A method and application for secure transmission of industrial internet data

By classifying and grading industrial internet data, implementing layered differentiated encryption, and conducting dynamic trust assessments, the problem of insufficient data transmission security in existing technologies has been solved, achieving multi-layered secure data transmission and improving the security and reliability of data transmission.

CN122160146APending Publication Date: 2026-06-05GANSU WANWEI INFORMATION TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GANSU WANWEI INFORMATION TECH CO LTD
Filing Date
2026-03-18
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Existing industrial internet data transmission solutions do not perform fine-grained classification and grading of data, and adopt a unified encryption strategy, which cannot meet the high security requirements of core data. Furthermore, they lack collaborative protection at the transmission layer, network layer, and application layer, resulting in security vulnerabilities that make data easily leaked and tampered with.

Method used

By employing industrial data classification and grading, layered differentiated encryption mechanisms, dynamic trust assessment models, and edge node protection, combined with rule engines and machine learning, a multi-layered and dynamic data security transmission method is constructed, including data classification, differentiated encryption, dynamic trust assessment, and lightweight protection modules.

Benefits of technology

It achieves multi-layered protection of industrial internet data, enhances the security and reliability of data transmission, effectively prevents data leakage and tampering, and improves production stability and the protection of core corporate interests.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160146A_ABST
    Figure CN122160146A_ABST
Patent Text Reader

Abstract

The application relates to the technical field of industrial internet, and discloses an industrial internet data security transmission method and application, which solves the technical problems that existing industrial data transmission is not finely classified and encrypted, the encryption mechanism is single, and protection lacks dynamic nature. The method is characterized in that: firstly, industrial data is preprocessed, and classified and graded through a rule engine and a machine learning hybrid algorithm; secondly, a differentiated encryption mechanism is deployed at a transmission layer, a network layer and an application layer, a dynamic trust evaluation model integrating static and dynamic attributes is established for a network node; meanwhile, a lightweight protection module containing identity authentication, access control and anomaly detection is deployed at an edge node, a security monitoring platform is constructed, and encryption algorithms and routing strategies are dynamically adjusted in combination with monitoring data. The application realizes multi-level dynamic adaptive security protection, effectively avoids data leakage and tampering risks, improves production safety stability, takes into account transmission efficiency, and is suitable for intelligent factory industrial internet data communication scenes.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of industrial internet technology, specifically to a method and application for secure data transmission in the industrial internet. Background Technology

[0002] The widespread adoption of the Industrial Internet has driven the rapid development of intelligent manufacturing. Heterogeneous devices such as PLCs, robots, and sensors within factories achieve data interconnection and interoperability through networks, providing core support for improving production efficiency. However, industrial data is both sensitive and real-time. Control data is directly related to production safety, while business data concerns the core interests of enterprises. Existing transmission solutions have significant shortcomings: First, the lack of refined data classification and grading, coupled with the absence of a unified encryption strategy, fails to meet the high security requirements of core data and results in inefficiency in ordinary data transmission. Second, the encryption mechanism is limited to a single network layer, lacking collaborative protection across the transport, network, and application layers, thus creating security vulnerabilities.

[0003] The aforementioned problems make industrial data susceptible to leakage and tampering during transmission, which not only affects production stability but may also cause significant economic losses. Therefore, developing a secure data transmission method for the Industrial Internet that balances precision, multi-layered complexity, dynamism, and lightweight design has become an urgent need in the field of intelligent manufacturing. Summary of the Invention

[0004] To achieve the above objectives, the present invention provides the following technical solution: A method for secure data transmission in the Industrial Internet includes the following steps: S1. Industrial Data Classification and Grading: Data sources and data in the Industrial Internet are preprocessed and classified, and then a hybrid algorithm of rule engine and machine learning is used to divide the data into different priorities according to their importance. S2. Construct a layered differentiated encrypted transmission mechanism: Deploy differentiated encryption mechanisms at the transport layer, network layer, and application layer according to the different types of data sources and data in step S1. S3. Establish a dynamic trust evaluation model: Establish a corresponding dynamically changing trust value for each network node of the industrial internet in step S1. The dynamically changing trust value is adjusted by static attributes and dynamic attributes. S4. Edge Node Protection: Deploy a lightweight security protection module in the industrial internet network in step S1. The security protection module includes an identity authentication unit, a data access control unit, and an abnormal behavior detection unit. S5. Security Monitoring and Optimization: Construct the industrial internet data transmission security monitoring channel, collect key indicators during the transmission process through distributed monitoring nodes, and construct an anomaly detection model; iterate and optimize based on the monitoring data of the detection model, and dynamically adjust encryption and routing strategies.

[0005] Specifically, the classification types in step S1 include: control data, business data, status data, and environmental data; among which, control data includes PLC control instructions, robot motion instructions, and equipment start / stop signals; business data includes production plan data, quality inspection data, and order data; status data includes equipment operating parameters and sensor monitoring data; and environmental data includes factory temperature and humidity, air quality, and energy consumption data.

[0006] Specifically, the classification priority in step S1 includes: highest priority, medium priority, and low priority; wherein, the highest priority corresponds to the blast furnace temperature control command in the control data and the core production process parameters in the business data; the medium priority corresponds to the conveyor belt speed adjustment command in the control data and the product quality inspection results in the business data; and the low priority corresponds to the equipment shell temperature data in the status data and the plant humidity data in the environmental data.

[0007] Specifically, the differentiated encryption mechanism in step S2 includes: Different encryption algorithms are used for the highest priority, medium priority and low priority data in the transport layer, and a key derivation algorithm is used to fuse timestamp, data level identifier and node trust value fragments. A session key is generated every 100ms, and the key is pre-distributed to legitimate nodes through asymmetric encryption. Different encryption algorithms are used to differentiate the deployment of highly sensitive data and ordinary data in the network layer; A two-dimensional digital signature is adopted for the application layer. The data generation edge node is signed by the node using the SM2 algorithm, and then the regional edge gateway is signed by the gateway using the RSA-2048 algorithm. The compression algorithm is adaptively selected according to the data type and level.

[0008] Specifically, in step S3, the static attributes of the node include the device factory certificate, preset key, and security capability factors, which are used to establish the initial trust value of the node; the dynamic attributes include the node's communication behavior, computation behavior, and business logic behavior, wherein the business logic behavior is to verify whether the node's instructions conform to the preset production logic; a weighted moving average model is used to calculate the dynamic attribute data to realize the real-time update of the node's trust value and obtain the real-time trust value of the node.

[0009] Specifically, the security protection module in step S4 includes: an identity authentication unit, including user authentication and device authentication; the user authentication adopts multi-factor authentication, combining password, biometrics and one-time password; the device authentication verifies the identity of the access device through digital certificates or public key infrastructure; a data access control unit, including permission management, dynamic access control, and auditing and logging; the permission management is role-based access control or attribute-based access control; and an abnormal behavior detection unit, used for real-time monitoring and detection of security threats or abnormal activities.

[0010] Specifically, the key indicators in step S5 include network latency, bandwidth utilization, and data transmission rate; the adaptive optimization model dynamically adjusts the encryption algorithm and routing strategy based on monitoring data to optimize the data transmission path.

[0011] An application of an industrial internet data security transmission method, wherein the system, when used in a smart factory environment, implements the steps of the industrial internet data security transmission method according to any one of claims 1-7.

[0012] Compared with the prior art, the beneficial effects of the present invention are mainly reflected in: 1. This invention implements industrial data classification and grading with differentiated encryption mechanisms, deploying different encryption strategies and security measures at the transmission layer, network layer, and application layer to form a multi-layered protection mechanism. This improves data security during transmission and effectively prevents the risk of data leakage and tampering. It not only enhances the overall security of the system but also provides suitable protection methods for different types of data, making data transmission more reliable.

[0013] 2. This invention establishes a dynamic trust assessment model that enables each node's trust value in the network to be updated in real time, comprehensively considering static attributes and dynamic behaviors, thus providing reliable protection for network security. Attached Figure Description

[0014] Figure 1 This is a schematic diagram of the overall process of the industrial internet data security transmission method of the present invention; Figure 2 This is a detailed implementation block diagram of the industrial internet data security transmission method of the present invention. Detailed Implementation

[0015] The technical solution of the present invention will be further described below with reference to the accompanying drawings.

[0016] like Figure 1-2 As shown, the present invention relates to a method for secure data transmission in the industrial internet, and the specific implementation steps are as follows: S1. Industrial Data Classification and Grading: Data sources and data in the Industrial Internet are pre-processed and classified, specifically including control data such as PLC control instructions and robot motion instructions; business data such as production plan data and quality inspection data; status data such as equipment operating parameters and sensor monitoring data; and environmental data such as factory temperature and humidity and energy consumption data. A hybrid algorithm combining rule engines and machine learning is used to prioritize data based on its importance: highest priority (e.g., blast furnace temperature control instructions), medium priority (e.g., conveyor belt speed adjustment instructions), and low priority (e.g., equipment casing temperature data).

[0017] S2. Construct a layered, differentiated encrypted transmission mechanism: Based on the data source, data type, and priority of S1, deploy differentiated encryption mechanisms at the transport layer, network layer, and application layer. Specific requirements for each layer are as follows: Different encryption algorithms are used for the highest priority, medium priority and low priority data in the transport layer, and a key derivation algorithm is used to fuse timestamp, data level identifier and node trust value fragments. A session key is generated every 100ms, and the key is pre-distributed to legitimate nodes through asymmetric encryption. Different encryption algorithms are used to differentiate the deployment of highly sensitive data and ordinary data in the network layer; A two-dimensional digital signature is adopted for the application layer. The data generation edge node is signed by the node using the SM2 algorithm, and then the regional edge gateway is signed by the gateway using the RSA-2048 algorithm. The compression algorithm is adaptively selected according to the data type and level.

[0018] S3. Establish a dynamic trust assessment model: Establish a dynamically changing trust value for each node in the industrial internet network to achieve real-time assessment of the node's trust status. Specifically, this includes: The comprehensive evaluation dimensions for determining node trust values ​​include static attributes such as device factory certification, preset keys, and security capability factors, which are used to establish the initial trust value of the node and dynamic attributes such as the node's communication behavior, computing behavior, and business logic behavior. Among them, the business logic behavior needs to verify whether the node's instructions conform to the preset production logic.

[0019] A weighted moving average model is used to calculate the dynamic attribute data of nodes, thereby realizing the real-time update of node trust values ​​and obtaining the real-time trust values ​​of nodes.

[0020] S4. Edge Node Protection: Deploy a lightweight security protection module at the industrial internet edge nodes. This module contains three core functional units, each with specific requirements: Identity authentication unit: Simultaneously realizes user authentication and device authentication; user authentication adopts multi-factor authentication, combining password, biometrics and one-time password; device authentication verifies the identity of access devices through digital certificates or public key infrastructure.

[0021] Data access control unit: includes access control, dynamic access control, and auditing and logging functions; where access control is based on role-based access control or attribute-based access control.

[0022] Abnormal Behavior Detection Unit: Monitors the operational status of edge nodes in real time and detects various security threats or abnormal activities.

[0023] S5. Security Monitoring and Optimization: Construct the industrial internet data transmission security monitoring channel, collect key indicators during the transmission process through distributed monitoring nodes, and construct an anomaly detection model; iterate and optimize based on the monitoring data of the detection model, and dynamically adjust encryption and routing strategies.

[0024] Example 1 This embodiment provides a method for secure data transmission in the industrial internet, including the following steps: S1. Industrial Data Classification and Grading: Data sources and data in the Industrial Internet are pre-processed and classified. The classification types include: Control data, including PLC control instructions, robot motion instructions, and equipment start / stop signals; this data directly affects the safety and efficiency of the production process; Business data, including production plan data, quality inspection data, and order data; this data is related to the company's daily operations, production scheduling, and market responsiveness; Status data, including equipment operating parameters and sensor monitoring data; this data provides real-time status information of production equipment; Environmental data, including factory temperature and humidity, air quality, and energy consumption data; this data provides a basis for the company's energy management and cost control. Based on the importance of the data, a hybrid algorithm combining rule engines and machine learning is used to divide it into multiple levels. The classification and grading system includes: Highest priority: blast furnace temperature control commands in control data and core production process parameters in business data, using the highest priority transmission channel with end-to-end encryption and real-time integrity verification; Medium priority: conveyor belt speed adjustment commands in control data and product quality inspection results in business data, using a medium priority transmission channel with dual encryption at the network and application layers; Low priority: equipment casing temperature data in status data and plant humidity data in environmental data, using a low priority transmission channel with lightweight encryption and bandwidth reduction through data compression. This classification and grading approach effectively identifies and protects critical data, ensuring appropriate security measures are applied to different types of data during transmission. The classification and grading strategy improves data management efficiency.

[0025] S2. Construct a secure transmission channel: Deploy differentiated encryption mechanisms at the transport layer, network layer, and application layer according to the different data types mentioned in step S1. At the transport layer, different encryption algorithms are used for core-level data, important-level data, and ordinary-level data. The core data uses an enhanced lightweight symmetric encryption algorithm with a 128-bit key length to ensure encryption strength is compatible with the computing power of industrial edge devices. The important-level data uses a standard lightweight encryption algorithm, such as the CLEFIA-64 algorithm, with a 64-bit block size, a 128-bit key length, and an encryption rate of up to 80Mbps to meet real-time transmission requirements. Requirements: The ordinary-level data uses an ultra-lightweight encryption algorithm, such as the PRESENT-80 algorithm, with only 31 rounds and an 80-bit key length, balancing efficiency and basic security; it also employs a key derivation algorithm that fuses timestamps, data level identifiers, and node trust value fragments, generating a session key every 100ms. The key is pre-distributed to legitimate nodes via asymmetric encryption to avoid the risk of mass cracking after key theft; at the network layer, different encryption algorithms are deployed for highly sensitive data and ordinary data; the highly sensitive data uses a dual protection of national cryptographic block encryption algorithm and link encryption; after data is grouped, it is first... SM4 block encryption is used, followed by a secondary encryption of the encrypted packets at the network link layer using the AES-GCM algorithm. This ensures that even if the data is intercepted during routing, it cannot be cracked. Ordinary sensitive data uses a lightweight block encryption algorithm in ECB mode to improve forwarding efficiency. The encryption strength of the virtual channel is adjusted based on the real-time trust value in step S3. Specifically, when the trust value between the source node and the forwarding node is greater than a preset value, the virtual channel uses SM2 asymmetric encryption and periodic key updates; when the trust value between the source node and the forwarding node is less than the preset value, it switches to a hybrid encryption of SM2 and SM4. Time-triggered channel traffic monitoring; at the application layer, a dual-dimensional digital signature is adopted, with the data-generating edge node signing the node using the SM2 algorithm, and then the regional edge gateway performing a second signature using the RSA-2048 algorithm; the compression algorithm is adaptively selected according to the data type and level; the core level uses the LZ77 improved algorithm, and the ordinary level uses Huffman coding to avoid security vulnerabilities or efficiency losses caused by the mismatch between the fixed encryption algorithm and the compressed data; this step ensures that the security of data during transmission is comprehensively and multi-layered by deploying the above-mentioned differentiated encryption mechanisms at the transport layer, network layer and application layer respectively.

[0026] S3. Establish a dynamic trust assessment model: Establish a corresponding dynamically changing trust value for each network node in the Industrial Internet from step S1. The dynamically changing trust value is adjusted by static attributes and dynamic attributes. The static attributes are based on the device's factory certificate, preset key, and security capability factors, and establish an initial trust value for each network node in the Industrial Internet. The factory certificate records detailed information such as the device's manufacturer, model, and production date. The preset key is used to verify the authenticity of the device's identity. The security capability factors involve the node's own security protection mechanisms and technical level. The dynamic attributes include behavior monitoring and trust calculation and updating. Behavior monitoring includes communication behavior, computation behavior, and business logic behavior. Computation behavior includes the node's computing resource utilization and computation task execution efficiency. Business logic behavior is whether the instruction conforms to the preset production logic. Trust calculation and updating uses a weighted moving average model to calculate the comprehensive trust value, which can assign different weights to behavior data in different time periods based on the importance of the node's recent behavior and the time proximity.

[0027] S4. Edge Node Protection: Deploy a lightweight security protection module in the industrial internet network in step S1. The security protection module includes an identity authentication unit, a data access control unit, and an abnormal behavior detection unit. Specifically, the security protection module includes: The identity authentication unit includes user authentication and device authentication. The user authentication adopts multi-factor authentication, combining password, biometrics, and one-time password to improve security and reduce the risk of unauthorized access. The device authentication verifies the identity of the access device through digital certificates or public key infrastructure to ensure the legitimacy of the device. The data access control unit includes access management, dynamic access control, and auditing and logging; the access management is based on role-based access control or attribute-based access control, which is used to assign corresponding access permissions to different users or devices to reduce the risk of data leakage. The dynamic access control adjusts access permissions dynamically based on real-time environmental changes; the auditing and logging record access and operation behaviors. The abnormal behavior detection unit is used to monitor and detect existing security threats or abnormal activities in real time, thereby issuing alarms in a timely manner and triggering corresponding security measures.

[0028] S5. Security Monitoring and Optimization: Construct the industrial internet data transmission security monitoring platform, collect key indicators during the transmission process through distributed monitoring nodes, including network latency, bandwidth utilization, data transmission rate, etc.; and adopt... An anomaly detection model is constructed and repeatedly trained using machine learning algorithms. Based on the monitoring data of the detection model, iterative optimization is performed by dynamically adjusting encryption and routing strategies, optimizing data transmission paths, and selecting the optimal routing scheme to reduce latency and ensure that the data successfully reaches the preset target.

[0029] This industrial internet data security transmission method can be applied to smart factory environments, implementing all steps S1-S5 above to ensure the security and efficiency of data transmission between heterogeneous devices within the smart factory.

Claims

1. A method for secure data transmission in the Industrial Internet, characterized in that, Includes the following steps: S1. Industrial Data Classification and Grading: Data sources and data in the Industrial Internet are preprocessed and classified, and then a hybrid algorithm of rule engine and machine learning is used to divide the data into different priorities according to their importance. S2. Construct a layered differentiated encrypted transmission mechanism: Deploy differentiated encryption mechanisms at the transport layer, network layer, and application layer according to the different types of data sources and data in step S1. S3. Establish a dynamic trust evaluation model: Establish a corresponding dynamically changing trust value for each network node of the industrial internet in step S1. The dynamically changing trust value is adjusted by static attributes and dynamic attributes. S4. Edge Node Protection: Deploy a lightweight security protection module in the industrial internet network in step S1. The security protection module includes an identity authentication unit, a data access control unit, and an abnormal behavior detection unit. S5. Security Monitoring and Optimization: Construct the industrial internet data transmission security monitoring channel, collect key indicators during the transmission process through distributed monitoring nodes, and construct an anomaly detection model; iterate and optimize based on the monitoring data of the detection model, and dynamically adjust encryption and routing strategies.

2. The method for secure data transmission in the industrial internet according to claim 1, characterized in that, The classification types in step S1 include: control data, business data, status data, and environmental data; among which, control data includes PLC control instructions, robot motion instructions, and equipment start / stop signals; business data includes production plan data, quality inspection data, and order data; status data includes equipment operating parameters and sensor monitoring data; and environmental data includes factory temperature and humidity, air quality, and energy consumption data.

3. The method for secure data transmission in the industrial internet according to claim 1, characterized in that, The classification priority in step S1 includes: highest priority, medium priority, and low priority; wherein, the highest priority corresponds to the blast furnace temperature control command in the control data and the core production process parameters in the business data; the medium priority corresponds to the conveyor belt speed adjustment command in the control data and the product quality inspection results in the business data; and the low priority corresponds to the equipment shell temperature data in the status data and the plant humidity data in the environmental data.

4. The method for secure data transmission in the industrial internet according to claim 1, characterized in that, The differential encryption mechanism in step S2 includes: Different encryption algorithms are used for the highest priority, medium priority and low priority data in the transport layer, and a key derivation algorithm is used to fuse timestamp, data level identifier and node trust value fragments. A session key is generated every 100ms, and the key is pre-distributed to legitimate nodes through asymmetric encryption. Different encryption algorithms are used to differentiate the deployment of highly sensitive data and ordinary data in the network layer; A two-dimensional digital signature is adopted for the application layer. The data generation edge node is signed by the node using the SM2 algorithm, and then the regional edge gateway is signed by the gateway using the RSA-2048 algorithm. The compression algorithm is adaptively selected according to the data type and level.

5. The method for secure data transmission in the industrial internet according to claim 1, characterized in that, In step S3, the static attributes of the node include the device factory certificate, preset key, and security capability factors, which are used to establish the initial trust value of the node; the dynamic attributes include the node's communication behavior, computation behavior, and business logic behavior, wherein the business logic behavior is to verify whether the node's instructions conform to the preset production logic; a weighted moving average model is used to calculate the dynamic attribute data to realize the real-time update of the node's trust value and obtain the real-time trust value of the node.

6. The method for secure data transmission in the industrial internet according to claim 1, characterized in that, The security protection module in step S4 includes: an identity authentication unit, including user authentication and device authentication; the user authentication adopts multi-factor authentication, combining password, biometrics and one-time password; the device authentication verifies the identity of the access device through digital certificate or public key infrastructure; a data access control unit, including permission management, dynamic access control, and auditing and logging; the permission management is based on role-based access control or attribute-based access control; and an abnormal behavior detection unit, used for real-time monitoring and detection of security threats or abnormal activities.

7. The method for secure data transmission in the industrial internet according to claim 1, characterized in that, The key indicators in step S5 include network latency, bandwidth utilization, and data transmission rate; the adaptive optimization model dynamically adjusts the encryption algorithm and routing strategy based on monitoring data to optimize the data transmission path.

8. An application of a secure data transmission method for the Industrial Internet, characterized in that, When the system is used in a smart factory environment, it implements the steps of the method for secure data transmission of the Industrial Internet as described in any one of claims 1-7.