Inventory management method, electronic device, and inventory management system
By using post-quantum encryption and symmetric encryption algorithms to generate keys, combined with dynamic QR codes and atomic update operations, the data security and consistency issues in inventory management are solved, achieving efficient and secure inventory management.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SHANGHAI NUCLEAR ENGINEERING RESEARCH & DESIGN INSTITUTE CO LTD
- Filing Date
- 2026-04-23
- Publication Date
- 2026-07-14
AI Technical Summary
Existing technologies have issues with data security and data consistency in inventory management. Static QR code labels are easy to copy and tamper with, and inventory consistency is difficult to guarantee during high-concurrency business operations, leading to data leaks and system blockages.
The encryption key is generated using post-quantum encryption and symmetric encryption algorithms. Data is encrypted and decrypted by the client and server respectively, generating ciphertext data for transmission. QR codes are dynamically generated to prevent replay attacks, and atomic update operations are performed on the server side to ensure data consistency.
It improves data security and data transmission efficiency in inventory management, prevents data leakage and replay attacks, solves inventory consistency issues under high concurrency, and enhances the smoothness of system operations.
Smart Images

Figure CN122390631A_ABST
Abstract
Description
Technical Field
[0001] This application mainly relates to the field of digital inventory management technology for material assets, and in particular to an inventory management method, electronic device and inventory management system. Background Technology
[0002] Digital inventory management of material assets is a core operational aspect of the industry, especially in the nuclear power industry (such as digital inventory management of material assets in nuclear power plants), where data security and data consistency are of paramount importance.
[0003] Existing technologies typically drive business operations by scanning QR code labels. For example, scanning the static QR code label of a material asset drives the borrowing of that asset, thereby reducing inventory. However, existing technologies have significant shortcomings in two core management aspects: label security and data consistency.
[0004] On the one hand, existing technologies typically directly encode the static ID or plaintext information of material assets to generate static QR code labels. These static QR code labels lack the ability to prevent copying, reuse, and tampering, exposing operational loopholes in the inventory management cycle. This manifests in several ways: static QR code labels are easily copied, leading to repeated scanning of the same material asset. For example, the same equipment may be scanned and borrowed multiple times by different personnel, resulting in the loss of assets due to multiple borrowings; or, during the material asset return process, forged static QR code labels can be used to falsely indicate that unreturned material assets have been returned, causing an inflated inventory count.
[0005] On the other hand, existing technologies rely on an inventory update logic where the application layer first queries the existing inventory, then calculates the new inventory value, and finally updates it. This presents an inventory consistency problem during high-concurrency business operations, leading to data contention challenges. For example, if two borrowing operations simultaneously read a tool inventory of 5, both calculate a new inventory value of 4 before updating, resulting in the actual inventory being less than the recorded inventory. While mainstream database row-level locking technology can guarantee the accuracy of inventory levels, it comes at the cost of serialized processing, severely blocking the workflow and failing to support high-throughput concurrent inventory management requests.
[0006] Therefore, there is an urgent need in this field for an inventory management method, electronic device, and inventory management system to improve the effectiveness of inventory management. Summary of the Invention
[0007] The technical problem this application aims to solve is to provide an inventory management method, electronic device, and inventory management system that can ensure data security, data consistency, and business smoothness in digital inventory management.
[0008] To address the aforementioned technical problems, this application provides an inventory management method applied to a client. The method includes: acquiring key parameters for at least two encryption algorithms and generating an encryption key based on the key parameters, wherein at least one of the at least two encryption algorithms includes a post-quantum encryption algorithm; acquiring a business operation instruction and generating operation metadata based on the business operation instruction, wherein the operation metadata includes business data and additional data, wherein the business data includes data related to the business operation instruction, and the additional data includes data unrelated to the business operation instruction; generating plaintext data based on the operation metadata; encrypting the plaintext data using the encryption key and a symmetric encryption algorithm to obtain ciphertext data; and transmitting the ciphertext data to a server.
[0009] Secondly, this application also provides an inventory management method applied to a server. The method includes: obtaining key parameters of at least two encryption algorithms and generating an encryption key based on the key parameters, wherein at least one of the at least two encryption algorithms includes a post-quantum encryption algorithm; receiving ciphertext data sent by a client, wherein the ciphertext data is obtained by the client encrypting plaintext data using the encryption key, the plaintext data is generated by the client based on operation metadata, the operation metadata is generated by the client based on business operation instructions, the operation metadata includes business data and additional data, the business data includes data related to the business operation instructions, and the additional data includes data unrelated to the business operation instructions; and decrypting the ciphertext data using the encryption key and a symmetric encryption algorithm to obtain the plaintext data.
[0010] Thirdly, this application also provides an electronic device, comprising: a memory for storing instructions executable by a processor and data processed when executing the instructions; and a processor for executing the instructions to implement the inventory management method applied to a client or server as described above. Fourthly, this application also provides an inventory management system, comprising: a client configured to execute the inventory management method applied to a client as described above; and a server configured to execute the inventory management method applied to a server as described above.
[0011] Fifthly, this application also provides a computer program product, including computer program code, which, when executed by one or more processors, implements the steps of the inventory management method described above. Compared with the prior art, this application has the following advantages: (1) This application uses at least two encryption algorithms, including post-quantum encryption algorithm, and generates encryption keys by the client and server respectively according to the key parameters of at least two encryption algorithms to encrypt plaintext data including business data. This can alleviate the data security problem caused by quantum computing cracking ciphertext data. In particular, it can alleviate the data confidentiality leakage and data incompleteness caused by classical computing attacks and quantum computing attacks in the inventory management scenario with high security requirements such as nuclear power plants. (2) This application uses at least two encryption algorithms to generate encryption keys and uses a symmetric encryption algorithm to encrypt plaintext data, which can improve data security while improving data transmission efficiency; (3) In some preferred embodiments, this application can also generate QR codes through encrypted data to avoid static binding of QR codes with material assets, thereby preventing data security issues caused by replay. Attached Figure Description
[0012] The accompanying drawings are included to provide a further understanding of this application; they are incorporated into and constitute a part of this application. The drawings illustrate embodiments of this application and, together with this specification, serve to explain the principles of this application. In the drawings: Figure 1 This is a flowchart illustrating the first inventory management method in one embodiment of this application; Figure 2 This is a schematic diagram of the structure of plaintext data in one embodiment of this application; Figure 3 This is a schematic diagram of the plaintext data structure in another embodiment of this application; Figure 4 This is a flowchart illustrating the second inventory management method in one embodiment of this application; Figure 5 This is a schematic diagram of the structure of an inventory management system according to an embodiment of this application; Figure 6 This is a schematic diagram of the structure of an electronic device according to an embodiment of this application. Detailed Implementation
[0013] To more clearly illustrate the technical solutions of the embodiments of this application, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the drawings described below are merely some examples or embodiments of this application. For those skilled in the art, these drawings can be applied to other similar scenarios without creative effort. Unless obvious from the context or otherwise specified, the same reference numerals in the drawings represent the same structures or operations.
[0014] As indicated in this application and claims, unless the context clearly indicates otherwise, the words "a," "an," "an," and / or "the" are not specifically singular and may include plural forms. Generally speaking, the terms "comprising" and "including" only indicate the inclusion of explicitly identified steps and elements, which do not constitute an exclusive list, and the method or apparatus may also include other steps or elements.
[0015] Unless otherwise specifically stated, the relative arrangement, numerical expressions, and values of the components and steps described in these embodiments do not limit the scope of this application. It should also be understood that, for ease of description, the dimensions of the various parts shown in the drawings are not drawn to actual scale. Techniques, methods, and devices known to those skilled in the art may not be discussed in detail, but where appropriate, such techniques, methods, and devices should be considered part of the specification. In all examples shown and discussed herein, any specific values should be interpreted as merely exemplary and not as limitations. Therefore, other examples of exemplary embodiments may have different values. It should be noted that similar reference numerals and letters in the following drawings denote similar items; therefore, once an item is defined in one drawing, it need not be further discussed in subsequent drawings.
[0016] Furthermore, it should be noted that the use of terms such as "first" and "second" to define components is merely for the purpose of distinguishing the corresponding components. Unless otherwise stated, these terms have no special meaning and therefore should not be construed as limiting the scope of protection of this application. In addition, although the terminology used in this application is selected from commonly known and used terms, some terms mentioned in this application's specification may have been chosen by the applicant according to his or her judgment, and their detailed meanings are explained in the relevant sections of this description. Moreover, this application should be understood not only through the actual terms used, but also through the meaning implied by each term.
[0017] Flowcharts are used in different embodiments of this application to illustrate the operations performed by the system according to embodiments of this application. It should be understood that the preceding or following operations are not necessarily performed in exact order. Instead, various steps can be processed in reverse order or simultaneously. Furthermore, other operations may be added to these processes, or one or more steps may be removed from these processes.
[0018] The following describes the inventory management method, electronic device, and inventory management system of this application through specific embodiments.
[0019] Figure 1 This illustration shows a flowchart of a first inventory management method 10 according to an embodiment of this application. The first inventory management method 10 is applied to a client and includes... Figure 1Steps S110 to S150 will be explained in detail below.
[0020] First, step S110 involves obtaining key parameters for at least two encryption algorithms and generating an encryption key based on the key parameters, wherein at least one of the at least two encryption algorithms includes a post-quantum encryption algorithm.
[0021] For example, in this embodiment, the client interacts with the server. The client locally stores first key parameters for at least two encryption algorithms, and the server stores second key parameters for at least two encryption algorithms. In step S110, obtaining the key parameters for at least two encryption algorithms may further include obtaining the second key parameters stored by the server. Based on this, the step in step S110 of generating an encryption key based on the key parameters may further include calculating an encryption key based on the second key parameters and the first key parameters stored locally by the client. This encryption key is used to subsequently encrypt the plaintext data to be transmitted.
[0022] In this embodiment, preferably, the client and server use the same two encryption algorithms, namely an asymmetric encryption algorithm and a post-quantum encryption algorithm. Specifically, the asymmetric encryption algorithm refers to an encryption technique that uses a pair of public and private key parameters, encrypting with the public key parameters and decrypting with the private key parameters. The post-quantum encryption (PQC) algorithm refers to a post-quantum cryptography technique implemented on electronic devices to resist attacks from quantum computers. The first key parameter includes the public and private key parameters of the asymmetric encryption algorithm stored on the client, and the key parameter of the post-quantum encryption algorithm. The second key parameter includes the public and private key parameters of the asymmetric encryption algorithm stored on the server, and the key parameter of the post-quantum encryption algorithm. In high-security scenarios such as nuclear power plants, the post-quantum encryption algorithm can resist malicious attacks by quantum computers on the inventory management of nuclear power plant material assets, thereby improving the data security and confidentiality of inventory management methods.
[0023] For example, the asymmetric encryption algorithm can employ the RSA (Rivest-Shamir-Adleman) asymmetric encryption algorithm, and the post-quantum encryption algorithm can employ the ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) post-quantum key encapsulation algorithm. More preferably, the client and the server interacting with it pre-align the common parameters of the RSA asymmetric encryption algorithm and the ML-KEM post-quantum key encapsulation algorithm; these common parameters can be used to generate key parameters. The common parameters of the RSA asymmetric encryption algorithm include modulus length, public exponent, etc., while the common parameters of the ML-KEM post-quantum key encapsulation algorithm include finite field modulus, noise error distribution parameters, multinomial dimension, etc. In other embodiments, the asymmetric encryption algorithm can also employ the Chinese national standard SM2 asymmetric encryption algorithm.
[0024] More specifically, as an example, for asymmetric encryption algorithms, a shared secret agreed upon by both parties can be calculated using a key negotiation mechanism based on the public key parameters obtained from the interaction server and the private key parameters stored locally. Then, key K1 can be independently calculated using key derivation rules. On the other hand, as an example, for post-quantum encryption algorithms, a unique shared secret and corresponding ciphertext can be generated using the public key parameters obtained from the interaction server. Key K2 can be generated based on the unique shared secret using key derivation rules, and the corresponding ciphertext can be sent to the interaction server. In step S110, the final encryption key can be obtained by concatenating key K1 and key K2, which can then be used to encrypt the transmitted plaintext data.
[0025] Next, refer to Figure 1 In step S120, the business operation instruction is obtained and operation metadata is generated based on the business operation instruction. The operation metadata includes business data and additional data. The business data includes data related to the business operation instruction, and the additional data includes data unrelated to the business operation instruction.
[0026] Specifically, business operation instructions can include executable instructions that trigger explicit inventory operations within the inventory management process. These executable instructions can be generated by the user through a client-side UI interface. Therefore, in this case, the business operation instructions are highly coupled with the UI interface and the process. Based on this, step S120 converts the highly coupled business operation instructions into structured data objects and generates operation metadata based on these structured data objects, facilitating data transmission and processing. As an example, in the nuclear power field, business operation instructions include, but are not limited to, instructions to borrow specified material assets, instructions to return specified material assets, and instructions to transfer specified material assets across units.
[0027] Specifically, the instruction content of business operation commands is processed into structured metadata decoupled from specific UI design and processes, and this structured metadata is used as the business data in the operation metadata. For example, in some embodiments of this application, business data can be represented in dictionary form. For instance, business data could be {Material Identifier: A; Operation Type Identifier: B}, meaning that an operation with operation type identifier B is performed on the material asset with material identifier A. It should be noted that A and B in the above embodiments are merely exemplary designations for describing business data and do not constitute a specific limitation on the technical solution of this application. A can be replaced with any unique identifier of a material asset that conforms to the inventory management scenario, including but not limited to the Universally Unique Identifier (UUID) of material assets, and B can be replaced with any unique identifier of an operation type that conforms to the inventory management scenario, including but not limited to the loan operation identifier.
[0028] Meanwhile, to further enrich the information content of the operational metadata, it also includes supplementary data. This supplementary data is unrelated to the instruction content of the business operation command; in other words, it does not involve specific inventory operation actions but only serves as supplementary environmental information for the business operation command. For example, supplementary data includes timestamps and random numbers. In some embodiments, supplementary data may also include hash values for integrity verification. Furthermore, supplementary data can be represented in dictionary form, for example, as {timestamp: C; random number: D; hash value: E}. That is, the operational metadata is issued at global timestamp C. The freshness of the operational metadata can be verified by timestamp C and random number D, and the integrity of the operational metadata can be verified by hash value E, thus preventing replay and data loss. It is understood that C, D, and E in the above embodiments are merely exemplary designations for ease of description and do not constitute a limitation on the technical solution of this application.
[0029] In some embodiments, the inventory management method of this application further includes adding a device tag uniquely corresponding to the client to the operation metadata. Thus, any server obtaining the operation metadata can identify the client that sent the operation metadata through the device tag in the operation metadata.
[0030] Further reference Figure 1 Step S130 involves generating plaintext data based on the operation metadata. Specifically, step S130 uses the operation metadata as a component of the plaintext data. As an example, the operation metadata can be serialized, converting the structured operation metadata into a cross-platform compatible standard format, such as JSON.
[0031] In some embodiments, the inventory management method of this application further includes adding verification data to the plaintext data, that is, adding verification data to the operation metadata, with both constituting plaintext data. In one example, the verification data includes a random verification number, which is inserted between any two adjacent bits of the operation metadata, such as... Figure 2 As shown, a random verification number 202 and operation metadata 201 of several bits together constitute plaintext data. In other embodiments, the random verification number 202 can be multiple bits. In another example, the verification data comes from additional data, which is inserted into the operation metadata, such as... Figure 3 As shown, the supplementary data 302 and the operation metadata 301 together constitute plaintext data. In one example, the verification data includes a random verification number and supplementary data. The random verification number is inserted between any two adjacent bits of the operation metadata, and the supplementary data is inserted into the operation metadata. The three together constitute plaintext data. It is understood that the above three examples are merely exemplary implementations of verification data. Those skilled in the art can set the composition and insertion position of the verification data according to technical requirements. For example, the verification data can be composed of selected data from the supplementary data. Specifically, the timestamp and random number in the supplementary data can be selected as the verification data.
[0032] After generating plaintext data, further reference Figure 1 Step S140 involves encrypting the plaintext data using an encryption key and a symmetric encryption algorithm to obtain ciphertext data. For example, step S140 may also process the encryption key generated in step S110 into an encryption key adapted to the security level of the symmetric encryption algorithm, and use the symmetric encryption algorithm and the processed, matching encryption key to encrypt the plaintext data generated in step S130 to obtain ciphertext data for subsequent transmission.
[0033] For example, symmetric encryption algorithms include, but are not limited to, SM4 symmetric encryption algorithm and AES symmetric encryption algorithm. Taking the 128-bit symmetric security level SM4 symmetric encryption algorithm as an example, when the encryption key generated in step S110 is 128 bits long, the encryption key generated in step S110 and the SM4 symmetric encryption algorithm are directly used to encrypt the plaintext data generated in step S130; when the encryption key generated in step S110 is not 128 bits long, the encryption key generated in step S110 is processed into a 128-bit encryption key through a key derivation function (KDF), and then the processed encryption key and the SM4 symmetric encryption algorithm are used to encrypt the plaintext data generated in step S130. The encryption key processing procedure and the specific encryption process are detailed in relevant technologies and will not be elaborated here.
[0034] Finally, refer to Figure 1Step S150 involves transmitting the encrypted data to the server. For example, step S150 can transmit the encrypted data generated in step S140 to the server via a network transmission channel. Preferably, in a nuclear power plant scenario, the network transmission channel includes a transmission channel deployed within the nuclear power plant's internal network environment. This internal network includes, but is not limited to, an intranet. The transmission medium used by the transmission channel includes wired and wireless media, such as internal Wi-Fi, cellular private networks, and internal local area networks. This application does not limit the specific transmission medium; any transmission method used between the client and server within the internal network environment is within the scope of protection of this application.
[0035] In some embodiments, after completing step S150 to transmit the encrypted data to the server, a confirmation reply from the server will be received to determine whether the encrypted data transmission process is complete, thereby preventing business operation instructions from not being transmitted to the server.
[0036] As another embodiment of the inventory management method, after step S150, the following operations can also be performed: receiving a QR code generated from encrypted data sent by the server; performing a scanning operation on the QR code to obtain QR code information; and transmitting the QR code information to the server. For example, the scanning component of the ZXing open-source library can be used to perform a scanning operation on the QR code sent by the server, and the obtained QR code information can be sent back to the server. In some embodiments, the QR code information and accompanying scanning timestamps, device tags, etc., can also be transmitted to the server. Furthermore, the ZXing open-source library also includes a format verification interface, which can exclude invalid codes. Thus, the technical solution of this application generates QR codes from encrypted data, avoiding static binding of QR codes to material assets, thereby preventing data security issues caused by replay attacks.
[0037] This application also refers to Figure 4 A second inventory management method 40 is proposed and applied to the server. The following section describes this inventory management method. Based on... Figure 4 The second inventory management method 40 includes steps S410 to S430, which will be explained in detail below.
[0038] First, step S410 involves obtaining key parameters for at least two encryption algorithms and generating an encryption key based on these parameters. At least one of the encryption algorithms includes a post-quantum encryption algorithm. For example, in this embodiment, the server interacts with the client. The client locally stores first key parameters for at least two encryption algorithms, and the server stores second key parameters for at least two encryption algorithms. In step S410, obtaining the key parameters for at least two encryption algorithms may further include obtaining the first key parameters stored by the client. Based on this, the step of generating the encryption key based on the key parameters in step S410 may further include calculating the encryption key based on the first key parameters and the second key parameters stored locally by the server. This encryption key is used to subsequently decrypt the received ciphertext data.
[0039] As one specific implementation of step S410, at least two encryption algorithms include an asymmetric encryption algorithm and a post-quantum encryption algorithm. The asymmetric encryption algorithm can be the RSA (Rivest-Shamir-Adleman) asymmetric encryption algorithm, and the post-quantum encryption algorithm can be the ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) post-quantum key encapsulation algorithm. In other embodiments, the asymmetric encryption algorithm can also be the Chinese national standard SM2 asymmetric encryption algorithm. Preferably, the server and the interacting client pre-align the common parameters of the asymmetric encryption algorithm and the post-quantum encryption algorithm. This part can be referred to the previous description of the first inventory management method 10, and will not be repeated here.
[0040] More specifically, for asymmetric encryption algorithms, an elliptic curve cryptography method can be used to calculate a shared secret consistent with both parties based on the public key parameters obtained from the interactive client and the private key parameters stored locally. Then, key K1 is independently calculated using key derivation rules. On the other hand, for post-quantum encryption algorithms, the corresponding ciphertext sent by the interactive client can be received, and the corresponding ciphertext can be decapsulated using the locally stored private key parameters to restore the unique shared secret. Then, key K2 is generated based on the unique shared secret using key derivation rules. Concatenating key K1 and key K2 yields the final encryption key, which is used to decrypt subsequently received ciphertext data.
[0041] Next, refer to Figure 4Step S420 involves receiving encrypted data sent by the client. The encrypted data is obtained by the client encrypting plaintext data using an encryption key. The plaintext data is generated by the client based on operation metadata, which is generated by the client based on business operation instructions. The operation metadata includes business data and additional data. The business data includes data related to the business operation instructions, and the additional data includes data unrelated to the business operation instructions. For example, the encrypted data sent by the client can be received through a network transmission channel. The encryption key of the encrypted data matches the encryption key generated in step S410, meaning that the encryption key generated in step S410 can decrypt the encrypted data sent by the client. For an explanation of the plaintext data, please refer to the previous description of the first inventory management method 10; it will not be repeated here.
[0042] In some embodiments, the encrypted data includes encrypted data directly transmitted through the client or encrypted data obtained from QR code information transmitted from the client, wherein the QR code information includes information obtained by scanning a QR code through an interactive client. Specifically, the encrypted data can be obtained by decoding the QR code information, for example, by performing Base64URL decoding in reverse.
[0043] In some embodiments, when the encrypted data includes encrypted data obtained from QR code information transmitted from the client, the second inventory management method further includes: before performing step S420, receiving encrypted data to be processed sent by the client, generating a QR code based on the encrypted data to be processed, and sending the QR code back to the client. The encrypted data to be processed may include the encrypted data transmitted to the server in step S150 of the first inventory management method. Step S420 of the second inventory management method in this embodiment further includes: receiving the QR code information and obtaining the encrypted data based on the QR code information.
[0044] As an example, the encrypted data can be Base64URL encoded, converting it into a string format that the ZXing open-source library can efficiently process. This avoids issues related to special characters and compresses the data size. Then, the ZXing QR code encoder automatically selects the optimal error correction level and version based on the length of the encrypted data, generating the final QR code image. This QR code image is then transmitted to the client via the network. This QR code image is uniquely generated based on the encrypted data corresponding to each business operation instruction, avoiding static binding between material assets and QR codes, thus preventing copying, replaying, and tampering, and improving data security.
[0045] Final Reference Figure 4Step S430 involves decrypting the ciphertext data using an encryption key and a symmetric encryption algorithm to obtain plaintext data. For example, step S430 can process the encryption key generated in step S410 into an encryption key adapted to the security level of the symmetric encryption algorithm, and then use the symmetric encryption algorithm and the processed, matching encryption key to decrypt the ciphertext data obtained in step S420 to obtain plaintext data. Since the operation metadata in the plaintext data includes business data, the business operation instructions sent by the client to the server can be obtained through this plaintext data. It is understood that the decryption process of the symmetric encryption algorithm described above is the inverse operation of the encryption process. Those skilled in the art can directly derive the decryption process based on the encryption process described above, and will not be elaborated upon here.
[0046] As another embodiment of the inventory management method of this application, the server is deployed with a database that stores inventory information. After executing step S430, the following operation can also be performed: according to the business operation instruction corresponding to the operation metadata in the plaintext data, an atomic update operation of the database is performed, wherein the atomic update operation includes finding the target data row and updating the stock unit and / or data version unit of the target data row.
[0047] Specifically, the decrypted plaintext data includes operation metadata. Based on the business operation instructions corresponding to this operation metadata, an atomic update operation is performed on the inventory information stored in the database deployed on the server. An atomic update operation refers to an indivisible, single-time update operation on the data in the database. In some embodiments, if two atomic update operations target different data in the database that have no dependencies, these two atomic update operations can be executed concurrently. This can effectively alleviate the update blocking problem under high concurrency, thereby supporting high-throughput concurrent business operations.
[0048] In some embodiments, the plaintext data obtained in step S430 also includes verification data added by the client. Before performing the atomic update operation on the database, the following operations can be performed: verify the freshness of the verification data; if the verification passes, perform the atomic update operation; if the verification fails, refuse to perform the atomic update operation. In this way, the freshness of the plaintext data can be verified in advance to prevent the database from being contaminated by plaintext data that has been copied, replayed, or tampered with.
[0049] As an example, the verification data includes a first random checksum, and the server stores a second random checksum. The step of verifying the freshness of the verification data further includes verifying whether the verification data meets preset conditions, including that the first random checksum and the second random checksum are the same. Specifically, the server assigns the second random checksum to the client, and the client then adds the assigned second random checksum to the first random checksum in the plaintext data, encrypts it, and transmits it to the server. Therefore, when the second random checksum and the first random checksum are inconsistent, the plaintext data is deemed invalid, and the atomic update operation is refused. Besides the above example, the server can also store the first random checksum sent by the client locally and use it as the second random checksum to verify the freshness of the plaintext data.
[0050] As another example, the verification data includes a timestamp and a random number from the supplementary data, and the server stores a set of verification random numbers. The step of verifying the freshness of the verification data further includes verifying whether the verification data meets preset conditions, including that the timestamp is less than a freshness threshold and the random number is not recorded in the verification random number set. The verification random number set refers to the set of random numbers that have passed verification before this transmission. In other words, plaintext data using random numbers recorded in the verification random number set as verification data is invalid, and the atomic update operation is rejected. The freshness threshold indicates that plaintext data with timestamps prior to this threshold is considered fresh. When the timestamp is not less than this freshness threshold, the plaintext data is considered invalid, and the atomic update operation is rejected.
[0051] It is understandable that the above examples can also be used in combination, that is, the verification data includes a first random verification number and a timestamp and random number from the additional data, the server stores a second random verification number sent by the client and a set of verification random numbers sent by the client, and the verification methods of the above two examples are combined to verify the freshness of the verification data.
[0052] The method for performing an atomic update operation will be described below. In some embodiments, the operation metadata obtained by decryption in step S430 includes a material identifier and a desired data version, and the corresponding database deployed on the server includes a material identifier column and a data version column. When performing an atomic update operation, the step of finding the target data row further includes querying the data row in the database whose material identifier column matches the material identifier in the operation metadata and whose data version column matches the desired data version in the operation metadata, and using this data row as the target data row to perform an update operation on the data units (such as stock units or data version units) of the data row. The update operation will only be performed if the current data version of the data row matches the desired data version of the operation metadata. In this way, update loss caused by data races can be avoided through data version verification. The following is an example of SQL code for performing an atomic update operation: UPDATE {table_name}, SET {update operation}, data_version = data_version + 1, WHERE id = #{asset_id} AND data_version = #{expected_version}; In the code, asset_id is the material identifier, id is the material identifier column, expected_version is the expected data version, and data_version is the data version column.
[0053] Furthermore, in some embodiments, before performing the atomic update operation on the database, it is also possible to check whether the value of the data version column corresponding to the data row that matches the material identifier in the material identifier column is consistent with the expected data version. If the check result is yes, then the atomic update operation is performed; otherwise, the conflict resolution operation is performed, thereby improving the processing efficiency of multiple concurrent atomic update operations.
[0054] Specifically, conflict resolution operations include: determining whether the business operation instruction corresponding to the operation metadata is executable based on the value of the stock column corresponding to the data row. For example, when the business operation instruction is to borrow a specified material asset, the executableness of the instruction is determined based on the value of the stock column corresponding to the data row of that specified material asset. If the value of the stock column is greater than 0, it is considered executable; if the value of the stock column is 0, it is considered inexecutable. When it is determined to be executable, the expected data version is set to the value of the data version column of the data row, and an atomic update operation is performed. When it is determined to be inexecutable, the client is notified.
[0055] In practical implementation, when a business operation instruction is deemed executable, the desired data version is set to the value of the data version column of the data row. Then, the value of the data version column corresponding to the data row with the same material identifier is checked again to see if it matches the desired data version. If the check is successful, an atomic update operation is performed; otherwise, a conflict resolution operation is performed. Furthermore, an exponential backoff strategy can be adopted, configuring a maximum number of repetitions for the above steps of checking the data version for a single business operation instruction. When the maximum number of repetitions is reached, the client is notified of the operation result, such as failure, to avoid a livelock.
[0056] In other embodiments, the operation metadata obtained by decryption in step S430 also includes device tags, and the corresponding database deployed on the server also includes a device tag column to store the authorized device tags corresponding to the material assets. When performing an atomic update operation, the step of finding the target data row further includes: querying the data row in the database whose device tag column matches the device tag in the operation metadata, and using this data row as the target data row to perform an update operation on the data units (such as inventory units or data version units) of that data row. Thus, the update operation will only be executed if the client sending the business operation instruction is an authorized device. For example, for special materials (such as nuclear-grade materials), only a dedicated client is set as the authorized device; business operation instructions for special materials sent by clients other than the dedicated client are not executed. It should be noted that the device tag in the database column matching the device tag in the operation metadata includes: when the device tag column is a specific value, the value is the same as the device tag in the operation metadata; when the device tag column is a set including multiple authorized devices, the set contains the device tags from the operation metadata.
[0057] It is understood that the above two embodiments can also be combined to obtain other implementations. For example, the operation metadata obtained by decryption in step S430 includes material identifier, expected data version, and equipment tag columns, and the corresponding database deployed on the server includes material identifier, data version, and equipment tag columns. The step of finding the target data row further includes: querying the data rows in the database whose material identifier column matches the material identifier in the operation metadata, whose data version column matches the expected data version in the operation metadata, and whose equipment tag column matches the equipment tag in the operation metadata. The example SQL code for performing an atomic update operation is as follows: UPDATE {table_name}, SET {update operation}, data_version = data_version + 1, last_operation_device_id = #{unique_device_id}, WHERE id = #{asset_id} AND data_version = #{expected_version} ANDlast_operation_device_id = #{unique_device_id}; In the code, asset_id is the material identifier, id is the material identifier column, expected_version is the expected data version, data_version is the data version column, unique_device_id is the device label, and last_operation_device_id is the device label column.
[0058] In some embodiments, the database deployed on the server also includes a "Last Operated Device" column, which stores the device tag of the last device on the material asset to be atomically updated before processing the current business operation instruction. In specific implementations, after executing an atomic update operation, information such as the operating device, time, data version, and conflict status of the business operation instruction corresponding to this atomic update operation can be asynchronously stored as a linked list to build a data foundation for business needs such as Quality Assurance (QA) and problem tracing.
[0059] This application also proposes an inventory management system, to Figure 5 The inventory management system 500 of one embodiment is described below. The inventory management system 500 includes a client 501 and a server 504. The client 501 is configured to execute the first inventory management method 10 and its variations described above for the client. The server 504 is configured to execute the second inventory management method 40 and its variations described above for the server.
[0060] like Figure 5 As shown, client 501 and server 504 communicate via network 503. A database is deployed on server data storage 505. After receiving a business operation instruction from client 501, server 504 accesses the database in server data storage 505 to execute the atomic update operation described above. It can be understood that... Figure 5 The inventory management system 500 in the example is just one variation. For example, several clients 501 can be set up to communicate with the server 504.
[0061] In some embodiments, when generating operation metadata, client 501 can add operation levels to the operation metadata. The operation level refers to the urgency of the business operation instruction corresponding to the operation metadata. For example, the operation level includes high priority (such as urgently needing to collect materials during major repairs) and low priority (such as daily material collection and daily inventory). After receiving the operation metadata sent by client 501, server 504 executes the business operation instruction corresponding to the high-priority operation metadata in advance according to the operation level.
[0062] In some embodiments, server 504 is deployed with a lightweight machine learning model that can predict high-concurrency business operation types and high-frequency operation material assets within a future time period based on historical business operation instructions. For high-frequency operation material assets, server 504 pre-marks business operation instructions whose material identifiers belong to high-frequency operation material assets at the application layer, and inserts the marked business operation instructions into the atomic update job queue at the network layer, while inserting the unmarked business operation instructions into the regular gateway queue to reduce database concurrency conflicts.
[0063] An embodiment of this application also proposes a method such as Figure 6 The electronic device 600 shown. According to... Figure 6 The electronic device 600 may include an internal communication bus 601, a processor 602, a read-only memory (ROM) 603, a random access memory (RAM) 604, and a communication port 605. When used in a personal computer, the electronic device may also include a hard disk 606.
[0064] The internal communication bus 601 enables data communication between components of the electronic device 600. The processor 602 can perform judgments and issue prompts. In some embodiments, the processor 602 may consist of one or more processors. The communication port 605 enables data communication between the electronic device 600 and external devices. In some embodiments, the electronic device 600 can send and receive information and data from a network through the communication port 605.
[0065] Electronic device 600 may also include different forms of program storage units and data storage units, such as hard disk 606, read-only memory (ROM) 603, and random access memory (RAM) 604, capable of storing various data files used for computer processing and / or communication, as well as possible program instructions executed by processor 602. The processor executes these instructions to implement, for example, the main parts of the first inventory management method 10 or the second inventory management method 40 as described above. The results of processor processing are transmitted to user equipment via a communication port and displayed on the user interface.
[0066] In addition, this application also proposes a computer program product, including computer program code, which, when executed by one or more processors, is capable of implementing the steps in the first inventory management method 10 or the second inventory management method 40 as described above.
[0067] The basic concepts have been described above. Obviously, for those skilled in the art, the above disclosure is merely illustrative and does not constitute a limitation of this application. Although not explicitly stated herein, those skilled in the art may make various modifications, improvements, and corrections to this application. Such modifications, improvements, and corrections are suggested in this application, and therefore remain within the spirit and scope of the exemplary embodiments of this application.
[0068] Furthermore, this application uses specific terms to describe embodiments of the application. For example, "an embodiment," "one embodiment," and / or "some embodiments" refer to a particular feature, structure, or characteristic related to at least one embodiment of the application. Therefore, it should be emphasized and noted that "an embodiment," "one embodiment," or "an alternative embodiment" mentioned twice or more in different locations in this specification do not necessarily refer to the same embodiment. In addition, certain features, structures, or characteristics in one or more embodiments of the application can be appropriately combined.
[0069] Similarly, it should be noted that, in order to simplify the description of the present application and thus aid in the understanding of one or more embodiments, the foregoing description of the embodiments of the present application sometimes combines multiple features into a single embodiment, drawing, or description thereof. However, this disclosure method does not imply that the subject matter of the present application requires more features than those mentioned in the claims. In fact, the embodiments contain fewer features than all the features of the single embodiments disclosed above.
[0070] In some embodiments, numbers describing the quantity of components and attributes are used. It should be understood that such numbers used in the description of embodiments are modified in some examples with the terms "approximately," "approximately," or "generally." Unless otherwise stated, "approximately," "approximately," or "generally" indicates that the numbers are allowed to vary by ±20%. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximate values, which may be changed depending on the characteristics required by individual embodiments. In some embodiments, numerical parameters should take into account specified significant digits and employ a general method of digit reservation. Although the numerical ranges and parameters used to confirm their breadth of scope in some embodiments of this application are approximate values, in specific embodiments, such values are set as precisely as feasible.
[0071] Although this application has been described with reference to specific embodiments, those skilled in the art should recognize that the above embodiments are only used to illustrate this application, and various equivalent changes or substitutions can be made without departing from the spirit of this application. Therefore, any changes or modifications to the above embodiments within the essential spirit of this application will fall within the scope of the claims of this application.
Claims
1. An inventory management method, characterized in that, Applied to a client, the method includes: Obtain key parameters for at least two encryption algorithms and generate an encryption key based on the key parameters, wherein at least one of the at least two encryption algorithms includes a post-quantum encryption algorithm; Obtain business operation instructions and generate operation metadata based on the business operation instructions. The operation metadata includes business data and additional data, wherein the business data includes data related to the business operation instructions and the additional data includes data unrelated to the business operation instructions. Generate plaintext data based on the operation metadata; The plaintext data is encrypted using the encryption key and a symmetric encryption algorithm to obtain ciphertext data; and The encrypted data is transmitted to the server.
2. The inventory management method as described in claim 1, characterized in that, This also includes adding verification data to the plaintext data, wherein, The verification data includes random verification numbers; and / or The verification data comes from the additional data.
3. The inventory management method as described in claim 1, characterized in that, It also includes adding a device tag that uniquely corresponds to the client to the operation metadata.
4. The inventory management method as described in claim 1, characterized in that, After transmitting the encrypted data to the server, the method further includes: Receive a QR code generated from the encrypted data sent by the server; Perform a scanning operation on the QR code to obtain QR code information; and The QR code information is transmitted to the server.
5. An inventory management method, characterized in that, Applied to a server, the method includes: Obtain key parameters for at least two encryption algorithms and generate an encryption key based on the key parameters, wherein at least one of the at least two encryption algorithms includes a post-quantum encryption algorithm; The system receives encrypted data sent by a client, wherein the encrypted data is obtained by the client encrypting plaintext data using the encryption key; the plaintext data is generated by the client based on operation metadata; the operation metadata is generated by the client based on business operation instructions; the operation metadata includes business data and additional data; the business data includes data related to the business operation instructions; and the additional data includes data unrelated to the business operation instructions. The ciphertext data is decrypted using the encryption key and symmetric encryption algorithm to obtain the plaintext data.
6. The inventory management method as described in claim 5, characterized in that, The server is deployed with a database, and the method further includes: executing an atomic update operation on the database according to the business operation instruction corresponding to the operation metadata in the plaintext data, wherein... The atomic update operation includes finding the target data row and updating the stock unit and / or data version unit of the target data row.
7. The inventory management method as described in claim 6, characterized in that, The plaintext data also includes verification data added by the client. Before performing the atomic update operation on the database, the method further includes: Verify the freshness of the verification data. If the verification passes, perform the atomic update operation; if the verification fails, refuse to perform the atomic update operation.
8. The inventory management method as described in claim 7, characterized in that, The verification data includes a first random verification number, and / or the verification data includes a timestamp and a random number from the additional data; The server stores a second random verification number, and / or the server stores a set of verification random numbers; The step of verifying the freshness of the verification data further includes verifying whether the verification data meets preset conditions, the preset conditions including: the first random verification number is the same as the second random verification number; and / or the timestamp is less than the freshness threshold, and the random number is not recorded in the verification random number set.
9. The inventory management method according to any one of claims 6-8, characterized in that, The operational metadata includes a material identifier and a desired data version; the database includes a material identifier column and a data version column; the step of finding the target data row further includes: Query the data row in the database whose material identifier column matches the material identifier in the operation metadata and whose data version column matches the expected data version in the operation metadata, and use the data row as the target data row.
10. The inventory management method as described in claim 9, characterized in that, The method further includes performing the atomic update operation on the database before: Check whether the value of the data version column corresponding to the data row in the material identifier column that matches the material identifier matches the expected data version. If the check result is yes, then perform the atomic update operation; otherwise, perform the conflict resolution operation. The conflict resolution operation includes: determining whether the business operation instruction corresponding to the operation metadata is executable based on the value of the stock column corresponding to the data row; when it is determined to be executable, setting the expected data version to the value of the data version column of the data row and performing the atomic update operation; when it is determined to be unexecutable, notifying the client.
11. The inventory management method as described in claim 9, characterized in that, The operation metadata also includes device tags, the database also includes a device tag column, and the step of finding the target data row further includes: Query the data row in the database whose device label matches the device label in the operation metadata, and use the data row as the target data row.
12. The inventory management method as described in claim 5, characterized in that, The encrypted data includes encrypted data directly transmitted through the client or encrypted data obtained from QR code information transmitted from the client, wherein the QR code information includes information obtained by scanning a QR code through the client.
13. The inventory management method as described in claim 12, characterized in that, The method further includes: Before performing the step of receiving encrypted data sent by the client, the system receives encrypted data to be processed sent by the client, generates the QR code based on the encrypted data to be processed, and sends the QR code back to the client. The step of receiving encrypted data sent by the client further includes: receiving the QR code information and obtaining the encrypted data based on the QR code information.
14. An electronic device, characterized in that, include: A memory for storing instructions that can be executed by a processor, and data processed when executing the instructions; as well as A processor for executing the instructions to implement the inventory management method as described in any one of claims 1-13.
15. An inventory management system, characterized in that, include: A client configured to perform the inventory management method as described in any one of claims 1-4; A server configured to perform the inventory management method as described in any one of claims 5-13.
16. A computer program product comprising computer program code, wherein when the computer program code is executed by one or more processors, the one or more processors implement the steps of the inventory management method as described in any one of claims 1-13.