[go: up one dir, main page]

CN112507373B - A remote access method for industrial field data in the industrial Internet - Google Patents

A remote access method for industrial field data in the industrial Internet Download PDF

Info

Publication number
CN112507373B
CN112507373B CN202011205017.2A CN202011205017A CN112507373B CN 112507373 B CN112507373 B CN 112507373B CN 202011205017 A CN202011205017 A CN 202011205017A CN 112507373 B CN112507373 B CN 112507373B
Authority
CN
China
Prior art keywords
data
industrial field
client
field data
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN202011205017.2A
Other languages
Chinese (zh)
Other versions
CN112507373A (en
Inventor
王斌
张天石
王健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Speedycloud Technology Co ltd
Original Assignee
Beijing Speedycloud Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Speedycloud Technology Co ltd filed Critical Beijing Speedycloud Technology Co ltd
Priority to CN202011205017.2A priority Critical patent/CN112507373B/en
Publication of CN112507373A publication Critical patent/CN112507373A/en
Application granted granted Critical
Publication of CN112507373B publication Critical patent/CN112507373B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明公开了一种工业互联网中工业现场数据远程访问方法,属于数据安全技术领域,用于解决现有的远程数据传输加密安全性不高等问题。所述方法包括:客户端向中间服务器发起访问数据服务器的数据的访问请求;中间服务器建立与客户端以及数据服务器的通信连接关系,并将访问请求转发给数据服务器;响应于所述访问请求,数据服务器根据第一深度神经网络对被请求访问的工业现场数据进行第一变换,得到加密后的工业现场数据并通过中间服务器回传给客户端;客户端根据第二深度神经网络对所述加密后的工业现场数据进行第二变换,得到解密后的工业现场数据;其中,第一变换过程和第二变换过程互逆。本发明在具有更高的加密复杂度、更高的安全性。

Figure 202011205017

The invention discloses a remote access method for industrial field data in the industrial Internet, belongs to the technical field of data security, and is used for solving the problem of low security of existing remote data transmission encryption. The method includes: the client initiates an access request to access data of the data server to the intermediate server; the intermediate server establishes a communication connection relationship with the client and the data server, and forwards the access request to the data server; in response to the access request, The data server performs a first transformation on the industrial field data requested to be accessed according to the first deep neural network, and obtains encrypted industrial field data and sends it back to the client through the intermediate server; the client encrypts the encrypted industrial field data according to the second deep neural network. The second transformation is performed on the obtained industrial field data to obtain decrypted industrial field data; wherein, the first transformation process and the second transformation process are mutually inverse. The present invention has higher encryption complexity and higher security.

Figure 202011205017

Description

一种工业互联网中工业现场数据远程访问方法A remote access method for industrial field data in the industrial Internet

技术领域technical field

本发明涉及数据安全技术领域,特别涉及一种工业互联网中工业现场数据远程访问方法。The invention relates to the technical field of data security, in particular to a remote access method for industrial field data in the industrial Internet.

背景技术Background technique

工业互联网的本质和核心是通过工业互联网平台把设备、生产线、工厂、供应商、产品和客户紧密地连接融合起来。随着工业互联网的发展,远程访问工业现场数据,能够通过远程客户端对当前联网的现场设备数据进行访问,一方面节省人力和跑现场的时间成本,另一方面便于现场数据的统一归口管理。The essence and core of the Industrial Internet is to closely connect and integrate equipment, production lines, factories, suppliers, products and customers through the Industrial Internet platform. With the development of the Industrial Internet, remote access to industrial field data enables access to current networked field equipment data through remote clients, which saves manpower and time cost of running the field, and facilitates unified and centralized management of field data.

远程数据库访问(Remote Database Access即RDA)是支持数据库在网络环境下实现互连、互操作的关键技术,它在当前网络技术趋于成熟,在数据库已实现客户/服务器体系结构的应用形势下,RDA已成为任何信息系统建设中的一个重要环节。通用的RDA服务可划分为五类:对话管理服务,事务管理服务,控制服务,资源处理服务,数据库语言服务。前两类服务主要与数据库管理有关,后三类服务主要与数据库访问有关。对话管理服务提供了管理RDA对话的设施,事务管理服务支持事务的管理,控制服务用于确定尚未完成的RDA操作的状态和取消这些操作,资源处理服务用于管理数据库资源,数据库语言(DBL)服务涉及定义和撤消DBL操作,调用早先定义的操作,执行DBL的操作等。Remote Database Access (RDA) is a key technology to support the interconnection and interoperability of databases in the network environment. It is becoming mature in the current network technology, and the database has realized the application situation of the client/server architecture. RDA has become an important link in the construction of any information system. Common RDA services can be divided into five categories: dialog management services, transaction management services, control services, resource processing services, and database language services. The first two types of services are mainly related to database management, and the last three types of services are mainly related to database access. The Dialog Management Service provides facilities for managing RDA conversations, the Transaction Management Service supports the management of transactions, the Control Service is used to determine the status of pending RDA operations and cancel those operations, the Resource Handling Service is used to manage database resources, and the Database Language (DBL) Services involve defining and undoing DBL operations, calling previously defined operations, performing DBL operations, etc.

现有的远程数据库访问方法,在客户端远程访问服务器上的数据过程中,数据来回传输需要加密,但是,传统的加密方式是对原始数据作一个线性变换或者是一个具有显示表达的非线性变换,其安全性不够高,容易被攻击识破,若是提高加密算法安全性,则加密与解密代价太大,不适合于短时数据的大量交互。In the existing remote database access method, during the remote access of the client to the data on the server, the data needs to be encrypted for back and forth transmission. However, the traditional encryption method is to perform a linear transformation on the original data or a nonlinear transformation with an explicit expression. , its security is not high enough, and it is easy to be detected by attacks. If the security of the encryption algorithm is improved, the encryption and decryption costs are too high, and it is not suitable for a large amount of short-term data interaction.

发明内容SUMMARY OF THE INVENTION

本发明提供一种工业互联网中工业现场数据远程访问方法,用于解决现有的远程数据库访问中数据传输加密安全性不高或者高安全性的加密传输方式的加密和解密代价较大的问题。本发明提供的工业互联网中工业现场数据远程访问方法采用新的加密方式,这种加密方式是非显示的非线性变换,相对于现有技术在保证同量级的计算量时具有更高的复杂度和更高的安全性。The invention provides a remote access method for industrial field data in the industrial Internet, which is used to solve the problems of low data transmission encryption security or high encryption and decryption cost in the existing remote database access. The method for remotely accessing industrial field data in the industrial Internet provided by the present invention adopts a new encryption method. This encryption method is a non-display nonlinear transformation, and has higher complexity compared to the prior art when ensuring the same amount of calculation. and higher security.

本发明提供一种工业互联网中工业现场数据远程访问方法,包括:The present invention provides a remote access method for industrial field data in the industrial Internet, comprising:

客户端向中间服务器发起访问数据服务器的数据的访问请求;The client initiates an access request to the intermediate server to access the data of the data server;

所述中间服务器建立与所述客户端以及数据服务器的通信连接关系,并将所述访问请求转发给所述数据服务器;The intermediate server establishes a communication connection relationship with the client and the data server, and forwards the access request to the data server;

响应于所述访问请求,所述数据服务器根据第一深度神经网络对被请求访问的工业现场数据进行第一变换,得到加密后的工业现场数据发送给所述中间服务器;In response to the access request, the data server performs a first transformation on the industrial field data requested to be accessed according to the first deep neural network, to obtain encrypted industrial field data and send it to the intermediate server;

所述中间服务器将所述加密后的工业现场数据回传给所述客户端;The intermediate server transmits the encrypted industrial field data back to the client;

所述客户端根据第二深度神经网络对所述加密后的工业现场数据进行第二变换,得到解密后的工业现场数据;其中,所述第一变换过程和第二变换过程互逆。The client performs a second transformation on the encrypted industrial field data according to the second deep neural network to obtain decrypted industrial field data; wherein the first transformation process and the second transformation process are mutually inverse.

在一可选实施例中,所述数据服务器根据第一深度神经网络对被请求访问的工业现场数据进行第一变换,得到加密后的工业现场数据发送给所述中间服务器,包括:In an optional embodiment, the data server performs a first transformation on the industrial field data requested to be accessed according to the first deep neural network, and obtains encrypted industrial field data and sends it to the intermediate server, including:

将被请求访问的工业现场数据X划分为两组,得到第一组工业现场数据X1和第二组工业现场数据X2Divide the industrial field data X requested to be accessed into two groups to obtain the first group of industrial field data X 1 and the second group of industrial field data X 2 ;

采用以下公式对第一组工业现场数据X1和第二组工业现场数据X2进行第一变换:The first transformation is performed on the first group of industrial field data X 1 and the second group of industrial field data X 2 using the following formula:

Figure BDA0002756718820000031
Figure BDA0002756718820000031

将所述第一组工业现场数据X1和第二组工业现场数据X2通过第一变换后得到的输出数据

Figure BDA0002756718820000032
Figure BDA0002756718820000033
作为加密后的工业现场数据发送给所述中间服务器;Output data obtained by first transforming the first group of industrial field data X 1 and the second group of industrial field data X 2
Figure BDA0002756718820000032
and
Figure BDA0002756718820000033
Send to the intermediate server as encrypted industrial field data;

其中,

Figure BDA0002756718820000034
为第一深度神经网络模型的中间输出;in,
Figure BDA0002756718820000034
is the intermediate output of the first deep neural network model;

X=(a1,1,…,a1,n,a2,1,…,a2,n,…,am,1,…,am,n)T∈Rmn,(aj,1,…,aj,n)为X=(a 1,1 ,…,a 1,n ,a 2,1 ,…,a 2,n ,…, am,1 ,…,am ,n ) T ∈R mn , (a j, 1 ,…,a j,n ) is

被请求访问的工业现场数据中的第j份数据,j=1,…,m;n为每份工业现场数据中的参数个数,m为被请求访问的工业现场数据中的数据总份数;The jth data in the industrial field data requested to be accessed, j=1,...,m; n is the number of parameters in each industrial field data, m is the total number of data copies in the industrial field data requested to be accessed ;

X1=(a1,1,…,a1,n,…,ai,1,…,ai,n)T∈RinX 1 =(a 1,1 ,…,a 1,n ,…,a i,1 ,…,a i,n ) T ∈R in ,

X2=(ai+1,1,…,ai+1,n,…,am,1,…,am,n)T∈R(m-i)nX 2 =(a i+1,1 ,…,ai+1,n,…, am,1 ,…,am ,n ) T ∈R (mi)n ,

其中,m(1)()这一函数的表达式为:m(1)(x)=W2·σ(W1x+b1)+b2,m(2)()这一函数的表达式为:m(2)(x)=W4·σ(W3x+b3)+b4Among them, the expression of the function m (1) () is: m (1) (x)=W 2 ·σ(W 1 x+b1)+b 2 , the expression of the function m (2) () The formula is: m (2) (x)=W 4 ·σ(W 3 x+b 3 )+b 4 ,

σ()这一函数的表达式为:

Figure BDA0002756718820000035
The expression for this function σ() is:
Figure BDA0002756718820000035

W1,W2,W3,W4,b1,b2,b3,b4为预先设置的矩阵,为模型的中间参数;W 1 , W 2 , W 3 , W 4 , b 1 , b 2 , b 3 , and b 4 are preset matrices, which are the intermediate parameters of the model;

其中,W1∈Rin×in表示W1为in×in维实矩阵,W2∈R(m-i)n×in表示W2为(m-i)n×in维实矩阵,W3∈R(m-i)n×(m-i)n表示W3为(m-i)n×(m-i)n维实矩阵,W4∈R(m-i)n×in表示W4为(m-i)n×in维实矩阵;Among them, W 1 ∈R in×in indicates that W 1 is an in×in-dimensional real matrix, W 2 ∈R (mi)n×in indicates that W 2 is a (mi)n×in-dimensional real matrix, and W 3 ∈R (mi )n×(mi)n indicates that W 3 is a (mi)n×(mi)n-dimensional real matrix, and W 4 ∈R (mi)n×in indicates that W 4 is a (mi)n×in-dimensional real matrix;

b1,b4∈Rin表示b1,b4是in维实向量;b2,b3∈R(m-i)n表示b2,b3是(m-i)n维实向量。b 1 , b 4 ∈ R in means b 1 , b 4 is an in-dimensional real vector; b 2 , b 3 ∈ R (mi)n means b 2 , b 3 is a (mi)n-dimensional real vector.

在一可选实施例中,所述客户端根据第二深度神经网络对所述加密后的工业现场数据进行第二变换,得到解密后的工业现场数据包括:In an optional embodiment, the client performs a second transformation on the encrypted industrial field data according to the second deep neural network, and the obtained decrypted industrial field data includes:

所述客户端采用以下公式对收到的加密后的工业现场数据

Figure BDA0002756718820000036
Figure BDA0002756718820000037
进行第二变换:The client uses the following formula for the received encrypted industrial field data
Figure BDA0002756718820000036
and
Figure BDA0002756718820000037
Do the second transformation:

Figure BDA0002756718820000041
Figure BDA0002756718820000041

其中,

Figure BDA0002756718820000042
为第二深度神经网络模型的中间输出;in,
Figure BDA0002756718820000042
is the intermediate output of the second deep neural network model;

将第二变换后输出的结果Y1和Y2合并,得到解密后的工业现场数据。The results Y 1 and Y 2 output after the second transformation are combined to obtain the decrypted industrial field data.

在一可选实施例中,i=[m/2],[m/2]表示不超过m/2的最大整数。In an alternative embodiment, i=[m/2], and [m/2] represents the largest integer not exceeding m/2.

在一可选实施例中,所述的工业互联网中工业现场数据远程访问方法,还包括:In an optional embodiment, the method for remotely accessing industrial field data in the industrial Internet further includes:

预先采集一定数量的工业现场数据为样本数据;Collect a certain amount of industrial field data in advance as sample data;

采用所述第一深度神经网络对所述样本数据进行训练,得到所述W1,W2,W3,W4和b1,b2,b3,b4的值。The first deep neural network is used to train the sample data to obtain the values of W 1 , W 2 , W 3 , W 4 and b 1 , b 2 , b 3 , and b 4 .

在一可选实施例中,所述W1,W2,W3,W4,b1,b2,b3,b4服从标准高斯分布。In an optional embodiment, the W 1 , W 2 , W 3 , W 4 , b 1 , b 2 , b 3 , b 4 obey a standard Gaussian distribution.

在一可选实施例中,所述工业现场数据至少包括传感数据和操作数据。In an optional embodiment, the industrial field data includes at least sensory data and operational data.

在一可选实施例中,所述中间服务器建立与所述客户端以及数据服务器的通信连接关系,并将所述访问请求转发给所述数据服务器,包括:In an optional embodiment, the intermediate server establishes a communication connection relationship with the client and the data server, and forwards the access request to the data server, including:

所述中间服务器接收到所述客户端发送的访问请求时,验证所述访问请求对应的登录用户的访问权限;When receiving the access request sent by the client, the intermediate server verifies the access authority of the logged-in user corresponding to the access request;

若所述访问请求对应的登录用户的访问权限验证通过,则所述中间服务器响应所述访问请求,分别建立与所述客户端、数据服务器之间的通信连接关系;If the access authority verification of the login user corresponding to the access request passes, the intermediate server responds to the access request and establishes a communication connection relationship with the client and the data server respectively;

所述中间服务器将所述访问请求转发给所述数据服务器。The intermediate server forwards the access request to the data server.

在一可选实施例中,所述登录用户的访问权限包括现不限于:用户账户的合规性以及用户账户对不同数据的访问权。In an optional embodiment, the access rights of the logged-in user include, but are not limited to: compliance of the user account and access rights of the user account to different data.

在一可选实施例中,所述中间服务器建立与所述客户端以及数据服务器的通信连接关系,并将所述访问请求转发给所述数据服务器,包括:In an optional embodiment, the intermediate server establishes a communication connection relationship with the client and the data server, and forwards the access request to the data server, including:

在一可选实施例中,所述中间服务器建立与所述客户端以及数据服务器的通信连接关系,并将所述访问请求转发给所述数据服务器,包括:In an optional embodiment, the intermediate server establishes a communication connection relationship with the client and the data server, and forwards the access request to the data server, including:

步骤A1、所述中间服务器根据自身发射频率计算出所述客户端的信噪比SINR值;所述SINR值表示为信号与干扰信号加噪声的比值:Step A1, the intermediate server calculates the signal-to-noise ratio SINR value of the client according to its own transmission frequency; the SINR value is expressed as the ratio of the signal to the interference signal plus noise:

Figure BDA0002756718820000051
Figure BDA0002756718820000051

其中,σi1表示为第i1个客户端的SINR值,Pm1表示为中间服务器的发射频率,gi1表示为中间服务器向所述第i1个客户端发射信号时对应的路径增益,ωi1表示为中间服务器向所述第i1个客户端发射信号时对应的路径增益系数,取值为[0.5,0.8],N表示为向中间服务器发送访问请求的客户端的总数量,gj1表示为中间服务器向第j1个客户端发射信号时对应的路径增益,ω表示为计算过程中的误差因子,取值为[0.05,0.1];pm为中间服务器的平均发射频率;Among them, σ i1 represents the SINR value of the i1th client, P m1 represents the transmission frequency of the intermediate server, g i1 represents the corresponding path gain when the intermediate server transmits signals to the i1th client, and ω i1 represents as The corresponding path gain coefficient when the intermediate server transmits a signal to the i1th client, the value is [0.5, 0.8], N represents the total number of clients that send access requests to the intermediate server, and g j1 represents the intermediate server to the intermediate server. The path gain corresponding to the j1th client transmitting signal, ω is the error factor in the calculation process, the value is [0.05, 0.1]; p m is the average transmission frequency of the intermediate server;

步骤A2、根据所述客户端的SINR值获取所述客户端的用户数据:Step A2, obtain the user data of the client according to the SINR value of the client:

Figure BDA0002756718820000052
Figure BDA0002756718820000052

其中,Li1表示所述第i1个客户端的用户数据,log为对数计算符号,det表示为预设计参数,且取值范围为[2,10],QS表示为所述中间服务器当前的带宽,Rmax表示为预设的所述中间服务器的最大客户端连接数量;Wherein, L i1 represents the user data of the i1th client, log is the logarithmic calculation symbol, det represents the pre-designed parameter, and the value range is [2, 10], Q S represents the current value of the intermediate server Bandwidth, R max represents the preset maximum number of client connections of the intermediate server;

步骤A3、将所述客户端的用户数据输入到预设用户数据库中进行检索,确认是否有匹配的目标用户数据,若是,则继续执行步骤A4;否则,向所述客户端发出“无法连接服务器”的提示;Step A3, input the user data of the client into the preset user database for retrieval, and confirm whether there is matching target user data, if so, continue to perform step A4; otherwise, issue "unable to connect to the server" to the client hint;

步骤A4、向所述客户端发出密码验证和人脸验证的双提示;Step A4, issue the double prompt of password verification and face verification to the described client;

步骤A5、验证所述客户端提供的目标密码是否正确,同时将所述客户端提供的当前人脸图像与中间服务器预先录入的所述客户端的预设人脸图像进行对比,当确认所述当前人脸图像和预设人脸图像相同并且所述目标密码验证通过时,确认所述客户端身份信息通过验证并建立中间服务器与所述客户端以及数据服务器的通信连接关系;Step A5, verify whether the target password provided by the client is correct, and compare the current face image provided by the client with the preset face image of the client pre-recorded by the intermediate server. When the face image is the same as the preset face image and the target password verification is passed, confirm that the client identity information passes the verification and establish a communication connection relationship between the intermediate server, the client and the data server;

步骤A6、建立连接关系后,所述中间服务器将所述访问请求转发给所述数据服务器。Step A6: After establishing the connection relationship, the intermediate server forwards the access request to the data server.

本发明提供的工业互联网中工业现场数据远程访问方法,基于深度神经网络给出一种工业互联网中工业现场数据远程访问时新的数据传输加密方式,这种加密方式是没有显示表达的可逆的非线性变换,相对于现有技术只具有同量级的计算量,但是具有更高的复杂度,更加难以被攻破,能够很好地克服现有技术存在的问题。The method for remotely accessing industrial field data in the industrial Internet provided by the present invention provides a new data transmission encryption method for remote access to industrial field data in the industrial Internet based on a deep neural network. This encryption method is a reversible non-display expression. Compared with the prior art, the linear transformation only has the same amount of computation, but has higher complexity and is more difficult to be broken, and can well overcome the problems existing in the prior art.

本发明的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本发明而了解。本发明的目的和其他优点可通过在所写的说明书、权利要求书、以及附图中所特别指出的结构来实现和获得。Other features and advantages of the present invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description, claims, and drawings.

下面通过附图和实施例,对本发明的技术方案做进一步的详细描述。The technical solutions of the present invention will be further described in detail below through the accompanying drawings and embodiments.

附图说明Description of drawings

附图用来提供对本发明的进一步理解,并且构成说明书的一部分,与本发明的实施例一起用于解释本发明,并不构成对本发明的限制。在附图中:The accompanying drawings are used to provide a further understanding of the present invention, and constitute a part of the specification, and are used to explain the present invention together with the embodiments of the present invention, and do not constitute a limitation to the present invention. In the attached image:

图1为本发明提供的一种工业互联网中工业现场数据远程访问方法流程图;1 is a flowchart of a method for remotely accessing industrial field data in an industrial Internet provided by the present invention;

图2为本发明提供的通过第一深度神经网络对被请求访问的工业现场数据进行加密的方法流程图;2 is a flowchart of a method for encrypting industrial field data requested to be accessed through a first deep neural network provided by the present invention;

图3为本发明提供的通过第二深度神经网络对加密后的工业现场数据进行解密的方法流程图。FIG. 3 is a flowchart of a method for decrypting encrypted industrial field data through a second deep neural network provided by the present invention.

具体实施方式Detailed ways

本发明实施例提供的工业互联网中工业现场数据远程访问方法,用于对工业互联网中工业现场数据在远程访问过程中通过深度神经网络进行加密和解密。以下结合附图对本发明的优选实施例进行说明,应当理解,此处所描述的优选实施例仅用于说明和解释本发明,并不用于限定本发明。The method for remotely accessing industrial field data in the industrial Internet provided by the embodiment of the present invention is used to encrypt and decrypt the industrial field data in the industrial Internet through a deep neural network during the remote access process. The preferred embodiments of the present invention will be described below with reference to the accompanying drawings. It should be understood that the preferred embodiments described herein are only used to illustrate and explain the present invention, but not to limit the present invention.

图1为本发明提供的一种工业互联网中工业现场数据远程访问方法流程图,如图1中所示,该方法包括以下步骤S1-S5:FIG. 1 is a flowchart of a method for remote access to industrial field data in an industrial Internet provided by the present invention. As shown in FIG. 1 , the method includes the following steps S1-S5:

S1:客户端向中间服务器发起访问数据服务器的数据的访问请求。S1: The client initiates an access request to the intermediate server to access the data of the data server.

本实施例中,类似于现有的远程访问服务器的方法,客户端向中间服务器发送针对工业现场的数据服务器的访问请求,所述访问请求中携带客户端标识、数据服务器标识,请求访问的数据标识等信息。所述中间服务器可以是虚拟服务器,或者其他可以实现远程中转的设备终端。In this embodiment, similar to the existing remote access server method, the client sends an access request for the data server on the industrial site to the intermediate server, and the access request carries the client identifier, the data server identifier, and the data requested to be accessed. identification and other information. The intermediate server may be a virtual server, or other device terminals that can realize remote transfer.

S2:所述中间服务器建立与所述客户端以及数据服务器的通信连接关系,并将所述访问请求转发给所述数据服务器。S2: The intermediate server establishes a communication connection relationship with the client and the data server, and forwards the access request to the data server.

在一可选实施例中,中间服务器接收到所述客户端发送的访问请求时,先验证所述访问请求对应的登录用户的访问权限,若验证通过,则中间服务器响应所述访问请求,分别建立与所述客户端、数据服务器之间的通信连接关系,最后中间服务器将所述访问请求转发给所述数据服务器。In an optional embodiment, when the intermediate server receives the access request sent by the client, it first verifies the access authority of the logged-in user corresponding to the access request, and if the verification is passed, the intermediate server responds to the access request, respectively. A communication connection relationship with the client and the data server is established, and finally the intermediate server forwards the access request to the data server.

其中,登录用户的访问权限包括但不限于:用户账户的合规性以及用户账户对不同数据的访问权。例如,数据服务器中存储有多个设备的数据,可以预先设置不同注册用户(具有远程访问合规性的用户)对不同设备数据的访问权,例如用户账号A可以查看设备一的工业数据,用户账号B可以查看所有设备的工业数据,此处不再赘述。Among them, the access rights of the logged-in user include but are not limited to: the compliance of the user account and the access rights of the user account to different data. For example, data of multiple devices is stored in the data server, and the access rights of different registered users (users with remote access compliance) to data of different devices can be preset. For example, user account A can view the industrial data of device one. Account B can view the industrial data of all devices, which will not be repeated here.

S3:响应于所述访问请求,所述数据服务器根据第一深度神经网络对被请求访问的工业现场数据进行第一变换,得到加密后的工业现场数据发送给所述中间服务器。S3: In response to the access request, the data server performs a first transformation on the industrial field data requested to be accessed according to the first deep neural network, and obtains encrypted industrial field data and sends it to the intermediate server.

其中,工业现场数据主要分为两部分:一部分是操作数据,用于记录鼠标移动,操作命令等;还有一部分是传感数据,用于表示机器工作的状态,比如风速,压力,温度,湿度等观测数据。Among them, the industrial field data is mainly divided into two parts: one part is operation data, which is used to record mouse movements, operation commands, etc.; the other part is sensor data, which is used to indicate the working state of the machine, such as wind speed, pressure, temperature, humidity etc. observation data.

本实施例中,预先设置第一深度神经网络,则数据服务器在收到数据访问请求后,根据第一深度神经网络对被请求访问的工业现场数据进行第一变换,变换后的数据即为本实施例中远程访问时用来传输的加密数据。In this embodiment, the first deep neural network is preset, and after receiving the data access request, the data server performs the first transformation on the industrial field data requested to be accessed according to the first deep neural network, and the transformed data is the original Encrypted data used for transmission during remote access in the embodiment.

S4:所述中间服务器将所述加密后的工业现场数据回传给所述客户端。S4: The intermediate server transmits the encrypted industrial field data back to the client.

S5:所述客户端根据第二深度神经网络对所述加密后的工业现场数据进行第二变换,得到解密后的工业现场数据;S5: The client performs a second transformation on the encrypted industrial field data according to the second deep neural network to obtain decrypted industrial field data;

其中,所述第一变换过程和第二变换过程互逆。Wherein, the first transformation process and the second transformation process are mutually inverse.

本实施例中,客户端在收到通过第一深度神经网络加密后的工业现场数据,通过第二深度神经网络对所述加密后的工业现场数据进行第二变换,第二深度神经网络对数据的变换过程和第一深度神经网络对数据的变换过程互逆,则经过第二变化后,所述加密的工业现场数据即解密为数据服务器端的原始数据,用户可用过客户端进行正常查看。In this embodiment, after receiving the industrial field data encrypted by the first deep neural network, the client performs a second transformation on the encrypted industrial field data by using the second deep neural network, and the second deep neural network performs a second transformation on the data. The transformation process of the first deep neural network and the transformation process of the data by the first deep neural network are inverse to each other. After the second change, the encrypted industrial field data is decrypted into the original data of the data server, and the user can use the client to view it normally.

本实施例提供的工业互联网中工业现场数据远程访问方法,基于深度神经网络对数据进行加密和解密,这种加密方式是没有显示表达的可逆的非线性变换,相对于现有的加密技术,具有同量级的计算量,但有更高的复杂度,更加难以被攻破,能够很好地克服现有技术存在的问题。The method for remotely accessing industrial field data in the industrial Internet provided by this embodiment encrypts and decrypts data based on a deep neural network. This encryption method is a reversible nonlinear transformation with no explicit expression. Compared with the existing encryption technology, it has the advantages of It has the same amount of computation, but has higher complexity and is more difficult to break, which can well overcome the problems existing in the existing technology.

在一可选实施例中,如图2所示,通过第一深度神经网络对被请求访问的工业现场数据进行加密的方法包括如下步骤S31-S33:In an optional embodiment, as shown in FIG. 2 , the method for encrypting the industrial field data requested to be accessed by using the first deep neural network includes the following steps S31-S33:

S31:将被请求访问的工业现场数据X划分为两组,得到第一组工业现场数据X1和第二组工业现场数据X2S31: Divide the industrial field data X requested to be accessed into two groups, and obtain the first group of industrial field data X 1 and the second group of industrial field data X 2 .

本实施例中,假设被请求访问的工业现场数据为一个矩阵形式A∈Rm×n,即In this embodiment, it is assumed that the industrial field data requested to be accessed is in the form of a matrix A∈Rm ×n , that is,

Figure BDA0002756718820000081
Figure BDA0002756718820000081

首先将矩阵形式的数据打平为X,作为第一深度神经网络的输入数据:First, the data in matrix form is flattened as X, as the input data of the first deep neural network:

X=(a11,…,a1n,a21,…,a2n,…,am1,…,amn)T∈Rmn X=(a 11 ,…,a 1n ,a 21 ,…,a 2n ,…,a m1 ,…,a mn ) T ∈R mn

其中,(ai1,…,ain)为被请求访问的工业现场数据中的第i份数据,i=1,…,m;n为每份工业现场数据中的参数个数,m为被请求访问的工业现场数据中的数据总份数;Rmn表示一维列向量X中有m份工业现场数据,每份工业现场数据有n个参数,即X中有m×n个数据。Among them, (a i1 ,...,a in ) is the ith piece of data in the industrial field data requested to be accessed, i=1,...,m; n is the number of parameters in each piece of industrial field data, m is the number of parameters in each piece of industrial field data The total number of data copies in the industrial field data requested to be accessed; R mn indicates that there are m copies of industrial field data in the one-dimensional column vector X, and each industrial field data has n parameters, that is, there are m×n data in X.

本实施例中将X中的前i×n个数据划分为第一组工业现场数据X1,将X中的后(m-i)×n个数据做为第二组工业现场数据X2,即:将被请求访问的工业现场数据中的第1~i份数据作为第一组工业现场数据X1(对应于矩阵A中的第1~i行),将被请求访问的工业现场数据中的第(m-i)~m份数据作为第二组工业现场数据X2(对应于矩阵A中的第(m-i)~m行),X1和X2的表达式如下:In this embodiment, the first i×n data in X are divided into the first group of industrial field data X 1 , and the last (mi)×n data in X are taken as the second group of industrial field data X 2 , namely: Take the 1st to i-th pieces of data in the industrial field data requested to be accessed as the first group of industrial field data X 1 (corresponding to the 1st to i-th rows in matrix A), (mi)~m pieces of data are taken as the second group of industrial field data X 2 (corresponding to the (mi)~mth row in matrix A), and the expressions of X 1 and X 2 are as follows:

X1=(a1,1,…,a1,n,…,ai,1,…,ai,n)T∈RinX 1 =(a 1,1 ,…,a 1,n ,…,a i,1 ,…,a i,n ) T ∈R in ,

X2=(ai+1,1,…,ai+1,n,…,am,1,…,am,n)T∈R(m-i)nX 2 =(a i+1,1 ,…,a i+1,n ,…, am,1 ,…,am ,n ) T ∈R (mi)n ,

显然,X1为一个(i×n)×1的矩阵,X2为一个((m-i)×n)×1的矩阵。Obviously, X 1 is a (i×n)×1 matrix, and X 2 is a ((mi)×n)×1 matrix.

优选地,i=[m/2],[m/2]表示不超过m/2的最大整数。例如,若A为5×2的矩阵,则i=2,得到的X1为一个4×1的矩阵,X2为一个6×1的矩阵。Preferably, i=[m/2], and [m/2] represents the largest integer not exceeding m/2. For example, if A is a 5×2 matrix, and i=2, the resulting X 1 is a 4×1 matrix, and X 2 is a 6×1 matrix.

S32:采用第一预定公式(1)对第一组工业现场数据X1和第二组工业现场数据X2进行第一变换:S32: Use the first predetermined formula (1) to perform a first transformation on the first group of industrial field data X1 and the second group of industrial field data X2:

Figure BDA0002756718820000091
Figure BDA0002756718820000091

其中,

Figure BDA0002756718820000092
为第一深度神经网络模型的中间输出;m(1)()这一函数的表达式见公式(2),m(2)()这一函数的表达式见公式(3):in,
Figure BDA0002756718820000092
is the intermediate output of the first deep neural network model; the expression of m (1) () is shown in formula (2), and the expression of m (2) () is shown in formula (3):

m(1)(x)=W2·σ(W1x+b1)+b2 (2)m (1) (x)=W 2 ·σ(W 1 x+b 1 )+b 2 (2)

m(2)(x)=W4·σ(W3x+b3)+b4 (3)m (2) (x)=W 4 ·σ(W 3 x+b 3 )+b 4 (3)

公式(2)和(3)中,σ()这一函数的表达式为:In formulas (2) and (3), the expression of the function σ() is:

Figure BDA0002756718820000101
Figure BDA0002756718820000101

公式(2)和(3)中,W1∈Rin×in,W2∈R(m-i)n×in,W3∈R(m-i)n×(m-i)n,W4∈R(m-i)n×in,b1,b4∈Rin,b2,b3∈R(m-i)n。W1∈Rin×in表示W1为一个in×in维的实矩阵,W2∈R(m-i)n×in表示W2为一个(m-i)n×in维的实矩阵,例如,若m=5,n=2,i=2,则W1为一个4×4维的实矩阵,W2为一个6×4维的实矩阵,W3∈R(m-i)n×(m-i)n表示W3为(m-i)n×(m-i)n维实矩阵,W4∈R(m-i)n×in表示W4为(m-i)n×in维实矩阵;b1,b4∈Rin表示b1,b4是in维实向量;b2,b3∈R(m-i)n表示b2,b3是(m-i)n维实向量。In equations (2) and (3), W 1 ∈R in×in ,W 2 ∈R (mi)n×in ,W 3 ∈R (mi)n×(mi)n ,W 4 ∈R (mi) n×in , b 1 , b 4 ∈ R in , b 2 , b 3 ∈ R (mi)n . W 1 ∈R in×in means that W 1 is a real matrix of in×in dimension, W 2 ∈ R (mi)n×in means that W 2 is a real matrix of (mi)n×in dimension, for example, if m =5, n=2, i=2, then W 1 is a 4×4-dimensional real matrix, W 2 is a 6×4-dimensional real matrix, and W 3 ∈R (mi)n×(mi)n represents W 3 is a (mi)n×(mi)n-dimensional real matrix, W 4 ∈R (mi)n×in means W 4 is a (mi)n×in-dimensional real matrix; b 1 ,b 4 ∈R in means b 1 , b 4 are in-dimensional real vectors; b 2 , b 3 ∈ R (mi)n represent b 2 , b 3 are (mi) n-dimensional real vectors.

可选地,W1,W2,W3,W4,b1,b2,b3,b4为预先设置的矩阵,作为本发明实施例提供的数据传输过程中的加密和解密密钥,W1,W2,W3,W4,b1,b2,b3,b4的值可以根据经验预先设置。优选地,W1,W2,W3,W4,b1,b2,b3,b4服从标准高斯分布。Optionally, W 1 , W 2 , W 3 , W 4 , b 1 , b 2 , b 3 , and b 4 are preset matrices, which are used as encryption and decryption keys in the data transmission process provided by this embodiment of the present invention , W 1 , W 2 , W 3 , W 4 , the values of b 1 , b 2 , b 3 , and b 4 can be preset according to experience. Preferably, W 1 , W 2 , W 3 , W 4 , b 1 , b 2 , b 3 , b 4 obey a standard Gaussian distribution.

在一可选实施例中,还可以在本发明提供的方法执行之前,预先采集一定数量的工业现场数据为样本数据,随后采用所述第一深度神经网络对所述样本数据进行训练,得到所述W1,W2,W3,W4和b1,b2,b3,b4的值。In an optional embodiment, before the method provided by the present invention is executed, a certain amount of industrial field data may be pre-collected as sample data, and then the first deep neural network is used to train the sample data to obtain the result. Describe the values of W 1 , W 2 , W 3 , W 4 and b 1 , b 2 , b 3 , and b 4 .

S33:将所述第一组工业现场数据X1和第二组工业现场数据X2通过第一变换后得到的输出数据,作为加密后的工业现场数据发送给所述中间服务器。S33: Send the output data obtained by the first transformation of the first group of industrial field data X 1 and the second group of industrial field data X 2 to the intermediate server as encrypted industrial field data.

本实施例中,数据服务器将经过第一变换后得到的输出数据

Figure BDA0002756718820000102
作为加密后的工业现场数据发送给所述中间服务器。至此,被请求访问的工业现场数据通过以公式(1)-(3)为代表的第一深度神经网络加密完成了。In this embodiment, the data server converts the output data obtained after the first transformation
Figure BDA0002756718820000102
It is sent to the intermediate server as encrypted industrial field data. So far, the industrial field data requested to be accessed is encrypted by the first deep neural network represented by formulas (1)-(3).

在一可选实施例中,如图3所示,通过第二深度神经网络对加密后的工业现场数据

Figure BDA0002756718820000103
进行解密的方法包括如下步骤S51-S52:In an optional embodiment, as shown in FIG. 3, the encrypted industrial field data is processed by a second deep neural network.
Figure BDA0002756718820000103
The method for decrypting includes the following steps S51-S52:

S51:采用第二预定公式(5)对收到的加密后的工业现场数据

Figure BDA0002756718820000111
Figure BDA0002756718820000112
进行第二变换:S51: Use the second predetermined formula (5) to perform the encryption on the received industrial field data
Figure BDA0002756718820000111
and
Figure BDA0002756718820000112
Do the second transformation:

Figure BDA0002756718820000113
Figure BDA0002756718820000113

其中,

Figure BDA0002756718820000114
为第二深度神经网络模型的中间输出;函数m(1)()和m(2)()仍旧采用第一变换中使用的上述公式(2)-(4)来计算,显然,通过数学推导可得知,计算出的
Figure BDA0002756718820000115
等于采用公式(1)计算过程中得到的
Figure BDA0002756718820000116
计算出的
Figure BDA0002756718820000117
等于采用公式(1)计算过程中得到的
Figure BDA0002756718820000118
计算出的
Figure BDA0002756718820000119
等于采用公式(1)计算过程中得到的
Figure BDA00027567188200001110
计算出的
Figure BDA00027567188200001111
等于采用公式(1)计算过程中得到的
Figure BDA00027567188200001112
计算出的
Figure BDA00027567188200001113
等于采用公式(1)计算过程中得到的
Figure BDA00027567188200001114
计算出的
Figure BDA00027567188200001115
等于采用公式(1)计算过程中得到的
Figure BDA00027567188200001116
in,
Figure BDA0002756718820000114
is the intermediate output of the second deep neural network model; the functions m (1) () and m (2) () are still calculated by the above formulas (2)-(4) used in the first transformation, obviously, through mathematical derivation It can be seen that the calculated
Figure BDA0002756718820000115
is equal to that obtained in the calculation process using formula (1)
Figure BDA0002756718820000116
calculated
Figure BDA0002756718820000117
is equal to that obtained in the calculation process using formula (1)
Figure BDA0002756718820000118
calculated
Figure BDA0002756718820000119
is equal to that obtained in the calculation process using formula (1)
Figure BDA00027567188200001110
calculated
Figure BDA00027567188200001111
is equal to that obtained in the calculation process using formula (1)
Figure BDA00027567188200001112
calculated
Figure BDA00027567188200001113
is equal to that obtained in the calculation process using formula (1)
Figure BDA00027567188200001114
calculated
Figure BDA00027567188200001115
is equal to that obtained in the calculation process using formula (1)
Figure BDA00027567188200001116

由于采用公式(1)计算过程中,

Figure BDA00027567188200001117
因此计算出的
Figure BDA00027567188200001118
Figure BDA00027567188200001119
根据公式(1)中的
Figure BDA00027567188200001120
可以得到
Figure BDA00027567188200001121
Figure BDA00027567188200001122
因此Y2=X2。可见,第二深度神经网络输出的Y1和Y2等于一开始输入第一深度神经网络的第一组工业现场数据X1和第二组工业现场数据X2,通过上述过程即可实现对第一深度神经网络输出数据的解密。Since formula (1) is used in the calculation process,
Figure BDA00027567188200001117
So calculated
Figure BDA00027567188200001118
Figure BDA00027567188200001119
According to formula (1)
Figure BDA00027567188200001120
can get
Figure BDA00027567188200001121
and
Figure BDA00027567188200001122
Therefore Y 2 =X 2 . It can be seen that Y 1 and Y 2 output by the second deep neural network are equal to the first group of industrial field data X 1 and the second group of industrial field data X 2 input to the first deep neural network at the beginning. Decryption of the output data of a deep neural network.

S52:将第二变换后输出的结果Y1和Y2合并,得到解密后的工业现场数据。S52: Combine the output results Y 1 and Y 2 after the second transformation to obtain decrypted industrial field data.

本实施例中,根据步骤S31中将被请求访问的工业现场数据X划分为X1和X2的方法,将第二变换后输出的结果Y1和Y2重新合并为X,即可得到本次请求访问的工业现场数据的原始数据。In this embodiment, according to the method of dividing the industrial field data X requested to be accessed into X 1 and X 2 in step S31, the results Y 1 and Y 2 output after the second transformation are recombined into X, so that the present invention can be obtained. The raw data of the industrial field data requested for access.

在一可选实施例中,所述中间服务器建立与所述客户端以及数据服务器的通信连接关系,并将所述访问请求转发给所述数据服务器,包括:In an optional embodiment, the intermediate server establishes a communication connection relationship with the client and the data server, and forwards the access request to the data server, including:

在一可选实施例中,所述中间服务器建立与所述客户端以及数据服务器的通信连接关系,并将所述访问请求转发给所述数据服务器,包括:In an optional embodiment, the intermediate server establishes a communication connection relationship with the client and the data server, and forwards the access request to the data server, including:

步骤A1、所述中间服务器根据自身发射频率计算出所述客户端的信噪比SINR值;所述SINR值表示为信号与干扰信号加噪声的比值:Step A1, the intermediate server calculates the signal-to-noise ratio SINR value of the client according to its own transmission frequency; the SINR value is expressed as the ratio of the signal to the interference signal plus noise:

Figure BDA0002756718820000121
Figure BDA0002756718820000121

其中,σi1表示为第i1个客户端的SINR值,Pm1表示为中间服务器的发射频率,gi1表示为中间服务器向所述第i1个客户端发射信号时对应的路径增益,ωi1表示为中间服务器向所述第i1个客户端发射信号时对应的路径增益系数,取值为[0.5,0.8],N表示为向中间服务器发送访问请求的客户端的总数量,gj1表示为中间服务器向第j1个客户端发射信号时对应的路径增益,ω表示为计算过程中的误差因子,取值为[0.05,0.1];pm为中间服务器的平均发射频率;Among them, σ i1 represents the SINR value of the i1th client, P m1 represents the transmission frequency of the intermediate server, g i1 represents the corresponding path gain when the intermediate server transmits signals to the i1th client, and ω i1 represents as The corresponding path gain coefficient when the intermediate server transmits a signal to the i1th client, the value is [0.5, 0.8], N represents the total number of clients that send access requests to the intermediate server, and g j1 represents the intermediate server to the intermediate server. The path gain corresponding to the j1th client transmitting signal, ω is the error factor in the calculation process, the value is [0.05, 0.1]; p m is the average transmission frequency of the intermediate server;

步骤A2、根据所述客户端的SINR值获取所述客户端的用户数据:Step A2, obtain the user data of the client according to the SINR value of the client:

Figure BDA0002756718820000122
Figure BDA0002756718820000122

其中,Li1表示所述第i1个客户端的用户数据,log为对数计算符号,det表示为预设计参数,且取值范围为[2,10],QS表示为所述中间服务器当前的带宽,Rmax表示为预设的所述中间服务器的最大客户端连接数量;Wherein, L i1 represents the user data of the i1th client, log is the logarithmic calculation symbol, det represents the pre-designed parameter, and the value range is [2, 10], Q S represents the current value of the intermediate server Bandwidth, R max represents the preset maximum number of client connections of the intermediate server;

步骤A3、将所述客户端的用户数据输入到预设用户数据库中进行检索,确认是否有匹配的目标用户数据,若是,则继续执行步骤A4;否则,向所述客户端发出“无法连接服务器”的提示;Step A3, input the user data of the client into the preset user database for retrieval, and confirm whether there is matching target user data, if so, continue to perform step A4; otherwise, issue "unable to connect to the server" to the client hint;

步骤A4、向所述客户端发出密码验证和人脸验证的双提示;Step A4, issue the double prompt of password verification and face verification to the described client;

步骤A5、验证所述客户端提供的目标密码是否正确,同时将所述客户端提供的当前人脸图像与中间服务器预先录入的所述客户端的预设人脸图像进行对比,当确认所述当前人脸图像和预设人脸图像相同并且所述目标密码验证通过时,确认所述客户端身份信息通过验证并建立中间服务器与所述客户端以及数据服务器的通信连接关系;Step A5, verify whether the target password provided by the client is correct, and compare the current face image provided by the client with the preset face image of the client pre-recorded by the intermediate server. When the face image is the same as the preset face image and the target password verification is passed, confirm that the client identity information passes the verification and establish a communication connection relationship between the intermediate server, the client and the data server;

步骤A6、建立连接关系后,所述中间服务器将所述访问请求转发给所述数据服务器。Step A6: After establishing the connection relationship, the intermediate server forwards the access request to the data server.

上述技术方案的有益效果为:通过获取中间服务器的发射频率计算出当前客户端i1的SINR值来准确地确定传输过程中的干扰信号和噪声,进而利用当前客户端i1的SINR值来计算出当前客户端i1的用户数据,可避免干扰信号的扰乱,使得获取到的当前客户端i1的用户数据更加准确和真实,同时,通过在预设用户数据库中检索是否有匹配当前客户端i1的用户数据的目标用户数据来准确地初步确认当前客户端i1是否具有连接中间服务器的权限,在确认有权限后,通过进一步地利用当前客户端i1提供的当前人脸图像和目标密码来双重验证身份,验证通过后方可实现对中间服务器和数据服务器的连接,保证了连接的安全性和可靠性,进一笔地保证了数据服务器内数据的安全性。The beneficial effects of the above technical solutions are: by obtaining the transmission frequency of the intermediate server and calculating the SINR value of the current client i1 to accurately determine the interference signal and noise in the transmission process, and then using the SINR value of the current client i1 to calculate the current The user data of the client i1 can avoid the disturbance of the interference signal, so that the obtained user data of the current client i1 is more accurate and true. The target user data to accurately preliminarily confirm whether the current client i1 has the authority to connect to the intermediate server, after confirming the authority, by further using the current face image and target password provided by the current client i1 to double-verify the identity, verify Only after the connection between the intermediate server and the data server can be realized, the security and reliability of the connection are ensured, and the security of the data in the data server is further ensured.

本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied therein, including but not limited to disk storage, optical storage, and the like.

显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit and scope of the invention. Thus, provided that these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include these modifications and variations.

Claims (8)

1. A remote access method for industrial field data in industrial Internet is characterized by comprising the following steps:
the client initiates an access request for accessing the data of the data server to the intermediate server;
the intermediate server establishes a communication connection relation with the client and the data server and forwards the access request to the data server;
responding to the access request, the data server performs first transformation on the industrial field data requested to be accessed according to a first deep neural network to obtain encrypted industrial field data, and the encrypted industrial field data is sent to the intermediate server;
the intermediate server transmits the encrypted industrial field data back to the client;
the client side carries out second transformation on the encrypted industrial field data according to a second deep neural network to obtain decrypted industrial field data; wherein the first transformation process and the second transformation process are reciprocal;
the method for the data server to perform the first transformation on the industrial field data requested to be accessed according to the first deep neural network to obtain the encrypted industrial field data and send the encrypted industrial field data to the intermediate server includes the following steps:
dividing the industrial field data X requested to be accessed into two groups to obtain a first group of industrial field data X1And a second set of industrial field data X2
The following formula is adopted for the first group of industrial field data X1And a second set of industrial field data X2Performing a first transformation:
Figure FDA0003034991030000011
the first group of industrial field data X1And a second set of industrial field data X2Output data obtained by the first transformation
Figure FDA0003034991030000012
And
Figure FDA0003034991030000013
sending the encrypted industrial field data to the intermediate server;
wherein,
Figure FDA0003034991030000014
an intermediate output of the first deep neural network model;
X=(a1,1,…,a1,n,a2,1,…,a2,n,…,am,1,…,am,n)T∈Rmn,(aj,1,…,aj,n) J is 1, …, m in j-th data in the industrial field data requested to be accessed; n is the number of parameters in each piece of industrial field data, and m is the total number of data in the industrial field data requested to be accessed;
X1=(a1,1,…,a1,n,…,ai,1,…,ai,n)T∈Rin
X2=(ai+1,1,…,ai+1,n,…,am,1,…,am,n)T∈R(m-i)n
wherein m is(1)() The expression for this function is: m is(1)(x)=W2·σ(W1x+b1)+b2,m(2)() The expression for this function is: m is(2)(x)=W4·σ(W3x+b3)+b4
The expression of the function σ () is:
Figure FDA0003034991030000021
W1,W2,W3,W4,b1,b2,b3,b4the matrix is a preset matrix and is an intermediate parameter of the model;
wherein, W1∈Rin×inRepresents W1Is an in x in dimensional real matrix, W2∈R(m-i)n×inRepresents W2Is (m-i) n × in dimension real matrix, W3∈R(m-i)n×(m-i)nRepresents W3Is (m-i) n x (m-i) n dimensional real matrix, W4∈R(m-i)n×inRepresents W4Is (m-i) n x in dimension real matrix;
b1,b4∈Ribdenotes b1,b4Is an in-dimensional real vector; b2,b3∈R(m-i)nDenotes b2,b3Is (m-i) an n-dimensional real vector;
the client performs second transformation on the encrypted industrial field data according to a second deep neural network, and obtaining decrypted industrial field data includes:
the client side adopts the following formula to encrypt the received industrial field data
Figure FDA0003034991030000022
And
Figure FDA0003034991030000023
and carrying out a second transformation:
Figure FDA0003034991030000024
wherein,
Figure FDA0003034991030000025
is an intermediate output of the second deep neural network model;
the result Y output after the second transformation1And Y2And merging to obtain the decrypted industrial field data.
2. The method as claimed in claim 1, wherein i ═ m/2, [ m/2] denotes a maximum integer not exceeding m/2.
3. The method for remote access to industrial field data in an industrial internet as claimed in claim 1, further comprising:
acquiring a certain amount of industrial field data as sample data in advance;
training the sample data by adopting the first deep neural network to obtain the W1,W2,W3,W4And b1,b2,b3,b4The value of (c).
4. The method of claim 1, wherein W is a value of a threshold value of the remote access to the industrial field data in the industrial internet1,W2,W3,W4,b1,b2,b3,b4Obeying a standard gaussian distribution.
5. The method for remote access to industrial field data in an industrial internet as claimed in claim 1, wherein the industrial field data includes at least sensing data and operating data.
6. The method for remotely accessing industrial field data in the industrial internet as claimed in claim 1, wherein the intermediate server establishes a communication connection relationship with the client and the data server and forwards the access request to the data server, comprising:
when the intermediate server receives an access request sent by the client, verifying the access authority of a login user corresponding to the access request;
if the access authority of the login user corresponding to the access request passes the verification, the intermediate server responds to the access request and respectively establishes communication connection relations with the client and the data server;
the intermediate server forwards the access request to the data server.
7. The method for remotely accessing industrial field data in industrial internet as claimed in claim 6, wherein the access right of the login user includes but is not limited to: compliance of the user account and access rights of the user account to different data.
8. The method for remotely accessing industrial field data in the industrial internet as claimed in claim 1, wherein the intermediate server establishes a communication connection relationship with the client and the data server and forwards the access request to the data server, comprising:
step A1, the intermediate server calculates the signal-to-noise ratio (SINR) value of the client according to the self transmitting frequency; the SINR value is expressed as a ratio of signal to interference signal plus noise:
Figure FDA0003034991030000041
wherein σi1Expressed as SINR value, P, of the i1 th clientm1Expressed as the transmission frequency of the intermediate server, gi1Expressed as the corresponding path gain, ω, when the intermediate server transmits a signal to said i1 th clienti1The path gain coefficient is expressed as a path gain coefficient corresponding to the signal transmitted by the intermediate server to the i1 th client, and the value is [0.5, 0.8 ]]N denotes the total number of clients sending access requests to the intermediate server, gj1The path gain is expressed as the corresponding path gain when the intermediate server transmits a signal to the j1 th client, and ω is expressed as an error factor in the calculation process and takes the value of [0.05, 0.1%];pmIs the average transmit frequency of the intermediate server;
step a2, obtaining the user data of the client according to the SINR value of the client:
Figure FDA0003034991030000042
wherein L isi1Representing the user data of the i1 th client, wherein log is a logarithm calculation symbol, det is a preset calculation parameter, and the value range is [2,10 ]],QSExpressed as the current bandwidth, R, of the intermediate servermaxThe middle expressed as presetThe maximum number of client connections of the server;
step A3, inputting the user data of the client into a preset user database for retrieval, confirming whether matched target user data exists, and if yes, continuing to execute step A4; otherwise, sending a prompt of 'unable to connect to the server' to the client;
step A4, sending out double prompts of password authentication and face authentication to the client;
step A5, verifying whether the target password provided by the client is correct, comparing the current face image provided by the client with a preset face image of the client pre-recorded by an intermediate server, and when the current face image is confirmed to be the same as the preset face image and the target password is verified to be passed, confirming that the client identity information is verified to be passed and establishing the communication connection relation between the intermediate server and the client as well as between the intermediate server and a data server;
step A6, after the connection relationship is established, the intermediate server forwards the access request to the data server.
CN202011205017.2A 2020-11-02 2020-11-02 A remote access method for industrial field data in the industrial Internet Expired - Fee Related CN112507373B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011205017.2A CN112507373B (en) 2020-11-02 2020-11-02 A remote access method for industrial field data in the industrial Internet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011205017.2A CN112507373B (en) 2020-11-02 2020-11-02 A remote access method for industrial field data in the industrial Internet

Publications (2)

Publication Number Publication Date
CN112507373A CN112507373A (en) 2021-03-16
CN112507373B true CN112507373B (en) 2021-07-20

Family

ID=74954968

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011205017.2A Expired - Fee Related CN112507373B (en) 2020-11-02 2020-11-02 A remote access method for industrial field data in the industrial Internet

Country Status (1)

Country Link
CN (1) CN112507373B (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104023085A (en) * 2014-06-25 2014-09-03 武汉大学 Security cloud storage system based on increment synchronization
CN105939491A (en) * 2016-05-25 2016-09-14 乐视控股(北京)有限公司 Video playing method and device
RU2021129712A (en) * 2016-11-03 2021-11-10 Фраунхофер-Гезелльшафт Цур Фердерунг Дер Ангевандтен Форшунг Е.Ф. NETWORK DOWNLOAD / STREAMING PRINCIPLE
CN109600226B (en) * 2019-01-25 2020-05-05 中国人民解放军国防科技大学 TLS protocol session key recovery method based on random number implicit negotiation
CN111563262B (en) * 2020-04-15 2024-01-23 清华大学 Encryption method and system based on reversible deep neural network
CN111797431B (en) * 2020-07-07 2023-04-28 电子科技大学 A Method and System for Encrypted Data Anomaly Detection Based on Symmetric Key System

Also Published As

Publication number Publication date
CN112507373A (en) 2021-03-16

Similar Documents

Publication Publication Date Title
US8474025B2 (en) Methods and apparatus for credential validation
US20230039182A1 (en) Method, apparatus, computer device, storage medium, and program product for processing data
Premarathne et al. Hybrid cryptographic access control for cloud-based EHR systems
WO2021092980A1 (en) Longitudinal federated learning optimization method, apparatus and device, and storage medium
CN100477833C (en) Authentication method
WO2021092977A1 (en) Vertical federated learning optimization method, appartus, device and storage medium
CN112163896B (en) Federated learning system
US11431505B2 (en) Generating a legally binding object within a group-based communication system
US9356926B1 (en) Security system
CN117675858A (en) An information collection device based on the Internet of Things
CN117521151B (en) Block chain-based decentralization federation learning data sharing method
CN118921161A (en) Data security gateway method and system based on edge privacy calculation
US20240289783A1 (en) Systems and methods for verifying cryptographically secured communications between users using non-transferable tokens
CN1635738A (en) General Authentication and Authorization Service System and Method
US20210256421A1 (en) System and method for maintaining network integrity for incrementally training machine learning models at edge devices of a peer to peer network
CN112507373B (en) A remote access method for industrial field data in the industrial Internet
CN113297176B (en) Database access method based on Internet of things
CN119885267A (en) Data trusted computing framework based on alliance block chain
CN108769004A (en) A kind of industry internet smart machine remote operation safe verification method
CN113239401A (en) Big data analysis system and method based on power Internet of things and computer storage medium
CN103095650B (en) Cloud service identity authentication method suitable for thin client terminal
CN116170183A (en) Trusted access security protection method in edge computing environment
CN118364351B (en) Interactive data processing method and system based on blockchain network
US20250080327A1 (en) Method, computer program and system for collecting confidential data from several data providers, for joint analysis of said data
CN119834957B (en) Digital resource full life cycle management method and device based on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PP01 Preservation of patent right
PP01 Preservation of patent right

Effective date of registration: 20211124

Granted publication date: 20210720

PD01 Discharge of preservation of patent
PD01 Discharge of preservation of patent

Date of cancellation: 20241124

Granted publication date: 20210720

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210720