Blockchain-based digital certificate shield anomaly detection method and device
By combining blockchain technology with convolutional neural networks, real-time anomaly monitoring and automatic repair of U-shields have been achieved, solving the problems of low screen reliability and delayed risk control response of U-shields. A real-time risk control system has been built, improving the anomaly detection efficiency and transaction security of U-shields.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- INDUSTRIAL AND COMMERCIAL BANK OF CHINA
- Filing Date
- 2026-04-29
- Publication Date
- 2026-07-10
AI Technical Summary
Existing U-shield anomaly detection suffers from low screen reliability, weak public network encryption, and delayed risk control response, making it difficult to detect device malfunctions in a timely manner, failing to identify security risks in real time, and reducing transaction security.
By employing a blockchain-based digital certificate shield anomaly detection method, convolutional neural networks are used for real-time anomaly monitoring and automatic repair. Combined with a desensitization and compression strategy, the context and self-inspection status information are stored on the blockchain. Real-time anomaly risk assessment is performed based on blockchain smart contracts, and encryption is achieved through a dynamic key generation mechanism to realize risk response control.
It achieves hardware-level autonomous self-inspection, timely detection and repair of faults, improves equipment reliability, builds a decentralized real-time risk control system, significantly improves anomaly detection efficiency and transaction security protection level, and enhances the reliability of digital certificate shield.
Smart Images

Figure CN122372301A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the fields of blockchain and fintech, and more specifically to a method and apparatus for detecting anomalies in a blockchain-based digital certificate shield. Background Technology
[0002] U-Shield is a USB Key digital certificate, also known as a digital certificate shield. It's a hardware storage medium that connects to a device via USB or Bluetooth. It has a built-in encryption chip that stores the user's digital certificate and private key, primarily used for identity authentication and data encryption. In scenarios such as online banking and e-government, it ensures identity trust and data transmission security. As a core hardware component for financial security, the U-Shield's anomaly detection capabilities directly impact transaction security and device reliability.
[0003] However, existing U-shield anomaly detection has the following obvious defects: the screen is driven by a fixed voltage, which is prone to ghosting and damage to the display unit, and lacks hardware self-testing capabilities; risk control relies on centralized logs and manual verification, which has a slow response and cannot combine the U-shield status to block abnormal operations in real time, resulting in insufficient anomaly detection capabilities, making it difficult to detect equipment failures in a timely manner, and making it impossible to identify security risks in real time, thus reducing transaction security. Summary of the Invention
[0004] In view of the above problems, embodiments of this application provide a method and apparatus for detecting anomalies in a blockchain-based digital certificate shield.
[0005] According to a first aspect of this application, a blockchain-based digital certificate shield anomaly detection method is provided, comprising: based on a screen image of the digital certificate shield, performing anomaly monitoring and automatic repair on the digital certificate shield using a pre-trained convolutional neural network to obtain self-check status information; writing the context information of the digital certificate shield and the self-check status information into a blockchain based on a de-identification compression strategy; and through a smart contract of the blockchain, performing anomaly risk assessment on the digital certificate shield based on the self-check status information and the context information to obtain a risk score result, and performing risk response control on the digital certificate shield based on the risk score result.
[0006] According to an embodiment of this application, the method further includes: dynamically encrypting the communication data of the digital certificate shield according to the context information and based on a dynamic key generation mechanism, and transmitting the encrypted data; and terminating the transmission of the encrypted data and locking key operation permissions in response to the risk score result exceeding a preset risk threshold.
[0007] According to an embodiment of this application, the step of using the smart contract of the blockchain to perform anomaly risk assessment on the digital certificate shield based on the self-check status information and the context information to obtain a risk score result includes: calculating the current risk factor based on the context information and the self-check status information; wherein the context information includes geographical location, device fingerprint, timestamp, and transaction operation information; and inputting the current risk factor and risk factor weights into a pre-trained random forest scoring model to output the risk score result; wherein the risk factor weights are obtained by evaluating and updating the preset factor weights through out-of-bag error.
[0008] According to an embodiment of this application, the risk response control of the digital certificate shield based on the risk scoring result includes: obtaining the triggering factor of the smart contract based on the context information and triggering conditions; performing a graded response operation on the digital certificate shield based on the number of triggering factors; determining the current risk level based on the risk scoring result and a preset scoring range; performing a scoring response operation on the digital certificate shield based on the current risk level; and performing the scoring response operation on the digital certificate shield if there is a conflict between the graded response operation and the scoring response operation.
[0009] According to an embodiment of this application, the step of dynamically encrypting the communication data of the digital certificate shield based on the context information and a dynamic key generation mechanism includes: generating the dynamic key seed using a hash algorithm based on channel state information, the context information, and the identifier of the digital certificate shield; receiving signal strength indication values in real time based on a preset time window, and quantizing and generating an original key sequence based on the signal strength indication values and the dynamic key seed; performing hash verification and zero-knowledge verification on the communication channel between the digital certificate shield and the target communication party, and expanding the original key sequence to generate a session key if both hash verification and zero-knowledge verification pass; determining the current encryption level based on the signal strength indication value, the channel state information, and the current transaction characteristics, and dynamically switching the encryption algorithm of the current level according to the current encryption level; and encrypting the communication data using the encryption algorithm of the current level according to the session key.
[0010] According to an embodiment of this application, the self-check status information includes an anomaly probability value and / or a repair log; the screen image based on the digital certificate shield, through a pre-trained convolutional neural network, performs anomaly monitoring and automatic repair on the digital certificate shield, including: acquiring the screen image of the digital certificate shield in real time using a photoelectric sensor; performing anomaly detection on the screen image using a pre-trained convolutional neural network to obtain the anomaly probability value; wherein the pre-trained convolutional neural network is a lightweight convolutional neural network deployed in the digital certificate shield; and repairing the digital certificate shield based on the anomaly probability value to obtain the repair log.
[0011] According to an embodiment of this application, repairing the digital certificate shield based on the abnormal probability value includes: determining an abnormal state based on a preset abnormal threshold and the abnormal probability value; and triggering the programmable logic chip of the digital certificate shield based on the abnormal state to adjust the driving voltage and / or dynamically adjust the refresh rate.
[0012] According to an embodiment of this application, the method further includes: constructing a first updated training set based on newly added self-checking data of the blockchain, and incrementally training the lightweight convolutional neural network based on the first updated training set; constructing a second updated training set based on newly added abnormal cases of the blockchain, and monitoring the out-of-bag error rate of the random forest scoring model in real time, and incrementally training the random forest scoring model based on the second updated training set when the out-of-bag error rate exceeds a preset error rate threshold.
[0013] According to a second aspect of this application, a blockchain-based digital certificate shield anomaly detection device is provided, comprising: an anomaly self-checking module, used to perform anomaly monitoring and automatic repair on the digital certificate shield based on a screen image of the digital certificate shield using a pre-trained convolutional neural network, and obtain self-checking status information; an information writing module, used to write the context information of the digital certificate shield and the self-checking status information into the blockchain based on a de-identification compression strategy; and an anomaly response module, used to perform anomaly risk assessment on the digital certificate shield based on the self-checking status information and the context information through a smart contract of the blockchain, obtain a risk score result, and perform risk response control on the digital certificate shield according to the risk score result.
[0014] According to a third aspect of this application, an electronic device is provided, comprising: one or more processors; and a memory for storing one or more computer programs, wherein the one or more processors execute the one or more computer programs to implement the steps of the method described above.
[0015] According to a fourth aspect of this application, a computer-readable storage medium is also provided, on which a computer program or instructions are stored, wherein the computer program or instructions, when executed by a processor, implement the steps of the above-described method.
[0016] According to a fifth aspect of this application, a computer program product is also provided, including a computer program or instructions that, when executed by a processor, implement the steps of the above-described method.
[0017] In the embodiments of this application, a convolutional neural network is used to perform real-time anomaly monitoring and automatic repair of the digital certificate shield screen image, achieving hardware-level autonomous self-checking, timely detection and repair of faults such as ghosting and display damage, and improving device reliability. Combining anonymization and compression strategies with on-chain storage of context and self-check status information ensures data immutability and traceability. Real-time anomaly risk assessment is conducted based on blockchain smart contracts, overcoming the lag of centralized logs and manual verification, achieving rapid risk scoring and precise response control, and real-time blocking of abnormal operations. This strengthens the device's hardware self-checking capabilities and constructs a decentralized real-time risk control system, significantly improving the efficiency of digital certificate shield anomaly detection and transaction security protection, and enhancing the reliability of the digital certificate shield. Attached Figure Description
[0018] The above-mentioned contents, other objects, features and advantages of this application will become clearer from the following description of embodiments with reference to the accompanying drawings, in which:
[0019] Figure 1 This is a schematic diagram of a blockchain-related network environment according to an exemplary embodiment of this application;
[0020] Figure 2 A flowchart illustrating an anomaly detection method for a blockchain-based digital certificate shield according to an embodiment of this application is shown in the schematic diagram.
[0021] Figure 3 This illustration schematically shows an encrypted interaction flowchart of a blockchain-based digital certificate shield anomaly detection method according to an embodiment of this application;
[0022] Figure 4 An automatic monitoring flowchart of a blockchain-based digital certificate shield anomaly detection method according to an embodiment of this application is illustrated.
[0023] Figure 5 This illustration schematically shows a risk response flowchart of a blockchain-based digital certificate shield anomaly detection method according to an embodiment of this application;
[0024] Figure 6 This schematically illustrates a structural block diagram of a blockchain-based digital certificate shield anomaly detection device according to an embodiment of this application;
[0025] Figure 7 A block diagram schematically illustrates an electronic device suitable for implementing a blockchain-based digital certificate shield anomaly detection method according to an embodiment of this application. Detailed Implementation
[0026] The embodiments of this application will now be described with reference to the accompanying drawings. However, it should be understood that these descriptions are exemplary only and are not intended to limit the scope of this application. In the following detailed description, numerous specific details are set forth to provide a thorough understanding of the embodiments of this application for ease of explanation. However, it will be apparent that one or more embodiments may be implemented without these specific details. Furthermore, descriptions of well-known structures and technologies are omitted in the following description to avoid unnecessarily obscuring the concepts of this application.
[0027] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to limit the scope of this application. The terms “comprising,” “including,” etc., as used herein indicate the presence of features, steps, operations, and / or components, but do not exclude the presence or addition of one or more other features, steps, operations, or components.
[0028] All terms used herein (including technical and scientific terms) have the meanings commonly understood by those skilled in the art, unless otherwise defined. It should be noted that the terms used herein are to be interpreted in a manner consistent with the context of this specification, and not in an idealized or overly rigid way.
[0029] As used in this paper, the term "model" refers to a model that learns the relationship between inputs and outputs from training data, enabling it to generate corresponding outputs for a given input after training. Model generation can be based on machine learning techniques. Deep learning is a machine learning algorithm that processes inputs and provides corresponding outputs using multiple layers of processing units. A neural network model is an example of a deep learning-based model. In this paper, "model" may also be referred to as a "machine learning model," "learning model," "machine learning network," or "learning network," and these terms are used interchangeably.
[0030] It's important to note that the term "neural network" can refer to a machine learning network based on deep learning. A neural network processes input and provides corresponding output, typically consisting of an input layer, an output layer, and one or more hidden layers between them. Neural networks used in deep learning applications often include many hidden layers, increasing the network's depth. The layers of a neural network are connected sequentially, so that the output of the previous layer serves as the input to the next layer. The input layer receives the input to the neural network, while the output layer's output becomes the final output. Each layer of a neural network includes one or more nodes (also called processing nodes or neurons), each processing the input from the layer above.
[0031] It should be understood that machine learning generally includes three phases: training, testing, and application (also known as inference). In the training phase, a given model is trained using a large amount of training data, iteratively updating parameter values until the model can consistently generate inferences that meet the expected goals from the training data. Through training, the model can be considered to have learned the relationship between inputs and outputs (also known as the input-output mapping) from the training data. The parameter values of the trained model are determined. In the testing phase, test inputs are applied to the trained model to test whether it can provide the correct output, thus determining the model's performance. In the application phase, the model can be used to process actual inputs based on the trained parameter values to determine the corresponding output.
[0032] U-Shield stores digital certificates in hardware for identity authentication and data encryption, primarily for network security authentication. It has a built-in encryption chip that can store user digital certificates and private keys, ensuring the security of identity authentication and data transmission in scenarios such as online banking and e-government.
[0033] Currently, USB tokens (U-shields) are core hardware for financial security. The detection of anomalies in USB tokens directly impacts device reliability and transaction security. They can promptly identify hardware failures and security risks, enabling proactive protection, preventing the escalation of hidden dangers, and ensuring the stability and security of financial transactions. However, current methods for detecting anomalies in USB tokens have the following shortcomings:
[0034] (1) The screen has low reliability. Traditional U-shields rely on a fixed voltage to drive the LCD screen display. Long-term use can easily lead to problems such as image retention and damage to individual display units. It depends on users to report problems. Solving problems requires human observation or firmware upgrades to fix hardware defects. It lacks self-testing capabilities and affects normal use by users.
[0035] (2) Public network encryption is weak. In online banking and mobile payment scenarios, communication often uses static keys or simple two-way authentication. In public wireless network (WiFi) environments, static keys are easily attacked and cracked, lacking dynamic protection. For example, existing advanced encryption standard algorithms lack dynamic key generation mechanisms and are difficult to cope with security vulnerabilities caused by channel fluctuations.
[0036] (3) The risk control response is lagging behind. Traditional risk control relies on centralized server log auditing, and cross-regional abnormal operations rely on manual verification. The response cycle is long and disconnected from the status of the U-shield itself and the communication environment, making it impossible to block in real time.
[0037] While Convolutional Neural Networks (CNNs) offer some accuracy in industrial visual inspection, their high model complexity and computational resource requirements make them difficult to deploy directly on resource-constrained USB security tokens (U-shields). Furthermore, they haven't been optimized for the unique defects of U-shield screens. The spatiotemporal uniqueness of WiFi channel state information theoretically makes dynamic keys possible. The national cryptographic algorithm SM4 has been optimized for domestically produced Field Programmable Gate Arrays (FPGAs), but it lacks a lightweight, real-time dynamic key generation and negotiation mechanism closely integrated with the actual application scenarios of U-shields (such as low power consumption, low latency, and resistance to channel fluctuations), and effectively integrated into the security system of U-shields. Therefore, there is an urgent need for a closed-loop intelligent security management system for U-shields that integrates AI hardware self-healing, environmentally aware dynamic encryption, and blockchain smart contract collaborative risk control. This system would achieve fully automated security protection from terminal hardware status awareness and dynamic protection of communication links to real-time risk control of user behavior, and real-time detection of U-shield anomalies.
[0038] This application provides a blockchain-based digital certificate shield anomaly detection method, comprising: based on the screen image of the digital certificate shield, using a pre-trained convolutional neural network to perform anomaly monitoring and automatic repair on the digital certificate shield, obtaining self-check status information; based on a de-identification and compression strategy, writing the context information and self-check status information of the digital certificate shield into the blockchain; and through a blockchain smart contract, performing anomaly risk assessment on the digital certificate shield based on the self-check status information and context information, obtaining a risk score result, and performing risk response control on the digital certificate shield according to the risk score result. In this application's embodiments, real-time anomaly monitoring and automatic repair of the digital certificate shield screen image using a convolutional neural network achieves hardware-level autonomous self-checking, promptly detecting and repairing faults such as ghosting and display damage, thus improving device reliability. The combination of a de-identification and compression strategy and on-chain storage of context and self-check status information ensures data immutability and traceability. Real-time anomaly risk assessment based on blockchain smart contracts overcomes the lag of centralized logs and manual verification, achieving rapid risk scoring and precise response control, and can block abnormal operations in real time. It not only strengthens the self-testing capabilities of the device hardware, but also builds a decentralized real-time risk control system, significantly improving the anomaly detection efficiency and transaction security protection level of the digital certificate shield, and enhancing the reliability of the digital certificate shield.
[0039] The blockchain-based digital certificate shield anomaly detection method and device of this application can be used in the blockchain field and the fintech field, and can also be used in any field other than the blockchain field and the fintech field. The application field of the blockchain-based digital certificate shield anomaly detection method and device of this application is not limited.
[0040] In the technical solution of this application, the user information (including but not limited to user personal information, user image information, user device information, transaction operation information, such as geographical location information) and data (including but not limited to data used for analysis, stored data, and displayed data) involved are all information and data authorized by the user or fully authorized by all parties. Furthermore, the collection, storage, use, processing, transmission, provision, disclosure, and application of related data all comply with relevant laws, regulations, and standards, take necessary confidentiality measures, do not violate public order and good morals, and provide corresponding operation entry points for users to choose to authorize or refuse.
[0041] In scenarios where personal information is used for automated decision-making, the methods, devices, and systems provided in this application all provide users with corresponding operation entry points for users to choose to agree to or reject the automated decision results; if the user chooses to reject, the process enters the expert decision-making process.
[0042] Figure 1 This is a schematic diagram of a blockchain-related network environment according to an exemplary embodiment of this application. Figure 1The network environment 100 shown may include a client-side device 101, a server-side device 102, and at least one blockchain system, such as blockchain system 103, blockchain system 104, and blockchain system 105.
[0043] For example, client-side device 101 may include various types of client-side devices, such as personal computer computing devices, mobile computing devices, Internet of Things (IoT) devices, external security devices (such as USB tokens, dynamic tokens), and other forms of smart devices with certain computing capabilities. It should be noted that client-side device 101 does not mean that all client-side devices are in the same communication network, but is merely a collective term for these client-side devices. Some computing devices in client-side device 101 may be coupled to server-side device 102 through various communication networks. For example, device 3 is coupled to server-side device 102. Some computing devices in client-side device 101 may also not be coupled to server-side device 102, but may be directly coupled to the blockchain system; for example, device 4 may be directly coupled to blockchain system 103. Client-side device 101 may also include one or more user-side servers, such as devices 5 and 6. Some computing devices in client-side device 101 may be coupled to these user-side servers; for example, device 1 is coupled to device 5, and device 2 is coupled to device 6. The user-side server can be further directly coupled to the blockchain system, or it can be further coupled to the server 102 through various communication networks. For example, device 5 can be further directly coupled to the blockchain system, and device 6 can be further coupled to the server 102.
[0044] It should be noted that the user-side server can be implemented by a service entity that has established a user account system. This service entity can include the operating entity of the service carrier that provides various online and / or offline services to users. Correspondingly, the operating entity can include the operator of the aforementioned service carrier; for example, the operating entity can include individuals, organizations, companies, and enterprises that operate and manage the aforementioned service carrier.
[0045] Server 102 can be coupled to one or more blockchain systems through various communication networks. For example, server 102 can be coupled to blockchain system 103, blockchain system 104 and blockchain system 105 respectively.
[0046] The communication network may include wired and / or wireless communication networks, such as local area networks, wide area networks, the Internet, or combinations thereof, which are based on wired or wireless access networks provided by operators.
[0047] Each blockchain system can maintain one or more blockchains, such as public blockchains, private blockchains, consortium blockchains, etc., and includes multiple blockchain nodes to host the aforementioned one or more blockchains; for example, Figure 1 The nodes shown, such as Node 1, Node 2, Node 3, Node 4, and Node i, can collectively support one or more blockchains. Cross-chain data access is also possible between the blockchains contained within each blockchain system, as well as between different blockchain systems themselves.
[0048] Nodes in a blockchain system can be physical devices or virtual devices implemented within servers or server clusters. For example, a node in a blockchain system can be a physical host in a server cluster, or a virtual machine created by virtualizing the hardware resources of a server or server cluster using virtualization technology. Each node can be coupled together to form a network through various types of communication methods to support one or more blockchains.
[0049] Server-side 102 may include a blockchain service platform, such as a platform for providing blockchain services. This platform can provide blockchain services to client-side devices coupled to the platform by providing pre-written software for activities occurring on the blockchain (e.g., subscriptions and notifications, user authentication, database management, remote updates, etc.).
[0050] In practical applications, blockchain services can be deployed on the blockchain in the form of smart contracts. When an application running on a client-side device uses a blockchain service, it can send a request to the blockchain system to invoke the corresponding smart contract deployed on the blockchain.
[0051] Figure 2 A flowchart illustrating an anomaly detection method for a blockchain-based digital certificate shield according to an embodiment of this application is shown. Figure 2 As shown, the blockchain-based digital certificate shield anomaly detection method 200 according to the embodiments of this application, applied to a digital certificate shield, may include steps S210 to S230.
[0052] In step S210, based on the screen image of the digital certificate shield, anomaly detection and automatic repair are performed on the digital certificate shield through a pre-trained convolutional neural network to obtain self-check status information.
[0053] Anomalies in the USB security token (U-shield) are detected using a pre-trained convolutional neural network (CNN), and automatic repair is performed when anomalies occur. This yields self-check status information, including the probability of screen anomalies and repair logs (containing timestamps, anomaly types, and repair results). Through anomaly detection and automatic repair, the U-shield is endowed with real-time self-health monitoring and repair capabilities, improving hardware reliability and providing credible hardware status evidence for risk control.
[0054] CNNs can employ lightweight deep convolutional neural networks that have been pruned and quantized, such as residual network models. A CNN can be trained using a pre-labeled dataset. For example, a residual network model can be trained with 10,000 labeled images as input: 5,000 (normally labeled) and 5,000 (labeled with ghosting / color cast). The output layer uses the sigmoid function to generate anomaly probability values P (0 ≤ P ≤ 1).
[0055] In step S220, based on the de-identification and compression strategy, the context information and self-check status information of the digital certificate shield are written into the blockchain.
[0056] The desensitization and compression strategy includes desensitizing sensitive information and compressing its storage.
[0057] Sensitive information anonymization: Confidential data such as GPS coordinates, device fingerprints, transaction information, and self-inspection anomalies of the USB key are not directly uploaded to the blockchain in plaintext. Methods such as hash digests, partial masking, field replacement, and anonymization are used. For example, sensitive information such as user IDs and GPS geographic coordinates are generalized using K-anonymity; for device fingerprints, the hash value is taken, without exposing the original features; for transaction information, sensitive fields such as account number and amount are hidden, only non-sensitive digests such as operation type and time are retained, and zero-sum knowledge proofs are used to verify legitimacy without exposing plaintext.
[0058] Compressed storage: The complete context and self-check status information after desensitization are compressed and stored, such as by using IPFS for block compression and deduplication to reduce the amount of on-chain data. After storage, a unique CID is generated to represent the index of this data. The privacy-desensitized operation data is compressed using the LZ4 compression algorithm to generate a content identifier, and the content identifier is stored on the chain to achieve the purpose of on-chain data compliance.
[0059] When adding data to the blockchain, instead of uploading the original data, the CID and key digests (timestamp, device ID, exception code, operation type) can be written to the blockchain.
[0060] For example, the self-inspection status information is recorded and transmitted to the bank's back-end management system. The back-end management system performs anonymization processing on the information, compresses it using the InterPlanetary File System (IPFS), and stores it in IPFS. After generating a unique content identifier (CID), the CID and key digest information (such as timestamps and exception type codes) are written to the blockchain.
[0061] For example, the key context information of the U-shield, such as its GPS (Global Positioning System) geographic coordinates, device fingerprint, timestamp, and transaction operation information, is written into the blockchain. Confidential information is anonymized and then compressed using IPFS before being stored on the blockchain.
[0062] In step S230, the digital certificate shield is assessed for abnormal risks based on self-inspection status information and context information through the blockchain smart contract, a risk score result is obtained, and risk response control is performed on the digital certificate shield according to the risk score result.
[0063] Through a blockchain smart contract, the system first receives self-check status information (such as hardware anomaly probability and fault repair status) and contextual information (such as geographical location, device fingerprint, and transaction operation records) uploaded by the USB key. It then extracts risk factors such as displacement speed, device fingerprint change rate, transaction frequency, self-check anomaly probability, and transaction amount dispersion according to preset rules. Subsequently, it calls the random forest scoring model deployed on the blockchain, inputs each risk factor and its dynamic weight, and calculates the risk score.
[0064] After obtaining the risk score, risk response control is implemented. For example, a smart contract is used to compare the score with a preset threshold. If the score is higher than the threshold, it is judged as high risk, triggering a freezing process, locking the U-shield private key operation permissions, and terminating the transaction data transmission. If the score is lower than the threshold, a tiered response is executed according to the risk level, such as adding secondary verification or limiting the transaction amount.
[0065] All assessment results, response instructions, key parameters, and timestamps are written to the blockchain for evidence storage. At the same time, the risk control data is used for incremental training and weight optimization of subsequent models to form a closed-loop risk control system.
[0066] Smart contracts can also be used to preset multi-dimensional abnormal rules (such as cross-province operations within 10 minutes) to trigger automatic freezing and alarms, thereby achieving real-time, automated, and auditable risk identification and response based on multi-source data. By leveraging the immutability of blockchain and the automatic execution capability of smart contracts, risk control efficiency and transparency can be improved.
[0067] In the embodiments of this application, a convolutional neural network is used to perform real-time anomaly monitoring and automatic repair of the digital certificate shield screen image, achieving hardware-level autonomous self-checking, timely detection and repair of faults such as ghosting and display damage, and improving device reliability. Combining anonymization and compression strategies with on-chain storage of context and self-check status information ensures data immutability and traceability. Real-time anomaly risk assessment is conducted based on blockchain smart contracts, overcoming the lag of centralized logs and manual verification, achieving rapid risk scoring and precise response control, and real-time blocking of abnormal operations. This strengthens the device's hardware self-checking capabilities and constructs a decentralized real-time risk control system, significantly improving the efficiency of digital certificate shield anomaly detection and transaction security protection, and enhancing the reliability of the digital certificate shield.
[0068] According to an embodiment of this application, the blockchain-based digital certificate shield anomaly detection method 200 further includes: dynamically encrypting the communication data of the digital certificate shield according to context information and based on a dynamic key generation mechanism, and transmitting the encrypted data; and terminating the transmission of the encrypted data and locking the key operation permission in response to the risk score result exceeding a preset risk threshold.
[0069] Before communication between the two parties (such as the U-shield and the bank node), the dynamic key generation mechanism is invoked based on the U-shield context information (geographical location, device fingerprint, etc.) to extract the WiFi channel state information (CSI) features, device identifier, and timestamp, and generate a session key through SHA-3 hashing; graded encryption is implemented based on the transaction risk level, with high-risk transactions using full AES-256 encryption plus additional MAC verification, and low-risk transactions using lightweight encryption, and the encrypted data is transmitted to the bank node.
[0070] After calculating the risk score in real time using the random forest model, if the score exceeds the preset threshold, risk control linkage is immediately triggered, the current encrypted data transmission is terminated, the permission management interface is called to lock the U-shield private key operation permission, subsequent transaction requests are rejected, and the abnormal event is recorded to the blockchain to generate a risk control log.
[0071] In high-risk scenarios, manual review of work orders is required before a key rotation protocol is triggered to generate a new private key. In low-risk scenarios, permissions can be restored by manually unfreezing the key, ensuring that risks are controllable while guaranteeing business continuity.
[0072] In the embodiments of this application, a U-shield dynamic key generation mechanism based on wireless network CSI is used, combined with federated learning to achieve cross-device key negotiation, and dynamic key hierarchical encryption based on context information is implemented. The encryption strength can be adapted according to the scenario, improving the security of communication data transmission. When the risk score exceeds the threshold, data transmission can be immediately terminated and key operation permissions locked, achieving real-time risk blocking and preventing the continued spread of abnormal operations. Environmental awareness is used to achieve "one-time key," improving the security of the communication link. Compared to fixed keys and passive handling methods, locking permissions can proactively detect risks and quickly execute permission control, solving the problem of static keys being easily cracked in public networks, effectively preventing data tampering or illegal theft, and enhancing the key security and risk controllability of the digital certificate shield communication process.
[0073] By implementing the digital certificate shield anomaly detection method of this application, intelligent security management of U-shields based on AI (Artificial Intelligence) and blockchain is achieved. Through the closed-loop design of data flow and control flow, AI-driven terminal detection and repair, environmentally aware dynamic encryption, and blockchain risk control are deeply integrated. This will transform the U-shield from a passive defense tool (password storage) into a self-aware, proactive, and collaboratively evolving intelligent security terminal. The collaboration between AI models (such as self-checking CNN and risk control random forest) and hardware triggers a self-repair mechanism to extend hardware lifespan. The integration of dynamic encryption and network awareness generates "one-time key" keys through environmentally aware channel state information to resist advanced threats such as ransomware attacks. Based on a multi-factor real-time risk control model using blockchain smart contracts, and utilizing on-chain stored device status logs (self-check), environmental information, and user behavior data, millisecond-level risk identification and automatic response (such as freezing) are achieved, reducing the traditional risk control response time from hours to less than seconds. At the same time, the trusted on-chain abnormal operation pattern data provides high-quality training samples for AI models (such as self-checking CNN and risk control random forest), forming a closed-loop optimization and continuously improving the overall security protection capability of the system. Addressing issues such as low reliability of existing U-shield screens, weak encryption on public networks, and delayed risk control response, the closed-loop design of the entire process (detection-encryption-tracing-response) enables proactive, intelligent, and collaborative U-shield security management. This fundamentally changes the role of the U-shield as a passive password storage device, transforming it into an intelligent security terminal with self-awareness, proactive defense, and collaborative evolution capabilities.
[0074] According to embodiments of this application, based on context information and a dynamic key generation mechanism, the communication data of the digital certificate shield is dynamically encrypted in a hierarchical manner, including: generating a dynamic key seed using a hash algorithm based on channel state information, context information, and the identifier of the digital certificate shield; receiving signal strength indication values in real time based on a preset time window, and quantizing and generating an original key sequence based on the signal strength indication values and the dynamic key seed; performing hash verification and zero-knowledge verification on the communication channel between the digital certificate shield and the target communication party, and expanding the original key sequence to generate a session key if both hash verification and zero-knowledge verification pass; determining the current encryption level based on the signal strength indication value, channel state information, and current transaction characteristics, and dynamically switching the encryption algorithm of the current level according to the current encryption level; and encrypting the communication data using the encryption algorithm of the current level according to the session key.
[0075] Based on the spatiotemporal uniqueness of WiFi Channel State Information (CSI), the multipath fading features are extracted by the WiFi module on the U-shield as the original dynamic key seed. The formula for generating the dynamic key seed is as follows:
[0076] Kdynamic=SHA-3(CSI⊕DeviceID⊕Timestamp)
[0077] Where Kdynamic is the dynamic key seed, CSI is the channel state information feature vector, DeviceID is the unique identifier of the U-shield, Timestamp is the timestamp, ⊕ is the XOR operation, and SHA-3() is the hash algorithm.
[0078] The two communicating parties are the U-shield and the target communication party (such as a bank server). Within a 10ms time window, the two parties continuously measure 15 sets of RSSI values (sampling rate 1.5kHz) through a dynamic signal sampling window to filter out sudden interference (such as Bluetooth device interference), judge the received signal strength indicator (RSSI) value, and negotiate the key.
[0079] Based on the real-time received RSSI, the difference sequence between adjacent RSSIs is calculated using the following formula:
[0080] ΔRSSI[t] = RSSI[t] - RSSI[t-1] (t=1,2,...,14)
[0081] Where ΔRSSI represents the difference between adjacent RSSI values, and t represents the window time.
[0082] A quantization threshold of -2dBm can be set based on experience. Then, based on the quantization rules, the adjacent RSSI difference sequences are quantized to generate 0 / 1 basic sequences. The quantization rules are as follows:
[0083] If ΔRSSI≥δ, it is denoted as binary "1".
[0084] If ΔRSSI < δ, it is denoted as binary "0".
[0085] The dynamic key seed Kdynamic is processed into a 14-bit key of the same length. The 0 / 1 base sequence corresponding to the adjacent RSSI difference sequence is XORed bit by bit with the dynamic key seed to generate the 14-bit original key sequence K. raw (e.g., [1,0,1,1,0,...]).
[0086] The digital certificate shield is used to perform hash verification and zero-knowledge verification on the communication channel with the target party. The hash verification is as follows: the two parties exchange H(K) raw [1:7]) and H (K) raw [8:14]), H is SHA-256. If the hash values match, the channel consistency is confirmed; otherwise, the sequence is discarded and resampled. Zero-knowledge verification uses zero-knowledge concise non-interactive knowledge argumentation (zk-SNARK) to verify the authenticity of CSI data and protect user privacy.
[0087] After the double verification passes, key expansion is performed by using the HKDF-SHA256 algorithm to extend the original key sequence K. raw Extend to 256 bits to generate a session key that conforms to the AES-256 standard.
[0088] The encryption algorithm is automatically switched based on the WiFi signal strength RSSI and the current transaction characteristics (such as transaction amount and transaction type). The encryption algorithm is determined by combining AES-256 and the national cryptographic SM4 algorithm to realize key operation data such as U-shield transfer amount, receiving account, transaction type, digital certificate, and device fingerprint identity authentication data. The session key is generated based on the dynamic key (256-bit hash value) generated by CSI to realize dynamic hierarchical encryption of communication data. The dynamic encryption strategy table based on RSSI strength, CSI dimension and transaction characteristics is shown in Table 1 below.
[0089] Table 1 Dynamic Encryption Strategy Table
[0090]
[0091] For example, Figure 3 The diagram illustrates an encrypted interaction flowchart of a blockchain-based digital certificate shield anomaly detection method according to an embodiment of this application. Figure 3As shown, the two communicating parties are a USB security token (U-shield) and a bank. The U-shield terminal and the bank node implement a secure interaction process based on zero-knowledge proofs (zk-SNARK) and federated computing.
[0092] The U-Shield terminal sends encrypted CSI features to the bank node. The U-Shield encrypts the Channel State Information (CSI) features extracted from the WiFi channel using a key and sends it to the bank node. Upon receiving the data, the bank node initiates a zero-knowledge proof (zk-SNARK) verification request. The bank node sends a zk-SNARK verification request to the U-Shield terminal, requiring the U-Shield to prove it possesses legitimate CSI features without directly exposing the features themselves. The U-Shield generates a zero-knowledge proof and sends it to the bank node. This proof allows the bank node to confirm that the U-Shield indeed possesses genuine and valid CSI features without revealing any specific channel information, protecting user privacy. After receiving the legitimate proof, the bank node internally performs federated aggregation computation based on its multi-node federated learning results, completing risk assessment and key-related calculations without disclosing the original data of any party. Based on the calculation results, the bank node sends a dynamic key update command to the U-Shield, notifying the U-Shield to complete the key synchronization update and ensuring that subsequent communications use the new security key.
[0093] In the embodiments of this application, a key seed is generated using a hash algorithm based on information such as channel state and device identifier, making the key source more secure and reliable. Signal strength is introduced to generate the key sequence in real time, and this is combined with both hash and zero-knowledge verification to ensure channel trustworthiness. The encryption level and algorithm are dynamically adjusted according to channel and transaction characteristics to achieve adaptive matching of encryption strength. Key expansion generates session keys, balancing security and transmission efficiency, effectively resisting attacks such as channel eavesdropping and tampering, and improving the flexibility and protection capabilities of digital certificate shield communication encryption.
[0094] According to the embodiments of this application, Figure 4 An automatic monitoring flowchart of a blockchain-based digital certificate shield anomaly detection method according to an embodiment of this application is illustrated. Figure 4 As shown, in step S210, based on the screen image of the digital certificate shield, anomaly detection and automatic repair of the digital certificate shield are performed through a pre-trained convolutional neural network, which may include steps S410 to S430.
[0095] In step S410, the screen image of the digital certificate shield is acquired in real time using a photoelectric sensor.
[0096] Images from the U-Shield screen are captured by a miniature photoelectric sensor inside the shield at a high frequency (e.g., 10Hz). The captured images are input into a lightweight CNN deployed on the U-Shield's local FPGA chip / microcontroller for real-time inference, identifying display anomalies such as ghosting and color shift. The system automatically corrects these anomalies by dynamically adjusting voltage and refresh rates based on the output. Self-check events, correction records, and results are generated into a structured log, which is uploaded to the blockchain as a trusted data source for subsequent risk control as evidence of hardware status. Intelligent outbound calls are triggered based on the anomaly probability value to provide relevant prompts to the user.
[0097] For a USB security token, the hardware needs to include a miniature photoelectric sensor array and a programmable logic chip (such as a low-power FPGA chip). For example, the miniature photoelectric sensor array acquires screen images at a frequency of 10Hz with a resolution of 320×240 pixels. The FPGA chip dynamically adjusts the screen drive voltage and refresh rate, with a power consumption of <5mW.
[0098] In step S420, anomaly detection is performed on the screen image using a pre-trained convolutional neural network to obtain anomaly probability values; wherein, the pre-trained convolutional neural network is a lightweight convolutional neural network deployed in the digital certificate shield.
[0099] The acquired images are input into a lightweight CNN (such as a residual network model), and the output is anomaly probability values. The residual network model is deployed on the local processing chip of the U-shield (such as an FPGA chip / microcontroller).
[0100] In step S430, the digital certificate shield is repaired based on the anomaly probability value, and the repair log is obtained.
[0101] In the embodiments of this application, screen images are acquired in real time using photoelectric sensors, and local real-time anomaly detection is achieved by combining this with a lightweight CNN deployed on the device, without relying on external computing resources. Automatic repair is then performed based on the detected anomaly probability values, generating a repair log. This enables autonomous monitoring and closed-loop processing of hardware status, quickly identifying anomalies such as screen ghosting and damage, and solving the problem of traditional fixed drivers lacking self-testing capabilities. The local lightweight model reduces latency, improves device reliability, and provides reliable self-testing data for subsequent risk assessment.
[0102] According to an embodiment of this application, in step S430, repairing the digital certificate shield based on the abnormal probability value, the steps include: determining an abnormal state based on a preset abnormal threshold and an abnormal probability value; and triggering the programmable logic chip of the digital certificate shield based on the abnormal state to adjust the driving voltage and / or dynamically adjust the refresh rate.
[0103] Pre-set an abnormal threshold (e.g., P) threshold =0.05), if the anomaly probability value P≥P thresholdIf the current U-shield is in an abnormal state, the programmable logic chip will be triggered to perform a repair action, such as triggering the FPGA chip to adjust the drive voltage or dynamically adjust the refresh rate to complete the repair.
[0104] The FPGA repair logic allows for voltage adjustment and duration based on the screen model and fault severity. For example, in cases of ghosting (P≥0.05), the drive voltage is increased from 3.3V to 5.0V and lasts for 3ms. In cases of color shift (P≥0.08), the voltage difference between the red, green, and blue sub-pixels is adjusted by ±0.2V.
[0105] In the embodiments of this application, abnormal states are accurately determined based on anomaly probability values and thresholds, avoiding false positives and false negatives. By triggering a programmable logic chip to adjust the drive voltage or refresh rate, automatic screen anomaly repair is achieved at the hardware level, eliminating the need for manual replacement or repair. This dynamic adjustment method can extend the screen's lifespan and improve the hardware stability of the digital certificate shield. The automatic repair mechanism reduces downtime due to faults, ensures continuous device availability, and enhances hardware reliability during transactions.
[0106] According to an embodiment of this application, in step S230, an anomaly risk assessment of the digital certificate shield is performed based on self-checking state information and context information through a blockchain smart contract to obtain a risk score result. This includes: calculating the current risk factor based on context information and self-checking state information; wherein the context information includes geographical location, device fingerprint, timestamp, and transaction operation information; and inputting the current risk factor and risk factor weights into a pre-trained random forest scoring model to output a risk score result; wherein the risk factor weights are obtained by evaluating and updating the preset factor weights through out-of-bag error.
[0107] The core risk control decisions of smart contracts primarily utilize a random forest scoring model deployed on the blockchain, specifically a random forest multi-factor risk scoring model. The random forest scoring model calculates a risk score; when the score exceeds a set threshold, a freeze is triggered, and the record is transmitted back to the management system. Based on the score, automatic unfreezing and manual review unfreezing are executed. Automatic unfreezing invokes the permission management interface, locking the U-shield private key's operation permissions. Manual review unfreezing, after processing, triggers a key rotation protocol to generate a new private key. The risk factors input to the random forest scoring model are shown in Table 2 below.
[0108] Table 2 Risk Factors
[0109]
[0110] The weights of preset factors are dynamically adjusted by assessing the error of Out-of-Bag (OOB) data (e.g., the displacement velocity weight changes from 0.4 to 0.45). A circuit breaker mechanism is added (automatically switching to rule-based risk control when the model's OOB error exceeds 10%).
[0111] Based on GPS positioning coordinate data (such as K-anonymity generalization), device fingerprints (such as encrypted hash values), self-check status information, blockchain transaction logs (such as CID indexes stored in IPFS), risk factors are determined. The risk factors and their corresponding weights are then input into a trained random forest scoring model, which outputs a risk score (such as 0-1).
[0112] It's worth noting that the initial training process for the random forest scoring model involves: collecting historical normal and risky sample data of the USB token, and extracting risk factors such as displacement speed, device fingerprint changes, transaction frequency, self-check status, and transaction amount dispersion. Multiple decision trees are constructed to form a random forest, and the error is calculated using out-of-bag (OOB) data. Based on this, the initial weights of each factor are iteratively evaluated and optimized. After training, the model structure and optimal weights are saved, and an OOB error circuit breaker threshold is set. When the error exceeds 10%, it automatically switches to rule-based risk control to ensure the stability and reliability of smart contract risk assessment.
[0113] In the embodiments of this application, risk factors are calculated based on multi-dimensional contextual information such as geographical location, device fingerprints, and transaction operation information, as well as self-checking status information, making the risk assessment more comprehensive. A random forest scoring model with weights optimized using out-of-bag error is employed to improve the accuracy of risk factor judgment and reduce the false positive rate. Automated anomaly risk assessment is achieved through blockchain smart contracts, eliminating reliance on centralized systems and ensuring the reliability and traceability of the assessment process. Compared to manual verification and simple rule-based judgment, this method offers more sensitive risk identification and more objective scoring, significantly improving the efficiency and accuracy of anomaly risk assessment.
[0114] According to an embodiment of this application, step S230, which involves risk response control of the digital certificate shield based on the risk scoring result, includes: obtaining the triggering factor of the smart contract based on context information and triggering conditions; performing a graded response operation on the digital certificate shield based on the number of triggering factors; determining the current risk level based on the risk scoring result and a preset scoring range; performing a scoring response operation on the digital certificate shield based on the current risk level; and performing a scoring response operation on the digital certificate shield if there is a conflict between the graded response operation and the scoring response operation.
[0115] The triggering conditions for the core triggering factors of the smart contract are set. The triggering factors (such as spatiotemporal inconsistencies, high-frequency operations, and abnormal device fingerprints) are determined based on the triggering conditions and contextual information such as geographical location and device fingerprints. The triggering conditions are as follows:
[0116] Spatiotemporal discrepancy: If the same U-shield is used twice within 1 hour and the geographical location difference exceeds 100km (e.g., from province A to province B), cross-verification is performed using GPS / base station positioning data and blockchain timestamps.
[0117] High-frequency operation: If the frequency of operations in a single day exceeds a preset threshold (such as 50 transfers in a single day), the threshold will be dynamically adjusted based on the transaction amount (such as being more sensitive to small-amount high-frequency triggers).
[0118] Device fingerprint error: The fingerprint of the device bound to the U-shield (such as mobile device code or physical address) does not match, triggering a cross-device operation warning.
[0119] During the risk response control process, a tiered response operation mechanism is designed according to the number of triggering factors. After the risk response control is completed, it needs to be dynamically adjusted according to the risk scoring model. The specific execution is based on the output of the risk scoring model. When the risk scoring model does not output a score, the tiered response operation is used as the initial rule. The tiered response operation is shown in Table 3 below.
[0120] Table 3 Graded Response Operations
[0121]
[0122] If the risk score falls within the range of [0, 0.3), the current risk level is zero risk; if the risk score falls within the range of [0.3, 0.6), the current risk level is low risk; if the risk score falls within the range of [0.6, 0.8), the current risk level is medium risk; and if the risk score falls within the range of [0.8, 1.0], the current risk level is high risk. Based on the current risk level, a scoring response operation is performed on the U-shield, as shown in Table 4 below.
[0123] Table 4 Scoring Response Operations
[0124]
[0125] In the initial deployment of the risk scoring model or when the model is unavailable, a simple tiered response operation based on the number of triggering factors can be used as a backup or reference. However, when the risk scoring model is available, the smart contract will strictly trigger the scoring response operation according to the continuous risk values output by the risk scoring model and their corresponding risk levels.
[0126] Based on the risk response logic of continuous risk values and the number of triggering factors output by random forests, a simple rule can be used to more finely distinguish the risk differences of combinations of factors of the same level (e.g., a score for displacement speed of 180 km / h + equipment change > a score for displacement speed of 120 km / h + equipment change). For example: For a single-factor anomaly, a score of 0.75 indicates low risk according to the graded response (SMS verification), and a score-based response indicates medium risk (temporary freeze), with the final score-based response taking precedence. For a two-factor anomaly, a score of 0.55 indicates medium risk according to the graded response (temporary freeze), and a score-based response indicates low risk (SMS verification, with the final score-based response taking precedence).
[0127] In situations where there is a conflict between tiered and scoring-based response operations, the core principle is to prioritize scoring-based responses and use tiered responses as a supplement. At the automated execution layer, smart contracts strictly trigger responses according to scoring thresholds (millisecond-level efficiency). At the human decision-making layer, auditors can refer to factor combinations to assist in investigations (e.g., device fingerprint changes + high-frequency operations are more likely to indicate theft). Furthermore, in cases of discrepancies between scoring and factor counts (e.g., a score of 0.7 but only one factor), off-chain manual review can be triggered to ensure risk control.
[0128] All records of risk control response operations (including triggering conditions, risk scores, execution actions, and CID indexes) are stored and uploaded to the blockchain via IPFS. Regulatory agencies can use zero-knowledge proof technology to verify whether the execution of a specific response operation follows preset smart contract rules and risk control strategies without accessing sensitive raw data, allowing regulators to verify the reasonableness of the execution using zero-knowledge proofs.
[0129] For example, Figure 5 A flowchart illustrating the risk response process of a blockchain-based digital certificate shield anomaly detection method according to an embodiment of this application is shown. Figure 5As shown, the full-process risk control and model iteration closed loop of U-Shield digital certificate shield is divided into stages such as risk judgment, graded response, data feedback and model optimization. The specific steps are as follows: (1) Factor input: Input the feature data such as context information and self-check status information into the smart contract and convert them into standardized risk factors as input to the random forest scoring model. (2) Random forest scoring: Call the pre-trained / dynamically tuned random forest scoring model, integrate the input factors with the corresponding weights (displacement velocity 0.4, device fingerprint 0.2, etc.) to calculate and output the risk score in the range of 0-1. (3) Risk threshold judgment: Determine whether the score is greater than the preset risk control threshold (such as 0.6). If it is (score > threshold), it is high risk, trigger the score response, and execute strict risk control actions (such as locking the U-Shield private key operation permission, freezing transactions, and triggering the key rotation protocol); if not (score ≤ threshold), trigger the graded response and execute low-risk management according to the score gradient (such as adding transaction verification steps, manual review and warning, and limiting the operation amount). (4) Blockchain Evidence Storage: Regardless of whether it is a scoring response or a graded response, the smart contract will store all risk control data on the blockchain for evidence storage, including risk factors, risk scoring results, details of risk control response instruction execution, timestamps, and U-shield device identification. The core purpose is to utilize the immutability of the blockchain to solidify risk control evidence and support subsequent traceability and auditing. (5) Model Optimization: The full amount of risk control data stored on the blockchain (including successful cases and misjudged / missed cases) is used as training samples and fed back into the model for training, realizing a closed-loop iteration of risk control and continuously improving the accuracy of risk identification.
[0130] In the embodiments of this application, a tiered response is achieved through the number of triggering factors and risk scoring ranges. When two types of responses conflict, the scoring response is executed first, ensuring that the control logic is centered on the risk level and avoiding strategy confusion. The smart contract automatically executes the response operation without manual intervention, improving the real-time performance of the handling. Tiered handling can adapt to different risk scenarios, avoiding excessive control of low-risk scenarios and ensuring strict protection of high-risk scenarios, thus optimizing the rationality and execution efficiency of digital certificate shield risk control.
[0131] According to an embodiment of this application, the blockchain-based digital certificate shield anomaly detection method further includes: constructing a first updated training set based on newly added self-inspection data from the blockchain, and incrementally training a lightweight convolutional neural network based on the first updated training set; constructing a second updated training set based on newly added anomaly cases from the blockchain, and monitoring the out-of-bag error rate of the random forest scoring model in real time; and incrementally training the random forest scoring model based on the second updated training set when the out-of-bag error rate exceeds a preset error rate threshold.
[0132] During the anomaly detection process, the context information, self-inspection status information, risk scoring results, and risk response control related data of the digital certificate shield are written into the blockchain as new data.
[0133] Anonymized data, including newly added self-check status, anomaly logs, and device fingerprint mutations, is extracted from the blockchain to construct the first updated training set, which is divided into a training subset and a validation subset according to a preset ratio (e.g., 7:3). Anomaly patterns accumulated on the blockchain (e.g., anomaly probability > 80%, device hardware anomalies) are converted into standardized vectors and input into a lightweight CNN network. Transfer learning is employed, freezing the bottom feature extraction layer and fine-tuning only the top classification network, preserving existing model knowledge while learning new anomaly features. Mini-batch gradient descent is used to optimize parameters during training, and the model's performance is evaluated using accuracy and precision metrics. An updated model file is generated after training. The lightweight model is pushed to the U-shield via an Over-the-Air (OTA) secure channel, replacing the old model and improving the accuracy of identifying risks such as device hardware anomalies and physical tampering, thus completing the incremental update.
[0134] All data related to the freeze event (including triggering factors, risk scores, actions taken, and final handling results) is written into the training dataset of the random forest model for periodic incremental training or full retraining, dynamically optimizing factor weights (e.g., increasing the weight coefficient of device fingerprint changes based on actual cases) and model performance. Data such as newly added abnormal cases, risk scores, and risk control handling records on the blockchain are acquired to construct a second updated training set. The out-of-bag (OOB) error rate of the random forest model is continuously monitored. When the error rate exceeds a 5% threshold, it indicates that the model may be drifting, automatically triggering the model retraining process. New samples are injected into the training set, maintaining the original decision tree structure, adding subtrees to learn new risk features, and re-evaluating the weights of factors such as displacement velocity, device fingerprint changes, and transaction frequency based on the OOB error, dynamically optimizing the weight allocation. After training, the new model's OOB error is calculated, and the model parameters are solidified after verification that they meet the standard. If the error rate still exceeds the standard, the circuit breaker mechanism is automatically activated to switch to rule-based risk control. After the model is updated, it is synchronized to the smart contract via the blockchain and pushed to the blockchain nodes for deployment via OTA, achieving dynamic model tuning and ensuring the accuracy and stability of risk assessment.
[0135] In the embodiments of this application, training sets are constructed using newly added self-check data and anomaly cases on the blockchain, respectively, and incremental training is performed on the convolutional neural network and random forest models to achieve continuous iterative optimization of the models. The out-of-bag error rate of the random forest model is monitored in real time, and updates are made promptly when the accuracy decreases to ensure long-term stability and reliability of risk assessment. The immutability of blockchain data ensures the authenticity and validity of training samples, allowing the model to continuously adapt to new anomaly types, constantly improving anomaly detection and risk assessment capabilities, and forming a self-optimizing security protection system.
[0136] Based on the above-described blockchain-based digital certificate shield anomaly detection method, embodiments of this application also provide a blockchain-based digital certificate shield anomaly detection device. The following will combine... Figure 6 The device is described in detail.
[0137] Figure 6 The diagram illustrates the structure of a blockchain-based digital certificate shield anomaly detection device according to an embodiment of this application.
[0138] like Figure 6 As shown, the blockchain-based digital certificate shield anomaly detection device 600 of this embodiment includes an anomaly self-test module 610, an information writing module 620, and an anomaly response module 630.
[0139] The anomaly self-check module 610 is used to monitor and automatically repair the digital certificate shield based on the screen image of the digital certificate shield through a pre-trained convolutional neural network, thereby obtaining self-check status information. In one embodiment, the anomaly self-check module 610 can be used to execute step S210 described above, which will not be repeated here.
[0140] The information writing module 620 is used to write the context information of the digital certificate shield and the self-test status information into the blockchain based on a de-identification and compression strategy. In one embodiment, the information writing module 620 can be used to perform step S220 described above, which will not be repeated here.
[0141] The anomaly response module 630 is used to perform anomaly risk assessment on the digital certificate shield based on the self-check status information and the context information through the smart contract of the blockchain, obtain a risk score result, and perform risk response control on the digital certificate shield according to the risk score result. In one embodiment, the anomaly response module 630 can be used to execute step S230 described above, which will not be repeated here.
[0142] According to an embodiment of this application, the device 600 further includes: an encrypted transmission module, configured to dynamically and hierarchically encrypt the communication data of the digital certificate shield based on the context information and a dynamic key generation mechanism, and transmit the encrypted data; and to terminate the transmission of the encrypted data and lock the key operation permission in response to the risk score result exceeding a preset risk threshold.
[0143] According to an embodiment of this application, the anomaly response module 630 includes: an anomaly risk assessment unit, configured to calculate the current risk factor based on the context information and the self-check status information; wherein the context information includes geographical location, device fingerprint, timestamp, and transaction operation information; and to input the current risk factor and risk factor weights into a pre-trained random forest scoring model and output the risk score result; wherein the risk factor weights are obtained by evaluating and updating the preset factor weights through out-of-bag error.
[0144] According to an embodiment of this application, the anomaly response module 630 further includes: a risk response control unit, configured to: obtain the triggering factors of the smart contract based on the context information and triggering conditions; perform a graded response operation on the digital certificate shield based on the number of triggering factors; determine the current risk level based on the risk scoring result and a preset scoring range; perform a scoring response operation on the digital certificate shield based on the current risk level; and perform the scoring response operation on the digital certificate shield if there is a conflict between the graded response operation and the scoring response operation.
[0145] According to an embodiment of this application, the encrypted transmission module includes: a key seed generation unit, configured to generate the dynamic key seed using a hash algorithm based on the channel state information, the context information, and the identifier of the digital certificate shield; an original key generation unit, configured to receive a signal strength indicator value in real time based on a preset time window, and quantize and generate an original key sequence according to the signal strength indicator value and the dynamic key seed; a session key generation unit, configured to perform hash verification and zero-knowledge verification on the communication channel between the digital certificate shield and the target communication party, and expand the original key sequence to generate a session key if both hash verification and zero-knowledge verification pass; an encryption algorithm switching unit, configured to determine the current encryption level based on the signal strength indicator value, the channel state information, and the current transaction characteristics, and dynamically switch the encryption algorithm of the current level according to the current encryption level; and a communication encryption unit, configured to encrypt the communication data using the encryption algorithm of the current level according to the session key.
[0146] According to an embodiment of this application, the self-check status information includes an anomaly probability value and / or a repair log; the anomaly self-check module 610 includes: an image acquisition unit, used to acquire the screen image of the digital certificate shield in real time through a photoelectric sensor; an anomaly detection unit, used to perform anomaly detection on the screen image through a pre-trained convolutional neural network to obtain the anomaly probability value; wherein the pre-trained convolutional neural network is a lightweight convolutional neural network deployed in the digital certificate shield; and a repair unit, used to repair the digital certificate shield based on the anomaly probability value to obtain the repair log.
[0147] According to an embodiment of this application, the repair unit includes: a state determination subunit, used to determine an abnormal state based on a preset abnormal threshold and the abnormal probability value; and an adjustment subunit, used to trigger the programmable logic chip of the digital certificate shield based on the abnormal state to adjust the driving voltage and / or dynamically adjust the refresh rate.
[0148] According to an embodiment of this application, the device 600 further includes: a model update module, configured to construct a first updated training set based on newly added self-test data of the blockchain, and incrementally train the lightweight convolutional neural network based on the first updated training set; construct a second updated training set based on newly added abnormal cases of the blockchain, and monitor the out-of-bag error rate of the random forest scoring model in real time, and incrementally train the random forest scoring model based on the second updated training set if the out-of-bag error rate exceeds a preset error rate threshold.
[0149] According to embodiments of this application, any multiple modules among the anomaly self-test module 610, information writing module 620, anomaly response module 630, encrypted transmission module, and model update module can be merged into one module, or any one of these modules can be split into multiple modules. Alternatively, at least some of the functions of one or more of these modules can be combined with at least some of the functions of other modules and implemented in one module. According to embodiments of this application, at least one of the anomaly self-test module 610, information writing module 620, anomaly response module 630, encrypted transmission module, and model update module can be at least partially implemented as hardware circuits, such as field-programmable gate arrays, programmable logic arrays, systems-on-a-chip, systems-on-a-substrate, systems-on-package, application-specific integrated circuits, or other reasonable means of integrating or packaging circuits, or implemented in hardware or firmware, or in any one of software, hardware, and firmware implementations, or in a suitable combination of any of these. Alternatively, at least one of the anomaly self-check module 610, information writing module 620, anomaly response module 630, encrypted transmission module, and model update module can be at least partially implemented as a computer program module, which can perform corresponding functions when the computer program module is run.
[0150] Figure 7 A block diagram schematically illustrates an electronic device suitable for implementing a blockchain-based digital certificate shield anomaly detection method according to an embodiment of this application.
[0151] like Figure 7 As shown, an electronic device 1200 according to an embodiment of this application includes a processor 1201, which can perform various appropriate actions and processes according to a program stored in a read-only memory 1202 or a program loaded from a storage portion 1208 into a random access memory 1203. The processor 1201 may include, for example, a general-purpose microprocessor, an instruction set processor and / or an associated chipset and / or a dedicated microprocessor. The processor 1201 may also include onboard memory for caching purposes. The processor 1201 may include a single processing unit or multiple processing units for executing different steps of the method flow according to an embodiment of this application.
[0152] Random access memory 1203 stores various programs and data required for the operation of electronic device 1200. Processor 1201, read-only memory 1202, and random access memory 1203 are interconnected via bus 1204. Processor 1201 executes various steps of the method flow according to embodiments of this application by executing programs in read-only memory 1202 and / or random access memory 1203. It should be noted that the programs may also be stored in one or more memories other than read-only memory 1202 and random access memory 1203. Processor 1201 may also execute various steps of the method flow according to embodiments of this application by executing programs stored in said one or more memories.
[0153] According to embodiments of this application, the electronic device 1200 may further include an input / output interface 1205, which is also connected to the bus 1204. The electronic device 1200 may also include one or more of the following components connected to the input / output interface 1205: an input section 1206 including a keyboard, mouse, etc.; an output section 1207 including a cathode ray tube, liquid crystal display, etc., and a speaker, etc.; a storage section 1208 including a hard disk, etc.; and a communication section 1209 including a network interface card, such as a local area network card, modem, etc. The communication section 1209 performs communication processing via a network such as the Internet. A drive 1210 is also connected to the input / output interface 1205 as needed. A removable medium 1211, such as a disk, optical disk, magneto-optical disk, semiconductor memory, etc., is installed on the drive 1210 as needed so that computer programs read from it can be installed into the storage section 1208 as needed.
[0154] Embodiments of this application also provide a computer-readable storage medium, which may be included in the device / apparatus / system described in the above embodiments; or it may exist independently and not assembled into the device / apparatus / system. The computer-readable storage medium carries one or more programs, which, when executed, implement the method according to the embodiments of this application.
[0155] According to embodiments of this application, the computer-readable storage medium can be a non-volatile computer-readable storage medium, such as including but not limited to: portable computer disks, hard disks, random access memory, read-only memory, erasable programmable read-only memory, portable compact disk read-only memory, optical storage devices, magnetic storage devices, or any suitable combination thereof. In embodiments of this application, the computer-readable storage medium can be any tangible medium containing or storing a program that can be used by or in conjunction with an instruction execution system, apparatus, or device. For example, according to embodiments of this application, the computer-readable storage medium may include the read-only memory 1202, and / or random access memory 1203, and / or one or more memories other than read-only memory 1202 and random access memory 1203 described above.
[0156] Embodiments of this application also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowchart. When the computer program product is run on a computer system, the program code is used to cause the computer system to implement the methods provided in the embodiments of this application.
[0157] In one embodiment, the computer program may rely on a tangible storage medium such as an optical storage device or a magnetic storage device. In another embodiment, the computer program may also be transmitted and distributed in the form of signals over a network medium, and may be downloaded and installed via the communication section 1209, and / or installed from the removable medium 1211. The program code contained in the computer program can be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination thereof.
[0158] In embodiments of this application, the computer program can be downloaded and installed from a network via communication section 1209, and / or installed from removable medium 1211. When the computer program is executed by processor 1201, it performs the functions defined in the system of this application embodiment. According to embodiments of this application, the systems, devices, apparatuses, modules, units, etc., described above can be implemented by computer program modules.
[0159] According to embodiments of this application, program code for executing the computer programs provided in the embodiments of this application can be written in any combination of one or more programming languages. Specifically, these computational programs can be implemented using high-level procedural and / or object-oriented programming languages, and / or assembly / machine languages. The program code can be executed entirely on the user's computing device, partially on the user's device, partially on a remote computing device, or entirely on a remote computing device or server. In cases involving remote computing devices, the remote computing device can be connected to the user's computing device via any type of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computing device (e.g., via the Internet using an Internet service provider).
[0160] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of this application. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in a block diagram or flowchart, and combinations of blocks in a block diagram or flowchart, may be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.
[0161] Those skilled in the art will understand that the features described in the various embodiments of this application can be combined and / or combined in various ways, even if such combinations or combinations are not explicitly described in this application. In particular, the features described in the various embodiments of this application can be combined and / or combined in various ways without departing from the spirit and teachings of this application. All such combinations and / or combinations fall within the scope of this application.
Claims
1. A method for detecting anomalies in a blockchain-based digital certificate shield, characterized in that, The method includes: Based on the screen image of the digital certificate shield, anomaly detection and automatic repair are performed on the digital certificate shield through a pre-trained convolutional neural network to obtain self-check status information. Based on a de-identification and compression strategy, the context information of the digital certificate shield and the self-check status information are written into the blockchain; and The digital certificate shield is assessed for abnormal risks based on the self-inspection status information and the context information through the smart contract of the blockchain, a risk score is obtained, and risk response control is performed on the digital certificate shield according to the risk score.
2. The method according to claim 1, characterized in that, The method further includes: Based on the context information and a dynamic key generation mechanism, the communication data of the digital certificate shield is dynamically and hierarchically encrypted, and the encrypted data is transmitted. In response to the risk score result exceeding a preset risk threshold, the transmission of the encrypted data is terminated, and key operation permissions are locked.
3. The method according to claim 1, characterized in that, The smart contract on the blockchain performs anomaly risk assessment on the digital certificate shield based on the self-check status information and the context information to obtain a risk score result, including: Based on the context information and the self-check status information, the current risk factor is calculated; wherein, the context information includes geographical location, device fingerprint, timestamp, and transaction operation information; and The current risk factors and risk factor weights are input into a pre-trained random forest scoring model, and the risk score result is output; wherein, the risk factor weights are obtained by evaluating and updating the preset factor weights through out-of-bag error.
4. The method according to claim 1, characterized in that, The risk response control of the digital certificate shield based on the risk scoring result includes: Based on the context information and triggering conditions, obtain the triggering factor of the smart contract; Based on the number of triggering factors, a tiered response operation is performed on the digital certificate shield; Based on the risk scoring results and the preset scoring range, the current risk level is determined; Based on the current risk level, a scoring response operation is performed on the digital certificate shield; and In the event of a conflict between the graded response operation and the scoring response operation, the scoring response operation is performed on the digital certificate shield.
5. The method according to claim 2, characterized in that, The step of dynamically encrypting the communication data of the digital certificate shield based on the context information and a dynamic key generation mechanism includes: Based on the channel state information, the context information, and the identifier of the digital certificate shield, a hash algorithm is used to generate a dynamic key seed; Based on a preset time window, the signal strength indicator value is received in real time, and the original key sequence is generated by quantization according to the signal strength indicator value and the dynamic key seed; The digital certificate shield is subjected to hash verification and zero-knowledge verification on the communication channel with the target communication party. If both hash verification and zero-knowledge verification pass, the original key sequence is expanded to generate a session key. Based on the signal strength indicator value, the channel state information, and the current transaction characteristics, the current encryption level is determined, and the encryption algorithm for the current encryption level is dynamically switched according to the current encryption level; and The communication data is encrypted using the encryption algorithm of the current level based on the session key.
6. The method according to claim 3, characterized in that, in, The self-check status information includes anomaly probability values and / or repair logs; the screen image based on the digital certificate shield, through a pre-trained convolutional neural network, performs anomaly detection and automatic repair on the digital certificate shield, including: The screen image of the digital certificate shield is captured in real time using a photoelectric sensor; Anomaly detection is performed on the screen image using a pre-trained convolutional neural network to obtain the anomaly probability value; wherein, the pre-trained convolutional neural network is a lightweight convolutional neural network deployed in the digital certificate shield; and Repair the digital certificate shield based on the anomaly probability value and obtain the repair log.
7. The method according to claim 6, characterized in that, The repair of the digital certificate shield based on the abnormal probability value includes: An abnormal state is determined based on a preset abnormal threshold and the abnormal probability value; and Based on the abnormal state, the programmable logic chip of the digital certificate shield is triggered to adjust the driving voltage and / or dynamically adjust the refresh rate.
8. The method according to claim 6, characterized in that, The method further includes: Based on the newly added self-check data of the blockchain, a first updated training set is constructed, and the lightweight convolutional neural network is incrementally trained based on the first updated training set. Based on the newly added abnormal cases in the blockchain, a second updated training set is constructed, and the out-of-bag error rate of the random forest scoring model is monitored in real time. If the out-of-bag error rate exceeds a preset error rate threshold, the random forest scoring model is incrementally trained based on the second updated training set.
9. A blockchain-based digital certificate shield anomaly detection device, characterized in that, The device includes: An anomaly self-check module is used to monitor and automatically repair anomalies in the digital certificate shield based on the screen image of the digital certificate shield through a pre-trained convolutional neural network, and obtain self-check status information. The information writing module is used to write the context information of the digital certificate shield and the self-test status information into the blockchain based on a de-identification and compression strategy; and An anomaly response module is used to perform anomaly risk assessment on the digital certificate shield based on the self-inspection status information and the context information through the smart contract of the blockchain, obtain a risk score result, and perform risk response control on the digital certificate shield according to the risk score result.
10. An electronic device, comprising: One or more processors; Memory, used to store one or more computer programs. The characteristic feature is that the one or more processors execute the one or more computer programs to implement the steps of the method according to any one of claims 1 to 8.
11. A computer-readable storage medium having a computer program or instructions stored thereon, characterized in that, When the computer program or instructions are executed by a processor, they implement the steps of the method according to any one of claims 1 to 8.
12. A computer program product, comprising a computer program or instructions, characterized in that, When the computer program or instructions are executed by a processor, they implement the steps of the method according to any one of claims 1 to 8.