CN113079159B - Edge computing network system based on block chain - Google Patents

Abstract

The present invention proposes a blockchain-based edge computing network system, including: a terminal, an edge agent layer, an edge service layer and a cloud computing center; the edge agent layer is used to judge the identity information of the authenticated terminal in the private blockchain Whether the connected terminal is an authenticated terminal; if the judgment result is yes, the data transmission and reception of the terminal is performed; the edge service layer is used to authenticate the edge proxy layer through the identity authentication function in the public blockchain. If passed, the request of the terminal is executed. This scheme proposes an edge computing network system based on a two-layer blockchain. The terminal performs its functions under the management of the private blockchain at the edge agent layer and cannot directly communicate with the cloud computing center on the network. The terminal completes data transmission and reception services through the edge proxy layer. The edge service layer verifies the edge proxy layer based on the public blockchain. After the verification is passed, the edge server initiates and executes the request of the terminal device.

Description

A blockchain-based edge computing network system

technical field

The invention relates to the technical fields of edge computing and blockchain, and in particular, to an edge computing network architecture based on blockchain.

Background technique

In recent years, the Internet of Things has played an important role in the real world due to its strong interconnectivity, promoting and promoting the widespread use of many emerging businesses in daily life. However, as the number of IoT-connected devices increases, so does the amount of real-time data being generated and processed at the same time. All these data need to be transmitted to the cloud server center for computing and storage services, which poses a lot of challenges to the performance and network bandwidth of the cloud platform, and the centralized processing of data in the cloud platform also brings many risks, which need to be transmitted to the cloud platform. The massive data flow puts enormous pressure on the entire network. At the same time, since a single point of failure is an unavoidable hidden danger, it is difficult for the central server to ensure network security; in order to solve the above problems, edge computing is introduced.

Edge computing is a new computing paradigm that can move the pre-processing of applications, private data storage, and real-time data processing and analysis from cloud server centers to the network's edge servers, thereby retaining the core advantages of cloud computing and integrating real-time Control and sensitive data are stored in edge servers, but edge computing also has security and privacy issues, such as authentication, intrusion detection, access control, etc. in the edge computing architecture, which are easily cracked and cannot guarantee security, thus affecting edge computing. usage of.

Therefore, there is currently a need for a method to solve the security problem of edge computing.

SUMMARY OF THE INVENTION

In view of this, the present invention proposes an edge computing network architecture based on blockchain, which improves the security of edge computing.

Specifically, the present invention proposes the following specific embodiments:

The embodiment of the present invention proposes a blockchain-based edge computing network architecture, including: a terminal, an edge agent layer with a private blockchain, an edge service layer with a public blockchain, and a cloud computing center; wherein, The terminal is connected to the edge service layer through the edge proxy layer; the edge service layer is connected to the cloud computing center; the edge proxy layer is used to pass the identity information of the authenticated terminal in the private blockchain Judging whether the accessed terminal is an authenticated terminal; if the judgment result is yes, execute data transmission and reception of the terminal; the edge service layer is used to authenticate the terminal through the identity authentication function in the public blockchain. The edge proxy layer performs authentication, and if the authentication is passed, the request of the terminal is executed.

In a specific embodiment, the terminal includes sensors for sensing the external environment and/or actuators for converting commands into physical actions.

In a specific embodiment, the edge proxy layer is composed of a plurality of proxy nodes; the proxy nodes are connected with the terminal in a wireless or wired manner; Set authentication credentials, access back-end programs, communicate service requests, receive service results, and manage the terminal; the proxy node is used to control resource requests according to the traffic volume and affordability; the proxy node is also used to The business data is filtered and converted into a common format; the proxy node is also used for large-scale data processing, and the edge proxy node forwards the data to other computing instances in the private blockchain network.

In a specific embodiment, a proxy component is set in the proxy node; the proxy component includes: a function mapping module, a device registration module, a blockchain authentication module, and a high-speed channel; wherein, the function mapping module is used for Obtain the information and addresses of each application on the edge server, manage the mapping information of different applications on the edge server, and transmit the application information and application data to the task queue of the edge server; the device registration module is used for The terminal is registered; the blockchain authentication module is used to implement two-way authentication between the application on the edge server and the terminal; the high-speed channel is used to connect the cloud computing center.

