CN115484032A - Digital twin data secure storage method and device, electronic equipment and storage medium - Google Patents
Digital twin data secure storage method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115484032A CN115484032A CN202211109774.9A CN202211109774A CN115484032A CN 115484032 A CN115484032 A CN 115484032A CN 202211109774 A CN202211109774 A CN 202211109774A CN 115484032 A CN115484032 A CN 115484032A
- Authority
- CN
- China
- Prior art keywords
- digital twin
- digital
- data
- monomer
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 239000000178 monomer Substances 0.000 claims abstract description 188
- 238000011156 evaluation Methods 0.000 claims description 59
- 230000002159 abnormal effect Effects 0.000 claims description 55
- 238000012545 processing Methods 0.000 claims description 27
- 238000010801 machine learning Methods 0.000 claims description 10
- 238000012544 monitoring process Methods 0.000 claims description 10
- 230000003993 interaction Effects 0.000 abstract description 20
- 238000013500 data storage Methods 0.000 abstract description 11
- 238000007726 management method Methods 0.000 description 20
- 238000010586 diagram Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000004590 computer program Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000012549 training Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 101150060836 KSL4 gene Proteins 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to the technical field of digital twinning, and provides a method and a device for safely storing digital twinning data, electronic equipment and a storage medium, wherein the method is applied to a digital twinning system; the digital twinning system comprises at least one digital twinning monomer; the method comprises the following steps: acquiring a first digital certificate corresponding to a digital twin monomer and a second digital certificate corresponding to a digital twin system; decrypting the first digital certificate and the second digital certificate by using a predefined key algorithm to obtain decryption information, and determining whether the digital twin monomer meets the preset requirement or not based on the decryption information; and if so, controlling the digital twin monomer to be added into the digital twin system, acquiring digital twin data acquired by the digital twin monomer, and storing the digital twin data in the block chain so that the digital twin system reads the digital twin data from the block chain. The digital twin data is stored on the block chain, so that the required data is read from the block chain, and the safety of data storage and interaction is improved.
Description
Technical Field
The present application relates to the field of digital twinning technologies, and in particular, to a method and an apparatus for securely storing digital twinning data, an electronic device, and a storage medium.
Background
The digital twin technology is widely applied to digital cities, industries and manufacturing industries and is one of key elements for promoting intelligent manufacturing development, heterogeneous data, including physical entity data, virtual model data, physical model data, sensor updating data, operation history data and the like, exist in a digital twin system, and storage of the heterogeneous data and realization of data interaction between the digital twin systems become research focus.
In the prior art, a digital twin system is constructed, the digital twin data is collected and marked by the system, and further the marked digital twin data is stored and the storage time is recorded, so that the system can perform background management on the digital twin data.
However, the above method lacks security control over the digital twin system, that is, when the digital twin system performs data storage and data interaction, data is easily tampered, and there is a security risk.
Disclosure of Invention
The application provides a method and a device for safely storing digital twin data, an electronic device and a storage medium, which can solve the problem that a digital twin system has safety risks during data storage and data interaction, prevent the digital twin data from being tampered by storing the digital twin data on a block chain, improve the safety of data storage, and improve the safety of data interaction by reading required data from the block chain.
In a first aspect, the present application provides a digital twin data secure storage method, which is applied to a digital twin system; the digital twinning system comprises at least one digital twinning monomer; the method comprises the following steps:
acquiring a first digital certificate corresponding to a digital twin monomer and a second digital certificate corresponding to a digital twin system;
decrypting the first digital certificate and the second digital certificate by using a predefined key algorithm to obtain decryption information, and determining whether the digital twin monomer meets a preset requirement based on the decryption information;
and if so, controlling the digital twin monomer to be added into the digital twin system, acquiring digital twin data acquired by the digital twin monomer, and storing the digital twin data in a block chain to enable the digital twin system to read the digital twin data from the block chain.
Optionally, acquiring digital twin data collected by the digital twin monomer includes:
acquiring digital twin data acquired by the digital twin monomer, and extracting characteristic data in the digital twin data by using a safety monitoring algorithm;
and determining whether the digital twin data corresponds to an abnormal event or not based on the characteristic data, and processing the digital twin data corresponding to the abnormal event.
Optionally, the processing the digital twin data corresponding to the abnormal event includes:
searching a handling strategy corresponding to the abnormal event from a preset strategy table, or inputting the abnormal event into a trained machine learning model to obtain a corresponding handling strategy;
and processing the digital twin data corresponding to the abnormal event by using the handling strategy to obtain a processing result.
Optionally, the method further includes:
acquiring evaluation parameters of the digital twin monomer every preset time, wherein the evaluation parameters comprise digital twin data corresponding to an abnormal event, time for adding the digital twin monomer into a digital twin system, a corresponding processing result after the abnormal event occurs in the digital twin monomer and time for acquiring the digital twin data by the digital twin monomer;
and calculating a credible value corresponding to the evaluation parameter by using a credible evaluation algorithm, and determining whether the digital twin monomer is credible or not based on the credible value.
Optionally, determining whether the digital twin monomer is authentic based on the authenticity value includes:
acquiring a preset credible threshold interval, and judging whether the credible value is positioned in the credible threshold interval;
if so, determining that the digital twin monomer is credible;
if not, determining that the digital twin monomer is not credible, and generating alarm information based on the evaluation parameters.
Optionally, the method further includes:
and after the alarm information is generated, deleting the incredible digital twin monomer from the digital twin system, and sending a message instruction to the block chain so that the block chain deletes the digital twin data corresponding to the digital twin monomer based on the message instruction.
Optionally, storing the digital twin data in a block chain includes:
acquiring the type of the digital twin data, and judging whether the type is located in a lookup table;
if yes, searching a first position corresponding to the type storage block chain in the lookup table, and storing the digital twin data in the first position;
if not, the type is newly added in the lookup table and stored at a second position corresponding to the block chain, the digital twin data is stored at the second position, and the corresponding relation between the type and the second position is updated in the lookup table.
In a second aspect, the present application provides a digital twin data security storage device, which is applied to a digital twin system; the digital twinning system comprises at least one digital twinning monomer; the device comprises:
the acquisition module is used for acquiring a first digital certificate corresponding to the digital twin monomer and a second digital certificate corresponding to the digital twin system;
the decryption module is used for decrypting the first digital certificate and the second digital certificate by using a predefined key algorithm to obtain decryption information, and determining whether the digital twin monomer meets the preset requirement or not based on the decryption information;
and the storage module is used for controlling the digital twin monomer to be added into the digital twin system when the digital twin monomer meets the preset requirement, acquiring digital twin data acquired by the digital twin monomer, and storing the digital twin data in the block chain so that the digital twin system reads the digital twin data from the block chain.
In a third aspect, the present application provides an electronic device, comprising: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
the processor executes computer-executable instructions stored by the memory to implement the method of any of the first aspects.
In a fourth aspect, the present application provides a computer-readable storage medium having stored thereon computer-executable instructions for implementing the method according to any one of the first aspect when executed by a processor.
To sum up, the present application provides a method, an apparatus, an electronic device, and a storage medium for securely storing digital twin data, which may be implemented by obtaining a first digital certificate corresponding to a digital twin monomer and a second digital certificate corresponding to a digital twin system; further, the first digital certificate and the second digital certificate are decrypted by a predefined key algorithm to obtain decryption information, and whether the digital twin monomer meets the preset requirement or not is determined based on the decryption information; and when the digital twin monomer is determined to meet the preset requirement, controlling the digital twin monomer to be added into the digital twin system, acquiring digital twin data acquired by the digital twin monomer, and storing the digital twin data in the block chain so that the digital twin system reads the digital twin data from the block chain. Therefore, the digital twin monomer and the digital twin system are protected through management of the digital certificate and a cryptographic algorithm, the block chain is used for storing the digital twin data, data are prevented from being tampered, the data storage safety is improved, the digital twin system can read required data from the block chain, and the data interaction safety is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and, together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present application;
FIG. 2 is a schematic flowchart of a method for securely storing digital twin data according to an embodiment of the present disclosure;
FIG. 3 is a schematic structural diagram of a digital twinning system provided in an embodiment of the present application;
FIG. 4 is a schematic flowchart of a complete digital twin data security storage method according to an embodiment of the present disclosure;
FIG. 5 is a schematic structural diagram of a digital twin data security storage device according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
With the above figures, there are shown specific embodiments of the present application, which will be described in more detail below. These drawings and written description are not intended to limit the scope of the inventive concepts in any manner, but rather to illustrate the inventive concepts to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. The following description refers to the accompanying drawings in which the same numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the application, as detailed in the appended claims.
In the embodiments of the present application, terms such as "first" and "second" are used to distinguish the same or similar items having substantially the same function and action. For example, the first device and the second device are only used for distinguishing different devices, and the sequence order thereof is not limited. Those skilled in the art will appreciate that the terms "first," "second," etc. do not denote any order or quantity, nor do the terms "first," "second," etc. denote any order or importance.
It is noted that, in the present application, words such as "exemplary" or "for example" are used to mean exemplary, illustrative, or descriptive. Any embodiment or design described herein as "exemplary" or "such as" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
In the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple.
The present application is described below with reference to the accompanying drawings, and fig. 1 is a schematic view of an application scenario provided in an embodiment of the present application, and a method for securely storing digital twin data provided in the present application may be applied to the application scenario shown in fig. 1. The application scenario includes: a first terminal device 101, a second terminal device 102, a third terminal device 103, a digital twin platform 104, a display device 105 and a user 106; the digital twin platform 104 is implemented based on a constructed digital twin system, the first terminal device 101, the second terminal device 102 and the third terminal device 103 perform data transmission based on corresponding networks, the networks may be a mobile communication network, the internet of things and the like, and the network types used by the terminal devices are not specifically limited in the embodiments of the present application.
Specifically, the digital twin platform 104 may determine whether a digital twin monomer that collects data in the first terminal device 101, the second terminal device 102, and the third terminal device 103 meets a safety condition for adding the digital twin platform 104, and if yes, control the digital twin monomer that collects data in the first terminal device 101, the second terminal device 102, and the third terminal device 103 to add the digital twin system, collect digital twin data collected by the digital twin monomer, process the digital twin data, and store the processed digital twin data in the digital twin platform 104.
It can be understood that when it is determined that a certain digital twin monomer for collecting data in the first terminal device 101, the second terminal device 102, and the third terminal device 103 does not comply with the security condition of being added to the digital twin platform 104 or the digital twin monomer itself is not trusted, the alarm information may be generated and displayed on the display device 105 corresponding to the digital twin platform 104 for the user 106 to check, know the situation in time and process in time, such as an event that the digital twin platform 104 cannot process, which may be handled by a human operation.
It should be noted that, in the embodiment of the present application, types corresponding to the first terminal device 101, the second terminal device 102, and the third terminal device 103 are not specifically limited, and the digital twin system may further collect various types of data such as various data sources, service systems, sensors, and video monitoring devices, which is not specifically limited in this embodiment of the present application.
The terminal device may be a wireless terminal or a wired terminal. A wireless terminal may refer to a device that provides voice and/or other traffic data connectivity to a user, a handheld device having wireless connection capability, or other processing device connected to a wireless modem. A wireless terminal, which may be a mobile terminal such as a mobile phone (or called a "cellular" phone) and a computer having a mobile terminal, for example, a portable, pocket, hand-held, computer-included or vehicle-mounted mobile device, may communicate with one or more core Network devices via a Radio Access Network (RAN), and exchange languages and/or data with the RAN. For another example, the Wireless terminal may be a Personal Communication Service (PCS) phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA), and the like. A wireless Terminal may also be referred to as a system, a Subscriber Unit (Subscriber Unit), a Subscriber Station (Subscriber Station), a Mobile Station (Mobile), a Remote Station (Remote Station), a Remote Terminal (Remote Terminal), an Access Terminal (Access Terminal), a User Terminal (User Terminal), a User Agent (User Agent), and a User Device or User Equipment (User Equipment), which are not limited herein. Optionally, the terminal device may also be a smart phone, a tablet computer, or the like.
In a possible implementation manner, a digital twin system may be constructed, and the digital twin data is collected and marked by using the system, and further, the marked digital twin data is stored and the storage time is recorded, so that the system can perform background management on the digital twin data.
However, the above method lacks security control over the digital twin system, that is, when the digital twin system performs data storage and data interaction, data is easily tampered, and there is a security risk.
In view of the above problems, the present application provides a digital twin data secure storage method, which is applied to a digital twin system, where the digital twin system may include a plurality of digital twin monomers, and specifically, may determine whether the digital twin monomers and the digital twin system may perform data interaction by using a digital certificate and a cryptographic algorithm, and if yes, control the digital twin monomers to add into the digital twin system, and store the digital twin data acquired by the digital twin monomers on a block chain, so as to reduce the possibility of data tampering, improve the security of data storage, and the digital twin system may also read the required digital twin data from the block chain, so as to improve the security of data interaction.
The technical solution of the present application will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 2 is a schematic flowchart of a digital twin data secure storage method provided by an embodiment of the present application, where the method is applied to a digital twin system; the digital twinning system comprises at least one digital twinning monomer; as shown in fig. 2, the digital twin data secure storage method includes the following steps:
s201, acquiring a first digital certificate corresponding to the digital twin monomer and a second digital certificate corresponding to the digital twin system.
In this embodiment of the application, the first Digital certificate may refer to a Digital certificate issued for a Digital twin cell (DTS) and used for marking identity information of the Digital twin cell in internet communication, and includes a key pair (pk, sk), that is, the key pair is used to perform encryption and decryption, where the key pair includes a private key sk and a public key pk, the private key is used for encryption and decryption, and the public key is used for signature; the second digital certificate is similar to the definition of the first digital certificate, and reference is made to the description of the first digital certificate, except that the second digital certificate is issued for a digital twin system.
In this step, the digital twin security management platform may issue a first digital certificate, such as DTS1 (PK, SK), to the digital twin monomer, and issue a second digital certificate, such as D (PK, SK), to the digital twin system; and the digital twin system acquires the first digital certificate and the second digital certificate, wherein the first digital certificate and the second digital certificate are used for providing security protection for negotiation between the digital twin monomer and the digital twin system, namely, whether the digital twin monomer can be added into the digital twin system is determined based on the first digital certificate and the second digital certificate, and then data interaction is carried out.
S202, decrypting the first digital certificate and the second digital certificate by using a predefined key algorithm to obtain decryption information, and determining whether the digital twin monomer meets preset requirements or not based on the decryption information.
In this embodiment of the present application, the predefined key algorithm may refer to an algorithm that generates a key through an online or offline interactive negotiation manner, and is used to decrypt an encrypted file, where the predefined key algorithm may be a digest algorithm, a hash algorithm, or the like, and this is not specifically limited in this embodiment of the present application.
Specifically, the first digital certificate is decrypted by using a predefined key algorithm to obtain the identity information of the decrypted digital twin monomer, and the second digital certificate is decrypted by using the predefined key algorithm to obtain the identity information of the decrypted digital twin system, further, whether the determined identity information of the digital twin monomer and the identity information of the digital twin system meet a preset requirement, wherein the preset requirement refers to a requirement defined in advance for determining that the digital twin monomer and the digital twin system have an association relationship, and if the identity information of the digital twin monomer which can be added is stored in each digital twin system, the preset requirement can be whether the decrypted information corresponding to the digital twin monomer and the digital twin system has a corresponding relationship, and the preset requirement is not specifically limited in the embodiment of the present application.
And S203, if so, controlling the digital twin monomer to be added into the digital twin system, acquiring digital twin data acquired by the digital twin monomer, and storing the digital twin data in a block chain so that the digital twin system reads the digital twin data from the block chain.
In this embodiment of the present application, the blockchain may refer to a chain composed of a plurality of blocks, and is used to store data, which is equivalent to a shared database, and store the digital twin data in the blockchain, and may store the digital twin data in the corresponding chain according to a time sequence of acquiring the digital twin data, or store the digital twin data in the corresponding chain according to a type of acquiring the digital twin data, which is not specifically limited in this embodiment of the present application.
Illustratively, key data collected from digital twin monomer DTS1, digital twin monomer DTS2 to digital twin monomer DTSn may be stored on a blockchain infrastructure (blockchain) to achieve tamper resistance; the key data is defined by negotiation between the digital twin system and the digital twin monomer, and is important data required by different service scenes, the key data can also be defined manually, and the embodiment of the application is not specifically limited to this
It should be noted that the data of the digital twin monomer DTS1 to the digital twin monomer DTSn are accessed through the blockchain infrastructure for data interaction, and data integrity and traceability can be achieved.
In this step, digital twin data acquired by the digital twin monomer is acquired, and security verification needs to be performed on the digital twin data to verify whether the digital twin data is secure, and if it is determined that the digital twin data is secure, the digital twin data can be stored in a block chain.
It is understood that if there is one digital twin system, the digital twin system includes digital twin monomers to perform data interaction, and if there are multiple digital twin systems, data interaction between the digital twin systems can also be realized, for example, if the first digital twin system reads digital twin data collected by a certain digital twin monomer in the second digital twin system, an instruction may be sent to the second digital twin system, and the second digital twin system reads digital twin data collected by digital twin monomers stored in the block chain of the system based on the instruction, where the digital twin data is terminal data of the internet of things.
Therefore, the application provides a method for safely storing digital twin data, which can be used for obtaining a first digital certificate corresponding to a digital twin monomer and a second digital certificate corresponding to a digital twin system; further, the first digital certificate and the second digital certificate are decrypted by a predefined key algorithm to obtain decryption information, and whether the digital twin monomer meets the preset requirement or not is determined based on the decryption information; and when the digital twin monomer is determined to meet the preset requirement, controlling the digital twin monomer to be added into the digital twin system, acquiring digital twin data acquired by the digital twin monomer, and storing the digital twin data in the block chain so that the digital twin system reads the digital twin data from the block chain. Therefore, the digital twin monomer and the digital twin system are provided with safety protection through management of the digital certificate and a cryptographic algorithm, the digital twin data are stored by adopting the block chain, data are prevented from being tampered, the safety of data storage is improved, the digital twin system can read required data from the block chain, and the safety of data interaction is improved.
Optionally, acquiring digital twinning data acquired by the digital twinning monomer includes:
acquiring digital twin data acquired by the digital twin monomer, and extracting characteristic data in the digital twin data by using a safety monitoring algorithm;
and determining whether the digital twin data corresponds to an abnormal event or not based on the characteristic data, and processing the digital twin data corresponding to the abnormal event.
In this embodiment of the application, the security monitoring algorithm may refer to an algorithm for determining whether abnormal data exists in digital twin data acquired by a digital twin monomer, where the abnormal data is a specific parameter in an abnormal event, and the determination is based on feature data, where the feature data may be a specific keyword or code, such as a malicious code, a mark corresponding to a behavior of malicious attack, a mark corresponding to unauthorized access, and the like, and then determine whether the abnormal event exists based on the feature data.
The exception event includes but is not limited to: the digital twin data collected by the digital twin monomer carries malicious codes, the digital twin monomer launches malicious attack to the digital twin system, the digital twin monomer launches malicious attack to other digital twin monomers in the digital twin system, the digital twin monomer is unauthorized to access the digital twin system, the digital twin monomer is unauthorized to acquire data in the digital twin system or data of other digital twin monomers in the digital twin system, and the like.
It should be noted that, if the digital twin monomer is normally accessed, a corresponding identification code such as 1 is assigned to the digital twin monomer, and if the digital twin monomer is abnormally accessed, a corresponding identification code such as 0 is assigned to the digital twin monomer, and all actions of initiating a malicious attack, illegally acquiring data, and the like are assigned to corresponding identifications.
In the step, the digital twin data collected from the digital twin monomer DTS1 to the digital twin monomer DTSn can be safely monitored by a safety monitoring module of the digital twin safety management platform based on artificial intelligence analysis capability such as a safety monitoring algorithm, and an abnormal event obtained by monitoring one digital twin monomer can be classified into a set for recording, such as DTS1_ sec _ event { se1, se2, \8230); sem }.
Therefore, the embodiment of the application can perform safety evaluation on the digital twin data acquired by the digital twin monomer, and the safe digital twin data is determined to be stored, so that the safety of data storage is guaranteed.
Optionally, the processing the digital twin data corresponding to the abnormal event includes:
searching a handling strategy corresponding to the abnormal event from a preset strategy table, or inputting the abnormal event into a trained machine learning model to obtain a corresponding handling strategy;
and processing the digital twin data corresponding to the abnormal event by using the handling strategy to obtain a processing result.
In this embodiment of the present application, a handling policy refers to a policy for handling an abnormal event, different abnormal events correspond to different handling policies, the handling policy may be stored in a preset policy table, that is, a corresponding handling policy is defined in advance based on different abnormal events and stored in the preset policy table, and is directly invoked when used, the preset policy table may be deployed in a digital twin system or an external system, which is not specifically limited in this embodiment of the present application.
Optionally, the handling strategy may also be obtained through a trained machine learning model, that is, the abnormal event is input into the trained machine learning model to obtain a corresponding handling strategy; the training process of the machine learning model comprises the following steps: acquiring a training data set, wherein the training data set comprises a plurality of abnormal events and handling strategies corresponding to the abnormal events; the training data set is input into the machine learning model for training to obtain the trained machine learning model, so that the machine learning model has the capability of autonomous learning, and can adaptively obtain corresponding handling strategies aiming at different abnormal events, thereby improving the flexibility and the accuracy.
In this step, a handling policy corresponding to the abnormal event may be obtained through a handling and coordination module of the digital twin security management platform, and intelligent security handling may be performed on digital twin data corresponding to the abnormal event set DTS1_ sec _ event { se1, se2, \8230'; sem } by using the corresponding handling policy, so as to obtain a processing result, if an external security system needs to be scheduled, the external security system may also be docked by using coordination capability, and the external security system is called to process the digital twin data corresponding to the abnormal event.
The processing result may be discarding the digital twin data corresponding to the abnormal event, retaining other safe data in the digital twin monomer, or filtering the digital twin data corresponding to the abnormal event to obtain safe data, and the like.
Therefore, the embodiment of the application has corresponding handling strategies aiming at different abnormal events, the abnormal events are handled by the handling strategies, the handling results are obtained, the handling flexibility is improved, the abnormal situations are reduced, and the safety of a digital twin system is guaranteed.
Optionally, the method further includes:
acquiring evaluation parameters of the digital twin monomer every other preset time, wherein the evaluation parameters comprise digital twin data corresponding to an abnormal event, time for adding the digital twin monomer into a digital twin system, a corresponding processing result after the abnormal event occurs in the digital twin monomer and time required for acquiring the digital twin data by the digital twin monomer;
and calculating a credible value corresponding to the evaluation parameter by using a credible evaluation algorithm, and determining whether the digital twin monomer is credible or not based on the credible value.
In the embodiment of the application, the credible evaluation algorithm is an algorithm for evaluating the overall security of the digital twin monomer, the credible evaluation algorithm is used for calculating the credible value corresponding to the evaluation parameter of the digital twin monomer, and then the credible value is used for determining whether the digital twin monomer is credible, the credible value can be a numerical parameter or a parameter described by a formal language, and the types of the credible evaluation algorithm and the credible value are not specifically limited in the embodiment of the application.
For example, a trusted evaluation entity may perform trusted evaluation on a digital twin monomer DTS1 to a digital twin monomer DTSn in a digital twin system in real time, and specifically, obtain an evaluation parameter of a certain digital twin monomer, such as digital twin data corresponding to an abnormal event set DTS1_ sec _ event { se1, se2, \8230, sem } and a treatment result set DTS1_ sec _ event '{ se1', se2', \8230, sem' }, and perform trusted evaluation on integrity of the twin monomer, that is, calculate a trusted value corresponding to the evaluation parameter by using a trusted evaluation algorithm, and determine whether the digital twin monomer is trusted or not based on the trusted value.
It can be understood that, in the present application, the evaluation parameter of the digital twin monomer may be obtained at intervals of a preset time for performing a trusted evaluation, or the evaluation parameter of the digital twin monomer may be obtained in real time for performing a trusted evaluation, and the embodiment of the present application does not limit a specific value corresponding to the preset time.
It should be noted that, in the present application, the integrity of the digital twin monomer may be evaluated in a trusted manner by using one or more evaluation parameters, and the more evaluation parameters corresponding to the integrity evaluation parameters, the more accurate the obtained evaluation result, and the number of evaluation parameters used in the trusted evaluation of the digital twin monomer in the embodiments of the present application is not specifically limited.
Therefore, the embodiment of the application can monitor the digital twin monomer in real time, carry out credible evaluation on the integrity of the digital twin monomer and ensure the safe operation of a digital twin system.
Optionally, determining whether the digital twin monomer is authentic based on the authenticity value includes:
acquiring a preset credible threshold interval, and judging whether the credible value is positioned in the credible threshold interval;
if yes, determining that the digital twin monomer is credible;
if not, determining that the digital twin monomer is not credible, and generating alarm information based on the evaluation parameters.
In the embodiment of the application, the trusted threshold interval may refer to a threshold value set for determining the trusted correspondence of the digital twin monomer, and may be changed manually according to business requirements, the trusted threshold interval is not specifically limited in the embodiment of the application, and when the trusted value is a numerical parameter, the trusted threshold interval may be [ d, e ]; when the trusted value is a parameter described in a formal language, the trusted threshold interval may be whether a parameter of a particular field, such as an xyz field, is present.
In this step, the digital twin system may notify the set trusted threshold interval to the trusted evaluation entity through network interaction, and then the trusted evaluation entity determines whether the digital twin monomer is trusted based on whether the trusted value of the digital twin monomer is within the trusted threshold interval, and if it is determined that the digital twin monomer is not trusted, may generate the alarm information based on the evaluation parameter, specifically, the trusted evaluation entity is linked with the security monitoring module of the digital twin security management platform, and when the trusted evaluation entity determines that the trusted value of a certain digital twin monomer is not within the trusted threshold interval, the trusted evaluation entity generates the alarm information to the digital twin system, for example, the alarm information is DTS1_ trust { (d, e) or "xyz" = yes }.
It should be noted that, in the embodiments of the present application, the content and the form of the warning information are not specifically limited, and the above description is only an example.
Therefore, the embodiment of the application can set corresponding credible threshold intervals aiming at different digital twin monomers so as to meet different scene requirements, and the application range is wide.
Optionally, the method further includes:
and after the alarm information is generated, deleting the incredible digital twin monomer from the digital twin system, and sending a message instruction to the blockchain so that the blockchain deletes the digital twin data corresponding to the digital twin monomer based on the message instruction.
In this embodiment of the application, the message instruction is used to indicate that the digital twin monomer is untrusted and needs to be deleted, and the message instruction may be sent to a trusted evaluation entity, a digital twin security management platform, a block chain infrastructure, and other digital twin monomers to perform corresponding operation processes, respectively.
Specifically, taking the example that the digital twin monomer DTS1 is not trusted, after the digital twin system receives the alarm information sent by the trusted evaluation entity, the digital twin system deletes the DTS1 from the system, and further, the digital twin system broadcasts a message instruction to other digital twin monomers in the system through the network, so as to inform that the DTS1 has been deleted from the system, and the other digital twin monomers in the system will not perform data interaction with the DTS1 any more; meanwhile, the digital twin system sends a message instruction to the block chain infrastructure through the network, and the message instruction is used for deleting the DTS1 node and the digital twin data corresponding to the DTS1 node, sending a message instruction to the digital twin safety management platform, and executing the operation of withdrawing the digital certificate of the DTS1, and further, the digital twin safety management platform can update the digital certificate of the digital twin system.
Therefore, the embodiment of the application can delete the incredible digital twin monomer in time, and ensure the safety and stability of the digital twin system.
Optionally, storing the digital twin data in a block chain includes:
acquiring the type of the digital twin data, and judging whether the type is located in a lookup table;
if yes, searching a first position corresponding to the type storage block chain in the lookup table, and storing the digital twin data in the first position;
if not, the type is newly added in the lookup table and stored in a second position corresponding to the block chain, the digital twin data is stored in the second position, and the corresponding relation between the type and the second position is updated in the lookup table.
In this step, the lookup table is used to store a corresponding relationship between a type of the digital twin data and a storage location, and the lookup table is a table set in advance, so that after the type of the digital twin data is obtained, a storage location corresponding to the block chain is directly obtained from the table, and when there is no corresponding relationship of a certain type in the table, the storage location of the type can be generated by self-determination, and the corresponding relationship between the type and the storage location in the lookup table is updated.
Therefore, the embodiment of the application can store the digital twin data in the block chain based on the type of the digital twin data, so that the possibility of data tampering is reduced, and the different types of digital twin data are different in corresponding storage positions, so that the storage and the query are facilitated.
It should be noted that the digital twin platform, the block chain infrastructure, the trusted evaluation entity, the digital twin security management platform, and the like mentioned in the foregoing embodiments are used to construct a complete digital twin system framework, and implement the digital twin data security storage method provided in the embodiments of the present application.
With reference to the foregoing embodiments, fig. 3 is a schematic structural diagram of a digital twinning system provided in an embodiment of the present application; as shown in fig. 3, the whole framework includes a plurality of internet of things sensing terminals, a network, a plurality of DTSs, a Digital Twin Factory (DTF), a blockchain infrastructure, a trusted evaluation entity, a Digital Twin security management platform, and the like, where the DTSs are configured to collect data of the internet of things sensing terminals through the network (mobile communication network, internet of things, and the like); the block chain infrastructure is used for storing key data acquired by the DTS and achieving tamper resistance; the digital twin safety management platform is used for issuing a digital certificate, monitoring safety, handling safety and coordinating digital twin monomers, sending the digital certificate and reporting abnormal events to the DTF, and when other safety systems are needed to assist in handling the abnormal events, the digital twin safety management platform is also butted with other safety systems and calls the other safety systems to coordinate handling of the abnormal events; the DTF can be understood as a digital twin platform, and is used for receiving a digital certificate issued by the digital twin security management platform and a notification of an abnormal event, receiving an untrusted alarm (alarm information) sent by a trusted evaluation entity, and performing data interaction with a blockchain infrastructure; the trusted evaluation entity is used for carrying out trusted evaluation on the DTS, generating an untrusted alarm and sending the untrusted alarm to the DTF, and is also used for carrying out data interaction with the digital twin security management platform, sending an instruction for deleting the untrusted DTS in time and deleting the untrusted digital twin monomer in time.
Exemplarily, fig. 4 is a schematic flowchart of a complete secure digital twin data storage method provided in an embodiment of the present application, and as shown in fig. 4, the secure digital twin data storage method includes the following steps:
step A: the digital twin safety management platform issues digital certificates to the digital twin monomers 1 to n and the DTF, judges whether the DTF can be added to the digital twin monomers 1 to n based on the issued digital certificates, controls the digital twin monomers meeting requirements to be added to the DTF if the DTF can be added to the digital twin monomers, stores digital twin data acquired by the digital twin monomers in a block chain infrastructure for data interaction, and controls the digital twin monomers not to be added to the DTF if the DTF can not be added to the digital twin monomers.
And B, step B: when the block chain infrastructure stores digital twin data acquired by a digital twin monomer, the digital twin safety management platform can safely monitor the digital twin data acquired by the digital twin monomer added with DTF, timely perform safety treatment and cooperation, when other safety systems are required to assist in treatment, be in butt joint with other safety systems, call other safety systems for cooperative treatment, and after the digital twin data acquired by the digital twin monomer is stored in the block chain infrastructure, a credible evaluation entity can perform credible evaluation on the integrity of the digital twin monomer added with DTF in real time, when a certain digital twin monomer is determined to be untrustworthy, an incredible alarm of the digital twin monomer is generated and sent to the block chain infrastructure, so that the block chain infrastructure deletes the digital twin data corresponding to the digital twin monomer, and the digital twin monomer is deleted in the whole system.
The application provides a digital twin data safe storage method which is used for realizing the safe architecture and protocol design of a digital twin system, the negotiation of a digital twin monomer and the digital twin system is provided with safe protection through the management of a digital certificate and a cryptographic algorithm, a block chain infrastructure is adopted to provide data credibility for the interaction of the digital twin monomer and the digital twin system, the safety of the digital twin monomer is monitored in real time based on artificial intelligence analysis capability, the digital twin monomer is disposed through intelligent cooperation capability, and an untrusted digital twin monomer is deleted in time through real-time credibility assessment, so that the safety of the digital twin system is guaranteed.
In the foregoing embodiments, the digital twin data security storage method provided in the embodiments of the present application is described, and in order to implement each function in the method provided in the embodiments of the present application, the electronic device serving as an execution subject may include a hardware structure and/or a software module, and each function is implemented in the form of a hardware structure, a software module, or a hardware structure and a software module. Whether any of the above-described functions is implemented as a hardware structure, a software module, or a hardware structure plus a software module depends upon the particular application and design constraints imposed on the technical solution.
For example, fig. 5 is a schematic structural diagram of a digital twin data security storage device provided in an embodiment of the present application, where the digital twin data security storage device is used in a digital twin system; the digital twinning system comprises at least one digital twinning monomer; as shown in fig. 5, the apparatus includes: an acquisition module 510, a decryption module 520, and a storage module 530; the obtaining module 510 is configured to obtain a first digital certificate corresponding to a digital twin monomer and a second digital certificate corresponding to a digital twin system;
the decryption module 520 is configured to decrypt the first digital certificate and the second digital certificate by using a predefined key algorithm to obtain decryption information, and determine whether the digital twin monomer meets a preset requirement based on the decryption information;
the storage module 530 is configured to, when the digital twin monomer meets a preset requirement, control the digital twin monomer to be added to the digital twin system, obtain digital twin data collected by the digital twin monomer, and store the digital twin data in a block chain, so that the digital twin system reads the digital twin data from the block chain.
Optionally, the storage module 530 includes an obtaining unit and a storage unit; the acquisition unit comprises an extraction unit and a processing unit;
optionally, the extracting unit is configured to obtain digital twin data acquired by the digital twin monomer, and extract feature data in the digital twin data by using a safety monitoring algorithm;
the processing unit is used for determining whether the digital twin data corresponds to an abnormal event or not based on the characteristic data and processing the digital twin data corresponding to the abnormal event.
Optionally, the processing unit is specifically configured to:
searching a handling strategy corresponding to the abnormal event from a preset strategy table, or inputting the abnormal event into a trained machine learning model to obtain a corresponding handling strategy;
and processing the digital twin data corresponding to the abnormal event by using the handling strategy to obtain a processing result.
Optionally, the apparatus further comprises an evaluation module and a determination module;
specifically, the evaluation module is configured to obtain evaluation parameters of the digital twin monomer at preset time intervals, where the evaluation parameters include digital twin data corresponding to an abnormal event, time for adding the digital twin monomer into the digital twin system, a corresponding processing result after the abnormal event occurs in the digital twin monomer, and time required for acquiring the digital twin data by the digital twin monomer;
the determining module is used for calculating a credible value corresponding to the evaluation parameter by using a credible evaluation algorithm and determining whether the digital twin monomer is credible or not based on the credible value.
Optionally, the determining module is specifically configured to:
acquiring a preset credible threshold interval, and judging whether the credible value is located in the credible threshold interval;
if so, determining that the digital twin monomer is credible;
if not, determining that the digital twin monomer is not credible, and generating alarm information based on the evaluation parameters.
Optionally, the apparatus further includes an alarm module, where the alarm module is configured to:
and after the alarm information is generated, deleting the incredible digital twin monomer from the digital twin system, and sending a message instruction to the blockchain so that the blockchain deletes the digital twin data corresponding to the digital twin monomer based on the message instruction.
Optionally, the storage unit is configured to:
acquiring the type of the digital twin data, and judging whether the type is located in a lookup table;
if yes, searching a first position corresponding to the type storage block chain in the lookup table, and storing the digital twin data in the first position;
if not, the type is newly added in the lookup table and stored at a second position corresponding to the block chain, the digital twin data is stored at the second position, and the corresponding relation between the type and the second position is updated in the lookup table.
The specific implementation principle and effect of the digital twin data security storage device provided in the embodiment of the present application may refer to the corresponding relevant description and effect of the above embodiments, and will not be described in detail herein.
An embodiment of the present application further provides a schematic structural diagram of an electronic device, and fig. 6 is a schematic structural diagram of an electronic device provided in an embodiment of the present application, and as shown in fig. 6, the electronic device may include: a processor 601 and a memory 602 communicatively coupled to the processor; the memory 602 stores computer programs; the processor 601 executes the computer program stored in the memory 602, so that the processor 601 executes the method according to any of the embodiments.
Wherein the memory 602 and the processor 601 may be connected by a bus 603.
Embodiments of the present application further provide a computer-readable storage medium, in which computer program execution instructions are stored, and the computer program execution instructions, when executed by a processor, are used to implement the method according to any of the foregoing embodiments of the present application.
The embodiment of the present application further provides a chip for executing instructions, where the chip is configured to execute the method in any one of the foregoing embodiments performed by the electronic device in any one of the foregoing embodiments of the present application.
Embodiments of the present application also provide a computer program product, which includes a computer program that, when executed by a processor, can implement the method described in any of the foregoing embodiments as performed by an electronic device in any of the foregoing embodiments of the present application.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of modules is merely a division of logical functions, and an actual implementation may have another division, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed coupling or direct coupling or communication connection between each other may be through some interfaces, indirect coupling or communication connection between devices or modules, and may be in an electrical, mechanical or other form.
Modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one position, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to implement the solution of the embodiment.
In addition, functional modules in the embodiments of the present application may be integrated into one processing unit, or each module may exist alone physically, or two or more modules are integrated into one unit. The unit formed by the modules can be realized in a hardware form, and can also be realized in a form of hardware and a software functional unit.
The integrated module implemented in the form of a software functional module may be stored in a computer-readable storage medium. The software functional module is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) or a processor to execute some steps of the methods described in the embodiments of the present application.
It should be understood that the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in the incorporated application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in the processor.
The Memory may include a Random Access Memory (RAM), and may further include a Non-volatile Memory (NVM), for example, at least one magnetic disk Memory, and may also be a usb disk, a removable hard disk, a read-only Memory, a magnetic disk or an optical disk.
The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, the buses in the figures of the present application are not limited to only one bus or one type of bus.
The storage medium may be implemented by any type of volatile or nonvolatile storage device or combination thereof, such as Static Random-Access Memory (SRAM), electrically Erasable Programmable Read-Only Memory (EEPROM), erasable Programmable Read-Only Memory (EPROM), programmable Read-Only Memory (PROM), read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an Application Specific Integrated Circuits (ASIC). Of course, the processor and the storage medium may reside as discrete components in an electronic device or host device.
The above description is only a specific implementation of the embodiments of the present application, but the scope of the embodiments of the present application is not limited thereto, and any changes or substitutions within the technical scope disclosed in the embodiments of the present application should be covered by the scope of the embodiments of the present application. Therefore, the protection scope of the embodiments of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A digital twin data safe storage method is characterized in that the method is applied to a digital twin system; the digital twinning system comprises at least one digital twinning monomer; the method comprises the following steps:
acquiring a first digital certificate corresponding to a digital twin monomer and a second digital certificate corresponding to a digital twin system;
decrypting the first digital certificate and the second digital certificate by using a predefined key algorithm to obtain decryption information, and determining whether the digital twin monomer meets a preset requirement or not based on the decryption information;
and if so, controlling the digital twin monomer to be added into the digital twin system, acquiring digital twin data acquired by the digital twin monomer, and storing the digital twin data in a block chain to enable the digital twin system to read the digital twin data from the block chain.
2. The method of claim 1, wherein acquiring digital twinning data collected by the digital twinning monomer comprises:
acquiring digital twin data acquired by the digital twin monomer, and extracting characteristic data in the digital twin data by using a safety monitoring algorithm;
and determining whether the digital twin data corresponds to an abnormal event or not based on the characteristic data, and processing the digital twin data corresponding to the abnormal event.
3. The method of claim 2, wherein processing digital twin data corresponding to the exception event comprises:
searching a handling strategy corresponding to the abnormal event from a preset strategy table, or inputting the abnormal event into a trained machine learning model to obtain a corresponding handling strategy;
and processing the digital twin data corresponding to the abnormal event by using the handling strategy to obtain a processing result.
4. The method of claim 3, further comprising:
acquiring evaluation parameters of the digital twin monomer every preset time, wherein the evaluation parameters comprise digital twin data corresponding to an abnormal event, time for adding the digital twin monomer into a digital twin system, a corresponding processing result after the abnormal event occurs in the digital twin monomer and time for acquiring the digital twin data by the digital twin monomer;
and calculating a credible value corresponding to the evaluation parameter by using a credible evaluation algorithm, and determining whether the digital twin monomer is credible or not based on the credible value.
5. The method of claim 4, wherein determining whether the digital twin monomer is authentic based on the authenticity value comprises:
acquiring a preset credible threshold interval, and judging whether the credible value is positioned in the credible threshold interval;
if so, determining that the digital twin monomer is credible;
if not, determining that the digital twin monomer is not credible, and generating alarm information based on the evaluation parameters.
6. The method of claim 5, further comprising:
and after the alarm information is generated, deleting the incredible digital twin monomer from the digital twin system, and sending a message instruction to the block chain so that the block chain deletes the digital twin data corresponding to the digital twin monomer based on the message instruction.
7. The method of any of claims 1-6, wherein storing the digital twin data in a block chain comprises:
acquiring the type of the digital twin data, and judging whether the type is in a lookup table;
if yes, searching a first position corresponding to the type storage block chain in the lookup table, and storing the digital twin data in the first position;
if not, the type is newly added in the lookup table and stored at a second position corresponding to the block chain, the digital twin data is stored at the second position, and the corresponding relation between the type and the second position is updated in the lookup table.
8. A digital twin data security storage device is characterized in that the device is applied to a digital twin system; the digital twinning system comprises at least one digital twinning monomer; the device comprises:
the acquisition module is used for acquiring a first digital certificate corresponding to the digital twin monomer and a second digital certificate corresponding to the digital twin system;
the decryption module is used for decrypting the first digital certificate and the second digital certificate by using a predefined key algorithm to obtain decryption information, and determining whether the digital twin monomer meets the preset requirement or not based on the decryption information;
and the storage module is used for controlling the digital twin monomer to be added into the digital twin system when the digital twin monomer meets the preset requirement, acquiring digital twin data acquired by the digital twin monomer, and storing the digital twin data in the block chain so that the digital twin system reads the digital twin data from the block chain.
9. An electronic device, comprising: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
the processor executes computer-executable instructions stored by the memory to implement the method of any of claims 1-7.
10. A computer-readable storage medium having computer-executable instructions stored thereon, which when executed by a processor, perform the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211109774.9A CN115484032A (en) | 2022-09-13 | 2022-09-13 | Digital twin data secure storage method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211109774.9A CN115484032A (en) | 2022-09-13 | 2022-09-13 | Digital twin data secure storage method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115484032A true CN115484032A (en) | 2022-12-16 |
Family
ID=84393009
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211109774.9A Pending CN115484032A (en) | 2022-09-13 | 2022-09-13 | Digital twin data secure storage method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115484032A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111295660A (en) * | 2017-11-02 | 2020-06-16 | 区块链控股有限公司 | Computer-implemented system and method for connecting blockchains to digital twins |
| US20200250683A1 (en) * | 2019-01-31 | 2020-08-06 | Salesforce.Com, Inc. | Systems, methods, and apparatuses for implementing certificates of authenticity of digital twins transacted onto a blockchain using distributed ledger technology (dlt) |
| CN111716353A (en) * | 2020-05-20 | 2020-09-29 | 西安交通大学 | Digital twin virtual-real synchronous operation method based on publish/subscribe mode |
| CN112099948A (en) * | 2020-09-10 | 2020-12-18 | 西安交通大学 | Method for standardizing digital twin manufacturing unit protocol and integrating industrial big data in real time |
| CN112882765A (en) * | 2021-01-29 | 2021-06-01 | 航天科工智能运筹与信息安全研究院(武汉)有限公司 | Digital twin model scheduling method and device |
| WO2021108680A1 (en) * | 2019-11-25 | 2021-06-03 | Strong Force Iot Portfolio 2016, Llc | Intelligent vibration digital twin systems and methods for industrial environments |
| CN113064351A (en) * | 2021-03-26 | 2021-07-02 | 京东数字科技控股股份有限公司 | Digital twin model construction method and device, storage medium and electronic equipment |
| CN114424167A (en) * | 2019-05-06 | 2022-04-29 | 强力物联网投资组合2016有限公司 | Platform for promoting intelligent development of industrial Internet of things system |
| CN114500536A (en) * | 2022-01-27 | 2022-05-13 | 京东方科技集团股份有限公司 | Cloud edge cooperation method, system, device, cloud platform, equipment and medium |
-
2022
- 2022-09-13 CN CN202211109774.9A patent/CN115484032A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111295660A (en) * | 2017-11-02 | 2020-06-16 | 区块链控股有限公司 | Computer-implemented system and method for connecting blockchains to digital twins |
| US20200250683A1 (en) * | 2019-01-31 | 2020-08-06 | Salesforce.Com, Inc. | Systems, methods, and apparatuses for implementing certificates of authenticity of digital twins transacted onto a blockchain using distributed ledger technology (dlt) |
| CN114424167A (en) * | 2019-05-06 | 2022-04-29 | 强力物联网投资组合2016有限公司 | Platform for promoting intelligent development of industrial Internet of things system |
| WO2021108680A1 (en) * | 2019-11-25 | 2021-06-03 | Strong Force Iot Portfolio 2016, Llc | Intelligent vibration digital twin systems and methods for industrial environments |
| CN111716353A (en) * | 2020-05-20 | 2020-09-29 | 西安交通大学 | Digital twin virtual-real synchronous operation method based on publish/subscribe mode |
| CN112099948A (en) * | 2020-09-10 | 2020-12-18 | 西安交通大学 | Method for standardizing digital twin manufacturing unit protocol and integrating industrial big data in real time |
| CN112882765A (en) * | 2021-01-29 | 2021-06-01 | 航天科工智能运筹与信息安全研究院(武汉)有限公司 | Digital twin model scheduling method and device |
| CN113064351A (en) * | 2021-03-26 | 2021-07-02 | 京东数字科技控股股份有限公司 | Digital twin model construction method and device, storage medium and electronic equipment |
| CN114500536A (en) * | 2022-01-27 | 2022-05-13 | 京东方科技集团股份有限公司 | Cloud edge cooperation method, system, device, cloud platform, equipment and medium |
Non-Patent Citations (4)
| Title |
|---|
| KEQI WANG等: "Simulation-Based Digital Twin Development for Blockchain Enabled End-to-End Industrial Hemp Supply Chain Risk Management", 2020 WINTER SIMULATION CONFERENCE (WSC), 29 March 2021 (2021-03-29) * |
| 杜宏祥: "数据驱动的数字孪生模型构建与在线监控应用", 中国优秀硕士学位论文全文数据库, 15 June 2020 (2020-06-15) * |
| 杨德东: "数字孪生在协同制造中的应用研究", 中国优秀硕士学位论文全文数据库, 15 April 2022 (2022-04-15) * |
| 陈志鼎;梅李萍;: "基于数字孪生技术的水轮机虚实交互系统设计", 水电能源科学, no. 09, 15 September 2020 (2020-09-15) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110113167B (en) | Information protection method and system of intelligent terminal and readable storage medium | |
| CN110263585B (en) | Test supervision method, device, equipment and storage medium | |
| CN112217835B (en) | Message data processing method and device, server and terminal equipment | |
| KR100985857B1 (en) | Device and method for detecting and preventing sensitive information leakage in portable terminal | |
| CN112003838B (en) | Network threat detection method, device, electronic device and storage medium | |
| CN107145802A (en) | A kind of BIOS integrity measurement methods, baseboard management controller and system | |
| CN109981682A (en) | Data verification method, the apparatus and system of internet of things equipment | |
| CN109684878B (en) | Privacy information tamper-proofing method and system based on block chain technology | |
| WO2020093722A1 (en) | Block chain-based prescription data verification method and device, and server | |
| CN109117643B (en) | System processing method and related equipment | |
| CN111767537A (en) | Tamper verification method of application program based on IOS (operating system) and related equipment | |
| CN108763062B (en) | Method for filtering buried point names and terminal equipment | |
| CN113141335A (en) | Network attack detection method and device | |
| CN110969723B (en) | Data management method, detection device, server, and computer-readable storage medium | |
| Feng et al. | Autonomous vehicles' forensics in smart cities | |
| CN115484032A (en) | Digital twin data secure storage method and device, electronic equipment and storage medium | |
| CN106330886A (en) | Method and equipment for protecting video privacy in remote monitoring | |
| CN114257404B (en) | Abnormal external connection statistical alarm method, device, computer equipment and storage medium | |
| CN113794735B (en) | Sensitive data security protection method in SAAS system scene | |
| CN115643045A (en) | Trigger type crawler searching and detecting early warning system | |
| JP2009053896A (en) | Unauthorized operation detector and program | |
| CN113987435A (en) | Illegal copyright detection method and device, electronic equipment and storage medium | |
| CN112702566A (en) | Power line patrol unmanned aerial vehicle communication system and method | |
| CN116095683B (en) | Network security protection method and device for wireless router | |
| CN113438598B (en) | Terminal positioning method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |