[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN115484032B - Digital twin data secure storage method and device, electronic equipment and storage medium - Google Patents

Digital twin data secure storage method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN115484032B
CN115484032B CN202211109774.9A CN202211109774A CN115484032B CN 115484032 B CN115484032 B CN 115484032B CN 202211109774 A CN202211109774 A CN 202211109774A CN 115484032 B CN115484032 B CN 115484032B
Authority
CN
China
Prior art keywords
digital twin
digital
monomer
data
trusted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211109774.9A
Other languages
Chinese (zh)
Other versions
CN115484032A (en
Inventor
高枫
夏俊杰
宋畅
肖宇
王伟
王超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202211109774.9A priority Critical patent/CN115484032B/en
Publication of CN115484032A publication Critical patent/CN115484032A/en
Application granted granted Critical
Publication of CN115484032B publication Critical patent/CN115484032B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to the technical field of digital twin, and provides a digital twin data safe storage method, a device, electronic equipment and a storage medium, wherein the method is applied to a digital twin system; the digital twinning system comprises at least one digital twinning monomer; the method comprises the following steps: acquiring a first digital certificate corresponding to a digital twin monomer and a second digital certificate corresponding to a digital twin system; decrypting the first digital certificate and the second digital certificate by utilizing a predefined key algorithm to obtain decryption information, and determining whether the digital twin monomer meets preset requirements or not based on the decryption information; if yes, the digital twin monomer is controlled to be added into the digital twin system, digital twin data acquired by the digital twin monomer are acquired, and the digital twin data are stored in the block chain, so that the digital twin system reads the digital twin data from the block chain. This stores digital twin data on the blockchain so that the required data is read from the blockchain, improving the security of data storage and interaction.

Description

Digital twin data secure storage method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of digital twinning technologies, and in particular, to a method and apparatus for securely storing digital twinning data, an electronic device, and a storage medium.
Background
The digital twin technology is widely applied to digital cities, industries and manufacturing industries, is one of key elements for promoting intelligent manufacturing development, and heterogeneous data exists in a digital twin system, including physical entity data, virtual model data, physical model data, sensor update data, operation history data and the like, and the storage of the heterogeneous data and the realization of data interaction between the digital twin systems become important research points.
In the prior art, a digital twin system is constructed, digital twin data is collected and marked by the system, and further, the marked digital twin data is stored and the storage time is recorded, so that the system can perform background management on the digital twin data.
However, the above manner lacks the security control of the digital twin system, that is, the digital twin system is easy to tamper with data when data storage and data interaction are performed, and there is a security risk.
Disclosure of Invention
The application provides a digital twin data safe storage method, a device, electronic equipment and a storage medium, which can solve the problem that a digital twin system has safety risks when data storage and data interaction are performed, and the digital twin data is stored on a block chain to prevent the data from being tampered, so that the safety of the data storage is improved, and the digital twin system can also read required data from the block chain to improve the safety of the data interaction.
In a first aspect, the present application provides a method for securely storing digital twin data, applied to a digital twin system; the digital twinning system comprises at least one digital twinning monomer; the method comprises the following steps:
acquiring a first digital certificate corresponding to a digital twin monomer and a second digital certificate corresponding to a digital twin system;
Decrypting the first digital certificate and the second digital certificate by using a predefined key algorithm to obtain decryption information, and determining whether the digital twin monomer meets preset requirements or not based on the decryption information;
If yes, the digital twin monomer is controlled to be added into the digital twin system, digital twin data acquired by the digital twin monomer are acquired, and the digital twin data are stored in a block chain, so that the digital twin system reads the digital twin data from the block chain.
Optionally, acquiring the digital twin data acquired by the digital twin monomer includes:
acquiring digital twin data acquired by the digital twin monomers, and extracting characteristic data in the digital twin data by utilizing a safety monitoring algorithm;
And determining whether the digital twin data corresponds to an abnormal event or not based on the characteristic data, and processing the digital twin data corresponding to the abnormal event.
Optionally, the processing the digital twin data corresponding to the abnormal event includes:
Searching a treatment strategy corresponding to the abnormal event from a preset strategy table, or inputting the abnormal event into a trained machine learning model to obtain a corresponding treatment strategy;
And processing the digital twin data corresponding to the abnormal event by utilizing the treatment strategy to obtain a processing result.
Optionally, the method further comprises:
Acquiring evaluation parameters of the digital twin monomer at intervals of preset time, wherein the evaluation parameters comprise digital twin data corresponding to an abnormal event, time for adding the digital twin monomer into a digital twin system, corresponding processing results after the abnormal event occurs to the digital twin monomer and time required by the digital twin monomer to acquire the digital twin data;
and calculating a trusted value corresponding to the evaluation parameter by using a trusted evaluation algorithm, and determining whether the digital twin monomer is trusted or not based on the trusted value.
Optionally, determining whether the digital twinning monomer is authentic based on the trust value includes:
acquiring a preset credible threshold interval, and judging whether the credible value is positioned in the credible threshold interval;
If yes, determining that the digital twin monomer is credible;
If not, determining that the digital twin monomer is not trusted, and generating alarm information based on the evaluation parameters.
Optionally, the method further comprises:
after the alarm information is generated, deleting the un-trusted digital twin monomer from the digital twin system, and sending a message instruction to a blockchain so that the blockchain deletes digital twin data corresponding to the digital twin monomer based on the message instruction.
Optionally, storing the digital twin data in a blockchain includes:
acquiring the type of the digital twin data, and judging whether the type is positioned in a lookup table;
If yes, searching a first position corresponding to the type stored in the block chain in the lookup table, and storing the digital twin data in the first position;
if not, the type is newly added in the lookup table and stored in a second position corresponding to the blockchain, the digital twin data is stored in the second position, and the corresponding relation between the type and the second position is newly added in the lookup table.
In a second aspect, the present application provides a digital twin data secure storage device, for use in a digital twin system; the digital twinning system comprises at least one digital twinning monomer; the device comprises:
The acquisition module is used for acquiring a first digital certificate corresponding to the digital twin monomer and a second digital certificate corresponding to the digital twin system;
The decryption module is used for decrypting the first digital certificate and the second digital certificate by utilizing a predefined key algorithm to obtain decryption information, and determining whether the digital twin monomer meets preset requirements or not based on the decryption information;
And the storage module is used for controlling the digital twin monomer to be added into the digital twin system when the digital twin monomer meets the preset requirement, acquiring digital twin data acquired by the digital twin monomer, and storing the digital twin data in a block chain so that the digital twin system reads the digital twin data from the block chain.
In a third aspect, the present application provides an electronic device comprising: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
The processor executes computer-executable instructions stored by the memory to implement the method of any one of the first aspects.
In a fourth aspect, the present application provides a computer-readable storage medium storing computer-executable instructions for implementing the method of any one of the first aspects when executed by a processor.
In summary, the application provides a method, a device, an electronic device and a storage medium for safely storing digital twin data, wherein a first digital certificate corresponding to a digital twin monomer and a second digital certificate corresponding to a digital twin system can be obtained; further, decrypting the first digital certificate and the second digital certificate by utilizing a predefined key algorithm to obtain decryption information, and determining whether the digital twin monomer meets preset requirements or not based on the decryption information; when the digital twin monomer is determined to meet the preset requirement, the digital twin monomer is controlled to be added into the digital twin system, digital twin data acquired by the digital twin monomer are acquired, and the digital twin data are stored in the block chain, so that the digital twin system reads the digital twin data from the block chain. In this way, the digital twin monomer and the digital twin system are protected safely by the management of the digital certificate and the cryptographic algorithm, the digital twin data is stored by adopting the block chain, the data is prevented from being tampered, the safety of the data storage is improved, the digital twin system can also read the required data from the block chain, and the safety of the data interaction is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present application;
FIG. 2 is a schematic flow chart of a method for securely storing digital twin data according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a digital twin system according to an embodiment of the present application;
FIG. 4 is a flow chart of a method for secure storage of complete digital twin data according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a digital twin data secure storage device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Specific embodiments of the present application have been shown by way of the above drawings and will be described in more detail below. The drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but rather to illustrate the inventive concepts to those skilled in the art by reference to the specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.
In order to clearly describe the technical solution of the embodiments of the present application, in the embodiments of the present application, the words "first", "second", etc. are used to distinguish the same item or similar items having substantially the same function and effect. For example, the first device and the second device are merely for distinguishing between different devices, and are not limited in their order of precedence. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ.
In the present application, the words "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the present application, "at least one" means one or more, and "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a alone, a and B together, and B alone, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
The present application will be described with reference to the accompanying drawings, and fig. 1 is a schematic view of an application scenario provided by an embodiment of the present application, where the method for securely storing digital twin data provided by the present application may be applied to the application scenario shown in fig. 1. The application scene comprises: a first terminal device 101, a second terminal device 102, a third terminal device 103, a digital twin platform 104, a display device 105 and a user 106; the digital twin platform 104 is implemented based on a constructed digital twin system, and the first terminal device 101, the second terminal device 102, and the third terminal device 103 perform data transmission based on corresponding networks, where the networks may be a mobile communication network, the internet of things, and the like.
Specifically, the digital twin platform 104 may determine whether the digital twin monomer for collecting the data in the first terminal device 101, the second terminal device 102, and the third terminal device 103 meets the security condition of adding the digital twin platform 104, if so, control to collect the digital twin monomer corresponding to the data in the first terminal device 101, the second terminal device 102, and the third terminal device 103, add the digital twin system, collect the digital twin data collected by the digital twin monomer, process the digital twin data, and store the processed digital twin data in the digital twin platform 104.
It can be understood that when it is determined that a certain digital twin monomer for collecting data in the first terminal device 101, the second terminal device 102 and the third terminal device 103 does not meet a security condition of joining the digital twin platform 104 or the digital twin monomer itself is not trusted, alarm information can be generated and displayed on a display device 105 corresponding to the digital twin platform 104, so that a user 106 can view the alarm information, know the situation in time and process the situation in time, such as an event that the digital twin platform 104 cannot process the event, and can perform manual operation processing.
It should be noted that, in the embodiment of the present application, the types corresponding to the first terminal device 101, the second terminal device 102, and the third terminal device 103 are not specifically limited, and the digital twin system may also collect various types of data such as various data sources, service systems, sensors, video monitoring devices, etc., which are not specifically limited in the embodiment of the present application.
The terminal device may be a wireless terminal or a wired terminal. A wireless terminal may be a device that provides voice and/or other traffic data connectivity to a user, a handheld device with wireless connectivity, or other processing device connected to a wireless modem. The wireless terminal may communicate with one or more core network devices via a radio access network (Radio Access Network, RAN for short), which may be mobile terminals such as mobile phones (or "cellular" phones) and computers with mobile terminals, for example, portable, pocket, hand-held, computer-built-in or vehicle-mounted mobile devices that exchange voice and/or data with the radio access network. For another example, the wireless terminal may be a Personal communication service (Personal Communication Service, PCS) phone, a cordless phone, a session initiation protocol (Session Initiation Protocol, SIP) phone, a wireless local loop (Wireless Local Loop, WLL) station, a Personal digital assistant (Personal DIGITAL ASSISTANT, PDA) or the like. A wireless Terminal may also be referred to as a system, subscriber Unit (Subscriber Unit), subscriber Station (Subscriber Station), mobile Station (Mobile Station), remote Terminal (Remote Terminal), access Terminal (ACCESS TERMINAL), user Terminal (User Terminal), user Agent (User Agent), user equipment (User Device or User Equipment), without limitation. Optionally, the terminal device may also be a smart phone, a tablet computer, or other devices.
In a possible implementation manner, the digital twin system can be constructed, the digital twin data can be collected and marked by the digital twin system, further, the marked digital twin data can be stored and the storage time can be recorded, so that the system can perform background management on the digital twin data.
However, the above manner lacks the security control of the digital twin system, that is, the digital twin system is easy to tamper with data when data storage and data interaction are performed, and there is a security risk.
In view of the above problems, the present application provides a method for securely storing digital twin data, which is applied to a digital twin system, where the digital twin system may include a plurality of digital twin monomers, and specifically, a digital certificate and a cryptographic algorithm may be used to determine whether the digital twin monomers and the digital twin system may perform data interaction, and if so, the digital twin monomers may be controlled to be added into the digital twin system, and digital twin data collected by the digital twin monomers may be stored in a blockchain, so as to reduce the possibility of tampering of the data, improve the security of data storage, and the digital twin system may also read the required digital twin data from the blockchain, and improve the security of data interaction.
The technical scheme of the application is described in detail below by specific examples. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
FIG. 2 is a schematic flow chart of a method for securely storing digital twin data according to an embodiment of the present application, which is applied to a digital twin system; the digital twinning system comprises at least one digital twinning monomer; as shown in fig. 2, the digital twin data secure storage method includes the following steps:
s201, a first digital certificate corresponding to the digital twin monomer and a second digital certificate corresponding to the digital twin system are obtained.
In the embodiment of the application, the first digital certificate may refer to a digital certificate issued by a digital twin monomer (DIGITAL TWINS, DTS) for marking digital twin monomer identity information in internet communication, and the digital certificate comprises a key pair (pk, sk), namely, the key pair is used for implementing encryption and decryption, wherein the key pair comprises a private key sk and a public key pk, the private key is used for encryption and decryption, and the public key is used for signing; the second digital certificate is similar to the definition of the first digital certificate, reference being made to the description of the first digital certificate, except that the second digital certificate is issued by a digital twin system.
In this step, it may be that the digital twin security management platform issues a first digital certificate, such as DTS1 (PK, SK), to the digital twin monomer and a second digital certificate, such as D (PK, SK), to the digital twin system; and the digital twin system acquires the first digital certificate and the second digital certificate, wherein the first digital certificate and the second digital certificate are used for providing security protection for negotiating the digital twin monomer with the digital twin system, namely, whether the digital twin monomer can be added into the digital twin system or not is determined based on the first digital certificate and the second digital certificate, so that data interaction is performed.
S202, decrypting the first digital certificate and the second digital certificate by utilizing a predefined key algorithm to obtain decryption information, and determining whether the digital twin monomer meets preset requirements or not based on the decryption information.
In the embodiment of the present application, the predefined key algorithm may refer to an algorithm for generating a key through an online or offline interaction negotiation manner, and is used for decrypting an encrypted file, where the predefined key algorithm may be a digest algorithm, a hash algorithm, and the embodiment of the present application is not limited in particular.
Specifically, the first digital certificate is decrypted by using a predefined key algorithm to obtain the identity information of the decrypted digital twin monomer, the second digital certificate is decrypted by using the predefined key algorithm to obtain the identity information of the decrypted digital twin system, further, whether the determined identity information of the digital twin monomer and the identity information of the digital twin system meet preset requirements or not is determined, the preset requirements refer to requirements which are defined in advance and used for determining the association relationship between the digital twin monomer and the digital twin system, and if the identity information of the digital twin monomer which can be added is stored in each digital twin system, whether the corresponding relationship exists between the digital twin monomer and the decrypted information corresponding to the digital twin system or not is determined, and the embodiment of the application does not limit the preset requirements specifically.
And S203, if yes, controlling the digital twin monomer to be added into the digital twin system, acquiring digital twin data acquired by the digital twin monomer, and storing the digital twin data in a block chain so that the digital twin system reads the digital twin data from the block chain.
In the embodiment of the present application, the blockchain may refer to a chain composed of a plurality of blocks, which is used for storing data and is equivalent to a shared database, and the digital twin data is stored in the blockchain, may be stored in a corresponding chain according to a time sequence of acquiring the digital twin data, or may be stored in a corresponding chain according to a type of acquiring the digital twin data, which is not particularly limited in the embodiment of the present application.
For example, key data collected in the digital twin monomer DTS1, the digital twin monomer DTS2 to the digital twin monomer DTSn may be stored on a blockchain infrastructure (blockchain) to realize tamper resistance; the key data is defined by negotiation of the digital twin system and the digital twin monomer, and is important data required by different service scenes, the key data can also be defined artificially, and the embodiment of the application is not limited in particular
It should be noted that, the data from the digital twin monomer DTS1 to the digital twin monomer DTSn is accessed through the blockchain infrastructure for data interaction, so that data integrity and traceability can be realized.
In this step, digital twin data acquired by a digital twin monomer is acquired, and security verification is required for the digital twin data to verify whether the digital twin data is secure, if the digital twin data is determined to be secure, the digital twin data may be stored in a blockchain, and the algorithm for determining whether the digital twin data is secure is not specifically limited in the embodiment of the present application, and may be an algorithm for extracting keywords, an algorithm for security intelligent monitoring and identification based on a convolutional neural network, or the like, that is, an algorithm for extracting whether the digital twin data carries keywords such as malicious codes or attack identifications, or an algorithm for inputting the digital twin data into the security intelligent monitoring and identification algorithm to obtain an identification result.
It can be understood that if there is one digital twin system, the digital twin system includes digital twin monomers to perform data interaction, and if there are multiple digital twin systems, the digital twin systems can also implement data interaction, for example, a first digital twin system reads digital twin data collected by a certain digital twin monomer in a second digital twin system, an instruction can be sent to the second digital twin system, and the second digital twin system reads digital twin data collected by a digital twin monomer stored in a block chain of the system based on the instruction, where the digital twin data is terminal data of the internet of things.
Therefore, the application provides a digital twin data safe storage method, which can obtain a first digital certificate corresponding to a digital twin monomer and a second digital certificate corresponding to a digital twin system; further, decrypting the first digital certificate and the second digital certificate by utilizing a predefined key algorithm to obtain decryption information, and determining whether the digital twin monomer meets preset requirements or not based on the decryption information; when the digital twin monomer is determined to meet the preset requirement, the digital twin monomer is controlled to be added into the digital twin system, digital twin data acquired by the digital twin monomer are acquired, and the digital twin data are stored in the block chain, so that the digital twin system reads the digital twin data from the block chain. In this way, the digital twin monomer and the digital twin system are protected safely by the management of the digital certificate and the cryptographic algorithm, the digital twin data is stored by adopting the block chain, the data is prevented from being tampered, the safety of the data storage is improved, the digital twin system can also read the required data from the block chain, and the safety of the data interaction is improved.
Optionally, acquiring the digital twin data acquired by the digital twin monomer includes:
acquiring digital twin data acquired by the digital twin monomers, and extracting characteristic data in the digital twin data by utilizing a safety monitoring algorithm;
And determining whether the digital twin data corresponds to an abnormal event or not based on the characteristic data, and processing the digital twin data corresponding to the abnormal event.
In the embodiment of the application, the security monitoring algorithm may refer to an algorithm for determining whether abnormal data exists in digital twin data acquired by a digital twin monomer, the abnormal data is a specific parameter in an abnormal event, the abnormal data is determined based on characteristic data, the characteristic data may be a specific keyword or code, such as a malicious code, an identifier corresponding to a malicious attack initiation behavior, an identifier corresponding to unauthorized access, and the like, and further whether the abnormal event is determined based on the characteristic data.
Such abnormal events include, but are not limited to: the digital twin data acquired by the digital twin monomer carries malicious codes, the digital twin monomer initiates malicious attack to the digital twin system, the digital twin monomer initiates malicious attack to other digital twin monomers in the digital twin system, the digital twin monomer is unauthorized to access the digital twin system, the digital twin monomer is unauthorized to acquire the data in the digital twin system or the data of other digital twin monomers in the digital twin system, and the like.
It should be noted that, if the digital twin monomer is normal access, a corresponding identification code such as 1 is given to the digital twin monomer, if the digital twin monomer is abnormal access, a corresponding identification code such as 0 is given to the digital twin monomer, and a corresponding identification is given to the digital twin monomer, so that malicious attack behavior, illegal data acquisition behavior and the like are initiated.
In this step, the security monitoring module of the digital twin security management platform may perform security monitoring on the digital twin data collected from the digital twin monomers DTS1 to DTSn based on the analysis capability of the artificial intelligence, such as the security monitoring algorithm, and the abnormal event obtained by monitoring one digital twin monomer may be recorded in a set, such as dts1_sec_event { se1, se2, … sem }, where the security monitoring algorithm and the monitored abnormal data are not specifically limited in the embodiment of the present application.
Therefore, the embodiment of the application can carry out safety evaluation on the digital twin data collected by the digital twin monomers, determine the safety digital twin data to store, and guarantee the safety of data storage.
Optionally, the processing the digital twin data corresponding to the abnormal event includes:
Searching a treatment strategy corresponding to the abnormal event from a preset strategy table, or inputting the abnormal event into a trained machine learning model to obtain a corresponding treatment strategy;
And processing the digital twin data corresponding to the abnormal event by utilizing the treatment strategy to obtain a processing result.
In the embodiment of the present application, the treatment policy refers to a policy for handling an abnormal event, different abnormal events correspond to different treatment policies, the treatment policies may be stored in a preset policy table, that is, based on different abnormal events, the corresponding treatment policies are defined in advance, and stored in the preset policy table, and when in use, the preset policy table may be directly called, and the preset policy table may be deployed in a digital twin system or an external system, which is not particularly limited in the embodiment of the present application.
Optionally, the treatment strategy can also be obtained through a trained machine learning model, namely, the abnormal event is input into the trained machine learning model to obtain a corresponding treatment strategy; the training process of the machine learning model comprises the following steps: acquiring a training data set, wherein the training data set comprises a plurality of abnormal events and treatment strategies corresponding to the abnormal events; the training data set is input into a machine learning model for training, so that a trained machine learning model is obtained, the machine learning model has the capability of autonomous learning, corresponding treatment strategies can be obtained in a self-adaptive mode aiming at different abnormal events, and flexibility and accuracy are improved.
In this step, a treatment policy corresponding to an abnormal event may be obtained through a treatment and collaboration module of the digital twin security management platform, and digital twin data corresponding to an abnormal event set dts1_sec_event { se1, se2, … sem } is intelligently and safely treated by using the corresponding treatment policy to obtain a processing result, and if an external security system needs to be scheduled, the external security system may also be invoked to process the digital twin data corresponding to the abnormal event by adopting collaboration capability, and the docking and collaboration method with the external security system is not specifically limited.
The method for processing the digital twin data corresponding to the abnormal event by using the processing strategy in the embodiment of the application is not particularly limited, and can be determined according to actual conditions or service scene requirements, and the above is only an illustration.
Therefore, the embodiment of the application has corresponding treatment strategies for different abnormal events, and the abnormal events are treated by utilizing the treatment strategies to obtain the treatment result, so that the flexibility of treatment is improved, the occurrence of abnormal conditions is reduced, and the safety of the digital twin system is ensured.
Optionally, the method further comprises:
Acquiring evaluation parameters of the digital twin monomer at intervals of preset time, wherein the evaluation parameters comprise digital twin data corresponding to an abnormal event, time for adding the digital twin monomer into a digital twin system, corresponding processing results after the abnormal event occurs to the digital twin monomer and time required by the digital twin monomer to acquire the digital twin data;
and calculating a trusted value corresponding to the evaluation parameter by using a trusted evaluation algorithm, and determining whether the digital twin monomer is trusted or not based on the trusted value.
In the embodiment of the application, the trusted evaluation algorithm refers to an algorithm for evaluating the integral safety of the digital twin monomer, a trusted value corresponding to an evaluation parameter of the digital twin monomer is calculated by using the trusted evaluation algorithm, and then whether the digital twin monomer is trusted or not is determined by using the trusted value, wherein the trusted value can be a numerical parameter or a parameter described in formal language.
Exemplary, the digital twin monomer DTS1 to the digital twin monomer DTSn in the digital twin system may be subjected to trusted evaluation in real time by a trusted evaluation entity, specifically, an evaluation parameter of a certain digital twin monomer, such as digital twin data corresponding to an abnormal event set dts1_sec_event { se1, se2, … sem }, and a treatment result set dts1_sec_event '{ se1', se2', … sem' }, may be obtained, and the integrity of the digital twin monomer may be subjected to trusted evaluation, that is, a trusted value corresponding to the evaluation parameter is calculated by using a trusted evaluation algorithm, and whether the digital twin monomer is trusted or not is determined based on the trusted value.
It can be understood that in the application, the evaluation parameters of the digital twin monomer can be obtained at intervals of preset time for credible evaluation, and the evaluation parameters of the digital twin monomer can also be obtained in real time for credible evaluation.
It should be noted that, the application can utilize one or more of the evaluation parameters to perform trusted evaluation on the integrity of the digital twin monomer, the more the corresponding evaluation parameters are, the more accurate the obtained evaluation result is, and the number of the evaluation parameters is not particularly limited when the embodiment of the application performs trusted evaluation on the digital twin monomer.
Therefore, the embodiment of the application can monitor the digital twin monomer in real time, perform trusted evaluation on the integrity of the digital twin monomer and ensure the safe operation of the digital twin system.
Optionally, determining whether the digital twinning monomer is authentic based on the trust value includes:
acquiring a preset credible threshold interval, and judging whether the credible value is positioned in the credible threshold interval;
If yes, determining that the digital twin monomer is credible;
If not, determining that the digital twin monomer is not trusted, and generating alarm information based on the evaluation parameters.
In the embodiment of the application, the trusted threshold interval can refer to a set threshold value for determining the trusted correspondence of the digital twin monomer, and can be artificially changed according to service requirements, the trusted threshold interval is not particularly limited, and when the trusted value is a numerical parameter, the trusted threshold interval can be [ d, e ]; when the trusted value is a parameter described in a formal language, the trusted threshold interval may be a parameter of whether a specific field, such as an xyz field, is present.
In this step, the digital twin system may notify the trusted evaluation entity of the set trusted threshold interval through network interaction, so that the trusted evaluation entity determines whether the digital twin monomer is trusted based on whether the trusted value of the digital twin monomer is located in the trusted threshold interval, if it is determined that the digital twin monomer is not trusted, the trusted evaluation entity may generate alarm information based on the evaluation parameters, specifically, the trusted evaluation entity is linked with the security monitoring module of the digital twin security management platform, and when the trusted evaluation entity determines that the trusted value of a certain digital twin monomer is not located in the trusted threshold interval, the trusted evaluation entity generates alarm information to the digital twin system, for example, the alarm information is dts1_trust { (d, e) or "xyz" =yes }.
It should be noted that, the content and the form of the generated alarm information in the embodiment of the present application are not limited specifically, and the above is only illustrative.
Therefore, the embodiment of the application can set corresponding trusted threshold intervals for different digital twin monomers so as to meet different scene requirements, and has wide application range.
Optionally, the method further comprises:
after the alarm information is generated, deleting the un-trusted digital twin monomer from the digital twin system, and sending a message instruction to a blockchain so that the blockchain deletes digital twin data corresponding to the digital twin monomer based on the message instruction.
In the embodiment of the application, the message instruction is used for indicating that the digital twin monomer is not trusted and needs to be deleted, and the message instruction can be sent to a trusted evaluation entity, a digital twin security management platform, a block chain infrastructure and other digital twin monomers to respectively execute corresponding operation processing.
Specifically, taking the situation that the digital twin monomer DTS1 is not trusted as an example, after the digital twin system receives the alarm information sent by the trusted evaluation entity, the digital twin system deletes the DTS1 from the system, and further, the digital twin system broadcasts a message instruction to other digital twin monomers in the system through a network to inform that the DTS1 has been deleted from the system, and the other digital twin monomers in the system do not interact with the DTS1 any more; meanwhile, the digital twin system sends a message instruction to the blockchain infrastructure through a network, the message instruction is used for deleting the DTS1 node and digital twin data corresponding to the DTS1 node, and sending the message instruction to the digital twin security management platform to execute the operation of recovering the digital certificate of the DTS1, and further, the digital twin security management platform can update the digital certificate of the digital twin system.
Therefore, the embodiment of the application can delete the unreliable digital twin monomer in time, and ensure the safety and stability of the digital twin system.
Optionally, storing the digital twin data in a blockchain includes:
acquiring the type of the digital twin data, and judging whether the type is positioned in a lookup table;
If yes, searching a first position corresponding to the type stored in the block chain in the lookup table, and storing the digital twin data in the first position;
if not, the type is newly added in the lookup table and stored in a second position corresponding to the blockchain, the digital twin data is stored in the second position, and the corresponding relation between the type and the second position is newly added in the lookup table.
In this step, the lookup table is used to store the correspondence between the type of the digital twin data and the storage location, and the lookup table is a table set in advance, so that after the type of the digital twin data is acquired, the storage location corresponding to the blockchain is directly acquired from the table, and when there is no correspondence of a certain type in the table, the storage location of the type can be automatically generated, and the correspondence between the type and the storage location in the lookup table is updated.
Therefore, the embodiment of the application can store the digital twin data in the block chain based on the type of the digital twin data, reduces the possibility of tampering of the data, and is convenient for storage and inquiry due to different storage positions corresponding to different types of the digital twin data.
It should be noted that, the digital twin platform, the blockchain infrastructure, the trusted evaluation entity, the digital twin security management platform and the like mentioned in the above embodiments are used to construct a complete digital twin system framework, and implement the digital twin data security storage method provided by the embodiments of the present application.
In combination with the above embodiments, fig. 3 is a schematic structural diagram of a digital twin system according to an embodiment of the present application; as shown in fig. 3, the whole framework includes a plurality of internet of things sensing terminals, a network, a plurality of DTSs, a Digital Twin Factory (DTF), a blockchain infrastructure, a trusted evaluation entity, a digital twin security management platform, etc., wherein the DTSs are used for acquiring data of the internet of things sensing terminals through the network (mobile communication network, internet of things, etc.); the block chain infrastructure is used for storing key data acquired by the DTS to realize tamper resistance; the digital twin security management platform is used for carrying out digital certificate issuing, security monitoring, security disposal and cooperation on the digital twin monomers, sending digital certificates to the DTF and notifying abnormal events, and when other security systems are needed to assist in processing the abnormal events, docking with the other security systems and calling the other security systems to cooperatively process the abnormal events; the DTF can be understood as a digital twin platform, and is used for receiving a digital certificate issued by the digital twin security management platform, notifying an abnormal event, receiving an untrusted alarm (alarm information) sent by a trusted evaluation entity, and performing data interaction with a blockchain infrastructure; the trusted evaluation entity is used for performing trusted evaluation on the DTS, generating an untrusted alarm and sending the untrusted alarm to the DTF, and performing data interaction with the digital twin security management platform, and timely sending an instruction for deleting the untrusted DTS and timely deleting the untrusted digital twin monomer.
Fig. 4 is a schematic flow chart of a complete digital twin data secure storage method according to an embodiment of the present application, as shown in fig. 4, where the digital twin data secure storage method includes the following steps:
Step A: the digital twin security management platform issues digital certificates to the digital twin monomers 1 to n and the DTF, judges whether the digital twin monomers 1 to n can be added with the DTF based on the issued digital certificates, if yes, controls the digital twin monomers meeting the requirements to be added with the DTF, stores digital twin data acquired by the digital twin monomers in a block chain infrastructure for data interaction, and if not, controls the digital twin monomers not to be added with the DTF.
And (B) step (B): when the digital twin data acquired by the digital twin monomer is stored in the block chain infrastructure, the digital twin safety management platform can perform safety monitoring on the digital twin data acquired by the digital twin monomer added with the DTF, timely perform safety treatment and cooperation, when other safety systems are needed for assisting in processing, the digital twin safety management platform is also in butt joint with the other safety systems, invokes the other safety systems to cooperatively treat, after the digital twin data acquired by the digital twin monomer is stored in the block chain infrastructure, the trusted evaluation entity can perform trusted evaluation on the integrity of the digital twin monomer added with the DTF in real time, and when the fact that a certain digital twin monomer is not trusted is determined, an untrusted alarm of the digital twin monomer is generated and sent to the block chain infrastructure, so that the digital twin data corresponding to the digital twin monomer is deleted by the block chain infrastructure, and the digital twin monomer is deleted in the whole system.
The application provides a digital twin data safe storage method, which is used for realizing the safe architecture and protocol design of a digital twin system, providing safe protection for the negotiation of a digital twin monomer and the digital twin system through the management of a digital certificate and a cryptographic algorithm, adopting a block chain infrastructure to provide data credibility for the interaction of the digital twin monomer and the digital twin system, carrying out real-time monitoring on the safety of the digital twin monomer based on artificial intelligent analysis capability, disposing the digital twin monomer through intelligent cooperative capability, timely deleting the non-credible digital twin monomer through real-time credible evaluation, and guaranteeing the safety of the digital twin system.
In the foregoing embodiment, the digital twin data secure storage method provided in the embodiment of the present application is described, and in order to implement each function in the method provided in the foregoing embodiment of the present application, an electronic device as an execution body may include a hardware structure and/or a software module, and each function may be implemented in the form of a hardware structure, a software module, or a hardware structure plus a software module. Some of the functions described above are performed in a hardware configuration, a software module, or a combination of hardware and software modules, depending on the specific application of the solution and design constraints.
For example, fig. 5 is a schematic structural diagram of a digital twin data secure storage device according to an embodiment of the present application, where the digital twin data secure storage device is used in a digital twin system; the digital twinning system comprises at least one digital twinning monomer; as shown in fig. 5, the apparatus includes: an acquisition module 510, a decryption module 520, and a storage module 530; the obtaining module 510 is configured to obtain a first digital certificate corresponding to a digital twin monomer and a second digital certificate corresponding to a digital twin system;
The decryption module 520 is configured to decrypt the first digital certificate and the second digital certificate by using a predefined key algorithm to obtain decryption information, and determine whether the digital twin monomer meets a preset requirement based on the decryption information;
the storage module 530 is configured to control the digital twin monomer to be added into the digital twin system when the digital twin monomer meets a preset requirement, acquire digital twin data acquired by the digital twin monomer, and store the digital twin data in a block chain, so that the digital twin system reads the digital twin data from the block chain.
Optionally, the storage module 530 includes an acquisition unit and a storage unit; the acquisition unit comprises an extraction unit and a processing unit;
optionally, the extracting unit is configured to obtain digital twin data collected by the digital twin unit, and extract feature data in the digital twin data by using a security monitoring algorithm;
The processing unit is used for determining whether the digital twin data corresponds to an abnormal event or not based on the characteristic data and processing the digital twin data corresponding to the abnormal event.
Optionally, the processing unit is specifically configured to:
Searching a treatment strategy corresponding to the abnormal event from a preset strategy table, or inputting the abnormal event into a trained machine learning model to obtain a corresponding treatment strategy;
And processing the digital twin data corresponding to the abnormal event by utilizing the treatment strategy to obtain a processing result.
Optionally, the device further comprises an evaluation module and a determination module;
Specifically, the evaluation module is configured to obtain, at intervals of a preset time, an evaluation parameter of the digital twin monomer, where the evaluation parameter includes digital twin data corresponding to an abnormal event, a time when the digital twin monomer is added into the digital twin system, a corresponding processing result after the abnormal event occurs in the digital twin monomer, and a time required for the digital twin monomer to acquire the digital twin data;
the determining module is used for calculating a trusted value corresponding to the evaluation parameter by using a trusted evaluation algorithm and determining whether the digital twin monomer is trusted or not based on the trusted value.
Optionally, the determining module is specifically configured to:
acquiring a preset credible threshold interval, and judging whether the credible value is positioned in the credible threshold interval;
If yes, determining that the digital twin monomer is credible;
If not, determining that the digital twin monomer is not trusted, and generating alarm information based on the evaluation parameters.
Optionally, the device further includes an alarm module, where the alarm module is configured to:
after the alarm information is generated, deleting the un-trusted digital twin monomer from the digital twin system, and sending a message instruction to a blockchain so that the blockchain deletes digital twin data corresponding to the digital twin monomer based on the message instruction.
Optionally, the storage unit is configured to:
acquiring the type of the digital twin data, and judging whether the type is positioned in a lookup table;
If yes, searching a first position corresponding to the type stored in the block chain in the lookup table, and storing the digital twin data in the first position;
if not, the type is newly added in the lookup table and stored in a second position corresponding to the blockchain, the digital twin data is stored in the second position, and the corresponding relation between the type and the second position is newly added in the lookup table.
The specific implementation principle and effect of the digital twin data security storage device provided by the embodiment of the present application can be referred to the related description and effect corresponding to the above embodiment, and will not be repeated here.
The embodiment of the application also provides a schematic structural diagram of an electronic device, and fig. 6 is a schematic structural diagram of an electronic device provided by the embodiment of the application, as shown in fig. 6, the electronic device may include: a processor 601 and a memory 602 communicatively coupled to the processor; the memory 602 stores a computer program; the processor 601 executes the computer program stored in the memory 602, causing the processor 601 to perform the method as described in any one of the embodiments above.
Wherein the memory 602 and the processor 601 may be connected by a bus 603.
Embodiments of the present application also provide a computer-readable storage medium storing computer program-executable instructions that, when executed by a processor, are configured to implement a method as described in any of the foregoing embodiments of the present application.
The embodiment of the application also provides a chip for running instructions, and the chip is used for executing the method in any of the previous embodiments executed by the electronic equipment in any of the previous embodiments.
Embodiments of the present application also provide a computer program product comprising a computer program which, when executed by a processor, performs a method as in any of the preceding embodiments of the present application, as in any of the preceding embodiments performed by an electronic device.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules is merely a logical function division, and there may be additional divisions of actual implementation, e.g., multiple modules or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.
The modules illustrated as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to implement the solution of this embodiment.
In addition, each functional module in the embodiments of the present application may be integrated in one processing unit, or each module may exist alone physically, or two or more modules may be integrated in one unit. The units formed by the modules can be realized in a form of hardware or a form of hardware and software functional units.
The integrated modules, which are implemented in the form of software functional modules, may be stored in a computer readable storage medium. The software functional modules described above are stored in a storage medium and include instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or processor to perform some of the steps of the methods described in the various embodiments of the application.
It should be appreciated that the Processor may be a central processing unit (Central Processing Unit, abbreviated as CPU), or may be other general purpose Processor, digital signal Processor (DIGITAL SIGNAL Processor, abbreviated as DSP), application SPECIFIC INTEGRATED Circuit (ASIC), or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in a processor for execution.
The Memory may include a high-speed random access Memory (Random Access Memory, abbreviated as RAM), and may further include a Non-volatile Memory (NVM), such as at least one magnetic disk Memory, and may also be a U-disk, a removable hard disk, a read-only Memory, a magnetic disk, or an optical disk.
The bus may be an industry standard architecture (Industry Standard Architecture, ISA) bus, an external device interconnect (PERIPHERAL COMPONENT INTERCONNECT, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, the buses in the drawings of the present application are not limited to only one bus or to one type of bus.
The storage medium may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random-Access Memory (SRAM), electrically erasable programmable Read-Only Memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ ONLY MEMORY EEPROM), erasable programmable Read-Only Memory (Erasable Programmable Read-Only Memory, EPROM), programmable Read-Only Memory (Programmable Read-Only Memory, PROM), read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk, or optical disk. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an Application SPECIFIC INTEGRATED Circuits (ASIC). It is also possible that the processor and the storage medium reside as discrete components in an electronic device or a master device.
The foregoing is merely a specific implementation of the embodiment of the present application, but the protection scope of the embodiment of the present application is not limited to this, and any changes or substitutions within the technical scope disclosed in the embodiment of the present application should be covered in the protection scope of the embodiment of the present application. Therefore, the protection scope of the embodiments of the present application shall be subject to the protection scope of the claims.

Claims (11)

1. The digital twin data safe storage method is characterized by being applied to a digital twin system; the digital twinning system comprises at least one digital twinning monomer; the method comprises the following steps:
acquiring a first digital certificate corresponding to a digital twin monomer and a second digital certificate corresponding to a digital twin system;
Decrypting the first digital certificate by using a predefined key algorithm to obtain the identity information of the decrypted digital twin monomer, decrypting the second digital certificate by using the predefined key algorithm to obtain the identity information of the decrypted digital twin system, and determining whether the identity information of the digital twin monomer and the identity information of the digital twin system meet preset requirements; the preset requirement is a requirement which is defined in advance and used for determining the association relation between the digital twin monomer and the digital twin system;
If yes, the digital twin monomer is controlled to be added into the digital twin system, digital twin data acquired by the digital twin monomer are acquired, and the digital twin data are stored in a block chain, so that the digital twin system reads the digital twin data from the block chain.
2. The method of claim 1, wherein acquiring digital twinning data acquired by the digital twinning cell comprises:
acquiring digital twin data acquired by the digital twin monomers, and extracting characteristic data in the digital twin data by utilizing a safety monitoring algorithm;
And determining whether the digital twin data corresponds to an abnormal event or not based on the characteristic data, and processing the digital twin data corresponding to the abnormal event.
3. The method of claim 2, wherein processing the digital twin data corresponding to the anomaly event comprises:
Searching a treatment strategy corresponding to the abnormal event from a preset strategy table, or inputting the abnormal event into a trained machine learning model to obtain a corresponding treatment strategy;
And processing the digital twin data corresponding to the abnormal event by utilizing the treatment strategy to obtain a processing result.
4. A method according to claim 3, characterized in that the method further comprises:
Acquiring evaluation parameters of the digital twin monomer at intervals of preset time, wherein the evaluation parameters comprise digital twin data corresponding to an abnormal event, time for adding the digital twin monomer into a digital twin system, corresponding processing results after the abnormal event occurs to the digital twin monomer and time required by the digital twin monomer to acquire the digital twin data;
and calculating a trusted value corresponding to the evaluation parameter by using a trusted evaluation algorithm, and determining whether the digital twin monomer is trusted or not based on the trusted value.
5. The method of claim 4, wherein determining whether the digital twinning monomer is authentic based on the trust value comprises:
acquiring a preset credible threshold interval, and judging whether the credible value is positioned in the credible threshold interval;
If yes, determining that the digital twin monomer is credible;
If not, determining that the digital twin monomer is not trusted, and generating alarm information based on the evaluation parameters.
6. The method of claim 5, wherein the method further comprises:
after the alarm information is generated, deleting the un-trusted digital twin monomer from the digital twin system, and sending a message instruction to a blockchain so that the blockchain deletes digital twin data corresponding to the digital twin monomer based on the message instruction.
7. The method of any of claims 1-6, wherein storing the digital twin data in a blockchain comprises:
acquiring the type of the digital twin data, and judging whether the type is positioned in a lookup table;
If yes, searching a first position corresponding to the type stored in the block chain in the lookup table, and storing the digital twin data in the first position;
if not, the type is newly added in the lookup table and stored in a second position corresponding to the blockchain, the digital twin data is stored in the second position, and the corresponding relation between the type and the second position is newly added in the lookup table.
8. A digital twin data secure storage device, which is characterized by being applied to a digital twin system; the digital twinning system comprises at least one digital twinning monomer; the device comprises:
The acquisition module is used for acquiring a first digital certificate corresponding to the digital twin monomer and a second digital certificate corresponding to the digital twin system;
The decryption module is used for decrypting the first digital certificate by utilizing a predefined key algorithm to obtain the identity information of the decrypted digital twin monomer, decrypting the second digital certificate by utilizing the predefined key algorithm to obtain the identity information of the decrypted digital twin system, and determining whether the identity information of the digital twin monomer and the identity information of the digital twin system meet preset requirements; the preset requirement is a requirement which is defined in advance and used for determining the association relation between the digital twin monomer and the digital twin system;
And the storage module is used for controlling the digital twin monomer to be added into the digital twin system when the digital twin monomer meets the preset requirement, acquiring digital twin data acquired by the digital twin monomer, and storing the digital twin data in a block chain so that the digital twin system reads the digital twin data from the block chain.
9. An electronic device, comprising: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
The processor executes computer-executable instructions stored in the memory to implement the method of any one of claims 1-7.
10. A computer readable storage medium storing computer executable instructions which when executed by a processor are adapted to carry out the method of any one of claims 1 to 7.
11. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any of claims 1-7.
CN202211109774.9A 2022-09-13 2022-09-13 Digital twin data secure storage method and device, electronic equipment and storage medium Active CN115484032B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211109774.9A CN115484032B (en) 2022-09-13 2022-09-13 Digital twin data secure storage method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211109774.9A CN115484032B (en) 2022-09-13 2022-09-13 Digital twin data secure storage method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115484032A CN115484032A (en) 2022-12-16
CN115484032B true CN115484032B (en) 2024-09-24

Family

ID=84393009

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211109774.9A Active CN115484032B (en) 2022-09-13 2022-09-13 Digital twin data secure storage method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115484032B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111295660A (en) * 2017-11-02 2020-06-16 区块链控股有限公司 Computer-implemented system and method for connecting blockchains to digital twins
CN111716353A (en) * 2020-05-20 2020-09-29 西安交通大学 Digital twin virtual-real synchronous operation method based on publish/subscribe mode

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11488176B2 (en) * 2019-01-31 2022-11-01 Salesforce.Com, Inc. Systems, methods, and apparatuses for implementing certificates of authenticity of digital twins transacted onto a blockchain using distributed ledger technology (DLT)
CN114424167A (en) * 2019-05-06 2022-04-29 强力物联网投资组合2016有限公司 Platform for promoting intelligent development of industrial Internet of things system
JP2023507550A (en) * 2019-11-25 2023-02-24 ストロング フォース アイオーティ ポートフォリオ 2016,エルエルシー Intelligent vibration digital twin system and method for industrial environment
CN112099948B (en) * 2020-09-10 2022-12-09 西安交通大学 Method for standardizing digital twin manufacturing unit protocol and integrating industrial big data in real time
CN112882765B (en) * 2021-01-29 2023-10-20 航天科工智能运筹与信息安全研究院(武汉)有限公司 Digital twin model scheduling method and device
CN113064351B (en) * 2021-03-26 2024-07-16 京东科技控股股份有限公司 Digital twin model construction method and device, storage medium and electronic equipment
CN114500536B (en) * 2022-01-27 2024-03-01 京东方科技集团股份有限公司 Cloud edge cooperation method, cloud edge cooperation system, cloud device, cloud platform equipment and cloud medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111295660A (en) * 2017-11-02 2020-06-16 区块链控股有限公司 Computer-implemented system and method for connecting blockchains to digital twins
CN111716353A (en) * 2020-05-20 2020-09-29 西安交通大学 Digital twin virtual-real synchronous operation method based on publish/subscribe mode

Also Published As

Publication number Publication date
CN115484032A (en) 2022-12-16

Similar Documents

Publication Publication Date Title
CN111209334B (en) Power terminal data security management method based on block chain
CN110113167B (en) Information protection method and system of intelligent terminal and readable storage medium
KR100985857B1 (en) Device and method for detecting and preventing sensitive information leakage in portable terminal
CN111882233A (en) Storage risk early warning method, system and device based on block chain and storage medium
CN115147956B (en) Data processing method, device, electronic equipment and storage medium
CN111148094A (en) Registration method of 5G user terminal, user terminal equipment and medium
CN112468497B (en) Block chain terminal equipment authorization authentication method, device, equipment and storage medium
CN109284608B (en) Method, device and equipment for identifying Legionella software and safety processing method
Feng et al. Autonomous vehicles' forensics in smart cities
EP2930962A1 (en) Encryption/decryption method, system and device
CN107592295A (en) A kind of encryption method of big data
CN115484032B (en) Digital twin data secure storage method and device, electronic equipment and storage medium
CN102968588B (en) Intelligent terminal system
CN111148213B (en) Registration method of 5G user terminal, user terminal equipment and medium
CN106878233B (en) Method for reading security data, security server, terminal and system
CN112989406A (en) Information processing method, device, equipment and storage medium
WO2007074992A1 (en) Method for detecting malicious code changes from hacking of program loaded and executed on memory through network
CN108879963B (en) Power load management device and method
CN111132149A (en) Registration method of 5G user terminal, user terminal equipment and medium
CN109033776A (en) A kind of personnel management methods, system, equipment and computer readable storage medium
CN111132156B (en) Registration method of 5G user terminal, user terminal equipment and medium
CN110933028B (en) Message transmission method, device, network equipment and storage medium
CN115643045A (en) Trigger type crawler searching and detecting early warning system
CN109803255B (en) Mobile data information safety communication system and method for digital workshop
CN113949591A (en) Data encryption protection method and system based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant