2i),

h_4i＝H₄(H(π),ID_DCi,APK_i,T_2i)

back to data supplier M_2i＝(ID_DCi,Y_1i,U_i,W_i,T_2i)；

Integration of authentication return message M in a period of time by data supplier_2i(i ═ 1 to N), aggregate messages and validate:

computing

AuthenticationIf yes, authenticating the data consumer DC_i(i-1-N), if not, each consumer message can be verified separately, and the verification equation is as follows:

W_iP-U_i(Y_1i+h_3ik_2i)＝h_4i(R_i+h_1iP_BS)；

data supplier DP generating messageRespectively sent to the data consumers DC with successful purchase and successful authentication_i(i＝1～N)

The data consumer receives the message and then decrypts the message to obtain a data encryption key GS, and verifies whether the equation is established:

and judging whether the GS is tampered, verifying whether the MI is a correct signature, and if the verification is successful, accepting the GS as a data encryption key.

If it needs to be confirmed that it received the key, the data consumer may choose to use the aggregated signature to send the message (GS, T)_4i) The signature is sent to the data provider.

The flow of mutual authentication and key distribution between nodes is shown in fig. 5.

In this embodiment, the data security sharing process of the internet of things perception data sharing transaction platform is as follows:

1) the data supplier issues a transaction block and records the transaction, which is as follows:

the intelligent contract receiving function is calling for recording transaction, and information such as unique transaction ID, bound data provider signature, data address, data demand party, transaction amount and the like is obtained. The data supplier defines the index number, usually set as the user name and the data number of the data supplier, and the uniqueness is ensured. Then, transaction reasonability detection is carried out, and whether the user exists or not, whether repeated purchase exists or not and the like are mainly detected. And after the detection is finished, storing the key information into a state database, and recording the uplink.

2) Updating an access list on the cloud server and updating the access authority of the consumer, which comprises the following specific steps:

the intelligent contract receiving function is called for upgrading the access list, firstly, the reasonability of the authority is determined, the transaction information related to the user is inquired, and whether the related user and the transaction exist or not is determined. And then constructing an updating request, serializing request parameters, sending the request parameters to a cloud server, and updating the authority list after the cloud server receives the updating request.

3) The data supplier uploads the encrypted data, specifically as follows:

the data supplier encrypts data through SM4 cryptographic algorithm by using the encryption key, and uploads the data to the cloud server through a secure channel, and provides a data address for subsequent data consumer indexing.

4) The data consumer accesses the data as follows:

the data consumer has the authority to access the data by the cloud server, and the cloud server authenticates the data according to the access list; the authenticated data consumer can download the data and decrypt the data by using the protection key to obtain the data.

In this embodiment, the intelligent contract of the internet of things perception data sharing transaction platform adopts a hyper Fabric platform, adopts multiple channels (Multi-Channel) to set a data tag, realizes classification and isolation of transactions, and adopts Fabric-CA to realize management of identity certificates.

The data transaction operation step diagram of the internet of things perception data sharing transaction platform system provided by the embodiment of the invention is shown in fig. 4, the flow diagram of mutual authentication and key distribution among nodes of the internet of things perception data sharing transaction platform system provided by the embodiment of the invention is shown in fig. 5, and the flow diagram of group authentication of the internet of things perception data sharing transaction platform system provided by the embodiment of the invention is shown in fig. 6.

The technical scheme for realizing the invention is as follows: the nodes participating in the data transaction complete the identity registration of the data transaction platform with the assistance of the blockchain service node. Data announcements are then issued by data providers or data requests are initiated by data consumers, creating transaction groups to ensure transaction privacy. The data supplier and the data consumer use the zero knowledge proof and the aggregation key to execute the group authentication and key agreement protocol, and simultaneously authenticate a plurality of entities of both parties of the transaction to negotiate the data protection key. The data provider then performs data bidding/payment negotiation with the data consumer. If the data supplier approves the transaction, the block chain data is issued to authorize the transaction and to authorize the data of the successfully purchased consumer. After the data authorization transaction is confirmed, the intelligent contract is triggered, and the cloud server and the data consumer application end can create/update the data access authority list. And the data supplier encrypts the data by using the national secret symmetric encryption algorithm SM4 and the data protection key, and after the data is uploaded to the cloud server, authorized data consumers can access the downloaded data and decrypt the downloaded data by using the protection key to obtain the data. The scheme can overcome pain points that an Internet of things data unified transaction platform is lack, a widely distributed equipment credible transaction environment is difficult to construct, safety requirements and expected efficiency of a sensitive data sharing scheme are difficult to balance and the like, supports intelligent and collaborative development of the Internet of things, and has a certain application value.

The invention provides a scheme for safely guaranteeing cross-domain data sharing of an Internet of things entity, aiming at the problems that a unified transaction platform of the Internet of things data is lack, a trusted transaction environment of widely distributed equipment is difficult to construct, the safety requirement and the expected efficiency of a sensitive data sharing scheme are difficult to balance and the like. The alliance chain and a traditional cloud center data sharing framework are combined to provide an identity credible authentication and data transaction control environment for distributed nodes, autonomous and convenient data transaction and sharing of various differentiation capability nodes/node clusters are supported, and sensing equipment cluster data isolated islands of internet of things node domain division management are communicated.

1) Based on a cloud and mist mixed data architecture, sensing data in the same management domain are collected, encrypted and issued by edge mist nodes, and a cloud server is used as a transfer point to store transaction data, so that the problems of data encryption, transmission difficulty and the like caused by large performance difference of sensing equipment and limited computing resources are solved;

2) and a block chain mechanism is introduced to realize decentralized and extensible identity management, trusted authentication and data transaction environments. The cloud node and the data consumer which are responsible for sensing equipment management join the alliance chain, a trusted center does not need to be selected to organize transactions, the platform node can conduct peer-to-peer free transaction negotiation, the cloud server data access authority is adjusted timely to achieve data security sharing by using intelligent contract flexible autonomy, and the cloud server data access authority management platform has the advantages of being traceable to transactions and being undeniable;

3) the platform user classifies and labels the perception data, and joins the transaction group according to the demand, and the Fabric Channel is used to realize the private transaction Channel and effectively reduce the block chain storage consumption. The zero-knowledge proof-based group authentication and key agreement protocol designed in the invention can realize one-to-many data secure sharing, reduce the calculation consumption of data suppliers while protecting transaction sensitive information, and improve the sharing efficiency.

The technical effects of the present invention will be described in detail with reference to the analysis below.

(1) And (3) analyzing the correctness of the scheme:

the data supplier authenticates that the data consumer group aggregate signature is verified for correctness as follows:

knowing the correctness of the determination, each consumer has the correct optional key s according to the requirement_DCiThe correct signature can be generated to complete the aggregation, so that the equality is ensured to be established, and the identity authentication is completed.

The data consumer verifies the identity of the data provider and the source of the key message through a zero-knowledge proof argument pi, according to the security proof of the Groth 16 algorithm, only the node which possesses the private key of the certificate of the data provider and the self-selected key can generate the argument, the identity authentication is the identity authentication with double-factor strength, the data consumer does not accept the same argument which is generated by the same provider under different data, namely, a fresh argument should be generated to the declaration owned by the data each time to prevent replay attack.

Secret key secure transmission and integrity verification: the key is distributed by encryption using the public key of each consumer, and only the authenticated data consumer can obtain and decrypt the key. In the declaration phase of zero knowledge proof, the data supplier has published the signature of the data encryption keyThe consumer who obtains the key information confirms that the key is the key that the data supplier provided for not tampered through the signature, prevents playback and man-in-the-middle attacks.

(2) And (3) performance testing:

the performance test comprises two parts of data sharing service performance and authentication/key distribution protocol execution performance, and the following tests are provided for key performance indexes such as data access authority distribution, data sharing transmission, mutual authentication of both transaction parties and key agreement efficiency.

a) Data sharing service performance testing

The performance of Fabric was tested using the superledgercaliper framework. The Caliper is a benchmark test framework specifically designed to test blockchain performance. Various performance indexes are currently supported, including transaction success rate, transaction throughput, transaction delay, resource consumption, and the like. The effect of different transaction request rates on Fabric throughput and transaction delay was tested at a block size of 50. The following data were obtained:

as the transaction request rate increases, the throughput initially increases linearly, but does not increase after reaching a certain bottleneck (around 80 tps). When the transaction request rate is low, the transaction delay is maintained at about 0.6 s; but when the transaction request rate is higher than about 80tps, the transaction delay begins to increase, and generally speaking, the transaction confirmation time of the platform is in the second order, and the platform is user-friendly.

b) Data encryption/decryption efficiency

Party DP data encryption recommends the use of the secret SM4 algorithm. The symmetric cryptographic algorithm is fast in speed and very suitable for fast encryption of large-data information. The following table shows the relationship between the data encryption and decryption time and the file size:

the encryption and decryption time is basically linearly related to the size of data, the encryption and decryption time can also be gradually increased along with the increase of a data packet, the perception data volume of the Internet of things is generally less than 1GB, the encryption and decryption consumption in the platform is far less than 1 minute, and the cost time of safety guarantee is less.

c) Group authentication protocol execution efficiency analysis

Group authentication execution time consumption refers to the computational consumption of the participating entities in the protocol and the overall time consumption of the protocol execution. The time consumption dynamics should be tested as the number of consumer nodes increases. The cryptographic algorithm calls MIRACL library to test and calculate time, the zero-knowledge proof calls libsnark library to test and calculate time, and the calculation consumption of each algorithm and the calculation consumption of both a data supplier and a data consumer are shown in the following table.

TABLE 3.2 group authentication protocol computation consumption

d) Group authentication protocol transport consumption

Protocol transmission consumption refers to the amount of data that the protocol in the protocol participates in the entity completing the protocol transmission. The transmission consumption of the protocol data supplier and the data consumer is shown in the following table, and it can be known that the flow of group authentication and key distribution is concise and the transmission consumption is less.

TABLE 3.3 group authentication protocol transport consumption

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When used in whole or in part, can be implemented in a computer program product that includes one or more computer instructions. When loaded or executed on a computer, cause the flow or functions according to embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL), or wireless (e.g., infrared, wireless, microwave, etc.)). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.

The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.