In a specific embodiment, the edge service layer is composed of multiple edge service nodes; the edge service nodes are divided into general computing nodes and repository nodes; the general computing nodes need to be accessed through smart contracts; the General purpose computing nodes use vector clocks to achieve synchronization; when executing commands, the general purpose computing nodes interact one-to-one with the associated agent nodes; the general purpose computing nodes execute at most one application at a time; the repository nodes provide An interface for instant access and analysis of historical data, the repository node manages all data in a log-structured manner.

In a specific embodiment, the general computing node stores block chain information, and the block chain information includes index information of data; and the repository node is used to store data corresponding to the index information.

In a specific embodiment, a computing component is provided in the general computing node, and the computing component includes: a task queue module, a monitoring unit, an application executor, and a security control module; wherein, the task queue module includes multiple A collection of queues for scheduling tasks among different queues; a monitoring unit for monitoring the free/busy status of computer resources; and for entering an emergency state when it is detected that the resource load exceeds a predetermined threshold or an indeterminate failure occurs ; is also used to defend the context of the task and the data source when the computer resources are insufficient or the task queue overflows, generate a transaction request and send it to the smart contract in the public blockchain; the application executor is used to execute the task; The security control module is used to ensure data security of the application executor.

In a specific embodiment, a storage module is provided in the storage repository node, and the storage module includes: an authentication center, an image directory module, a database, a high-speed buffer, an image file area, an identity information area, and a cloud extender; Wherein, the authentication center is used to store the authentication credentials of the general computing node whose initialization is set; it is also used to encrypt and decrypt the data in the database; it is also used to regularly update its own image in the cloud computing center; the The image directory module is used to store the information of the image file, and is also used to connect the application executor on the general computing node; the database is used to store the data of the terminal, the application executor and the cloud extender; The high-speed buffer is used to store data with a frequency higher than the preset value; the image file area is used to store the image file of the application; the identity information area is used to obtain the verification result of the certification center, and is used for The cloud extender performs synchronization and association; the cloud extender is used to extend application specifications, transmit security attributes and exchange data.

In a specific embodiment, the cloud computing center is configured to process the data or the service that overloads the edge service layer when the edge service layer is overloaded or the service requires a tolerant delay.

In a specific embodiment, the private blockchain also stores request records and instruction records of the terminal, so that all operations of the terminal can be traced back to the source.

Compared with the prior art, this solution has the following effects:

This scheme proposes an edge computing network architecture based on a two-layer blockchain. The two-layer blockchain is maintained by the edge proxy layer and the edge service layer respectively. The terminal performs its functions under the management of the private blockchain in the edge proxy layer and cannot directly communicate with the cloud computing center on the network. The terminal completes data transmission and reception services through the edge proxy layer. The edge service layer verifies the edge proxy layer based on the public blockchain. After the verification is passed, the edge server initiates and executes the request of the terminal device.

Description of drawings

In order to illustrate the technical solutions of the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings used in the embodiments. It should be understood that the following drawings only show some embodiments of the present invention, and therefore do not It should be regarded as a limitation of the scope, and for those of ordinary skill in the art, other related drawings can also be obtained according to these drawings without any creative effort.

1 is a schematic diagram of a blockchain-based edge computing network architecture proposed by an embodiment of the present invention;

2 is a schematic diagram of a hardware framework of a blockchain-based edge computing network architecture proposed by an embodiment of the present invention;

3 is a functional schematic diagram of a blockchain-based edge computing network architecture proposed in an embodiment of the present invention;

FIG. 4 is a schematic diagram of a system sequence of a blockchain-based edge computing network architecture proposed in an embodiment of the present invention.

Detailed ways

Hereinafter, various embodiments of the present disclosure will be described more fully. The present disclosure is capable of various embodiments, and adaptations and changes may be made therein.

Example 1

Embodiment 1 of the present invention discloses a blockchain-based edge computing network architecture, as shown in FIG. 1 , including: a terminal, an edge agent layer with a private blockchain, and an edge service layer with a public blockchain and a cloud computing center; wherein, the terminal is connected to the edge service layer through the edge proxy layer; the edge service layer is connected to the cloud computing center;

The edge proxy layer is used to judge whether the accessed terminal is an authenticated terminal according to the identity information of the authenticated terminal in the private blockchain; if the judgment result is yes, execute data transmission and reception of the terminal;

The edge service layer is used to authenticate the edge proxy layer through the identity authentication function in the public blockchain, and execute the request of the terminal if the authentication is passed.

Specifically, the private blockchain also stores request records and instruction records of the terminal, so that all operations of the terminal can be traced back to the source.

With this, as shown in Figure 1, one of the complexities of the IoT environment is reflected in the diversity of devices. The application scenarios to which different devices belong determine the simplicity or complexity of their execution functions, resulting in differences in device performance. Considering this situation, for ease of management, we can roughly divide IoT devices into three types: edge servers, edge agents devices and IoT end devices.

Considering that in the current centralized IoT architecture, all terminal devices and the data they generate are supervised by cloud computing centers, the massive data flow puts enormous pressure on the entire network. At the same time, since a single point of failure is an unavoidable hidden danger, it is difficult for the servers in the cloud computing center to ensure network security. The architecture proposed in this scheme aims to significantly reduce the pressure on cloud computing centers through edge computing. Using edge nodes with excellent performance to process data near the data source is one of the central ideas of the architecture. The Internet of Things in the edge computing mode is highly distributed, and traditional centralized security risk control is difficult to apply to the current environment. The trusted distributed ledger built by the blockchain provides a more transparent and controllable security guarantee for edge computing. At the same time, the computing power configuration of edge computing on the edge side can also ensure the computing resources required for the blockchain to run.

In the scheme, an edge computing network architecture based on two-layer blockchain is proposed. The two-layer blockchain is maintained by edge servers (multiple edge servers form the edge service layer) and edge proxy devices (multiple edge proxy devices form the edge proxy layer). Terminals perform their functions under the management of the edge proxy layer and cannot Communicate directly with the cloud center on the network. The terminal selects an edge proxy device in the area according to the actual location and communication conditions, and completes data transmission and reception services through the edge proxy device. The edge server parses and constructs (including analyzing and identifying) the data from the received packets. After verification, the detailed data will be recorded in the repository node of the edge server, and the edge proxy device will only store the array summary. Likewise, the request of the terminal device is ultimately initiated and executed by the edge server.

As shown in Figure 1, from the bottom to the top are the terminal device layer, the edge agent layer, the edge service layer and the cloud computing center, among which,

1. Terminal device layer: This layer is composed of a large number of resource-constrained sensing devices. Their communication capabilities and computing capabilities are limited, and they cannot send and receive instructions independently. They need to use edge proxy devices to complete services.

2. Edge proxy layer: This layer consists of multiple edge proxy devices in a certain area. Each proxy device manages a group of terminal devices nearby, and provides services such as identity authentication, service request sending, and instruction receiving for terminal devices. To protect the security of end devices, a private chain is maintained between proxy devices. The private blockchain is used to save the identity information of the terminal device, request records and instruction records and other information. Therefore, when a terminal device initiates a request, it must first perform identity verification on the private blockchain and obtain operation permissions before initiating a request. In this way, security risks caused by identity information theft of the terminal device can be prevented, and all operations of the terminal device can be traced back to the source.

3. Edge service layer: This layer is composed of server devices with superior computing and storage performance. In this layer, traditional servers are divided into general-purpose computing servers and storage servers that are more specialized. The general computing server has high computing power, is responsible for managing a group of edge proxy devices, and operates as the control node of the private blockchain between the set of proxy devices. The general-purpose computing server manages the operation of the private chain while accepting service requests from edge devices. A public chain is also maintained between multiple general-purpose computing servers. The significance of the existence of the public chain is to protect the data security of the edge service layer, and to build a blockchain network to interconnect multiple edge servers. A storage server is a server that focuses on storage functions. Its computing power is not as good as that of a general-purpose computing server, but it has more abundant storage space and high-speed read and write channels. The blockchain information stored in the general computing server is only the index value of the data, and the real data is stored in the storage server. In order to ensure security, the identity authentication function written by the smart contract on the blockchain needs to be executed when reading the data on the storage server, and the database can be operated only after obtaining legal identity information.

4. Cloud computing center: The data center is a traditional cloud server with powerful computing power, which can complete data-intensive and high computing power services such as artificial intelligence and big data. The terminal data is processed layer by layer through this architecture, and it is highly refined when it reaches the cloud computing center. There is no need to worry about data redundancy and data security during processing, which greatly improves the efficiency of the cloud computing center.

In this way, this scheme proposes an edge computing network architecture based on a two-layer blockchain. The two-layer blockchain is maintained by the edge proxy layer and the edge service layer respectively. The terminal performs its functions under the management of the private blockchain in the edge proxy layer and cannot directly communicate with the cloud computing center on the network. The terminal completes data transmission and reception services through the edge proxy layer. The edge service layer verifies the edge proxy layer based on the public blockchain. After the verification is passed, the edge server initiates and executes the request of the terminal device.

Example 2

Embodiment 2 of the present invention also proposes an edge computing network architecture based on blockchain. On the basis of Embodiment 1, as shown in FIG. 2 , the terminal includes sensors for sensing the external environment and/or commands An executor that translates to a physical action.

Terminals: Terminals fall into two categories: sensors that sense the external environment and actuators that translate commands into physical actions. Usually, IoT terminals are limited by various resources and only act as producers or consumers at both ends of the data chain. In some cases, the computing power of IoT device terminals is limited, and the raw data cannot be preprocessed. The architecture of this patent allows IoT endpoints to connect with nearby edge proxy nodes via wireless or wired communication protocols such as Zigbee, Bluetooth and NFC. The frequency at which IoT terminals perceive services can be adjusted according to the system context, and the format of data generated by the terminal varies from device to device.

The edge proxy layer is composed of a plurality of proxy nodes; the proxy nodes are connected with the terminal in a wireless or wired manner; the proxy nodes provide the front-end interactive interface of the application, so that the user can set authentication credentials and access the back-end Program, communicate service requests, receive service results and manage the terminal; the proxy node is used to control resource requests according to the traffic volume and affordability; the proxy node is also used to filter the received service data and convert it into General format; the proxy node is also used for large-scale data processing, and the edge proxy node forwards the data to other computing instances in the private blockchain network.

Proxy node: In edge computing, the proxy node is the entrance to distributed computing. The agent node assists the IoT terminal in configuring the integrated environment to install and execute the corresponding application on the agent node. When accessing a proxy node, the proxy node provides the front-end interactive interface of the application for users to set authentication credentials, access back-end programs, communicate service expectations, receive service results, and manage terminals. Proxy nodes control resource requests according to their traffic volume and affordability. In addition, the proxy node filters the received business data and converts it into a common format. The agent node also aggregates data received from different sources of the intelligent system. For large-scale data processing, proxy nodes forward data to other computing instances in the private blockchain network. Agent nodes maintain fast and dynamic communication with accessible edge computing nodes via CoAP or SNMP.

The edge service layer is composed of a plurality of edge service nodes; the edge service nodes are divided into general computing nodes and repository nodes; the general computing nodes need to be accessed through smart contracts; the general computing nodes use vector clocks to achieve synchronization When executing a command, the general computing node interacts with the associated proxy node in a one-to-one manner. The general computing node executes at most one application at a time; the repository node provides instant access and analysis of historical data. The repository node manages all data in a log-structured manner.

The cloud computing center is configured to process the data or the service overloading the edge service layer when the edge service layer is overloaded or the service is required to tolerate delay.

Edge service node: The set of edge service nodes endows the edge computing framework with the capability of high-speed data processing. Edge service nodes divide computing and storage into independent entities, and each computing entity is connected through a blockchain network and maintains a public blockchain. Based on this idea, edge service nodes are designed into the following two types of entities:

Specifically, about general-purpose computing nodes: Considering security, this architecture does not directly expose all general-purpose computing nodes to edge proxy nodes, but accesses them through smart contracts. In this case, smart contracts can act as firewalls for general computing nodes. Additionally, smart contracts monitor server resources in the blockchain network and forward the data along with executable backend applications for processing. When executing distributed applications, general-purpose computing nodes form clusters under the supervision of smart contracts. A general computing node may be associated with multiple proxy nodes. In this case, the basic vector clock is used for system synchronization. Vector clocks help general-purpose compute nodes to identify concurrent commands issued to them by different agent nodes. Later, concurrent commands are arbitrarily ordered by the general-purpose compute nodes, and the corresponding agent nodes are notified. When executing commands, general computing nodes interact with the associated agent nodes in a one-to-one manner. Additionally, to ensure application-level consistency, general-purpose compute nodes execute at most one application at a time.

The general computing node stores block chain information, and the block chain information includes index information of data; the storage library node is used for storing data corresponding to the index information.

As for the repository node: The repository node provides an interface for instant access and analysis of historical data. They maintain various application metadata, including the application model, runtime environment configuration, and dependencies. Also, these nodes can retain some intermediate data during application execution for data processing from any exception-driven stopping point. Furthermore, to ensure data-level consistency, repository nodes manage all data in a log-structured manner.

Cloud computing center: When edge computing infrastructure is overloaded or services are required to tolerate latency, edge computing extends resources from cloud computing centers to backend IoT applications. Through cloud computing centers, edge computing expands the computing platform for IoT applications. Associated with repository nodes, it facilitates widespread data storage and distribution, making data access and processing location-independent.

Example 3

Embodiment 3 of the present invention also proposes an edge computing network architecture based on blockchain. On the basis of Embodiment 1 and Embodiment 2, the proxy node is provided with a proxy component; the proxy component includes: a function map module, device registration module, blockchain authentication module, and high-speed channel; wherein, the function mapping module is used to obtain the information and addresses of each application on the edge server, manage the mapping information of different applications on the edge server, and map Application information and application data are transmitted to the task queue of the edge server; the device registration module is used to register the terminal; the blockchain authentication module is used to realize the application on the edge server and the Two-way authentication between terminals; the high-speed channel is used to connect the cloud computing center.

The general computing node is provided with a computing component, and the computing component includes: a task queue module, a monitoring unit, an application executor, and a security control module; wherein, the task queue module includes a set of multiple queues for Scheduling tasks between different queues; monitoring unit, used to monitor the free/busy status of computer resources; also used to enter an emergency state when it is detected that the resource load exceeds a predetermined threshold or an uncertain failure occurs; also used when computer resources are insufficient Or when the task queue overflows, the context and the data source known by the task are defended, and a transaction request is generated and sent to the smart contract in the public blockchain; the application executor is used to execute the task; the security control module is used to ensure Data security of the application executor.

The storage library node is provided with a storage module, and the storage module includes: an authentication center, an image directory module, a database, a high-speed buffer, an image file area, an identity information area, and a cloud extender; wherein, the authentication center is used for The storage initialization is the authentication credential of the set general computing node; it is also used to encrypt and decrypt the data in the database; it is also used to regularly update its own image in the cloud computing center; the image directory module is used to store the image The information of the file is also used to connect the application executor on the general computing node; the database is used to store the data of the terminal, the application executor and the cloud extender; the high-speed buffer is used for The storage frequency is higher than the preset value data; the image file area is used to store the image file of the application program; the identity information area is used to obtain the verification result of the certification center, and is synchronously associated with the cloud extender; The cloud extender is used to extend application specifications, transmit security attributes and exchange data.

Specifically, as shown in FIG. 3 , in order to simplify the architecture of this solution, various interrelated components can be used to deal with the heterogeneity of the P2P communication between the operating system and different hardware devices. The specific components can be divided into three categories: proxy components, computing components and storage components. Edge proxy nodes perform the functions of proxy components and access other components as needed. The edge computing server is responsible for the operation of the computing components, and when the proxy node starts to execute the backend application, it will access the edge server in its process, thereby triggering the computing service. Storage components can run on all storage nodes and manage operations related to the repository.

Among them, the agent component includes the following parts:

Function mapping module: This module is responsible for obtaining the information and addresses of the applications on the edge server, and managing the mapping information of different applications on the application executor of the computing node. At the same time, it receives the application request of the proxy node, and transmits the application information and source data to the task queue of the edge server. The blockchain authentication module assists the function mapping module to complete the identity information authentication of the registered device. After the authentication is passed, the edge server will acquiesce that the request is credible, because the request sent by the lower-level edge proxy node has been securely authenticated. Additionally, this component maintains a resource mapping table that tracks the addresses of edge service node instances so that subsequent data streams can be sent directly to valid resource addresses for processing.

Device registration module: When the IoT device leaves the factory, a public and private key and a self-signed certificate are generated, written into the device by the manufacturer, and a release application is submitted to the blockchain identity authentication module. After the blockchain authentication module checks the certificate, it records the certificate in the blockchain.

Blockchain authentication module: When a connection needs to be established between the IoT terminal and the edge computing application, the IoT terminal sends the certificate identification to the edge computing application, the edge computing application queries the certificate to the blockchain identity authentication system, and the blockchain authentication module returns the certificate and status, edge computing applications authenticate devices, and IoT devices authenticate edge computing applications in the same way. After that, the two continue to perform the TLS handshake process to establish a secure data transmission channel.

Expressway: In general, the request of the edge agent is sent through the function map control and accepted by the edge service node. When the delay tolerance of the demand is large, and data-intensive technologies such as artificial intelligence and big data are required to process the demand, the edge agent will directly send the demand to the cloud through this component. It informs the framework of the context of the cloud instance and forwards storage and resource configuration commands to the cloud.

The calculation module includes the following parts:

Task queue module: This component is a collection of a series of queues, such as execute queue, ready queue, pending queue. Compute nodes use multithreading technology to allow multiple tasks in the execution queue to run simultaneously. When the data in the task queue is ready, an idle application will be selected from the queue's queue and its data will be loaded into the head of the queue. Sometimes tasks in the execution queue will be forced to suspend operations due to external factors. At this point, the pending task will be transferred to the pending queue, and the task's context and intermediate data will be saved accordingly. Task queues schedule tasks between different queues. When the execution queue overflows, it actively sends an alarm to the monitoring unit, and transfers the overflow task to the pending queue, and the monitoring unit completes the subsequent operations.

Monitoring Unit: This component monitors the free/busy status of computer resources (eg: CPU usage, memory usage, network usage, power consumption, etc.). Based on these sensed information, the monitoring unit provides resources for different applications. It also tracks the performance of allocated resources at runtime to meet application QoS requirements. Whenever the resource load exceeds a threshold defined by the service provider or an indeterminate failure occurs, the monitoring unit immediately enters an emergency state. The monitoring unit can initiate operations such as alternate resource provisioning, application execution migration and intermediate data storage. One of the most important functions in the monitoring unit is application execution migration. When computing resources are scarce or the task queue overflows, the monitoring unit will package the task execution context and data source, generate transaction requests and send them to the smart contract. The smart contract will find a suitable computing node as a service provider, and then establish a P2P communication link between the "consumer" and the "provider", and the two parties complete the transaction on the P2P link.

Application executor: The execution of tasks needs to go through the stages of environment configuration, container loading, data input, execution calculation, and output results. The above processes are all completed in the application executor. The application executor expands the application executable from the image directory for deployment on the allocated resources. Once the application is deployed, it starts receiving data forwarded by the function map control for processing. In a multi-core architecture, due to the high cost of context switching, this component will prefer tasks of the same type as the previous task in the ready queue. However, in order to ensure that the waiting time of each task in the task flow is optimal, when the delayed task reaches a certain number of times, the environment of the component will be forced to switch. Every task done by this component will be recorded on the blockchain as a transaction. In addition, the component periodically informs the monitoring unit of the status of the resource. When any anomaly is detected or predicted, the monitoring unit asks the component to extract intermediate data from application execution and store it to make the framework fault tolerant.

Security Control Module: This module is a bridge connecting the blockchain network. The seamless and secure interaction between application executors and other executors when performing computational operations is managed by security controls. The Repository Service's Authentication Center provides the required security properties for this component. Along with the certification authority, this component plays an important role in validating the blockchain.

The storage module includes the following parts:

Authentication Center: The authentication credentials of the general computing nodes set when the blockchain network is initialized are stored in the authentication center. It distributes the security keys and details of each block of data generated by the smart contract to others. The component also provides Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates for cloud integration. In addition, it supports database encryption and decryption of stored data. Through the storage server's cloud extender, it periodically updates its image on the cloud so that security attributes can be easily recovered and distributed after an uncertain failure.

Image Directory Module: This component is responsible for maintaining the details of various image files, including their operations, system properties recommended by developers, execution and programming models, and memory address mappings in the database. In addition, it specifies resource permissions and dependencies for the application and its member tasks. Mirror catalogs can expand this information from the cloud via cloud expanders. This component is tightly coupled to the application executor on the general purpose compute node. It not only accepts image file requests sent by the application executor, but also monitors the image file version in the database and performs update operations according to the application executor's request.

Database: Data received from IoT devices, application executors, and cloud extenders is stored in a database and can be used for long-term analysis. Here, data privacy is ensured by applying encryption techniques. Depending on the source, type and purpose of the data, we divide the database into the following areas:

Cache area for storing higher frequency data;

Image file area, used to store the image file of the application;

The identity information area, which also uses the verification result of the storage certificate authority. In addition, data containers are kept in sync with cloud extenders to grab remote data and disperse local data through the cloud.

Cloud Extender: This component facilitates the interaction of other software components of the database service in the cloud. In this case, the application executor of the general-purpose computing node can assist the cloud extender to provide the required commands to extend the application specification, transmit security attributes and exchange data.

Specifically, the edge agent is a hardware device with certain intelligence on the edge side, and only works with the local network. Edge agents consist of single-board computers, such as Raspberry Pi series boards, Nvidia Jetson, and Intel UP boards, that have enough computing power to run algorithms designed for resource-constrained devices.

IoT devices consist of multiple actuators or sensors that do not possess any computing power to directly participate in the blockchain network. Therefore, IoT devices need to be installed on edge proxies, and requests from these devices are initiated and executed by the proxies. Between edge proxies, a private blockchain is maintained to record identity information and request records for each device. After the edge agent verifies the identity of the device, it encrypts and stores information such as the source data, target object, and request type of the current request. Based on the privacy permission of the registration information, certain data blocks will be determined to be public or private.

Although private blockchains are generated by edge servers, it is difficult for malicious devices to control private blockchains by forging the identity of edge servers. Numerous edge servers form a blockchain network and maintain a public blockchain. The identity data of each edge server is stored in the public blockchain. The blockchain is a distributed ledger generated and maintained by numerous general-purpose computing nodes to protect the data circulating in the network. Edge servers not only consist of general-purpose computing nodes, but also dedicated servers for storage and data verification. Public blockchains are designed to emulate the storage capabilities of IoT cloud data centers.

The data processing, encryption, and storage blocks depicted in the sequence diagram shown in Figure 4 describe the complete flow of data generation from IoT devices, processing at edge agents, and storage on edge servers. In this way, the edge proxy layer collects and aggregates important or useful data, and then submits it to general-purpose computing nodes in a unified format. After the identity of the edge proxy layer and the legitimacy of the data are verified, the block can be recorded on the public blockchain. The original data in the general-purpose computing node is stored in the data block of the general-purpose computing node, not in the original data block of the general-purpose computing node. If the current general computing node cannot provide the resources required to complete the task, the task information can be packaged into blocks and published on the blockchain network for help.

Those skilled in the art can understand that the accompanying drawing is only a schematic diagram of a preferred implementation scenario, and the modules or processes in the accompanying drawing are not necessarily necessary to implement the present invention.

Those skilled in the art can understand that the modules in the device in the implementation scenario may be distributed in the device in the implementation scenario according to the description of the implementation scenario, or may be located in one or more devices different from the implementation scenario with corresponding changes. The modules of the above implementation scenarios may be combined into one module, or may be further split into multiple sub-modules.

The above serial numbers of the present invention are only for description, and do not represent the pros and cons of the implementation scenarios.

The above disclosures are only a few specific implementation scenarios of the present invention, however, the present invention is not limited thereto, and any changes that can be conceived by those skilled in the art should fall within the protection scope of the present invention.

Claims (9)

1. an edge computing network system based on block chain, is characterized in that, comprises: terminal, is provided with the edge agent layer of private block chain, is provided with the edge service layer of public block chain and cloud computing center; Wherein, The terminal is connected to the edge service layer through the edge proxy layer; the edge service layer is connected to the cloud computing center; The edge proxy layer is used to judge whether the accessed terminal is an authenticated terminal according to the identity information of the authenticated terminal in the private blockchain; if the judgment result is yes, execute data transmission and reception of the terminal; The edge service layer is used to authenticate the edge proxy layer through the identity authentication function in the public blockchain, and if the authentication is passed, execute the request of the terminal; the edge service layer consists of multiple edges. It consists of service nodes. The edge service nodes are divided into general computing nodes and repository nodes. The general computing nodes need to be accessed through smart contracts; For the operation of the private blockchain, a plurality of the general-purpose computing nodes are connected to and maintain the public blockchain; the general-purpose computing nodes store blockchain information, and the blockchain information includes data index information; The repository node is used to store the data corresponding to the index information. 2. The network system of claim 1, wherein the terminal comprises a sensor for sensing an external environment and/or an actuator for converting commands into physical actions. 3. The network system according to claim 1, wherein the edge proxy layer is composed of a plurality of proxy nodes; the proxy nodes are connected with the terminal in a wireless or wired manner; The proxy node provides the front-end interactive interface of the application, so that the user can set authentication credentials, access the back-end program, communicate service requests, receive service results and manage the terminal; The proxy node is used to control resource requests according to traffic and affordability; The proxy node is also used to filter the received service data and convert it into a common format; The proxy node is also used for large-scale data processing, and the edge proxy node forwards the data to other computing instances in the private blockchain network. 4. The network system according to claim 3, wherein a proxy component is provided in the proxy node; the proxy component comprises: a function mapping module, a device registration module, a blockchain authentication module, and a high-speed channel; wherein , The function mapping module is used to obtain the information and addresses of each application on the edge server, manage the mapping information of different applications on the edge server, and transmit the application information and application data to the task queue of the edge server; The device registration module is configured to register the terminal; The blockchain authentication module is used to implement two-way authentication between the application on the edge server and the terminal; The high-speed channel is used to connect the cloud computing center. 5. The network system of claim 1, wherein the general computing node uses a vector clock to achieve synchronization; when executing a command, the general computing node interacts with an associated proxy node in a one-to-one manner The general-purpose computing node executes at most one application at a time; The repository node provides an interface for instant access and analysis of historical data, and the repository node manages all data in a log-structured manner. 6. The network system according to claim 5, wherein a computing component is provided in the general computing node, and the computing component comprises: a task queue module, a monitoring unit, an application executor, and a security control module; wherein, The task queue module includes a collection of multiple queues for scheduling tasks between different queues; The monitoring unit is used to monitor the free/busy state of computer resources; it is also used to enter an emergency state when it is detected that the resource load exceeds a predetermined threshold or an uncertain failure occurs; it is also used to set the The context and the data source known by the task are defended, and a transaction request is generated and sent to the smart contract in the public blockchain; the application executor is used to execute a task; The security control module is used to ensure data security of the application executor. 7. The network system according to claim 5, wherein a storage module is provided in the storage repository node, and the storage module comprises: a certification center, a mirror directory module, a database, a high-speed buffer, a mirror file area, Identity information area, cloud extender; among them, The authentication center is used to store the authentication credentials of the general computing node whose initialization is set; it is also used to encrypt and decrypt the data in the database; it is also used to regularly update its own image in the cloud computing center; The mirror directory module is used to store the information of the mirror file, and is also used to connect the application executor on the general computing node; the database for storing data of the terminal, the application executor and the cloud extender; The high-speed buffer is used to store data whose frequency is higher than the preset value; The image file area is used to store the image file of the application; The identity information area is used to obtain the verification result of the certification center, and is synchronously associated with the cloud extender; The cloud extender is used to extend application specifications, transmit security attributes and exchange data. 8 . The network system according to claim 1 , wherein the cloud computing center is configured to process data that overloads the edge service layer or the edge service layer when the edge service layer is overloaded or service requirements tolerate delay. 9 . Serve. 9 . The network system according to claim 1 , wherein the private blockchain further stores request records and instruction records of the terminal, so that all operations of the terminal can be traced to the source. 10 .

Images