Disclosure of Invention
The embodiment of the application provides an industrial Internet of things safety management method and system applying a blockchain technology, which aim to solve or partially solve the problems in the background technology.
In order to solve the technical problems, the application is realized as follows:
in a first aspect, the present application provides an industrial internet of things security management method applying a blockchain technique, including: setting an initial database, wherein the initial database comprises a plurality of digital signatures, and the digital signatures are used for target user identity verification; establishing a block chain node, and storing a plurality of data sets by utilizing the block chain node, wherein the plurality of data sets comprise the initial database and a secondary data set; backing up the secondary data set and the initial database at different ones of the blockchain nodes; setting data sharing authority based on the blockchain node, wherein the target user has the sharing authority, and the sharing authority comprises access authority to the initial database and access authority to the secondary data set; and obtaining access records of the primary database, and carrying out early warning on the secondary data set according to the access records.
It will be appreciated that the use of digital signatures can effectively verify the identity of the target user, thereby ensuring the security and integrity of the data. The generation and verification processes of the digital signature are based on public and private key pairs, only users with private keys can generate valid digital signatures, and other users can only verify the validity of the digital signatures. Thus, the security problems such as identity forging and data tampering can be effectively prevented.
It will be appreciated that in this embodiment, the primary database is a cryptographic database and the secondary database is the material that needs to be protected. The data can be decentralised, safe and non-tamper-proof by using the block chain link points to store the data. When the data is stored in the blockchain node, only authorized users can access and modify the data, thereby ensuring the safety and the integrity of the data.
With reference to the first aspect, optionally, the setting an initial database, where the initial database includes a plurality of digital signatures, and the digital signatures are used for target user identity verification, includes: generating a pair of public and private keys for each of the target users; generating a digital signature on the identity information of the target user by using a private key; the digital signature is stored to the initial database.
It will be appreciated that in this embodiment, the primary database is a cryptographic database and the secondary database is the material that needs to be protected. The data can be decentralised, safe and non-tamper-proof by using the block chain link points to store the data. When the data is stored in the blockchain node, only authorized users can access and modify the data, thereby ensuring the safety and the integrity of the data.
It can be understood that encryption and decryption of data can be achieved by using public and private keys, so that the security and confidentiality of the data are guaranteed. The generation and distribution processes of the public and private key pairs are based on encryption algorithm, only users with private keys can decrypt data, and other users cannot know the content of the data. Thus, the risk of illegal theft or tampering of data can be effectively prevented.
With reference to the first aspect, optionally, the establishing a blockchain node and storing a plurality of data sets with the blockchain node, where the plurality of data sets includes the initial database and a secondary data set, includes: determining a corresponding blockchain platform; establishing a mapping relation between the initial database and the secondary database; and storing the secondary database in the same blockchain platform as the initial database according to the mapping relation.
With reference to the first aspect, optionally, the backing up the secondary data set and the initial database at different blockchain nodes further includes: the same data set is created on the backup node as the secondary data set on the original node.
It will be appreciated that creating the same data set on the backup node as the secondary data set on the original node may ensure the integrity and restorability of the backup data. The data set on the backup node needs to be the same name and structure as the data set on the original node to ensure that the backup data can be restored to the original data correctly. In the data synchronization process, it is necessary to ensure that the data set on the backup node is consistent with the data set on the original node, so as to ensure that the backup data is consistent with the original data. When backing up data, the backup data set needs to be backed up to other nodes to ensure the fault tolerance and reliability of the data.
With reference to the first aspect, optionally, the setting data sharing authority based on the blockchain node, where the target user has the sharing authority, the sharing authority includes an access authority to the initial database and an access authority to the secondary data set, includes: creating the blockchain platform user account for the target user and assigning a unique public key to the blockchain platform user account; creating an intelligent contract based on the blockchain platform, wherein the intelligent contract is used for verifying the identity and the access authority of a target user and recording transaction information of data sharing; and issuing the intelligent contract to a network corresponding to the blockchain platform.
With reference to the first aspect, optionally, the obtaining an access record of the primary database, and pre-warning the secondary data set according to the access record includes: acquiring an access record of a primary database through the blockchain node, wherein the access record comprises the identity, access time and access mode of a visitor; and carrying out data processing on the access records, marking suspicious access behaviors, wherein the suspicious access behaviors comprise frequent access and abnormal access time, and sending out an alarm signal if the suspicious access behaviors are found.
It can be appreciated that obtaining access records of the primary database and pre-warning the secondary data set according to the access records can help us to find and prevent potential data security problems in time. In the early warning process, an early warning threshold value and an early warning strategy are required to be set, and corresponding measures are taken to protect the safety and privacy of data.
In a second aspect, the present application provides an industrial internet of things security management system applying blockchain technology, including: the system comprises a setting module, a verification module and a verification module, wherein the setting module is used for setting an initial database, and the initial database comprises a plurality of digital signatures, wherein the digital signatures are used for target user identity verification; the building module is used for building a block chain node and storing a plurality of data sets by utilizing the block chain link point, wherein the plurality of data sets comprise the initial database and secondary data sets; the backup module is used for backing up the secondary data set and the initial database at different block chain nodes; the sharing module is used for setting data sharing permission based on the blockchain node, wherein the target user has the sharing permission, and the sharing permission comprises access permission to the initial database and access permission to the secondary data set; and the early warning module is used for acquiring the access record of the primary database and carrying out early warning on the secondary data set according to the access record.
With reference to the second aspect, optionally, the setting module includes: the first generation module is used for generating a pair of public keys and private keys for each target user; the second generation module is used for generating a digital signature on the identity information of the target user by utilizing a private key; and the first storage module is used for storing the digital signature to the initial database.
With reference to the second aspect, optionally, the establishing module includes: the determining module is used for determining a corresponding blockchain platform; the mapping establishment module is used for establishing a mapping relation between the initial database and the secondary database; and the second storage module is used for storing the secondary database in the same blockchain platform as the initial database according to the mapping relation.
A third aspect of the embodiment of the present application provides an electronic device, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus; a memory for storing a computer program; and the processor is used for realizing the method steps provided by the first aspect of the embodiment of the application when executing the program stored in the memory.
A fourth aspect of the embodiments of the present application proposes a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method as proposed in the first aspect of the embodiments of the present application.
The embodiment of the application has the following advantages: firstly, setting an initial database, wherein the initial database comprises a plurality of digital signatures, the digital signatures are used for target user identity verification, then establishing a blockchain node, and storing a plurality of data sets by utilizing the blockchain node, wherein the plurality of data sets comprise the initial database and a secondary data set; backing up the secondary data set and the initial database at different blockchain nodes; setting data sharing authority based on the block chain node, wherein the target user has the sharing authority, and the sharing authority comprises the access authority to the initial database and the access authority to the secondary data set; and finally, acquiring access records of the primary database, and carrying out early warning on the secondary data set according to the access records. The method realizes the safe storage, transmission and processing of the data in the industrial Internet of things through the block chain technology, ensures the non-tamper property and the safety of the data, and effectively prevents the data leakage and the network attack.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The application provides an industrial Internet of things safety management method applying a blockchain technology, referring to fig. 1, comprising the following steps:
s101: an initial database is set, wherein the initial database comprises a plurality of digital signatures, and the digital signatures are used for target user identity verification.
It will be appreciated that the use of digital signatures can effectively verify the identity of the target user, thereby ensuring the security and integrity of the data. The generation and verification processes of the digital signature are based on public and private key pairs, only users with private keys can generate valid digital signatures, and other users can only verify the validity of the digital signatures. Thus, the security problems such as identity forging and data tampering can be effectively prevented.
Specifically, as an embodiment, step S101 includes the steps of:
s101-1: a pair of public and private keys is generated for each of the target users.
It can be understood that encryption and decryption of data can be achieved by using public and private keys, so that the security and confidentiality of the data are guaranteed. The generation and distribution processes of the public and private key pairs are based on encryption algorithm, only users with private keys can decrypt data, and other users cannot know the content of the data. Thus, the risk of illegal theft or tampering of data can be effectively prevented.
S101-2: digital signature generation is carried out on the identity information of the target user by using a private key,
s101-3: the digital signature is stored to the initial database.
S102: and establishing a block chain node, and storing a plurality of data sets by using the block chain node, wherein the plurality of data sets comprise the initial database and a secondary data set.
It will be appreciated that in this embodiment, the primary database is a cryptographic database and the secondary database is the material that needs to be protected. The data can be decentralised, safe and non-tamper-proof by using the block chain link points to store the data. When the data is stored in the blockchain node, only authorized users can access and modify the data, thereby ensuring the safety and the integrity of the data.
Specifically, as an embodiment, S102 may include the following steps:
s102-1: a corresponding blockchain platform is determined.
The blockchain platform may be, for example, etherum, hyperledger Fabric, etc., and is not limited thereto.
S102-2: and establishing a mapping relation between the initial database and the secondary database.
It will be appreciated that establishing a mapping between the primary database and the secondary database may help users better organize and manage data, as well as enable quick access and querying of data. Storing the mapping table in the blockchain node can ensure its security and non-tamper resistance, thereby effectively preventing the risk of loss and tampering of data.
S102-3: and storing the secondary database in the same blockchain platform as the initial database according to the mapping relation.
It can be understood that storing data on the same platform can also facilitate the management and operation of the data by the user, and improve the availability and accessibility of the data.
S103: and backing up the secondary data set and the initial database at different blockchain nodes.
It will be appreciated that data synchronization and restore operations are also required while backing up data to ensure that the backed up data is consistent with the original data, thereby ensuring data integrity and recoverability.
Specifically, the step may include:
s103-1: the same data set is created on the backup node as the secondary data set on the original node.
It will be appreciated that creating the same data set on the backup node as the secondary data set on the original node may ensure the integrity and restorability of the backup data. The data set on the backup node needs to be the same name and structure as the data set on the original node to ensure that the backup data can be restored to the original data correctly. In the data synchronization process, it is necessary to ensure that the data set on the backup node is consistent with the data set on the original node, so as to ensure that the backup data is consistent with the original data. When backing up data, the backup data set needs to be backed up to other nodes to ensure the fault tolerance and reliability of the data.
S104: and setting data sharing authority based on the blockchain node, wherein the target user has the sharing authority, and the sharing authority comprises the access authority to the initial database and the access authority to the secondary data group.
It will be appreciated that in setting the sharing rights, it is necessary to specify the access rights and the rights level of the data and assign the rights to the target user. In the process of data access, identity authentication and authorization are needed, and the access condition of the data is monitored periodically so as to ensure the security and privacy of the data.
Specifically, as an embodiment, step S104 includes the steps of:
s104-1: creating the blockchain platform user account for the target user and assigning a unique public key to the blockchain platform user account;
s104-2: creating an intelligent contract based on the blockchain platform, wherein the intelligent contract is used for verifying the identity and the access authority of a target user and recording transaction information of data sharing;
s104-3: and issuing the intelligent contract to a network corresponding to the blockchain platform.
S105: and obtaining access records of the primary database, and carrying out early warning on the secondary data set according to the access records.
It can be appreciated that obtaining access records of the primary database and pre-warning the secondary data set according to the access records can help us to find and prevent potential data security problems in time. In the early warning process, an early warning threshold value and an early warning strategy are required to be set, and corresponding measures are taken to protect the safety and privacy of data.
As a more specific embodiment, step S105 includes the steps of:
s105-1: acquiring an access record of a primary database through the blockchain node, wherein the access record comprises the identity, access time and access mode of a visitor;
s105-2: and carrying out data processing on the access records, marking suspicious access behaviors, wherein the suspicious access behaviors comprise frequent access and abnormal access time, and sending out an alarm signal if the suspicious access behaviors are found.
The embodiment of the application provides an industrial Internet of things safety management method applying a blockchain technology, which comprises the following steps: firstly, setting an initial database, wherein the initial database comprises a plurality of digital signatures, the digital signatures are used for target user identity verification, then establishing a blockchain node, and storing a plurality of data sets by utilizing the blockchain node, wherein the plurality of data sets comprise the initial database and a secondary data set; backing up the secondary data set and the initial database at different blockchain nodes; setting data sharing authority based on the block chain node, wherein the target user has the sharing authority, and the sharing authority comprises the access authority to the initial database and the access authority to the secondary data set; and finally, acquiring access records of the primary database, and carrying out early warning on the secondary data set according to the access records. The method realizes the safe storage, transmission and processing of the data in the industrial Internet of things through the block chain technology, ensures the non-tamper property and the safety of the data, and effectively prevents the data leakage and the network attack.
The application also provides an industrial Internet of things safety management system applying the blockchain technology, which comprises:
the system comprises a setting module, a verification module and a verification module, wherein the setting module is used for setting an initial database, and the initial database comprises a plurality of digital signatures, wherein the digital signatures are used for target user identity verification;
the building module is used for building a block chain node and storing a plurality of data sets by utilizing the block chain link point, wherein the plurality of data sets comprise the initial database and secondary data sets;
the backup module is used for backing up the secondary data set and the initial database at different block chain nodes;
the sharing module is used for setting data sharing permission based on the blockchain node, wherein the target user has the sharing permission, and the sharing permission comprises access permission to the initial database and access permission to the secondary data set;
and the early warning module is used for acquiring the access record of the primary database and carrying out early warning on the secondary data set according to the access record.
In some embodiments, the setting module comprises:
the first generation module is used for generating a pair of public keys and private keys for each target user;
the second generation module is used for generating a digital signature on the identity information of the target user by utilizing a private key;
and the first storage module is used for storing the digital signature to the initial database.
In some embodiments, the establishing module includes:
the determining module is used for determining a corresponding blockchain platform;
the mapping establishment module is used for establishing a mapping relation between the initial database and the secondary database;
and the second storage module is used for storing the secondary database in the same blockchain platform as the initial database according to the mapping relation.
The embodiment of the application provides an industrial Internet of things safety management system applying a blockchain technology, which comprises the steps of firstly, setting an initial database, wherein the initial database comprises a plurality of digital signatures, the digital signatures are used for target user identity verification, then, establishing a blockchain node, and storing a plurality of data sets by utilizing the blockchain node, wherein the plurality of data sets comprise the initial database and a secondary data set; backing up the secondary data set and the initial database at different blockchain nodes; setting data sharing authority based on the block chain node, wherein the target user has the sharing authority, and the sharing authority comprises the access authority to the initial database and the access authority to the secondary data set; and finally, acquiring access records of the primary database, and carrying out early warning on the secondary data set according to the access records. The method realizes the safe storage, transmission and processing of the data in the industrial Internet of things through the block chain technology, ensures the non-tamper property and the safety of the data, and effectively prevents the data leakage and the network attack.
Based on the same inventive concept, the embodiment of the application also provides an industrial Internet of things security management system applying the blockchain technology, comprising:
at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor, so that the at least one processor can execute the industrial internet of things security management method applying the blockchain technology according to the embodiment of the application.
In addition, in order to achieve the above object, an embodiment of the present application also proposes a computer-readable storage medium storing a computer program, which when executed by a processor, implements a method of the embodiment of the present application.
It will be apparent to those skilled in the art that embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the application may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (apparatus), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. "and/or" means either or both of which may be selected. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.
The above description of the present application provides a method and a system for managing industrial internet of things security by using blockchain technology, and specific examples are applied to describe the principles and embodiments of the present application, where the description of the above examples is only for helping to understand the method and core idea of the present application; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.