CN113872816A - Equipment management system for industrial internet - Google Patents

Equipment management system for industrial internet Download PDF

Info

Publication number
CN113872816A
CN113872816A CN202111164257.7A CN202111164257A CN113872816A CN 113872816 A CN113872816 A CN 113872816A CN 202111164257 A CN202111164257 A CN 202111164257A CN 113872816 A CN113872816 A CN 113872816A
Authority
CN
China
Prior art keywords
node
target
network
block chain
characteristic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111164257.7A
Other languages
Chinese (zh)
Other versions
CN113872816B (en
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Block Express Technology Co ltd
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202111164257.7A priority Critical patent/CN113872816B/en
Publication of CN113872816A publication Critical patent/CN113872816A/en
Application granted granted Critical
Publication of CN113872816B publication Critical patent/CN113872816B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to an equipment management system for industrial internet, which comprises: the system comprises a user terminal, equipment and an equipment verification platform, wherein the equipment verification platform is in communication connection with the user terminal and the equipment respectively; the device authentication platform includes: the system comprises a graph building module, a network dividing module, a feature extraction module and a database, wherein communication connection is formed among the modules. The feature extraction module generates a graph structure feature matrix of each directed acyclic graph sample based on the obtained graph structure features of each directed acyclic graph sample, and then generates a time sequence feature matrix based on all the graph structure feature matrices. The network dividing module divides the industrial block chain network into a plurality of block chain sub-networks according to the time sequence characteristic matrix, and identifies a target block chain sub-network corresponding to the target equipment based on the equipment type identifier. The target blockchain sub-network authenticates the target device based on the received device authentication request.

Description

Equipment management system for industrial internet
Technical Field
The invention relates to the field of a block chain and an industrial internet, in particular to a device management system for the industrial internet.
Background
The block chain is an accounting technology which is commonly maintained by multiple parties, adopts cryptography to ensure transmission and access safety, can realize data consistent storage, is difficult to tamper and prevents repudiation, and is also called a distributed accounting book technology. In a typical blockchain system, participants store information and agree on a common set of rules that are agreed upon in advance.
With the rise of various industrial internet applications, the demand for secure and trusted digital identities at the end of industrial internet devices is increasing. The number of the device terminals in the current industrial internet has the following problems: firstly, management of the mapping relationship between the digital identity of the device side and the identity of the owner or user thereof requires that the device side can verify the identity of the requester, so as to realize efficient, reliable and safe exchange of device state information between people and devices and between devices. Secondly, in the whole life cycle management process of the equipment, credible and tamper-resistant tracing inquiry needs to be carried out on the affiliation and the like of the equipment, so that the basis can be obtained when the responsibility is confirmed due to the use of the equipment.
Therefore, a distributed identity management solution with scalability is urgently needed for the industrial internet.
Disclosure of Invention
In view of this, the present invention provides an apparatus management system for industrial internet, comprising: the system comprises a user terminal, equipment and an equipment verification platform, wherein the equipment verification platform is in communication connection with the user terminal and the equipment respectively; the device authentication platform includes: the system comprises a graph building module, a network dividing module, a feature extraction module and a database, wherein communication connection is formed among the modules.
The graph building module traverses all network nodes in the industrial block chain network, takes the traversed network nodes as central nodes, and then takes other network nodes except the central nodes in the industrial block chain network as radiation nodes of the central nodes.
The graph building module obtains a communication area of the central node and a communication area of each radiation node of the central node, and generates a directed connection network of the central node according to the communication areas of the central node and the communication areas of each radiation node of the central node.
And repeating the steps until all network nodes in the completion industry block chain network are traversed so as to generate the directed connection network of all network nodes in the industry block chain network.
The graph building module generates a directed acyclic graph of the industrial blockchain network based on the directed connection networks of all network nodes in the industrial blockchain network.
The graph construction module obtains a directed acyclic graph of the industrial block chain network at each moment, performs graph sampling on all directed acyclic graphs of the industrial block chain network based on a preset time step to obtain a plurality of directed acyclic graph samples, and then arranges all directed acyclic graph samples according to a time sequence to generate a sequence chart sequence of the industrial block chain network.
The characteristic extraction module obtains the graph structure characteristic of each directed acyclic graph sample in the sequence diagram sequence of the industrial block chain network, generates a graph structure characteristic matrix of each directed acyclic graph sample based on the graph structure characteristic of each directed acyclic graph sample, and then generates a time sequence characteristic matrix of the industrial block chain network according to the graph structure characteristic matrices of all directed acyclic graph samples.
The network dividing module divides the industrial block chain network into a plurality of block chain sub-networks based on the time sequence characteristic matrix, marks each block chain sub-network to obtain a network identifier of each block chain sub-network, and then maps the network identifiers of the block chain sub-networks and node identifiers of all network nodes in the block chain sub-networks to generate block chain distribution information.
The user terminal obtains the device type identification of the target device based on the device basic information of the target device, identifies the block chain sub-network corresponding to the target device in the industrial block chain network based on the device type identification and the block chain distribution information, and then takes the block chain sub-network as the target block chain sub-network.
And the user terminal generates a device verification request of the target device according to the device state information and the device basic information of the target device and sends the device verification request to the target block chain sub-network.
And the target block chain sub-network carries out identity verification on the target equipment according to the equipment verification request.
Further, the intelligent device with communication function and data transmission function used by the user terminal for the device management personnel comprises: smart phones, tablet computers, notebook computers, and desktop computers. The target device is a device which is performing identity authentication, and the device is a device with communication capability, network connection capability or production capability in the industrial internet. The time sequence characteristic matrix consists of graph structure characteristic matrixes of all directed acyclic graph samples in a time sequence graph sequence; the graph structure feature matrix of the directed acyclic graph sample is composed of path feature vectors of all feature paths of the directed acyclic graph sample.
Further, the target block chain sub-network authenticating the target device according to the device authentication request includes:
receiving the device authentication request by a first network node in a target blockchain subnet; the first network node is a network node for synchronizing all block header data in the industrial block link network;
a second network node in the target block chain sub-network generates a block head based on the device basic information of the target device and generates a block body based on the device state information of the target device;
a second network node in the target block chain sub-network generates a new block based on the block head and the block body, takes the new block as a target block, and then issues the target block to the target block chain sub-network; the second network node is other network nodes except the first network node and the third network node in the industrial block chain network;
verifying the target block by a third network node in the target block chain sub-network; the third network node is a network node for synchronizing all block head data and block body data in the industrial block chain network;
adding the target block into the target block chain sub-network when the target block passes the verification; the target block is discarded when the target block fails verification.
Further, the generating, by the graph building module, the directional connection network of the central node according to the communication area of the central node and the communication area of the radiation node of the central node includes:
the graph building module traverses all the radiation nodes of the central node, takes the traversing radiation nodes as the central radiation nodes, and then respectively acquires the communication area of the central node and the communication area of the central radiation nodes;
the method comprises the steps that a graph building module obtains an overlapping region of a communication region of a central node and a communication region of a central radiation node, the ratio of the region area of the overlapping region to the region area of the communication region of the central node is used as a first connection value, and then the ratio of the region area of the overlapping region to the region area of the communication region of the central radiation node is used as a second connection value;
generating a directed connection from the central node to the central radiating node when the first connection value is greater than a first connection threshold and the second connection value is greater than a second connection threshold;
the graph building module obtains a node characteristic vector of a central node and a node characteristic vector of a central radiation node, calculates the Euclidean distance between the node characteristic vector of the central node and the node characteristic vector of the central radiation node to obtain the node similarity of the central node and the central radiation node, and then determines the weight of directed connection between the central node and the central radiation node based on a first connection value, a second connection value and the node similarity;
and repeating the steps until all the radiation nodes of the central node are traversed to generate a plurality of directed connections of the central node and the weight of each directed connection of the central node, and generating a directed connection network of the central node according to the directed connections of the central node and the weight of each directed connection of the central node.
Further, the step of obtaining the graph structure feature matrix of the directed acyclic graph sample by the feature extraction module includes:
the characteristic extraction module randomly selects one network node from all network nodes in the directed acyclic graph sample as a target node, and generates a characteristic path with the target node as an initial node according to the target node and a radiation node which is in directed connection with the target node;
the feature extraction module counts the number of feature paths and compares the number of feature paths with a first stop threshold; when the number of the characteristic paths is smaller than the first stop threshold value, repeating the steps until the number of the characteristic paths is larger than or equal to the first stop threshold value to generate a plurality of characteristic paths of the directed acyclic graph sample.
Further, the step of obtaining the graph structure feature matrix of the directed acyclic graph sample by the feature extraction module includes:
the characteristic extraction module traverses all characteristic paths of the directed acyclic graph sample, takes the traversed characteristic paths as target characteristic paths, and then acquires all associated node pairs in the target characteristic paths;
the feature extraction module extracts node distribution features of all associated node pairs of the target feature path, and maps the node distribution features of all associated node pairs to a low-dimensional vector space to obtain a node distribution feature vector of each associated node pair;
the characteristic extraction module performs characteristic fusion on node distribution characteristic vectors of all associated node pairs of the target characteristic path to obtain a path characteristic vector of the target characteristic path;
and repeating the steps until all the characteristic paths of the directed acyclic graph sample are traversed to obtain the path characteristic vector of each characteristic path of the directed acyclic graph sample, and generating a graph structure characteristic matrix of the directed acyclic graph sample according to the path characteristic vectors of all the characteristic paths of the directed acyclic graph sample.
Further, the obtaining, by the feature extraction module, all the associated node pairs in the target feature path includes:
the characteristic extraction module randomly selects a network node in the target characteristic path as a target node, then sets a sliding window, obtains a context node of the target node based on the sliding window, and then maps the target node and the context node of the target node to generate a related node pair of the target node;
and repeating the steps to obtain the associated node pair of each network node in the target characteristic path.
Further, the feature extraction module generates a feature path using the target node as an initial node according to the target node and the radiation node having a directional connection with the target node, and includes:
the characteristic extraction module takes the target node as a target first-level node, and takes a radiation node which is in directional connection with the target first-level node as a candidate node of the target first-level node based on a directional connection network of the target first-level node;
the feature extraction module obtains a weight of directed connection between a target first-stage node and each candidate node of the target first-stage node, takes the candidate node with the largest weight in all the candidate nodes of the target first-stage node as a target second-stage node, and then connects the target first-stage node with the target second-stage node;
the characteristic extraction module takes the radiation nodes which are in directed connection with the target second-level node as candidate nodes of the target second-level node based on a directed connection network of the target second-level node, and counts the number of the candidate nodes of the target second-level node;
the feature extraction module takes the ratio of the number of candidate nodes of the target second-stage node to the total number of network nodes in the directed acyclic pattern as the node complexity of the target second node, and then compares the node complexity of the target second node with a second stop threshold;
when the node complexity of the target second node is greater than the stop threshold, the feature extraction module obtains the target second-level node and the weight of each candidate node of the target second-level node, and takes the candidate node with the largest weight in all the candidate nodes of the target second-level node as a target third-level node;
and repeating the steps until the complexity of the node is less than or equal to a second stop threshold value so as to obtain the characteristic path taking the target node as the initial node.
The invention has the following beneficial effects: according to the method and the device, the user terminal generates the device verification request by using the device basic information and the device state information of the target device and sends the device verification request to the target block chain sub-network, so that whether the identity of the target device meets the preset identity terms or not is verified in real time, and the potential risks of forging the identity authentication result to bypass an identity authentication mechanism and the like caused by unsafe network communication are prevented.
Drawings
Fig. 1 is a block diagram illustrating an exemplary embodiment of a device management system for an industrial internet.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1, in one embodiment, a device management system for an industrial internet may include: the system comprises a user terminal, equipment and an equipment verification platform, wherein the equipment verification platform is in communication connection with the user terminal and the equipment respectively; the device authentication platform includes: the system comprises a graph building module, a network dividing module, a feature extraction module and a database, wherein communication connection is formed among the modules;
the graph building module traverses all network nodes in the industrial block chain network, takes the network nodes which are traversed as central nodes, and then takes other network nodes except the central nodes in the industrial block chain network as radiation nodes of the central nodes;
the graph building module acquires a communication area of the central node and a communication area of each radiation node of the central node, and generates a directed connection network of the central node according to the communication areas of the central node and the communication areas of each radiation node of the central node;
repeating the steps until all network nodes in the finished industrial block chain network are traversed so as to generate a directed connection network of all network nodes in the industrial block chain network;
the graph construction module generates a directed acyclic graph of the industrial blockchain network based on directed connection networks of all network nodes in the industrial blockchain network;
the method comprises the steps that a graph construction module obtains directed acyclic graphs of an industrial block chain network at each moment, all directed acyclic graphs of the industrial block chain network are subjected to graph sampling based on a preset time step to obtain a plurality of directed acyclic graph samples, and then all the directed acyclic graph samples are arranged according to a time sequence to generate a sequence diagram sequence of the industrial block chain network;
the method comprises the steps that a characteristic extraction module obtains graph structure characteristics of each directed acyclic graph sample in a sequence diagram sequence of the industrial block chain network, generates a graph structure characteristic matrix of each directed acyclic graph sample based on the graph structure characteristics of each directed acyclic graph sample, and then generates a time sequence characteristic matrix of the industrial block chain network according to the graph structure characteristic matrices of all directed acyclic graph samples;
the network dividing module divides the industrial block chain network into a plurality of block chain sub-networks based on the time sequence characteristic matrix, marks each block chain sub-network to obtain a network identifier of each block chain sub-network, and then maps the network identifiers of the block chain sub-networks and node identifiers of all network nodes in the block chain sub-networks to generate block chain distribution information;
the method comprises the steps that a user terminal obtains an equipment type identifier of target equipment based on equipment basic information of the target equipment, identifies a block chain sub-network corresponding to the target equipment in an industrial block chain network based on the equipment type identifier and block chain distribution information, and then takes the block chain sub-network as a target block chain sub-network;
the user terminal generates a device verification request of the target device through the device state information and the device basic information of the target device, and sends the device verification request to the target block chain sub-network;
and the target block chain sub-network carries out identity verification on the target equipment according to the equipment verification request.
The working principle of the present invention is explained below. In one embodiment, a method performed by a device management system for industrial internetworking includes:
s1, the graph construction module generates a directed acyclic graph of the industrial block chain network at each moment based on the interaction relation of the network nodes of the industrial block chain network at each moment, performs graph sampling on all directed acyclic graphs of the industrial block chain network based on a preset time step to obtain a plurality of directed acyclic graph samples, and then arranges all the directed acyclic graph samples according to a time sequence to generate a sequence chart of the industrial block chain network.
In one embodiment, the graph building module generates a directed acyclic graph of the industrial blockchain network based on the interrelationships of the network nodes of the industrial blockchain network comprises:
the graph building module traverses all network nodes in the industrial block chain network, takes the network nodes which are traversed as central nodes, and then takes other network nodes except the central nodes in the industrial block chain network as radiation nodes of the central nodes;
the graph building module acquires a communication area of the central node and a communication area of each radiation node of the central node, and generates a directed connection network of the central node according to the communication areas of the central node and the communication areas of each radiation node of the central node;
repeating the steps until all network nodes in the finished industrial block chain network are traversed so as to generate a directed connection network of all network nodes in the industrial block chain network; a directed acyclic graph of the industrial blockchain network is generated based on the directed connection networks of all network nodes in the industrial blockchain network.
Further, the generating, by the graph building module, the directional connection network of the central node according to the communication area of the central node and the communication area of the radiation node of the central node includes:
the graph building module traverses all the radiation nodes of the central node, takes the traversing radiation nodes as the central radiation nodes, and then respectively acquires the communication area of the central node and the communication area of the central radiation nodes;
the method comprises the steps that a graph building module obtains an overlapping region of a communication region of a central node and a communication region of a central radiation node, the ratio of the region area of the overlapping region to the region area of the communication region of the central node is used as a first connection value, and then the ratio of the region area of the overlapping region to the region area of the communication region of the central radiation node is used as a second connection value;
generating a directed connection from the central node to the central radiating node when the first connection value is greater than a first connection threshold and the second connection value is greater than a second connection threshold;
the graph building module obtains a node characteristic vector of a central node and a node characteristic vector of a central radiation node, calculates the Euclidean distance between the node characteristic vector of the central node and the node characteristic vector of the central radiation node to obtain the node similarity of the central node and the central radiation node, and then determines the weight of directed connection between the central node and the central radiation node based on a first connection value, a second connection value and the node similarity;
and repeating the steps until all the radiation nodes of the central node are traversed to generate a plurality of directed connections of the central node and the weight of each directed connection of the central node, and generating a directed connection network of the central node according to the directed connections of the central node and the weight of each directed connection of the central node.
The first connection threshold and the second connection threshold are critical values for judging whether the central node and the radiation node are set in advance according to actual conditions.
S2, the characteristic extraction module obtains the graph structure characteristic of each directed acyclic graph sample in the sequence diagram sequence of the industrial block chain network, generates a graph structure characteristic matrix of each directed acyclic graph sample based on the graph structure characteristic of each directed acyclic graph sample, and then generates the time sequence characteristic matrix of the industrial block chain network according to the graph structure characteristic matrices of all directed acyclic graph samples.
The time sequence characteristic matrix consists of graph structure characteristic matrixes of all directed acyclic graph samples in the time sequence graph sequence; the graph structure feature matrix of the directed acyclic graph sample is composed of path feature vectors of all feature paths of the directed acyclic graph sample.
Specifically, the step of obtaining the graph structure feature matrix of the directed acyclic graph sample by the feature extraction module includes:
the characteristic extraction module randomly selects one network node from all network nodes in the directed acyclic graph sample as a target node, and generates a characteristic path with the target node as an initial node according to the target node and a radiation node which is in directed connection with the target node;
the feature extraction module counts the number of feature paths and compares the number of feature paths with a first stop threshold; when the number of the characteristic paths is smaller than the first stop threshold value, repeating the steps until the number of the characteristic paths is larger than or equal to the first stop threshold value to generate a plurality of characteristic paths of the directed acyclic graph sample.
In one embodiment, the obtaining of the graph structure feature matrix of the directed acyclic graph sample by the feature extraction module includes:
the characteristic extraction module traverses all characteristic paths of the directed acyclic graph sample, takes the traversed characteristic paths as target characteristic paths, and then acquires all associated node pairs in the target characteristic paths;
the feature extraction module extracts node distribution features of all associated node pairs of the target feature path, and maps the node distribution features of all associated node pairs to a low-dimensional vector space to obtain a node distribution feature vector of each associated node pair;
carrying out feature fusion on the node distribution feature vectors of all the associated node pairs of the target feature path to obtain a path feature vector of the target feature path;
and repeating the steps until all the characteristic paths of the directed acyclic graph sample are traversed to obtain the path characteristic vector of each characteristic path of the directed acyclic graph sample, and generating a graph structure characteristic matrix of the directed acyclic graph sample according to the path characteristic vectors of all the characteristic paths of the directed acyclic graph sample.
In one embodiment, the obtaining of all associated node pairs in the target feature path by the feature extraction module comprises:
the characteristic extraction module randomly selects a network node in the target characteristic path as a target node, then sets a sliding window, obtains a context node of the target node based on the sliding window, and then maps the target node and the context node of the target node to generate a related node pair of the target node;
and repeating the steps to obtain the associated node pair of each network node in the target characteristic path.
In one embodiment, the generating, by the feature extraction module, a feature path with the target node as an initial node according to the target node and the radiation node having a directional connection with the target node includes:
the characteristic extraction module takes the target node as a target first-level node, and takes a radiation node which is in directional connection with the target first-level node as a candidate node of the target first-level node based on a directional connection network of the target first-level node;
the feature extraction module obtains a weight of directed connection between a target first-stage node and each candidate node of the target first-stage node, takes the candidate node with the largest weight in all the candidate nodes of the target first-stage node as a target second-stage node, and then connects the target first-stage node with the target second-stage node;
the characteristic extraction module takes the radiation nodes which are in directed connection with the target second-level node as candidate nodes of the target second-level node based on a directed connection network of the target second-level node, and counts the number of the candidate nodes of the target second-level node;
the feature extraction module takes the ratio of the number of candidate nodes of the target second-stage node to the total number of network nodes in the directed acyclic pattern as the node complexity of the target second node, and then compares the node complexity of the target second node with a second stop threshold;
the feature extraction module obtains a target second-level node and a weight of each candidate node of the target second-level node when the node complexity of the target second-level node is greater than a stop threshold value, and takes the candidate node with the largest weight in all the candidate nodes of the target second-level node as a target third-level node;
and repeating the steps until the complexity of the node is less than or equal to a second stop threshold value so as to obtain the characteristic path taking the target node as the initial node.
The first stop threshold and the second stop threshold are critical values and are preset according to actual conditions.
S3, the network dividing module divides the industrial block chain network into a plurality of block chain sub-networks based on the time sequence characteristic matrix, marks each block chain sub-network to obtain a network identifier of each block chain sub-network, and then maps the network identifiers of the block chain sub-networks and the node identifiers of all network nodes in the block chain sub-networks to generate block chain distribution information.
The network identifier is used for uniquely identifying the blockchain sub-network, and the node identifier is used for uniquely identifying the network node. The block chain distribution information is used for representing the distribution of each block chain sub-network in the industrial block chain network and the distribution of all network nodes in each block chain sub-network.
S4, the user terminal obtains the device type identification of the target device based on the device basic information of the target device, identifies the corresponding block chain sub-network of the target device in the industrial block chain network based on the device type identification and the block chain distribution information, and then takes the block chain sub-network as the target block chain sub-network.
The user terminal is the intelligent equipment that has communication function and data transmission function that equipment management personnel used, and it includes: smart phones, tablet computers, notebook computers, and desktop computers.
The target device is a device which is performing identity authentication, and the device is a device with communication capability, network connection capability or production capability in the industrial internet. The device type identifier is used to identify the type of the device, which includes a production device, a communication device, a data transmission device, and the like.
S5, the user terminal generates the device verification request of the target device through the device state information and the device basic information of the target device, and sends the device verification request to the target block chain sub-network.
The equipment verification request is used for requesting the industrial block chain network to perform identity authentication on the target equipment, and comprises equipment state information and equipment basic information.
S6, the first network node in the target blockchain subnet receives the device authentication request. A second network node in the target block chain sub-network generates a block head based on the device basic information of the target device and generates a block body based on the device state information of the target device; a second network node in the target blockchain sub-network generates a new block based on the block header and the block body, and uses the new block as a target block, and then issues the target block to the target blockchain sub-network.
The industrial block chain network generates a block corresponding to the target equipment according to the equipment state information and the equipment basic information of the target equipment, verifies the block corresponding to the target equipment so as to authenticate the identity of the target equipment, adds the block corresponding to the target equipment into the industrial block chain network when the block corresponding to the target equipment passes the verification, and discards the block corresponding to the target equipment when the block corresponding to the target equipment does not pass the verification.
S7, verifying the target block by a third network node in the target block chain sub-network; adding the target block into the target block chain sub-network when the target block passes the verification; the target block is discarded when the target block fails verification.
The first network node is a network node for synchronizing all block header data in the industrial block link network; the second network node is other network nodes except the first network node and the third network node in the industrial blockchain network; the third network node is a network node for synchronizing all block head data and block volume data in the industrial block chain network.
According to the method and the device, the user terminal generates the device verification request by using the device basic information and the device state information of the target device and sends the device verification request to the target block chain sub-network, so that whether the identity of the target device meets the preset identity terms or not is verified in real time, and the potential risks of forging the identity authentication result to bypass an identity authentication mechanism and the like caused by unsafe network communication are prevented.
The above embodiments are merely illustrative of the technical ideas and features of the present invention, and are intended to enable those skilled in the art to understand the contents of the present invention and implement the present invention, and not to limit the scope of the present invention. All equivalent changes or modifications made according to the spirit of the present invention should be covered within the protection scope of the present invention.

Claims (9)

1. An equipment management system for industrial internet, characterized in that it comprises: the system comprises a user terminal, equipment and an equipment verification platform, wherein the equipment verification platform is in communication connection with the user terminal and the equipment respectively; the device authentication platform includes: the system comprises a graph building module, a network dividing module, a feature extraction module and a database, wherein communication connection is formed among the modules;
the graph building module traverses all network nodes in the industrial block chain network, takes the network nodes which are traversed as central nodes, and then takes other network nodes except the central nodes in the industrial block chain network as radiation nodes of the central nodes;
the graph building module acquires a communication area of the central node and a communication area of each radiation node of the central node, and generates a directed connection network of the central node according to the communication areas of the central node and the communication areas of each radiation node of the central node;
repeating the steps until all network nodes in the finished industrial block chain network are traversed so as to generate a directed connection network of all network nodes in the industrial block chain network;
the graph construction module generates a directed acyclic graph of the industrial blockchain network based on directed connection networks of all network nodes in the industrial blockchain network;
the method comprises the steps that a graph construction module obtains directed acyclic graphs of an industrial block chain network at each moment, all directed acyclic graphs of the industrial block chain network are subjected to graph sampling based on a preset time step to obtain a plurality of directed acyclic graph samples, and then all the directed acyclic graph samples are arranged according to a time sequence to generate a sequence diagram sequence of the industrial block chain network;
the method comprises the steps that a characteristic extraction module obtains graph structure characteristics of each directed acyclic graph sample in a sequence diagram sequence of the industrial block chain network, generates a graph structure characteristic matrix of each directed acyclic graph sample based on the graph structure characteristics of each directed acyclic graph sample, and then generates a time sequence characteristic matrix of the industrial block chain network according to the graph structure characteristic matrices of all directed acyclic graph samples;
the network dividing module divides the industrial block chain network into a plurality of block chain sub-networks based on the time sequence characteristic matrix, marks each block chain sub-network to obtain a network identifier of each block chain sub-network, and then maps the network identifiers of the block chain sub-networks and node identifiers of all network nodes in the block chain sub-networks to generate block chain distribution information;
the method comprises the steps that a user terminal obtains an equipment type identifier of target equipment based on equipment basic information of the target equipment, identifies a block chain sub-network corresponding to the target equipment in an industrial block chain network based on the equipment type identifier and block chain distribution information, and then takes the block chain sub-network as a target block chain sub-network;
the user terminal generates a device verification request of the target device through the device state information and the device basic information of the target device, and sends the device verification request to the target block chain sub-network;
and the target block chain sub-network carries out identity verification on the target equipment according to the equipment verification request.
2. The system of claim 1, wherein the user terminal is an intelligent device with communication function and data transmission function used by a device manager, and comprises: smart phones, tablet computers, notebook computers, and desktop computers.
3. The system of claim 2, wherein the target device is an authenticating device; the equipment is equipment with a production function, a communication function or a data transmission function in the industrial internet.
4. The system according to any one of claims 1 to 3, wherein the target blockchain subnet authenticates the target device based on the device authentication request comprises:
receiving the device authentication request by a first network node in a target blockchain subnet; the first network node is a network node for synchronizing all block header data in the industrial block link network;
a second network node in the target block chain sub-network generates a block head based on the device basic information of the target device and generates a block body based on the device state information of the target device;
a second network node in the target block chain sub-network generates a new block based on the block head and the block body, takes the new block as a target block, and then issues the target block to the target block chain sub-network; the second network node is other network nodes except the first network node and the third network node in the industrial block chain network;
verifying the target block by a third network node in the target block chain sub-network; the third network node is a network node for synchronizing all block head data and block body data in the industrial block chain network;
adding the target block into the target block chain sub-network when the target block passes the verification; the target block is discarded when the target block fails verification.
5. The system of claim 4, wherein the graph building module generates the directed connection network of the central node according to the communication area of the central node and the communication area of the radiating node of the central node comprises:
the graph building module traverses all the radiation nodes of the central node, takes the traversing radiation nodes as the central radiation nodes, and then respectively acquires the communication area of the central node and the communication area of the central radiation nodes;
the method comprises the steps that a graph building module obtains an overlapping region of a communication region of a central node and a communication region of a central radiation node, the ratio of the region area of the overlapping region to the region area of the communication region of the central node is used as a first connection value, and then the ratio of the region area of the overlapping region to the region area of the communication region of the central radiation node is used as a second connection value;
generating a directed connection from the central node to the central radiating node when the first connection value is greater than a first connection threshold and the second connection value is greater than a second connection threshold;
the graph building module obtains a node characteristic vector of a central node and a node characteristic vector of a central radiation node, calculates the Euclidean distance between the node characteristic vector of the central node and the node characteristic vector of the central radiation node to obtain the node similarity of the central node and the central radiation node, and then determines the weight of directed connection between the central node and the central radiation node based on a first connection value, a second connection value and the node similarity;
and repeating the steps until all the radiation nodes of the central node are traversed to generate a plurality of directed connections of the central node and the weight of each directed connection of the central node, and generating a directed connection network of the central node according to the directed connections of the central node and the weight of each directed connection of the central node.
6. The system according to one of claims 1 to 5, wherein the feature extraction module obtains a graph structure feature matrix of the directed acyclic graph sample, and comprises:
the characteristic extraction module randomly selects one network node from all network nodes in the directed acyclic graph sample as a target node, and generates a characteristic path with the target node as an initial node according to the target node and a radiation node which is in directed connection with the target node;
the feature extraction module counts the number of feature paths and compares the number of feature paths with a first stop threshold; when the number of the characteristic paths is smaller than the first stop threshold value, repeating the steps until the number of the characteristic paths is larger than or equal to the first stop threshold value to generate a plurality of characteristic paths of the directed acyclic graph sample.
7. The system of claim 6, wherein the feature extraction module obtaining a graph structure feature matrix of the samples with or without the ring graph comprises:
the characteristic extraction module traverses all characteristic paths of the directed acyclic graph sample, takes the traversed characteristic paths as target characteristic paths, and then acquires all associated node pairs in the target characteristic paths;
the feature extraction module extracts node distribution features of all associated node pairs of the target feature path, and maps the node distribution features of all associated node pairs to a low-dimensional vector space to obtain a node distribution feature vector of each associated node pair;
the characteristic extraction module performs characteristic fusion on node distribution characteristic vectors of all associated node pairs of the target characteristic path to obtain a path characteristic vector of the target characteristic path;
and repeating the steps until all the characteristic paths of the directed acyclic graph sample are traversed to obtain the path characteristic vector of each characteristic path of the directed acyclic graph sample, and generating a graph structure characteristic matrix of the directed acyclic graph sample according to the path characteristic vectors of all the characteristic paths of the directed acyclic graph sample.
8. The system of claim 7, wherein the feature extraction module obtaining all pairs of associated nodes in the target feature path comprises:
the characteristic extraction module randomly selects a network node in the target characteristic path as a target node, then sets a sliding window, obtains a context node of the target node based on the sliding window, and then maps the target node and the context node of the target node to generate a related node pair of the target node;
and repeating the steps to obtain the associated node pair of each network node in the target characteristic path.
9. The system of claim 8, wherein the feature extraction module generates the feature path with the target node as the initial node according to the target node and the radiation node having the directional connection with the target node comprises:
the characteristic extraction module takes the target node as a target first-level node, and takes a radiation node which is in directional connection with the target first-level node as a candidate node of the target first-level node based on a directional connection network of the target first-level node;
the feature extraction module obtains a weight of directed connection between a target first-stage node and each candidate node of the target first-stage node, takes the candidate node with the largest weight in all the candidate nodes of the target first-stage node as a target second-stage node, and then connects the target first-stage node with the target second-stage node;
the characteristic extraction module takes the radiation nodes which are in directed connection with the target second-level node as candidate nodes of the target second-level node based on a directed connection network of the target second-level node, and counts the number of the candidate nodes of the target second-level node;
the feature extraction module takes the ratio of the number of candidate nodes of the target second-stage node to the total number of network nodes in the directed acyclic pattern as the node complexity of the target second node, and then compares the node complexity of the target second node with a second stop threshold;
when the node complexity of the target second node is greater than the stop threshold, the feature extraction module obtains the target second-level node and the weight of each candidate node of the target second-level node, and takes the candidate node with the largest weight in all the candidate nodes of the target second-level node as a target third-level node;
and repeating the steps until the complexity of the node is less than or equal to a second stop threshold value so as to obtain the characteristic path taking the target node as the initial node.
CN202111164257.7A 2021-09-30 2021-09-30 Equipment management system for industrial Internet Active CN113872816B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111164257.7A CN113872816B (en) 2021-09-30 2021-09-30 Equipment management system for industrial Internet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111164257.7A CN113872816B (en) 2021-09-30 2021-09-30 Equipment management system for industrial Internet

Publications (2)

Publication Number Publication Date
CN113872816A true CN113872816A (en) 2021-12-31
CN113872816B CN113872816B (en) 2023-08-25

Family

ID=79001323

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111164257.7A Active CN113872816B (en) 2021-09-30 2021-09-30 Equipment management system for industrial Internet

Country Status (1)

Country Link
CN (1) CN113872816B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114520810A (en) * 2022-01-27 2022-05-20 山东浪潮工业互联网产业股份有限公司 Block chain-based block data transmission method, equipment and medium
CN115328744A (en) * 2022-10-14 2022-11-11 中国信息通信研究院 Block chain-based equipment monitoring method, device, equipment and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109302491A (en) * 2018-11-13 2019-02-01 爱普(福建)科技有限公司 A kind of industry internet framework and its operation method based on block chain
US20190268407A1 (en) * 2018-02-26 2019-08-29 International Business Machines Corporation Service management for the infrastructure of blockchain networks
CN112417037A (en) * 2020-11-05 2021-02-26 杭州云象网络技术有限公司 Block chain construction method for distributed identity authentication in industrial field
CN112597544A (en) * 2020-12-24 2021-04-02 北京工业大学 Block chain-based industrial internet data security management system and method
CN113014577A (en) * 2021-02-24 2021-06-22 中国科学院数学与系统科学研究院 Mixed block chain system and trusted block identification method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190268407A1 (en) * 2018-02-26 2019-08-29 International Business Machines Corporation Service management for the infrastructure of blockchain networks
CN109302491A (en) * 2018-11-13 2019-02-01 爱普(福建)科技有限公司 A kind of industry internet framework and its operation method based on block chain
CN112417037A (en) * 2020-11-05 2021-02-26 杭州云象网络技术有限公司 Block chain construction method for distributed identity authentication in industrial field
CN112597544A (en) * 2020-12-24 2021-04-02 北京工业大学 Block chain-based industrial internet data security management system and method
CN113014577A (en) * 2021-02-24 2021-06-22 中国科学院数学与系统科学研究院 Mixed block chain system and trusted block identification method thereof

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
BIN CAO等: "When Internet of Things Meets Blockchain: Challenges in Distributed Consensus", 《IEEE》 *
HUMA PERVEZ等: "A Comparative Analysis of DAG-based Blockchain Architectures", 《2018 INTERNATIONAL CONFERENCE ON OPEN SOURCE SYSTEMS AND TECHNOLOGIES (ICOSST)》 *
LAIZHONG CUI等: "An Efficient and Compacted DAG-Based Blockchain Protocol for Industrial Internet of Things", 《IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS》 *
张震: "应用于工业物联网的DAG 区块链模型", 《现代计算机》 *
邓莅川等: "区块链技术在工业互联网领域的应用综述", 《2020 中国信息通信大会论文集》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114520810A (en) * 2022-01-27 2022-05-20 山东浪潮工业互联网产业股份有限公司 Block chain-based block data transmission method, equipment and medium
CN115328744A (en) * 2022-10-14 2022-11-11 中国信息通信研究院 Block chain-based equipment monitoring method, device, equipment and medium
CN115328744B (en) * 2022-10-14 2022-12-30 中国信息通信研究院 Block chain-based equipment monitoring method, device, equipment and medium

Also Published As

Publication number Publication date
CN113872816B (en) 2023-08-25

Similar Documents

Publication Publication Date Title
Liang et al. Data fusion approach for collaborative anomaly intrusion detection in blockchain-based systems
CN109104413B (en) Method for solving intersection of private data for secure multi-party computation and verification method
US9635016B2 (en) Cyber gene identification technology based on entity features in cyber space
Bu et al. Distributed combined authentication and intrusion detection with data fusion in high-security mobile ad hoc networks
CN102783080B (en) Safety many UIM certification and cipher key change
CN113872816A (en) Equipment management system for industrial internet
Deebak et al. TAB-SAPP: A trust-aware blockchain-based seamless authentication for massive IoT-enabled industrial applications
CN110233868A (en) A kind of edge calculations data safety and method for secret protection based on Fabric
CN100581170C (en) Trusted network management method based on ternary peer-to-peer identification trusted network connections
CN110995718B (en) Power terminal cross-domain authentication method based on block chain
CN105933245A (en) Secure and credible access method in software defined network
CN117097489B (en) Lightweight double-factor agriculture Internet of things equipment continuous authentication method and system
CN113055176B (en) Terminal authentication method and system, terminal device, P2P verification platform and medium
EP2446390A1 (en) System and method for reliably authenticating an appliance
CN113378148A (en) Internet of things equipment identity authentication system and method based on block chain
CN111212431B (en) WIFI access position signal consensus system and method based on block chain
HanataniI et al. A study on computational formal verification for practical cryptographic protocol: the case of synchronous RFID authentication
Saurabh et al. Increasing Accuracy and Reliability of IP Traceback for DDoS Attack Using Completion Condition.
Fang et al. Zero‐Trust‐Based Protection Scheme for Users in Internet of Vehicles
CN104700137B (en) A kind of information processing method based on Internet of Things
CN113010909A (en) Data security classification method and device for scientific data sharing platform
CN114172742B (en) Hierarchical authentication method for electric power Internet of things terminal equipment based on node map and edge authentication
CN114205816B (en) Electric power mobile internet of things information security architecture and application method thereof
CN115001790A (en) Secondary authentication method and device based on equipment fingerprint and electronic equipment
CN114900294A (en) Credibility measurement and remote certification method and system for sensing layer of Internet of things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20230801

Address after: No. 135, No. 1 Courtyard C, Beiwu Road, Beishicao Town, Shunyi District, Beijing, 101399

Applicant after: Beijing Block Express Technology Co.,Ltd.

Address before: Electronic Information Industry Building, No. 159, East 1st Section of 1st Ring Road, Chenghua District, Chengdu City, Sichuan Province, 610000

Applicant before: Zhao Jing

GR01 Patent grant
GR01 Patent grant