CN-121984745-A - Maintenance data storage method based on encryption technology

Abstract

The invention provides an overhaul data storage method based on an encryption technology, and relates to the technical field of industrial equipment overhaul data safety. The method comprises the steps of collecting overhaul data by a terminal device, constructing an original data packet, calculating an initial trust score of each transmission node, encrypting the original data packet, generating a digital signature, constructing a safety data unit, sequentially verifying and encrypting the transmission nodes to form an encrypted data chain, calculating a dynamic trust score after receiving the data by a server, verifying the integrity of the data, updating the trust score of the nodes, generating a unique full-link traceability tag for the verified data, storing the unique full-link traceability tag in a blockchain, triggering an alarm and generating a responsibility definition report if verification fails, and inquiring the full-link data by an authorized user through the traceability tag. The invention realizes the full-link credible tracing and tamper-proof protection of the overhaul data from generation to storage, and effectively solves the problem that the traditional post verification mechanism can not locate the tamper link and define responsibility.

Inventors

• XIAO RONG
• XIE MEIWEN
• WAN GANG
• CAO CHONGZI
• ZENG QIN
• LIU LAMEI
• LIU MIN
• Ao Bangjie
• GAO QIRUI
• PENG JIANG

Assignees

• 中国长江电力股份有限公司

Dates

Publication Date

20260505

Application Date

20260129

Claims (10)

1. 1. The overhauling data storage method based on the encryption technology is characterized by comprising the following steps of: Step1, the terminal equipment collects maintenance data of industrial equipment and constructs an original data packet, basic information of all transmission nodes in a current data transmission link is loaded, initial trust scores of all the transmission nodes are calculated, and the initial trust scores are stored in association with the original data packet; Step2, encrypting the original data packet to generate a digital signature and constructing a safety data unit; Step3, the terminal equipment sends the safety data unit to a first transmission node, and the first transmission node judges the safety data unit; sequentially carrying out encryption transmission on the security data units which are judged to be reasonable according to the priority of each transmission node in the data transmission link to form an encryption data link; Step4, after receiving the final safe data unit, the server calculates a dynamic trust score, verifies the data according to the dynamic trust score, and updates the initial trust score of each transmission node; step5, the server generates a unique full-link traceability tag for the verified data, and stores the traceability tag in a blockchain in an associated manner; step6, if the data verification fails, the server automatically triggers an alarm and generates a responsibility definition report; step7, the authorized user inquires maintenance data through the full-link traceability tag.
2. 2. The method for storing overhaul data based on encryption technology according to claim 1, wherein the Step1 specifically comprises the steps of: The method comprises the steps of 1.1, acquiring overhaul Data of industrial equipment by a terminal equipment through a manual input interface, binding the acquired overhaul Data according to a format of { equipment unique identification, overhaul timestamp, data type }, and forming an original Data packet Data 0 , wherein the equipment unique identification adopts a character string of combining equipment factory numbers with MAC addresses, and the Data types are distinguished through two-bit codes, wherein the two-bit codes comprise 01 for representing the equipment basic information, 02 for representing the fault detection Data, 03 for representing the maintenance operation record and 04 for representing the component replacement information; Step1.2, acquiring a transmission link topological graph, and loading basic information of all transmission nodes in a current data transmission link by terminal equipment through the transmission link topological graph, wherein the basic information comprises node IP addresses, hardware models, historical transmission success rates and historical tampering times; Step1.3, calculating an initial trust score of each transmission node, wherein the calculation formula is as follows: ; Wherein, T 0 represents the initial trust score of the transmission node, S represents the historical transmission success rate of the transmission node, F represents the historical tampering record times of each transmission node, N represents the total historical tampering record times of all transmission nodes, M represents the hardware model adaptation degree, and a, b and c are weight coefficients; Step1.4, establishing a relation mapping table of the original data packet and the initial trust score, wherein the structure of the relation mapping table comprises an original data packet ID, a transmission node IP, the initial trust score T 0 and a loading time stamp, and storing the relation mapping table into a local encryption cache area of the terminal equipment.
3. 3. The method for storing overhaul data based on encryption technology according to claim 1, wherein the Step2 specifically comprises the steps of: Step2.1, the terminal equipment adopts an encryption algorithm to encrypt the original Data packet Data 0 to generate encrypted Data 0 1 , wherein in the encryption process, a secret key is generated by a hardware encryption module of the terminal equipment, and an initial vector IV is randomly generated and stored in association with Data 0 1 ; The signature process comprises the steps of carrying out Hash operation on an original Data packet Data 0 to obtain a Hash value Hash 0 , encrypting the Hash value Hash 0 by using a private key of the terminal equipment, and generating a digital signature Sig 1 ; Step2.3, combining the encrypted Data 0 1 , the digital signature Sig 1 , and the initial trust score list [ T 01 ,T 02 ,…,T 0n ] of the next transmission node into a secure Data unit, denoted Unit 1 ={Data 0 1 ,Sig 1 ,[T 01 ,T 02 ,…,T 0n ],Time 1 };, where Time 1 generates a timestamp for the first secure Data unit, and T 0n is the nth transmission node included in the 0 th level in the Data transmission link.
4. 4. The method for storing overhaul data based on encryption technology according to claim 1, wherein the Step3 specifically comprises the steps of: Step3.1, the first transmission Node is marked as Node 1 , and after receiving a security data Unit 1 , the transmission Node 1 loads the environmental characteristics of terminal equipment through a Node basic information base, wherein the terminal equipment is marked as Node0; Step3.2, decrypt the digital signature Sig 1 using the public key of Node 0 to obtain the Hash value Hash 0 Decrypting the Data 0 1 in the Unit 1 to obtain the original Data packet Data 0 For Data 0 Hash operation is carried out to obtain Hash 0 And verifying the digital signature according to the calculated hash value.
5. 5. The method for storing service data based on encryption technology according to claim 4, wherein verifying the digital signature based on the calculated hash value comprises: if Hash 0 ≠Hash 0 Directly judging that signature verification fails; if Hash 0 =Hash 0 And (3) verifying the rationality of the environmental characteristics, respectively comparing the CPU utilization rate U, the content occupancy rate M and the network bandwidth fluctuation value B with preset thresholds, judging that the environmental characteristics and the digital signature are reasonably verified if U is not less than U th , M is not less than M th and B is not more than B th , and otherwise, judging that the verification is unreasonable.
6. 6. The method for storing overhaul data based on encryption technology according to claim 5, wherein the verifying the digital signature based on the calculated hash value includes: If the verification is reasonable, node 1 embeds the identifier ID 1 and the receiving Time stamp Time 1 of the Node 1 in Unit 1 , adopts an encryption algorithm to carry out secondary encryption on Data 0 1 in Unit 1 to generate secondary encrypted Data 0 2 , carries out Hash operation on Data 0 2 to obtain Hash 1 , uses the private key of Node 1 to generate a second digital signature Sig 2 on Data 0 2 , and updates Unit 1 into a safe Data Unit Unit 2 ={Data 0 2 ,[Sig 1 ,Sig 2 ],ID 1 ,Time 1 ,[T 11 ,T 12 ,…,T 1n ]}; to record the transmission state of Node 1 , wherein the transmission state comprises Time consumption of Data receiving, Transmitting the size of the data packet and the packet loss rate; If verification is unreasonable, extracting an initial trust score list [ T 11 ,T 12 ,…,T 1n ] carried in the Unit 1 , sorting from high score to low score, selecting a transmission node with the highest score as a next transmission node, recording path switching information comprising an original transmission node ID, a switching reason, a switching timestamp and a new transmission node ID, embedding the switching information into a path change field of a secure data Unit, transmitting the secure data Unit to the next transmission node for encryption until the secure data Unit is transmitted to a server, and forming an encrypted data chain.
7. 7. The method for storing overhaul data based on encryption technology according to claim 1, wherein the Step4 specifically comprises the steps of: Step4.1, the server receives the final secure Data Unit and records the final secure Data Unit as Unit k , k is the number of transmission nodes, all digital signatures [ Sig 1 ,Sig 2 ,…,Sig k ] are extracted from Unit k according to the transmission sequence, the corresponding digital signatures are decrypted by adopting the public keys of all transmission nodes in sequence to obtain a Hash value sequence [ Hash 0 ,Hash 1 ,…,Hash k-1 ], the encrypted Data in Unit k is decrypted step by step to obtain an original Data packet sequence [ Data 0 1 ,Data 0 2 ,…,Data 0 k ], and Hash operation is carried out on the original Data packet sequence to obtain [ Hash value sequence 0 ,Hash 1 ,...,Hash k-1 If Hashj is not equal to Hashj Judging that the corresponding transmission node has tampering behavior, wherein j is an integer from 0 to k-1; Step4.2, analyzing environmental characteristics of each transmission node on the encrypted data chain by the server, and calculating a dynamic trust score, wherein the dynamic trust score calculation dimension comprises environmental characteristic compliance, signature verification result, transmission time consumption and packet loss rate, and the calculation formula is as follows: ; wherein T d represents dynamic trust score, C is environment feature compliance, V is signature verification result, T Real world represents node actual transmission time, T Label (C) represents node standard transmission time, L is node packet loss rate, 、 、 、 Respectively corresponding weights of environment characteristic compliance, signature verification results, transmission time consumption and packet loss rate; Step4.3, updating an initial trust score by combining the dynamic trust scores of all transmission nodes in the data transmission process, wherein the updating formula is as follows: ; Wherein T new represents the updated trust score, T 0 is the initial trust score, and T d is the dynamic trust score; 、 the initial trust score and the dynamic trust score correspond to weights respectively.
8. 8. The method for storing overhaul data based on encryption technology according to claim 1, wherein the Step5 specifically comprises the steps of: Step5.1, the server generates a unique full-link traceability Tag through the verified Data, wherein the Tag is expressed by adopting a block chain block height, a Data unique ID and a character string format generated through a time stamp, wherein the block chain block height is the latest block height of a block chain during Data storage, the Data unique ID is n bits before a hash value of an original Data packet Data 0 , and n is smaller than or equal to the number of bits of the hash value of the original Data packet Data 0 ; Step5.2, establishing an associated storage structure, wherein the associated storage structure comprises a tracing label Tag, decrypted overhaul Data, an updated transmission path [ Node 1 ,Node 2 ,…Node k ], a Node trust score list [ T new1 ,T new2 ,…,T newk ] and a storage time stamp, and writing the associated storage structure into a blockchain.
9. 9. The method for storing overhaul data based on encryption technology according to claim 1, wherein Step6 comprises: If the data verification fails or the dynamic trust score T d is smaller than a threshold value, the system automatically triggers multi-level alarm, tamper link information is recorded, the tamper link information comprises a tamper node ID and a tamper occurrence time stamp, and a responsibility definition report is generated according to the recorded tamper link information, wherein the responsibility definition report comprises a tamper link positioning result, responsibility node information, a data damage range and a rectification proposal.
10. 10. The method for storing overhaul data based on encryption technology according to claim 1, wherein the Step7 specifically comprises the steps of: step7.1, an authorized user inputs a full-link traceability Tag through a blockchain query interface, and the system verifies the user authority; After the step7.2 and the permission verification pass, the system returns a query result, wherein the query result comprises an encryption signature list [ Sig 1 ,Sig 2 ,…,Sig k ] of each transmission node, each transmission node ID and a transmission time stamp of each transmission node, a signature verification result, an environment characteristic compliance state, path switching times, an original transmission node ID, a new transmission node ID, a switching reason and switching time of each switching, an initial trust score T 0 , a dynamic trust score T d and an updated trust score T new of each transmission node.

Description

Maintenance data storage method based on encryption technology Technical Field The invention relates to the technical field of industrial equipment overhaul data safety, in particular to an overhaul data storage method based on an encryption technology. Background In the overhaul process of industrial equipment, the overhaul data is stored and protected by adopting an encryption technology, so that the data can be ensured to have tamper-proof characteristics, and even if the data is transmitted in an unsafe network environment, the source and the authenticity of the content can be verified through cryptography, thereby laying a technical foundation for realizing the credible digital management of the overhaul process. However, existing repair data storage methods often rely on post-verification mechanisms, such as hash value verification of the data after it is uploaded to a central database, to determine whether the data has been tampered with. The method has obvious limitations in practical application, when verification finds that the data are inconsistent, specific links where tampering actions occur cannot be accurately identified, namely whether the specific links are forged when the terminal equipment is generated, tampered by intermediate persons in the wireless transmission process, or maliciously modified during the storage of the server cannot be distinguished, no matter which link is tampered, the tampering actions are expressed as the same verification failure result, so that operation and maintenance personnel are difficult to locate a responsible body, and all-link trusted tracing from data generation to storage cannot be realized. Therefore, an encryption storage scheme capable of providing continuous security protection in each link of data generation, transmission and storage is needed to solve the problem of defining responsibility caused by a post verification mechanism. Disclosure of Invention The invention aims to provide an overhaul data storage method based on an encryption technology so as to solve the problems in the prior art. In order to solve the technical problems, the invention adopts the following technical scheme: an overhaul data storage method based on encryption technology comprises the following steps: Step1, the terminal equipment collects maintenance data of industrial equipment and constructs an original data packet, basic information of all transmission nodes in a current data transmission link is loaded, initial trust scores of all the transmission nodes are calculated, and the initial trust scores are stored in association with the original data packet; Step2, encrypting the original data packet to generate a digital signature and constructing a safety data unit; Step3, the terminal equipment sends the safety data unit to a first transmission node, and the first transmission node judges the safety data unit; sequentially carrying out encryption transmission on the security data units which are judged to be reasonable according to the priority of each transmission node in the data transmission link to form an encryption data link; Step4, after receiving the final safe data unit, the server calculates a dynamic trust score, verifies the data according to the dynamic trust score, and updates the initial trust score of each transmission node; step5, the server generates a unique full-link traceability tag for the verified data, and stores the traceability tag in a blockchain in an associated manner; step6, if the data verification fails, the server automatically triggers an alarm and generates a responsibility definition report; step7, the authorized user inquires maintenance data through the full-link traceability tag. The Step1 specifically comprises the following steps: The method comprises the steps of 1.1, acquiring overhaul Data of industrial equipment by a terminal equipment through a manual input interface, binding the acquired overhaul Data according to a format of { equipment unique identification, overhaul timestamp, data type }, and forming an original Data packet Data 0, wherein the equipment unique identification adopts a character string of combining equipment factory numbers with MAC addresses, and the Data types are distinguished through two-bit codes, wherein the two-bit codes comprise 01 for representing the equipment basic information, 02 for representing the fault detection Data, 03 for representing the maintenance operation record and 04 for representing the component replacement information; Step1.2, acquiring a transmission link topological graph, and loading basic information of all transmission nodes in a current data transmission link by terminal equipment through the transmission link topological graph, wherein the basic information comprises node IP addresses, hardware models, historical transmission success rates and historical tampering times; Step1.3, calculating an initial trust score of each transmission node, wherein the calculation f