CN114268645B

CN114268645B - Industrial Internet trusted control method, device and system based on blockchain

Info

Publication number: CN114268645B
Application number: CN202111507029.5A
Authority: CN
Inventors: 谭林; 尹海波; 李旷; 陈昕; 杨征
Original assignee: Hunan Tianhe Guoyun Technology Co Ltd
Current assignee: Hunan Tianhe Guoyun Technology Co Ltd
Priority date: 2019-12-26
Filing date: 2019-12-26
Publication date: 2024-08-09
Anticipated expiration: 2039-12-26
Also published as: CN114268645A; CN111131229B; CN111131229A

Abstract

The invention discloses a block chain-based industrial Internet trusted control method, a block chain-based industrial Internet trusted control device and a block chain-based industrial Internet trusted control system, wherein the method comprises the following steps: defining and writing intelligent contract codes of an industrial control system; transmitting the intelligent contract to a blockchain network; setting device authority of a data security gateway and user account information allowing control and inquiry; the intelligent contract is used for triggering the industrial control system to control the industrial field device according to the flow and parameters defined by the intelligent contract code. The invention realizes the safety and credibility of the industrial Internet control system through the flow and parameter definition capability of the blockchain intelligent contract and the access control capability, solves the problem of safety and credibility of the current industrial Internet control system, realizes the industrial Internet control safety through a safe and credible mode, and can promote the industrial Internet to move from a chimney style to a more developed way.

Description

Industrial Internet trusted control method, device and system based on blockchain

Technical Field

The invention relates to the field of industrial control system safety, in particular to an industrial Internet trusted control method, device and system based on a blockchain.

Background

The industrial Internet is required to realize the wide interconnection and intercommunication of industrial upstream and downstream and across fields, break the information island and promote the integrated sharing. At present, an industrial Internet system is still in an industrial interconnection stage in an enterprise, and cannot realize the industrial Internet in a real sense. Information exchange and communication are realized between the manufacturing industry and peripheral industries depending on the traditional communication method, and manufacturing coordination cannot be realized. The existing industrial internet control system has the following defects:

Control system safety problem: at present, the main problem of the manufacturing system is that the industrial manufacturing control system is an enterprise core production system, has high requirements on safety level, and has potential safety hazard for accessing the industrial Internet; in addition, the security audit of the control system mainly depends on the security audit function of the control system, so that the control main body and source security audit and identification cannot be effectively realized, meanwhile, the adjustment of the control flow depends on the internal system, and if the control flow is accessed to the industrial Internet, the credibility of the flow cannot be ensured.

Control system network security problem: the existing system is built based on an internal local area network, cannot withstand the safety impact of an open industrial Internet, cannot ensure that a control system is effectively ensured in the aspects of reliability, safety and credibility through a traditional software interface between systems, and becomes a tripolite for preventing the development of the industrial Internet.

In view of the above problems, no effective solution has been proposed at present.

Disclosure of Invention

In view of the above, the present invention aims to provide a method, a device and a system for controlling industrial internet trusted based on blockchain, which can realize the safety and the credibility of the control flow of the industrial internet control system.

A first aspect of an embodiment of the present invention provides a blockchain-based industrial internet trusted control method, for use in a data security gateway, the method including:

defining and writing intelligent contract codes of an industrial control system;

Transmitting the intelligent contract to a blockchain network;

setting device authority of a data security gateway and user account information allowing control and inquiry;

The intelligent contract is used for triggering the industrial control system to control the industrial field device according to the flow and parameters defined by the intelligent contract code.

Further, after the step of sending the smart contract to the blockchain network, the method further includes:

Setting access authority, modification authority and adjustable parameters of the industrial field device, and allowing a range of values of the adjustable parameters;

Subscribing or querying an intelligent contract event log of a blockchain network, wherein the intelligent contract event log is used for triggering the industrial control system to control industrial field equipment according to a process and parameters defined by an intelligent contract after the contract state is changed after a certain time when detecting that the contract state of the intelligent contract event log is changed;

the intelligent contract event log is also used for triggering the early warning system to carry out early warning reminding after the key control command is detected.

A second aspect of an embodiment of the present invention provides a blockchain-based industrial internet trusted control method, for use in a blockchain network, the method including:

Receiving an intelligent contract code from a data security gateway, wherein the intelligent contract is used for triggering the industrial control system to control industrial field equipment according to a flow and parameters defined by the intelligent contract code;

initializing the device authority and the control state of the data security gateway.

Further, after the step of receiving the smart contract code from the data security gateway, the method further comprises:

Receiving operation request information of a user on an intelligent contract;

verifying the operation authority corresponding to the user operation request information, and when the verification is successful, modifying the intelligent contract by the blockchain network according to the user operation request information and updating the contract state of the intelligent contract log;

the operation request information includes one or more of modifying, cancelling or deferring the currently specified instruction to be validated.

A third aspect of an embodiment of the present invention provides a blockchain-based industrial internet trusted control device for use in a data security gateway, the device comprising:

the contract creation module is used for defining and writing intelligent contract codes of the industrial control system;

The sending module is used for sending the intelligent contract to a blockchain network;

The security gateway authority module is used for setting the equipment authority of the data security gateway and allowing the user account information to be controlled and inquired;

Further, the apparatus further comprises:

The device permission module is used for setting the access permission, the modification permission, the adjustable parameters and the allowable value range of the adjustable parameters of the industrial field device;

The operation change module is used for subscribing or inquiring an intelligent contract event log of the blockchain network, and the intelligent contract event log is used for triggering the industrial control system to control industrial field equipment according to a flow and parameters defined by an intelligent contract after the contract state is changed after a certain time when detecting that the contract state of the intelligent contract event log is changed;

A fourth aspect of an embodiment of the present invention provides a blockchain-based industrial internet trusted control device for use in a blockchain network, the device comprising:

The contract receiving module is used for receiving an intelligent contract code from the data security gateway, and the intelligent contract is used for triggering the industrial control system to control the industrial field device according to the flow and the parameters defined by the intelligent contract code;

and the initialization module is used for initializing the device authority and the control state of the data security gateway.

Further, the apparatus further comprises:

the request receiving module is used for receiving operation request information of a user on the intelligent contract;

The contract updating module is used for verifying the operation authority corresponding to the user operation request information, and when the user operation request information is verified successfully, the blockchain network modifies the intelligent contract according to the user operation request information and updates the contract state of the intelligent contract log;

the operation request information includes one or more of modifying a smart contract, canceling a current smart contract control instruction, or deferring a current smart contract control instruction.

A fifth aspect of an embodiment of the present invention provides a blockchain-based industrial internet trusted control system, the system comprising:

The system comprises a data security gateway, an industrial control system, a control system and a control system, wherein the data security gateway is connected with the industrial control system and is used for defining and writing an intelligent contract code of the industrial control system, setting equipment authority of the data security gateway and user account information allowing control and inquiry, and the intelligent contract is used for triggering the industrial control system to control industrial field equipment according to a flow and parameters defined by the intelligent contract code;

And the blockchain network is respectively connected with the user terminal and the data security gateway and is used for receiving the intelligent contract code from the data security gateway and initializing the equipment authority and the control state of the data security gateway.

A sixth aspect of the embodiments of the present invention provides a terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor performing the method steps of:

Transmitting the intelligent contract to a blockchain network;

In the embodiment of the invention, the data security gateway defines and compiles an intelligent contract code of an industrial control system, and sends the intelligent contract code to the blockchain network, the blockchain network initializes the equipment authority of the data security gateway and the user account information allowing control and inquiry, the security and credibility of the industrial Internet control system are realized through the flow, parameter definition capability, security audit capability and access control capability of the blockchain intelligent contract, the concern of the current industrial Internet control system on security and credibility is solved, the industrial Internet control security is realized through a security and credibility mode, and the industrial Internet can be promoted to move from a chimney style to a more developed way.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a schematic diagram of an implementation environment of an industrial Internet in accordance with various embodiments of the present invention;

FIG. 2 is a flow chart of a blockchain-based industrial Internet trusted control method provided by an embodiment of the present invention;

FIG. 3 is a flow chart of a blockchain-based industrial Internet trusted control method provided by another embodiment of the present invention;

FIG. 4 is a timing diagram illustrating a process for interaction with a user in a blockchain-based industrial Internet trusted control method in accordance with embodiments of the present invention;

FIG. 5 is a timing diagram of a blockchain-based industrial Internet trusted control method with respect to a cancel or deferred operation process provided by an embodiment of the present invention;

FIG. 6 is a schematic diagram of a block chain based industrial Internet trusted control device according to one embodiment of the present invention;

FIG. 7 is a schematic diagram of a block chain based industrial Internet trusted control device according to another embodiment of the present invention;

fig. 8 is a schematic diagram of a terminal device according to an embodiment of the present invention.

Detailed Description

In the following description, for purposes of explanation and not limitation, specific details are set forth such as the particular system architecture, techniques, etc., in order to provide a thorough understanding of the embodiments of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.

In order to illustrate the technical scheme of the invention, the following description is made by specific examples.

Referring to fig. 1, a schematic structural diagram of an implementation environment of an industrial internet according to various embodiments of the present invention is shown. The implementation environment comprises: user terminals 120, blockchain networks 140, data security gateways 160, and industrial field devices 180.

The user terminal 120 may be a cell phone, tablet computer, electronic book reader, portable computer, desktop computer, etc.

The industrial field devices 180 form an industrial control system, the industrial control system can control intelligent devices such as machine tools, robot arms and robots to perform industrial production, and the control system can ensure the normal and credible operation of the devices.

The blockchain network 140 is constructed by adopting a distributed point-to-point technology based on a database technology constructed by a distributed ledger wall technology, has the characteristics of non-falsification, safety and credibility, and the industrial Internet control system constructed by the blockchain technology can realize the defense of network attacks from a network level and effectively resist malicious attacks of external systems.

The blockchain network 140 performs data interaction with the user terminal 120, displays parameter states of various systems and devices in the industrial field, and controls intelligent devices connected with the industrial field device 180; the blockchain network 140 utilizes a virtualization technology to construct a plurality of distributed blockchain nodes, each blockchain node is connected with a cloud server database, and mutual verification is performed among all nodes by constructing a small world network, so that the credibility of each node is ensured. The block chain node generates a block through a consensus mechanism, verifies the block, adopts a block chain non-centralized storage mode for the verified data packet, encrypts and stores the data packet into the cloud server database, and realizes data sharing in a mode of executing intelligent contracts.

Wherein the smart contract is built with a control (control) as a basic element, which is a basic control unit of the industrial control system network, representing the control of the industrial field device 180 by the controller. A control process typically consists of a set of interrelated controls.

Specifically, control is a five-tuple C (p, e, C, r, tc), meaning that person p (person) issues an instruction to industrial field device 180 (equivalence), and if instruction C (command) is reached, result r (result) is generated. Wherein the values of instruction c and result r are boolean values. A value true indicates that the instruction has been completed (or the result has been completed), and a value false indicates that the instruction has not been completed (or the result has not been completed); and tc (time-constraints) indicates the validity period of the control, tc is true, and the control is valid.

Wherein there may be 5 different states within a control lifecycle.

Activation (one): both instruction c and result r are false, and the time does not exceed the validity period of the control. Indicating that control is active, waiting for completion of instruction c and completion of result r;

(two) ready: instruction c is true, the result r is false, the time does not exceed the validity period of control, which means that the control is effective and instruction c is achieved, and the completion of result r is waited;

(III) satisfy (satisfy): instruction c and result r are both true, indicating that instruction c has been reached, result r has been completed, and control has been performed;

(IV) expiration (expire): both instruction c and result r are false, and the time has exceeded the validity period of the control. Indicating that upon control failure, instruction c fails to achieve and result r fails to complete;

and fifthly, violating (violate) that the instruction c is true, but the result r is false, and the time exceeds the effective period of control. Indicating that when control fails, the control completion result r thereof is not fulfilled although instruction c has been achieved, and has been violated.

Wherein the control validity period is a binary group tc = (cact, cbas), and cact represents the completion time limit of the instruction c after the control enters the activation state; cbas shows the completion time limit for the result r after control enters the ready state. If these two constraints are met, tc is true; otherwise, tc is false.

One action may be expressed as action = actionname (executor, object, input, output), where: actionname is the name of the action, executor is the executor of the action, object is the action object of the action, input is the input parameter, output is the output parameter (act, exectuor is required, and object, input and output are optional). The value of an action is a boolean value, action= fasle indicates that the action is not completed, and action=true indicates that the action is completed. The default value for the action is false.

The industrial internet smart contract is a finite automaton SC defined over a set of controls: = (CC, a, S ₀, δ, F), where cc= { C ₁,C₂,...,C_n } is a limited set of controls;

A is the set of actions involved in these controls (including timeout actions, i.e. time out of control validity); s= { S ₀,s₁,s₂,...,s_m } is a finite set of states. The state si is determined by the states of all controls in the CC;

s0 is an initial state in which all controls in the CC are either in an active state (conditional control) or in a ready state (unconditional control);

S x A → S is that actions in the state transition function A cause the state promised in the CC to change, thereby causing the state of the smart contract to change;

F.epsilon.S is a finite set of termination states.

The data security gateway 160 is configured to connect to and collect data of at least one industrial field device 180, and transmit the collected data to the blockchain network 140 through the internet, and create a virtual machine in the data security gateway 160, and run a virtualized data encryption program in the virtual machine.

Each blockchain node manages N data security gateways 160, each data security gateway 160 being managed by M blockchain link points, where N is greater than or equal to 1 and M is greater than or equal to 2; when a certain block link point fails due to a fault, the rest block link points complete communication with the user terminal 120 and the data security gateway 160 at the same time; among the M blockchain nodes corresponding to one data security gateway 160, 1 blockchain node closest to the data security gateway is selected as a target blockchain node, and is responsible for communication between the data security gateway 160 and the user terminal 120, so as to improve communication efficiency.

The block chain node and the data security gateway 160 adopt an asymmetric encryption algorithm to generate a digital signature for data and encrypt the data; the digital signature is used for verifying the authenticity of the data and whether the data is tampered, and the data encryption enables the data to be received only by a determined receiver.

The asymmetric encryption algorithm consists of a private key and a public key, wherein when the public key is used for encryption, the corresponding private key is used for decryption, and when the private key is used for encryption, the corresponding public key is used for decryption;

the data encryption process is as follows: after the data is subjected to double SHA256 operation, a 32-bit unique hash value is generated, then a private key is used for encrypting the hash value to generate a digital signature, and the digital signature and the data are encrypted by using a public key of a receiver to obtain encrypted data.

The private key production process relies on the chip ID and encryption algorithm of the processor inside the data security gateway 160, ensuring the uniqueness and tamper-proof nature of the device private key. The private key is stored by the device and is not allowed to leave the storage means, and the public key is used as a blockchain to uniquely manage the identification of the device. The computer program accepts only the status that the blockchain has been acknowledged and controls the industrial field device 180.

The block chain nodes reach consensus through a consensus mechanism of workload certification, the block chain node which firstly completes workload certification operation obtains the right of generating a new block and becomes a master node of the consensus process, the rest block chain nodes are block chain slave nodes, the block chain slave nodes verify the block generated by the unified storage block chain master node, the consistency of data is ensured, and the block chain node which firstly completes workload certification operation next time becomes the new block chain master node;

The block chain master node broadcasts the generated new block to the block chain slave node, the block chain slave node verifies the new block and replies the verification result and the data signature to the block chain master node, the block chain master node collects the replying result, and if the block is approved by the block chain master node, the block chain master node rebroadcasts the new block and the verification result according to a few rules obeying majority, and the block chain slave node stores the new block.

The blockchain node executes the intelligent contract to realize the data sharing among the industrial field devices 180, the intelligent contract prescribes the condition of the data sharing, the condition is formulated by a data provider, the target blockchain node executes the intelligent contract, the data is encrypted according to the constraint condition output result and then is sent to a data security gateway 160, and the data security gateway 160 receives and decrypts the data to complete the corresponding task.

The invention realizes the security protection of the industrial Internet control system network and the control credible security of the industrial Internet control system based on the blockchain intelligent contract technology and the data security gateway 160 of the built-in blockchain intelligent contract Dapp.

The industrial Internet trusted control scheme provided by the implementation of the invention is described and illustrated in detail below by means of a few specific embodiments.

Referring to fig. 2, a first aspect of the embodiment of the present invention provides a blockchain-based industrial internet trusted control method for use in a data security gateway, where the method includes:

step S102, defining and writing intelligent contract codes of an industrial control system;

Step S104, the intelligent contract is sent to a blockchain network;

Step S106, setting the equipment authority of the data security gateway and allowing the user account information to be controlled and queried;

The intelligent combination is about the software code running on the block chain network 140 platform based on the distributed ledger technique, can be executed on the block chain, is complete in the turing machine, can keep state on the block chain and can execute business logic.

The invention adopts the blockchain intelligent contract technology to define the control flow, parameters, authority, security audit and log record of the industrial control system, and realizes a safe and credible remote control system on the basis. The intelligent contracts define the execution flow of the control system by code, and the control flow execution of the intelligent contracts is implemented by blockchain data security gateway 160. The control flow is defined by intelligent contract codes, the codes of the intelligent contracts can be issued to the blockchain after being audited and safely audited, and then the operations of all intelligent contracts can be operated or the control flow or parameters can be modified only by the authorization of the blockchain.

The system control parameters are also defined by the state of the smart contract, and modifications to the state of the smart contract are all recorded by the smart contract, ensuring that only authorized users within the smart contract have rights to modify the parameters.

The blockchain data security gateway 160 is an intelligent control unit based on a blockchain, belongs to a data security gateway 160 device with Dapp functions, acquires flow and state information of the equipment through interaction with the blockchain network 140, performs control work according to a program process of an intelligent contract, and belongs to a control unit controlled by the blockchain intelligent contract.

And subscribing or querying an intelligent contract event log of the blockchain network, wherein the intelligent contract event log is used for triggering the industrial control system to control industrial field equipment according to a process and parameters defined by an intelligent contract after the contract state is changed after a certain time when detecting that the contract state of the intelligent contract event log is changed.

The early warning system detects the intelligent contract event log, has early warning reminding for the key control command, and cancels or delays the control operation through the special cancellation or delay authority.

Specifically, the control unit workflow based on the smart contract is as follows:

a) Defining and writing a smart contract (Smart Contract) for the control system based on the specificity of the control system;

b) Design control system adjustable parameter (Params _i) and allowable value range Access rights (Permission _access), modification rights (Permission _mondify), revocation rights (Permission _cancel), deferred rights (Permission _delay), the rights being granted based on a combination of roles (Role _i) and user groups (UserGroup _i) and device groups (DeviceGroup _i); the rights include: the character can be arbitrarily combined with the partial authority list and is endowed to a specific user group; the user group can associate the equipment group to carry out resource allocation;

c) Issuing an intelligent contract (deployContract) in the blockchain network, initializing (initializing) and setting permission control (addControlPermission), inquiring account information (addAccessPermission ()), and setting data security gateway 160 device rights (addAllowedDevice (device, deviceGroup));

d) Installing the data security gateway 160 on site and accessing the blockchain network 140, wherein the data security gateway 160 begins to work according to the flow and parameters defined by the intelligent contract;

e) If the industrial control flow is hoped to be regulated, the intelligent contract parameters are modified through corresponding software and account private key, so that the aim of modifying the industrial control flow is fulfilled; modifying the record and ensuring the safety by using a blockchain and an intelligent contract;

f) The data security gateway 160 examines the intelligent contract state of the blockchain network 140 and implements the update of the local control logic to implement the control modification flow of the system by the blockchain.

The method of the invention is applied to the data security gateway of the industrial internet trusted control system based on the blockchain, and fig. 4 and 5 show the time sequence chart of the interaction process of the method and the user provided by the embodiment of the invention, and as can be known from the time sequence chart, the overall control flow of the embodiment of the invention under the implementation environment is as follows:

1) Defining industrial control logic and a control interface which allows exposure, abstracting into a control state and accessing the state, wherein the state is defined as Si, and the operation function of the state is F _read(S_i),F_write(S_i);

2) Designing access (read) authority RP _i, controlling (write) authority group WP _i, and defining access authority Ai for a control interface;

3) Customizing an intelligent contract strategy C, realizing contract function coding, and binding related user rights C (S _i,RP_i,WP_i,F_read(Si),F_write(S_i));

4) Deploying an intelligent contract duplicate (C) in a blockchain, initializing relevant authority configuration C.init (S _i,RP_i,WP_i), and setting a security gateway public key address C.initDevices (address _device,S_i);

5) Initializing an intelligent contract address addr of a security gateway, and initializing a control logic C.readParams () by the security gateway according to the intelligent contract to enter a blockchain control state;

6) If the external user has a control strategy to adjust (production plan adjustment, product parameter adjustment, etc.), executing parameter adjustment work C.writeParam (address _device,S_i) through an intelligent contract, and submitting a control request to a blockchain by the user as shown in FIG. 4;

7) Intelligent contract checking user operation rights OnlyWritePermission (address _sender,address_device), whether the execution action is allowed, whether the parameter range has adjustment authority allowedRange (address _sender,address_device, value), after all authority and parameter checks pass, the intelligent contract modifies the intelligent contract state, records the response log, and is shown in the verification process of the intelligent contract and the blockchain in fig. 4;

8) The data security gateway subscribes to/queries the intelligent contract log subscribeEvent (address _device), discovers the state change readControlStatus (address _sender), waits for a certain period of time (block stabilization time period), works readRunParams (address _sender) according to a new control instruction, reads the contract log flow and waits for block confirmation as shown in fig. 4, and finally performs control logic adjustment on the industrial field device to perform real-time security and credibility control.

The data security gateway 160 records the process through the blockchain log record, the control parameters and the authority are managed by the intelligent contract, the data security gateway ensures that the entities correspond, and the trusted control is realized by utilizing the non-tamperable capability of the blockchain. And the industrial control device reads the state, executes the state, and performs control feedback through a block chain to realize trusted recording. The user operation must be authorized by the contract and recorded in the contract, so that the trusted control of the user side is realized.

The control system has misoperation or attack discovery, and can emergently cancel/delay the current operation. The present invention provides for controlling the revocation procedure as shown in fig. 5. The revocation control flow of the control command under the implementation environment of the embodiment of the invention is as follows:

1) When the system detects that the abnormal control logic is submitted to the blockchain, and during the period that the data security gateway waits for confirmation, the revocation or deferral execution can be executed, so that the high security of the industrial control system is ensured. Defining the user control command as C _i, generating a blockchain event E _i, and alerting the security system by discovering E _i.

2) The security system alerts the blockchain to initiate a cancel/defer instruction to C _i, execute cancelAction (C _i) or defer execution by a special authority: hangUpAction (C _i);

3) Blockchain smart contracts perform rights verification on execution targets and sources and generate new events

4) Upon detection of an event by the data security gatewayThe execution of C _i is stopped and the data security gateway can continue to wait for other C _i commands while waiting for block acknowledgement;

5) Upon detection of an event by the data security gateway Execution of C _i is stopped and continued waitingAfter continuing to wait for the block confirmation, the control of the industrial control equipment is implemented.

Referring to fig. 3, a second aspect of the embodiment of the present invention provides a blockchain-based industrial internet trusted control method for use in a blockchain network, the method including:

step S202, receiving intelligent contract codes from a data security gateway;

step S204, initializing the device authority and the control state of the data security gateway.

Receiving operation request information of a user on an intelligent contract;

Referring to fig. 6, a third aspect of the embodiment of the present invention provides a blockchain-based industrial internet trusted control device 20 for use in a data security gateway 160, the device comprising:

A contract creation module 202 for defining and writing smart contract code for an industrial control system;

A sending module 204, configured to send the smart contract to a blockchain network;

a box authority module 206, configured to set device authorities of the data security gateway and user account information allowing control and inquiry;

Further, the apparatus further comprises:

Referring to fig. 7, a fourth aspect of an embodiment of the present invention provides a blockchain-based industrial internet trusted control device 30 for use in a blockchain network 140, the device comprising:

A contract receiving module 302, configured to receive an intelligent contract code from a data security gateway, where the intelligent contract is configured to trigger the industrial control system to control an industrial field device according to a procedure and parameters defined by the intelligent contract code;

an initialization module 304, configured to initialize device rights and control states of the data security gateway.

Further, the apparatus further comprises:

The data security gateway 160 is connected with the industrial control system, and is used for defining and writing intelligent contract codes of the industrial control system, setting device authority of the data security gateway and allowing control and inquiring user account information, wherein the intelligent contract is used for triggering the industrial control system to control industrial field devices according to the flow and parameters defined by the intelligent contract codes, and the industrial control system consists of a plurality of industrial field devices 180.

Blockchain network 140 is coupled to user terminal 120 and data security gateway 140, respectively, for receiving the smart contract code from data security gateway 160 and initializing the device rights and control states of data security gateway 160.

Fig. 7 is a schematic diagram of a terminal device according to an embodiment of the present invention. As shown in fig. 7, the terminal device 10 of this embodiment includes: a processor 100, a memory 101, and a computer program 102 stored in the memory 101 and executable on the processor 100, such as a program for performing a blockchain-based industrial internet trusted control method. The steps in the above-described method embodiments, e.g., the steps S102, S104, and S106 shown in fig. 1, are implemented when the processor 100 executes the computer program 102. Or the processor 100, when executing the computer program 102, performs the functions of the modules/units in the above-described device embodiments, such as the contract creation module 202, the sending module 204, and the security gateway rights module 206 shown in fig. 4.

Illustratively, the computer program 102 may be partitioned into one or more modules/units that are stored in the memory 101 and executed by the processor 100 to accomplish the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing the specified functions, which instruction segments are used to describe the execution of the computer program 102 in the terminal device 10. For example, the computer program 102 may be partitioned into a contract creation module 202, a send module 204, and a security gateway rights module 206 (modules in a virtual device), each of which functions specifically as follows:

The terminal device 10 may be a computing device such as a desktop computer, a notebook computer, a palm computer, a cloud server, etc. Terminal device 10 may include, but is not limited to, a processor 100, a memory 101. It will be appreciated by those skilled in the art that fig. 4 is merely an example of the terminal device 10 and is not meant to be limiting as to the terminal device 10, and may include more or fewer components than shown, or may combine certain components, or different components, e.g., the terminal device may also include input and output devices, network access devices, buses, etc.

The Processor 100 may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), off-the-shelf Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The memory 101 may be an internal storage unit of the terminal device 10, such as a hard disk or a memory of the terminal device 10. The memory 101 may also be an external storage device of the terminal device 10, such as a plug-in hard disk, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD) or the like, which are provided on the terminal device 10. Further, the memory 101 may also include both an internal storage unit and an external storage device of the terminal device 10. The memory 101 is used for storing the computer program as well as other programs and data required by the terminal device 10. The memory 101 may also be used to temporarily store data that has been output or is to be output.

It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, the specific names of the functional units and modules are only for distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.

In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other manners. For example, the apparatus/terminal device embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical function division, and there may be additional divisions in actual implementation, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or units, which may be in electrical, mechanical or other forms.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated modules/units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.

The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention, and are intended to be included in the scope of the present invention.

The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; while the invention has been described in detail with reference to the foregoing embodiments, it will be appreciated by those skilled in the art that variations may be made in the techniques described in the foregoing embodiments, or equivalents may be substituted for elements thereof; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention, and are intended to be included in the scope of the present invention.

Claims

1. The industrial Internet trusted control method based on the blockchain is characterized by comprising a data security gateway, an industrial control system, a user terminal and a blockchain network, wherein the data security gateway is connected with the industrial control system; the block chain network is respectively connected with the user terminal and the data security gateway; the data security gateway is internally provided with a blockchain intelligent contract Dapp which is used for defining and writing intelligent contract codes of an industrial control system and controlling according to the program process of the intelligent contract;

the method comprises the following steps:

Initializing the equipment authority and control state of the data security gateway;

Comprising the following steps:

defining industrial control logic and a control interface which allows exposure, and abstracting the industrial control logic and the control interface into a control state and access to the state;

Designing access rights, a control rights group and defining access rights for a control interface;

making an intelligent contract strategy, realizing contract function writing and binding related user rights;

Deploying intelligent contracts in a block chain network, initializing related authority configuration, and setting the public key address of the data security gateway;

Initializing the intelligent contract address of the data security gateway, initializing control logic by the data security gateway according to the intelligent contract, and entering a block chain network control state;

The intelligent contract checks the operation authority of the user, checks whether the execution action is allowed or not, checks whether the parameter range has the adjustment authority, and after all the authorities and the parameter check pass, the intelligent contract modifies the intelligent contract state and records the response log;

The data security gateway discovers state change by subscribing/querying the intelligent contract log, and works according to the new control instruction after waiting for a certain time.

2. The blockchain-based industrial internet trusted control method of claim 1, wherein after the step of receiving the smart contract code from the data security gateway, the method further comprises:

Receiving operation request information of a user on an intelligent contract;

3. The industrial Internet trusted control device based on the blockchain is characterized by being used in a blockchain network and comprising a data security gateway, an industrial control system, a user terminal and the blockchain network, wherein the data security gateway is connected with the industrial control system; the block chain network is respectively connected with the user terminal and the data security gateway;

The data security gateway is internally provided with a blockchain intelligent contract Dapp which is used for defining and writing intelligent contract codes of an industrial control system and controlling according to the program process of the intelligent contract;

The device comprises:

the contract receiving module is used for receiving an intelligent contract code from the data security gateway, and the intelligent contract is used for triggering the industrial control system to control the industrial field device according to the flow and the parameters defined by the intelligent contract code; the initialization module is used for initializing the equipment authority and the control state of the data security gateway, and concretely comprises the following steps:

4. The blockchain-based industrial internet trusted control device of claim 3, further comprising: