CN114499895A - Data trusted processing method and system fusing trusted computing and block chain - Google Patents

Data trusted processing method and system fusing trusted computing and block chain Download PDF

Info

Publication number
CN114499895A
CN114499895A CN202210353338.XA CN202210353338A CN114499895A CN 114499895 A CN114499895 A CN 114499895A CN 202210353338 A CN202210353338 A CN 202210353338A CN 114499895 A CN114499895 A CN 114499895A
Authority
CN
China
Prior art keywords
energy data
credible
trusted
trusted computing
energy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210353338.XA
Other languages
Chinese (zh)
Other versions
CN114499895B (en
Inventor
颜拥
郭少勇
陈锦前
黄建平
陈浩
李钟煦
韩嘉佳
孙歆
姚影
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Beijing University of Posts and Telecommunications
Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications, Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd filed Critical Beijing University of Posts and Telecommunications
Priority to CN202210353338.XA priority Critical patent/CN114499895B/en
Publication of CN114499895A publication Critical patent/CN114499895A/en
Application granted granted Critical
Publication of CN114499895B publication Critical patent/CN114499895B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data credible processing method and system fusing credible calculation and a block chain, and belongs to the technical field of energy data processing. The invention discloses a data trusted processing method and system integrating trusted computing and a block chain, which are mainly used for solving the energy data trust problem before chaining energy data in the current block chain application process and the environment trusted problem of business computing. Aiming at the credible problem of the uplink energy data, starting from an internet of things acquisition end or an internet of things energy data acquisition platform, a method of fusing a credible computing technology and a block chain technology is adopted, and the credible computing is embedded into the internet of things acquisition equipment, a prediction machine and a chain uplink and downlink energy data credible verification model, so that the credibility of the processes of energy data collection, transmission and storage is realized, and the credible energy data acquisition is ensured by combining the safety monitoring of the credible computing. Aiming at the problem of a business computing environment, the invention provides a computing architecture combining trusted computing and a state channel, and the business computing of energy data under the condition of privacy protection is realized.

Description

Data trusted processing method and system fusing trusted computing and block chain
Technical Field
The invention relates to a data credible processing method and system fusing credible calculation and a block chain, and belongs to the technical field of energy data processing.
Background
In the energy big data era, the quantity and the value of data rapidly rise, and besides the abundant value of the data, the resource mining analysis of the data source can create greater economic and social values. On the other hand, the smart grid environment contains more participants, more technologies and frequent data interaction, energy efficiency is improved, and meanwhile, data credibility and privacy leakage risks exist and security attack is easy to attack because heterogeneous data needs to be fused for processing. In the background of centralized storage, processing and sharing of company data, sensitive information such as device operation information, energy utilization information, customer information and privacy face more serious security threats and challenges, and compared with the security of traditional data information, the security becomes more complex, and mainly includes the following aspects:
(1) and (4) data acquisition credibility.
The number of energy internet of things devices is sharply increased, and data acquisition terminals are more and more intelligent, which is accompanied by the challenge of more and more data reliability. In the data acquisition process of the internet of things, due to the fact that the equipment has the characteristics of mobility, large environmental influence, high possibility of being attacked and the like, data distortion problems such as data loss, abnormity and the like are easily caused, and therefore serious deviation and even errors occur in final data use and analysis, and various auxiliary decisions and predictions of power grid enterprises are misled.
(2) The trustworthiness of the operating environment.
Data producers and owners often use traditional computer or cloud mode for data storage, supporting the execution of data applications. However, the bottom operating environment is usually overcome, data and data application are stolen, tampered and the like, and a trusted operating environment is constructed by using various technologies such as a trust chain, a trust root and the like of trusted computing, so that the technology selection for solving the credibility of the data application operating environment of the project is one of the technologies;
(3) multi-party trustworthiness.
The data owner confirms the right of the data, the data owner interacts with the data user to obtain benefits, the interaction process between the data owner and the data user only depends on an authoritative authentication mode, the problems of mutual unreliability of data interaction, difficulty in auditing and tracing and the like exist, a data multi-party mutual trust interaction system needs to be constructed by referring to a block chain technology for preventing falsification and decentralization, the complete trust among data participants is ensured, the data resources are fully shared, and effective support is provided for big data analysis.
(4) Data service trustworthiness.
In a traditional data service, a data owner may provide false data for the benefit of the data owner, so that the data source is not credible; the platform can delay the data acquisition efficiency and the manufacturing time difference, further construct unequal information, deliberately manipulate the data transaction and manufacturing price difference and the like to obtain profits; the user may utilize the data of the platform to control the vulnerability, thereby causing problems such as illegal data injection and unauthorized data acquisition. The above untrusted problem reduces data service reliability and efficiency.
Prior art scheme 1: a patent of 'a private data credibility verification method based on block chain and privacy security calculation' with a patent number of CN112685776A belongs to the field of data credibility verification, and particularly relates to a private data credibility verification method based on block chain and privacy security calculation. Two-layer architecture is formed by integrating two technologies of block chains and privacy security calculation. The privacy security calculation is used as a lower chain credible layer to perform scenes such as privacy operation, complex operation, high-frequency operation and the like; the block chain is communicated with the privacy security calculation under the chain through the service layer, and is used for storing and certifying the operation result generated by the privacy security calculation and endowing the operation result with non-tamper property. The credibility verification of safe and credible private data is realized by creating a novel combined use block chain and a privacy safety calculation technology. The invention can ensure that an authority department is willing to provide a credible data source on one hand, and can ensure that the three links of data transmission, data calculation and calculation conclusion can not be falsified on the other hand, thereby really ensuring that the electronic data has the anti-counterfeiting performance comparable to paper documents. The invention creates a safer, more reliable and more automatic information credibility verification mode, which is particularly important for large commodity transaction scenes such as house products and the like which relate to a large amount of citizen privacy data. The application of the invention can make the credibility verification scene of the private data in various commercial activities to make real, credible and efficient business judgment based on the invention, and avoid the possibility of cheating the house purchasing qualification through data counterfeiting.
Prior art scheme 2: patent No. CN112967775A patent of "a medical health data credible sharing method and system based on block chain", belongs to the field of data sharing, and particularly provides a medical health data credible sharing method and system based on block chain, the invention comprises: acquiring medical health authorization data and storing the medical health authorization data in a local server; generating a query character string and a corresponding hash value according to the medical health authorization data, and uploading the query character string and the hash value to a block chain system; and sending the corresponding target medical health authorization data in the local server to an inquiry terminal according to the target inquiry character string, so that the inquiry terminal can verify the target medical health authorization data according to the target hash value to obtain the target medical health authorization data after verification. According to the invention, the block chain is used as the basis of consensus management, so that the problems of fragmentation of medical health data, insufficient medical health data sharing and privacy protection of medical health data owners in the medical health industry are solved.
Disadvantages of the background Art
The prior art scheme 1 discloses a private data credibility verification method based on a block chain and private security calculation. When a scene that the credibility of information submitted by a user needs to be verified by using private data and core data mastered by an authority department occurs, firstly, the private data to be calculated is encrypted by a digital envelope at a client, and is protected by an SSL/TLS channel in the process of being sent to a private safe computing environment, so that the data transmission link is ensured not to be falsified. Secondly, after the private data are transmitted into a private safe computing environment, decryption and computation are carried out in a safe and credible execution environment 'black box', and the execution environment is fully encrypted, so that the data plaintext and the computation process are prevented from being contacted and sensed by the outside.
According to the scheme, though the three links of data transmission, data calculation and calculation conclusion are guaranteed to be not falsifiable through the block chain and privacy security calculation, the credible management of data credible acquisition and data storage is still lacked, and the authenticity of data participating in transmission is difficult to guarantee.
In the prior art, scheme 2 designs a trusted sharing method for medical health data based on block chains based on openness, non-tamper property, traceability, support for encrypted currency and the like of the block chains, and uses the block chains as a basis for consensus management, so that trust of medical health data owners, medical health data creators, medical health data reviewers and medical health data viewers can be obtained, corresponding return of labor results of participants can be ensured, and the problems of fragmentation of medical health data, insufficient medical health data sharing and privacy protection of medical health data owners faced by the medical health industry are solved.
However, the scheme does not meet the requirements of users on user privacy protection at present, and the trusted management method in the data transmission process is not designed sufficiently, so that the problems that the requirements on trusted data acquisition and the trusted supervision of the data sharing full process are difficult to meet are still faced.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide an internet of things gateway which is implanted with a meter of a trusted computing module and the trusted computing module and is used for acquiring energy data, so that the energy data has a strong identity certificate and the reliability of energy data acquisition is ensured; and then after the prediction machine uploads the energy data fingerprint to the block chain, credible verification of the energy data on the chain and on the chain is carried out, the energy data on the chain is ensured not to be falsified or damaged, and the data credible processing method integrating credible calculation and the block chain for credible acquisition of the energy data is completed.
The invention aims to provide a method for constructing a prediction machine acquisition model, which is used for acquiring energy data and ensuring the credibility of energy data acquisition; a trusted computing sandbox is built to provide an isolation environment for energy data and ensure the credibility of an operation environment; establishing a credible verification model, and carrying out credible verification on the isolated energy data to ensure that the energy data under the chain is not tampered or damaged; establishing a credible computing model, completing multi-party identity authentication, and carrying out credible verification on multi-party energy data to ensure the credibility of a multi-party main body; the data credible processing method which combines credible calculation and a block chain and is scientific and reasonable realizes credible supervision on the processes of energy data collection and storage, supports the safety management of credible collection, demand side response, edge resource allocation and credible calculation and ensures the credible collection of the energy data.
The invention aims to provide a method for acquiring energy data by constructing a prediction machine acquisition module so as to ensure the credibility of energy data acquisition; a trusted computing sandbox is built to provide an isolation environment for energy data and ensure the credibility of an operation environment; a credible checking module is constructed, credible checking is carried out on the isolated energy data, and the condition that the energy data under the chain is not tampered or damaged is ensured; the method is characterized in that a trusted computing module is constructed to complete multi-party identity authentication and carry out multi-party energy data trusted verification, so that the credibility of multi-party main bodies is ensured, the credible supervision of the energy data collection and storage processes is realized, the safe management of credible collection, demand side response, edge resource allocation and credible computing is supported, and the scientific and reasonable data trusted computing system integrating credible computing and a block chain for credible collection of energy data is ensured.
In order to achieve one of the above objects, a first technical solution of the present invention is:
a data credible processing method fusing credible computation and a block chain,
the method comprises the following steps:
firstly, acquiring energy data, wherein the energy data is acquired by a meter implanted into a trusted computing module;
secondly, generating a message for the energy data in the first step according to a protocol rule, wherein the message at least comprises equipment information, time information and energy data information of an energy sensor;
thirdly, the message in the second step is sent to an internet of things gateway implanted with a trusted computing module through a communication module;
fourthly, after receiving the message in the third step, the gateway of the Internet of things completes the identity verification of the source of the energy data and sends the message to an energy data acquisition platform based on a trusted computing monitoring system;
fifthly, after the energy data acquisition platform in the fourth step receives the message, the energy data acquisition platform analyzes the message to obtain energy data;
sixthly, generating an energy data fingerprint from the energy data in the fifth step;
seventhly, uploading the energy data fingerprints in the sixth step to a block chain;
eighthly, after the energy data fingerprints in the seventh step are received by the block chain, carrying out credible verification on the energy data on the chain and the energy data on the chain, and comparing the credible verification with the energy data fingerprints uploaded before;
step nine, after the fingerprint verification of the energy data in the step eight is passed, storing the energy data in a warehouse to realize the chaining of the energy data;
and tenth, after the uplink of the energy data in the ninth step is finished, the energy data are sent to the under-chain energy source database corresponding to the block chain link point, the block chain link point checks the energy data fingerprint for reading the uplink energy data, and the under-chain energy source database passing the back block chain link point is checked to perform warehousing operation, so that the reliable acquisition and calculation of the energy data are realized.
Through continuous exploration and test, the energy data are collected and processed through a meter implanted with a trusted computing module and an Internet of things gateway implanted with the trusted computing module, so that the energy data have a strong identity certificate and the reliability of energy data collection is ensured; after the prediction machine uploads the energy data fingerprint to the block chain, credible verification of the energy data on the chain and on the chain is carried out, the energy data on the chain is guaranteed not to be tampered or damaged, and credible collection and calculation of the energy data are achieved.
Furthermore, the invention can complete the multi-party identity authentication by utilizing the trusted computing module, and carry out the trusted verification of the multi-party energy data, thereby ensuring the credibility of the multi-party main body.
Furthermore, the method and the system face the requirements of energy data credible acquisition and privacy protection, utilize a block chain and a credible computing technology to build a block chain platform, realize credible supervision on the energy data collection, storage and use processes, support the safety management of demand side response, edge resource allocation and credible computing, and ensure the scientificity and reasonability of the credible acquisition of the energy data.
Furthermore, the energy data credible computing method provided by the invention is a novel scattered credible computing paradigm and can be applied to various services based on energy data, such as energy transaction, demand side response, virtual power plants, green certificate transaction, green electricity transaction, carbon emission right transaction, energy right transaction and other wide application scenes.
The communication module comprises 485 or/and Wifi or/and 4G or/and Lora or/and NB-iot and other communication modes.
As a preferable technical measure:
the trusted computing process of the trusted computing module comprises the following steps:
adding a trusted computing module at an energy data acquisition terminal to ensure that the energy data acquisition terminal has a strong identity certificate;
simultaneously, performing credible measurement and evaluation on a meter implanted into the credible computing module and an Internet of things gateway implanted into the credible computing module through credible computing;
energy data acquisition and filtering tasks are completed by operating an energy data measurement and evaluation algorithm in a trusted computing environment of a propheter client at a gateway of the Internet of things, so that trusted acquisition of the energy data of the Internet of things is realized;
and the gateway of the Internet of things implanted into the trusted computing module establishes a safe local communication channel with the prophetic client through a hardware authentication mechanism in the trusted computing framework.
As a preferable technical measure:
the local communication channel establishment process is as follows:
step 1, an energy data acquisition terminal sends a remote authentication request to a pre-talker client;
step 2, the predictive terminal client receives the authentication request in the step 1, creates a trusted execution environment or a trusted execution environment with hardware, and then sends the authentication request to the trusted computing environment through an electronic energy data Exchange (EDL) interface for authentication;
step 3, the prediction machine client generates a remote authentication report by utilizing the inside of the trusted execution environment in the step 2, signs the remote authentication report and then sends the remote authentication report to the energy data acquisition terminal;
step 4, the energy data acquisition terminal verifies the signature in the step 3 through a public key certificate of the predictive speaker client, and a remote authentication report is sent to an authentication mechanism after the signature verification is passed; if the authentication is passed, the trusted execution environment of the propheter client is effective; and finally, the two parties successfully establish a secure transmission channel.
As a preferable technical measure:
the propheter client comprises a communication module, a check module and an intelligent contract;
after a local secure transmission channel is established, the predictive client periodically acquires energy data of the energy data acquisition terminal through a subscription and reading mechanism, completes the trusted cochain of the energy data, and realizes the non-repudiation and trusted traceability of the energy data, wherein the process is as follows:
s1, the client side of the prediction machine sends an energy data acquisition request to the energy data acquisition terminal at regular time according to the period set by the system administrator;
s2, the energy data acquisition terminal verifies the request information in the S1, and after the verification is passed, the energy data cached locally are sent to the client of the prediction machine through a secure transmission channel;
s3, predicting that the energy data existence and integrity in S2 are verified by the client, and ensuring the source correctness of the energy data and the authenticity of the energy data;
s4, calculating an energy data measurement and evaluation model according to the characteristics of the energy data in the S3, and deploying the energy data measurement and evaluation model in a trusted execution environment of the prophetic client to operate;
s5, the forecast client transmits the decrypted collected energy data to the energy data measurement and evaluation model in the credible execution environment in S4, and finally an evaluation value is output;
s6, after finishing the measurement and evaluation of the energy data in S5, the forecast client determines whether to upload the energy data to the block chain according to the relevant threshold set by the system administrator and the size and importance degree of the energy data;
and S7, uploading the information which can be linked up after the energy data measurement evaluation in the S6 is completed, and uploading the information to the block chain through an intelligent contract.
After the safe transmission channel is established locally, the prediction machine client periodically acquires the energy data of the energy data acquisition terminal through a subscription and reading mechanism, completes the credible uplink of the energy data, realizes the non-repudiation and credible traceability of the energy data, forms a calculation framework of a credible calculation and state channel, and realizes the business calculation of the energy data under the condition of privacy protection.
As a preferable technical measure:
the monitoring process of the trusted computing monitoring system comprises the following steps:
step 1, the trusted computing monitoring module system actively verifies a basic input/output system (BIOS) before a Central Processing Unit (CPU) of the energy data acquisition platform is started, and the CPU is allowed to run after the verification is passed, so that the active control of the energy data acquisition platform is ensured;
step 2, after the verification of the step 1 is passed, the trusted computing monitoring module system performs static integrity measurement on all application programs of the energy data acquisition platform before starting the application programs, and generates an integrity value;
step 3, after the static integrity measurement in the step 2 is completed, when the application program of the energy data acquisition platform runs, the integrity measurement program in the trusted computing monitoring module system supervises the running state of each application program, the generated integrity measurement value is stored in a trusted register of the trusted computing monitoring module system, and whether the energy data acquisition platform is tampered or not is judged according to the integrity measurement value;
step 4, after the judgment in the step 3 is completed, the trusted computing monitoring system uploads the monitoring log and the information of the trusted measurement value to the block chain;
step 5, the block chain verifies the credible measurement value and the credible reference value uploaded by the credible computing monitoring system in the step 4 through an intelligent contract, if the credible measurement value and the credible reference value exceed the set deviation value range, the energy data acquisition platform is considered to have tampering behavior, and the energy data transmitted by the energy data acquisition platform is not credible and is not stored in a warehouse; and if the deviation value range is not exceeded, the energy data sent by the energy data acquisition platform is considered to be credible.
As a preferable technical measure:
the credible verification method of the energy data on the chain and the chain comprises the following steps:
performing hash operation on the timestamp generated by the energy data uplink by using a descentrification timestamp and a cryptography technology through a client of the prediction machine to obtain a unique energy data ID;
meanwhile, the energy data hash value, the digital signature and the energy data ID are packaged to generate an energy data fingerprint which is stored in a block chain system;
and generating a credible reference value of the energy data storage node by using a credible computing technology and uploading the credible reference value to the block chain system for storage.
As a preferable technical measure:
the credible verification method of the energy data on the chain is a verification method of the energy data on the chain based on the energy data fingerprint, and when the credibility of the energy data is needed, the method specifically comprises the following steps:
step 61, the energy data check node sends an energy data credible check message, and calculates the Hash value Hash of the energy data according to the energy data under the link sent by the energy data storage node0
Step 62, the energy data storage node obtains a credible reference value of the energy data synchronization node, compares the reference value with the current credible measurement value, if the reference value is consistent with the current credible measurement value, the node passes the verification, otherwise, the importing process is stopped;
step 63, after the verification in the step 62 is passed, the energy data synchronization node performs timestamp information according to timestamp information reserved by the local energy source database0Generating unique energy data ID;
and 64, interacting the energy data synchronous nodes and the energy data credible check contract of the block chain, acquiring the energy data fingerprints stored in the block chain through the energy data ID in the step 63, and extracting the energy data Hash value Hash1
Step 65, comparing the Hash value Hash in the step 610And Hash value Hash in step 641Verifying the integrity of the energy data; if the two values are the same, the energy data completes the credible import of the energy data; otherwise, the energy data is tampered or damaged, and the importing process cannot be completed.
In order to achieve one of the above objects, a second technical solution of the present invention is:
a data trusted processing method fusing trusted computing and a block chain further comprises the following steps:
the method comprises the steps that a trusted computing sandbox is built for providing an isolation environment for energy data, the trusted computing sandbox is built according to a trusted computing-based edge energy data sandbox computing scheduling method, the trusted computing and sandbox computing technology is utilized, so that the outside cannot access the memory of an execution program, and a remote authenticator ensures the correct execution of tasks through the integrity metric value of the execution program and the sealed identity of the execution program; meanwhile, the safe loading of energy data and algorithm and the credible output of a calculation result are realized by using an asymmetric encryption transmission model and a homomorphic encryption technology;
the trusted computing sandbox realizes isolation of energy data in the using process by using trusted computing and sandbox computing technologies, ensures correct identity of an energy data user, secrecy and non-tampering of the energy data, and simultaneously ensures that the outside cannot access the memory of an execution program based on the memory protection and address mapping protection technologies of a trusted computing environment, thereby ensuring confidentiality and integrity of the execution program, and a remote authenticator can ensure correct execution of tasks through the integrity metric value and the sealed identity of the execution program; meanwhile, the safe loading of energy data and algorithm is realized by using an asymmetric encryption transmission model and a homomorphic encryption technology, and the stealing by others is prevented; and the credibility verification of the output result is completed, and the accuracy of the output result is guaranteed.
Establishing a trusted computing identity authentication process to finish multi-party identity verification, wherein the trusted computing identity authentication process is established according to a trusted computing management method based on a block chain, can face to the trusted requirement of energy data in trusted computing, and finishes multi-party identity authentication based on a cryptography technology;
establishing a credible verification model for verifying energy data, establishing according to an energy data fingerprint-based energy data uplink and downlink verification method, generating energy data fingerprints based on cryptography and a decentralized timestamp technology, completing organic association of energy data on the chain and downlink, and finally realizing credible verification of energy data on the chain and downlink by combining an intelligent contract;
the method comprises the steps that an asymmetric encryption transmission model based on a block chain is built, energy data are led into a trusted computing sandbox, the asymmetric encryption transmission model is built according to an asymmetric encryption transmission method based on the block chain, the energy data required by computing can be sent to the trusted computing sandbox after being asymmetrically encrypted, and the trusted computing sandbox utilizes a private key to decrypt;
constructing a calculation execution model for executing calculation and outputting a result;
the method comprises the steps of constructing a prediction machine acquisition model, constructing according to an energy data acquisition method integrating trusted computing and prediction machines, realizing strong identity certification of an acquisition terminal based on the trusted computing, realizing remote authentication by combining a prediction machine mechanism and a block chain system, operating an energy data measurement and evaluation algorithm in a trusted computing environment to complete energy data acquisition and filtering tasks, finally realizing energy data acquisition and uploading the energy data to the block chain system in a trusted manner, and meeting the requirements of credibility of energy data sources and reliability of energy data quality.
Through continuous exploration and test, a prediction machine acquisition model is constructed, energy data are acquired, and the credibility of energy data acquisition is ensured; a trusted computing sandbox is built to provide an isolation environment for energy data and ensure the credibility of an operation environment; establishing a credible verification model, and carrying out credible verification on the isolated energy data to ensure that the energy data under the chain is not tampered or damaged; and a credible computing identity authentication process is established, multi-party identity authentication is completed, multi-party energy data credible verification is carried out, and credibility of multi-party main bodies is ensured.
Furthermore, the method is oriented to the requirements of energy data credible acquisition and privacy protection, a block chain platform is built by using a block chain and a credible computing technology, a soft credible computing sandbox and a plurality of relevant models are built, the credible supervision on the energy data collection, storage and use processes is realized, the safety management of demand side response, edge resource allocation and credible computing is supported, and the scientific and reasonable credible acquisition of the energy data is ensured.
As a preferable technical measure:
the method for computing and scheduling the sandbox of the edge energy data of the trusted computing comprises a composition framework operation process, an energy data interaction process of nodes and the sandbox and an integral process of identity authentication in the trusted computing;
the component architecture operation process comprises the following steps:
step 11, initializing parameters of the calculation sandbox;
filling parameters into a blank area of a protected physical memory of the system through a special channel, so that the parameters required to be used in the system comprise a variable parameter and a preset parameter;
step 12, after the initialization of step 11 is completed, performing identity authentication for activating an extended instruction set in the protected CPU environment;
step 13, after the extended instruction set in step 12 is activated, performing application scheduling on the extended instruction set, and checking the validity of the memory;
step 14, after the parameters of the external energy data are encrypted and transmitted into the protected edge energy data sandbox, the edge energy data sandbox obtains the encrypted parameters of the external transmission and then dispatches the energy data decryptor to decrypt the transmitted energy data by the extended instruction set in the step 13 for correct execution of program operation;
and step 15, after the step 14 is correctly executed, encrypting and transmitting the result energy data of the trusted computing to the outside through a channel, and decrypting the result energy data by adopting the same flow when the energy data is used, so as to ensure that the identity of an energy data user is correct, and the energy data is secret and can not be tampered.
As a preferable technical measure:
the trusted computing management method based on the block chain comprises the following steps:
step 21, when the application program applies for creating an executive program, energy data measurement operation needs to be carried out, the integrity of the executive program needs to be verified in the last step of the creation process, and whether the program energy data is tampered in the application creation process is judged;
step 22, performing the energy data measurement operation in step 21 on each transmitted content to finally obtain a measurement result of a created sequence, and storing the measurement result in a control structure of a memory; then comparing the measurement result with an integrity value in a certificate signed by an owner of program execution through an identity authentication instruction;
step 23, if the integrity of the certificate in step 22 is matched, hashing the public key of the owner in the certificate, and storing the hashed public key as a sealed identity in the executive program control structure; if not, indicating that the creating process has problems, and returning a failure result by the instruction;
step 24, when the executive program reports the sealed identity of step 23 to the executive program on the platform, firstly acquiring the identity information and attribute of the current executive program and the platform hardware information, and adding the energy data which the user wants to interact to generate an energy data structure; then obtaining a secret key of the target executive program, generating an MAC label for the energy data structure, forming final self-backup energy data, transmitting the final self-backup energy data to the target executive program, and verifying whether the executive program requesting identity and the target executive program operate on the same platform or not by the target executive program;
step 25, after the initialization instruction is completed, the execution program in step 24 is entered, and then the internal memory protection and the address mapping protection of the edge energy data sandbox make the external world unable to access the internal memory of the execution program, so as to ensure the confidentiality and the integrity of the execution program, and the remote authenticator can ensure the correct execution of the task through the integrity measurement value and the sealed identity of the execution program;
and step 26, after the task execution in the step 25 is completed, performing credible calculation on the used energy data, and feeding back the result energy data.
As a preferable technical measure:
the asymmetric encryption transmission method based on the block chain comprises the following steps:
step 41, the task initiating node and the trusted computing sandbox respectively upload the public key, the trusted reference value and the log information to the block chain node;
step 42, the task initiating node imports the required energy data, uses a private key for signature, finally obtains a public key of the trusted computing sandbox from the block chain in step 41, encrypts the signed energy data and sends the encrypted energy data to the trusted computing sandbox;
step 43, the trusted computing sandbox obtains the encrypted energy data in step 42, firstly, the encrypted energy data is decrypted by using a private key of the trusted computing sandbox, a public key of the task initiating node is obtained from the block chain, and the public key is used for completing verification of the energy data signature;
step 44, calculating the input energy data by the trusted computing sandbox to obtain a calculation result;
step 45, the trusted computing sandbox signs the computing result in the step 44 by using the private key of the trusted computing sandbox, obtains the public key of the task initiating node from the block chain, encrypts the signed energy data and sends the encrypted energy data to the task initiating node;
step 46, the task initiating node obtains the encrypted calculation result in step 45, firstly uses its own private key to decrypt, and obtains the public key of the trusted calculation sandbox from the block chain, and completes the verification of the energy data signature by using the public key, and finally obtains the trusted calculation result.
As a preferable technical measure:
the energy data acquisition method integrating the trusted computing and the prediction machine comprises the following steps:
a trusted computing module is added at the energy data acquisition terminal, so that each energy data acquisition terminal has a strong identity certificate;
simultaneously, carrying out credible measurement and evaluation on the collected energy data;
the energy data acquisition terminal establishes a safe local communication channel with the prophetic client through a hardware authentication mechanism in the trusted computing framework; after the local communication channel is established, the propheter client periodically acquires the energy data of the energy data acquisition terminal through a subscription and reading mechanism, and the trusted cochain of the energy data is completed.
In order to achieve one of the above objects, a third technical solution of the present invention is:
a data trusted processing method fusing trusted computing and a block chain comprises the following steps:
firstly, a meter implanted into a trusted computing module generates a message from collected energy data according to a protocol rule, wherein the message comprises equipment information, time information and energy data information of an energy sensor, and the message is sent to an internet of things gateway implanted into the trusted computing module through a communication module;
secondly, after the message in the first step is successfully sent, the gateway of the Internet of things completes the identity verification of an energy data source party and sends the message to an energy data acquisition platform based on a trusted computing monitoring system;
thirdly, after the energy data acquisition platform in the second step receives the message, the energy data acquisition platform analyzes the message to obtain energy data;
fourthly, the energy data acquisition platform generates energy data fingerprints from the energy data in the third step;
fifthly, after the energy data acquisition platform in the fourth step generates energy data fingerprints from the energy data, uploading the energy data fingerprints to a block chain through a prediction machine;
sixthly, uploading the energy data fingerprint to the block chain by the prediction machine in the fifth step, performing credible verification on the energy data under the chain, reading the energy data fingerprint of the block chain by the energy data acquisition platform, and comparing the energy data fingerprint with the energy data fingerprint uploaded previously;
seventhly, after the fingerprint verification of the energy data in the sixth step is passed, the energy data acquisition platform stores the energy data in a warehouse to realize the chaining of the energy data;
and eighthly, after the uplink of the energy data in the seventh step is finished, the energy data acquisition platform sends the energy data to a cache region of the energy source database under the chain corresponding to the block chain node, the block chain node checks the energy data fingerprint for reading the uplink energy data, and the energy source database under the chain passing the back block chain node is checked to be put in storage, so that the reliable acquisition and calculation of the energy data are realized.
Through continuous exploration and test, the energy data are collected and processed through a meter implanted with a trusted computing module and an Internet of things gateway implanted with the trusted computing module, so that the energy data have a strong identity certificate and the reliability of energy data collection is ensured; after the prediction machine uploads the energy data fingerprint to the block chain, credible verification of the energy data on the chain and on the chain is carried out, the energy data on the chain is guaranteed not to be tampered or damaged, and credible collection and calculation of the energy data are achieved.
Furthermore, the invention can complete the multi-party identity authentication by utilizing the trusted computing module, and carry out the trusted verification of the multi-party energy data, thereby ensuring the credibility of the multi-party main body.
Furthermore, the method and the system face the requirements of energy data credible acquisition and privacy protection, utilize a block chain and a credible computing technology to build a block chain platform, realize credible supervision on the energy data collection, storage and use processes, support the safety management of demand side response, edge resource allocation and credible computing, and ensure the scientificity and reasonability of the credible acquisition of the energy data.
Furthermore, the energy data credible computing method provided by the invention is a novel scattered credible computing paradigm and can be applied to various services based on energy data, such as energy transaction, demand side response, virtual power plants, green certificate transaction, green electricity transaction, carbon emission right transaction, energy right transaction and other wide application scenes.
In order to achieve one of the above objects, a fourth technical solution of the present invention is:
a data trusted computing system fusing trusted computing with blockchains,
applying the above data credible processing method fusing credible computation and a block chain;
the system comprises a trusted computing sandbox module, a trusted computing module, a prediction machine acquisition module, a trusted verification module and a linked management module; the method realizes the credible supervision of the processes of collecting and storing the energy data, and supports the credible collection of the energy data, the response of a demand side, the allocation of edge resources and the safe management of credible calculation;
the trusted computing sandbox module is used for providing an isolation environment for the energy data in operation;
the credible computing module is used for completing multi-party identity authentication and carrying out credible verification on multi-party energy data;
the prediction machine acquisition module is used for acquiring energy data;
the credible checking module is used for carrying out credible checking on the energy data;
and the chain management module is used for realizing the management and control of a plurality of units on the chain.
Through continuous exploration and test, the invention constructs a prediction machine acquisition module to acquire energy data and ensure the credibility of energy data acquisition; a trusted computing sandbox is built to provide an isolation environment for energy data and ensure the credibility of an operation environment; a credible verification module is constructed, and credible verification is carried out on the isolated energy data to ensure that the energy data under the chain is not tampered or damaged; the method comprises the steps of constructing a credible computing module, completing multi-party identity authentication, carrying out credible verification on multi-party energy data, ensuring the credibility of multi-party main bodies, realizing credible supervision on the processes of energy data collection and storage, supporting credible collection, demand side response, edge resource allocation and safe management of credible computing, and ensuring the scientificity and reasonability of credible collection of the energy data.
Further, the data trusted processing method and system integrating trusted computing and the block chain are mainly used for solving the energy data trust problem before chaining of the energy data in the current block chain application process and the environment trust problem of business computing. Aiming at the credible problem of the uplink energy data, starting from an internet of things acquisition end or an internet of things energy data acquisition platform, a method of fusing a credible computing technology and a block chain technology is adopted, and the credible computing is embedded into the internet of things acquisition equipment, a prediction machine and a chain uplink and downlink energy data credible verification model, so that the credibility of the processes of energy data collection, transmission and storage is realized, and the credible energy data acquisition is ensured by combining the safety monitoring of the credible computing. Aiming at the problem of a business computing environment, the invention provides a computing architecture combining trusted computing and a state channel, and the business computing of energy data under the condition of privacy protection is realized.
Furthermore, the energy data acquisition method credible acquisition method provided by the invention is a novel decentralized credible acquisition method, and the credible calculation method is a novel decentralized credible calculation paradigm, and is applicable to various services based on energy data, such as energy metering, energy transaction, demand side response, virtual power plants, green certificate transaction, green electricity transaction, carbon emission right transaction, energy use right transaction and the like.
As a preferable technical measure:
the link management module comprises a prediction machine management unit, an energy data transmission link management unit, a link node management unit, a link policy service node management unit and a log audit unit;
the prediction machine management unit is used for maintaining prediction machine information and inquiring the credible state of the prediction machine;
the energy data transmission link management unit is used for transmission link safety test and transmission link control;
the chain node management unit is used for verifying the consistency of the chain node and controlling the service of the chain node;
the on-chain policy service node management unit is used for setting the policy of the on-chain policy service node, inquiring the decision state and inquiring the decision result;
and the log auditing unit is used for auditing the propheter logs, the energy data uplink records, the on-chain policy service node logs and the management platform logs.
Compared with the prior art, the invention has the following beneficial effects:
through continuous exploration and test, the energy data are acquired through the meter implanted with the trusted computing module and the gateway of the internet of things implanted with the trusted computing module, so that the energy data have a strong identity certificate and the reliability of energy data acquisition is ensured; after the prediction machine uploads the energy data fingerprint to the block chain, credible verification of the energy data on the chain and on the chain is carried out, the energy data on the chain is guaranteed not to be tampered or damaged, and credible collection and calculation of the energy data are achieved.
Furthermore, the invention constructs a prediction machine acquisition model to acquire energy data and ensure the credibility of energy data acquisition; a trusted computing sandbox is built to provide an isolation environment for energy data and ensure the credibility of an operation environment; establishing a credible verification model, and carrying out credible verification on the isolated energy data; for the verification of the energy data, the energy data under the chain is ensured not to be tampered or damaged; and a credible computing model is constructed, the multi-party identity authentication is completed, the credible verification of the multi-party energy data is carried out, and the credibility of the multi-party main body is ensured.
Furthermore, the method is oriented to the requirements of energy data credible acquisition and privacy protection, a block chain platform is built by using a block chain and a credible computing technology, a soft credible computing sandbox and a plurality of relevant models are built, the credible supervision on the energy data collection and storage process is realized, the safety management of demand side response, edge resource allocation and credible computing is supported, and the scientific and reasonable credible acquisition of the energy data is ensured.
Furthermore, the energy data credible computing method provided by the invention is a novel scattered credible computing paradigm and can be applied to various services based on energy data, such as energy transaction, demand side response, virtual power plants, green certificate transaction, green electricity transaction, carbon emission right transaction, energy right transaction and other wide application scenes.
Drawings
FIG. 1 is a prophetic energy data acquisition network incorporating trusted computing in accordance with the present invention;
FIG. 2 is a trusted sharing method of an energy data acquisition platform integrating trusted computing according to the present invention
FIG. 3 illustrates the trusted computing sandbox component architecture and operation of the present invention;
FIG. 4 is a process of the task initiating node interacting with the sandbox in accordance with the present invention;
FIG. 5 is a flowchart illustrating an identity authentication procedure in trusted edge computing according to the present invention;
fig. 6 is a chain uplink and downlink energy data credible verification method based on energy data fingerprints according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
On the contrary, the invention is intended to cover alternatives, modifications, equivalents and alternatives which may be included within the spirit and scope of the invention as defined by the appended claims. Furthermore, in the following detailed description of the present invention, certain specific details are set forth in order to provide a better understanding of the present invention. It will be apparent to one skilled in the art that the present invention may be practiced without these specific details.
The invention relates to a specific embodiment of a trusted processing method of energy data, which comprises the following steps:
a data credible processing method fusing credible computation and a block chain,
the method comprises the following steps:
firstly, a meter implanted into a trusted computing module generates a message from collected energy data according to a protocol rule, wherein the message comprises equipment information, time information and energy data information of an energy sensor, and the message is sent to an internet of things gateway implanted into the trusted computing module through a communication module;
secondly, after the message in the first step is successfully sent, the gateway of the Internet of things completes the identity verification of an energy data source party and sends the message to an energy data acquisition platform based on a trusted computing monitoring system;
thirdly, after the energy data acquisition platform in the second step receives the message, the energy data acquisition platform analyzes the message to obtain energy data;
fourthly, the energy data acquisition platform generates energy data fingerprints from the energy data in the third step;
fifthly, after the energy data acquisition platform in the fourth step generates energy data fingerprints from the energy data, uploading the energy data fingerprints to a block chain through a prediction machine;
sixthly, after uploading the energy data fingerprint to the block chain by the prediction machine in the fifth step, carrying out credible verification on the energy data on the chain and on the chain, reading the energy data fingerprint of the block chain by an energy data acquisition platform, and comparing the energy data fingerprint with the energy data fingerprint uploaded previously;
seventhly, after the fingerprint verification of the energy data in the sixth step is passed, the energy data acquisition platform stores the energy data in a warehouse to realize the chaining of the energy data;
and eighthly, after the uplink of the energy data in the seventh step is finished, the energy data acquisition platform sends the energy data to a cache region of the energy source database under the chain corresponding to the block chain node, the block chain node checks the energy data fingerprint for reading the uplink energy data, and the energy source database under the chain passing the back block chain node is checked to be put in storage, so that the reliable acquisition and calculation of the energy data are realized.
The invention discloses another embodiment of the energy data credible processing method, which comprises the following steps:
a data trusted processing method fusing trusted computing and a block chain comprises the following steps:
constructing a trusted computing sandbox for providing an isolation environment for energy data;
the trusted computing sandbox is constructed according to a trusted computing-based edge energy data sandbox computing scheduling method, the trusted computing and sandbox computing technology is utilized, so that the outside cannot access the memory of the execution program, and the remote authenticator can ensure the correct execution of the task through the integrity metric value and the sealed identity of the execution program; meanwhile, the safe loading of energy data and algorithm and the credible output of a calculation result are realized by using an asymmetric encryption transmission model and a homomorphic encryption technology;
establishing a trusted computing identity authentication process to finish multi-party identity verification, wherein the trusted computing identity authentication process is established according to a trusted computing management method based on a block chain, can face to the trusted requirement of energy data in trusted computing, and finishes multi-party identity authentication based on a cryptography technology;
establishing a credible verification model for verifying the energy data;
the credible verification model is constructed according to a chain uplink and downlink energy data verification method based on energy data fingerprints, the generation of the energy data fingerprints is realized based on cryptography and decentralized timestamp technology, the organic association of the chain uplink and downlink energy data is completed, and the credible verification of the chain uplink and downlink energy data is finally realized by combining an intelligent contract;
the method comprises the steps that an asymmetric encryption transmission model based on a block chain is built, energy data are led into a trusted computing sandbox, the asymmetric encryption transmission model is built according to an asymmetric encryption transmission method based on the block chain, the energy data required by computing can be sent to the trusted computing sandbox after being asymmetrically encrypted, and the trusted computing sandbox utilizes a private key to decrypt;
constructing a calculation execution model for executing calculation and outputting a result;
the method comprises the steps of constructing a prediction machine acquisition model, constructing according to an energy data acquisition method fusing trusted computing and a prediction machine, realizing strong identity certification of an acquisition terminal based on the trusted computing, realizing remote authentication by combining a prediction machine mechanism and a block chain system, operating an energy data measurement and evaluation algorithm in a trusted computing environment to complete energy data acquisition and filtering tasks, finally realizing energy data acquisition and uploading to the block chain system in a trusted manner, and meeting the requirements of energy data source credibility and energy data quality reliability.
As shown in fig. 1, a specific embodiment of a predictive engine energy data acquisition network that integrates trusted computing and a predictive engine according to the present invention:
in order to solve the problem that energy data of an energy Internet of things is not trusted, the trusted computing module is added at the meter, so that each meter has a strong identity certificate, and the trusted computing module guarantees safe and stable operation of an acquisition program. Meanwhile, in order to ensure the quality of the collected energy data, the collected energy data needs to be measured and evaluated in a credible manner. The energy data acquisition platform is oriented, a mode of integrating a trusted computing monitoring module system is adopted, the trusted computing monitoring module system carries out integrity measurement on the operating environment of the energy data platform, all-round supervision on the program execution condition of the energy data platform is achieved, the energy data in the energy data acquisition platform is guaranteed to be difficult to tamper, and accordingly the credibility of the energy data of the energy internet of things is guaranteed.
In the invention, the energy data acquisition terminal establishes a safe local communication channel with a prophetic client through a hardware authentication mechanism in a trusted computing framework, and the process is as follows:
(1) and the energy data acquisition terminal sends a remote authentication request to the talker client.
(2) And the predictive-speaker client receives the authentication request, creates a trusted execution environment, and then sends the authentication request to the trusted computing environment through the EDL (electronic energy data exchange) interface for authentication.
(3) And generating a remote authentication report inside the archive of the client of the prediction machine, signing the signature of the authentication report and then sending the signature to the energy data acquisition terminal.
(4) The energy data acquisition terminal verifies the signature through a public key certificate of the speaker client, and the remote authentication report is sent to an authentication agency after the signature verification is passed. If the authentication is passed, the trusted execution environment of the predictive client is valid. Finally, the two parties successfully establish a safe transmission channel, so that the collected energy data can be effectively prevented from being tampered by an attacker, and the integrity of the energy data is ensured.
After a local safe transmission channel is established, because energy data collected by the energy Internet of things can change dynamically, a prediction machine client in an edge gateway periodically acquires energy data of a collection end through a subscription and reading mechanism, completes the credible uplink of the energy data, and realizes the non-repudiation and credible traceability of the energy data, wherein the process is as follows:
(1) and the client of the prediction machine sends an energy data acquisition request to the energy data acquisition terminal at regular time according to the period set by the system administrator.
(2) And the energy data acquisition terminal verifies the request information, and sends the locally cached acquired energy data to the prophetic client through the local secure transmission channel after the verification is passed.
(3) The client of the prediction machine firstly verifies the existence and the integrity of the energy data, and ensures the correctness of the energy data source and the authenticity of the energy data.
(4) And training an energy data measurement and evaluation model according to the characteristics of the energy data, and deploying the energy data measurement and evaluation model in a trusted execution environment of the prediction machine client to operate.
(5) And the prediction machine client transmits the decrypted collected energy data to an energy data measurement and evaluation model in the trusted execution environment, and finally outputs an evaluation value.
(6) After the measurement and evaluation of the energy data are completed, the prediction machine client determines whether to upload the original energy data and the energy data fingerprint to the block chain network platform according to the relevant threshold set by a system administrator and the size and the importance of the energy data. And if the original energy data does not meet the requirements, the energy data fingerprint is uploaded to a chain storage certificate, and the original energy data is stored to a local energy database for subsequent application.
In the invention, a third-party energy data platform realizes the omnibearing supervision on the execution process of the energy data platform program through a running environment integrity measurement mechanism in a trusted computing module, prevents internal energy data from being maliciously tampered, collects key energy data to a propheter client in an edge gateway, and completes the trusted uploading of energy data, and the process is as follows:
(1) the trusted computing monitoring module system actively verifies the BIOS before the CPU of the energy data platform is started, and the CPU is allowed to run after verification, so that the active control of the whole platform is ensured.
(2) And the trusted computing monitoring module system performs static integrity measurement on all application programs of the energy data platform before starting the application programs and generates an integrity value.
(3) When the application program of the energy data platform runs, the integrity measurement program in the trusted computing monitoring module system supervises the running state of each application program, the generated integrity measurement value is stored into a trusted register of the trusted computing monitoring module system, and whether the energy data acquisition platform is attacked or not is judged according to the integrity measurement value.
(4) If the energy data acquisition platform is in a normal running state, a platform administrator establishes a trusted channel with a propaspect client of the internet of things gateway by using the trusted computing monitoring model system according to related requirements, and collects original energy data needing to be linked and stored to the internet of things gateway.
(5) And after the propheter client of the internet of things verifies and cleans the original energy data, the original energy data and the energy data fingerprint are sent to the block chain network platform through a remote communication channel.
As shown in fig. 2, fig. 3, fig. 4, and fig. 5, a specific embodiment of the method for computing and scheduling edge energy data sandbox based on trusted computing according to the present invention is as follows:
the method for computing and scheduling the edge energy data sandbox based on the trusted computing is divided into 2 parts, and comprises an architecture operation process and an integral process of identity authentication in the trusted edge computing. Respectively as follows:
(1) the whole calculation sandbox for trusted calculation needs to perform parameter initialization before activation so as to adapt to different use environments, have strong flexibility, and meanwhile, need to ensure the operation safety of the system. The administrator fills the parameters into the blank area of the protected physical memory of the system through a dedicated channel, so that the parameters required to be used in the system include two parts, namely variable parameters and preset parameters.
(2) After initialization is complete, authentication is required before the trusted computing edge energy data sandbox is used to activate the extended instruction set located in the protected CPU environment.
(3) After the working process of the instruction set is activated by the identity authentication, the instruction set can carry out application scheduling and memory validity check operation on the basis of the identity authentication. The whole operation is in a CPU environment, and meanwhile, the preset parameters of the system are obtained by addressing, so that an internal and external isolation effect is generated, and the complete operation of trusted computing is guaranteed.
(4) And after the parameters of the external energy data are encrypted, transmitting the encrypted parameters into a protected CPU sandbox environment. And after the encryption parameters which are transmitted from the outside are obtained, the energy data are dispatched by the extended instruction set and are decrypted by the energy data decryptor for the correct execution of the program operation.
(5) The result energy data of the credible calculation is encrypted and transmitted to the outside through a channel, and the same flow is adopted for decryption when the energy data is used, so that the identity of an energy data user is ensured to be correct, and the energy data is secret and can not be tampered.
(1) When an application program applies for creating an executive program, energy data and measurement operation are required, the integrity of the executive program is required to be verified in the last step of the creation process, and whether the program energy data, such as energy data in a physical address, is tampered in the application creation process is judged.
(2) And finally obtaining a measurement result of the created sequence by measuring the content of each transmission, and storing the measurement result in a control structure of a memory. This result is then compared by the authentication instructions to the integrity value in the owner-signed certificate of program execution.
(3) When the integrity of the certificate is matched, the public key of the owner in the certificate is hashed, and the public key is used as a sealed identity and is stored in the execution program control structure; if not, the problem exists in the creating process, and the instruction returns a failure result.
(4) When an executive program reports identities to other executive programs on a platform, firstly acquiring identity information and attributes of the current executive program and platform hardware information, and adding energy data which a user wants to interact to generate an energy data structure; and then acquiring a secret key of the target executive program, generating an MAC label for the energy data structure, forming final identity energy data, transmitting the final identity energy data to the target executive program, and verifying whether the executive program requesting identity and the target executive program operate on the same platform or not by the target executive program.
(5) After the initialization instruction is successfully carried out, the CPU execution program can be entered, and then the internal memory protection and the address mapping protection of the edge energy data sandbox enable the outside world not to access the internal memory of the execution program, so that the confidentiality and the integrity of the execution program are guaranteed, and a remote authenticator can ensure the correct execution of tasks through the integrity measurement value and the sealed identity of the execution program.
(6) And after the task is executed, performing trusted calculation on the used energy data, and feeding back the result energy data.
Fig. 6 shows an embodiment of a trusted verification method for uplink and downlink energy data based on energy data fingerprint according to the present invention:
in the energy data credibility verification method, a prediction machine client side obtains a unique energy data ID by utilizing a decentralized timestamp and a cryptography technology according to a timestamp generated by chaining energy data and carrying out hash operation on the timestamp, and meanwhile, an energy data hash value, a digital signature and an energy data collector ID are packaged to generate an energy data fingerprint to be stored in a block chain system.
When the energy data is required to be verified in a trusted manner, the process mainly includes two parts of trusted reference value generation uplink and energy data verification, as shown in fig. 6:
the trusted benchmark cochain process is as follows:
(1) and acquiring the node energy data fingerprint, and judging whether the initialization of the credibility measurement is finished.
(2) And if the initialization of the credibility measurement is finished, acquiring a state change parameter from the block chain, generating a credible reference value of the state based on the software credible base of the last state and the parameter change, and uplink-storing the credible reference value to the corresponding energy data fingerprint block chain.
(3) If the credibility measurement initialization is not completed, generating a software credibility reference value based on a hardware credible root from the acquired file, the memory, the dynamic loading, the network and the behavior energy data number, and performing uplink storage on the credibility reference value to obtain a corresponding energy data fingerprint block chain.
The energy data verification process is as follows:
(1) the energy data check node firstly calculates the energy data Hash value Hash of the energy data storage node according to the request message0
(2) The energy data check node stores timestamp information reserved by the node according to the energy data0And generating the unique energy data ID.
(3) The energy data check nodes interact with the energy data credible check contract of the block chain, the energy data fingerprints and the node credible reference value stored in the block chain are obtained through the energy data ID, and the energy data Hash value Hash is extracted1
(4) And comparing the current credible measurement value of the energy data node with the credible reference value by the energy data check node, if the current credible measurement value of the energy data node is consistent with the credible reference value, the energy data storage node passes the check, otherwise, the energy data storage node is attacked or fails to operate.
(5) Comparing two Hash values Hash0And Hash1And verifying the integrity of the energy data. If the two values are the same, the original energy data successfully complete the credibility check of the energy data, which indicates that the energy data is not tampered, otherwise, the original energy data is tampered or damaged.
The invention relates to a block chain-based trusted computing module management method, which comprises the following specific embodiments:
in order to guarantee the credibility of energy data in the credible computing process, the credible storage, the verification and the use of the energy data are realized based on a prediction machine and a block chain technology, and a credible computing process and a chain management module based on a block chain comprise the following contents:
1. the prediction machine client carries out a credible calculation active immunity capability test, and when the test is passed, the prediction machine environment is proved to be credible, and the next step is continued; if the predicted state of the prediction machine is not passed, the state of the prediction machine is proved to be abnormal, and the state is reported to the management platform and is analyzed and processed by the management platform.
2. The energy data are uploaded to a prediction machine through a meter and the like to be processed to form energy data, the energy data are copied, the energy data are prepared to generate energy data fingerprints and are linked up for storage, and the energy data are calculated in a credible mode in the second mode.
3. The first energy data is ready for uplink, and the uplink preparation is started. And performing identity authentication of the prediction machine and identity authentication of the block link points.
If both pass, both sides negotiate the session key; if any one of the information is failed, the information is reported to the management platform and is analyzed and processed by the management platform. And after the session key is successfully negotiated, sending a negotiation result to the software-based control node, carrying out bidirectional trusted evaluation, carrying out platform identity authentication and carrying out integrity verification. And generating an evaluation result according to the three detections, and uploading the result to the on-chain policy service node.
4. And the on-chain policy service node provides a decision, the decision information is sent to the propheter client and the block chain node, and the propheter client opens the corresponding port and the credible uplink channel according to the decision information.
And chaining the energy data fingerprints, and synchronizing the energy data of the account book so that the energy data has non-repudiation and traceability. After the energy data is uplinked, the entire system can be chain managed.
The on-chain management module includes the following parts:
1) the speaker management unit: the method comprises the steps of maintaining the information of the prediction machine and inquiring the credible state of the prediction machine.
2) Energy data transmission link management unit: the method comprises transmission link safety testing and transmission link control.
3) A chain node management unit: the method comprises the steps of verifying consistency of the nodes on the chain and controlling service of the nodes on the chain.
Managing the service nodes of the strategy on the chain: the method comprises the steps of strategy setting of a strategy service node on a chain, decision state inquiry and decision result inquiry.
4) A log auditing unit: the method comprises a client log of a prediction machine, an energy data uplink record, a policy service node log on a chain and a management platform log.
5. The energy data are sent to the credible sandbox by the client of the prediction speaker, two parts of energy data exist in the credible sandbox, one part of the energy data is original energy data sent by the client of the prediction speaker, the other part of the energy data is energy data fingerprints sent by the block chain nodes, and the credible sandbox conducts multi-party energy data verification and completes corresponding calculation tasks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.

Claims (15)

1. A data credible processing method fusing credible computation and a block chain is characterized in that,
the method comprises the following steps:
firstly, acquiring energy data, wherein the energy data is acquired by a meter implanted into a trusted computing module;
secondly, generating a message for the energy data in the first step according to a protocol rule, wherein the message at least comprises equipment information, time information and energy data information of an energy sensor;
thirdly, the message in the second step is sent to an internet of things gateway implanted with a trusted computing module through a communication module;
fourthly, after receiving the message in the third step, the gateway of the Internet of things completes the identity verification of the source of the energy data and sends the message to an energy data acquisition platform based on a trusted computing monitoring system;
fifthly, after the energy data acquisition platform in the fourth step receives the message, the energy data acquisition platform analyzes the message to obtain energy data;
sixthly, generating an energy data fingerprint from the energy data in the fifth step;
seventhly, uploading the energy data fingerprints in the sixth step to a block chain;
eighthly, after the block chain receives the energy data fingerprint in the seventh step, carrying out credible verification on the energy data on the chain and the energy data on the chain, and comparing the energy data with the energy data fingerprint uploaded previously;
step nine, after the energy data fingerprint verification in the step eight is passed, storing the energy data in a warehouse to realize the chaining of the energy data;
and tenth, after the uplink of the energy data in the ninth step is finished, the energy data are sent to the under-chain energy source database corresponding to the block chain link point, the block chain link point checks the energy data fingerprint for reading the uplink energy data, and the under-chain energy source database passing the back block chain link point is checked to perform warehousing operation, so that the reliable acquisition and calculation of the energy data are realized.
2. The method for processing data by fusing trusted computing and block chaining as claimed in claim 1,
the trusted computing process of the trusted computing module comprises the following steps:
performing credible measurement and evaluation on a meter implanted into the credible computing module and an Internet of things gateway implanted into the credible computing module through credible computing;
energy data acquisition and filtering tasks are completed by operating an energy data measurement and evaluation algorithm in a trusted computing environment of a propheter client at a gateway of the Internet of things, so that trusted acquisition of the energy data of the Internet of things is realized;
and the gateway of the Internet of things implanted into the trusted computing module establishes a safe local communication channel with the prophetic client through a hardware authentication mechanism in the trusted computing framework.
3. The method for processing data by fusing trusted computing and block chaining as claimed in claim 2,
the local communication channel establishment process is as follows:
step 1, an energy data acquisition terminal sends a remote authentication request to a pre-talker client;
step 2, the predictive terminal client receives the authentication request in the step 1, creates a trusted execution environment, and then sends the authentication request to the trusted computing environment through the EDL interface for authentication;
step 3, the prediction machine client generates a remote authentication report by utilizing the inside of the trusted execution environment in the step 2, signs the remote authentication report and then sends the remote authentication report to the energy data acquisition terminal;
step 4, the energy data acquisition terminal verifies the signature in the step 3 through a public key certificate of the predictive speaker client, and a remote authentication report is sent to an authentication mechanism after the signature verification is passed; if the authentication is passed, the trusted execution environment of the propheter client is valid; and finally, the two parties successfully establish a secure transmission channel.
4. The method for trusted processing of data fusing trusted computing with blockchains according to claim 3,
the propheter client comprises a communication module, a check module and an intelligent contract;
after a local secure transmission channel is established, the predictive client periodically acquires energy data of the energy data acquisition terminal through a subscription and reading mechanism, completes the trusted cochain of the energy data, and realizes the non-repudiation and trusted traceability of the energy data, wherein the process is as follows:
s1, the client side of the prediction machine sends an energy data acquisition request to the energy data acquisition terminal at regular time according to the period set by the system administrator;
s2, the energy data acquisition terminal verifies the request information in the S1, and after the verification is passed, the energy data cached locally are sent to the client of the prediction machine through a secure transmission channel;
s3, predicting that the energy data existence and integrity in S2 are verified by the client, and ensuring the source correctness of the energy data and the authenticity of the energy data;
s4, calculating an energy data measurement and evaluation model according to the characteristics of the energy data in the S3, and deploying the energy data measurement and evaluation model in a trusted execution environment of the prophetic client to operate;
s5, the forecast client transmits the decrypted collected energy data to the energy data measurement and evaluation model in S4, and finally an evaluation value is output;
s6, after finishing the measurement and evaluation of the energy data in S5, the forecast client determines whether to upload the energy data to the block chain according to the relevant threshold set by the system administrator and the size and importance degree of the energy data;
and S7, uploading the information which can be linked up after the energy data measurement evaluation in the S6 is completed, and uploading the information to the block chain through an intelligent contract.
5. The method for processing data by fusing trusted computing and block chaining as claimed in claim 1,
the monitoring process of the trusted computing monitoring system comprises the following steps:
step 1, the trusted computing monitoring module system actively verifies a basic input/output system (BIOS) before a Central Processing Unit (CPU) of the energy data acquisition platform is started, and the CPU is allowed to run after the verification is passed, so that the active control of the energy data acquisition platform is ensured;
step 2, after the verification of the step 1 is passed, the trusted computing monitoring module system performs static integrity measurement on all application programs of the energy data acquisition platform before starting the application programs, and generates an integrity value;
step 3, after the static integrity measurement in the step 2 is completed, when the application program of the energy data acquisition platform runs, the integrity measurement program in the trusted computing monitoring module system supervises the running state of each application program, the generated integrity measurement value is stored in a trusted register of the trusted computing monitoring module system, and whether the energy data acquisition platform is tampered or not is judged according to the integrity measurement value;
step 4, after the judgment in the step 3 is completed, the trusted computing monitoring system uploads the monitoring log and the information of the trusted measurement value to the block chain;
step 5, the block chain verifies the credible measurement value and the credible reference value uploaded by the credible computing monitoring system in the step 4 through an intelligent contract, if the credible measurement value and the credible reference value exceed the set deviation value range, the energy data acquisition platform is considered to have tampering behavior, and the energy data transmitted by the energy data acquisition platform is not credible and is not stored in a warehouse; and if the deviation value range is not exceeded, the energy data sent by the energy data acquisition platform is considered to be credible.
6. The method for trusted processing of data fusing trusted computing with blockchains according to claim 1,
the credible verification method of the energy data on the chain and the chain comprises the following steps:
performing hash operation on the timestamp generated by the energy data uplink by using a descentrification timestamp and a cryptography technology through a client of the prediction machine to obtain a unique energy data ID;
meanwhile, the energy data hash value, the digital signature and the energy data ID are packaged to generate an energy data fingerprint which is stored in a block chain system;
and generating a credible reference value of the energy data storage node by using a credible computing technology and uploading the credible reference value to the block chain system for storage.
7. The method for processing data by fusing trusted computing and block chaining as claimed in claim 1,
the credible verification method for the energy data on the chain and the chain down is a verification method for the energy data on the chain and the chain down based on the energy data fingerprint, and when the credible energy data needs to be carried out, the method specifically comprises the following steps:
step 61, the energy data check node sends an energy data credible check message, and calculates the Hash value Hash of the energy data according to the energy data under the link sent by the energy data storage node0
Step 62, the energy data storage nodes acquire the credible reference values of the energy data synchronization nodes, compare the credible reference values with the current credible metric values, if the values are consistent, the nodes pass the verification, and if not, the importing process is stopped;
step 63, after the verification in the step 62 is passed, the energy data synchronization node performs timestamp information according to timestamp information reserved by the local energy source database0Generating unique energy data ID;
and 64, interacting the energy data synchronous nodes and the energy data credible check contract of the block chain, acquiring the energy data fingerprints stored in the block chain through the energy data ID in the step 63, and extracting the energy data Hash value Hash1
Step 65, comparing the Hash value Hash in the step 610And Hash value Hash in step 641Verifying the integrity of the energy data; if the two values are the same, the energy data completes the credible import of the energy data; otherwise, the energy data is tampered or damaged, and the importing process cannot be completed.
8. The method for trusted processing of data fusing trusted computing and blockchains according to one of claims 1 to 7,
the method also comprises the following steps:
the method comprises the steps that a trusted computing sandbox is built for providing an isolation environment for energy data, the trusted computing sandbox is built according to a trusted computing-based edge energy data sandbox computing scheduling method, the trusted computing and sandbox computing technology is utilized, so that the outside cannot access the memory of an execution program, and a remote authenticator ensures the correct execution of tasks through the integrity metric value of the execution program and the sealed identity of the execution program; meanwhile, the safe loading of energy data and algorithm and the credible output of a calculation result are realized by using an asymmetric encryption transmission model and a homomorphic encryption technology;
establishing a trusted computing identity authentication process to finish multi-party identity verification, wherein the trusted computing identity authentication process is established according to a trusted computing management method based on a block chain, can face to the trusted requirement of energy data in trusted computing, and finishes multi-party identity authentication based on a cryptography technology;
establishing a credible verification model for verifying energy data, establishing the credible verification model according to an energy data fingerprint-based energy data verification method under a chain, realizing the generation of energy data fingerprints based on cryptography and decentralized timestamp technology, finishing the organic association of energy data under the chain, and finally realizing the credible verification of the energy data under the chain by combining an intelligent contract;
the method comprises the steps that an asymmetric encryption transmission model based on a block chain is built, energy data are led into a trusted computing sandbox, the asymmetric encryption transmission model is built according to an asymmetric encryption transmission method based on the block chain, the energy data required by computing can be sent to the trusted computing sandbox after being asymmetrically encrypted, and the trusted computing sandbox utilizes a private key to decrypt;
constructing a calculation execution model for executing calculation and outputting a result;
the method comprises the steps of constructing a prediction machine acquisition model, constructing according to an energy data acquisition method fusing trusted computing and a prediction machine, realizing strong identity certification of an acquisition terminal based on the trusted computing, realizing remote authentication by combining a prediction machine mechanism and a block chain system, operating an energy data measurement and evaluation algorithm in a trusted computing environment to complete energy data acquisition and filtering tasks, finally realizing energy data acquisition and uploading to the block chain system in a trusted manner, and meeting the requirements of energy data source credibility and energy data quality reliability.
9. The method for trusted processing of data fusing trusted computing and blockchains according to claim 8,
the method for computing and scheduling the sandbox of the edge energy data of the trusted computing comprises a composition framework operation process, an energy data interaction process of nodes and the sandbox and an integral process of identity authentication in the trusted computing;
the component architecture operation process comprises the following steps:
step 11, initializing parameters of the calculation sandbox;
filling parameters into a blank area of a protected physical memory of the system through a special channel, so that the parameters required to be used in the system comprise a variable parameter and a preset parameter;
step 12, after the initialization of step 11 is completed, performing identity authentication for activating an extended instruction set in the protected CPU environment;
step 13, after the extended instruction set in step 12 is activated, performing application scheduling on the extended instruction set, and checking the validity of the memory;
step 14, after the parameters of the external energy data are encrypted and transmitted into the protected edge energy data sandbox, the edge energy data sandbox obtains the encrypted parameters of the external transmission and then dispatches the energy data decryptor to decrypt the transmitted energy data by the extended instruction set in the step 13 for correct execution of program operation;
and step 15, after the step 14 is correctly executed, encrypting and transmitting the result energy data of the trusted computing to the outside through a channel, and decrypting the result energy data by adopting the same flow when the energy data is used, so as to ensure that the identity of an energy data user is correct, and the energy data is secret and can not be tampered.
10. The method for trusted processing of data fusing trusted computing and blockchains according to claim 8,
the trusted computing management method based on the block chain comprises the following steps:
step 21, when the application program applies for creating an executive program, energy data measurement operation needs to be carried out, the integrity of the executive program needs to be verified in the last step of the creation process, and whether the program energy data is tampered in the application creation process is judged;
step 22, performing the energy data measurement operation in step 21 on each transmitted content to finally obtain a measurement result of a created sequence, and storing the measurement result in a control structure of a memory; then comparing the measurement result with an integrity value in a certificate signed by an owner of program execution through an identity authentication instruction;
step 23, if the integrity of the certificate in step 22 is matched, hashing the public key of the owner in the certificate, and storing the hashed public key as a sealed identity in the executive program control structure; if not, indicating that the creating process has problems, and returning a failure result by the instruction;
step 24, when the executive program reports the sealed identity of step 23 to the executive program on the platform, firstly acquiring the identity information and attribute of the current executive program and the platform hardware information, and adding the energy data which the user wants to interact to generate an energy data structure; then obtaining a secret key of the target executive program, generating a label for an energy data structure, forming final self-backup energy data, transmitting the final self-backup energy data to the target executive program, and verifying whether the executive program requesting identity and the target executive program run on the same platform or not by the target executive program;
step 25, after the initialization instruction is completed, the execution program in step 24 is entered, and then the internal memory protection and the address mapping protection of the edge energy data sandbox make the external world unable to access the internal memory of the execution program, so as to ensure the confidentiality and the integrity of the execution program, and the remote authenticator can ensure the correct execution of the task through the integrity measurement value and the sealed identity of the execution program;
and step 26, after the task execution in the step 25 is completed, performing credible calculation on the used energy data, and feeding back the result energy data.
11. The method for trusted processing of data fusing trusted computing and blockchains according to claim 8,
the asymmetric encryption transmission method based on the block chain comprises the following steps:
step 41, the task initiating node and the trusted computing sandbox respectively upload the public key, the trusted reference value and the log information to the block chain node;
step 42, the task initiating node imports the required energy data, uses a private key for signature, finally obtains a public key of the trusted computing sandbox from the block chain in step 41, encrypts the signed energy data and sends the encrypted energy data to the trusted computing sandbox;
step 43, the trusted computing sandbox obtains the encrypted energy data in step 42, firstly, the encrypted energy data is decrypted by using a private key of the trusted computing sandbox, a public key of the task initiating node is obtained from the block chain, and the public key is used for completing verification of the energy data signature;
step 44, the credible computing sandbox computes the input energy data to obtain a computing result;
step 45, the trusted computing sandbox signs the computing result in the step 44 by using the private key of the trusted computing sandbox, obtains the public key of the task initiating node from the block chain, encrypts the signed energy data and sends the encrypted energy data to the task initiating node;
step 46, the task initiating node obtains the encrypted calculation result in step 45, firstly, decrypts by using its own private key, obtains the public key of the trusted calculation sandbox from the block chain, and completes the verification of the energy data signature by using the public key, finally, obtains the trusted calculation result.
12. The method for trusted processing of data fusing trusted computing with blockchains according to claim 8,
the energy data acquisition method integrating the trusted computing and the prediction machine comprises the following steps:
a trusted computing module is added at the energy data acquisition terminal, so that each energy data acquisition terminal has a strong identity certificate;
simultaneously, carrying out credible measurement and evaluation on the collected energy data;
the energy data acquisition terminal establishes a safe local communication channel with the prophetic client through a hardware authentication mechanism in the trusted computing framework; after the local communication channel is established, the propheter client periodically acquires the energy data of the energy data acquisition terminal through a subscription and reading mechanism, and the trusted cochain of the energy data is completed.
13. A data credible processing method fusing credible computation and block chains is characterized in that,
the method comprises the following steps:
firstly, a meter implanted into a trusted computing module generates a message from collected energy data according to a protocol rule, wherein the message comprises equipment information, time information and energy data information of an energy sensor, and the message is sent to an internet of things gateway implanted into the trusted computing module through a communication module;
secondly, after the message in the first step is successfully sent, the gateway of the Internet of things completes the identity verification of an energy data source party and sends the message to an energy data acquisition platform based on a trusted computing monitoring system;
thirdly, after the energy data acquisition platform in the second step receives the message, the energy data acquisition platform analyzes the message to obtain energy data;
fourthly, the energy data acquisition platform generates energy data fingerprints from the energy data in the third step;
fifthly, after the energy data acquisition platform in the fourth step generates energy data fingerprints from the energy data, uploading the energy data fingerprints to a block chain through a prediction machine;
sixthly, uploading the energy data fingerprint to the block chain by the prediction machine in the fifth step, performing credible verification on the energy data under the chain, reading the energy data fingerprint of the block chain by the energy data acquisition platform, and comparing the energy data fingerprint with the energy data fingerprint uploaded previously;
seventhly, after the fingerprint verification of the energy data in the sixth step is passed, the energy data acquisition platform stores the energy data in a warehouse to realize the chaining of the energy data;
and eighthly, after the uplink of the energy data in the seventh step is finished, the energy data acquisition platform sends the energy data to a cache region of the energy source database under the chain corresponding to the block chain node, the block chain node checks the energy data fingerprint for reading the uplink energy data, and the energy source database under the chain passing the back block chain node is checked to be put in storage, so that the reliable acquisition and calculation of the energy data are realized.
14. A data trusted computing system fusing trusted computing and blockchains,
applying a trusted data processing method fusing trusted computing and blockchains according to any one of claims 1 to 13;
the system comprises a trusted computing sandbox module, a trusted computing module, a prediction machine acquisition module, a trusted verification module and a linked management module; the method realizes the credible supervision of the processes of collecting and storing the energy data, and supports the credible collection of the energy data, the response of a demand side, the allocation of edge resources and the safe management of credible calculation;
the trusted computing sandbox module is used for providing an isolation environment for the energy data in operation;
the credible computing module is used for completing multi-party identity authentication and carrying out credible verification on multi-party energy data;
the prediction machine acquisition module is used for acquiring energy data;
the credible checking module is used for carrying out credible checking on the energy data;
and the chain management module is used for realizing the management and control of a plurality of units on the chain.
15. The data trusted computing system that fuses trusted computing with blockchains according to claim 14,
the link management module comprises a prediction machine management unit, an energy data transmission link management unit, a link node management unit, a link policy service node management unit and a log audit unit;
the prediction machine management unit is used for maintaining prediction machine information and inquiring the credible state of the prediction machine;
the energy data transmission link management unit is used for transmission link safety test and transmission link control;
the chain node management unit is used for verifying the consistency of the chain node and controlling the service of the chain node;
the on-chain policy service node management unit is used for setting the policy of the on-chain policy service node, inquiring the decision state and inquiring the decision result;
and the log auditing unit is used for auditing the propheter logs, the energy data uplink records, the on-chain policy service node logs and the management platform logs.
CN202210353338.XA 2022-04-06 2022-04-06 Data trusted processing method and system fusing trusted computing and block chain Active CN114499895B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210353338.XA CN114499895B (en) 2022-04-06 2022-04-06 Data trusted processing method and system fusing trusted computing and block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210353338.XA CN114499895B (en) 2022-04-06 2022-04-06 Data trusted processing method and system fusing trusted computing and block chain

Publications (2)

Publication Number Publication Date
CN114499895A true CN114499895A (en) 2022-05-13
CN114499895B CN114499895B (en) 2022-07-29

Family

ID=81488160

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210353338.XA Active CN114499895B (en) 2022-04-06 2022-04-06 Data trusted processing method and system fusing trusted computing and block chain

Country Status (1)

Country Link
CN (1) CN114499895B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220094551A1 (en) * 2020-09-21 2022-03-24 Jason Burt Verification of the reliability of software and devices against assertions and guarantees
CN114969724A (en) * 2022-07-28 2022-08-30 山东省计算中心(国家超级计算济南中心) External data source data credible uplink method and system
CN115118465A (en) * 2022-06-13 2022-09-27 北京寰宇天穹信息技术有限公司 Cloud edge-side cooperative zero trust access control method and system based on trusted label
CN115208885A (en) * 2022-07-13 2022-10-18 上海柚子工道物联技术有限公司 Data credible computing method, system and medium based on block chain
CN115248823A (en) * 2022-06-17 2022-10-28 上海英帕斯科技有限公司 Time sequence data analysis system based on block chain and trusted execution environment
CN115314513A (en) * 2022-06-16 2022-11-08 北京邮电大学 Trust twinning method based on block chain and related equipment
CN115580413A (en) * 2022-12-07 2023-01-06 南湖实验室 Zero-trust multi-party data fusion calculation method and device
CN116866045A (en) * 2023-07-18 2023-10-10 四川华西集采电子商务有限公司 Block chain credible predictor decision support system based on access control rule
CN117033705A (en) * 2023-10-10 2023-11-10 北京鼎诚鸿安科技发展有限公司 Data value-added service method for client side energy interconnection
CN117852103A (en) * 2024-03-07 2024-04-09 南昌大学 Trusted data tracing method and system based on blockchain trust root concept

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110086804A (en) * 2019-04-25 2019-08-02 广州大学 A kind of internet of things data method for secret protection based on block chain and reliable hardware
US20190377811A1 (en) * 2018-06-07 2019-12-12 Coinfirm Blockchain Lab Sp. Zo.o. Method For Registration Of Data In A Blockchain Database And A Method For Verifying Data
CN111464655A (en) * 2020-04-10 2020-07-28 深圳物缘科技有限公司 Block chain-based Internet of things data management method and system
CN111478902A (en) * 2020-04-07 2020-07-31 江苏润和智融科技有限公司 Power edge gateway equipment and sensing data uplink storage method based on same
CN111740838A (en) * 2020-05-22 2020-10-02 青岛万民科技有限公司 Trusted uplink method and system for block chain data
CN112417494A (en) * 2020-10-26 2021-02-26 国网浙江省电力有限公司电力科学研究院 Power block chain system based on trusted computing
CN112685776A (en) * 2020-12-30 2021-04-20 杭州亿房达科技有限公司 Privacy data credibility verification method based on block chain and privacy security calculation
CN112967775A (en) * 2021-03-26 2021-06-15 清华大学 Medical health data credible sharing method and system based on block chain
CN113268753A (en) * 2021-05-24 2021-08-17 北京邮电大学 Block chain-based data controlled circulation method
CN113553574A (en) * 2021-07-28 2021-10-26 浙江大学 Internet of things trusted data management method based on block chain technology
CN113708934A (en) * 2021-07-22 2021-11-26 中国电力科学研究院有限公司 Energy internet credible interaction data model based on block chain in heterogeneous environment

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190377811A1 (en) * 2018-06-07 2019-12-12 Coinfirm Blockchain Lab Sp. Zo.o. Method For Registration Of Data In A Blockchain Database And A Method For Verifying Data
CN110086804A (en) * 2019-04-25 2019-08-02 广州大学 A kind of internet of things data method for secret protection based on block chain and reliable hardware
CN111478902A (en) * 2020-04-07 2020-07-31 江苏润和智融科技有限公司 Power edge gateway equipment and sensing data uplink storage method based on same
CN111464655A (en) * 2020-04-10 2020-07-28 深圳物缘科技有限公司 Block chain-based Internet of things data management method and system
CN111740838A (en) * 2020-05-22 2020-10-02 青岛万民科技有限公司 Trusted uplink method and system for block chain data
CN112417494A (en) * 2020-10-26 2021-02-26 国网浙江省电力有限公司电力科学研究院 Power block chain system based on trusted computing
CN112685776A (en) * 2020-12-30 2021-04-20 杭州亿房达科技有限公司 Privacy data credibility verification method based on block chain and privacy security calculation
CN112967775A (en) * 2021-03-26 2021-06-15 清华大学 Medical health data credible sharing method and system based on block chain
CN113268753A (en) * 2021-05-24 2021-08-17 北京邮电大学 Block chain-based data controlled circulation method
CN113708934A (en) * 2021-07-22 2021-11-26 中国电力科学研究院有限公司 Energy internet credible interaction data model based on block chain in heterogeneous environment
CN113553574A (en) * 2021-07-28 2021-10-26 浙江大学 Internet of things trusted data management method based on block chain technology

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
GIANCARLO FORTINO: "Keynote Speech 1: Blockchain-enabled Trust in Edge-based Internet of Things Architectures: State of the art and Research Challenges", 《2021 THIRD INTERNATIONAL CONFERENCE ON BLOCKCHAIN COMPUTING AND APPLICATIONS (BCCA)》 *
XINZHONG TANG;BING ZHUANG;YING YAO;XUESONG DONG: "Research on high-reliability intelligent-sensing health service support platform and key technologies based on Biometrics and blockchain security technology", 《ICISCAE 2021: 2021 4TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS AND COMPUTER AIDED EDUCATION》 *
姚影;颜拥;郭少勇;熊翱;张旺: "基于联盟链的分布式高效身份认证", 《电子技术应用》 *
钟雨涵: "基于区块链和TEE的可信计算平台设计与开发", 《中国优秀硕士学位论文电子期刊》 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11936791B2 (en) * 2020-09-21 2024-03-19 Jason Burt Verification of the reliability of software and devices against assertions and guarantees
US20220094551A1 (en) * 2020-09-21 2022-03-24 Jason Burt Verification of the reliability of software and devices against assertions and guarantees
CN115118465A (en) * 2022-06-13 2022-09-27 北京寰宇天穹信息技术有限公司 Cloud edge-side cooperative zero trust access control method and system based on trusted label
CN115118465B (en) * 2022-06-13 2023-11-28 北京寰宇天穹信息技术有限公司 Cloud edge end cooperative zero trust access control method and system based on trusted label
CN115314513B (en) * 2022-06-16 2023-09-19 北京邮电大学 Trust twinning method based on block chain and related equipment
CN115314513A (en) * 2022-06-16 2022-11-08 北京邮电大学 Trust twinning method based on block chain and related equipment
CN115248823A (en) * 2022-06-17 2022-10-28 上海英帕斯科技有限公司 Time sequence data analysis system based on block chain and trusted execution environment
CN115208885A (en) * 2022-07-13 2022-10-18 上海柚子工道物联技术有限公司 Data credible computing method, system and medium based on block chain
CN115208885B (en) * 2022-07-13 2024-05-17 上海柚子工道物联技术有限公司 Data trusted computing method, system and medium based on block chain
CN114969724A (en) * 2022-07-28 2022-08-30 山东省计算中心(国家超级计算济南中心) External data source data credible uplink method and system
CN115580413B (en) * 2022-12-07 2023-03-17 南湖实验室 Zero-trust multi-party data fusion calculation method and device
CN115580413A (en) * 2022-12-07 2023-01-06 南湖实验室 Zero-trust multi-party data fusion calculation method and device
CN116866045A (en) * 2023-07-18 2023-10-10 四川华西集采电子商务有限公司 Block chain credible predictor decision support system based on access control rule
CN116866045B (en) * 2023-07-18 2024-01-23 四川华西集采电子商务有限公司 Block chain credible predictor decision support system based on access control rule
CN117033705A (en) * 2023-10-10 2023-11-10 北京鼎诚鸿安科技发展有限公司 Data value-added service method for client side energy interconnection
CN117033705B (en) * 2023-10-10 2024-01-19 北京鼎诚鸿安科技发展有限公司 Data value-added service method for client side energy interconnection
CN117852103A (en) * 2024-03-07 2024-04-09 南昌大学 Trusted data tracing method and system based on blockchain trust root concept
CN117852103B (en) * 2024-03-07 2024-05-14 南昌大学 Trusted data tracing method and system based on blockchain trust root concept

Also Published As

Publication number Publication date
CN114499895B (en) 2022-07-29

Similar Documents

Publication Publication Date Title
CN114499895B (en) Data trusted processing method and system fusing trusted computing and block chain
Bera et al. Designing blockchain-based access control protocol in IoT-enabled smart-grid system
CN111737724B (en) Data processing method and device, intelligent equipment and storage medium
Leng et al. Blockchain security: A survey of techniques and research directions
CN109409122B (en) File storage method, electronic device and storage medium
Yang et al. A zero-knowledge-proof-based digital identity management scheme in blockchain
Da Xu et al. Embedding blockchain technology into IoT for security: A survey
Liang et al. PDPChain: A consortium blockchain-based privacy protection scheme for personal data
Li et al. EduRSS: A blockchain-based educational records secure storage and sharing scheme
Sundareswaran et al. Ensuring distributed accountability for data sharing in the cloud
CN109753815B (en) Data processing method based on block chain, data processing network and electronic equipment
Cai et al. Towards private, robust, and verifiable crowdsensing systems via public blockchains
Li et al. SecGrid: A secure and efficient SGX-enabled smart grid system with rich functionalities
CN115580413B (en) Zero-trust multi-party data fusion calculation method and device
Aung et al. Ethereum-based emergency service for smart home system: Smart contract implementation
Tian et al. Research on distributed blockchain‐based privacy‐preserving and data security framework in IoT
Xu et al. An efficient blockchain‐based privacy‐preserving scheme with attribute and homomorphic encryption
Chen et al. TrustBuilder: A non-repudiation scheme for IoT cloud applications
Gugueoth et al. A review of IoT security and privacy using decentralized blockchain techniques
Paverd Enhancing communication privacy using trustworthy remote entities
Benrebbouh et al. Enhanced secure and efficient mutual authentication protocol in iot-based energy internet using blockchain
Magnanini et al. Scalable, confidential and survivable software updates
CN114666064A (en) Block chain-based digital asset management method, device, storage medium and equipment
Lyu et al. JRS: A joint regulating scheme for secretly shared content based on blockchain
Limbasiya et al. Attacks on authentication and authorization models in smart grid

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant