Disclosure of Invention
The invention aims to provide an information protection method based on cloud computing and block chain service and an artificial intelligence platform for identity authentication, a unique and safe communication channel is formed, and data security is guaranteed from multiple angles.
The artificial intelligence platform based on the cloud computing and the block chain service comprises a sensing node terminal, a control center and an operation terminal;
the block node data of the sensing node terminal is managed in a distributed mode, the sensing node terminal comprises a plurality of nodes, each node comprises a plurality of existing sensing devices, and the sensing devices are uploaded to the control center to be processed after being collected by the sensing node terminal;
the control center receives the information of the sensing node terminal, comprehensively analyzes and cooperatively processes the received information, and forwards a processing result to all operation terminals in a communication range of the control center, wherein the operation terminals comprise a cooperative processor, a propagation processing platform, a cloud service layer and an application service layer, and the cloud service layer and the application service layer are connected with the propagation processing platform through a common communication interface;
the operation terminal comprises identity authentication systems for establishing all operation terminals allowing to use the network, when a user passes through the operation terminal to apply for accessing the management and control center, the user firstly authenticates the identity of the operation terminal, and after the identity authentication is passed, the user is allowed to use the operation terminal to access the management and control center.
In one embodiment, the operation terminal includes:
the normalization module is used for carrying out scale normalization pretreatment on the palm vein image;
the image enhancement module is used for carrying out discretization processing on the vein image after the normalization processing by adopting a gray level correction method combining regional variance transformation and single-scale Retinex;
the image rough matching module is used for carrying out rough matching on the images by an improved gray difference curved surface method;
and the image fine matching module is used for performing fine matching on the images based on a correlation coefficient method.
In one embodiment, the management and control center stores the collected data in a grading manner by means of the characteristic that each node and the operation terminal upload data independently, shares the collected primary data by adopting a distributed layout, stores secondary data in the whole system by using a block chain and an intelligent contract technology, simultaneously performs encryption protection on privacy information of a user, and endows data query authorities of different degrees according to the access level of the user.
In one embodiment, the sensing node terminal includes:
the information perception module is used for perceiving environment information data, including data parameters of surrounding environment shot by a camera;
and the communication terminal module is used for receiving the information data transmitted from the data interface of the information perception module, carrying out frequency conversion on the information data and transmitting the information data to the intelligent control center.
In one embodiment, the management and control center further includes a data receiving and classifying module, configured to receive data of various devices, and classify the received data into primary data and secondary data according to a certain index; the primary data is basic information of the IOT equipment and the user, and the secondary data is core data of the IOT equipment and privacy data of the user.
In one embodiment, the cloud service layer provides a video streaming media transcoding service, a task engine service and a data analysis service; the video streaming media transcoding service supports RTSP video streaming live broadcast of H.264, H.265 and MP4, and can convert RSP stream into HTTP stream in MJPEG format for plug-in-free playing of webpage.
The information protection method based on the cloud computing and the blockchain service comprises the artificial intelligence platform based on the cloud computing and the blockchain service, and comprises the following steps of:
the sensing node terminal senses the surrounding environment and uploads information data to the control center;
the control center receives the information data for cooperative processing, and forwards the processing result to all operation terminals in the communication range of the control center;
and the operating terminal accesses through identity authentication and receives the processing result.
In one embodiment, the operation terminal accessing through authentication includes determining a specific identity of a sender of the access request: if the sender of the access request is an owner, verifying whether the owner has the access right of passing through the operation terminal, and if the owner passes the verification, connecting the operation terminal to the cloud service layer to provide hardware access service for the owner; if the sender of the access request is a merchant, providing marketing and pushing services provided by merchant information to the application service layer; and if the sender of the access request is the property, requesting the highest access authority to the management and control center through the operation terminal, and performing service management on the management and control center through the highest access authority.
In one embodiment, the authentication specifically includes:
carrying out scale normalization pretreatment on the palm vein image;
extracting features of data to be preprocessed to obtain a feature group, wherein the feature group can reflect basic information of an object;
inputting the feature group into a trained model to obtain a processing result;
and obtaining a target object based on the processing result.
The technical scheme has the following advantages or beneficial effects:
the information protection method and the artificial intelligence platform based on the cloud computing and the block chain service solve the problems that the data volume of a monitoring system is low, information of each monitoring area cannot be shared, different classified block nodes can be realized according to different areas and application scenes, each sensing device can serve different application service layers, namely, each sensing layer node covers various sensing devices according to different application scenes, can be shared and used through a mobile phone interaction system or front-end control equipment according to actual application, carries out identity authentication on transmitted information data, can transmit the sensing information data only after the identity authentication is successful, forms a unique and safe communication channel, and ensures the safety of the transmitted data from multiple angles.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below.
Referring to fig. 1, an artificial intelligence platform based on cloud computing and block chain service includes a sensing node terminal 1, a management and control center 2, and an operation terminal 3;
the block node data of the sensing node terminal 1 is managed in a distributed mode, the sensing node terminal 1 comprises a plurality of nodes, each node comprises a plurality of existing sensing devices, and the sensing devices are uploaded to the control center 2 to be processed after being collected by the sensing node terminal 1;
the control center 2 receives the information of the sensing node terminal 1, performs comprehensive analysis on the received information, performs cooperative processing, and forwards a processing result to all operation terminals 3 in a communication range of the control center, wherein the operation terminals include a cooperative processor, a propagation processing platform, a cloud service layer and an application service layer, and the cloud service layer and the application service layer are connected with the propagation processing platform through a common communication interface;
the operation terminal 3 comprises identity authentication systems which are used for establishing all operation terminals 3 allowing to use the network, when a user passes through the operation terminal 3 and applies for accessing the management and control center 2, the user firstly authenticates the identity of the operation terminal 3, and after passing through the identity authentication, the user is allowed to use the operation terminal 3 to access the management and control center 2.
The identity authentication process comprises the following steps: the system comprises four main bodies, namely an operating terminal 3, a sensing node terminal 1, an identity contract module and a TEE (Trusted Execution Environment). Wherein, the function of the trusted execution environment TEE is designed as an information entry method and an information authentication method, the registration authentication authority is in the information entry method to the trusted execution environment TEE, the submitted information includes but is not limited to: request parameters such as information type, information attribution identity (identity) id, information hash value, registration certification authority signature and the like; in the information authentication method of the trusted execution environment TEE by the trusted authentication authority, the submitted information includes but is not limited to: information attribution identity id, information category, trusted certification authority and other request parameters. Because the trusted execution environment TEE does not allow any user to directly read the data stored in the TEE, the related data can be acquired only by possessing a specific key or being authorized, and the identity information is stored in the trusted execution environment TEE, thereby ensuring the security of the identity information.
Wherein, the identity authentication system includes:
the receiving module is used for receiving the information to be verified sent by the sensing node terminal 1; the information to be verified comprises first identity credential information obtained by the sensing node terminal 1 from a received query request initiated by the operating terminal 3, and a first hash value of the sensing node terminal 1 on the first identity credential information;
the obtaining module is used for obtaining second identity certificate information matched with the first identity certificate information from a Trusted Execution Environment (TEE);
and the verification module is used for verifying the identity of the operation terminal 3 according to the first hash value of the first identity certificate information and the second identity certificate information.
The receiving module is used for receiving the sent information to be verified; the information to be verified comprises first identity certificate information obtained from a received inquiry request initiated by the flyer and a first hash value of the first identity certificate information; the obtaining module is used for obtaining second identity certificate information matched with the first identity certificate information from a Trusted Execution Environment (TEE); the verification module is used for verifying the identity of the flyer according to the first hash value of the first identity certificate information and the second identity certificate information. The identity authentication device provided by the application not only provides the authentication function for identity information, but also improves the safety of identity certificate information storage.
Preferably, the identity authentication system further comprises:
the identity contract module is used for receiving the sent information to be verified; the information to be verified comprises first identity credential information obtained by the flyer from a received query request initiated by the sensing node terminal 1 and a first hash value of the first identity credential information;
optionally, in some embodiments of the present application, the information to be verified further includes a signature of the sensing node terminal 1 on the signature information, and the identity contract module is further configured to perform authority verification on the automatic identification module according to the signature information and the signature; after the authority of the automatic identification module passes verification, the identity contract module sends the first identity certificate information to a trusted execution environment TEE, and second identity certificate information matched with the first identity certificate information is obtained from the trusted execution environment TEE;
optionally, the identity contract module may verify whether the automatic identification module has authority to perform identity verification on the node to be sensed by verifying the public key of the sensing node terminal, and in some embodiments of the present application, the identity contract module may be configured to calculate the public key of the automatic identification module according to the signature information and the signature; according to the reference public key of the automatic identification module and the public key of the automatic identification module stored in the identity contract module, authority verification is carried out on the automatic identification module;
optionally, in some embodiments of the present application, the identity contract module may be configured to determine that the authority verification of the automatic identification module passes when the reference public key of the automatic identification module stored in the identity contract module is consistent with the public key of the automatic identification module;
the TEE module is used for receiving the first identity certificate information sent by the identity contract module, inquiring according to the first identity certificate information to obtain second identity certificate information matched with the first identity certificate information, and returning the second identity certificate information to the identity contract module;
the identity contract module is further used for carrying out identity verification on the flyer according to the first hash value of the first identity certificate information and the second identity certificate information.
Further, in a preferred embodiment of the artificial intelligence platform based on cloud computing and block chain service in the present invention, the operation terminal 3 includes:
the normalization module 31 is used for carrying out scale normalization preprocessing on the palm vein image;
the image enhancement module 32 is used for carrying out discretization processing on the vein image after the normalization processing by adopting a gray level correction method combining regional variance transformation and single-scale Retinex;
the image rough matching module 33 performs rough matching on the image by an improved gray difference curve method;
and the image fine matching module 34 is used for performing fine matching on the images based on a correlation coefficient method.
Further, in a preferred embodiment of the artificial intelligence platform based on cloud computing and block chain service, the management and control center 2 further includes a data receiving and classifying module 21, configured to receive data of various devices, and classify the received data according to a certain index, and divide the data into primary data and secondary data; the primary data is basic information of the IOT equipment and the user, and the secondary data is core data of the IOT equipment and privacy data of the user.
Further, in a preferred embodiment of the artificial intelligence platform based on cloud computing and block chain service, the management and control center 2 stores the collected data in a hierarchical manner by means of the characteristic that each node and the operation terminal upload data autonomously, shares the collected primary data by adopting a distributed layout, stores secondary data in the whole system by using a block chain and intelligent contract technology, simultaneously performs encryption protection on privacy information of a user, and gives data query authorities of different degrees according to the access level of the user.
Management and control center 2 includes data processing system and management system, data processing system's inside is provided with data analysis module and data statistics module, data analysis module is used for right the management and control center carries out big data analysis, management system's inside is provided with whole network monitoring management system and whole network information transmission management system, management system has multiple front end controlgear through wireless connection.
When detecting an access request, the operation terminal 3 judges identity information of a sender of the access request; if the sender of the access request is an owner, verifying whether the owner has the access right of passing through the operation terminal 3, and if the owner passes the verification, connecting the owner to the management and control center 2 through the operation terminal 3 to provide hardware access service for the owner; if the sender of the access request is a merchant, marketing and pushing services provided by merchant information are provided for the management and control center 2; if the sender of the access request is an administrator, requesting the highest access authority from the management and control center 2 through the operation terminal 3, and performing service management on the management and control center 2 through the highest access authority.
The cooperative processor is further configured to receive data input by the third-party terminal device 2, and store the data in the cloud service layer and the application service layer in a classified manner according to the service type of the data; the input data is encrypted in different modes according to the security levels of the account login information data, the control instruction data and the system privacy data; the account login information class data is I-level and highest in level, and is encrypted through a DM5 algorithm, an AES encryption technology and a digital signature; the control instruction class data is of level II, and is encrypted by adopting an MD5 algorithm and a digital signature; the system privacy data is class III, and is encrypted by adopting an MD5 algorithm and an AES encryption technology; the cooperative processor is in signal connection with the control center 2 and is used for transmitting data to the control center 2.
The data of the equipment needs to be encrypted by AES128 with time stamp data and then transmitted to the server, the server also needs to be encrypted by the AES128 with time stamp data and then transmitted to the coprocessor, when data transmission is carried out between the coprocessor and the client,
when the server and the coprocessor carry out data transmission, the data encryption is carried out on the transmitted data according to the AES128S and the time stamp mode, specifically, when the server a transfers parameters, the current time stamp of the system is firstly obtained, and is transmitted in an encrypted manner by the AESA128 in conjunction with a secret key, which is known only to the server and is not transmitted over the network, and stores the time stamp in the cache of the server a, sends the data to the server b, the server b obtains the time stamp, if the difference with the current time is more than 1 minute, the return request fails, if the difference between the time stamp and the current time is less than or equal to 1 minute, the time stamp passes the verification, the time stamp and the key are used for decryption operation, if the decryption is unsuccessful, an error is returned, and the corresponding IP is recorded, and further, when twenty consecutive unsuccessful operations occur, the IP restricted access is configured for 10 hours. In the data submitted in the mode, signature parameters connected with the URL are encrypted by a certain rule, the server also carries out safety encryption by the same rule after receiving the data, and data modification processing is carried out after the data are confirmed to be not tampered midway, so that different encryption keys are appointed by different access modes such as Web/APP/Winfrom and the like, the keys are agreed by two parties and are not transmitted on a network connection, the connection transmission is an accessed App ID, and the server carries out encryption comparison on the signature parameters through the App ID.
In addition, for the intelligent system equipment, when the equipment and the current co-processor are used for data transmission, the classification is carried out, and the higher the classification is, the more complicated the encryption mode is. The level comprises account login information data, control instruction data and system privacy data of the user. The user's account login information data is I-level, the highest level, and processed by MD5 algorithm and AES encryption technology, and digitally signed to ensure the security, integrity and non-repudiation of data in the transmission process, for example, in the scene that the user sends an instruction to the management server through APP, the server executes the instruction to the device, all devices cannot access the external network, and can only transmit data in the local area network through the local area network server, the user data is encrypted through MD5 during data transmission, then the user name and password of the user are encrypted and stored in the local database by using a specific key value, and a string of cipher text is generated as the token of the user by using MD5 to encrypt the user name and a corresponding random code, the validity period of the token is set for the user to be 2 days, if the user is not used, the token is expired after two days, if the user fails to verify the token for 10 consecutive times, will be pulled into the blacklist and will not be accessible within 10 hours. The management instruction class data belongs to II class data and comprises a series of control operations made to the system, and in order to ensure that the initiated control instruction is a legal user, the MD5 algorithm and a digital signature are adopted to ensure the safe transmission of the control instruction. For example, before the control instruction is sent, the control instruction is encrypted by using MD5, AES encryption processing is performed after the control instruction is used, the control instruction transmitted by the user is subjected to token verification and IP verification by the local server, the encrypted control instruction is sent to the intelligent system device after the verification, the intelligent system device can decrypt the control instruction, and judges whether the control instruction is a conventional control instruction or not after the decryption, if the control instruction is not a conventional control instruction, the information of the control instruction is transmitted to the community center management server, the number of times of occurrence of an abnormality is counted, if the control instruction occurs for multiple times, the access authority of the IP for sending the control instruction is limited, if the control instruction is a conventional control instruction, the instruction is executed after the analysis is successful, and the control instruction is recorded by a log. The system privacy class data is class III, and is encrypted by adopting an MD5 algorithm and an AES encryption algorithm. In addition, for the transmission of some common data, an AES algorithm with high speed and high encryption efficiency is selected for processing.
Further, in a preferred embodiment of the artificial intelligence platform based on cloud computing and block chain service in the present invention, the sensing node terminal 1 includes:
the information perception module 11 is used for perceiving environmental information data, including data parameters of surrounding environment shot by a camera;
and the communication terminal module 12 is configured to receive the information data transmitted from the data interface of the information sensing module 11, perform frequency conversion on the information data, and transmit the information data to the intelligent management and control center 1.
Further, in a preferred embodiment of the artificial intelligence platform based on cloud computing and block chain service, the cloud service layer provides a video streaming media transcoding service, a task engine service and a data analysis service; the video streaming media transcoding service supports RTSP video streaming live broadcast of H.264, H.265 and MP4, and can convert RSP stream into HTTP stream in MJPEG format for plug-in-free playing of webpage.
The information protection method based on the cloud computing and the blockchain service comprises the artificial intelligence platform based on the cloud computing and the blockchain service, and comprises the following steps of:
the sensing node terminal senses the surrounding environment and uploads information data to the control center;
the control center receives the information data for cooperative processing, and forwards the processing result to all operation terminals in the communication range of the control center;
and the operating terminal accesses through identity authentication and receives the processing result.
Further, in a preferred embodiment of the information protection method based on cloud computing and block chain service, the accessing of the operating terminal by the identity authentication includes determining a specific identity of a sender of the access request: if the sender of the access request is an owner, verifying whether the owner has the access right of passing through the operation terminal, and if the owner passes the verification, connecting the operation terminal to the cloud service layer to provide hardware access service for the owner; if the sender of the access request is a merchant, providing marketing and pushing services provided by merchant information to the application service layer; and if the sender of the access request is the property, requesting the highest access authority to the management and control center through the operation terminal, and performing service management on the management and control center through the highest access authority.
Further, in a preferred embodiment of the information protection method based on cloud computing and blockchain service, the identity authentication specifically includes:
carrying out scale normalization pretreatment on the palm vein image;
extracting features of data to be preprocessed to obtain a feature group, wherein the feature group can reflect basic information of an object;
inputting the feature group into a trained model to obtain a processing result;
and obtaining a target object based on the processing result.
The normalization comprises: by MinMaxScale function
X_std=(X-X.min(axis=0))/(X.max(axis=0)-X.min(axis=0))
X_scaled=X_std/(max-min)+min
And (3) standardization: (X-mean)/std
Discretizing: the discretization is to segment continuous numerical features, and the data in each segment can be used as a new feature
On-hot N dimensions to encode N classes, and for each class, only one dimension is valid, denoted as the number 1; the other dimensions are all marked with the number 0
Xgboost (input data is operated to obtain the singleton rate, and the target user is identified by the singleton rate)
The XGboost algorithm can be regarded as an addition model consisting of K trees (a plurality of addition models are integrated, and each addition model calculates characteristics)
The objective function of the additive model is defined as: (optimal training of parameters of additive model by objective function)
XGboost objective function (optimization training of xGboost parameters through objective function)
It should be noted that the embodiments of the present invention can be realized by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
In summary, the information protection method and the artificial intelligence platform based on cloud computing and block chain service solve the problems that the data volume of a monitoring system is low, information of each monitoring area cannot be shared, different classified block nodes can be realized according to different areas and application scenes, each sensing device can serve different application service layers, namely, each sensing layer node covers various sensing devices according to different application scenes, can be shared and used through a mobile phone interaction system or front-end control equipment according to actual application, performs identity authentication on transmitted information data, can transmit the sensing information data only after the identity authentication is successful, forms a unique and safe communication channel, and ensures the safety of the transmitted data from multiple angles.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention.
In the description of the present invention, it is to be understood that the terms "upper", "lower", "front", "rear", and the like, which indicate orientations or positional relationships, are based on the orientations or positional relationships shown in the drawings, are only for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the referred devices or elements must have a specific orientation, be constructed in a specific orientation, and be operated, and thus, should not be construed as limiting the present invention.