CN112910992B - Industrial data privacy protection system based on alliance chain - Google Patents

Industrial data privacy protection system based on alliance chain Download PDF

Info

Publication number
CN112910992B
CN112910992B CN202110127155.1A CN202110127155A CN112910992B CN 112910992 B CN112910992 B CN 112910992B CN 202110127155 A CN202110127155 A CN 202110127155A CN 112910992 B CN112910992 B CN 112910992B
Authority
CN
China
Prior art keywords
node
data
chain
account book
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110127155.1A
Other languages
Chinese (zh)
Other versions
CN112910992A (en
Inventor
霍炎
高青鹤
孟春
荆涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jiaotong University
Original Assignee
Beijing Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jiaotong University filed Critical Beijing Jiaotong University
Priority to CN202110127155.1A priority Critical patent/CN112910992B/en
Publication of CN112910992A publication Critical patent/CN112910992A/en
Application granted granted Critical
Publication of CN112910992B publication Critical patent/CN112910992B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Abstract

The embodiment of the invention provides an industrial data privacy protection system based on a alliance chain, which comprises a front-end page and a back-end block chain architecture facing a user, wherein the back end comprises: the source tracing platform module and the privacy protection module; the source tracing platform module is used for tracing and managing a data source, splitting and establishing a plurality of alliance chains according to an industrial production process, wherein each alliance chain plays its own role; the privacy protection module is connected with the traceability platform module and used for privacy protection of the data on the chain. The embodiment of the invention provides an industrial data privacy protection system based on a alliance chain, which combines an alliance chain technology and an industrial Internet of things production scene, can realize the platform traceability management of industrial production data and the privacy protection of data on the chain, and improves the security of the data on the chain during sharing.

Description

Industrial data privacy protection system based on alliance chain
Technical Field
The invention relates to the technical field of block chains, in particular to an industrial data privacy protection system based on a alliance chain.
Background
With the continuous evolution of industrial manufacturing technology, the fourth industrial revolution (industry 4.0) leading to intelligent manufacturing is revolutionizing the production mode of global manufacturing, and by means of the deep fusion and integration of the traditional industrial platform and the new intelligent technology, the interconnection and intercommunication in the aspect of industrial terminals are realized, the internet of things in the industrial field is created, and the industrial production efficiency is maximally improved. However, people enjoy the convenience brought by intellectualization and suffer from personal data privacy disclosure and network security attack, and how to ensure the privacy and security of industrial production data becomes a new problem which needs to be solved urgently in the industrial field at present.
The alliance chain technology is used as a branch of a block chain, has the characteristics of decentralization, high transaction transparency, no tampering and easy traceability which are peculiar to the block chain, and simultaneously, an admission mechanism of the alliance chain is also in accordance with a cooperation mode among enterprises. In the aspect of privacy protection, compared with a mode of directly performing mathematical operation on data to perform encryption protection, the method and the system utilize the alliance chain platform to perform data isolation on production data to realize privacy protection, improve a data operation unit, and reduce the complexity of tracing and managing the processed data.
In conclusion, the alliance chain technology has practical application value for the research of data privacy protection in the industrial internet of things.
Disclosure of Invention
The embodiment of the invention provides an industrial data privacy protection system based on a alliance chain, which is suitable for the field of industrial Internet of things and effectively solves the privacy disclosure problem when industrial confidential data are shared on the chain.
In order to achieve the purpose, the invention adopts the following technical scheme.
A federation chain-based industrial data privacy protection system comprising a user-oriented front-end page and a back-end blockchain architecture, the back-end comprising: the source tracing platform module and the privacy protection module;
the source tracing platform module is used for tracing and managing a data source, and splitting and establishing a plurality of alliance chains according to an industrial production process, wherein each alliance chain plays its own role;
the privacy protection module is connected with the tracing platform module and used for privacy protection of the data on the chain.
Preferably, the tracing platform comprises: material supplier chain C1Plant chain C2And customer sales chain C3
The privacy protection platform comprises: c1Public account book D of1、C1Side account book D2、C2Public account book D of3、C2Side account book D4、C3Public account book ofD5And C3Upper side account book D6
Wherein, the public account book is used for storing the public data M which can be accessed by all the nodes on the chainjThe side account book is used for storing the isolated private data M on the chainp,C1,C2,C3Public account book D on three chains1,D3,D5The data are not communicated with each other.
Preferably, said supplier chain C1The method comprises the following steps:
C1and (3) an upper node: u shape1,U2,U3,……Ua-1,UaA is the number of nodes;
C1intelligent contract F on1:F1={f1,f2},f1For supplier information registration function, f2Function, f, for supplier information query1And f2Belonging to an intelligent contract F1A set of functions;
the plant chain C2The method comprises the following steps:
C2and (4) an upper node: u shapea,Ua+1,……Uk-1,UkK is the number of nodes;
C2intelligent contract F on2:F2={f3,f4,f5,f6,f7,f8,f9},f3Registering a function for material information, f4Registering and updating functions for production facility information, f5Registering and updating functions for product information, f6As a function of the sale of the product, f7As a function of the material information query, f8As a product information query function, f9For production facility information, function f3~f9Belonging to an intelligent contract F2A set of functions;
the customer sales chain C3The method comprises the following steps:
C3and (4) an upper node: u shapek,Uk+1,Uk+2,……Um-1,UmM is the number of nodes;
C3intelligent contract F on3:F3={f10,f11}:f10Registering a function for sales client information, f11For querying the function, function f, for customer information10And f11Belonging to an intelligent contract F3A set of functions;
function f1~f11Is x as an input parameter1,x2,…,xnN is the number of parameters; g (x) is a serialization function responsible for mapping input parameters into accounts, fi=g(x1,x2,…,xn),i∈[1,11];
Intelligent contract F1Binary file Y formed after compiling1Is installed at U1~UaA node;
intelligent contract F2Binary file Y formed after compiling2Is installed at Ua~UkA node;
intelligent contract F3Binary file Y formed after compiling3Is installed at Uk~UmA node;
wherein, U1~Ua-1Is C1The unique nodes are regarded as various suppliers; u shapea+1~Uk-1Is C2The unique nodes are regarded as each department in the factory; u shapek+1~UmIs chain C3The upper unique node is regarded as each client; u shapeaViewed as the input department of the plant, as C1And C2Is a connection point of, i.e. UaWith addition of C1And C2Two strands, can read C1And C2Public account book, U, on both chainskAs C2And C3As a regional global agent, i.e. UkWith simultaneous addition of C2And C3Two strands, can read C2And C3The common ledger on two chains makes three chains form an interaction.
Preferably, the material supplier chain C1Plant chain C2And customer sales chain C3Including:
(a) first, C1Upper node U1~Ua-1Executing intelligent contracts F1Supplier information registration function f in (1)1Information registration is carried out, supplier information is written into a public account book, and a node UaExecuting supplier information inquiry function f2Read C1Go up account book well node U1~Ua-1The data written;
(b) node UaExecuting intelligent contracts F2Material information registration function f3Placing it at C1Data write C read from2Account book of2Node U ofa+1~Uk-1Executable production equipment information registration and update function f4To register and update production equipment, product information registration and update function f5To register product information, node UkExecutable product information query function f8Reading C2Product information in the account book is uploaded;
(c)C3client node U ofk+1~UmExecuting intelligent contracts F3Sales client information registration function f in (1)10Registering client information, node UkExecutable intelligent contract F2Product sales function f in (1)6Registering product sale information;
(d) node U1~UaExecutable supplier query function f2Query C1The above ledger book data; node Ua~UkExecutable material information query function f7Product information query function f8And production facility information query function f9Query C2The above ledger book data; node Uk~UmExecutable customer information query function f11Query customer sales chain C3And the account book data completes the tracing of the data.
Preferably, the working modes of the privacy protection module include:
C1node U of1~UaThe common node in (2) uploads the uploaded public data MjWrite to public ledger D1In, U1~UaThe private node in (1) uploads the private data MpWrite in to limit account book D2Performing the following steps; c2Node U ofa~UkThe common node in (2) uploads the uploaded public data MjWrite to public ledger D3In, Ua~UkThe private node in (1) uploads the private data MpWrite in to limit account book D4Performing the following steps; c3Node U ofk~UmThe common node in (2) uploads the uploaded public data MjWrite to public ledger D5In, Uk~UmThe private node in the system uploads the uploaded private data MpWrite in to limit account book D6Performing the following steps;
each node U1~UmUpdating corresponding account book information;
C1side account book D2Private data in (1), C2Side account book D4Private data in (1), C3Side account book D6The private data in the public account book can only be read by the private nodes on the respective chains, and the common nodes on each chain can only read the public data in the public account book on the respective chains, so that the data privacy protection on each chain is realized. According to the technical scheme provided by the embodiment of the invention, the embodiment of the invention provides the industrial data privacy protection system based on the alliance chain, and by combining the alliance chain technology and the industrial internet of things production scene, the platform traceability management and the on-chain data privacy protection of industrial production data can be realized, and the security of the on-chain data sharing is improved. The beneficial effects are as follows: (1) each node on the chain can dynamically share data without a centralized management and control mechanism of a third party; (2) production and transaction information can be traced, and effective management of industrial data is ensured; (3) the multi-chain architecture of the invention realizes the division of the business process and reduces the complexity of business development; (4) the single batch processing scale of data privacy protection is improved, and the data protection efficiency is improved.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram of a federation chain-based industrial data privacy protection system architecture;
FIG. 2 is a schematic diagram of a HyperLegger Fabric transaction flow;
FIG. 3 is a schematic diagram of a three-chain interaction architecture;
FIG. 4 is a schematic diagram of a construction flow of a traceability platform module;
FIG. 5 is a schematic diagram of a flow chart of an implementation of the privacy protecting module;
FIG. 6 is a traceability platform module display: (a) a data uplink module, (b) an information tracing module;
fig. 7 shows the data protection effect of the multi-chain partition method: (a) c1The link point query result; (b) c2The link point query result;
fig. 8 shows privacy protection effects: (a) a private data generating node; (b) a common node; (c) a common node;
FIG. 9 is a schematic diagram of an application scenario model of an industrial data privacy protection system based on a federation chain;
FIG. 10 is a schematic diagram illustrating user interface effects of an industrial data privacy preserving system based on a federation chain.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or coupled. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
For the convenience of understanding the embodiments of the present invention, the following description will be further explained by taking several specific embodiments as examples in conjunction with the drawings, and the embodiments are not to be construed as limiting the embodiments of the present invention.
In order to better understand the operation mechanism of the present invention, the types and responsibilities of each node in the federation chain HyperLegend Fabric used in the present invention, the consensus process of transactions, etc. will be briefly introduced. In the Hyperhedgehog Fabric, the types of nodes are mainly divided into anchor nodes, endorsement nodes, sorting nodes, master nodes, CA nodes (optional), and the like. It should be noted that, in the federation chain on which the present invention is based, an endorsement node is a node running a chain code (the intelligent contract is referred to as a chain code), and nodes are running in a channel (the channel refers to each chain), and the functions of the nodes are as follows:
(1) an endorsement node: the term "endorsement" was used in the financial field for the earliest time, and refers to the fact that a responsible party signs a signature on the back of a check to prove that he is responsible for the check, which is called endorsement. In the federation chain Hyperhedger Fabric, endorsement refers to selecting certain nodes according to a formulated endorsement strategy to guarantee the transaction submitted by a client, and signing the transaction, namely participating in a voting link of a consensus mechanism.
(2) Accounting node: the system is responsible for verifying transaction proposals in blocks received from the sequencing service node and then writing the block submissions into a copy of the channel ledger thereof, and the accounting node is also responsible for marking each transaction proposal in each block as valid or invalid, and invalid transactions only waste disk space and do not change world state and have an influence on the public ledger.
(3) An anchor node: the anchor nodes are responsible for communication among the organizations, and only one anchor node is arranged in each organization and is responsible for synchronizing information among the organizations in the same channel.
(4) A master node: the master and anchor nodes work similarly except that the master node is responsible for organizing the internal synchronization and communicates directly with the sequencing node to obtain the latest block.
(5) Sequencing nodes: the sequencing node has two functions, one of which is to receive transactions from the whole network client and then sequence the transactions according to a certain rule; and secondly, packaging the sequenced transactions into blocks according to a fixed time interval, and then distributing the blocks to the main nodes of other organizations.
(6) And (3) the CA node: the CA node is a certificate authority and mainly verifies whether the identity of the user node is legal and valid.
The invention provides an industrial data privacy protection system based on a federation chain (HyperLegger Fabric), which is suitable for the field of industrial Internet of things and effectively solves the privacy disclosure problem when industrial confidential data is shared on the chain. The system framework of the present invention is shown in fig. 1.
Different from the block chain operation mechanism based on the existing method, the alliance chain HyperLegend Fabric based on the method follows the method of executing transaction first and then sequencing (consensus), and the whole transaction flow is divided into three steps, namely transaction simulation, transaction sequencing and transaction verification submission (namely, sequencing after execution). FIG. 2 shows the transaction flow of HyperLegger Fabric, which can be seen to follow a specific transaction-first-then-sort procedure.
Example one
An embodiment of the present invention provides an industrial data privacy protection system based on a federation chain, and as shown in fig. 1, the system includes a front-end page and a back-end block chain architecture facing a user. The rear end includes: the device comprises a tracing platform module and a privacy protection module. The source tracing platform module is used for tracing and managing data sources, and splitting and establishing a plurality of alliance chains according to an industrial production process, wherein each alliance chain plays its own role. The privacy protection module is connected with the traceability platform module and used for privacy protection of the data on the chain.
The traceability platform comprises: material supplier chain C1Plant chain C2And customer sales chain C3(ii) a The privacy protection platform includes: c1Public account book D of1、C1Side account book D2、C2Public account book D of3、C2Side account book D4、C3Public account book D of5And C3Side account book D6. Wherein, the public account book is used for storing the public data M which can be accessed by all the nodes on the chainjThe side account book is used for storing the isolated private data M on the chainp,C1,C2,C3Public account book D on three chains1,D3,D5The data are not communicated with each other.
Supplier chain C1The method comprises the following steps: c1And (4) an upper node: u shape1,U2,U3,……Ua-1,UaA is the number of nodes; c1Intelligent contract F on1:F1={f1,f2},f1For supplier information registration function, f2To supply goodsQuotient information query function, function f1And f2Belonging to an intelligent contract F1A set of functions.
Plant chain C2The method comprises the following steps: c2And (4) an upper node: u shapea,Ua+1,Ua+2,……Uk-1,UkK is the number of nodes; c2Intelligent contract F on2:F2={f3,f4,f5,f6,f7,f8,f9},f3Registering a function for material information, f4Registering and updating functions for production facility information, f5Registering and updating functions for product information, f6As a function of the sale of the product, f7As a function of the material information query, f8As a product information query function, f9For production facility information, function f3~f9Belonging to an intelligent contract F2A set of functions.
Customer sales chain C3The method comprises the following steps: c3And (4) an upper node: uk, Uk+1,Uk+2,……Um-1,UmM is the number of nodes; c3Intelligent contract F on3:F3={f10,f11}:f10Registering a function for sales client information, f11For querying the function, function f, for customer information10And f11Belonging to an intelligent contract F3A set of functions.
Function f1~f11With an input parameter of x1,x2,…,xnN is the number of parameters; g (x) is a serialization function responsible for mapping input parameters into accounts, fi=g(x1,x2,…,xn),i∈[1,11]。
Intelligent contract F1Binary file Y formed after compiling1Is installed at U1~UaA node; intelligent contract F2Binary file Y formed after compiling2Is installed at Ua~UkA node; intelligent contract F3Binary file Y formed after compiling3Is installed at Uk~UmAnd (4) nodes.
Wherein, U1~Ua-1Is C1The unique nodes are regarded as various suppliers; u shapea+1~Uk-1Is C2The unique nodes are regarded as each department in the factory; u shapek+1~UmIs chain C3The upper unique node is regarded as each client; u shapeaViewed as the input department of the plant, as C1And C2Is a connection point of, i.e. UaWith addition of C1And C2Two strands, can read C1And C2Public account book, U, on both chainskAs C2And C3Is considered as a regional general agent, UkWith addition of C2And C3Two strands, can read C2And C3The common ledger on two chains makes three chains form an interaction.
Material supplier chain C1Plant chain C2And customer sales chain C3Including:
(a) first, C1Upper node U1~Ua-1Executing intelligent contracts F1Supplier information registration function f in (1)1Information registration is carried out, supplier information is written into a public account book, and a node UaExecuting supplier information inquiry function f2Read C1Go up account book well node U1~Ua-1The data written;
(b) node UaExecuting intelligent contracts F2Material information registration function f3Placing it at C1Data write C read from2Account book of2Node U ofa+1~Uk-1Executable production equipment information registration and update function f4To register and update production equipment, product information registration and update function f5To register product information, node UkExecutable product information query function f8Reading C2Product information in the account book is uploaded;
(c)C3client node U ofk+1~UmExecuting intelligent contracts F3Sales client information registration function f in (1)10Registering client information, node UkExecutable intelligent contract F2Product sales function f in (1)6Registering product sale information;
(d) node U1~UaExecutable supplier query function f2Query C1The above ledger book data; node Ua~UkExecutable material information query function f7Product information query function f8And production facility information query function f9Query C2The above ledger book data; node Uk~UmExecutable customer information query function f11Query customer sales chain C3And the account book data completes the tracing of the data.
The working modes of the privacy protection module comprise:
C1node U of1~UaPublic data M ofjWrite to public ledger D1Medium, private data MpWrite in to limit account book D2The preparation method comprises the following steps of (1) performing; c2Node U ofa~UkPublic data M ofjWrite to public ledger D3Middle, private data MpWrite to side account book D4Performing the following steps; c3Node U ofk~UmPublic data M ofjWrite to public ledger D5Middle, private data MpWrite in to limit account book D6The preparation method comprises the following steps of (1) performing; each node U1~UmUpdating corresponding account book information; c1Side account book D2Data of (1), C2Side account book D4Data of (1), C3Side account book D6The data in the chain can only be read by the privacy nodes on the respective chains, and the common nodes on each chain can only read the public data in the public ledger on the respective chain, so that the data privacy protection on each chain is realized.
Example two
As shown in fig. 1, an embodiment of the present invention provides an industrial data privacy protection system architecture based on federation chain, which can be wholly divided into two parts, namely a front-end page facing to a user and a back-end block chain architecture. The front-end page is used for improving the convenience and the operability of user access, and the back end provides a support for business development. In the invention, the back end is mainly divided into a tracing platform module and a privacy protection module, which respectively correspond to the tracing management of the data source and the privacy protection function of the linked data, and specifically comprise the following steps:
(1) industrial traceability platform module based on Hyperhedger Fabric
For the actual industrial production environment, the industrial process includes the steps of upstream material supply, production and manufacturing, and downstream sales, and the participation entities and the responsible links in the production process are different. If all the entities in the three links of material supply, production and manufacture, and product sale are managed in a chain, the management of the entities and the data generated in the chain becomes complicated.
Aiming at the situation, the invention closely relates to the actual situation of industrial manufacturing, and proposes to split the industrial production flow into three parts, namely: an upstream material supply link, a midstream factory manufacturing link, and a downstream customer sales link. Three alliance chains C are respectively established for the three links1,C2,C3Wherein, C1For the chain of material suppliers, C2For plant chains, C3For a customer sales chain, the multi-chain architecture has the advantages that all functional modules of different business links of the traceability platform module can be divided into different chains, on one hand, the complexity of management operation on data on the chains can be reduced, on the other hand, for the node, all account book data of the customer sales in the downstream from the upstream material supply is not required to be stored, only the account book data of the alliance chain where the node is located is required to be stored, and the data volume of the account book maintained by the node is reduced.
In the invention, the tracing platform module realizes the following main functions: supplier information registration, material information registration and inquiry, production equipment information registration, updating and inquiry, product information registration, updating and inquiry, customer information registration and inquiry, and product sale and tracing. It can be seen that the functions to be implemented by the entire platformThe number of modules is large, so I divide supplier information registration module into C1In the method, material information registration and query, production equipment information registration, update and query, and product information registration, update and query modules are divided into modules C2In the above, the customer information registration and inquiry, product sale and tracing module are divided into C3The above. This multi-chain partitioning scheme enables C1,C2,C3The three chains respectively take their own roles and respectively correspond to a single link in the whole production flow, so that the data volume of accounts maintained by the nodes is reduced, and the management complexity of the data is reduced.
The three-chain architecture of the present embodiment is shown in FIG. 3, which is the upstream material supplier chain C1Midstream plant chain C2Downstream, customer sales chain C3The method corresponds to units of materials, production, equipment, products, sales and the like in industrial production. The different entities are separated by dividing the chain and are respectively positioned at C1,C2,C3On the chain, three chains together form a complete business process.
Defining:
and (3) linking the nodes:
C1the name of the upper node: circular: u shape1,U2,U3,U4,U5(ii) a Triangle: u shape6
C2The name of the upper node: circular: u shape7,U8,U9,U10,U11(ii) a Five-pointed star: u shape12(ii) a Triangle: u shape6
C3The name of the upper node: circular: u shape13,U14,U15,U16(ii) a Five-pointed star: u shape12
The functions and input parameter meanings in the intelligent contract are shown in the table 1:
Figure BDA0002923868980000121
TABLE 1
Note:
F1:C1an intelligent contract on;
F2:C2an intelligent contract on;
F3:C3an intelligent contract on;
F1={f1,f2}:f1for supplier information registration function, f2Function, f, for supplier information query1And f2Belonging to an intelligent contract F1A set of functions;
F2={f3,f4,f5,f6,f7,f8,f9}:f3registering a function for material information, f4Registering and updating functions for production facility information, f5Registering and updating functions for product information, f6As a function of the sale of the product, f7As a function of the material information query, f8As a product information query function, f9For production facility information, function f3~f9Belonging to an intelligent contract F2A set of functions;
F3={f10,f11}:f10registering a function for sales client information, f11For querying the function, function f, for customer information10And f11Belonging to an intelligent contract F3A set of functions;
x1,x2,…,xn: function f1~f11The number n of the input parameters is not fixed;
g (x): a serialization function responsible for mapping input parameters into the ledger, fi=g(x1,x2,…,xn),i∈[1,11];
Y1: intelligent contract F1Binary file formed after compiling and installed in U1~U6A node;
Y2: intelligent contract F2Binary file formed after compiling and installed in U6~U12A node;
Y3: intelligenceContract F3Binary file formed after compiling and installed in U12~U16A node;
wherein: node U1~U5Is C1The unique nodes can be regarded as various suppliers; node U7~U11Is C2The unique nodes can be regarded as all the departments inside the factory; u shape13~U16Is C3The upper unique node can be regarded as each client. U shape6Can be regarded as a stock-in department of a plant, as C1And C2Is a connection point of, i.e. U6With addition of C1And C2Two strands, can read C1And C2Public accounts on both chains; u shape12As C2And C3Can be regarded as a regional general agent, i.e. U12With simultaneous addition of C2And C3Two strands, can read C2And C3The public account book on the two chains enables the three chains to form interaction.
As shown in fig. 4, the workflow of the traceability platform with a triple-link architecture in the present invention specifically includes the following steps:
(a) first, C1Upper node U1~U5Executing intelligent contracts F1Supplier information registration function f in (1)1Registering information, writing supplier information into public account book, U6Node executing supplier information inquiry function f2Read C1U in account book1~U5The data written;
(b) node U6Executing intelligent contracts F2Material information registering function f in (1)3Placing it at C1Data write C read from2Account book of2U of (A) to7~U11Node executable production equipment information registration and update function f4To register and update production equipment, product information registration and update function f5To register product information, node U12Executable product information query function f8Reading C2Product information in the ledger;
(c)C3client ofNode U13~U16Executing intelligent contracts F3Sales client information registration function f in (1)10Registering client information, node U12Executable intelligent contract F2Product sales function f in (1)6Product sales information registration is performed.
(d) Node U1~U6Executable supplier query function f2Query supplier C1Account book data of, node U6~U12Executable material information query function f7Product information query function f8Production facility information query function f9Inquiry of plant C2Account book data of, node U12~U16Executable customer information query function f11Query client chain C3And (4) uploading the book data to finish the tracing of the data.
By the three-chain interworking mode proposed above, by C1,C2,C3The whole production flow is divided, so that the data volume of the account book required to be maintained by each node is greatly reduced, the complexity of data management operation on a chain is reduced, and the three-chain architecture enables a chain C1,C2,C3The contents of the accounts are not intercommunicated, so that the nodes have certain limitation on the access of data, and the data contents in each account are protected preliminarily.
(2) Privacy protection module based on HyperLegger Fabric
Defining: in the proposed triple-chain architecture, D1Is C1Public account book of (D)2Is C1The side account book of (1); d3Is C2Public account book of (D)4Is C2The side account book of (1); d5Is C3Public account book of (D)6Is C3The side account book of (1);
through the multi-chain architecture of the tracing platform module, the data privacy protection between different chains can be preliminarily realized, namely, the data privacy protection is only in the C1The supplier node on is unable to obtain C2Of the above account book data, only the factory purchasing department node U6Can simultaneously obtain C1And C2The data on (1);likewise only in C3The common client node of (2) can not obtain C2Data of (3), only regional general agent node U12Can simultaneously obtain C2And C3And vice versa. Therefore, the data privacy protection effect among different chains is realized through the isolation of data among the chains. However, this multi-chain partitioning method can only ensure data privacy between different chains, and for a single chain, all data on the chain is open to all nodes, and there is no privacy at all on the single chain, that is, overall, the access control authority control on all data on three chains is not high enough, and further data access authority control on data on the single chain is also needed. For example: node U1~U6Is simultaneously C1Node of (1), assuming privacy node U1,U2,U3Uploaded to the federation chain is private data that is not intended to be U4,U5,U6When the user accesses the information, the requirement of data privacy protection on a single chain cannot be met by a single-chain division mode, the edge account book technology in the Fabric is introduced, and the privacy node U is used1,U2,U3Storing the uploaded private data in C1Upper side account book D2In and through node U4,U5,U6The uploaded public data is stored in C1Public account book D on chain1In the side account book D2Can only be U1,U2,U3Read and stored in public account book D1The data in (2) can then be C1All nodes on the chain are read, so that data isolation on a single chain is realized, and further privacy protection is realized on the single chain, C2And C3Both chains are of the same nature. Compared with a data protection mode of multi-chain segmentation, the introduction of the edge account book technology has higher isolation level to data and better privacy protection effect.
The implementation scheme of privacy protection is shown in fig. 5, and specifically as follows:
data privacy protection in a multi-chain partitioning manner:
a) root of firstAccording to the scheme I, the construction of a multi-chain traceability platform is completed (the traceability platform relates to C)1,C2,C3Three strands);
b)C1go up data storage public account book D1In chain C2Go up data storage public account book D3In chain C3Go up data storage public account book D5Performing the following steps;
c)C1,C2,C3public account book D on three chains1、D3、D5The data are not intercommunicated, and the multi-chain data isolation protection is realized according to a multi-chain division mode.
The single-chain data privacy protection of introducing the limit account book technology:
defining:
Mj: public data accessible to all nodes on a chain
Mp: chain-isolated private data
The method comprises the following steps:
a) firstly, according to a first scheme, the construction of a tracing platform is completed (the tracing platform relates to C)1,C2,C3Three strands);
b)C1u of (A) to1~U6The common node in (2) uploads the public data MjWrite to public ledger D1In, U1~U6The private node in (1) uploads the private data MpWrite in to limit account book D2The preparation method comprises the following steps of (1) performing; c2U of (A) to6~U12The common node in (1) converts the common data M of the common nodejWrite to public ledger D3In, U6~U12The private node in (1) uploads the private data MpWrite in to limit account book D4Performing the following steps; c3Upper U12~U16The common node in (2) uploads the uploaded public data MjWrite to public ledger D5In, U12~U16To private data MpWrite to side account book D6Performing the following steps;
c) each node U1~U16Updating corresponding account book information;
d) and data privacy protection on a single chain is realized.
EXAMPLE III
Traceability platform module display
And displaying the working process of the source tracing platform module through actual measurement. As shown in fig. 6, which is a typical information uplink, query, and trace module representative in the tracing platform module, experimental results show that the proposed tracing scheme can be implemented correctly, and interacts correctly with the backend block chain network, so that the platform operates well as a whole.
Privacy protection test result display
The privacy protection effect of the invention is tested through experimental simulation, privacy protection of a multi-chain segmentation mode and a side account book data protection mode aiming at a single chain are respectively tested, the test effect shows that chain data privacy protection aiming at a multi-chain structure and a single-chain structure can be realized, and the test result of multi-chain segmentation is as shown in the following figure 7:
in the embodiment of the present invention, fig. 7(a) and fig. 7(b) are graphs of operation results of two nodes on different chains, respectively, and as can be seen from query results, the node shown in fig. 7(a) can correctly query data on the current chain by using the same query instruction, and C shown in fig. 7(b)2Nodes in the chain cannot query out C1And corresponding data on the chain achieves the function of protecting the data by multi-chain division from the result.
The test results of single-chain edge ledger data protection are shown in fig. 8 below:
as can be seen from the three diagrams (a), (b) and (c) of fig. 8, in the single chain structure, the data written in the edge book can only be read by the allowed nodes, and in this experiment, U is used1As private nodes, U2And U3As a normal node. As can be seen from the query result in FIG. 8(a), U is1The node can inquire the private data, and as can be seen from fig. 8(b) and (c), the node U2And U3Private data is not queried. Meanwhile, as can be seen from the query results in fig. 8(a), (b), and (c), node U1、U2And U3Public data can be queried. In effect, the invention well realizes the sheetPrivacy protection target for private data on a chain.
From the two test results, the invention can effectively realize the preset effect and has good application value.
As shown in fig. 9 and 10, an embodiment of the present invention provides an application scenario model and a user interface effect presentation of an industrial data privacy protection system based on a federation chain.
In summary, the present invention provides an industrial data privacy protection system based on a federation chain, which manages industrial process production data uplink by means of a federation chain technology, expands an operation unit of data, and implements a tracing function of industrial data according to a non-falsification characteristic of a block chain; based on the actual production environment, a three-chain architecture is originally designed, the three-chain architecture perfectly corresponds to the upstream, midstream and downstream links of the industrial production process, the multi-chain architecture not only simplifies the management, but also realizes the privacy protection of data among different chains; meanwhile, on the basis of a multi-chain architecture, a side account book technology is introduced for a single-chain structure, a public account book and a side account book are divided on a single chain, the access control authority of data is improved, and the privacy protection effect of the data is further enhanced. The whole production process operation is carried out on the basis of the alliance chain platform, and data information is recorded in the block, so that the safety and the reliability of transaction data are guaranteed.
Those of ordinary skill in the art will understand that: the figures are schematic representations of one embodiment, and the blocks or processes shown in the figures are not necessarily required to practice the present invention.
From the above description of the embodiments, it is clear to those skilled in the art that the present invention can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for apparatus or system embodiments, since they are substantially similar to method embodiments, they are described in relative terms, as long as they are described in partial descriptions of method embodiments. The above-described embodiments of the apparatus and system are merely illustrative, and the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (3)

1. A federation chain-based industrial data privacy protection system comprising a user-oriented front-end page and a back-end blockchain architecture, wherein the back-end comprises: the source tracing platform module and the privacy protection module;
the source tracing platform module is used for tracing and managing a data source, and splitting and establishing a plurality of alliance chains according to an industrial production process, wherein each alliance chain plays its own role;
the privacy protection module is connected with the source tracing platform module and is used for privacy protection of the data on the chain;
material supplier chain C1Plant chain C2And customer sales chain C3
The privacy preserving module comprises: c1Public account book D of1、C1Side account book D2、C2Public account book D of3、C2Upper side account book D4、C3Public account book D of5And C3Side account book D6
Wherein, the public account book is used for storing the public data M which can be accessed by all the nodes on the chainjThe side account book is used for storing the isolated private data M on the chainp,C1,C2,C3Public account book D on three chains1,D3,D5Data are not communicated with each other;
the material supplier chain C1The method comprises the following steps:
C1and (3) an upper node: u shape1,U2,U3,……Ua-1,UaA is the number of nodes;
C1intelligent contract F on1:F1={f1,f2},f1For supplier information registration function, f2Function, f, for supplier information query1And f2Belonging to an intelligent contract F1A set of functions;
the plant chain C2The method comprises the following steps:
C2and (4) an upper node: u shapea,Ua+1,……Uk-1,UkK is the number of nodes;
C2intelligent contract F on2:F2={f3,f4,f5,f6,f7,f8,f9},f3Registering a function for material information, f4Registering and updating functions for production facility information, f5Registering and updating functions for product information, f6As a function of the sale of the product, f7As a function of the material information query, f8As a product information query function, f9For production facility information, function f3~f9Belonging to an intelligent contract F2A set of functions;
the customer sales chain C3The method comprises the following steps:
C3and (3) an upper node: u shapek,Uk+1,Uk+2,……Um-1,UmM is the number of nodes;
C3intelligent contract F on3:F3={f10,f11}:f10Registering a function for sales client information, f11For querying the function, function f, for customer information10And f11Belonging to an intelligent contract F3A set of functions;
function f1~f11With an input parameter of x1,x2,…,xnN is the number of parameters; g (x) is a serialization function responsible for mapping input parameters into account book, fi=g(x1,x2,…,xn),i∈[1,11];
Intelligent contract F1Binary file Y formed after compiling1Is installed at U1~UaA node;
intelligent contract F2Binary file Y formed after compiling2Is installed at Ua~UkA node;
intelligent contract F3Binary file Y formed after compiling3Is installed at Uk~UmA node;
wherein, U1~Ua-1Is C1The unique nodes are regarded as various suppliers; u shapea+1~Uk-1Is C2The unique nodes are regarded as each department in the factory; u shapek+1~UmIs chain C3The upper unique node is regarded as each client; u shapeaViewed as the input department of the plant, as C1And C2Is a connection point of, i.e. UaWith addition of C1And C2Two strands, can read C1And C2Public account book, U, on both chainskAs C2And C3Is considered as a regional general agent, UkWith addition of C2And C3Two strands, can read C2And C3On both chainsThe three chains form an interaction.
2. The system of claim 1, wherein the material supplier chain C1Plant chain C2And customer sales chain C3Including:
(a) first, C1Upper node U1~Ua-1Executing intelligent contracts F1Supplier information registration function f in (1)1Information registration is carried out, supplier information is written into a public account book, and a node UaExecuting supplier information inquiry function f2Read C1Go up account book well node U1~Ua-1The data written;
(b) node UaExecuting intelligent contracts F2Material information registration function f3Placing it at C1Data write C read from2Account book of2Node U ofa+1~Uk-1Executable production equipment information registration and update function f4To register and update production equipment, product information registration and update function f5To register product information, node UkExecutable product information query function f8Reading C2Product information in the account book is uploaded;
(c)C3client node U ofk+1~UmExecuting intelligent contracts F3Sales client information registration function f in (1)10Registering client information, node UkExecutable intelligent contract F2Product sales function f in (1)6Registering product sale information;
(d) node U1~UaExecutable supplier query function f2Query C1The above ledger book data; node Ua~UkExecutable material information query function f7Product information query function f8And a production facility information query function f9Query C2The above ledger book data; node Uk~UmExecutable customer information query function f11Querying customer sales chain C3And the account book data completes the tracing of the data.
3. The system of claim 2, wherein the privacy preserving module operating mode comprises:
C1node U of1~UaThe common node in (2) uploads the uploaded public data MjWrite to public ledger D1In, U1~UaThe private node in (1) uploads the private data MpWrite in to limit account book D2Performing the following steps; c2Node U ofa~UkThe common node in (2) uploads the uploaded public data MjWrite into public account book D3In, Ua~UkThe private node in (1) uploads the private data MpWrite in to limit account book D4Performing the following steps; c3Node U ofk~UmThe common node in (2) uploads the uploaded public data MjWrite to public ledger D5In, Uk~UmThe private node in (1) uploads the private data MpWrite in to limit account book D6Performing the following steps;
each node U1~UmUpdating corresponding account book information;
C1side account book D2Private data in (1), C2Side account book D4Private data in (1), C3Upper side account book D6The private data in the private data list can only be read by the private nodes on the respective chains, and the common nodes on each chain can only read the public data in the public ledger on the respective chains, so that the data privacy protection on each chain is realized.
CN202110127155.1A 2021-01-29 2021-01-29 Industrial data privacy protection system based on alliance chain Active CN112910992B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110127155.1A CN112910992B (en) 2021-01-29 2021-01-29 Industrial data privacy protection system based on alliance chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110127155.1A CN112910992B (en) 2021-01-29 2021-01-29 Industrial data privacy protection system based on alliance chain

Publications (2)

Publication Number Publication Date
CN112910992A CN112910992A (en) 2021-06-04
CN112910992B true CN112910992B (en) 2022-06-03

Family

ID=76121125

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110127155.1A Active CN112910992B (en) 2021-01-29 2021-01-29 Industrial data privacy protection system based on alliance chain

Country Status (1)

Country Link
CN (1) CN112910992B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108764695A (en) * 2018-05-23 2018-11-06 江苏涞哲信息科技有限公司 A kind of food security traceability system and method based on block chain technology
CN109472569A (en) * 2018-10-25 2019-03-15 杭州云象网络技术有限公司 A kind of education services transaction implementation method based on alliance's chain
CN109493072A (en) * 2018-10-24 2019-03-19 杭州趣链科技有限公司 A method of the privacy contract protection based on alliance's block chain
CN109993546A (en) * 2019-02-18 2019-07-09 西安西电链融科技有限公司 A kind of drug traceability system and implementation method based on RFID and block chain

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110619576A (en) * 2018-06-19 2019-12-27 成都高新信息技术研究院 Decentralized supply chain B2B transaction method and system
CN111062731A (en) * 2019-12-20 2020-04-24 江苏荣泽信息科技股份有限公司 Block chain-based food safety tracing system and method
CN111768321B (en) * 2020-06-23 2022-07-22 江苏荣泽信息科技股份有限公司 Farmer market based on block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108764695A (en) * 2018-05-23 2018-11-06 江苏涞哲信息科技有限公司 A kind of food security traceability system and method based on block chain technology
CN109493072A (en) * 2018-10-24 2019-03-19 杭州趣链科技有限公司 A method of the privacy contract protection based on alliance's block chain
CN109472569A (en) * 2018-10-25 2019-03-15 杭州云象网络技术有限公司 A kind of education services transaction implementation method based on alliance's chain
CN109993546A (en) * 2019-02-18 2019-07-09 西安西电链融科技有限公司 A kind of drug traceability system and implementation method based on RFID and block chain

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Blockchain Based Dynamic Spectrum Access of Non-Real-Time Data in Cyber-Physical-Social Systems";Xin Fan;《IEEE Access》;20200403;全文 *
李保东."基于区块链的汽车供应链产品追溯系统".《 计算机工程与应用》.2020,全文. *

Also Published As

Publication number Publication date
CN112910992A (en) 2021-06-04

Similar Documents

Publication Publication Date Title
Ismail et al. A review of blockchain architecture and consensus protocols: Use cases, challenges, and solutions
Leible et al. A review on blockchain technology and blockchain projects fostering open science
Hasselgren et al. Blockchain in healthcare and health sciences—A scoping review
CN109218079B (en) Block chain network, deployment method and storage medium
Lu et al. Blockchain technology for governmental supervision of construction work: Learning from digital currency electronic payment systems
Capece et al. Blockchain technology: Redefining trust for digital certificates
Rodrigues et al. The use of blockchains: Application-driven analysis of applicability
US20200226618A1 (en) Platform, method and device for tracing an object
US20190301883A1 (en) Blockchain-based crowdsourcing of map applications
CN107316186A (en) The computer system method for supporting and support system of innovation undertaking employment
WO2022008996A1 (en) Privacy preserving architecture for permissioned blockchains
Zhang et al. Interoperable multi-blockchain platform based on integrated REST APIs for reliable tourism management
CN111858835B (en) Enterprise relation display method and related equipment
Zhou et al. A systematic review of consensus mechanisms in blockchain
Romano et al. Beyond bitcoin: recent trends and perspectives in distributed ledger technology
Chen et al. Blockchain-based anti-counterfeiting management system for traceable luxury products
CN112910992B (en) Industrial data privacy protection system based on alliance chain
CN110727735B (en) Method, device and equipment for cooperatively completing task event based on block chain technology
Shao et al. Mapping collaboration in open source geospatial ecosystem
IOVAN et al. IMPACT OF CLOUD COMPUTING ON ELECTRONIC GOVERNMENT.
Corneli et al. Combining blockchain and BPMN coreographies for construction management
CN103455606A (en) Large database creating and data managing method
Bhole et al. Allocation and Tracking of Public Funds using Blockchain
Alja'afreh et al. A review on industrial blockchain
Luhanga WHY BUSINESS SCHOOLS IN TANZANIA SHOULD TEACH BLOCK CHAIN TECHNOLOGY

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant