CN115766181A - Block chain-based data sharing architecture and method for space environment ground simulation device - Google Patents
Block chain-based data sharing architecture and method for space environment ground simulation device Download PDFInfo
- Publication number
- CN115766181A CN115766181A CN202211402875.5A CN202211402875A CN115766181A CN 115766181 A CN115766181 A CN 115766181A CN 202211402875 A CN202211402875 A CN 202211402875A CN 115766181 A CN115766181 A CN 115766181A
- Authority
- CN
- China
- Prior art keywords
- data
- block chain
- data sharing
- intelligent contract
- sesri
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000004088 simulation Methods 0.000 title claims abstract description 34
- 230000005540 biological transmission Effects 0.000 claims abstract description 11
- 230000003993 interaction Effects 0.000 claims abstract description 7
- 230000000694 effects Effects 0.000 claims abstract description 5
- 239000000969 carrier Substances 0.000 claims abstract description 4
- 238000012545 processing Methods 0.000 claims abstract description 4
- 238000002474 experimental method Methods 0.000 claims description 75
- 238000011160 research Methods 0.000 claims description 73
- 238000007726 management method Methods 0.000 claims description 29
- 230000007246 mechanism Effects 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 12
- 238000003860 storage Methods 0.000 claims description 12
- 238000005516 engineering process Methods 0.000 claims description 10
- 238000011065 in-situ storage Methods 0.000 claims description 8
- 230000008520 organization Effects 0.000 claims description 8
- 238000013500 data storage Methods 0.000 claims description 5
- 238000013461 design Methods 0.000 claims description 5
- 239000000463 material Substances 0.000 claims description 5
- 230000009471 action Effects 0.000 claims description 4
- 230000015556 catabolic process Effects 0.000 claims description 4
- 238000006731 degradation reaction Methods 0.000 claims description 4
- 230000004044 response Effects 0.000 claims description 4
- 239000000126 substance Substances 0.000 claims description 4
- 238000004458 analytical method Methods 0.000 claims description 3
- 238000012550 audit Methods 0.000 claims description 3
- 238000013475 authorization Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 claims description 3
- 238000010276 construction Methods 0.000 claims description 3
- 238000011217 control strategy Methods 0.000 claims description 3
- 230000001360 synchronised effect Effects 0.000 claims description 3
- 238000013523 data management Methods 0.000 claims description 2
- 238000013524 data verification Methods 0.000 claims description 2
- 238000012552 review Methods 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 3
- 241000282414 Homo sapiens Species 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010587 phase diagram Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Abstract
The invention discloses a data sharing architecture and a method of a space environment ground simulation device based on a block chain, wherein the data sharing architecture consists of a data resource layer, a block chain network layer, an intelligent contract layer and an application layer, wherein: the data resource layer is responsible for providing a transmission platform required by data support and downlink exchange for data transactions on the block chain; the block chain network layer is responsible for information transmission and service realization; the intelligent contract layer is responsible for processing various complex business logics in the system; the application layer mainly provides a man-machine interaction interface, calls an intelligent contract by using SDKs, provides information exchange carriers in different forms such as a browser and client application according to different service activity conditions, and acquires data resources or uses other data services provided by the system by using corresponding modes by workers in different departments and different posts in different organizational structures. The invention can provide a safer and more reliable data sharing scheme for the large scientific engineering.
Description
Technical Field
The invention belongs to the field of big data sharing, relates to a space environment ground simulation device, and particularly relates to a data sharing architecture and method of the space environment ground simulation device based on a block chain.
Background
With the deep exploration of human beings on the outer space, deep research is urgently needed in the aspects of space environment effects of spacecraft materials, devices and functional systems thereof and the like. The space environment ground simulation device is one of large scientific projects, provides a large space comprehensive environment ground simulation platform, can realize in-situ/semi-in-situ representation of the action process of a space comprehensive environment and substances on the basis of comprehensive simulation of a plurality of space environment factors, and explores a space-time evolution theory of performance/function degradation of materials, devices and systems in the space comprehensive environment.
The space environment ground simulation device is used as an open space environment simulation experiment platform and can provide a good experiment environment for enterprise units, research institutions and the like taking the space environment as the background. However, in the multiple organization cooperation, the trust problem exists between the multiple organization cooperation, and in the experimental operation, the generated data is huge and has the characteristics of multiple categories, large scale and high value. Therefore, it is necessary to research how to efficiently manage data among multiple organizations, and to achieve secure and reliable sharing of data.
The block chain is considered as a brand-new decentralized infrastructure and distributed computing paradigm, the decentralized data structure enables the data to have the characteristics of being not tampered with, being traceable and the like, and a new solution is brought to the problems that a single point of failure exists in a traditional data sharing system, data are easily tampered with privately and the like.
Disclosure of Invention
The invention provides a data sharing architecture and method of a space environment ground simulation device based on a block chain, aiming at the problems that trust exists among organizations in data sharing among multiple organizations, and the problems that the safety performance of data is low and the data is easy to be distorted in the sharing process. The invention combines the block chain technology with the encryption technology and the access control technology, further ensures the safety of data and can provide a safer and more reliable data sharing scheme for the large scientific engineering.
The purpose of the invention is realized by the following technical scheme:
a data sharing architecture of a space environment ground simulation device based on a block chain is composed of a data resource layer, a block chain network layer, an intelligent contract layer and an application layer 4, wherein:
the data resource layer is responsible for providing data support for data transactions on the block chain and providing a transmission platform required by the data support and the data exchange under the block chain, and the data resource layer is stored by adopting an IPFS (Inter platform File System) distributed storage technology;
the block chain network layer adopts a P2P communication mechanism, provides a block chain network, is responsible for information transmission and service realization, and consists of 3 parts of a distributed account book, a consensus mechanism and network service;
the distributed account book records block chain network data information in a block data format, wherein the block chain network data information comprises a data abstract, a data index, access strategy information, an authorization record, key information and a transaction record;
the block data is divided into a block head and a block body, and the block head comprises the contents of a previous block hash value, a block chain number, a timestamp, a Merkle root, a version number and the like, as well as a current block hash value and a random number; the block body is used as a carrier for actually storing data and contains transaction data related to transactions; generating a corresponding hash value for each transaction record in the block through a hash algorithm, and then generating a unique Merkle root of the current block according to Merkle construction rules and recording the Merkle root into a block head; the blocks are combined according to the generation time sequence to form a chain structure which is connected in a front-back mode, and a Hash mark is given to each block by utilizing a Hash algorithm, so that the blocks are guaranteed not to be tampered;
the consensus mechanism adopts a Raft consensus strategy, so that a system management mechanism, an SESRI experiment platform and various research institutions achieve consensus, the consistency of distributed accounts is ensured, and the trust problem among the distributed accounts is solved;
the network service is used for transmitting and verifying data among the nodes of the block chain, all departments in the system management mechanism, the SESRI experiment platform and all research institutions join the block chain network after being checked, data broadcasting is carried out among the nodes through a Gossip protocol, and the data are synchronized in an organization form;
the intelligent contract layer is responsible for processing various complex business logics in the system, is a key link for realizing interaction between a bottom data account book and an upper layer user, and has the main functions of account registration and cancellation, encryption technology management, access control, data storage and query and the like;
the application layer mainly provides a human-computer interaction interface, calls an intelligent contract by using SDKs, provides information exchange carriers in different forms such as a browser, client application and the like according to different service activity conditions, and acquires data resources or uses other data services provided by the system by using corresponding modes by workers in different departments and different posts in different organizational structures;
the organization structure comprises a system management organization, an SESRI experiment platform and various research organizations:
the system management mechanism is an access control function added for preventing malicious users from joining, is in charge of maintaining software and a network of the whole shared platform on one hand, and is in charge of managing users of the whole system on the other hand, and comprises the steps of establishing roles, managing account numbers, auditing roles, managing authorities and the like for an SESRI experimental platform and various research institutions;
the SESRI experiment platform is used as a large-scale space comprehensive environment ground simulation platform, can realize in-situ/semi-in-situ characterization of a space comprehensive environment and substance action process on the basis of comprehensive simulation of a plurality of space environment factors, explores a space-time evolution theory of performance/function degradation of materials, devices and systems in the space comprehensive environment and provides a space comprehensive environment ground simulation experiment platform for research institutions, wherein the SESRI experiment platform is divided into experiment managers, experiment engineers, data sharing submitters and data sharing managers;
the research institution refers to a research institution taking a space environment as a background, and when the research institution needs to simulate a space comprehensive environment during an experiment, the research institution can perform a corresponding experiment by using an SESRI experiment platform, and generally, the research institution is divided into an experiment manager, an experiment engineer and a data sharing requester.
A data sharing method for a space environment ground simulation device based on a block chain comprises the following steps:
s101: experiment managers of research institutions carry out experiment design and apply for experiment projects to the SESRI experiment platform;
s102: the method comprises the following steps that an experiment manager of the SESRI experiment platform checks experiment projects applied by the experiment manager of a research institution;
s103: if the audit is not passed, the step S104 is entered, otherwise, the step S105 is entered;
s104: the reason for submitting the rejection application is ended;
s105: performing experiments according to the experimental projects by an experimental engineer of the SESRI experimental platform and an experimental engineer of a research institution, and collecting experimental data;
s106: the method comprises the following steps that an experiment engineer of the SESRI experiment platform and an experiment engineer of a research institution analyze experiment data and submit results to an analysis result repository;
s107: a data sharing requester of a research institution applies for access to experimental data;
s108: a data sharing manager of the SESRI experimental platform adopts an access control method to check the access authority of a data sharing requester of a research institution, and an access strategy is recorded in a distributed account book of a block chain network layer;
s109: if the data sharing manager of the SESRI experiment platform fails to check, returning to S107, otherwise, entering S110;
s110: data sharing submitting personnel of the SESRI experiment platform encrypt data to be shared and send the data through a block chain network;
s111: and the data sharing requester of the research institution obtains the ciphertext data and decrypts the ciphertext data through the key to obtain the required data.
Compared with the prior art, the invention has the following advantages:
in order to realize the data security sharing of the space environment ground simulation device, the invention designs a sharing architecture with a data resource layer, a block chain network layer, an intelligent contract layer and an application layer, and designs a data security sharing method based on the data sharing architecture. Meanwhile, an access control technology based on attributes is adopted, fine-grained access control of the device is achieved, and unauthorized access of illegal personnel is prevented. And finally, the data abstract information, the key information and the relevant information of the access control strategy are added into the block chain, so that the data is prevented from being illegally tampered, and the stability of the system is enhanced.
Drawings
FIG. 1 is a block chain based data sharing architecture for a spatial environment ground simulator;
FIG. 2 is a block data structure diagram of a data sharing architecture of a spatial environment ground simulator based on a block chain;
FIG. 3 is a flow chart of a data sharing method for a block chain-based ground simulation device for a space environment;
FIG. 4 is a block chain-based data encryption transmission flow chart of a data sharing method for a ground simulation device in a space environment;
FIG. 5 is a block chain-based data sharing access control preparation phase diagram of a space environment ground simulator;
FIG. 6 is a schematic diagram of a data sharing access control implementation stage of a block chain-based space environment ground simulation device;
fig. 7 is a block chain-based data sharing access strategy structure diagram of a space environment ground simulation device.
Detailed Description
The technical solution of the present invention is further described below with reference to the accompanying drawings, but not limited thereto, and any modification or equivalent replacement of the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention shall be covered by the protection scope of the present invention.
The invention provides a data sharing architecture of a space environment ground simulation device based on a block chain technology, as shown in figure 1, the data sharing architecture consists of a data resource layer, a block chain network layer, an intelligent contract layer and an application layer 4, wherein:
1. a data resource layer: the system is responsible for providing data support for data transactions on a blockchain and a transmission platform required by down-chain exchange, wherein:
the data is from databases of various projects, technical achievements and the like of an SESRI experiment platform and research institutions, various business information systems generated by experiment operation management of various organizations, file servers and the like, and specifically comprises experiment data, business data, personnel management data, data analysis achievements and the like. Because the database of the blockchain node has limitation in data storage, the data on the chain is exchanged through the blockchain network, and the data under the chain is stored through the distributed storage technology based on the IPFS under the control of the blockchain.
2. Block chain network layer: a P2P communication mechanism is adopted to provide a block chain network which is responsible for information transmission and service realization, the block chain network layer is composed of 3 parts of a distributed account book, network service and a consensus mechanism, wherein:
the distributed account book records block chain network data information in a block data format, wherein the block chain network data information comprises a data abstract, a data index, access strategy information, an authorization record, key information and a transaction record.
As shown in fig. 2, the block data is divided into a block header and a block body, where the block header contains the hash value of the previous block, the block chain number, the timestamp, the Merkle root, the version number, and the like, as well as the hash value of the current block and the random number; the block body is used as a carrier for actually storing data and contains transaction data related to transactions; generating a corresponding hash value for each transaction record in the block through a hash algorithm, and then generating a unique Merkle root of the current block according to Merkle construction rules and recording the Merkle root into a block head; the blocks are combined according to the generation time sequence to form a chain structure which is connected front and back, and a Hash mark is given to each block by utilizing a Hash algorithm, so that the blocks are prevented from being tampered.
The network service is used for the transmission and verification of data among the nodes of the block chain, all departments in the system management mechanism, the SESRI experiment platform and all research institutions join the block chain network after being checked, data broadcasting is carried out among the nodes through a Gossip protocol, and the data are synchronized in an organization form;
the consensus mechanism adopts a Raft consensus strategy, so that the system management mechanism, the SESRI experiment platform and each research institution achieve consensus, the consistency of the distributed account book is ensured, and the trust problem among the distributed account book and the research institution is solved.
3. Intelligent contract layer: the intelligent contract is mainly responsible for processing various complex business logics in a system, such as data storage, data sharing, authority management, access control, key management and the like, is a key link for realizing interaction between a bottom-layer data account book and an upper-layer user, and has the main functions of account registration and cancellation, encryption technology management, access control, data storage and query and the like;
4. an application layer: the method mainly provides a human-computer interaction interface, calls an intelligent contract by using SDKs, provides information exchange carriers of different forms such as browsers, client applications and the like according to different service activity conditions, and obtains data resources or uses other data services provided by a system by using corresponding modes by workers of different departments and different posts in different organizations, wherein the organizations comprise a system management organization, an SESRI experimental platform and various research organizations, and the method comprises the following steps:
the system management mechanism is an access control function added for preventing malicious users from joining, is in charge of maintaining software and a network of the whole shared platform on one hand, and is in charge of managing users of the whole system on the other hand, and comprises the steps of establishing roles, managing account numbers, auditing roles, managing authorities and the like for an SESRI experimental platform and various research institutions;
the SESRI experimental platform is used as a large-scale space comprehensive environment ground simulation platform, can realize in-situ/semi-in-situ representation of the action process of a space comprehensive environment and substances on the basis of comprehensive simulation of a plurality of space environment factors, explores a space-time evolution theory of performance/function degradation of materials, devices and systems in the space comprehensive environment, and provides a space comprehensive environment ground simulation experimental platform for research institutions, wherein the SESRI experimental platform is divided into experiment managers, experiment engineers, data sharing submitters and data sharing managers;
the research institution refers to a research institution with a space environment as a background, and when the research institution needs to simulate a space comprehensive environment during an experiment, the research institution can perform a corresponding experiment by using the SESRI experiment platform, and generally, the research institution is divided into an experiment manager, an experiment engineer and a data sharing requester.
A method for sharing data of a block chain-based space environment ground simulation apparatus by using the data sharing architecture, as shown in fig. 3, includes the following steps:
s101: experiment managers of research institutions carry out experiment design and apply for experiment projects to an SESRI experiment platform;
s102: the method comprises the following steps that an experiment manager of the SESRI experiment platform checks experiment projects applied by the experiment manager of a research institution;
s103: if the audit is not passed, the step S104 is carried out, otherwise, the step S105 is carried out;
s104: the reason for submitting the rejection application is ended;
s105: performing experiments by experimental engineers of the SESRII experimental platform and experimental engineers of a research institution according to the experimental projects, and collecting experimental data;
s106: the method comprises the following steps that an experiment engineer of the SESRI experiment platform and an experiment engineer of a research institution analyze experiment data and submit results to an analysis result repository;
s107: a data sharing requester of a research institution applies for access to experimental data;
s108: a data sharing manager of the SESRI experimental platform adopts an access control method to check the access authority of a data sharing requester of a research institution, and an access strategy is recorded in a distributed account book of a block chain network layer;
s109: if the data sharing manager of the SESRI experiment platform fails to check, returning to S107, otherwise, entering S110;
s110: data sharing submitting personnel of the SESRI experiment platform encrypt data to be shared and send the data through a block chain network;
s111: and the data sharing requester of the research institution obtains the ciphertext data and decrypts the ciphertext data through the key to obtain the required data.
As shown in fig. 4, in step S110 and step S111, the specific steps of the data sharing submitter of the SESRI experimental platform submitting data and the data sharing requester of the research institution receiving data are as follows:
s201: sharing data by a data sharing submitter of the SESRI experimental platform, and encrypting the data to be uploaded by adopting an AES encryption algorithm;
s202: a data sharing submitter of the SESRI experimental platform stores the encrypted data to the IPFS, obtains a storage address of the IPFS and forms a data abstract;
s203: a data sharing submitter of the SESRI experimental platform calls a data management contract and stores data information into a chain state database, wherein the data information comprises a data name, a storage address, an encryption key, a dynamic access strategy, author information storage and the like;
s204: a data sharing requester of a research institution calls a data list method to locate required data;
s205: data sharing requesters of research institutions judge and acquire storage address information through access rights;
s206: a data sharing requester of a research institution locates the IPFS position of the data according to the storage address information and downloads the encrypted data content;
s207: a data sharing requester of a research institution generates an RSA key and sends the generated public key to a data sharing submitter of an SESRI experimental platform through a block chain network;
s208: encrypting the AES secret key by a data sharing submitter of the SESRI experimental platform according to a public key of a data sharing requester of a research institution, and transmitting the AES secret key to the data sharing requester of the research institution through a block chain network;
s209: the data sharing requester of the research institution decrypts the transmitted AES key according to its own private key to obtain the key, and in this step, the decryption process of the RSA algorithm is optimized by using the Chinese Remainder Theorem (CRT), and the optimized decryption process is as follows:
(1) Let d p = d mod (p-1) and d q =d mod(q-1);
(2) Calculate m 1 =C dp mod p and m 2 =C dq mod q;
(3) Calculate qInv from qInv × q =1mod p;
(4)h=(qInv×((m 1 -m 2 )mod p)mod p);
(5) The decryption result M = M 2 +h×q;
Wherein d is a public key of an RSA algorithm, p and q are two unequal large prime numbers, and M is a plaintext result;
s210: and decrypting by using the AES key to obtain the original data content.
In the present invention, the access control method described in step S108 adopts attribute-based access control and a blockchain technique in combination to perform fine-grained access control on data sharing, and mainly includes a preparation stage and an implementation stage, as shown in fig. 5, the preparation stage includes the following steps:
s301: the attribute management party plans and formulates attributes and attribute domains such as a main body, authority, environment and the like according to the actual situation of a research institution, and determines attribute relation information while issuing an attribute set to a block chain;
s302: issuing an access control strategy of the data resource in the block chain of the strategy management direction;
as shown in fig. 6, the implementation phase includes the following steps:
s401: a user submits a request to a block chain network through a client, and when a policy enforcement point intelligent contract receives an operation request sent to the policy enforcement point intelligent contract by the client for performing certain operation on certain data, the policy enforcement point intelligent contract starts to analyze and obtains a subject, an object and operation information in an original access request and sends the subject, the object and the operation information to the policy decision point intelligent contract;
s402: after receiving the request, the intelligent contract of the strategy decision point requests a relevant access strategy from the intelligent contract of the strategy management point according to the object and the operation information, and after combining the strategy appointed by the preparation stage, the intelligent contract of the strategy management point returns a strategy set to the intelligent contract of the strategy decision point;
s403: the strategy decision point intelligent contract requests subject, object and environment attribute information required by a strategy set from a strategy information point intelligent contract according to a result returned by the strategy management point intelligent contract, and the strategy information point intelligent contract returns the result to the strategy decision point intelligent contract after extracting relevant attribute information;
s404: the strategy decision point intelligent contract makes access control judgment on the request according to the grasped attribute and strategy information, and returns the judgment result response to the strategy implementation point intelligent contract;
s405: and the strategy implementation point intelligent contract performs compliant access operation on the data resource according to the response result of the strategy decision point intelligent contract and records the data transaction information on the block chain.
In the present invention, the access policy attributes in step S402 include a subject attribute, an object attribute, an authority attribute, and an environment attribute, where:
the main body attribute refers to a node attribute which actively sends a request to a data file;
the object attribute refers to an attribute corresponding to the accessed data file;
the authority attribute refers to various operations on data, such as query, update and the like;
the environment attribute refers to environment information such as time or network location when the data access control process occurs.
In a specific embodiment, the Access Policy structure described in step S402 is as shown in fig. 7, and a simple Access Policy may be represented as AP (Access Policy) = { O (data type = file, data subject = plasma experimental data, department = plasma micro-subsystem), P (view), S (position = advanced engineer, department = all), E (Access time = working time, IP position = company intranet) }, and the meaning information represented by this Policy is that the file of the plasma micro-subsystem with respect to the plasma experimental data can be viewed through the company intranet by users at the level of advanced engineers of all departments in the research institution at normal working hours, and if this condition is not satisfied after testing, the application is rejected.
Claims (10)
1. A data sharing architecture of a space environment ground simulation device based on a block chain is characterized in that the data sharing architecture consists of a data resource layer, a block chain network layer, an intelligent contract layer and an application layer 4, wherein:
the data resource layer is responsible for providing a transmission platform required by data support and downlink exchange for data transactions on the block chain;
the block chain network layer adopts a P2P communication mechanism, provides a block chain network, is responsible for information transmission and service realization, and consists of 3 parts of a distributed account book, a consensus mechanism and network service;
the distributed account book records block chain network data information in a block data format;
the consensus mechanism adopts a Raft consensus strategy, so that a system management mechanism, an SESRI experiment platform and various research institutions achieve consensus, the consistency of distributed accounts is ensured, and the trust problem among the distributed accounts is solved;
the network service is used for the transmission and verification of data among the nodes of the block chain, the system management mechanism, the SESRI experimental platform and each department in each research institution are added into the block chain network after being checked, data broadcasting is carried out among the nodes through a Gossip protocol, and the data are synchronized in an organization form;
the intelligent contract layer is responsible for processing various complex business logics in the system and is a key link for realizing interaction between a bottom data account book and an upper layer user;
the application layer mainly provides a man-machine interaction interface, calls an intelligent contract by using SDKs, provides information exchange carriers in different forms such as a browser and client application according to different service activity conditions, and acquires data resources or uses other data services provided by the system by using corresponding modes by workers in different departments and different posts in different organizational structures.
2. The data sharing architecture of the biockchain-based space environment ground simulation device according to claim 1, wherein the biockchain network data information includes data digest, data index, access policy information, authorization record, key information and transaction record, the block data is divided into two parts of block header and block body, the block header contains the previous block hash value, block chain number, timestamp, merkle root, version number, and current block hash value, random number; the block body is used as a carrier for actually storing data and contains transaction data related to transactions; for each transaction record in the block, generating a corresponding hash value through a hash algorithm, then generating a unique Merkle root of the current block according to a Merkle construction rule, and recording a block head; the blocks are combined according to the generation time sequence to form a chain structure which is connected front and back, and a Hash mark is given to each block by utilizing a Hash algorithm, so that the blocks are prevented from being tampered.
3. The block chain-based space environment ground simulator data sharing architecture of claim 1, wherein the main functions of the intelligent contract are account registration and deregistration, cryptographic technology management, access control, data storage and query functions.
4. The blockchain-based space environment ground simulator data sharing architecture of claim 1, wherein the organizational structure includes a system administration, a SESRI experimental platform, and research institutions, wherein:
the system management mechanism is an admission control function added for preventing malicious users from joining, and is responsible for maintaining the software and the network of the whole shared platform on one hand and managing the users of the whole system on the other hand;
the SESRI experimental platform is used as a large-scale space comprehensive environment ground simulation platform, can realize in-situ/semi-in-situ representation of the action process of a space comprehensive environment and substances on the basis of comprehensive simulation of a plurality of space environment factors, explores a space-time evolution theory of performance/function degradation of materials, devices and systems in the space comprehensive environment and provides a space comprehensive environment ground simulation experimental platform for research institutions;
the research institution refers to a research institution taking a space environment as a background, and when a space comprehensive environment needs to be simulated during an experiment, the corresponding experiment is performed by means of an SESRI experiment platform.
5. The blockchain-based space environment ground simulator data sharing architecture of claim 1, wherein the system administration includes creating roles, managing accounts, auditing roles, and rights management for SESRI experimental platforms and research institutions; the SESRI experiment platform is divided into experiment managers, experiment engineers, data sharing submitters and data sharing managers; research institutions are divided into experiment managers, experiment engineers and data sharing requesters.
6. A method for realizing data sharing of a block chain-based spatial environment ground simulation device by using the data sharing architecture of any one of claims 1 to 5, wherein the method comprises the following steps:
s101: experiment managers of research institutions carry out experiment design and apply for experiment projects to an SESRI experiment platform;
s102: the method comprises the following steps that an experiment manager of the SESRI experiment platform checks experiment projects applied by the experiment manager of a research institution;
s103: if the audit is not passed, the step S104 is entered, otherwise, the step S105 is entered;
s104: the reason for submitting the refute application is that the process is ended;
s105: performing experiments according to the experimental projects by an experimental engineer of the SESRI experimental platform and an experimental engineer of a research institution, and collecting experimental data;
s106: the method comprises the following steps that experimental engineers of the SESRI experimental platform and experimental engineers of research institutions analyze experimental data, and results are submitted to an analysis result repository;
s107: a data sharing requester of a research institution applies for access to the experimental data;
s108: a data sharing manager of the SESRI experimental platform adopts an access control method to check the access authority of a data sharing requester of a research institution, and an access strategy is recorded in a distributed account book of a block chain network layer;
s109: if the review of the data sharing manager of the SESRI experiment platform is not passed, returning to S107, otherwise, entering S110;
s110: data sharing submitting personnel of the SESRI experiment platform encrypt data to be shared and send the data through a block chain network;
s111: and the data sharing requester of the research institution obtains the ciphertext data and decrypts the ciphertext data through the key to obtain the required data.
7. The method for sharing data in the block chain-based ground simulation device for space environment according to claim 6, wherein in step S110 and step S111, the specific steps of submitting data by the data sharing submitter of the SESRI experimental platform and receiving data by the data sharing requester of the research institution are as follows:
s201: sharing data by a data sharing submitter of the SESRI experimental platform, and encrypting the data to be uploaded by adopting an AES encryption algorithm;
s202: a data sharing submitter of the SESRI experimental platform stores the encrypted data to the IPFS, obtains a storage address of the IPFS and forms a data abstract;
s203: a data sharing submitter of the SESRI experimental platform calls a data management contract and stores data information into a chain state database, wherein the data information comprises a data name, a storage address, an encryption key, a dynamic access strategy and author information storage;
s204: a data sharing requester of a research institution calls a data list method to locate required data;
s205: data sharing requesters of research institutions judge and acquire storage address information through access rights;
s206: a data sharing requester of a research institution locates the IPFS position of the data according to the storage address information and downloads the encrypted data content;
s207: a data sharing requester of a research institution generates an RSA key and sends the generated public key to a data sharing submitter of an SESRI experimental platform through a block chain network;
s208: encrypting the AES secret key by a data sharing submitter of the SESRI experimental platform according to a public key of a data sharing requester of a research institution, and transmitting the AES secret key to the data sharing requester of the research institution through a block chain network;
s209: a data sharing requester of a research institution decrypts the transmitted AES key according to a private key of the data sharing requester to obtain a key;
s210: and decrypting by using the AES key to obtain the original data content.
8. The method according to claim 7, wherein in step S209, the decryption process of the RSA algorithm is optimized using the china remainder theorem, and the optimized decryption process is as follows:
(1) Let d p D mod (p-1) and d q =d mod(q-1);
(2) Calculate m 1 =C dp mod p and m 2 =C dq mod q;
(3) Calculate qInv from qInv × q =1mod p;
(4)h=(qInv×((m 1 -m 2 )mod p)mod p);
(5) The decryption result M = M 2 +h×q;
Wherein d is the public key of RSA algorithm, p and q are two unequal large prime numbers, and M is the plaintext result.
9. The method for sharing data in a ground simulation apparatus for a space environment based on a blockchain according to claim 6, wherein in the step S108, the access control method adopts attribute-based access control in combination with a blockchain technique to perform fine-grained access control on data sharing, and mainly includes a preparation stage and an implementation stage, wherein:
the preparation phase comprises the following steps:
s301: the attribute management party plans and formulates a main body, a right, an environment attribute and an attribute domain according to the actual situation of a research institution, and determines attribute relation information while issuing an attribute set to a block chain;
s302: issuing an access control strategy of the data resource in the block chain of the strategy management direction;
the implementation phase comprises the following steps:
s401: a user submits a request to a block chain network through a client, and when a policy enforcement point intelligent contract receives an operation request sent to the policy enforcement point intelligent contract by the client for performing certain operation on certain data, the policy enforcement point intelligent contract starts to analyze and obtains a subject, an object and operation information in an original access request and sends the subject, the object and the operation information to the policy decision point intelligent contract;
s402: after receiving the request, the intelligent contract of the strategy decision point requests a relevant access strategy from the intelligent contract of the strategy management point according to the object and the operation information, and after combining the strategy appointed by the preparation stage, the intelligent contract of the strategy management point returns a strategy set to the intelligent contract of the strategy decision point;
s403: the intelligent contract of the strategy decision point requests the subject, object and environment attribute information needed by the strategy set from the intelligent contract of the strategy information point according to the result returned by the intelligent contract of the strategy management point, and the intelligent contract of the strategy information point returns the result to the intelligent contract of the strategy decision point after extracting the relevant attribute information;
s404: the intelligent contract of the strategy decision point makes access control judgment on the request according to the grasped attribute and strategy information and returns the judgment result response to the intelligent contract of the strategy implementation point;
s405: and the strategy implementation point intelligent contract performs compliant access operation on the data resource according to the response result of the strategy decision point intelligent contract and records the data transaction information on the block chain.
10. The method for sharing data in a ground simulator based on block chain in space environment as claimed in claim 9, wherein in step S402, the access policy attribute includes a subject attribute, an object attribute, a permission attribute and an environment attribute, wherein:
the main body attribute refers to a node attribute which actively sends a request to a data file;
the object attribute refers to an attribute corresponding to the accessed data file;
the authority attribute refers to various operations on data;
the environment attribute refers to environment information when a data access control process occurs.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211402875.5A CN115766181A (en) | 2022-11-09 | 2022-11-09 | Block chain-based data sharing architecture and method for space environment ground simulation device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211402875.5A CN115766181A (en) | 2022-11-09 | 2022-11-09 | Block chain-based data sharing architecture and method for space environment ground simulation device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115766181A true CN115766181A (en) | 2023-03-07 |
Family
ID=85368926
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211402875.5A Pending CN115766181A (en) | 2022-11-09 | 2022-11-09 | Block chain-based data sharing architecture and method for space environment ground simulation device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115766181A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116582352A (en) * | 2023-06-13 | 2023-08-11 | 国网浙江省电力有限公司宁波供电公司 | Intelligent digital supervision method and system for data interaction |
| CN117335960A (en) * | 2023-11-02 | 2024-01-02 | 北京邮电大学 | Block chain-based carbon data sharing access method and device in zero trust network |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110351381A (en) * | 2019-07-18 | 2019-10-18 | 湖南大学 | A kind of Distributed data share method that Internet of Things based on block chain is credible |
| CN112491804A (en) * | 2020-11-04 | 2021-03-12 | 沈阳化工大学 | ICS (Internet connection sharing) security policy method based on block chain |
| US10984400B1 (en) * | 2021-01-05 | 2021-04-20 | Mythical, Inc. | Systems and methods for using shared user inventory information to initiate a peer-to-peer exchange of a non-fungible digital asset |
| CN113516368A (en) * | 2021-06-11 | 2021-10-19 | 北京大学 | Method, device, equipment and medium for predicting uncertainty risk of city and community |
| CN113869883A (en) * | 2021-10-30 | 2021-12-31 | 哈尔滨工业大学 | Experimental project operation management method based on template instance strategy |
| CN114172735A (en) * | 2021-12-11 | 2022-03-11 | 中国人民解放军战略支援部队信息工程大学 | Double-chain mixed block chain data sharing method and system based on intelligent contract |
-
2022
- 2022-11-09 CN CN202211402875.5A patent/CN115766181A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110351381A (en) * | 2019-07-18 | 2019-10-18 | 湖南大学 | A kind of Distributed data share method that Internet of Things based on block chain is credible |
| CN112491804A (en) * | 2020-11-04 | 2021-03-12 | 沈阳化工大学 | ICS (Internet connection sharing) security policy method based on block chain |
| US10984400B1 (en) * | 2021-01-05 | 2021-04-20 | Mythical, Inc. | Systems and methods for using shared user inventory information to initiate a peer-to-peer exchange of a non-fungible digital asset |
| CN113516368A (en) * | 2021-06-11 | 2021-10-19 | 北京大学 | Method, device, equipment and medium for predicting uncertainty risk of city and community |
| CN113869883A (en) * | 2021-10-30 | 2021-12-31 | 哈尔滨工业大学 | Experimental project operation management method based on template instance strategy |
| CN114172735A (en) * | 2021-12-11 | 2022-03-11 | 中国人民解放军战略支援部队信息工程大学 | Double-chain mixed block chain data sharing method and system based on intelligent contract |
Non-Patent Citations (1)
| Title |
|---|
| 陈培友;金显吉;佟为明;: "多智能体技术在高级量测体系信息集成中的应用", 低压电器, no. 23, 15 December 2013 (2013-12-15), pages 39 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116582352A (en) * | 2023-06-13 | 2023-08-11 | 国网浙江省电力有限公司宁波供电公司 | Intelligent digital supervision method and system for data interaction |
| CN116582352B (en) * | 2023-06-13 | 2023-11-14 | 国网浙江省电力有限公司宁波供电公司 | Intelligent digital supervision method and system for data interaction |
| CN117335960A (en) * | 2023-11-02 | 2024-01-02 | 北京邮电大学 | Block chain-based carbon data sharing access method and device in zero trust network |
| CN117335960B (en) * | 2023-11-02 | 2024-04-02 | 北京邮电大学 | Block chain-based carbon data sharing access method and device in zero trust network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112989415B (en) | Private data storage and access control method and system based on block chain | |
| CN111343001B (en) | Social data sharing system based on block chain | |
| CN103795692B (en) | Open authorization method, system and certification authority server | |
| US7792300B1 (en) | Method and apparatus for re-encrypting data in a transaction-based secure storage system | |
| CN110032545A (en) | File memory method, system and electronic equipment based on block chain | |
| CN115766181A (en) | Block chain-based data sharing architecture and method for space environment ground simulation device | |
| CN114513533A (en) | Classified and graded fitness and health big data sharing system and method | |
| CN109995530B (en) | Safe distributed database interaction system suitable for mobile positioning system | |
| CN106533693B (en) | Access method and device of railway vehicle monitoring and overhauling system | |
| CN110489996A (en) | A kind of database data method for managing security and system | |
| CN113922957B (en) | Virtual cloud wallet system based on privacy protection calculation | |
| CN114866346B (en) | Password service platform based on decentralization | |
| CN111901432A (en) | Block chain-based safety data exchange method | |
| Zheng et al. | Toward assured data deletion in cloud storage | |
| CN112202713A (en) | User data security protection method under Kubernetes environment | |
| CN116388986B (en) | Certificate authentication system and method based on post quantum signature | |
| KR20010045157A (en) | Method for managing information needed to recovery crytographic key | |
| CN113987561A (en) | Trusted execution environment-based private data classification method, system and terminal | |
| CN114329395A (en) | Supply chain financial privacy protection method and system based on block chain | |
| CN110428215B (en) | Intelligent robot data information mutual interaction safe and reliable transmission handling method and system | |
| Ma et al. | A secure and efficient data deduplication scheme with dynamic ownership management in cloud computing | |
| MS | A related work on secure event logs protection with user identity using privacy preservation for the cloud infrastructure | |
| Adlam et al. | Applying Blockchain Technology to Security-Related Aspects of Electronic Healthcare Record Infrastructure | |
| Katre et al. | Trusted third party for data security in cloud environment | |
| Bandanadam et al. | A methodical literature survey on block chain-based public auditing in cloud: analysis on performance and door towards future scope |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |