CN116760637A

CN116760637A - High-safety command control system and method based on double-chain architecture

Info

Publication number: CN116760637A
Application number: CN202311031287.XA
Authority: CN
Inventors: 杨林
Original assignee: Institute of Systems Engineering of PLA Academy of Military Sciences
Current assignee: Institute of Systems Engineering of PLA Academy of Military Sciences
Priority date: 2023-08-16
Filing date: 2023-08-16
Publication date: 2023-09-15
Anticipated expiration: 2043-08-16
Also published as: CN116760637B

Abstract

The invention provides a high-safety command control system and method based on a double-chain architecture, and belongs to the technical field of communication control. The command control system comprises an initial control node, an intermediate control node and an end execution node; the initial control node is deployed at the first layer; the intermediate control node is deployed in the intermediate layer; the end execution nodes are deployed at the bottom layer. A command control device and a safety control device are deployed in the initial control node and the intermediate control node; the end execution node is provided with an execution device and a verification device; the command control devices positioned at different levels form a command control chain, and the safety control devices positioned at different levels form a safety control chain. The command control system executes command control tasks based on a double-chain architecture consisting of a command control chain and a safety control chain. The invention ensures the consistency of task execution through parameter verification and double-chain operation, and meets the high-efficiency and reliable safety control requirement on large-scale distributed remote control equipment.

Description

High-safety command control system and method based on double-chain architecture

Technical Field

The invention belongs to the technical field of communication control, and particularly relates to a high-safety command control system and method based on a double-chain architecture.

Background

In the application fields of command control, industrial control, banking finance, weaponry, information systems and the like, multi-level remote command control is usually required, and the traditional command control working mechanism has the defect that default single-line operation structural characteristics are consistent with actual tasks; this means that the upper-level command information may deviate in the process of transferring, decomposing and converting, and the lower-level default received upper-level information is correct information, so that the actually executed task deviates from the upper-level task. In the prior art, although the problem of tamper resistance can be solved through a verification mechanism such as signature and the like, the problem of task consistency cannot be solved.

Therefore, there is a need for a parallel command and control architecture, i.e. a secure control chain is built in parallel outside the traditional command and control chain, so that task information is processed in parallel on both chains, and the two paths are transferred and cross-verified, so as to ensure the controlled operation under the condition of conforming to the task.

Disclosure of Invention

Aiming at the technical problems, the invention provides a high-safety command control scheme based on a double-chain architecture. The scheme constructs the safety control chain in parallel outside the traditional command control chain, so that task information is processed in parallel on two chains, double-path transmission and cross-validation are realized, the double-chain structure can be controlled to run under the condition of conforming to the task, and the task can be executed without deviation.

The first aspect of the invention provides a high-safety command control system based on a double-chain architecture. The command control system comprises an initial control node, an intermediate control node and an end execution node; the command control system is divided into K layers according to the hierarchy, wherein the 1 st layer is the first layer, the 2 nd layer to the K-1 st layer are the middle layers, and the K layer is the bottom layer; the initial control node is deployed at the first layer; the intermediate control nodes are deployed in the intermediate layers, and each intermediate layer comprises a plurality of intermediate control nodes; the end execution node is deployed at the bottom tier; wherein K is more than or equal to 3 and K is a positive integer.

A command control device and a safety control device are deployed in the initial control node and the intermediate control node; the end execution node is provided with an execution device and a verification device; on any issuing path of command and control tasks from the first layer to the bottom layer, command and control devices positioned at different levels form a command and control chain, and safety control devices positioned at different levels form a safety control chain; the command control system performs the command control task based on a double-chain architecture consisting of the command control chain and the safety control chain.

Any issuing path of the command and control task from the first layer to the bottom layer comprises an I layer, wherein other I-2 layers except the first layer and the bottom layer are the middle layers and are expressed as { L } ₁ ,L ₂ ,...,L _I-2 3.ltoreq.I.ltoreq.K and I is a positive integer.

Command control chain of any issuing path:

the initial control node acquires the command control task;

intermediate layer L ₁ The intermediate control node of (2) converts the command control task into a command control scheme, an intermediate layer L _i The intermediate control node of (2) converts the command control scheme into a command control scheme, I is more than or equal to 1 and less than or equal to I-2.

Safety control chain of any issuing path:

each security control device positioned at the first layer and the middle layer carries out encryption transmission on parameters of the command control task, the command control scheme and the command control plan so as to execute compliance verification among different layers;

at the bottom layer, the end execution node receives the data from the middle layer L _I-2 And executing the command control plan by the execution device.

The system according to the first aspect of the present invention, wherein the command control system performs the command control task based on the double-chain architecture; wherein, at the first layer through which any one of the delivery paths passes:

After the initial control node acquires the command control task, the command control device in the initial control node issues the command control task to the middle layer L ₁ A command control device of the intermediate control node; extracting task core parameters from the command control task, and sending the task core parameters to a safety control device of the initial control node;

the security control device of the initial control node sends the task core parameters to the middle layer L ₁ Is provided.

The system according to the first aspect of the present invention, wherein the command control system performs the command control task based on the double-chain architecture; i-2 intermediate layers through which any one of the delivery paths passes: intermediate layer L ₁ Converts the command and control task into the command and control scheme, and the middle layer L _i The intermediate control node of (2) converts the command control scheme into the command control plan; wherein when i=1, the intermediate layer L ₁ The intermediate control nodes of the command control scheme convert the command control tasks into the command control scheme, and the command control scheme is converted into the command control plan.

The execution process of the command and control task in the middle layer comprises the following steps:

intermediate layer L ₁ The command control device of the intermediate control node receives the command control task sent by the command control device of the initial control node, decomposes the command control task to extract task decomposition parameters, and sends the task decomposition parameters to the intermediate layer L ₁ A safety control device of the intermediate control node;

intermediate layer L ₁ The security control device of the intermediate control node of (a) receives the task core parameters sent by the security control device of the initial control node and the task core parameters from the intermediate layer L ₁ Task decomposition parameters of the command control device of the intermediate control node of (2) performing said compliance verification on said task core parameters and said task decomposition parameters, passing the verification, and going back to the intermediate layer L ₁ The command control device of the intermediate control node of (a) sends a verification passing message;

intermediate layer L ₁ After receiving the verification passing message, the command control device of the intermediate control node converts the command control task into a command control scheme, converts the command control scheme into a command control plan, and sends the command control plan to the next layer; simultaneously extracting a plan core parameter from the command control plan, and sending the plan core parameter to an intermediate layer L ₁ A safety control device of the intermediate control node;

intermediate layer L ₁ The security control device of the intermediate control node of (c) receives the planning core parameters and sends the planning core parameters to the next layer.

A system according to the first aspect of the invention:

intermediate layer L ₁ When the next layer is the bottom layer:

the verification means of the end execution node receives the data from the intermediate layer L ₁ Command control plan of the command control means of the intermediate control node of (1) and command control plan from the intermediate layer L ₁ The planned core parameters of the safety control device of the intermediate control node; and decomposing the command control plan to obtain plan decomposition parameters, carrying out the compliance verification on the plan core parameters and the plan decomposition parameters, sending the command control plan to the execution device after the verification is passed, and executing the command control plan by the execution device.

Intermediate layer L ₁ While the next layer of (b) is still an intermediate layer:

the command control plan is issued continuously via the command control chain until the intermediate layer L is reached _I-2 The method comprises the steps of carrying out a first treatment on the surface of the Continuously issuing the planning core parameters through the safety control chain until reaching an intermediate layer L _I-2 The method comprises the steps of carrying out a first treatment on the surface of the Wherein, the middle layer L ₂ To L _I-2 The safety control device of each layer executes the coincidence check based on the planning core parameter from the safety control device of the upper layer and the planning decomposition parameter from the command control device of the same node, and the coincidence check is issued after passing the check;

intermediate layer L _I-2 The command control device of the intermediate control node of (a) sends the command control plan to the bottom layer; simultaneously extracting a plan core parameter from the command control plan, and sending the plan core parameter to an intermediate layer L _I-2 A safety control device of the intermediate control node; intermediate layer L _I-2 Receiving the planning core parameters and sending the planning core parameters to the bottom layer by the safety control device of the intermediate control node;

the verification device of the end execution node of the bottom layer is connectedIs received from the intermediate layer L _I-2 Command control plan of the command control means of the intermediate control node of (1) and command control plan from the intermediate layer L _I-2 The planned core parameters of the safety control device of the intermediate control node; and decomposing the command control plan to obtain plan decomposition parameters, carrying out the compliance verification on the plan core parameters and the plan decomposition parameters, sending the command control plan to the execution device after the verification is passed, and executing the command control plan by the execution device.

The system according to the first aspect of the present invention, wherein the command control system performs the command control task based on the double-chain architecture; i-2 intermediate layers through which any one of the delivery paths passes: intermediate layer L ₁ Converts the command and control task into the command and control scheme, and the middle layer L _i The intermediate control node of (2) converts the command control scheme into the command control plan; wherein when i is not equal to 1, the intermediate layer L ₁ The intermediate control node of (2) converts the command control task into the command control scheme, and the intermediate layer L is used for _i And the intermediate control node of (c) converts the command control scheme into the command control plan.

intermediate layer L ₁ The security control device of the intermediate control node of (a) receives the task core parameters sent by the security control device of the initial control node and the task core parameters from the intermediate layer L ₁ Task decomposition parameters of the command control device of the intermediate control node of (2) performing said compliance verification on said task core parameters and said task decomposition parameters, passing the verification, and going back to the intermediate layer L ₁ Is controlled by a command of an intermediate control nodeThe manufacturing device sends a verification passing message;

intermediate layer L ₁ After receiving the verification passing message, the command control device of the intermediate control node converts the command control task into a command control scheme and sends the command control scheme to the next layer; the command and control scheme is continuously issued through the command and control chain until the middle layer L _i Receiving the command control scheme; while an intermediate layer L ₁ The command control device of the intermediate control node of (2) extracts the scheme core parameters from the command control scheme and sends the scheme core parameters to the intermediate layer L ₁ A safety control device of the intermediate control node;

intermediate layer L ₁ Receiving the scheme core parameters and sending the scheme core parameters to the next layer by the security control device of the intermediate control node; continuously issuing the scheme core parameters through the safety control chain until an intermediate layer L _i Receiving the scheme core parameters; wherein, the middle layer L ₂ To L _i The safety control device of each layer executes the coincidence check based on the scheme core parameters of the safety control device of the upper layer and the scheme decomposition parameters of the command control device of the same node, and the transmission is carried out after the check is passed;

intermediate layer L _i The command control device of the intermediate control node of (2) decomposes the command control scheme to obtain scheme decomposition parameters, and sends the scheme decomposition parameters to the intermediate layer L _i Safety control device of intermediate control node of (1), intermediate layer L _i Based on the security control means from the intermediate layer L _i-1 Scheme core parameters sent by security control means of intermediate control node of (c) and coming from intermediate layer L _i The scheme decomposition parameters of the command control device of the intermediate control node of (2) execute the compliance verification on the scheme core parameters and the scheme decomposition parameters, and the verification passes the backward intermediate layer L _i The command control device of the intermediate control node of (a) sends a verification passing message;

intermediate layer L _i Is the finger of the intermediate control node of (a)After receiving the verification passing message, the swing control device converts the command control scheme into a command control scheme and sends the command control scheme to the next layer; simultaneously extracting a plan core parameter from the command control plan, and sending the plan core parameter to an intermediate layer L _i A safety control device of the intermediate control node;

intermediate layer L _i The security control device of the intermediate control node of (c) receives the planning core parameters and sends the planning core parameters to the next layer.

A system according to the first aspect of the invention:

intermediate layer L _i When the next layer is the bottom layer:

the verification means of the end execution node receives the data from the intermediate layer L _i Command control plan of the command control means of the intermediate control node of (1) and command control plan from the intermediate layer L _i The planned core parameters of the safety control device of the intermediate control node; and decomposing the command control plan to obtain plan decomposition parameters, carrying out the compliance verification on the plan core parameters and the plan decomposition parameters, sending the command control plan to the execution device after the verification is passed, and executing the command control plan by the execution device.

Intermediate layer L _i While the next layer of (b) is still an intermediate layer:

the command control plan is issued continuously via the command control chain until the intermediate layer L is reached _I-2 The method comprises the steps of carrying out a first treatment on the surface of the Continuously issuing the planning core parameters through the safety control chain until reaching an intermediate layer L _I-2 The method comprises the steps of carrying out a first treatment on the surface of the Wherein, the middle layer L _i+1 To L _I-2 The safety control device of each layer executes the coincidence check based on the planning core parameter from the safety control device of the upper layer and the planning decomposition parameter from the command control device of the same node, and the coincidence check is issued after passing the check;

intermediate layer L _I-2 The command control device of the intermediate control node of (a) sends the command control plan to the bottom layer; simultaneously extracting plan core parameters from the command control planNumber of parameters to send the planning core parameters to the intermediate layer L _I-2 A safety control device of the intermediate control node; intermediate layer L _I-2 Receiving the planning core parameters and sending the planning core parameters to the bottom layer by the safety control device of the intermediate control node;

the verification device of the end execution node of the bottom layer receives the data from the middle layer L _I-2 Command control plan of the command control means of the intermediate control node of (1) and command control plan from the intermediate layer L _I-2 The planned core parameters of the safety control device of the intermediate control node; and decomposing the command control plan to obtain plan decomposition parameters, carrying out the compliance verification on the plan core parameters and the plan decomposition parameters, sending the command control plan to the execution device after the verification is passed, and executing the command control plan by the execution device.

A system according to the first aspect of the invention:

at the first layer, the command and control task is split into a plurality of command and control subtasks, which are located at the middle layer L ₁ The intermediate control nodes of the plurality of command control subtasks are respectively sent by the intermediate control nodes positioned in the middle layer L ₁ And executing the corresponding command control sub-scheme or the issuing of the corresponding command control sub-scheme by the plurality of intermediate control nodes.

At any layer of the intermediate layer, the corresponding command and control sub-scheme or the corresponding command and control sub-plan is further split, and the corresponding command and control sub-scheme or the corresponding command and control sub-plan which is further split is respectively sent to a plurality of intermediate control nodes in a next layer of any layer of the intermediate layer until a plurality of end execution nodes in the bottom layer execute the corresponding command and control sub-plan.

The transmission between different layers is encrypted transmission, the sender performs encryption processing, and the receiver performs decryption processing.

The command control task, the command control scheme and the command control plan have a mapping relation between every two, and the mapping relation is used for executing the compliance verification.

The second aspect of the invention provides a high-safety command control method based on a double-chain architecture. The method is based on a command control system to realize high-safety command control based on a double-chain architecture; wherein:

the command control system comprises an initial control node, an intermediate control node and an end execution node; the command control system is divided into K layers according to the hierarchy, wherein the 1 st layer is the first layer, the 2 nd layer to the K-1 st layer are the middle layers, and the K layer is the bottom layer; the initial control node is deployed at the first layer; the intermediate control nodes are deployed in the intermediate layers, and each intermediate layer comprises a plurality of intermediate control nodes; the end execution node is deployed at the bottom tier; wherein K is more than or equal to 3 and K is a positive integer.

Command control chain of any issuing path:

the initial control node acquires the command control task;

Safety control chain of any issuing path:

According to the method of the second aspect of the invention, the command control system performs the command control task based on the double-chain architecture; wherein, at the first layer through which any one of the delivery paths passes:

According to the method of the second aspect of the invention, the command control system performs the command control task based on the double-chain architecture; i-2 intermediate layers through which any one of the delivery paths passes: intermediate layer L ₁ Converts the command and control task into the command and control scheme, and the middle layer L _i The intermediate control node of (2) converts the command control scheme into the command control plan; wherein when i=1, the intermediate layer L ₁ The intermediate control nodes of the command control scheme convert the command control tasks into the command control scheme, and the command control scheme is converted into the command control plan.

The method according to the second aspect of the invention:

intermediate layer L ₁ When the next layer is the bottom layer:

the verification means of the end execution node receives the data from the intermediate layer L ₁ Command control plan of the command control means of the intermediate control node of (1) and command control plan from the intermediate layer L ₁ The planned core parameters of the safety control device of the intermediate control node; decomposing the command control plan to obtain plan decomposition parameters, performing the compliance verification on the plan core parameters and the plan decomposition parameters, and passing the verification in the backward directionThe executing device sends the command control plan, and the executing device executes the command control plan.

According to the method of the second aspect of the invention, the command control system performs the command control task based on the double-chain architecture; i-2 intermediate layers through which any one of the delivery paths passes: intermediate layer L ₁ Is used for converting the command control task into the command control taskCommand control scheme, and intermediate layer L _i The intermediate control node of (2) converts the command control scheme into the command control plan; wherein when i is not equal to 1, the intermediate layer L ₁ The intermediate control node of (2) converts the command control task into the command control scheme, and the intermediate layer L is used for _i And the intermediate control node of (c) converts the command control scheme into the command control plan.

intermediate layer L ₁ Receiving said scheme core parameters by a security control device of an intermediate control node of (a)Transmitting the scheme core parameters to the next layer; continuously issuing the scheme core parameters through the safety control chain until an intermediate layer L _i Receiving the scheme core parameters; wherein, the middle layer L ₂ To L _i The safety control device of each layer executes the coincidence check based on the scheme core parameters of the safety control device of the upper layer and the scheme decomposition parameters of the command control device of the same node, and the transmission is carried out after the check is passed;

intermediate layer L _i After receiving the verification passing message, the command control device of the intermediate control node converts the command control scheme into a command control plan and sends the command control plan to the next layer; simultaneously extracting a plan core parameter from the command control plan, and sending the plan core parameter to an intermediate layer L _i A safety control device of the intermediate control node;

The method according to the second aspect of the invention:

intermediate layer L _i When the next layer is the bottom layer:

the verification means of the end execution node receives the data from the intermediate layerL _i Command control plan of the command control means of the intermediate control node of (1) and command control plan from the intermediate layer L _i The planned core parameters of the safety control device of the intermediate control node; and decomposing the command control plan to obtain plan decomposition parameters, carrying out the compliance verification on the plan core parameters and the plan decomposition parameters, sending the command control plan to the execution device after the verification is passed, and executing the command control plan by the execution device.

the verification device of the end execution node of the bottom layer receives the data from the middle layer L _I-2 Command control plan of the command control means of the intermediate control node of (1) and command control plan from the intermediate layer L _I-2 The planned core parameters of the safety control device of the intermediate control node; decomposing the command control plan to obtain a plan decomposition parameter, performing the compliance verification on the plan core parameter and the plan decomposition parameter, and transmitting the command control plan to the execution device after the verification is passed, wherein the command control plan is composed of the following components And the executing device executes the command control plan.

The method according to the second aspect of the invention:

A third aspect of the invention discloses an electronic device. The electronic device comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the high-safety command control method based on the double-chain architecture when executing the computer program.

A fourth aspect of the invention discloses a computer-readable storage medium. The computer readable storage medium stores a computer program, which when executed by a processor, implements a high security command control method based on a double-chain architecture according to the second aspect of the disclosure.

In summary, according to the technical scheme provided by the invention, through mechanisms such as parameter forced verification, double-chain closed operation and the like, parameter verification is carried out when the double-chain is subjected to task gradual decomposition, the consistency of task execution can be ensured, and the high-efficiency and reliable safety control requirement on the large-scale distributed remote management and control equipment is met.

Drawings

In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings which are required in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are some embodiments of the invention and that other drawings may be obtained from these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a diagram of the configuration of a high security command control system based on a double-chain architecture according to an embodiment of the present invention.

Fig. 2 is a schematic diagram of a high security command control flow based on a double-chain architecture according to an embodiment of the present invention.

Fig. 3 is a block diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

The technical scheme adopted by the invention is mainly that a safety control mechanism based on forced parameter verification and double-chain closed operation is added on the basis of a single-line execution chain of the traditional command control, the command control chain is supervised and verified through an independently operated safety control chain, the task that an intermediate control node accords with an initial control node when the intermediate control node is executed in a grading manner is ensured, and the high-safety command control system based on a double-chain framework is realized.

The first aspect of the invention provides a high-safety command control system based on a double-chain architecture. As shown in fig. 1, the command control system includes an initial control node, an intermediate control node, and an end execution node; the command control system is divided into K layers according to the hierarchy, wherein the 1 st layer is the first layer, the 2 nd layer to the K-1 st layer are the middle layers, and the K layer is the bottom layer; the initial control node is deployed at the first layer; the intermediate control nodes are deployed in the intermediate layers, and each intermediate layer comprises a plurality of intermediate control nodes; the end execution node is deployed at the bottom tier; wherein K is more than or equal to 3 and K is a positive integer.

Specifically, the command control system can be constructed based on a certain communication network, wherein the communication network comprises a plurality of nodes, and the nodes are divided into three types of nodes, including an initial control node, an intermediate control node and an end execution node; and information interaction is realized among the nodes through communication links in the communication network. The several nodes comprised in the communication network are hierarchically divided into K layers for enabling the transmission of information/data/instructions/tasks/schemes/plans from a first layer (top layer) to a bottom layer (end, i.e. execution layer).

Specifically, the initial control node, the intermediate control node, and the end execution node in the communication network may be electronic devices, terminals, computers, mobile devices, and the like, and have functions of calculation, control, routing, transceiving, execution, and the like. In an alternative/alternative embodiment, the end execution node may be a node (device/apparatus/terminal) having only routing, transceiving, and executing functions, which may not have the calculating and controlling functions, and may implement the calculating and controlling functions by externally connecting an apparatus/device/physical module/unit having the calculating and controlling functions, and the like.

Specifically, the high-safety command control system of the double-chain architecture mainly comprises an initial control node, an intermediate control node and an end execution node. The initial control node is the initiator of the task, the end execution node is the executor of the task, and in order to improve the efficiency and reliability of command control, the intermediate control node is added to decompose and organize the task. The control node is composed of a command control device and a safety control device, the end execution node is composed of a checking device and an execution device, the end execution node is logically organized according to a command control chain and a safety control chain (task assurance and authorization control), the command control chain is used for decomposing and converting tasks, and the safety control chain is used for checking and packaging and transmitting core parameters of task control. And when the command control stage decomposes the task step by step, carrying out consistency check, and ensuring that all the executions meet the final requirement of the task only after the check passes.

Specifically, when the aforementioned nodes perform information interaction, it is necessary to confirm that a communication link between the sender and the receiver is available and that a communication protocol is legal, so as to ensure that the communication interaction is performed securely. When information is transmitted from the first layer to the bottom layer from top to bottom, the skip layer/cross layer transmission can be realized according to the communication condition of the communication link (on the premise that the receiving/processing/decomposing/checking of the information by each node is not influenced so as to complete the task function). For example, for a total of 10 layers, k=10, a certain transmission procedure needs to be from layer 1 to layer 10, and the executable path includes a plurality of: 1-2-3-4-5-6-7-8-9-10, or 1-3-5-7-9-10, or 1-3-5-9-10, to name just a few; the connection condition of the communication link can be judged to carry out the jump layer/cross layer transmission, thereby selecting the shortest path and saving the communication resource.

Specifically, command control devices located at different levels constitute a command control chain, and safety control devices located at different levels constitute a safety control chain. For example, if a transmission process needs to be from layer 1 to layer 10 and the executable path is 1-3-5-9-10, the command control device of the intermediate layer 3-5-9 forms a command control chain, and the safety control device of the intermediate layer 3-5-9 forms a safety control chain.

Specifically, at any layer of the first layer or the middle layer, the task (first layer or the middle layer)/the scheme (middle layer)/the plan (middle layer) can be split to form a plurality of issuing paths like a tree structure, and each issuing path forms a double-chain structure composed of a command control chain and a safety control chain.

As shown in fig. 2, the command control system performs command control tasks based on a double-chain architecture consisting of the command control chain and the safety control chain; any issuing path of the command and control task from the first layer to the bottom layer comprises an I layer, wherein other I-2 layers except the first layer and the bottom layer are the middle layers and are expressed as { L } ₁ ,L ₂ ,...,L _I-2 3.ltoreq.I.ltoreq.K and I is a positive integer.

Command control chain of any issuing path:

The initial control node acquires the command control task;

Safety control chain of any issuing path:

Specifically, the initial control node is the starting point of the whole command control and safety control chain, and mainly comprises a command control device and a safety control device. The command control device is mainly used for issuing task tasks and definitely achieving targets and effects; the security control device is used for decomposing the task, establishing the core parameters of the mapping task, encrypting, packaging and transmitting to the lower level transmission. As previously mentioned, in the case of k=10, the command and control task may be delivered via 10 layers, or the shortest path may be selected after the jump/cross-layer processing, passing only through part of the layers, for example i=8 or i=5 in another task; the number of layers through which different tasks are performed may be different.

Specifically, the intermediate control node is a serial point of the whole command control and safety control chain, and mainly comprises a command control device and a safety control device. After receiving the task controlled by the initial control node, the intermediate control node decomposes the task according to the command control device, makes an implementation scheme or plan, and issues the scheme or plan to the lower level; the safety control device establishes mapping task decomposition parameters according to task decomposition conditions, checks according to task core parameters issued by a superior stage, and if the checking is passed, the command control device can issue a scheme, so that the command control task decomposition can meet the superior stage task, and synchronously issue the scheme or plan core parameters. In addition, if the intermediate control node receives a scheme of upper-level delivery, the intermediate control node can be decomposed into an implementation plan; the safety control device establishes the core parameters of the mapping scheme, checks the core parameters according to the scheme issued by the upper level, and if the verification is passed, the command control device can issue a plan, thereby ensuring that the decomposition of the command control scheme can meet the upper level task and synchronously issue the core parameters of the plan.

In an alternative or alternative embodiment, the intermediate control node may comprise only the command control means and not the safety control means.

For an intermediate control node, the compliance check may be performed when it is configured with the safety control device; when the safety control device is not configured, the compliance check may not be performed, and only the reception and forwarding of the relevant parameters may be performed, so that the compliance check is performed by the intermediate control nodes of other levels configured with the safety control device.

Or when a certain intermediate control node needs to execute the compliance check, the safety control device can be configured as required; if the compliance verification requirement does not exist, the configuration is not performed.

Or, for the configuration of the safety control device, the safety control device may be deployed in an intermediate control node of an odd layer or an even layer (or every other several intermediate layers); thereby saving physical resources while ensuring secure transmission of data.

Specifically, the end execution node is the end point of the whole safety control chain and mainly comprises a checking device and an execution device (respectively having a calculation function and an execution function); in the case that the end execution node itself does not have the calculation function and the execution function, the calculation function and the execution function are realized by configuring the verification means and the execution means. The verification device receives the plan and the plan core parameters issued by the upper level respectively, performs plan compliance verification, and performs function execution by the execution device after the verification is passed.

In particular, the end-effector node may be a radar system (for performing detection and identification of unknown objects), or may be a defensive system (for performing defensive interception of objects), or may be an aircraft (for performing tasks of close-range tracking, hovering, detection, etc.), to name but a few.

Specifically, the command control chain and the safety control chain are decomposed step by step and checked, so that the final execution accords with the task of the initial control node.

after the initial control node acquires the command control task, the command control device in the initial control node issues the command control task to the middle layer L ₁ A command control device of the intermediate control node; and extracting a task core parameter from the command control task, and sending the task core parameter to the security of the initial control nodeA full control device;

intermediate layer L ₁ After receiving the verification passing message, the command control device of the intermediate control node of (a) converts the command control task into a command control scheme, converts the command control scheme into a command control plan, and converts the command control plan into a command control planSending to the next layer; simultaneously extracting a plan core parameter from the command control plan, and sending the plan core parameter to an intermediate layer L ₁ A safety control device of the intermediate control node;

A system according to the first aspect of the invention:

intermediate layer L ₁ When the next layer is the bottom layer:

intermediate layer L _I-2 The command control device of the intermediate control node of (a) sends the command control plan to the bottom layer; simultaneously extracting a plan core parameter from the command control plan, and sending the plan core parameter to an intermediate layer L _I-2 A safety control device of the intermediate control node; intermediate layer L _I-2 In (2)The safety control device of the inter-control node receives the planning core parameters and sends the planning core parameters to the bottom layer;

intermediate layer L ₁ The security control device of the intermediate control node of (a) receives the task core parameters sent by the security control device of the initial control node and the task core parameters from the intermediate layer L ₁ Intermediate control node of (a)The task decomposition parameters of the command control device execute the coincidence check on the task core parameters and the task decomposition parameters, and the check passes the backward middle layer L ₁ The command control device of the intermediate control node of (a) sends a verification passing message;

intermediate layer L _i The command control device of the intermediate control node of (2) decomposes the command control scheme to obtain scheme decomposition parameters, and sends the scheme decomposition parameters to the intermediate layer L _i Safety control device of intermediate control node of (1), intermediate layer L _i Based on the security control means from the intermediate layer L _i-1 Scheme core parameters sent by security control means of intermediate control node of (c) and coming from intermediate layer L _i The solution decomposition parameters of the command control device of the intermediate control node of (a), executing the coincidence to the solution core parameters and the solution decomposition parametersChecking the sex, checking passing the backward middle layer L _i The command control device of the intermediate control node of (a) sends a verification passing message;

A system according to the first aspect of the invention:

intermediate layer L _i When the next layer is the bottom layer:

A system according to the first aspect of the invention:

DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION

As indicated above, the command control system may be constructed based on a communication network comprising several nodes, namely an initial control node, an intermediate control node and an end execution node; and information interaction is realized among the nodes through communication links in the communication network. The several nodes comprised in the communication network are hierarchically divided into K layers for enabling the transmission of information/data/instructions/tasks/schemes/plans from a first layer (top layer) to a bottom layer (end, i.e. execution layer).

The initial control node is the starting point of the whole command control and safety control chain and mainly comprises a command control device and a safety control device. The command control device is mainly used for issuing command control tasks, and the command control tasks are vectors with n dimensionsThe factors involved may be: macroscopic requirements such as expected effect of task, use of resources by task, time limit for completion of task, etc.; the security control device is used for decomposing command and control tasks (such as semantic analysis, parameter extraction and the like) to obtain task core parameters, and encrypting and packaging the task core parameters to transmit the task core parameters to the next layer.

Intermediate partThe control node is a serial point of the whole command control and safety control chain and mainly comprises a command control device and a safety control device. After receiving the command control task controlled by the initial control node, the intermediate control node performs scheme matching on the task by using the command control device, thereby making an implementation scheme (or further customizing an execution plan) and issuing the scheme (or plan) to the next layer. The command control device mainly decomposes and converts command control tasks to obtain a matched command control scheme, and the command control scheme is onemVector of dimensionsPPR=[ ppr ₁ , ppr ₂ , ... ppr _m ]The factors involved may be: the type of the execution nodes, the number of the execution nodes, the effect realized by each type of the execution nodes and other detail parameters. The command control plan mainly comprises a practically operable execution plan, which defines specific execution nodes for implementing the command control plan, and the command control plan is onesVector of dimensionsOPR=[ opr ₁ , opr ₂ , ... opr _s ]The factors involved may be: specific parameters such as the number of the execution nodes, the scheduled execution time sequence, the execution parameters of each execution node and the like.

The specific flow of the command control device converting the command control task into the command control scheme can be described as follows: maintaining a set of alternatives within each command control device PM，PMIs thatp×(m+n)A matrix of dimensions characterized by:

wherein,,prepresenting a set of alternativesPMThe number of rows in the dimension of (a),PPR _i is a scheme parameter vector pre-stored in a standard database,IPR _i is a prestored partyThe task parameter vector which can be used for representing the task effect after being evaluated and implemented is disclosed.

The task parameters issued by the initial control node are as followsThe command control device of the intermediate control node searches for an alternative with the closest task effect after the implementation of the scheme in the alternative scheme set in the standard database, namely +.>Personal alternatives v->，，IPR _t Represent the firsttTask parameter vector->As a euclidean distance function, then:

wherein,,task vector representing the assignment of the initial control node +.>The first of (3)iParameters->Represent the firsttIndividual task parameter vectorsIPR _t The first of (3)iAnd parameters. />

The specific flow of the command control device converting the command control scheme into the command control plan can be described as follows: maintaining an alternative plan set in each command control deviceOMThe alternative plan setOMIs thatq×(s+m)Matrix of dimensions:

wherein,,qrepresenting a set of alternative plansOMThe number of rows in the medium dimension,OPR _i is a pre-stored planning parameter vector in a standard database,PPR _i is a scheme parameter vector pre-stored in a standard database. The scheme parameters issued by the command control node of the upper layer are as follows The command control device of the intermediate control node searches the scheme parameter nearest to the upper-level requirement in the alternative scheme set in the standard database>Alternative plans of (a), i.e.)>Personal alternatives->，The method comprises the steps of carrying out a first treatment on the surface of the Wherein,,PPR _t is the firsttIndividual scheme parameter vector,/">As a euclidean distance function, then:

wherein,,the scheme parameter expressing the command and control node to issue is +.>The first of (3)iParameters->Represent the firsttIndividual scheme parameter vectorPPR _t The first of (3)iAnd parameters.

The security control device extracts task decomposition parameters according to task decomposition conditions, and performs verification according to task core parameters issued by the upper layer, and can select similarity measurement modes such as cosine distance or generalized Jaccard distance to perform verification.

For example, the task core parameters received by the security control apparatus from the upper layer areThe task decomposition parameter received from the layer command control device is +.>The cosine distance between them is characterized by +.>The specific expression is as follows:

The generalized Jaccard distance between them is defined as:

if it isThen consider that the verification is passed,>indicating the judgment threshold. The command control device can issue a scheme, so that the decomposition of command control tasks can meet the requirements of superior tasks, and the scheme or the planning core parameters can be issued synchronously. This is In addition, if the intermediate control node receives a scheme issued by a superior, the intermediate control node can be decomposed into an implementation plan; the safety control device establishes the core parameters of the mapping scheme, checks the core parameters according to the scheme issued by the upper level, and if the verification is passed, the command control device can issue a plan, thereby ensuring that the decomposition of the command control scheme can meet the upper level task and synchronously issue the core parameters of the plan.

As described above, the end execution node is the end point of the whole safety control chain, and mainly includes a verification device and an execution device (having a calculation function and an execution function respectively); in the case that the end execution node itself does not have the calculation function and the execution function, the calculation function and the execution function are realized by configuring the verification means and the execution means. The verification device receives the plan and the plan core parameters issued by the upper level respectively, performs plan compliance verification, and performs function execution by the execution device after the verification is passed. In particular, the end-effector node may be a radar system (for performing detection and identification of unknown objects), or may be a defensive system (for performing defensive interception of objects), or may be an aircraft (for performing tasks of close-range tracking, hovering, detection, etc.), to name but a few.

A command control device and a safety control device are deployed in the initial control node and the intermediate control node; the end execution node is provided with an execution device and a verification device; the command control devices positioned at different levels form a command control chain, and the safety control devices positioned at different levels form a safety control chain.

In the method, the command control system executes command control tasks based on a double-chain architecture consisting of the command control chain and the safety control chain; the method specifically comprises the following steps:

The command and control task is shared from the first layer to the bottom layer via an I layer, and comprises I-2 middle layers, which are expressed as { L } ₁ ,L ₂ ,...,L _I-2 3.ltoreq.I.ltoreq.K and I is a positive integer.

In the command control chain:

the initial control node acquires the command control task;

In the safety control chain:

and each safety control device positioned at the first layer and the middle layer carries out encryption transmission on parameters of the command control task, the command control scheme and the command control plan so as to execute the compliance check between different layers.

According to the method of the second aspect of the invention, the command control system performs the command control task based on the double-chain architecture; at the first layer:

after the initial control node acquires the command control task, the command control device in the initial control node issues the command control task to the middle layer L ₁ A command control device of the intermediate control node; and extracting task core parameters from the command control task, and sending the task core parameters to the safety control device of the initial control node；

According to the method of the second aspect of the invention, the command control system performs the command control task based on the double-chain architecture; at the intermediate layer:

intermediate layer L ₁ Converts the command and control task into a command and control scheme, and the middle layer L _i The intermediate control node of (2) converts the command control scheme into a command control scheme;

wherein when i=1, the intermediate layer L ₁ The intermediate control node of (2) converts the command control task into a command control scheme and converts the command control scheme into a command control plan;

intermediate layer L ₁ After receiving the verification passing message, the command control device of the intermediate control node of (a) converts the command control task into a command control scheme, converts the command control scheme into a command control plan, and sends the command control plan to the next layerThe method comprises the steps of carrying out a first treatment on the surface of the Simultaneously extracting a plan core parameter from the command control plan, and sending the plan core parameter to an intermediate layer L ₁ A safety control device of the intermediate control node;

The method according to the second aspect of the invention:

Intermediate layer L ₁ When the next layer is the bottom layer:

the command control plan is issued continuously via the command control chain until the intermediate layer L is reached _I-2 The method comprises the steps of carrying out a first treatment on the surface of the Continuously issuing the planning core parameters through the safety control chain until reaching an intermediate layer L _I-2 The method comprises the steps of carrying out a first treatment on the surface of the And an intermediate layer L ₂ To L _I-2 The safety control device of each layer of the above system executes the compliance check based on the planning core parameter of the safety control device of the upper layer and the planning decomposition parameter of the command control device of the same node;

after passing the verification, the intermediate layer L _I-2 The command control device of the intermediate control node of (a) sends the command control plan to the bottom layer; simultaneously extracting a plan core parameter from the command control plan, and sending the plan core parameter to an intermediate layer L _I-2 A safety control device of the intermediate control node; intermediate layer L _I-2 Safety control device for intermediate control node of (a)Receiving the planning core parameters and sending the planning core parameters to the bottom layer;

wherein when i is not equal to 1, the intermediate layer L ₁ The intermediate control node of (2) converts the command control task into a command control scheme, and the intermediate layer L _i The intermediate control node of (2) converts the command control scheme into a command control scheme;

intermediate layer L ₁ The security control device of the intermediate control node of (a) receives the task core parameters sent by the security control device of the initial control node and the task core parameters from the intermediate layer L ₁ Task decomposition parameters of command control device of intermediate control node of (a)A step of performing the coincidence check on the task core parameters and the task decomposition parameters, the check passing through the backward middle layer L ₁ The command control device of the intermediate control node of (a) sends a verification passing message;

intermediate layer L ₁ After receiving the verification passing message, the command control device of the intermediate control node converts the command control task into a command control scheme and sends the command control scheme to the next layer; the command and control scheme is continuously issued through the command and control chain until the middle layer L _i Receiving the command control scheme; simultaneously extracting scheme core parameters from the command control scheme, and sending the scheme core parameters to an intermediate layer L ₁ A safety control device of the intermediate control node;

intermediate layer L ₁ Receiving the planning core parameters and sending the planning core parameters to the next layer by the safety control device of the intermediate control node;

the command and control scheme is continuously issued through the command and control chain until the middle layer L _i Receiving the command control scheme; continuously issuing the scheme core parameters through the safety control chain until an intermediate layer L _i Receiving the command control scheme; and an intermediate layer L ₂ To L _i The safety control device of each layer of the above system executes the compliance check based on the scheme core parameters of the safety control device of the upper layer and the scheme decomposition parameters of the command control device of the same node;

after passing the verification, the intermediate layer L _i The command control device of the intermediate control node of (2) decomposes the command control scheme to obtain scheme decomposition parameters, and sends the scheme decomposition parameters to the intermediate layer L _i Safety control device of intermediate control node of (1), intermediate layer L _i Based on the security control means from the intermediate layer L _i-1 Scheme core parameters sent by security control means of intermediate control node of (c) and coming from intermediate layer L _i The solution decomposition parameters of the command control device of the intermediate control node of (2), the core parameters of the solutionAnd the scheme decomposition parameters execute the compliance verification, and the verification passes through the backward intermediate layer L _i The command control device of the intermediate control node of (a) sends a verification passing message;

The method according to the second aspect of the invention:

intermediate layer L _i When the next layer is the bottom layer:

the command control plan is issued continuously via the command control chain until the intermediate layer L is reached _I-2 The method comprises the steps of carrying out a first treatment on the surface of the Continuously issuing the planning core parameters through the safety control chain until reaching an intermediate layer L _I-2 The method comprises the steps of carrying out a first treatment on the surface of the And an intermediate layer L _i+1 To L _I-2 The safety control devices of each layer of the above system perform the compliance verification based on the planned core parameters from the safety control devices of the upper layer and the planned decomposition parameters from the command control devices of the same node；

After passing the verification, the intermediate layer L _I-2 The command control device of the intermediate control node of (a) sends the command control plan to the bottom layer; simultaneously extracting a plan core parameter from the command control plan, and sending the plan core parameter to an intermediate layer L _I-2 A safety control device of the intermediate control node; intermediate layer L _I-2 Receiving the planning core parameters and sending the planning core parameters to the bottom layer by the safety control device of the intermediate control node;

The method according to the second aspect of the invention:

at the first layer, the command and control task is split into a plurality of command and control subtasks, which are distributed in the middle layer L ₁ And executing command control subtasks or issuing corresponding command control sub plans by the plurality of intermediate control nodes.

At any one of the intermediate layers, the command and control sub-tasks or corresponding command and control sub-plans are further split, and issued via a plurality of intermediate control nodes in a next layer of any one of the intermediate layers until a plurality of end execution nodes in the bottom layer execute the command and control sub-plans.

Fig. 3 is a block diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 3, the electronic device includes a processor, a memory, a communication interface, a display screen, and an input device connected through a system bus. Wherein the processor of the electronic device is configured to provide computing and control capabilities. The memory of the electronic device includes a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the electronic device is used for conducting wired or wireless communication with an external terminal, and the wireless communication can be achieved through WIFI, an operator network, near Field Communication (NFC) or other technologies. The display screen of the electronic equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the electronic equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the electronic equipment, and can also be an external keyboard, a touch pad or a mouse and the like.

It will be appreciated by those skilled in the art that the structure shown in fig. 3 is merely a block diagram of a portion related to the technical solution of the present disclosure, and does not constitute a limitation of the electronic device to which the technical solution of the present disclosure is applied, and that a specific electronic device may include more or less components than those shown in the drawings, or may combine some components, or have different component arrangements.

A fourth aspect of the application discloses a computer-readable storage medium. The computer readable storage medium stores a computer program, which when executed by a processor, implements a high security command control method based on a double-chain architecture according to the second aspect of the disclosure.

Compared with the traditional command control chain executed by a single line, the technical scheme of the application is that the safety control chain based on forced checking and closed operation of the parameter mapping monitoring chain is added, the command control chain is supervised and checked through the safety control chain which independently operates, the coincidence checking is carried out on the intermediate control node during the decomposition execution, the deviation of the upper-level command control information during the transmission, decomposition and conversion processes is avoided, and the consistency of the task execution is ensured.

Specifically, the high-safety command control system based on the double-chain architecture constructs a safety control chain in parallel outside a traditional command control chain, task information is processed in parallel on two chains, and double paths are transmitted without interference. The high-safety command control system of the double-chain framework mainly comprises an initial control node, an intermediate control node and an end execution node. The control node is composed of a command control device and a safety control device, the end execution node is composed of a checking device and an execution device, logically organized according to a command control chain and a safety control chain (task ensuring and authorization control), wherein the command control chain is used for decomposing, converting and executing tasks, the safety control chain is used for mapping, decomposing and converting core parameters of task control and carrying out encapsulation and transmission, and when the tasks are decomposed step by step in the command control stage, the consistency and consistency check are carried out, and the execution can be continued only after the check passes, so that all the executions are ensured to meet the final requirements of the tasks.

In summary, according to the technical scheme provided by the application, through mechanisms such as parameter forced verification, double-chain closed operation and the like, parameter verification is carried out when the double-chain is subjected to task gradual decomposition, the consistency of task execution can be ensured, and the high-efficiency and reliable safety control requirement on the large-scale distributed remote management and control equipment is met.

Note that the technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be regarded as the scope of the description. The foregoing examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.

Claims

1. The utility model provides a high safety command control system based on double-chain framework which characterized in that:

The command control system comprises an initial control node, an intermediate control node and an end execution node; the command control system is divided into K layers according to the hierarchy, wherein the 1 st layer is the first layer, the 2 nd layer to the K-1 st layer are the middle layers, and the K layer is the bottom layer; the initial control node is deployed at the first layer; the intermediate control nodes are deployed in the intermediate layers, and each intermediate layer comprises a plurality of intermediate control nodes; the end execution node is deployed at the bottom tier; wherein K is more than or equal to 3 and K is a positive integer;

a command control device and a safety control device are deployed in the initial control node and the intermediate control node; the end execution node is provided with an execution device and a verification device; on any issuing path of command and control tasks from the first layer to the bottom layer, command and control devices positioned at different levels form a command and control chain, and safety control devices positioned at different levels form a safety control chain; the command control system executes the command control task based on a double-chain architecture formed by the command control chain and the safety control chain;

any issuing path of the command and control task from the first layer to the bottom layer comprises an I layer, wherein other I-2 layers except the first layer and the bottom layer are the middle layers and are expressed as { L } ₁ ,L ₂ ,...,L _I-2 3.ltoreq.I.ltoreq.K and I is a positive integer;

command control chain of any issuing path:

the initial control node acquires the command control task;

intermediate layer L ₁ The intermediate control node of (2) converts the command control task into a command control scheme, an intermediate layer L _i The intermediate control node of (2) converts the command control scheme into a command control scheme, I is more than or equal to 1 and less than or equal to I-2;

safety control chain of any issuing path:

2. A high security command control system based on a double-chain architecture according to claim 1, wherein the command control system performs the command control task based on the double-chain architecture; wherein, at the first layer through which any one of the delivery paths passes:

3. A high security command control system based on a double-chain architecture according to claim 2, wherein the command control system performs the command control task based on the double-chain architecture; i-2 intermediate layers through which any one of the delivery paths passes:

intermediate layerL ₁ Converts the command and control task into the command and control scheme, and the middle layer L _i The intermediate control node of (2) converts the command control scheme into the command control plan;

wherein when i=1, the intermediate layer L ₁ The command control task is converted into the command control scheme, and the command control scheme is converted into the command control plan;

4. A high security command control system based on a double-chain architecture according to claim 3, wherein:

intermediate layer L ₁ When the next layer is the bottom layer:

the verification means of the end execution node receives the data from the intermediate layer L ₁ Command control plan of the command control means of the intermediate control node of (1) and command control plan from the intermediate layer L ₁ The planned core parameters of the safety control device of the intermediate control node; decomposing the command control plan to obtain plan decomposition parameters, carrying out the compliance verification on the plan core parameters and the plan decomposition parameters, and sending the command control plan to the execution device after the verification is passed, wherein the execution device executes the command control plan;

the verification device of the end execution node of the bottom layer receives the data from the middle layer L _I-2 Intermediate control of (c)Command control plan of command control device of node and command control program from intermediate layer L _I-2 The planned core parameters of the safety control device of the intermediate control node; and decomposing the command control plan to obtain plan decomposition parameters, carrying out the compliance verification on the plan core parameters and the plan decomposition parameters, sending the command control plan to the execution device after the verification is passed, and executing the command control plan by the execution device.

5. A high security command control system based on a double-chain architecture according to claim 2, wherein the command control system performs the command control task based on the double-chain architecture; i-2 intermediate layers through which any one of the delivery paths passes:

intermediate layer L ₁ Converts the command and control task into the command and control scheme, and the middle layer L _i The intermediate control node of (2) converts the command control scheme into the command control plan;

wherein when i is not equal to 1, the intermediate layer L ₁ The intermediate control node of (2) converts the command control task into the command control scheme, and the intermediate layer L is used for _i The intermediate control node of (2) converts the command control scheme into the command control plan;

Intermediate layer L ₁ The security control device of the intermediate control node of (a) receives the task core parameters sent by the security control device of the initial control node and the task core parameters from the intermediate layer L ₁ Task decomposition parameters of command control device of intermediate control node of (2) for said task coresThe coincidence check is carried out by the heart parameter and the task decomposition parameter, and the coincidence check passes the backward middle layer L ₁ The command control device of the intermediate control node of (a) sends a verification passing message;

6. The high security command control system based on a double-chain architecture as claimed in claim 5, wherein:

intermediate layer L _i When the next layer is the bottom layer:

the verification means of the end execution node receives the data from the intermediate layer L _i Command control plan of the command control means of the intermediate control node of (1) and command control plan from the intermediate layer L _i The planned core parameters of the safety control device of the intermediate control node; decomposing the command control plan to obtain plan decomposition parameters, carrying out the compliance verification on the plan core parameters and the plan decomposition parameters, and sending the command control plan to the execution device after the verification is passed, wherein the execution device executes the command control plan;

the command control plan is issued continuously via the command control chain until the intermediate layer L is reached _I-2 The method comprises the steps of carrying out a first treatment on the surface of the Continuously issuing the planning core parameters through the safety control chain until reaching an intermediate layer L _I-2 The method comprises the steps of carrying out a first treatment on the surface of the Wherein, the middle layer L _i+1 To L _I-2 The safety control devices of each layer are based on the planning core parameters of the safety control devices of the upper layer and the planning decomposition parameters of the command control devices from the same nodeExecuting the coincidence check, and issuing after the check is passed;

7. A high security command control system based on a double-chain architecture according to any of claims 4 or 6, characterized in that:

at the first layer, the command and control task is split into a plurality of command and control subtasks, which are located at the middle layer L ₁ The intermediate control nodes of the plurality of command control subtasks are respectively sent by the intermediate control nodes positioned in the middle layer L ₁ The corresponding command control sub-scheme or the issuing of the corresponding command control sub-plan is executed by the plurality of intermediate control nodes;

at any layer of the intermediate layer, the corresponding command and control sub-scheme or the corresponding command and control sub-plan is further split, and the corresponding command and control sub-scheme or the corresponding command and control sub-plan which is further split is respectively sent to a plurality of intermediate control nodes in the next layer of any layer of the intermediate layer until a plurality of end execution nodes in the bottom layer execute the corresponding command and control sub-plan;

the transmission among different levels is encrypted transmission, the sender carries out encryption processing, and the receiver carries out decryption processing;

8. The high-safety command control method based on the double-chain architecture is characterized in that the method is based on a command control system to realize high-safety command control based on the double-chain architecture; wherein:

command control chain of any issuing path:

the initial control node acquires the command control task;

safety control chain of any issuing path:

9. An electronic device comprising a memory and a processor, the memory storing a computer program, the processor implementing the steps in a high security command control method based on a double-chain architecture as claimed in claim 8 when the computer program is executed.

10. A computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the steps in a high security command control method based on a double-chain architecture as claimed in claim 8 are implemented.