CN115203669A - Data management method and device, electronic equipment and computer readable storage medium - Google Patents

Data management method and device, electronic equipment and computer readable storage medium Download PDF

Info

Publication number
CN115203669A
CN115203669A CN202210928057.2A CN202210928057A CN115203669A CN 115203669 A CN115203669 A CN 115203669A CN 202210928057 A CN202210928057 A CN 202210928057A CN 115203669 A CN115203669 A CN 115203669A
Authority
CN
China
Prior art keywords
data
layer
working data
working
execution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210928057.2A
Other languages
Chinese (zh)
Inventor
张尼
韩庆敏
卢凯
张凯欣
朱广宇
吴云峰
柴处处
黄兵
张久发
雷坤鹏
郝娇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
6th Research Institute of China Electronics Corp
Original Assignee
6th Research Institute of China Electronics Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 6th Research Institute of China Electronics Corp filed Critical 6th Research Institute of China Electronics Corp
Priority to CN202210928057.2A priority Critical patent/CN115203669A/en
Publication of CN115203669A publication Critical patent/CN115203669A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/04Manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Marketing (AREA)
  • Bioethics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Manufacturing & Machinery (AREA)
  • Human Resources & Organizations (AREA)
  • Primary Health Care (AREA)
  • Tourism & Hospitality (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application provides a data management method, a data management device, electronic equipment and a computer readable storage medium, and belongs to the technical field of computers. A data management method, comprising: acquiring working data generated when hardware equipment works; performing identity authentication on the hardware equipment, and marking the working data corresponding to the hardware equipment by using the identity information of the hardware equipment after the hardware equipment passes the authentication; and encrypting and storing the marked working data. The corresponding working data is marked by using the identity information of the hardware equipment, so that the data can be traced according to the mark. Meanwhile, before the corresponding working data of the hardware equipment is marked by using the identity information of the hardware equipment, the identity authentication is carried out on the hardware equipment, so that the condition that the working data of the hardware equipment is marked by using the identity information of other hardware equipment can be prevented, and the marking accuracy is improved.

Description

Data management method and device, electronic equipment and computer readable storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a data management method and apparatus, an electronic device, and a computer-readable storage medium.
Background
The network collaborative manufacturing is a new production mode, and all links on a manufacturing industry value chain are more closely connected and efficiently cooperated through the internet technology, so that resources are utilized most fully. In the network collaborative manufacturing process, working data sensed in real time by terminal equipment in a production scene needs to be uploaded to a cloud server to manage resources of the terminal, and equipment data flow covers multiple links such as data sensing, data access and data transmission.
However, in the existing network collaborative manufacturing process, the data volume of the working data stored in the cloud side server is extremely large, so that it is difficult to accurately trace the source of the data therein.
Disclosure of Invention
The application provides a data management method, a data management device, electronic equipment and a computer-readable storage medium, which are used for solving the problem that accurate tracing of real-time sensing data of terminal side equipment stored to a cloud side server is difficult to perform in the existing network collaborative manufacturing process.
In a first aspect, the present application provides a data management method, including: acquiring working data generated when hardware equipment works; performing identity authentication on the hardware equipment, and marking working data corresponding to the hardware equipment by using the identity information of the hardware equipment after the hardware equipment passes the authentication; and encrypting and storing the marked working data.
In the embodiment of the application, the corresponding working data is marked by using the identity information of the hardware equipment, so that the marking of the working data which can be marked subsequently can trace the source of the working data. Meanwhile, before the corresponding working data of the hardware equipment is marked by using the identity information of the hardware equipment, the identity authentication is carried out on the hardware equipment, so that the condition that the working data of the hardware equipment is marked by using the identity information of other hardware equipment can be prevented, and the marking accuracy is improved.
With reference to the technical solution provided by the first aspect, in some possible implementations, if the number of the hardware devices is multiple, the encrypting and storing the marked working data includes: classifying the marked working data to obtain various classification data, wherein one classification data corresponds to one mark; for each classified data, encrypting the classified data according to a preset encryption algorithm corresponding to the classified data; and storing each classified data after encryption.
In the embodiment of the application, the marked working data are classified, and for each classified data, the classified data are encrypted according to the preset encryption algorithm corresponding to the classified data, that is, the encryption algorithms corresponding to different classified data can be different. Even if one encryption algorithm leaks, classified data encrypted by other encryption algorithms does not have the risk of data leakage, and therefore the safety of stored data is improved.
With reference to the technical solution provided by the first aspect, in some possible implementations, the encrypting and storing marked working data is applied to an electronic device with a deployment control layer, an execution layer, and an enterprise layer, and includes: the control layer encrypts the marked working data to obtain first working data and transmits the first working data to the execution layer; the execution layer carries out integrity verification on the first working data sent by the control layer and identity authentication on the control layer, after the integrity verification and the identity authentication pass, the first working data is marked by using the identity information of the control layer, and the second working data is obtained and sent to the enterprise layer; and the enterprise layer carries out integrity verification on the second working data sent by the execution layer and identity authentication on the execution layer, and after the integrity verification and the identity authentication pass, the enterprise layer marks the second working data by using the identity information of the execution layer to obtain third working data and stores the third working data.
In the embodiment of the application, the working data can be marked by the identity information of the hardware device, the identity information of the control layer and the identity information of the execution layer in sequence in the process of being transmitted from the control layer to the enterprise layer, so that the transmission path of the finally stored working data can be accurately known when the source of the working data is traced.
With reference to the technical solution provided by the first aspect, in some possible implementations, the encrypting and storing marked work data is applied to an electronic device with a control layer, an execution layer, and an enterprise layer, and includes: the control layer encrypts first working data and transmits the first working data to the execution layer, wherein the first working data are marked working data; the execution layer carries out integrity verification on the encrypted first working data sent by the control layer and identity authentication on the control layer, decrypts the encrypted first working data after the integrity verification and the identity authentication pass, marks the first working data by using the identity information of the control layer to obtain second working data, encrypts the second working data and transmits the second working data to the enterprise layer; and the enterprise layer carries out integrity verification on the encrypted second working data sent by the execution layer and identity authentication on the execution layer, decrypts the encrypted second working data after the integrity verification and the identity authentication pass, marks the second working data by using the identity information of the execution layer to obtain third working data, and encrypts and stores the third working data.
In the embodiment of the application, the execution layer decrypts the data received by the execution layer, and encrypts the decrypted data again after marking the decrypted data, so that the safety of the data transmitted to the enterprise layer by the execution layer is ensured. Meanwhile, the enterprise layer can decrypt the data received by the enterprise layer and re-encrypt the decrypted data after marking, so that the stored data are ensured to be in an encryption protection state, and the security of the stored data is improved.
With reference to the technical solution provided by the first aspect, in some possible implementations, the control layer is configured to control hardware devices on a same production line, the execution layer is configured to manage all control layers in a same production workshop, and the enterprise layer is configured to manage all execution layers.
With reference to the technical solution provided by the first aspect, in some possible implementations, the method further includes: acquiring first flow data between the hardware equipment and the control layer, and judging whether the first flow data meets a first preset condition; if the first flow data does not meet the first preset condition, sending a flow abnormity alarm; and/or acquiring second flow data between the control layer and the execution layer, and judging whether the second flow data meets a second preset condition; if the second flow data does not meet the second preset condition, sending a flow abnormity alarm; and/or acquiring third flow data between the execution layer and the enterprise layer, and judging whether the third flow data meets a third preset condition; and if the third flow data does not meet the third preset condition, sending a flow abnormity alarm.
In the embodiment of the application, the flow detection between the hardware device and the control layer is realized by acquiring the first flow data between the hardware device and the control layer and verifying the first flow data based on the first preset condition, so that the data transmission safety between the hardware device and the control layer is improved. Similarly, the second flow data between the control layer and the execution layer is acquired, the second flow data is verified based on the second preset condition, the third flow data between the execution layer and the enterprise layer is acquired, and the third flow data is verified based on the third preset condition, so that the data transmission safety between the control layer and the execution layer can be improved, and the data transmission safety between the execution layer and the enterprise layer is improved.
In a second aspect, the present application provides a data management apparatus, including a management layer, where the management layer is configured to obtain work data generated by a hardware device during work; performing identity authentication on the hardware equipment, and marking working data corresponding to the hardware equipment by using the identity information of the hardware equipment after the hardware equipment passes the authentication; and encrypting and storing the marked working data.
In combination with the technical solution provided by the second aspect, in some possible embodiments, the management layer includes: a control layer, an execution layer and an enterprise layer; the control layer is used for encrypting the marked working data and transmitting the working data to the execution layer; the execution layer is used for carrying out integrity verification on the first working data sent by the control layer and carrying out identity authentication on the control layer, after the integrity verification and the identity authentication pass, the first working data is marked by using the identity information of the control layer, second working data is obtained, and the second working data is sent to the enterprise layer; and the enterprise layer is used for carrying out integrity verification on the second working data sent by the execution layer and carrying out identity authentication on the execution layer, marking the second working data by using the identity information of the execution layer after the integrity verification and the identity authentication pass to obtain third working data, and storing the third working data.
With reference to the technical solution provided by the second aspect, in some possible implementations, if the number of the hardware devices is multiple, the enterprise layer is specifically configured to classify the marked working data to obtain multiple classification data, where one classification data corresponds to one mark; for each classified data, encrypting the classified data according to a preset encryption algorithm corresponding to the classified data; and storing each classified data after encryption.
With reference to the technical solution provided by the second aspect, in some possible embodiments, the data management apparatus further includes: a flow probe and a flow detection unit. The flow probe is used for acquiring first flow data between the hardware equipment and the control layer; the flow detection unit is used for judging whether the first flow data meets a first preset condition or not; if the first flow data does not meet the first preset condition, sending a flow abnormity alarm; and/or the flow probe is used for acquiring second flow data between the control layer and the execution layer; the flow detection unit is used for judging whether the second flow data meets a second preset condition or not; if the second flow data does not meet the second preset condition, sending a flow abnormity alarm; and/or the flow probe is used for acquiring third flow data between the execution layer and the enterprise layer; the flow detection unit is used for judging whether the third flow data meets a third preset condition or not; and if the third flow data does not meet the third preset condition, sending a flow abnormity alarm.
In a third aspect, an embodiment of the present application further provides an electronic device, including: a memory and a processor, the memory and the processor connected; the memory is used for storing programs; the processor is configured to invoke a program stored in the memory to perform the method as provided in the foregoing first aspect embodiment and/or in conjunction with any one of the possible implementations of the foregoing first aspect embodiment.
In a fourth aspect, embodiments of the present application further provide a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a computer, and the computer program performs the method as described in the foregoing first aspect embodiment and/or as provided in connection with any one of the possible implementation manners of the foregoing first aspect embodiment.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic flowchart illustrating a data management method according to an embodiment of the present application;
fig. 2 is a schematic block diagram illustrating connection between an electronic device and a hardware device and a cloud server according to an embodiment of the present application;
fig. 3 is a schematic block diagram illustrating a connection between another electronic device and a hardware device and a cloud server according to an embodiment of the present application;
fig. 4 is a block diagram illustrating a data management apparatus according to an embodiment of the present application;
fig. 5 is a block diagram illustrating a structure of a data management system according to an embodiment of the present application;
fig. 6 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The terms "first," "second," "third," and the like are used for descriptive purposes only and not for purposes of indicating or implying relative importance, and do not denote any order or order.
The technical solution of the present application will be described in detail below with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a schematic flow chart of a data management method according to an embodiment of the present application, and steps included in the method will be described with reference to fig. 1.
S100: and acquiring working data generated when the hardware equipment works.
The hardware device may be any type of device, for example, a numerical control machine tool, a printer, and the like, and the specific type of the hardware device may be set according to actual requirements, and the specific type is not limited herein.
The specific type of the working data may be determined according to the type of the hardware device, for example, when the hardware device is a numerical control machine, the working data may include data such as working parameters and log information of the numerical control machine, and the specific type of the working data may be set according to actual requirements, and is not limited herein.
S200: and performing identity authentication on the hardware equipment, and marking the working data corresponding to the hardware equipment by using the identity information of the hardware equipment after the hardware equipment passes the authentication.
The specific implementation manner and principle of identity authentication for hardware devices are well known to those skilled in the art, and are not described herein again for brevity.
The identity information of the hardware device may include information such as a device number, a device model, and a device function of the hardware device, as long as one hardware device can be uniquely characterized, and the identity information of the hardware device is not limited herein.
Before the corresponding working data of the hardware equipment is marked by using the identity information of the hardware equipment, the accuracy of the identity information of the hardware equipment can be ensured by authenticating the identity of the hardware equipment, the condition that the working data of the hardware equipment is marked by the identity information of other hardware equipment is prevented, and the marking accuracy is improved.
S300: and encrypting and storing the marked working data.
The marked working data can be encrypted and then stored locally; alternatively, after the marked working data is encrypted, the encrypted working data may be stored in another device, for example, the encrypted working data is uploaded to a cloud server for storage, or the encrypted working data is stored in a distributed database.
The specific encryption mode for encrypting the marked working data may be selected according to actual requirements, and the specific encryption mode is not limited herein.
For example, the marked working data may be encrypted based on SM series domestic cryptographic algorithm and white-box encryption technology. Because the SM series domestic cryptographic algorithm is suitable for data encryption and integrity verification technologies with different data structures and different data lengths, the usability, the integrity and the effectiveness of a data transmission process in a network collaborative manufacturing process can be guaranteed.
The white-box encryption technology can confuse the key with the encryption and decryption algorithm, so that the key and the encryption program cannot be distinguished, and the original key information cannot be acquired, thereby preventing an attacker from acquiring key data by means of reading a device memory and the like. Therefore, the white-box encryption technology can protect the security of the device key, and further realize the effects of device authentication and data encryption.
In one embodiment, the data management method is applied to an electronic device with a control layer, an execution layer, and an enterprise layer, and at this time, the specific process of encrypting and storing the marked work data may have the following two embodiments.
In a first embodiment, the specific process of encrypting and storing the marked working data may be: firstly, the control layer encrypts the marked working data to obtain first working data and transmits the first working data to the execution layer. And then, the execution layer carries out integrity verification on the first working data sent by the control layer and identity authentication on the control layer, after the integrity verification and the identity authentication pass, the first working data is marked by using the identity information of the control layer to obtain second working data, and the second working data is sent to the enterprise layer. And finally, the enterprise layer carries out integrity verification on the second working data sent by the execution layer and identity authentication on the execution layer, after the integrity verification and the identity authentication pass, the second working data is marked by using the identity information of the execution layer to obtain third working data, and the third working data is stored.
In the process of transmitting the working data from the control layer to the enterprise layer, the working data is sequentially marked by the identity information of the hardware equipment, the identity information of the control layer and the identity information of the execution layer, so that the transmission path of the finally stored working data can be accurately known when the source of the working data is traced.
In a second embodiment, the specific process of encrypting and storing the marked working data may be:
firstly, the control layer encrypts first working data and transmits the first working data to the execution layer, wherein the first working data are marked working data. And then, the execution layer carries out integrity verification on the encrypted first working data sent by the control layer and identity authentication on the control layer, decrypts the encrypted first working data after the integrity verification and the identity authentication pass, marks the first working data by using the identity information of the control layer to obtain second working data, encrypts the second working data and transmits the second working data to the enterprise layer. And finally, the enterprise layer performs integrity verification on the encrypted second working data sent by the execution layer, performs identity authentication on the execution layer, decrypts the encrypted second working data after the integrity verification and the identity authentication pass, marks the second working data by using the identity information of the execution layer to obtain third working data, and encrypts and stores the third working data.
The execution layer decrypts the data received by the execution layer, and encrypts the decrypted data again after marking the decrypted data, so that the safety of the data transmitted to the enterprise layer by the execution layer is ensured. Meanwhile, the enterprise layer can decrypt the received data and encrypt the decrypted data again after marking, so that the stored data are ensured to be in an encryption protection state, and the security of the stored data is improved.
The control layer, the execution layer, and the enterprise layer may encrypt data in the same or different ways, and the specific way of encrypting the data is not limited here.
It is understood that the control layer may also be used to perform S100 and S200 described above.
The control layer is used for automatically controlling the hardware devices and collecting data of the hardware devices controlled by the control layer, for example, the control layer may only control one hardware device, or the control layer may also control the hardware devices on the same production line. The Control layer may be a Distributed Control System (DCS), a Fieldbus Control System (FCS), a Programmable Logic Controller (PLC), a Supervisory Control And Data Acquisition (SCADA), or the like.
The executive layer is used to manage and schedule the production of the plant, i.e., manage all control layers within the same production plant. The Execution layer can be an MES (Manufacturing Execution management System) System and the like, and information provided by the MES System is helpful for manufacturers to know the production state of production workshops and equipment stations anytime and anywhere so as to improve the yield.
The enterprise layer is used for managing all execution layers, and meanwhile, the enterprise layer can also be used for integrating resources among enterprises with cooperation relation in network cooperative manufacturing so as to deliver products to customers more quickly, more efficiently and more qualitatively. The Enterprise layer may be an Enterprise Resource Planning (ERP), a Product Lifecycle Management (PLM) system, a Customer Management (CRM) system, a Supply Chain Management (SCM) system, and the like.
A specific connection diagram of the hardware device, the control layer, the execution layer, the enterprise layer, and the cloud server is shown in fig. 2. It is understood that in one embodiment, the electronic device for executing the data management method may not include a control layer, an execution layer, and an enterprise layer.
In one embodiment, when the marked working data is encrypted and then stored in other devices, the other devices can also perform identity authentication on the enterprise layer, and after the identity authentication is passed, the marked working data is marked again by using the identity information of the enterprise layer.
After the enterprise layer encrypts the marked working data, the encrypted working data are uploaded to the cloud server to be stored, the cloud server performs integrity check on the third working data sent by the enterprise layer after receiving the third working data sent by the enterprise layer, performs identity authentication on the enterprise layer, and after the integrity check and the identity authentication pass, marks the third working data by using the identity information of the enterprise layer and stores the marked third working data.
Or after the cloud server receives the third working data sent by the enterprise layer, the cloud server performs integrity verification on the encrypted third working data sent by the enterprise layer and performs identity authentication on the enterprise layer, decrypts the encrypted third working data after the integrity verification and the identity authentication pass, marks the third working data by using the identity information of the enterprise layer to obtain fourth working data, and encrypts and stores the fourth working data.
In one embodiment, if there are a plurality of hardware devices, in order to improve the security of the stored data, the specific process of encrypting and storing the marked working data may be: firstly, classifying marked working data to obtain various classification data, wherein one classification data corresponds to one mark; then, aiming at each classified data, encrypting the classified data according to a preset encryption algorithm corresponding to the classified data; and finally storing each encrypted classified data.
For example, when classifying the marked working data, the working data corresponding to the same hardware device may be classified into one classification data; alternatively, the operation data corresponding to each of a plurality of hardware devices having the same function may be classified into one classification data.
When the data management method is applied to electronic equipment with a control layer, an execution layer and an enterprise layer, because three marks of identity information of hardware equipment, identity information of the control layer and identity information of the execution layer exist in the finally stored working data, at the moment, when the marked working data are classified, all the working data with the identity information marks of the same control layer can be classified into one classified data; or classifying all the working data with the identity information mark of the same execution layer into one classification data.
After the marked working data is encrypted in the enterprise layer, when the encrypted working data is stored in other equipment, the other equipment can classify the working data according to the marks in the marked working data to obtain a plurality of classified data; then, for each classified data, encrypting the classified data according to a preset encryption algorithm corresponding to the classified data; and finally storing each encrypted classified data.
For example, after the enterprise layer encrypts the marked working data, the encrypted working data is uploaded to a cloud server for storage.
If the cloud server does not perform identity authentication on the enterprise layer, at this time, three marks of the identity information of the hardware device, the identity information of the control layer and the identity information of the execution layer may exist in the working data finally stored in the cloud server. At this time, when classifying the marked working data, all the working data marked by the identity information of the same hardware equipment can be classified into one classification data; or all the working data marked by the identity information with the same control layer are classified into one classification data; or classifying all the working data with the identity information mark of the same execution layer into one classification data.
If the cloud server performs identity authentication on the enterprise layer, and after the identity authentication is passed, the marked working data is marked again by using the identity information of the enterprise layer, at this time, four marks of the identity information of the hardware equipment, the identity information of the control layer, the identity information of the execution layer and the identity information of the enterprise layer exist in the working data finally stored in the cloud server, and at this time, when the marked working data is classified, all the working data marked with the identity information of the same enterprise layer can be classified into classified data.
It can be understood that, when the classified data is encrypted, different encrypted data can be selected for encryption according to the security level requirements of different classified data. And the classified data with higher security level requirements is encrypted by adopting an encryption algorithm with higher security performance. Wherein, the security level requirements of different classified data can be preset.
In one embodiment, in order to improve the security of data transmission between a control layer, an execution layer and an enterprise layer, first traffic data between a hardware device and the control layer may also be acquired, and whether the first traffic data meets a first preset condition is determined; and if the first flow data does not meet the first preset condition, sending a flow abnormity alarm. And/or acquiring second flow data between the control layer and the execution layer, and judging whether the second flow data meets a second preset condition; and if the second flow data does not meet the second preset condition, sending a flow abnormity alarm. And/or acquiring third flow data between the execution layer and the enterprise layer, and judging whether the third flow data meets a third preset condition; and if the third flow data does not meet the third preset condition, sending a flow abnormity alarm.
The flow detection between the hardware equipment and the control layer is realized by acquiring the first flow data between the hardware equipment and the control layer and verifying the first flow data based on the first preset condition, and the data transmission safety between the hardware equipment and the control layer is improved. Similarly, the second flow data between the control layer and the execution layer is acquired, the second flow data is verified based on the second preset condition, the third flow data between the execution layer and the enterprise layer is acquired, and the third flow data is verified based on the third preset condition, so that the data transmission safety between the control layer and the execution layer can be improved, and the data transmission safety between the execution layer and the enterprise layer is improved.
After the marked working data is encrypted by the enterprise layer and the encrypted working data is stored in other equipment, fourth flow data between the enterprise layer and other equipment can be obtained, and whether the fourth flow data meets a fourth preset condition or not is judged; and if the fourth flow data does not meet the fourth preset condition, sending a flow abnormity alarm.
Wherein the first traffic data comprises at least one of an aggregate traffic, a maximum rate, an average rate, a maximum utilization, and an average utilization between the hardware device and the control layer. Accordingly, the first preset condition may be that the total flow in the first flow data is within a preset total flow range, and/or the maximum rate in the first flow data is within a preset maximum rate range, and/or the average rate in the first flow data is within a preset average rate range, and/or the maximum utilization in the first flow data is within a preset maximum utilization range, and/or the average utilization in the first flow data is within a preset average utilization range.
It can be understood that the implementation manners of the second traffic data, the third traffic data, and the fourth traffic data are the same as the implementation manner of the first traffic data, and the implementation manners of the second preset condition, the third preset condition, and the fourth preset condition are the same as the implementation manner of the first preset condition, and are not repeated here for brief description.
At this time, the first flow data may be acquired by deploying the flow probe between the hardware device and the control layer, and similarly, the second flow data may be acquired by deploying the flow probe between the control layer and the execution layer, and the third flow data may be acquired by deploying the flow probe between the execution layer and the enterprise layer. For ease of understanding, the particular deployment of the flow probe is shown in fig. 3.
Correspondingly, a flow detection unit can be further arranged to judge whether the first flow data meets the first preset condition; and if the first flow data does not meet the first preset condition, sending a flow abnormity alarm. And/or judging whether the second flow data meets a second preset condition; and if the second flow data does not meet the second preset condition, sending a flow abnormity alarm. And/or judging whether the third flow data meets a third preset condition; and if the third flow data does not meet the third preset condition, sending a flow abnormal alarm. And/or judging whether the fourth flow data meets a fourth preset condition; and if the fourth flow data does not meet the fourth preset condition, sending a flow abnormity alarm.
The flow probe is deployed independently to collect flow data, so that the data calculation amount of a control layer, an execution layer and an enterprise layer can be reduced, and the data throughput of the control layer, the execution layer and the enterprise layer is improved. Meanwhile, the flow data is transmitted through the flow probe, and network broadband of a control layer, an execution layer and an enterprise layer can be not occupied.
Referring to fig. 4, fig. 4 is a block diagram illustrating a structure of a data management device 110 according to an embodiment of the present disclosure, where the data management device 110 includes a management layer.
The management layer is used for acquiring working data generated when the hardware equipment works; performing identity authentication on the hardware equipment, and marking the working data corresponding to the hardware equipment by using the identity information of the hardware equipment after the hardware equipment passes the authentication; and encrypting and storing the marked working data.
The enterprise layer is specifically used for classifying the working data according to the marks in the marked working data to obtain a plurality of classified data, wherein the same classified data comprises the same type of data; for each classified data, encrypting the classified data according to a preset encryption algorithm corresponding to the classified data; and storing each encrypted classified data.
The management layer comprises a control layer, an execution layer and an enterprise layer; the control layer is used for encrypting first working data and transmitting the first working data to the execution layer, wherein the first working data is marked working data; the execution layer is used for carrying out integrity verification on the encrypted first working data sent by the control layer and carrying out identity authentication on the control layer, after the integrity verification and the identity authentication pass, the encrypted first working data is marked by using the identity information of the control layer to obtain second working data, and the second working data is sent to the enterprise layer; and the enterprise layer is used for carrying out integrity verification on the second working data sent by the execution layer and carrying out identity authentication on the execution layer, marking the second working data by using the identity information of the execution layer after the integrity verification and the identity authentication pass to obtain third working data, and storing the third working data.
The data management device further comprises a flow probe and a flow detection unit, wherein the flow probe is used for acquiring first flow data between the hardware equipment and the control layer; the flow detection unit is used for judging whether the first flow data meets a first preset condition or not; if the first flow data does not meet the first preset condition, sending a flow abnormity alarm; and/or the flow probe is used for acquiring second flow data between the control layer and the execution layer; the flow detection unit is used for judging whether the second flow data meets a second preset condition or not; if the second flow data does not meet the second preset condition, sending a flow abnormity alarm; and/or the flow probe is used for acquiring third flow data between the execution layer and the enterprise layer; the flow detection unit is used for judging whether the third flow data meets a third preset condition or not; and if the third flow data does not meet the third preset condition, sending a flow abnormity alarm.
The data management apparatus 100 according to the embodiment of the present application has the same implementation principle and technical effect as those of the foregoing data management method embodiment, and for the sake of brief description, reference may be made to the corresponding contents in the foregoing data management method embodiment for the part of the apparatus embodiment that is not mentioned.
Referring to fig. 5, fig. 5 is a block diagram illustrating a structure of a data management system 10 according to an embodiment of the present application, where the data management system includes the data management apparatus 110 and the cloud server 120.
And the cloud server 120 is configured to store the work data encrypted by the data management apparatus.
The cloud server 120 is specifically configured to classify the working data according to the marks in the marked working data to obtain a plurality of classification data, where the same classification data includes the same type of data; aiming at each classified data, according to a preset safety requirement, encrypting the classified data by adopting an encryption algorithm corresponding to the classified data in the preset safety requirement; and storing each encrypted classified data.
The specific working content and working principle of the data management apparatus 110 and the cloud server 120 are already described in detail above, and are not repeated here for brevity.
Please refer to fig. 6, which is an electronic device 200 according to an embodiment of the present disclosure. The electronic device 200 includes: a transceiver 210, a memory 220, a communication bus 230, and a processor 240, wherein the processor 240 may be further deployed with a control layer, an execution layer, and an enterprise layer.
The elements of the transceiver 210, the memory 220, and the processor 240 are electrically connected to each other directly or indirectly to achieve data transmission or interaction. For example, the components may be electrically coupled to each other via one or more communication buses 230 or signal lines. The transceiver 210 is used for transceiving data. The memory 220 is used to store a computer program such as the software functional module shown in fig. 4, that is, the data management apparatus 100. The data management apparatus 100 includes at least one software functional module, which may be stored in the memory 220 in the form of software or firmware (firmware) or solidified in an Operating System (OS) of the electronic device 200. The processor 240 is configured to execute executable modules stored in the memory 220, such as software functional modules or computer programs included in the data management device 100. At this time, the processor 240 is configured to obtain working data generated when the hardware device works; performing identity authentication on the hardware equipment, and marking the working data corresponding to the hardware equipment by using the identity information of the hardware equipment after the hardware equipment passes the identity authentication; and encrypting and storing the marked working data.
The Memory 220 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like.
The processor 240 may be an integrated circuit chip having signal processing capabilities. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor 240 may be any conventional processor or the like.
The electronic device 200 includes, but is not limited to, a personal computer, a server, and the like.
The present embodiment also provides a non-volatile computer-readable storage medium (hereinafter referred to as a storage medium), where the storage medium stores a computer program, and when the computer program is executed by the electronic device 200 as described above, the computer program performs the above-described data management method. The computer-readable storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (10)

1. A method for managing data, comprising:
acquiring working data generated when hardware equipment works;
performing identity authentication on the hardware equipment, and marking the working data corresponding to the hardware equipment by using the identity information of the hardware equipment after the hardware equipment passes the authentication;
and encrypting and storing the marked working data.
2. The method according to claim 1, wherein if the number of the hardware devices is multiple, the encrypting and storing the marked working data comprises:
classifying the marked working data to obtain various classification data, wherein one classification data corresponds to one mark;
for each classified data, encrypting the classified data according to a preset encryption algorithm corresponding to the classified data;
and storing each classified data after encryption.
3. The method according to claim 1, wherein the encrypting and storing the marked working data is applied to an electronic device with a control layer, an execution layer and an enterprise layer, and includes:
the control layer encrypts the marked working data to obtain first working data and transmits the first working data to the execution layer;
the execution layer carries out integrity verification on the first working data sent by the control layer and identity authentication on the control layer, after the integrity verification and the identity authentication pass, the first working data is marked by using the identity information of the control layer to obtain second working data, and the second working data is sent to the enterprise layer;
and the enterprise layer carries out integrity verification on the second working data sent by the execution layer and identity authentication on the execution layer, and after the integrity verification and the identity authentication pass, the enterprise layer marks the second working data by using the identity information of the execution layer to obtain third working data and stores the third working data.
4. The method according to claim 1, applied to an electronic device deployed with a control layer, an execution layer and an enterprise layer, wherein encrypting and storing the marked working data comprises:
the control layer encrypts first working data and transmits the first working data to the execution layer, wherein the first working data are marked working data;
the execution layer carries out integrity verification on the encrypted first working data sent by the control layer and identity authentication on the control layer, decrypts the encrypted first working data after the integrity verification and the identity authentication pass, marks the first working data by using the identity information of the control layer to obtain second working data, encrypts the second working data and transmits the second working data to the enterprise layer;
and the enterprise layer carries out integrity verification on the encrypted second working data sent by the execution layer and identity authentication on the execution layer, decrypts the encrypted second working data after the integrity verification and the identity authentication pass, marks the second working data by using the identity information of the execution layer to obtain third working data, and encrypts and stores the third working data.
5. The method according to any one of claims 3 or 4, wherein the control layer is used for controlling hardware devices on the same production line, the execution layer is used for managing all control layers in the same production workshop, and the enterprise layer is used for managing all execution layers.
6. The method according to any one of claims 3 or 4, further comprising:
acquiring first flow data between the hardware equipment and the control layer, and judging whether the first flow data meets a first preset condition;
if the first flow data does not meet the first preset condition, sending a flow abnormity alarm; and/or the presence of a gas in the gas,
acquiring second flow data between the control layer and the execution layer, and judging whether the second flow data meets a second preset condition;
if the second flow data does not meet the second preset condition, sending a flow abnormity alarm; and/or the presence of a gas in the gas,
acquiring third flow data between the execution layer and the enterprise layer, and judging whether the third flow data meets a third preset condition;
and if the third flow data does not meet the third preset condition, sending a flow abnormity alarm.
7. A data management apparatus, comprising:
the management layer is used for acquiring working data generated when the hardware equipment works; performing identity authentication on the hardware equipment, and marking working data corresponding to the hardware equipment by using the identity information of the hardware equipment after the hardware equipment passes the authentication; and encrypting and storing the marked working data.
8. The data management device of claim 7, wherein the management layer comprises:
a control layer, an execution layer and an enterprise layer;
the control layer is used for encrypting the marked working data and transmitting the working data to the execution layer;
the execution layer is used for carrying out integrity verification on the first working data sent by the control layer and carrying out identity authentication on the control layer, after the integrity verification and the identity authentication pass, the first working data is marked by using the identity information of the control layer, and the second working data is sent to the enterprise layer after the second working data is obtained;
and the enterprise layer is used for carrying out integrity verification on the second working data sent by the execution layer and carrying out identity authentication on the execution layer, marking the second working data by using the identity information of the execution layer after the integrity verification and the identity authentication pass to obtain third working data, and storing the third working data.
9. An electronic device, comprising: a memory and a processor, the memory and the processor being connected;
the memory is used for storing programs;
the processor to invoke a program stored in the memory to perform the method of any of claims 1-6.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed by a computer, performs the method of any one of claims 1-6.
CN202210928057.2A 2022-08-03 2022-08-03 Data management method and device, electronic equipment and computer readable storage medium Pending CN115203669A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210928057.2A CN115203669A (en) 2022-08-03 2022-08-03 Data management method and device, electronic equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210928057.2A CN115203669A (en) 2022-08-03 2022-08-03 Data management method and device, electronic equipment and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN115203669A true CN115203669A (en) 2022-10-18

Family

ID=83585154

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210928057.2A Pending CN115203669A (en) 2022-08-03 2022-08-03 Data management method and device, electronic equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN115203669A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119484154A (en) * 2025-01-10 2025-02-18 长江三峡集团实业发展(北京)有限公司 Method, device, computer equipment and product for constructing river basin information security architecture

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119484154A (en) * 2025-01-10 2025-02-18 长江三峡集团实业发展(北京)有限公司 Method, device, computer equipment and product for constructing river basin information security architecture

Similar Documents

Publication Publication Date Title
US10051059B2 (en) Methods and apparatus to control communications of endpoints in an industrial enterprise system based on integrity
CN102724040B (en) Method, control device and the system of verity run counter to by testing equipment component
CN102571347B (en) Method of calibration, device and the communication equipment of Field Replaceable Unit
CN110971656B (en) Secure storage of data in blockchain
CN111311777A (en) Dynamic inspection method, server, terminal, storage medium and equipment
CN101484901A (en) System and method for product registration
US11412047B2 (en) Method and control system for controlling and/or monitoring devices
CN106888452A (en) The wireless encryption transceiver and method of data are transmitted wirelessly from computer at least one field apparatus
CN108462572A (en) The method of field device for certification automatic technology
CN117596086B (en) A method and system for encrypting and transmitting commodity data based on supply chain
US10382417B2 (en) Secure protocol for chip authentication
CN110995720B (en) Encryption method, device, host terminal and encryption chip
CN115203669A (en) Data management method and device, electronic equipment and computer readable storage medium
CN113742704B (en) Equipment production test control method, equipment and storage medium
CN117314471A (en) Standard substance traceability management method and system
CN106408020A (en) A product two-dimensional code marking anti-duplication code detection system and method
CN119906717A (en) A method and system for synchronizing data between intelligent sorting terminal and cloud
US20230022849A1 (en) Methods and systems for providing data from an internal data processing system of an industrial plant to an external data processing system
CN117134955B (en) Computer network information security monitoring method and device and computing equipment
EP2879064B1 (en) Information administration system
CN117033373A (en) Industrial production-oriented detection data management system and method for Internet of things
CN117830027A (en) Block chain-based oil and gas supply chain system and method
CN114139115B (en) Application container secret key management platform
CN113849139A (en) Consumables management method and system and printing device
CN105740726A (en) Extended information encryption method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination