CN113849796B - Intelligent communication water affair Internet of things remote monitoring control method, system and block chain system - Google Patents

Intelligent communication water affair Internet of things remote monitoring control method, system and block chain system Download PDF

Info

Publication number
CN113849796B
CN113849796B CN202111437167.0A CN202111437167A CN113849796B CN 113849796 B CN113849796 B CN 113849796B CN 202111437167 A CN202111437167 A CN 202111437167A CN 113849796 B CN113849796 B CN 113849796B
Authority
CN
China
Prior art keywords
equipment
information
user
verification
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111437167.0A
Other languages
Chinese (zh)
Other versions
CN113849796A (en
Inventor
石宁
李天莹
姜冲
朱晓罡
于中磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Trusted Blockchain And Algorithm Economics Research Institute Co ltd
Original Assignee
Nanjing Trusted Blockchain And Algorithm Economics Research Institute Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Trusted Blockchain And Algorithm Economics Research Institute Co ltd filed Critical Nanjing Trusted Blockchain And Algorithm Economics Research Institute Co ltd
Priority to CN202111437167.0A priority Critical patent/CN113849796B/en
Publication of CN113849796A publication Critical patent/CN113849796A/en
Application granted granted Critical
Publication of CN113849796B publication Critical patent/CN113849796B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Automation & Control Theory (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a remote monitoring control method and system for an intelligent communication water affair Internet of things and a block chain system. And the time tracing problem in the tracing process is solved by using the timestamp. And the authority management problem of the water service equipment is solved by using an intelligent contract, and the privacy authority of the sensitive information is maintained. The property that a block chain bottom platform cannot be tampered is utilized to ensure that the water affair data operated by the whole system is real and credible, and the problems that in the prior art, unique identification is not carried out on a user side and water affair equipment, so that the water affair equipment is maliciously controlled and the water affair data is maliciously tampered can be greatly solved.

Description

Intelligent communication water affair Internet of things remote monitoring control method, system and block chain system
Technical Field
The invention relates to the technical field of water affair monitoring, in particular to a method and a system for remotely monitoring and controlling an intelligent water affair Internet of things and a block chain system.
Background
The existing water affair remote monitoring system is generally based on a centralized management system of cloud, each water supply unit transmits equipment operation information and water supply conditions in the area under jurisdiction to a water affair control center, the control center masters the water supply panorama through remote monitoring, and when abnormality is found, the control center sends an instruction through a point-to-point manual feedback mode.
Firstly, equipment in a controlled area only takes the factory equipment serial number as a unique identifier, so that the credibility is low, and the equipment information is easy to tamper; secondly, the transmission of the water affair data is carried out in the modes of internet, wifi or Bluetooth and the like, as a communication channel has security holes, once the transmitted data is maliciously intercepted and tampered midway, the control center cannot obtain real data, and as a third party is lacked for supervision, once the water affair data is maliciously tampered, the water affair data is difficult to recover; thirdly, the control center does not effectively check the user side, and once the user account information is lost, the equipment is easily and maliciously controlled, and the whole water service network is paralyzed in severe cases.
In order to solve the problems, in the prior art, a form of mnemonic word for verifying the user identity, adding a cooperation unit and the like is added to a water affair remote monitoring system. However, only the unencrypted private key of the mnemonic word is adopted, so that the security is not high, and once other people know the mnemonic word of the user, the user can take away the assets of the user instantly; the problem of mutual distrust still exists among all the units in cooperation, and under the actual application scene, the problem of multiparty cooperation for scheduling water resources still cannot be solved.
Disclosure of Invention
The application provides a method and a system for remotely monitoring and controlling an intelligent water affair Internet of things, and aims to solve the problems that in the prior art, a user side and water affair equipment are not uniquely identified, so that the water affair equipment is maliciously controlled and water affair data is maliciously tampered.
In a first aspect, the application provides an intelligent water affair internet of things remote monitoring control method, which is applied to a system consisting of a user side, a water affair internet of things equipment side and a water affair alliance chain bottom platform, wherein the water affair alliance chain bottom platform is configured with a trusted identity authentication module, a trusted equipment authentication module and an operation authority configuration module; the method comprises the following steps:
the user side sends an authentication request to the credible identity authentication module; the authentication request comprises user identity information and user face data;
the credible identity authentication module authenticates the authentication request, if the authentication is passed, a request for inputting mnemonic words is sent to the user side, and after the mnemonic words returned by the user side are received again, the user identity information, the user face data and the mnemonic words input by the user are generated into credible identity information uplink for storage;
the trusted equipment authentication module acquires equipment fingerprint information from the water affair Internet of things equipment terminal and links and stores the equipment fingerprint information; the device fingerprint information comprises PUF circuit information and device basic information;
the operation authority configuration module extracts the trusted identity information and the equipment fingerprint information stored in the block chain, generates an intelligent contract for controlling the access times, the access scenes and the operation authority of different users to different equipment, and simultaneously establishes an association table for identifying the corresponding relation between the trusted identity and the trusted equipment;
when the system receives a request for applying for accessing or controlling equipment sent by any user, triggering the intelligent contract, verifying the request, if the request passes the verification, allowing the user to access or control the equipment, and linking the process data in chains after the access or control is finished; the process data includes user information, device information, access information, operational information, and a timestamp.
In some embodiments, the water alliance chain underlying platform is further configured with a supervision module, the method further comprising:
the monitoring module acquires the running state of the equipment corresponding to the equipment end of the water affair Internet of things in real time and links and stores historical information in the running process of the equipment; the running state comprises starting, stopping or equipment loss; the historical information includes accessed information, device resource occupancy information, and historical data.
In some embodiments, the water alliance chain underlying platform is further configured with an automatic verification and processing module, the method further comprising:
when the running state of the equipment acquired by the supervision module is equipment loss connection, the supervision module calls the automatic verification and processing module to verify the equipment fingerprint information stored in the block chain corresponding to the equipment and to verify the historical information stored in the block chain corresponding to the equipment, and if the verification is passed, the normal running of the equipment is recovered.
In some embodiments, the water alliance chain underlying platform is further configured with a manual verification and processing module, and the method further comprises:
if the verification fails, acquiring a verification result of the manual verification and processing module on the equipment; if the verification result is passed, the verification result comprises personnel information and a signature of the verifier; and if the verification result is that the node passes the verification result, adding the node where the equipment is located into a node blacklist.
In some embodiments, the water service alliance chain underlying platform is further configured with an operation record backtracking module, and the method further comprises:
the monitoring module records the access times and the starting and stopping times of the corresponding equipment of the water affair Internet of things equipment end in a preset time, and if at least one of the access times and the starting and stopping times exceeds a preset threshold value, early warning information is generated;
the operation record backtracking module calls equipment fingerprint information and process data corresponding to the equipment and stored in the block chain according to the early warning information to generate a backtracking result;
and the operation record backtracking module links and stores the backtracking result, the backtracking personnel information and the backtracking times.
In some embodiments, the request sent by the user for access or control of the device includes an operation type, and the step of triggering the intelligent contract to verify the request includes:
selecting a verification mode corresponding to the operation type according to the operation type in the request; the checking mode comprises strong checking and weak checking;
if the verification mode is strong verification, acquiring real-time user face data, user input mnemonic words, and user face data and mnemonic words corresponding to the user identity information and stored in the block chain, and comparing the real-time user face data and the mnemonic words to obtain a comparison result;
and if the verification mode is weak verification, comparing the mnemonics input by the user with the mnemonics corresponding to the user identity information and stored in the block chain to obtain a comparison result.
In some embodiments, after the trusted identity authentication module authenticates the authentication request, the trusted identity authentication module sends the digital certificate to the user side, and simultaneously stores the issued record of the digital certificate in uplink.
In some embodiments, the method further comprises:
the supervision module acquires hardware fingerprint information of all equipment regularly;
comparing the hardware fingerprint information with corresponding hardware fingerprint information stored in the block chain, and if the comparison fails, generating warning information and isolation information;
and initiating a consensus operation of all nodes of the block chain according to the isolation information, and if the consensus is successful, executing forced isolation on the equipment.
In a second aspect, the application provides an intelligent water affair internet of things remote monitoring control system, which is composed of a user side, a water affair internet of things equipment side and a water affair alliance chain bottom platform, wherein the water affair alliance chain bottom platform is provided with a trusted identity authentication module, a trusted equipment authentication module and an operation authority configuration module;
the user side is configured to send an authentication request to a trusted identity authentication module; the authentication request comprises user identity information and user face data;
the credible identity authentication module is configured to authenticate the authentication request, if the authentication is passed, a request for inputting mnemonic words is sent to the user side, and after the mnemonic words returned by the user side are received again, the user identity information, the user face data and the mnemonic words input by the user are generated into credible identity information uplink for storage;
the trusted equipment authentication module is configured to acquire equipment fingerprint information from a water affair Internet of things equipment terminal and uplink-store the equipment fingerprint information; the device fingerprint information comprises PUF circuit information and device basic information;
the operation authority configuration module is configured to extract trusted identity information and equipment fingerprint information stored in the block chain, generate an intelligent contract for controlling access times, access scenes and operation authorities of different users to different equipment, and establish an association table for identifying a corresponding relation between the trusted identity and the trusted equipment;
when the system receives a request for applying for accessing or controlling equipment sent by any user, triggering the intelligent contract, verifying the request, if the request passes the verification, allowing the user to access or control the equipment, and linking the process data in chains after the access or control is finished; the process data includes user information, device information, access information, operational information, and a timestamp.
In a third aspect, the present application provides a blockchain system, which is a blockchain network composed of a user side, a water service internet of things device, a trusted identity authentication node, a trusted device authentication node, an operation authority configuration node, a supervision node, a manual verification and processing node, an operation record backtracking node, and an automatic verification and processing node, and the blockchain network is configured to execute the method according to the first aspect.
According to the technical scheme, the problem that water affair data do not circulate and are isolated from islands in the whole flow of water affair monitoring control is solved by the distributed nodes, and a technical foundation is built for tracing the water affair data. And the time tracing problem in the tracing process is solved by using the timestamp. And the authority management problem of the water service equipment is solved by using an intelligent contract, and the privacy authority of the sensitive information is maintained. The property that a block chain bottom platform cannot be tampered is utilized to ensure that the water affair data operated by the whole system is real and credible, and the problems that in the prior art, unique identification is not carried out on a user side and water affair equipment, so that the water affair equipment is maliciously controlled and the water affair data is maliciously tampered can be greatly solved.
Drawings
In order to more clearly explain the technical solution of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious to those skilled in the art that other drawings can be obtained according to the drawings without any creative effort.
Fig. 1 is an application scene diagram of a remote monitoring and controlling method for an intelligent water service internet of things provided by the present application;
fig. 2 is a flowchart of a remote monitoring and controlling method for an intelligent water service internet of things provided by the present application;
fig. 3 is a schematic diagram of the relationship between modules in the method provided by the present application.
Detailed Description
Referring to fig. 1, an application scenario diagram of the intelligent communication water affair internet of things remote monitoring control method provided by the present application is shown;
as can be seen from fig. 1, the method provided in the present application is applied to a system formed by a user side, a water affair internet-of-things device side, and a water affair alliance chain bottom platform, where the water affair alliance chain bottom platform is configured with a trusted identity authentication module, a trusted device authentication module, an operation authority configuration module, and various modules for implementing other functions, and it can also be understood that the water affair alliance chain bottom platform is formed by nodes (such as trusted identity authentication nodes) for implementing various functions; it should be noted that in the system of the present application, all data of each node needs to be cochain-stored after passing through a consensus mechanism, that is, the attributes of the alliance chain/block chain ensure that the whole process information of monitoring and controlling the water affairs internet of things such as identity information, file information, device information, operation records, trace back information and the like in the system is not falsifiable, safe and traceable.
In an actual application scenario, the trusted identity authentication node may be a government unified identity authentication agency; the trusted device authentication node may be a device management department of a water affair related unit; the operation authority configuration node can be a water affair control center at each level; the supervision node can be a water conservancy bureau, a residential building bureau and other management mechanisms; the manual verification and processing node may be a maintenance department; the operation record backtracking node can be an audit department; the automated verification and processing node may be an automatically controlled server.
Based on the application scenario, as shown in fig. 2 and fig. 3, the method of the present application includes:
s100: the user side sends an authentication request to the credible identity authentication module; the authentication request comprises user identity information and user face data;
in this embodiment, the user side is not limited to one, and it should be understood that any user can send an authentication request through a trusted identity authentication node in a federation chain, there may be multiple requests at the same time, and each authentication request may be processed in parallel according to the method in this application. The user identity information refers to data used for representing user identity, such as a user name, an identity card number, affiliated unit information, a job number and the like, besides basic information, in order to increase uniqueness, user face data needs to be added into an authentication request, and the face data is safer than character information.
S200: the credible identity authentication module authenticates the authentication request, if the authentication is passed, a request for inputting mnemonic words is sent to the user side, and after the mnemonic words returned by the user side are received again, the user identity information, the user face data and the mnemonic words input by the user are generated into credible identity information uplink for storage;
the mnemonic is another expression of the plaintext private key, and was originally proposed by the BIP39, which aims to help users memorize complex private keys (64-bit hash values). The action of the mnemonic words in the embodiment is similar to that of the prior art, and the identity of the mnemonic words can be verified by inputting the mnemonic words by a user in some scenes, so that certain operation authority is given.
Further, after the authentication is passed in step S200, the trusted identity authentication module may send the digital certificate to the user side, and at the same time, store the issued record of the digital certificate in the uplink. The user identified by the digital certificate has the qualification of applying for accessing the system or controlling the equipment request, correspondingly, when a certain user applies for accessing or controlling a certain equipment, whether the user has the digital certificate or not can be checked, the authenticity can be verified through the digital certificate stored on the blockchain, and other operations are allowed if the user is authentic.
Since the information stored in the uplink mode in the application comprises the basic information of the user, the mnemonic words and the face data of the user, different verification modes can be adopted for different operation requirements, for example: for key operation of shutdown of core equipment, the key operation can be performed only after the user face data verification is passed, and for high-frequency and conventional operations such as file circulation, face authentication can be not needed, and only the verification of mnemonics is needed.
S300: the trusted equipment authentication module acquires equipment fingerprint information from the water affair Internet of things equipment terminal and links and stores the equipment fingerprint information; the device fingerprint information comprises PUF circuit information and device basic information;
in the application, the device fingerprint technology is introduced, a physically unclonable PUF circuit is implanted into a water affair Internet of things device chip, device fingerprint information with a unique identifier is generated, and the device fingerprint information is written into a block chain. Besides the PUF circuit information, the uplink information also includes device name, device number, and other basic device information for identifying the device.
S400: the operation authority configuration module extracts the trusted identity information and the equipment fingerprint information stored in the block chain, generates an intelligent contract for controlling the access times, the access scenes and the operation authority of different users to different equipment, and simultaneously establishes an association table for identifying the corresponding relation between the trusted identity and the trusted equipment;
because different users have operation control authority for different devices, for example, user A has authority to control device A/B, user B has authority to control device B/C/D; the same user may have different permissions for different devices, for example, the user a may access the device a ten times, may not access the device C, may control the device B five times, and so on, and the association table established in step S400 displays the corresponding relationship between any one user and each device, so that, after the user a initiates a certain request, the operation permission configuration module may immediately obtain the following results according to the association table: what devices the user a can access, what devices the user a can control, the number of times that the user a can access/control a certain device, what scene the user a can access a certain device, what operations the user a can perform, and the like.
Because the association table is generated according to the trusted identity information and the equipment fingerprint information stored on the block chain, the association table also has the characteristics of non-falsification and common identification of each node, the information in the association table is the information corresponding to all uplink chains of each node of the system, and once the association table is established, the association table can be automatically called subsequently through an intelligent contract to complete the request of accessing or controlling equipment sent by any user.
S500: when the system receives a request for applying for accessing or controlling equipment sent by any user, triggering the intelligent contract, verifying the request, if the request passes the verification, allowing the user to access or control the equipment, and linking the process data in chains after the access or control is finished; the process data includes user information, device information, access information, operational information, and a timestamp.
Wherein the time stamp can prove that a certain data is completely present at a certain point in time. The working principle of the time stamp in the blockchain related to the cryptography is that the node firstly carries out hash encryption on the information in the block to generate an information summary, namely a hash value. And extracting the hash value and the time information of the data, and performing secondary encryption to generate a time stamp. And finally, returning to the system. This can improve the tamper resistance and the forgery prevention effect. In this embodiment, each access or control device has a unique time point, and for data generated by each operation, the corresponding timestamp is used for uplink storage, so that the data is unique and cannot be tampered, and subsequent data tracing is utilized.
Further, when the request is verified in step S500, since different verification methods can be correspondingly adopted according to different operation types, step S500 can be decomposed into the following steps, when the request for applying for accessing or controlling the device sent by the user includes an operation type:
firstly, selecting a verification mode corresponding to the operation type according to the operation type in the request; the checking mode comprises strong checking and weak checking; the operation types here refer to the aforementioned shutdown operations on the core equipment, and the execution of strong verification or weak verification on high-frequency and normal operations such as water quality and water pressure monitoring, respectively.
If the verification mode is strong verification, acquiring real-time user face data, user input mnemonic words, and user face data and mnemonic words corresponding to the user identity information and stored in the block chain, and comparing the real-time user face data and the mnemonic words to obtain a comparison result; in this case, when the key operation is involved, even if the mnemonic word of the user is lost or leaked, the operation cannot be executed by other people, and compared with a verification mode only depending on the mnemonic word, the method has one more layer of security guarantee.
And if the verification mode is weak verification, comparing the mnemonics input by the user with the mnemonics corresponding to the user identity information and stored in the block chain to obtain a comparison result. For scenes with low importance, the operation efficiency can be effectively improved by using the simplest and the most rapid verification mode.
Further, in some feasible embodiments, in order to monitor the entire block chain/alliance chain network, the water alliance chain underlying platform of the present application is further configured with an administration module, and in the course of executing the method of the present application, the administration module is configured to execute the following method:
the monitoring module acquires the running state of the equipment corresponding to the equipment end of the water affair Internet of things in real time and links and stores historical information in the running process of the equipment; the running state comprises starting, stopping or equipment loss; the historical information includes accessed information, device resource occupancy information, and historical data.
In the system operation process, the node where the device is located may have a situation that cannot be identified by the blockchain network, that is, the device loses connection, in order to solve the problem, the supervision module may monitor the device operation state at any time, and when losing connection, the following method may be executed according to an automatic verification and processing module configured on a water service alliance chain bottom platform:
when the running state of the equipment acquired by the supervision module is equipment disconnection, the monitoring of the equipment disconnection block chain network is shown, the monitoring of the block chain network can be recovered through reconnection, when reconnection is carried out, the supervision module calls the automatic verification and processing module to verify the equipment fingerprint information stored in the block chain corresponding to the equipment, verify the historical information stored in the block chain corresponding to the equipment, and if verification is passed, the equipment is allowed to be added again. And checking the historical information, wherein the checking of the historical information comprises checking of the resource occupation amount, the historical data and the like of the node equipment, and if all the data are qualified, the reconnection operation after the loss of the connection can be executed, and the state before the loss of the connection is recovered.
In this embodiment, since the PUF can only ensure that the chip is unique, but cannot fundamentally prevent the device from being replaced, when the device is disconnected or disconnected from the node, a multi-level verification mechanism is set, so as to verify not only the hardware fingerprint but also historical conditions such as device resource occupation (e.g., CPU, memory, disk, etc.), and avoid the above phenomena.
Further, if the check executed by the automatic check and processing module fails, the method for executing manual check by the configured manual check and processing module may further include:
acquiring the verification result of the manual verification and processing module on the equipment; if the verification result is passed, the verification result comprises personnel information and a signature of the verifier; and if the verification result is that the node passes the verification result, adding the node where the equipment is located into a node blacklist. Specifically, the manual verification of whether the device is maliciously replaced does not pass the immediate isolation. Or automatic verification fails due to other reasons (a hardware fingerprint reading module is in error, a part of a disk of the equipment is reasonably formatted, and the like), whether the node can be added again or not can be judged manually, and the identity information of verification personnel, the verification result and the processing result are packaged and linked.
Further, the water service alliance chain bottom platform is further configured with an operation record backtracking module, and the method further comprises:
the monitoring module has the functions of monitoring equipment access and operation abnormal conditions, can record the access times and the opening and closing times of equipment corresponding to a water affair Internet of things equipment end in a preset time period, and generates early warning information if at least one of the access times and the opening and closing times exceeds a preset threshold value; for example, the supervision module monitors that a certain device is continuously turned on and off for four times in one minute, and when the preset threshold value which cannot exceed twice in one minute is exceeded, the operation abnormity can be determined, and at the moment, early warning information can be generated to prompt an operator to immediately check the reason of the abnormity.
The operation record backtracking module calls equipment fingerprint information and process data corresponding to the equipment and stored in the block chain according to the early warning information to generate a backtracking result; since each item of data is uplink-linked before, the operation record related to the equipment in a certain time period can be traced back through the equipment fingerprint hash and the timestamp, the cause of the abnormality is analyzed, and the abnormality tracing and processing result is uplink-linked and stored. The data that needs to be stored in the uplink at this time is not limited to the trace back result, the trace back personnel information, the trace back times, and the like.
Further, the method further comprises:
the supervision module regularly acquires hardware fingerprint information of all equipment; if the node calls a corresponding intelligent contract in the block chain, acquiring hardware information of the equipment A and forming a hardware fingerprint;
comparing the hardware fingerprint information with corresponding hardware fingerprint information stored in the block chain, and if the comparison fails, generating warning information and isolation information;
and initiating a consensus operation of all nodes of the block chain according to the isolation information, and if the consensus is successful, executing forced isolation on the equipment.
The embodiment is equivalent to increasing the verification frequency of the hardware fingerprints of the equipment, the hardware fingerprints are verified in a reconnected scene after the nodes are disconnected, all the equipment fingerprints are checked regularly, forced isolation operation is adopted, access of illegal equipment is further prevented, and in this case, a manual verification module is not needed to be arranged in a bottom platform of a water service alliance chain, so that the labor cost is reduced.
It should be noted that the above embodiment and the embodiment with the manual verification module are both two feasible embodiments of the present application, and both of the two ways have respective advantages and disadvantages, and are respectively applied to scenes with different requirements, and the abnormal scenes considered by the foregoing scheme are more comprehensive but consume manpower; although the scheme of the embodiment releases manpower, the accuracy is high without manpower verification, misjudgment is possible, and the flexibility is slightly weak.
According to the technical scheme, the method provided by the application solves the authority management problem of the water service equipment by using the intelligent contract, and maintains the privacy authority of the sensitive information. The property that a block chain bottom platform cannot be tampered is utilized to ensure that water affair data running in the whole system is real and credible, and the problems that in the prior art, a user side and water affair equipment are not uniquely identified, so that the water affair equipment is maliciously controlled and the water affair data is maliciously tampered can be greatly solved.
According to the application, a water affair remote monitoring and control scene is focused, a water affair control center (province/city/district center) is often far away from a water supply unit (suburb), the information transmission safety problem is easy to occur in single-wire remote transmission, and the time lag is large. According to the scheme, the communication channel transmission safety can be ensured through the distributed architecture deployment, the attack resistance of the network is improved, even if a certain node is maliciously attacked, the data cannot be tampered, and the control center and the water supply unit are ensured to receive original data which are not tampered.
The traditional technical method mostly adopts a manual verification mode to verify the basic information provided by the user, and only one verification is passed, the subsequent block chain network only needs to verify whether the identity information and the mnemonic words stored on the chain of the user are matched, and the mode has the defect that once the identity information and the mnemonic words are leaked, illegal operation cannot be avoided. According to the scheme, two identity verification modes of strong verification and weak verification (strong verification: the face + the mnemonic words, and weak verification: the mnemonic words) are arranged, so that key operation is forced to pass through the face verification mode, and the identity information is ensured to be reliable in a near step. At the same time, each time the device accesses or controls recording of real-time uplink.
The method and the device can prevent the equipment from being replaced when the equipment is disconnected and reconnected, and adopt a two-stage verification mechanism of automatic verification and manual verification; monitoring the access times or the operated times of the equipment supports tracing according to the fingerprint hash of the equipment. By chaining the asset information of the water service equipment, strictly controlling access and operation authority, supporting tracing and multidimensional supervision, credibility, controllability and traceability of the water service assets are ensured, and national water service asset loss can be effectively avoided.
It should be noted that, the object of the device verification in the present scheme refers specifically to a device having data storage capability, such as a data acquisition instrument and other devices having an internal memory; for a sensor with an excessively simple structure, the sensor can be linked to a block chain network through a server, namely, generated data is stored by a corresponding server, and only equipment fingerprints need to be checked. If the device does not have a chip and does not have a storage space, the device is only used for detection and is not considered in the scheme.
Corresponding to the method, the application also provides an intelligent and trusted water affair Internet of things remote monitoring control system applying the method, the system is composed of a user side, a water affair Internet of things equipment side and a water affair alliance chain bottom platform, and the water affair alliance chain bottom platform is provided with a trusted identity authentication module, a trusted equipment authentication module and an operation authority configuration module;
the user side is configured to send an authentication request to a trusted identity authentication module; the authentication request comprises user identity information and user face data;
the credible identity authentication module is configured to authenticate the authentication request, if the authentication is passed, a request for inputting mnemonic words is sent to the user side, and after the mnemonic words returned by the user side are received again, the user identity information, the user face data and the mnemonic words input by the user are generated into credible identity information uplink for storage;
the trusted equipment authentication module is configured to acquire equipment fingerprint information from a water affair Internet of things equipment terminal and uplink-store the equipment fingerprint information; the device fingerprint information comprises PUF circuit information and device basic information;
the operation authority configuration module is configured to extract trusted identity information and equipment fingerprint information stored in the block chain, generate an intelligent contract for controlling access times, access scenes and operation authorities of different users to different equipment, and establish an association table for identifying a corresponding relation between the trusted identity and the trusted equipment;
when the system receives a request for applying for accessing or controlling equipment sent by any user, triggering the intelligent contract, verifying the request, if the request passes the verification, allowing the user to access or control the equipment, and linking the process data in chains after the access or control is finished; the process data includes user information, device information, access information, operational information, and a timestamp.
The operation and effect of the system in applying the method can be referred to the description of the embodiment of the method, and will not be described herein again.
The application also provides a blockchain system, which comprises a blockchain network consisting of a user side, water affair internet of things equipment, a trusted identity authentication node, a trusted equipment authentication node, an operation authority configuration node, a supervision node, an artificial checking and processing node, an operation record backtracking node and an automatic checking and processing node, wherein the blockchain network is configured to execute the method.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

Claims (9)

1. An intelligent communication water affair Internet of things remote monitoring control method is applied to a system formed by a user side, a water affair Internet of things equipment side and a water affair alliance chain bottom platform, wherein the water affair alliance chain bottom platform is provided with a trusted identity authentication module, a trusted equipment authentication module and an operation authority configuration module; characterized in that the method comprises:
the user side sends an authentication request to the credible identity authentication module; the authentication request comprises user identity information and user face data;
the credible identity authentication module authenticates the authentication request, if the authentication is passed, a request for inputting mnemonic words is sent to the user side, and after the mnemonic words returned by the user side are received again, the user identity information, the user face data and the mnemonic words input by the user are generated into credible identity information uplink for storage;
the trusted equipment authentication module acquires equipment fingerprint information from a water affair Internet of things equipment terminal and links and stores the equipment fingerprint information; the device fingerprint information comprises PUF circuit information and device basic information; the basic information of the equipment comprises an equipment name and an equipment number;
the operation authority configuration module extracts the trusted identity information and the equipment fingerprint information stored in the block chain, generates an intelligent contract for controlling the access times, the access scenes and the operation authority of different users to different equipment, and simultaneously establishes an association table for identifying the corresponding relation between the trusted identity and the trusted equipment;
when the system receives a request for applying for accessing or controlling equipment sent by any user, triggering the intelligent contract, verifying the request, if the request passes the verification, allowing the user to access or control the equipment, and linking the process data in chains after the access or control is finished; the process data comprises user information, equipment information, access information, operation information and a timestamp;
the step of triggering the intelligent contract and verifying the request comprises: selecting a verification mode corresponding to the operation type according to the operation type in the request; the checking mode comprises strong checking and weak checking;
if the verification mode is strong verification, acquiring real-time user face data, user input mnemonic words, and user face data and mnemonic words corresponding to the user identity information and stored in the block chain, and comparing the real-time user face data and the mnemonic words to obtain a comparison result;
and if the verification mode is weak verification, comparing the mnemonics input by the user with the mnemonics corresponding to the user identity information and stored in the block chain to obtain a comparison result.
2. The remote monitoring and controlling method for the internet of things for the intelligent water affairs according to claim 1, wherein the water affair alliance chain underlying platform is further configured with a supervision module, and the method further comprises:
the monitoring module acquires the running state of the equipment corresponding to the equipment end of the water affair Internet of things in real time and links and stores historical information in the running process of the equipment; the running state comprises starting, stopping or equipment loss; the historical information includes accessed information, device resource occupancy information, and historical data.
3. The remote monitoring and control method for the internet of things for the intelligent water affairs according to claim 2, wherein the water affair alliance chain bottom platform is further configured with an automatic verification and processing module, and the method further comprises:
when the running state of the equipment acquired by the supervision module is equipment loss connection, the supervision module calls the automatic verification and processing module to verify the equipment fingerprint information stored in the block chain corresponding to the equipment and to verify the historical information stored in the block chain corresponding to the equipment, and if the verification is passed, the normal running of the equipment is recovered.
4. The remote monitoring and control method for the internet of things for the intelligent water affairs according to claim 3, wherein the water affair alliance chain bottom platform is further configured with a manual verification and processing module, and the method further comprises:
if the verification fails, acquiring a verification result of the manual verification and processing module on the equipment; if the verification result is passed, the verification result comprises personnel information and a signature of the verifier; and if the verification result is that the node passes the verification result, adding the node where the equipment is located into a node blacklist.
5. The remote monitoring and control method for the internet of things for the intelligent water affairs according to claim 2, wherein the water affair alliance chain bottom platform is further configured with an operation record backtracking module, and the method further comprises:
the monitoring module records the access times and the opening and closing times of the corresponding equipment of the water affair Internet of things equipment end in a preset time, and if at least one of the access times and the opening and closing times exceeds a preset threshold value, early warning information is generated;
the operation record backtracking module calls equipment fingerprint information and process data corresponding to the equipment and stored in the block chain according to the early warning information to generate a backtracking result;
and the operation record backtracking module links and stores the backtracking result, the backtracking personnel information and the backtracking times.
6. The remote monitoring and control method for the internet of things for the intelligent and trusted water conservancy project according to claim 1, wherein after the authentication request is authenticated by the trusted identity authentication module, the trusted identity authentication module sends a digital certificate to the user side, and simultaneously stores an issue record of the digital certificate in an uplink manner.
7. The remote monitoring and control method for the internet of things for the intelligent water service according to claim 1, further comprising the following steps:
the supervision module regularly acquires hardware fingerprint information of all equipment;
comparing the hardware fingerprint information with corresponding hardware fingerprint information stored in the block chain, and if the comparison fails, generating warning information and isolation information;
and initiating a consensus operation of all nodes of the block chain according to the isolation information, and if the consensus is successful, executing forced isolation on the equipment.
8. The remote monitoring and control system for the intelligent water affair Internet of things is characterized by comprising a user side, a water affair Internet of things equipment side and a water affair alliance chain bottom platform, wherein the water affair alliance chain bottom platform is provided with a trusted identity authentication module, a trusted equipment authentication module and an operation authority configuration module;
the user side is configured to send an authentication request to a trusted identity authentication module; the authentication request comprises user identity information and user face data;
the credible identity authentication module is configured to authenticate the authentication request, if the authentication is passed, a request for inputting mnemonic words is sent to the user side, and after the mnemonic words returned by the user side are received again, the user identity information, the user face data and the mnemonic words input by the user are generated into credible identity information uplink for storage;
the trusted equipment authentication module is configured to acquire equipment fingerprint information from a water affair Internet of things equipment terminal and uplink-store the equipment fingerprint information; the device fingerprint information comprises PUF circuit information and device basic information; the basic information of the equipment comprises an equipment name and an equipment number;
the operation authority configuration module is configured to extract trusted identity information and equipment fingerprint information stored in the block chain, generate an intelligent contract for controlling access times, access scenes and operation authorities of different users to different equipment, and establish an association table for identifying a corresponding relation between the trusted identity and the trusted equipment;
when the system receives a request for applying for accessing or controlling equipment sent by any user, triggering the intelligent contract, verifying the request, wherein the verification mode comprises strong verification and weak verification, if the verification passes the permission of the user to access or control the equipment, and linking the process data after the access or control is finished; the process data comprises user information, equipment information, access information, operation information and a timestamp;
if the verification mode is strong verification, acquiring real-time user face data, and comparing mnemonics input by a user with user face data and mnemonics corresponding to user identity information and stored in a block chain to obtain a comparison result;
and if the verification mode is weak verification, comparing the mnemonics input by the user with the mnemonics corresponding to the user identity information and stored in the block chain to obtain a comparison result.
9. A blockchain system, comprising a blockchain network consisting of a user side, a water service internet of things device, a trusted identity authentication node, a trusted device authentication node, an operation authority configuration node, a supervision node, a manual verification and processing node, an operation record backtracking node, and an automatic verification and processing node, wherein the blockchain network is configured to perform the method of any one of claims 1 to 7.
CN202111437167.0A 2021-11-30 2021-11-30 Intelligent communication water affair Internet of things remote monitoring control method, system and block chain system Active CN113849796B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111437167.0A CN113849796B (en) 2021-11-30 2021-11-30 Intelligent communication water affair Internet of things remote monitoring control method, system and block chain system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111437167.0A CN113849796B (en) 2021-11-30 2021-11-30 Intelligent communication water affair Internet of things remote monitoring control method, system and block chain system

Publications (2)

Publication Number Publication Date
CN113849796A CN113849796A (en) 2021-12-28
CN113849796B true CN113849796B (en) 2022-05-06

Family

ID=78982296

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111437167.0A Active CN113849796B (en) 2021-11-30 2021-11-30 Intelligent communication water affair Internet of things remote monitoring control method, system and block chain system

Country Status (1)

Country Link
CN (1) CN113849796B (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106453415B (en) * 2016-12-01 2020-09-29 江苏通付盾科技有限公司 Block chain-based equipment authentication method, authentication server and user equipment
CN111723347B (en) * 2020-06-01 2023-06-06 清华大学 Identity authentication method, identity authentication device, electronic equipment and storage medium
CN112738253B (en) * 2020-12-30 2023-04-25 北京百度网讯科技有限公司 Block chain-based data processing method, device, equipment and storage medium
CN113099255B (en) * 2021-04-01 2023-05-30 北京沃东天骏信息技术有限公司 Data generation method and device
CN113645196A (en) * 2021-07-20 2021-11-12 南京理工大学 Internet of things equipment authentication method and system based on block chain and edge assistance
CN113506119A (en) * 2021-09-13 2021-10-15 深圳市创博未来科技有限公司 APP-based charging pile transaction management method and system

Also Published As

Publication number Publication date
CN113849796A (en) 2021-12-28

Similar Documents

Publication Publication Date Title
CN107508812B (en) Industrial control network data storage method, calling method and system
CN110795755B (en) Building project scene type evidence storing and non-tampering method and system based on block chain
KR102025837B1 (en) Access control system with blockchain network and smart contract
CN113259311B (en) Decentralized identity authentication system based on block chain
CN105099690A (en) OTP and user behavior-based certification and authorization method in mobile cloud computing environment
CN111753334B (en) Method and device for verifying consistency of data across alliance chains and electronic equipment
CN106302550A (en) A kind of information security method for intelligent substation automatization and system
CN112468504B (en) Industrial control network access control method based on block chain
CN112383535B (en) Method and device for detecting Hash transfer attack behavior and computer equipment
CN110502889B (en) Login method, login device, computer readable storage medium and computer equipment
CN110798483A (en) Identity authentication method based on block chain
WO2010149400A1 (en) System and method for reliably authenticating an appliance
CN114550353A (en) Intelligent lock control system of transformer substation
CN102067509A (en) Distributed data memory unit
CN112035896A (en) Electronic contract deposit certificate system based on transaction mode
CN107888548A (en) A kind of Information Authentication method and device
CN111327602B (en) Equipment access processing method, equipment and storage medium
CN113849796B (en) Intelligent communication water affair Internet of things remote monitoring control method, system and block chain system
CN113869901B (en) Key generation method, key generation device, computer-readable storage medium and computer equipment
CN113676446B (en) Communication network safety error-proof control method, system, electronic equipment and medium
CN114495352A (en) Electronic fund payment system and method based on payment terminal identity authentication control mechanism
Zhang et al. Design and implementation of IEC61850 communication security protection scheme for smart substation based on bilinear function
CN101425925B (en) Method, system and apparatus for providing authentication of data communication
CN113076531A (en) Identity authentication method and device, computer equipment and storage medium
CN117596595B (en) Working method for carrying out safe login based on photovoltaic power system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant