CN114268645A

CN114268645A - Block chain-based industrial internet trusted control method, device and system

Info

Publication number: CN114268645A
Application number: CN202111507029.5A
Authority: CN
Inventors: 谭林; 尹海波; 李旷; 陈昕; 杨征
Original assignee: Hunan Tianhe Guoyun Technology Co Ltd
Current assignee: Hunan Tianhe Guoyun Technology Co Ltd
Priority date: 2019-12-26
Filing date: 2019-12-26
Publication date: 2022-04-01
Also published as: CN111131229B; CN111131229A

Abstract

The invention discloses a block chain-based industrial internet trusted control method, a device and a system, wherein the method comprises the following steps: defining and compiling intelligent contract codes of an industrial control system; sending the intelligent contract to a blockchain network; setting the equipment authority of the data security gateway and user account information allowing control and query; the intelligent contract is used for triggering the industrial control system to control the industrial field device according to the process and the parameters defined by the intelligent contract code. The invention realizes the safety and credibility of the industrial internet control system through the flow, parameter definition capability and access control capability of the block chain intelligent contract, solves the problem of the safety and credibility of the existing industrial internet control system, realizes the industrial internet control safety through a safe and credible mode, and can promote the industrial internet to move to a more developed path from a chimney type structure.

Description

Block chain-based industrial internet trusted control method, device and system

Technical Field

The invention relates to the field of industrial control system safety, in particular to a block chain-based industrial internet trusted control method, device and system.

Background

The industrial internet requires realization of wide interconnection and intercommunication of upstream and downstream industries and across fields, breaks through information isolated islands, and promotes integration and sharing. At present, the industrial internet system is still in the internal industrial internet stage of an enterprise, and industrial internet can not be realized in a true sense. The manufacturing industry and the peripheral industry still rely on the traditional communication method to realize information communication and communication, and the manufacturing cooperation cannot be realized. The existing industrial internet control system has the following defects:

control system safety issues: at present, the main problems of the manufacturing system are that the industrial manufacturing control system is an enterprise core production system, the requirement on the safety level is high, and potential safety hazards exist in the control system due to the fact that the industrial internet is accessed; in addition, the safety audit of the control system mainly depends on the safety audit function of the control system, the control subject, the source safety audit and the identification cannot be effectively realized, meanwhile, the control flow adjustment depends on the internal system, and if the industrial internet is accessed, the reliability of the flow cannot be guaranteed.

Control system network security problem: the existing system is constructed based on an internal local area network, cannot bear the safety impact of an open industrial internet, cannot ensure that a control system is effectively guaranteed in the aspects of reliability, safety and credibility through a traditional intersystem software interface, and becomes a tripfoot stone which hinders the development of the industrial internet.

In view of the above problems, no effective solution has been proposed.

Disclosure of Invention

In view of this, the present invention provides a block chain-based industrial internet trusted control method, device and system, which can implement security and trust of a control flow of an industrial internet control system.

The first aspect of the embodiment of the invention provides a block chain-based industrial internet trusted control method, which is used in a data security gateway, and comprises the following steps:

defining and compiling intelligent contract codes of an industrial control system;

sending the intelligent contract to a blockchain network;

setting the equipment authority of the data security gateway and user account information allowing control and query;

the intelligent contract is used for triggering the industrial control system to control the industrial field device according to the process and the parameters defined by the intelligent contract code.

Further, after the step of sending the intelligent contract to a blockchain network, the method further comprises:

setting access authority, modification authority, adjustable parameters and an adjustable parameter allowable value range of the industrial field equipment;

subscribing or inquiring an intelligent contract event log of a block chain network, wherein the intelligent contract event log is used for triggering the industrial control system to control industrial field equipment according to a process and parameters defined by an intelligent contract after contract state change after a certain time when detecting that the contract state of the intelligent contract event log is changed;

the intelligent contract event log is also used for triggering the early warning system to carry out early warning and reminding after detecting the key control command.

A second aspect of the embodiments of the present invention provides a block chain-based industrial internet trusted control method, which is used in a block chain network, and includes:

receiving an intelligent contract code from a data security gateway, wherein the intelligent contract is used for triggering the industrial control system to control an industrial field device according to the flow and parameters defined by the intelligent contract code;

device rights and control states of the data security gateway are initialized.

Further, after the step of receiving intelligent contract code from the data security gateway, the method further comprises:

receiving operation request information of a user on an intelligent contract;

verifying the operation authority corresponding to the user operation request information, and when the verification is successful, modifying the intelligent contract and updating the contract state of the intelligent contract log by the block chain network according to the user operation request information;

the operation request information comprises one or more of modification, cancellation or postponement of a currently specified instruction to be confirmed.

A third aspect of the embodiments of the present invention provides an industrial internet trusted control apparatus based on a block chain, which is used in a data security gateway, and the apparatus includes:

the contract creation module is used for defining and compiling intelligent contract codes of the industrial control system;

a sending module, configured to send the intelligent contract to a blockchain network;

the security gateway authority module is used for setting the equipment authority of the data security gateway and the user account information which allows control and inquiry;

Further, the apparatus further comprises:

the device authority module is used for setting the access authority, the modification authority, the adjustable parameters and the allowable value range of the adjustable parameters of the industrial field device;

the operation change module is used for subscribing or inquiring an intelligent contract event log of the block chain network, and the intelligent contract event log is used for triggering the industrial control system to control the industrial field equipment according to the flow and parameters defined by the intelligent contract after the contract state change after a certain time when the contract state of the intelligent contract event log is detected to be changed;

A fourth aspect of the embodiments of the present invention provides a block chain-based industrial internet trusted control apparatus, which is used in a block chain network, and includes:

the contract receiving module is used for receiving intelligent contract codes from a data security gateway, and the intelligent contract is used for triggering the industrial control system to control the industrial field device according to the processes and parameters defined by the intelligent contract codes;

and the initialization module is used for initializing the device authority and the control state of the data security gateway.

Further, the apparatus further comprises:

the request receiving module is used for receiving operation request information of a user on the intelligent contract;

the contract updating module is used for verifying the operation authority corresponding to the user operation request information, and when the verification is successful, the block chain network modifies the intelligent contract according to the user operation request information and updates the contract state of the intelligent contract log;

the operation request information includes one or more of modifying the intelligent contract, canceling the current intelligent contract control instruction or postponing the current intelligent contract control instruction.

A fifth aspect of an embodiment of the present invention provides a block chain-based industrial internet trusted control system, where the system includes:

the data security gateway is connected with the industrial control system and used for defining and compiling an intelligent contract code of the industrial control system, setting the equipment authority of the data security gateway and user account information allowing control and query, and the intelligent contract is used for triggering the industrial control system to control industrial field equipment according to the flow and parameters defined by the intelligent contract code;

and the block chain network is respectively connected with the user terminal and the data security gateway and is used for receiving the intelligent contract code from the data security gateway and initializing the equipment authority and control state of the data security gateway.

A sixth aspect of the embodiments of the present invention provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the following method steps:

sending the intelligent contract to a blockchain network;

In the embodiment of the invention, the data security gateway defines and compiles the intelligent contract code of the industrial control system, and sends the intelligent contract code to the block chain network, the block chain network initializes the equipment authority of the data security gateway and the user account information allowed to be controlled and inquired, the safety and the credibility of the industrial internet control system are realized through the flow, the parameter definition capability, the safety audit capability and the access control capability of the block chain intelligent contract, the consideration of the safety and the credibility of the existing industrial internet control system is solved, the industrial internet control safety is realized through a safe and credible mode, and the industrial internet can be promoted to move to a more developed way from a chimney type pattern.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.

Fig. 1 is a schematic configuration diagram of an environment in which the industrial internet according to the embodiments of the present invention is implemented;

fig. 2 is a flowchart of a block chain-based industrial internet trusted control method according to an embodiment of the present invention;

fig. 3 is a flowchart of a block chain-based industrial internet trusted control method according to another embodiment of the present invention;

fig. 4 is a timing diagram of an interaction process between a block chain-based industrial internet trusted control method and a user according to an embodiment of the present invention;

fig. 5 is a timing diagram of a block chain-based industrial internet trusted control method for canceling or postponing an operation process according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of an industrial internet trusted control device based on a block chain according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of an industrial internet trusted control device based on a block chain according to another embodiment of the present invention;

fig. 8 is a schematic diagram of a terminal device according to an embodiment of the present invention.

Detailed Description

In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.

In order to explain the technical means of the present invention, the following description will be given by way of specific examples.

Referring to fig. 1, a schematic structural diagram of an implementation environment of the industrial internet according to various embodiments of the present invention is shown. The implementation environment includes: user terminal 120, blockchain network 140, data security gateway 160, and industrial field device 180.

The user terminal 120 may be a mobile phone, a tablet computer, an electronic book reader, a portable computer, a desktop computer, and the like.

The industrial field devices 180 form an industrial control system, the industrial control system can control intelligent devices such as machine tools, robot arms and robots to carry out industrial production, and the control system can ensure the normal and credible operation of the devices safely.

The blockchain network 140 is constructed by adopting a distributed point-to-point technology based on a database technology constructed by a distributed book technology, and the blockchain network 140 has the characteristics of non-falsification, safety and credibility.

The blockchain network 140 performs data interaction with the user terminal 120, displays parameter states of various systems and devices in the industrial field, and controls the intelligent device connected to the industrial field device 180; the block chain network 140 is configured by using a virtualization technology to construct a plurality of distributed block chain nodes, each block chain node is connected with a cloud server database, and the nodes are mutually verified by constructing a small-world network, so that the credibility of each node is ensured. The block chain nodes generate blocks through a consensus mechanism, verify the blocks, encrypt and store verified data packets to the cloud server database in a block chain centerless storage mode, and achieve data sharing in a mode of executing intelligent contracts.

The smart contract is constructed with a control (control) as a basic element, and the control is a basic control unit of the industrial control system network and represents control of the industrial field device 180 by a controller. A control process typically consists of a set of interrelated controls.

Specifically, control is a five-tuple C (p, e, C, r, tc) meaning that the person p (person) issues a command to the industrial field device 180 (command), and if command C (command) is reached, the result r (result) is produced. Where the values of instruction c and result r are boolean values. A value of true indicates that the instruction has been completed (or the result has been completed), a value of false indicates that the instruction has not been completed (or the result has not been completed); and tc (time-constraints) represents the validity period of the control, and tc is true, so that the control is effective.

There may be 5 different states within a control lifecycle.

Activation (activation): both instruction c and result r are false and the time does not exceed the validity period of the control. Indicating that control is active, waiting for the completion of instruction c and the completion of result r;

ready (ready): the instruction c is true, the result r is false, the time does not exceed the validity period of the control, the control is effective, the instruction c is achieved, and the completion of the result r is waited;

(III) satisfies (satisfy): instruction c and result r are both true, indicating that instruction c has been reached, result r has also been completed, and control has been fulfilled;

(IV) expired (expire): both instruction c and result r are false, and the time has exceeded the validity period of the control. Indicating that instruction c failed to complete and result r failed to complete in the event of control failure;

and (V) default that instruction c is true, but result r is false, and the time exceeds the validity period of the control. Indicating that when control fails, its control completion result r has been violated despite the fact that instruction c has been reached.

Wherein, the control validity period is a two-tuple tc: (cact, cbas), wherein, cact represents the completion time limit of the instruction c after the control enters the activation state; cbas represents a completion time limit for result r after control enters the ready (ready) state. If the two limits are met, tc is true; otherwise, tc is false.

Wherein, an action can be expressed as action: (actionname, object, input, output), where: actionname is the name of the action, execute is the executor of the action, object is the action object of the action, input is the input parameter, output is the output parameter (act, execute is required, and object, input and output are all optional). The value of the action is a boolean value, action _ false indicates that the action is not completed, and action _ true indicates that the action is completed. The default value for the action is false.

An industrial internet intelligent contract is a finite automaton SC defined over a set of controls: is (CC, A, S, S)₀δ, F), wherein CC ═ C₁，C₂，...，C_nIs a limited control set;

a is the set of actions involved in these controls (including timeout actions, i.e., time out of control's validity period); s ═ S₀，s₁，s₂，...，s_mIs a finite set of states. The state si is determined by all the controlled states in the CC;

s0 is an initial state, where all controls in the CC are either in an active state (conditional control) or a ready state (unconditional control);

s is the state change function A, the committed state in the CC is prompted to change by the action in the state transition function A, and the state of the intelligent contract is caused to change;

f ∈ S is a limited set of termination states.

The data security gateway 160 is configured to connect to and collect data of at least one industrial field device 180, and transmit the collected data to the blockchain network 140 through the internet, where a virtual machine is created in the data security gateway 160, and a virtualized data encryption program is run in the virtual machine.

Each block link point manages N data security gateways 160, each data security gateway 160 is managed by M block link points, wherein N is more than or equal to 1, and M is more than or equal to 2; when a certain block link point fails due to a fault, the other block link points complete the communication with the user terminal 120 and the data security gateway 160 at the same time; in the M block link points corresponding to one data security gateway 160, the 1 block link point closest to the data security gateway is selected as a target block link node, and is responsible for the communication between the data security gateway 160 and the user terminal 120, so as to improve the communication efficiency.

An asymmetric encryption algorithm is adopted between the block chain link point and the data security gateway 160 to generate a digital signature for data and encrypt the data; the digital signature is used for verifying the authenticity of the data and whether the data is tampered, and the data is encrypted so that the data can only be received by a determined receiver.

The asymmetric encryption algorithm consists of a private key and a public key, and when the public key is used for encryption, the corresponding private key is used for decryption, and when the private key is used for encryption, the corresponding public key is used for decryption;

the data encryption process is as follows: the data is subjected to double SHA256 operation to generate a 32-bit unique hash value, then the hash value is encrypted by using a private key to generate a digital signature, and the digital signature and the data are encrypted by using a public key of a receiver to obtain encrypted data.

The private key production process relies on the chip ID and encryption algorithm of the internal processor of data security gateway 160, among other things, to ensure the uniqueness and non-tamperable nature of the device private key. The private key is stored by the device and is not allowed to leave the storage device, and the public key is used as a block chain to uniquely manage the identifier for the device. The computer program accepts only the confirmed status of the blockchain and controls the industrial field device 180.

The block chain nodes achieve consensus through a workload proving consensus mechanism, the block chain link point which firstly completes workload proving operation obtains the right of generating a new block and becomes a main node of the consensus process, the rest of block chain nodes are block chain slave nodes, the block chain slave nodes verify the block generated by the block chain master node, the data consistency is ensured, and the block chain link point which firstly completes workload proving operation next time becomes the new block chain master node;

the block chain master node broadcasts the generated new block to the block chain slave nodes, the block chain slave nodes verify the new block and reply a verification result and a data signature to the block chain master node, the block chain master node collects the reply result, and according to the principle that minority obeys majority, if the block is approved by the majority of the block chain nodes, the block chain master node rebroadcasts the new block and the verification result, and the block chain slave nodes store the new block.

The intelligent contract is executed by the block chain nodes to realize data sharing among the industrial field devices 180, the intelligent contract specifies the data sharing condition, the condition is formulated by a data provider, the target block chain node executes the intelligent contract, the data is encrypted according to the output result of the constraint condition and then sent to a certain data security gateway 160, and the data security gateway 160 receives and decrypts the data to complete the corresponding task.

The invention realizes the security protection of the industrial internet control system network and the control credible security of the industrial internet control system based on the block chain intelligent contract technology and the data security gateway 160 with the built-in block chain intelligent contract Dapp.

The industrial internet trusted control scheme provided by the implementation of the present invention will be described and explained in detail by several specific embodiments.

Referring to fig. 2, a first aspect of the present invention provides a block chain-based industrial internet trusted control method, used in a data security gateway, where the method includes:

step S102, defining and compiling an intelligent contract code of the industrial control system;

step S104, sending the intelligent contract to a block chain network;

step S106, setting the equipment authority of the data security gateway and user account information allowing control and query;

The intelligent contract is software code running on a distributed ledger technology-based blockchain network 140 platform, can be executed on a blockchain, is complete in a turing machine, and can maintain a state and an executed service logic on the blockchain.

The invention adopts a block chain intelligent contract technology to define the control flow, parameters, authority, safety audit and log record of the industrial control system, and realizes a safe and credible remote control system on the basis. The intelligent contract defines the execution flow of the control system through codes, and the control flow execution of the intelligent contract is realized by the blockchain data security gateway 160. The control flow is defined by intelligent contract codes, the codes of the intelligent contracts can be issued to the block chain after being audited and safety audited, and the following operations of all the intelligent contracts can be operated or the control flow or parameters can be modified only by block chain authorization.

The system control parameters are also defined by the state of the intelligent contract, and the modification of the state of the intelligent contract is recorded by the intelligent contract, so that the parameters are ensured to be modified only by authorized users in the intelligent contract.

The blockchain data security gateway 160 is an intelligent control unit based on blockchains, belongs to a data security gateway 160 device with Dapp function, acquires the flow and state information of the equipment through interaction with the blockchain network 140, performs control work according to the program process of an intelligent contract, and belongs to a control unit controlled by a blockchain intelligent contract.

and subscribing or inquiring an intelligent contract event log of the block chain network, wherein the intelligent contract event log is used for triggering the industrial control system to control the industrial field equipment according to the flow and parameters defined by the intelligent contract after the contract state is changed after a certain time when detecting that the contract state of the intelligent contract event log is changed.

The early warning system detects the intelligent contract event log, has early warning reminding on the key control command, and cancels or postpones the control operation through the special canceling or postponing authority.

Specifically, the control unit based on the intelligent contract has the following work flow:

a) defining and writing an intelligent Contract (Smart Contract) of the control system based on the specificity of the control system;

b) design control System Adjustable parameters (Params)_i) And their allowable value ranges

Access rights (Permission)_access) Permission (Permission)_mondify) Revocation authority (Permission)_cancel) Permission, and deferred authority (Permission)_delay) Rights adoption Role based (Role)_i) And user groups (UserGroup)_i) And device group (DeviceGroup)_i) Authorization is carried out in a combined mode; the rights include: the roles can be randomly combined with the part of the permission list and are endowed to a specific user group; the user group can be associated with the equipment group for resource allocation;

c) issuing an intelligent contract (exploycontroct) in the blockchain network, initializing (initialize) and setting an admission control (addontrolpermission), account information of the query (addAccessPermission ()), setting a data security gateway 160 device authority (device, deviceGroup));

d) installing the data security gateway 160 on site and accessing the blockchain network 140, wherein the data security gateway 160 starts to work according to the flow and parameters defined by the intelligent contract;

e) if the industrial control process is required to be adjusted, the intelligent contract parameters are modified through corresponding software and the account private key, so that the purpose of modifying the industrial control process is achieved; the modification record and the safety are both ensured by a block chain and an intelligent contract;

f) the data security gateway 160 checks the intelligent contract state of the blockchain network 140, and realizes the updating of local control logic, thereby realizing the control modification process of the system completed by the blockchain.

The method of the present invention is applied to a data security gateway of an industrial internet trusted control system based on a blockchain, fig. 4 and 5 show a sequence diagram of the interaction process between the method provided by the embodiment of the present invention and a user, and as can be seen from the sequence diagram, the overall control flow of the embodiment of the present invention in an implementation environment is as follows:

1) defining industrial control logic and allowing exposed control interfaces, abstracting into control states and accesses to states, states being defined as Si, operating functions on states being F_read(S_i),F_write(S_i)；

2) Designing access (read) permissions RP_iControlling (writing) the set of permissions WP_iDefining access authority Ai for the control interface;

3) customizing intelligent contract strategy C, realizing contract function coding, binding related user authority C (S)_i,RP_i,WP_i,F_read(Si),F_write(S_i))；

4) Deploying intelligent contract deploy (C) in the block chain, and initializing related authority configuration C.init (S)_i,RP_i,WP_i) Setting security gateway public key address C.initdevices (address)_device,S_i)；

5) Initializing an intelligent contract address addr of a security gateway, initializing a control logic C.readparams () by the security gateway according to an intelligent contract, and entering a block chain control state;

6) if the external user has a control strategy to be adjusted (production plan adjustment, product parameter adjustment and the like), executing parameter adjustment work C.writeParam (address) through an intelligent contract_device,S_i) The user submits a control request to the blockchain as shown in fig. 4;

7) intelligent contract checking user operation authority

onlyWritePermission(address_sender,address_device) Whether the execution action is allowed or not, whether the parameter range has an adjustment authority allowedRange (address)_sender,address_deviceValue), after all the rights and parameters are checked, the intelligent contract modifies the state of the intelligent contract and records a response log, such as the verification process of the intelligent contract and the block chain shown in fig. 4;

8) the data security gateway subscribes/queries the intelligent contract log subdescriptEvent (address) through subscription/query_device) If the status is changed, the readControlStatus (address) is found_sender) And after waiting a certain time (block stable time period), working readRunParams (address) according to the new control instruction_sender) Data security gateway reading contracts as shown in FIG. 4And logging, waiting for block confirmation, and finally performing control logic adjustment on the industrial field equipment to perform real-time safe and trusted control.

The data security gateway 160 records the process through the block chain log record, the control parameters and the authority are managed by the intelligent contract, the data security gateway ensures entity correspondence, and the block chain non-tampering capability is utilized to realize trusted control. The industrial control device reads and executes the state, and control feedback is executed through a block chain, so that credible recording is realized. The user operation must be authorized by the contract and recorded in the contract, so as to realize the credible control of the user side.

The control system has misoperation or attack discovery, and can urgently cancel/postpone the current operation. The present invention provides for controlling the revocation flow as shown in fig. 5. The revocation process of the control command in the embodiment of the invention under the implementation environment is as follows:

1) when the system detects that the abnormal control logic is submitted to the blockchain, and the data security gateway waits for confirmation, revocation or deferred execution can be executed, so that high safety of the industrial control system is ensured. Defining user control commands as C_iGenerating a blockchain event E_iSecurity System by discovery E_iAnd alarming.

2) The safety system warning system initiates a pair C to the blockchain through the special authority_iCancel/defer instruction, execute cancel action (C)_i) Or postpone execution: hangUpAction (C)_i)；

3) The intelligent contract of block chain executes authority verification to executing target and source and generates new event

4) Data security gateway upon detection of an event

Will stop to C_iDuring the process of waiting for the block confirmation, the data security gateway can continue to wait for other C_iA command;

5) data ofSecurity gateway upon detecting event

Will stop to C_iAnd continues to wait

After the demonstration in (1), continuing to wait for the block confirmation, and then implementing the control on the industrial control equipment.

Referring to fig. 3, a second aspect of the present invention provides a block chain-based industrial internet trusted control method, for use in a block chain network, where the method includes:

step S202, receiving an intelligent contract code from a data security gateway;

and step S204, initializing the device authority and control state of the data security gateway.

receiving operation request information of a user on an intelligent contract;

Referring to fig. 6, a third aspect of the present invention provides a block chain-based industrial internet trusted control apparatus 20, for use in a data security gateway 160, the apparatus including:

a contract creation module 202 for defining and compiling intelligent contract code for an industrial control system;

a sending module 204, configured to send the intelligent contract to a blockchain network;

a box authority module 206, configured to set device authority of the data security gateway and user account information allowing control and query;

Further, the apparatus further comprises:

Referring to fig. 7, a fourth aspect of the present invention provides a block chain based industrial internet trusted control apparatus 30 for use in a block chain network 140, where the apparatus includes:

a contract receiving module 302, configured to receive an intelligent contract code from a data security gateway, where the intelligent contract is used to trigger the industrial control system to control an industrial field device according to a process and parameters defined by the intelligent contract code;

and an initialization module 304, configured to initialize device rights and control states of the data security gateway.

Further, the apparatus further comprises:

and the data security gateway 160 is connected with the industrial control system and is used for defining and writing an intelligent contract code of the industrial control system, setting the device authority of the data security gateway and user account information allowing control and query, wherein the intelligent contract is used for triggering the industrial control system to control the industrial field devices according to the processes and parameters defined by the intelligent contract code, and the industrial control system is composed of a plurality of industrial field devices 180.

And the blockchain network 140 is respectively connected with the user terminal 120 and the data security gateway 140 and is used for receiving the intelligent contract codes from the data security gateway 160 and initializing the device authority and control state of the data security gateway 160.

Fig. 7 is a schematic diagram of a terminal device according to an embodiment of the present invention. As shown in fig. 7, the terminal device 10 of this embodiment includes: a processor 100, a memory 101 and a computer program 102 stored in the memory 101 and executable on the processor 100, such as a program for performing a block chain based industrial internet trusted control method. The processor 100, when executing the computer program 102, implements the steps in the above-described method embodiments, e.g., the steps of S102, S104, and S106 shown in fig. 1. Alternatively, the processor 100, when executing the computer program 102, implements the functions of the modules/units in the device embodiments, such as the functions of the contract creation module 202, the sending module 204, and the security gateway authority module 206 shown in fig. 4.

Illustratively, the computer program 102 may be partitioned into one or more modules/units that are stored in the memory 101 and executed by the processor 100 to implement the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program 102 in the terminal device 10. For example, the computer program 102 may be divided into a contract creation module 202, a sending module 204, and a security gateway authority module 206 (modules in a virtual device), each of which has the following specific functions:

The terminal device 10 may be a computing device such as a desktop computer, a notebook, a palm computer, and a cloud server. Terminal device 10 may include, but is not limited to, a processor 100, a memory 101. Those skilled in the art will appreciate that fig. 4 is merely an example of a terminal device 10 and does not constitute a limitation of terminal device 10 and may include more or fewer components than shown, or some components may be combined, or different components, e.g., the terminal device may also include input-output devices, network access devices, buses, etc.

The Processor 100 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The memory 101 may be an internal storage unit of the terminal device 10, such as a hard disk or a memory of the terminal device 10. The memory 101 may also be an external storage device of the terminal device 10, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the terminal device 10. Further, the memory 101 may also include both an internal storage unit of the terminal device 10 and an external storage device. The memory 101 is used for storing the computer program and other programs and data required by the terminal device 10. The memory 101 may also be used to temporarily store data that has been output or is to be output.

It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other ways. For example, the above-described embodiments of the apparatus/terminal device are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.

The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.

The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.

Claims

1. The industrial Internet trusted control method based on the block chain is used in a block chain network and comprises the following steps:

device rights and control states of the data security gateway are initialized.

2. The blockchain-based industrial internet trusted control method according to claim 1, wherein after the step of receiving the intelligent contract code from the data security gateway, the method further comprises:

receiving operation request information of a user on an intelligent contract;

3. An industrial internet trusted control device based on a block chain, which is used in a block chain network, and comprises:

4. The blockchain-based industrial internet trusted control apparatus of claim 3, further comprising:

5. An industry internet trusted control system based on a blockchain, comprising:

6. A terminal device comprising a memory, a processor and a computer program stored in said memory and executable on said processor, characterized in that said processor performs the method steps of:

sending the intelligent contract to a blockchain network;