CN112818412A - Block chain-based equipment data access method and system - Google Patents
Block chain-based equipment data access method and system Download PDFInfo
- Publication number
- CN112818412A CN112818412A CN202110097340.0A CN202110097340A CN112818412A CN 112818412 A CN112818412 A CN 112818412A CN 202110097340 A CN202110097340 A CN 202110097340A CN 112818412 A CN112818412 A CN 112818412A
- Authority
- CN
- China
- Prior art keywords
- node
- block
- equipment
- data packet
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000004891 communication Methods 0.000 claims description 8
- 238000007726 management method Methods 0.000 claims description 4
- 238000013523 data management Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 description 9
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 6
- 230000000977 initiatory effect Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004134 energy conservation Methods 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 239000007788 liquid Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The invention provides a device data access method based on a block chain, which comprises the following steps: constructing an equipment block according to the service class corresponding to the equipment; the application service node inputs the encrypted data packet into a target equipment node corresponding to the equipment block for decryption and operation; after the operation is successful, an access log is generated, and equipment block data sharing is carried out based on the service type; the invention can effectively prevent the access information from being tampered, and improve the stability and the safety of the data.
Description
Technical Field
The invention relates to the field of industrial Internet of things, in particular to a device data access method and system based on a block chain.
Background
The current mainstream mode is that an application service node establishes a virtual connection with an equipment node through a collection and monitoring server in an equipment network, and then the application service constructs a read or write command code, a read register address or a write address and a value. For example, an operator can remotely check the flow and water pressure parameters of a pipe network through pipe network pressure monitoring application deployed on a mobile phone, and configure a pressure instrument threshold value to regulate and control the water supply pressure of the pipe network, so that the water supply safety and the energy conservation are ensured. The access log records of the acquisition and monitoring server are generally stored on the acquisition and monitoring server and are easy to be tampered and repudiated.
Disclosure of Invention
In view of the problems in the prior art, the invention provides a device data access method and system based on a block chain, and mainly solves the problem that the existing access record is poor in security.
In order to achieve the above and other objects, the present invention adopts the following technical solutions.
A device data access method based on a block chain comprises the following steps:
constructing an equipment block according to the service class corresponding to the equipment;
the application service node inputs the encrypted data packet into a target equipment node corresponding to the equipment block for decryption and operation;
and generating an access log after the operation is successful, and sharing the data of the equipment block based on the service class.
Optionally, the data packet is a data packet based on a communication protocol, and the communication protocol includes a Modbus protocol.
Optionally, the encrypted data packet includes a network address, a command code, a register address, and a write value of the destination device node.
Optionally, the step of the application service node inputting the encrypted data packet into the target device node corresponding to the device block for decryption and running includes:
after the application service node is authenticated, the data packet is encrypted through a private key, and the encrypted data packet and the public key are packaged together and input into the corresponding node of the equipment block;
and the corresponding node of the equipment block executes the operation in the data packet after being decrypted by adopting the public key.
Optionally, the access log includes the encrypted data packet, a public key, and an execution time.
Optionally, sharing the device block data based on the service category includes:
the target device node retrieves all nodes in the corresponding device block and outputs an access log to each node in the corresponding device block in a broadcast manner.
Optionally, when the node receiving the access log accesses another device block, the access log is updated to each node of the corresponding device block.
Optionally, the application service node obtains the access log, and updates the access log to a block corresponding to the application service node.
A blockchain-based device data access system, comprising:
the block building module is used for building an equipment block according to the service class corresponding to the equipment;
the data management module is used for inputting the encrypted data packet into a target equipment node corresponding to the equipment block by the application service node for decryption and operation;
and the log management module is used for generating an access log after the operation is successful and sharing the data of the equipment block based on the service type.
As described above, the method and system for accessing device data based on a block chain according to the present invention have the following advantages.
The block nodes independently store data, so that the risk of tampering the data is prevented from being reduced; the decentralized data acquisition and monitoring has higher data safety.
Drawings
Fig. 1 is a schematic diagram of a device data access structure based on a block chain in an embodiment of the present invention.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, and the components related to the present invention are only shown in the drawings rather than drawn according to the number, shape and size of the components in actual implementation, and the type, quantity and proportion of the components in actual implementation may be changed freely, and the layout of the components may be more complicated.
The invention provides a device data access method based on a block chain.
Referring to fig. 1, in one embodiment, the application service nodes may be classified, and a plurality of blocks of application service nodes may be constructed based on service classes. Specifically, a plurality of mobile terminals and/or server terminals may be used as access points for application service, and any one of the access points may be used as an application service node to initiate an application service request to the device terminal, so as to obtain response data of the device terminal. For water supply management, the service categories may include remote meter reading applications, water quality monitoring, network pressure monitoring, leakage analysis applications, and the like. In one embodiment, the remote meter reading application can be divided into water flow statistics, liquid level statistics, and the like, and each subdivided application constitutes a block of the remote meter reading application. The composition of the application-specific service block can be set according to the actual application requirements, and is not limited herein.
Further, based on different service classes, a device tile may be constructed. For example, the corresponding equipment for remote meter reading application can comprise a flow meter, a level meter, an actuating mechanism and the like, and the pipe network pressure monitoring application can comprise a pressure meter, an analysis meter and the like. Each device may act as a device node for a device block.
Before initiating an application service request, a connection of the application service node with the device node needs to be established. And carrying out identity authentication on the request initiator in advance. In particular, asymmetric encryption techniques may be employed for communication between the application service node and the device node. The application service node may send a digital identity certificate to the device node to authenticate the application service node identity. Digital identity certificates typically include the following: certificate issuing authorities, certificate validity periods, public keys, certificate owners, algorithms used for signatures, and the like. The device node may verify, via the digital identity certificate, whether the certificate holder corresponds to the public key. And after the verification is passed, the application service node generates a group of random character strings, encrypts the random character strings by adopting a private key, and packs and sends the encrypted character strings and the public key to the equipment node. And the equipment node decrypts through the public key to obtain the character string, compares the character string with the character string of the application service node, and if the character string is consistent with the character string of the application service node, establishes the connection between the application service node and the equipment node. Optionally, the application service node may convert the random string into a hash value and then encrypt the hash value with a private key, and since the hash value has unique certainty and irreversibility, the device node may compare the hash values after decrypting with a public key to improve the security of data transmission. As long as the data is tampered, the hash value is changed, and the data can be effectively prevented from being maliciously modified.
In one embodiment, after establishing the connection, the application service node may create a data packet based on the communication protocol according to the application service request of the user. The communication protocol can adopt a Modbus protocol. The Modbus protocol is a communication protocol for sending information based on device addresses, and can support network connection of devices of different manufacturers. After the protocol data packet is constructed, the data packet is encrypted by a private key. The data packet may include a network address, a command code, a register address, a write value, etc. of the destination device node. And the application service node packs the encrypted data packet and the public key together and sends the packed data packet and the public key to the corresponding target equipment node. And the target equipment node decrypts the data packet according to the received public key and executes corresponding operation according to the command code in the data packet. If remote meter reading is needed, data such as flow of a target equipment node can be read; a leakage analysis is required. And reading data of equipment nodes such as the analyzer and the like, and feeding the data back to the corresponding service node.
And after the execution is finished, generating an access log. The access log comprises a data packet, a public key, execution time and the like encrypted by the application service node.
In one embodiment, after generating the access log, the device node may further retrieve the device block in which it is located. Such as determining the device nodes, the added device nodes, the deleted device nodes, etc. included in the device block. And sending the access log to each equipment node in the equipment block in a broadcasting mode for storage. Because the access log comprises the data packet encrypted by the application service node, the data packet encrypted by the private key can be decrypted only by adopting the matched public key, and the identity of the holder of the public key can be determined according to the digital identity certificate. Therefore, the encrypted data packet in the access log can be used for authenticating the identity information of the application service node accessing the corresponding equipment node, and the repudiation can be effectively prevented.
In an embodiment, all the device nodes in the device block may also update the access log to the respective device block for consistent storage. If the analysis instrument supports application service requests of two types of application service categories, after one application service request accesses to generate an access log, the equipment node can update the access log to the corresponding equipment block of the other service category. The access data can be shared among the equipment nodes of different equipment blocks, so that the data can be verified and backed up, and the access conditions of other application services can be known in time.
In an embodiment, the access log of the device node may also be fed back to the corresponding application service node, and the application service node updates the access log to the block corresponding to the application service node in a broadcast manner, so as to implement data backup between applications.
The present embodiment provides a device data access system based on a block chain, which is used to execute the device data access method based on a block chain described in the foregoing method embodiments. Since the technical principle of the system embodiment is similar to that of the method embodiment, repeated description of the same technical details is omitted.
In one embodiment, a blockchain-based device data access system includes:
the block building module is used for building an equipment block according to the service class corresponding to the equipment;
the data management module is used for inputting the encrypted data packet into a target equipment node corresponding to the equipment block by the application service node for decryption and operation;
and the log management module is used for generating an access log after the operation is successful and sharing the data of the equipment block based on the service type.
In summary, the invention provides a device data access method and system based on a block chain, which establish a point-to-point connection between an application service node and a device node, encrypt a read-write access request sent by the application service node to the device node by using a private key and send a public key of the application service node to all nodes in a network, and update an access log to a block of each node, thereby canceling centralization of a data acquisition and monitoring server and using other nodes in the whole network to independently store the data access log instead; the log is reserved with a data packet encrypted by a private key of the initiating data access node, and the identity of the initiating node is proved and cannot be repudiated. Therefore, the invention effectively overcomes various defects in the prior art and has high industrial utilization value.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.
Claims (9)
1. A device data access method based on a block chain is characterized by comprising the following steps:
constructing an equipment block according to the service class corresponding to the equipment;
the application service node inputs the encrypted data packet into a target equipment node corresponding to the equipment block for decryption and operation;
and generating an access log after the operation is successful, and sharing the data of the equipment block based on the service class.
2. The blockchain-based device data access method of claim 1, wherein the data packet is a data packet based on a communication protocol, and the communication protocol comprises a Modbus protocol.
3. The blockchain-based device data access method of claim 1, wherein the encrypted data packet includes a network address, a command code, a register address, and a write value of a destination device node.
4. The device data access method based on the blockchain according to claim 1, wherein the application service node inputs the encrypted data packet into the device block and decrypts the encrypted data packet and operates the device block, and the method comprises the following steps:
after the application service node is authenticated, the data packet is encrypted through a private key, and the encrypted data packet and the public key are packaged together and input into the corresponding node of the equipment block;
and the corresponding node of the equipment block executes the operation in the data packet after being decrypted by adopting the public key.
5. The blockchain-based device data access method of claim 1, wherein the access log includes an encrypted data packet, a public key, and an execution time.
6. The method of claim 1, wherein sharing device block data based on service class comprises:
the target device node retrieves all nodes in the corresponding device block and outputs an access log to each node in the corresponding device block in a broadcast manner.
7. The blockchain-based device data access method according to claim 6, wherein the node receiving the access log updates the access log to each node of the corresponding device block when accessing other device blocks.
8. The method according to claim 1, wherein the application service node obtains the access log and updates the access log into a block corresponding to the application service node.
9. A blockchain-based device data access system, comprising:
the block building module is used for building an equipment block according to the service class corresponding to the equipment;
the data management module is used for inputting the encrypted data packet into a target equipment node corresponding to the equipment block by the application service node for decryption and operation;
and the log management module is used for generating an access log after the operation is successful and sharing the data of the equipment block based on the service type.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110097340.0A CN112818412A (en) | 2021-01-25 | 2021-01-25 | Block chain-based equipment data access method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110097340.0A CN112818412A (en) | 2021-01-25 | 2021-01-25 | Block chain-based equipment data access method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112818412A true CN112818412A (en) | 2021-05-18 |
Family
ID=75859623
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110097340.0A Pending CN112818412A (en) | 2021-01-25 | 2021-01-25 | Block chain-based equipment data access method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112818412A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170177898A1 (en) * | 2015-12-16 | 2017-06-22 | International Business Machines Corporation | Personal ledger blockchain |
| CN108023894A (en) * | 2017-12-18 | 2018-05-11 | 苏州优千网络科技有限公司 | Visa information system and its processing method based on block chain |
| CN108632293A (en) * | 2018-05-16 | 2018-10-09 | 山东建筑大学 | Architectural Equipment Internet of things system based on block chain technology and method |
| CN109302491A (en) * | 2018-11-13 | 2019-02-01 | 爱普(福建)科技有限公司 | A kind of industry internet framework and its operation method based on block chain |
| CN109523267A (en) * | 2018-10-30 | 2019-03-26 | 苏宁易购集团股份有限公司 | A kind of verification method, the apparatus and system of the transaction data based on block chain |
| CN111526200A (en) * | 2020-04-27 | 2020-08-11 | 远光软件股份有限公司 | Data storage access method and system based on block chain and cloud platform |
| CN112084529A (en) * | 2020-09-09 | 2020-12-15 | 清华大学 | Privacy data encryption access method and system based on block chain technology for community |
-
2021
- 2021-01-25 CN CN202110097340.0A patent/CN112818412A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170177898A1 (en) * | 2015-12-16 | 2017-06-22 | International Business Machines Corporation | Personal ledger blockchain |
| CN108023894A (en) * | 2017-12-18 | 2018-05-11 | 苏州优千网络科技有限公司 | Visa information system and its processing method based on block chain |
| CN108632293A (en) * | 2018-05-16 | 2018-10-09 | 山东建筑大学 | Architectural Equipment Internet of things system based on block chain technology and method |
| CN109523267A (en) * | 2018-10-30 | 2019-03-26 | 苏宁易购集团股份有限公司 | A kind of verification method, the apparatus and system of the transaction data based on block chain |
| CN109302491A (en) * | 2018-11-13 | 2019-02-01 | 爱普(福建)科技有限公司 | A kind of industry internet framework and its operation method based on block chain |
| CN111526200A (en) * | 2020-04-27 | 2020-08-11 | 远光软件股份有限公司 | Data storage access method and system based on block chain and cloud platform |
| CN112084529A (en) * | 2020-09-09 | 2020-12-15 | 清华大学 | Privacy data encryption access method and system based on block chain technology for community |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11076290B2 (en) | Assigning an agent device from a first device registry to a second device registry | |
| CN107770182B (en) | Data storage method of home gateway and home gateway | |
| CN110493261B (en) | Verification code obtaining method based on block chain, client, server and storage medium | |
| CN110855791B (en) | Block link point deployment method and related equipment | |
| US9860235B2 (en) | Method of establishing a trusted identity for an agent device | |
| KR100843072B1 (en) | Wireless network system and communication method using wireless network system | |
| US20110238980A1 (en) | System and methods for remote maintenance in an electronic network with multiple clients | |
| EP3425842B1 (en) | Communication system and communication method for certificate generation | |
| US20070257813A1 (en) | Secure network bootstrap of devices in an automatic meter reading network | |
| CN101496019B (en) | Method for access authentication for distributed file system and distributed file system | |
| WO2019129037A1 (en) | Equipment authentication method, over-the-air card writing method, and equipment authentication device | |
| CN101925910B (en) | License authentication system and authentication method | |
| CN103220295A (en) | Document encryption and decryption method, device and system | |
| IL278465B1 (en) | Medical image transfer system | |
| CN103095861A (en) | Determining whether a device is inside a network | |
| JP4833745B2 (en) | Data protection method for sensor node, computer system for distributing sensor node, and sensor node | |
| CN109064596B (en) | Password management method and device and electronic equipment | |
| CN113016201A (en) | Key provisioning method and related product | |
| CN113626456A (en) | File data consistency maintaining system and method based on block chain technology | |
| KR102266654B1 (en) | Method and system for mqtt-sn security management for security of mqtt-sn protocol | |
| CN115150109A (en) | Authentication method, device and related equipment | |
| CN110955909B (en) | Personal data protection method and block link point | |
| CN112423302A (en) | Wireless network access method, terminal and wireless access equipment | |
| CN111586125A (en) | Internet of things system | |
| CN113872986B (en) | Power distribution terminal authentication method and device and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210518 |