| US 11,811,956 B2 | ||
| Blockchain-based supervision system of hazardous chemical production | ||
| Xiao Luo, Hangzhou (CN); Xiji Cheng, Hangzhou (CN); Jian Zhao, Hangzhou (CN); Zhiwen Zhang, Hangzhou (CN); and Saiwei Song, Hangzhou (CN) | ||
| Assigned to HANGZHOU VASTCHAIN TECHNOLOGY CO., LTD, Hangzhou (CN) | ||
| Filed by Hangzhou Vastchain Technology Co. , Ltd, Hangzhou (CN) | ||
| Filed on Sep. 22, 2022, as Appl. No. 17/951,010. | ||
| Claims priority of application No. 202111245384.X (CN), filed on Oct. 26, 2021. | ||
| Prior Publication US 2023/0125955 A1, Apr. 27, 2023 | ||
| Int. Cl. H04L 9/00 (2022.01); H04L 9/08 (2006.01); G06F 21/73 (2013.01); G06F 21/53 (2013.01) | ||
| CPC H04L 9/50 (2022.05) [G06F 21/53 (2013.01); G06F 21/73 (2013.01); H04L 9/0869 (2013.01)] | 10 Claims |
|
1. A blockchain-based supervision system of hazardous chemical production, wherein the system comprises:
a collection layer, configured to collect production data information in a production process of a production enterprise, wherein a collection device in the collection layer sets a TEE (trusted execution environment) to encrypt or hash the collected production data information; a data layer, configured to uplink a hash certificate of the production data information collected by the collection layer to a chain through an alliance chain, wherein the collection layer communicates with the data layer; a blockchain, configured to deploy a file uplink contract, and at the same time, encrypt and store a file on a privacy computing server after the file is connected to the trusted environment; a privacy computing system, that is programmed to form a metadata market of the data from file description information uplinked and record the metadata information of the collected data, wherein a data user applies for the right of use to a production enterprise that produces the data, and after obtaining authorization, the data user performs various applications on the privacy computing system; and wherein the communication between the collection layer and the data layer comprises the following steps:
uniformly distributing a key for the collection device in the TEE is by a key management system of the data layer;
binding a serial number of the collection device to a dispersion factor by the key management system, and dispersing the dispersion factor and a root key to obtain a device communication key of the collection device;
performing two-way identity authentication before the collection device uploads the data to the data layer, wherein the collection device generates a first random number through TEE, sends the first random number and the serial number of the device to the data layer, and waits for the data layer to return an encryption result for authentication in the data layer;
querying the key management system to obtain the corresponding dispersion factor after the first random number and serial number from the collection device are received by the data layer, utilizing the dispersion factor to disperse a root key to obtain a communication key of the collection device, and then utilizing the communication key to encrypt the received first random number so as to obtain a first encryption result, generating a second random number at the same time, and sending the first encryption result and the second random number to the collection device;
after the first encryption result and the second random number are received by the collection device, firstly decrypting the first encryption result in the TEE, and comparing the first encryption result with the first random number, ending the authentication if the first encryption result is the same as the first random number, continuing to encrypt the second random number with the TEE so as to obtain a second encryption result if the first encryption result is not the same as the first random number, returning the second encryption result to the data layer, decrypting the second encryption result by the data layer with the previously generated device communication key, and comparing a decryption result with the second random number, and considering the device to be credible and accepting the data from the data collection device if the decryption result is the same as the second random number;
during the operating process, forming a data packet with the collected data and the serial number of the device by the data collection device, encrypting the data packet with a key in the TEE to form a ciphertext data packet, and uploading the ciphertext data packet as well as plaintext information of the serial number of the device to the data layer;
using the key management system by the data layer to disperse the received serial number with the corresponding dispersion factor to obtain the communication key, and using the key to decrypt the ciphertext data packet to verify whether the serial number therein is consistent, and displaying the data is in the data layer and then uploading the data to the blockchain through the data layer if the serial number therein is consistent.
|