Description:FORM 2
THE PATENTS ACT, 1970
(39 OF 1970)
&
THE PATENTS RULES, 2003
COMPLETE SPECIFICATION
[SEE SECTION 10, RULE 13]

SYSTEMS AND METHODS FOR TAMPER DETECTION OF DATA;

GPS RENEWABLES PVT LTD., A CORPORATION ORGANISED AND EXISTING UNDER THE LAWS OF INDIA, WHOSE ADDRESS IS-L142, 4th Floor, 5th Main, 6th Sector, HSR Layout, Bangalore 560102.

THE FOLLOWING SPECIFICATION PARTICULARLY DESCRIBES THE INVENTION AND THE MANNER IN WHICH IT IS TO BE PERFORMED.

FIELD OF THE INVENTION
[0001] The present invention relates to tamper detection, and more particularly relates to systems and methods for tamper detection of data.
BACKGROUND OF THE INVENTION
[0002] Now a days, industrial projects are expanding at a very fast pace across domains and jurisdictions. It is imperative for all the machinery at the industrial projects to be well organized in order to provide the desired results. In addition, while operating the machines, relevant data generated from the machines are required to be accurately measured/calculated and stored securely. The systems are required to be highly secure in order to ensure integrity of data is maintained. For example, industrial automation systems (SCADA and other electromechanical units) and climate sensors generate real time industrial project data. Maintaining the integrity of this data is a key factor in projects that are registered under voluntary carbon markets.
[0003] Despite implementing highly secure systems, these existing systems do not provide end to end data integrity assurance for dynamic data generated from these machines in industrial projects. The key technical problems faced is to ensure a high level of end-to-end data integrity from the sensors all the way till the point of use of data. This requires expertise across multiple disciplines from data sensors, SCADA systems, machine learning, blockchain and software. Even if there are expert systems in place across multiple disciplines, analyzing the data and tamper detection may still be error prone and a cumbersome task.
[0004] In view of the above, there is a dire need for efficient systems and methods that may be easily implemented in industrial projects for tamper detection.
SUMMARY OF THE INVENTION
[0005] One or more embodiments of the present invention, provide a system and method for tamper detection of data.
[0006] In one aspect of the invention, a system for tamper detection of data is provided. The system comprises a detection unit including a plurality of sensors, configured to detect operational parameters of an entity; a controller including a trained module, in communication with the detection unit, the controller configured to: categorize received data records pertaining to the operational parameters from the detection unit as input data records and output data records; filter non-anomalous input data records based on comparison of each of the input data records with a corresponding trained dataset; assign a confidence value to each of the non-anomalous input data record; and generate an initial hash key for each of the non-anomalous input data record; a verification system in communication with the controller, configured to: compare an instant hash key generated for the at least one of a non-anomalous input data record of interest with the initial hash key generated for the corresponding non-anomalous input data record; and notify tamper detection of the at least one of the non-anomalous input data record of interest in response to the instant hash key not matching with the initial hash key.
[0007] In yet another aspect of the invention, a method for tamper detection of data is provided. The method comprises the steps of, detecting, by a detection unit, operational parameters of an entity; categorizing, by a controller, received data records pertaining to the operational parameters from the detection unit as input data records and output data records; filtering, by the controller, non-anomalous input data records based on comparison of each of the input data records with a corresponding trained dataset; assigning, by the controller, a confidence value to each of the non-anomalous input data record; generating, by the controller, an initial hash key for each of the non-anomalous input data record; comparing, by a verification system, an instant hash key generated for the at least one of a non-anomalous input data record of interest with the initial hash key generated for the corresponding non-anomalous input data record; and notifying, by the verification system, tamper detection of the at least one of the non-anomalous input data record of interest in response to the instant hash key not matching with the initial hash key.
[0008] Other features and aspects of this invention will be apparent from the following description and the accompanying drawings. The features and advantages described in this summary and in the following detailed description are not all-inclusive, and particularly, many additional features and advantages will be apparent to one of ordinary skill in the relevant art, in view of the drawings, specification, and claims hereof. Moreover, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter, resort to the claims being necessary to determine such inventive subject matter.
BRIEF DESCRIPTION OF THE DRAWINGS
[0009] Reference will be made to embodiments of the invention, examples of which may be illustrated in the accompanying figures. These figures are intended to be illustrative, not limiting. The accompanying figures, which are incorporated in and constitute a part of the specification, are illustrative of one or more embodiments of the disclosed subject matter and together with the description explain various embodiments of the disclosed subject matter and are intended to be illustrative. Further, the accompanying figures have not necessarily been drawn to scale, and any values or dimensions in the accompanying figures are for illustration purposes only and may or may not represent actual or preferred values or dimensions. Although the invention is generally described in the context of these embodiments, it should be understood that it is not intended to limit the scope of the invention to these particular embodiments.
[0010] FIG. 1 is a block diagram of a system for tamper detection of data, according to one or more embodiments of the present invention;
[0011] FIG. 2 is a block diagram of the system of FIG. 1, according to one or more embodiments of the present invention; and
[0012] FIG. 3 illustrates a flowchart of a method for tamper detection of data, according to one or more embodiments of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
[0013] Reference will now be made in detail to specific embodiments or features, examples of which are illustrated in the accompanying drawings. Wherever possible, corresponding or similar reference numbers will be used throughout the drawings to refer to the same or corresponding parts. References to various elements described herein, are made collectively or individually when there may be more than one element of the same type. However, such references are merely exemplary in nature. It may be noted that any reference to elements in the singular may also be construed to relate to the plural and vice-versa without limiting the scope of the invention to the exact number or type of such elements unless set forth explicitly in the appended claims. Moreover, relational terms such as first and second, and the like, may be used to distinguish one entity from the other, without necessarily implying any actual relationship or between such entities.
[0014] Various embodiments of the invention provide systems and methods for tamper detection of data. The present invention is configured to provide efficient systems and methods for tamper detection of data, thereby ensuring integrity of data is maintained.
[0015] The present invention provides an efficient system and method for tamper detection of data, which can be implemented in complex industrial plants where carbon credit issuance is dependent on the data being protected from tampering.
[0016] The system and method for tamper detection of the present invention may be utilized for applications preferably for industrial projects. However, this should not be construed as limiting the scope of the invention as the present invention may be utilized for other domains as well.
[0017] Fig. 1 illustrates a block diagram of a system 100 for tamper detection of data. The system 100 includes a detection unit 105, a controller 110, a verification system 115 and a blockchain storage system 120.
[0018] The detection unit 105, the controller 110, the verification system 115 and the blockchain storage system 120 communicate with each other over a communications network 125.
[0019] The communications network 125 may be one of, but not limited to, local area network (LAN) cable, wireless local area network (WLAN), cellular, or satellite.
[0020] In an embodiment, the detection unit 105 includes a plurality of sensors 205. In the industrial project set up, each of the plurality of sensors 205 are placed at strategic locations of the set up. For example, in a biogas plant, each of the plurality of sensors are placed at strategic locations such as input and output slots in order to measure operational parameters of an entity such as the biogas plant. Operational parameters of the biogas plant may be at least one of, but not limited to, solids fed into the plant, power consumption by the plant, volume of gas generated, etc.
[0021] In an embodiment, the detection unit may also be part of an Internet of Things (IOT) system, which is implemented in the industrial project.
[0022] In an embodiment, the plurality of sensors 205 may be at least one of, but not limited to, temperature sensor, proximity sensor, accelerometer, climate sensor, pressure sensor, infrared sensor, etc.
[0023] The controller 110 includes a trained module 210 as shown in FIG. 1.
[0024] In an embodiment, the trained module 210 is an Artificial Intelligence/Machine Learning module. The trained module has learnt various patterns of a dataset over a pre-defined time period. Further, the trained module also has the capability to learn new patterns when implemented practically.
[0025] At the outset, the controller 110 which is in communication with the detection unit 105, is configured to receive data records pertaining to operational parameters as detected by the plurality of sensors 205 of the detection unit 105.
[0026] In an embodiment, the data records pertaining to the operational parameters are stored at a memory 130 or any similar storage systems once detected by the detection unit 105. The controller 110 is configured to fetch the data records from the memory 130 and categorize the data records as input data records and output data records.
[0027] In a preferred embodiment, the controller 110 categorizes the received data records as input data records in response to analyzing that the received data records are representative of an input measure in relation to at least one output data record. For example, in a biogas plant set-up scenario, if at least one data record of the received data records is related to an input measure such as total solids fed into the biogas plant or power consumption by the biogas plant, then the controller categorizes the received data records as input data records.
[0028] Similarly, the controller 110 categorizes the received data records as output data records in response to analyzing that the received data records are representative of an output measure in relation to at least one input data record. Taking the same example indicated above into consideration, if the controller has categorized the input data record based on input measure such as amount of solids fed into the biogas plant or power consumption as the input data records, then the controller 110 may categorize the operational parameter such as volume of gas generated as the output data record.
[0029] Further, the controller 110 is configured to compare the input data records with a corresponding trained dataset obtained from the trained module 210 in order to filter one or more non-anomalous input data records from anomalous data records. For example, if the input data records related to power consumption by the biogas plant are collected dynamically while the plant is running, the controller 110 filters the non-anomalous input data records pertaining to power consumption by comparing with a corresponding trained dataset of ideal power consumption data records. The ideal power consumption data records may be considered ideal for operating the biogas plant by analyzing the power consumption data records over a period of time by the trained module.
[0030] In an embodiment, the non-anomalous data records are data records with characteristics which are not unusual in nature in relation to a particular parameter. As indicated above, in the case of non-anomalous data records pertaining to power consumption include those records which are not unusual or irregular in nature.
[0031] Once the non-anomalous input data records are filtered, a confidence value is assigned to each of the non-anomalous input data record. In an embodiment, the confidence value assigned to each of the non-anomalous input data record is based on a level of relevancy of the respective data record in relation to the output data record. For example, the level of relevancy of amount of solids fed into the biogas plant may have a higher level of relevancy than the temperature of operating the biogas plant.
[0032] In a preferred embodiment, the level of relevancy of each non-anomalous input data record is based on clustering of trustable values and calculating distance of a new value from the clustered trustable values in an n-dimensional space. The trustable values are values of non-anomalous input data records which are stored by the trained module 210. For example, in case of trustable values which are clustered, a distance is calculated between each new value of the non-anomalous input data record with the clustered trustable values. In the event, the distance between the new value of the non-anomalous input data record and the clustered trustable values is of a pre-defined length or pre-defined range of length, a corresponding level of relevancy is assigned for the same. Based on the level of relevancy, the confidence value is assigned for the non-anomalous input data record. For example, each level of relevancy is defined in terms of a corresponding confidence value. Below indicated is a statistical approach of determining level of relevancy of the non-anomalous input data record:
[0033] One-Class Support Vector Machine (SVM) with a kernel function can estimate the probability of a new data point belonging to the same class as the training data including trustable values. Let's denote the training data as X = {x_1, ..., x_n}, where x_i is a d-dimensional feature vector.
One-Class SVM can use different kernel functions, such as the Gaussian kernel and the polynomial kernel, to map the data into a higher-dimensional feature space. The Gaussian kernel can be written as:
K(x_i,x)=exp(-gammax_i-x^2),
where gamma is a hyperparameter that controls the width of the kernel. The polynomial kernel can be written as:
K(x_i,x)=(gamma*+coef0)^degree, where gamma, coef0, and degree are hyperparameters.
The decision function f(x) measures the distance of the input data point x to the hyperplane that separates inliers from outliers in the feature space. It can be written as:
f(x)=sgn(g(x)-rho),
where g(x) is the signed distance of x to the hyperplane and rho is a threshold value.
g(x) can be written as:
g(x)=sum(alpha_i*K(x_i,x))+b, where alpha_i are the coefficients of the support vectors x_i, K(x_i, x) is the kernel function that measures the similarity between x_i and x, and b is the bias term.
The probability estimate can be obtained using Platt scaling, which converts the decision function f(x) into a probability value between 0 and 1. It can be written as:
P(x) = 1 / (1 + exp(A*f(x) + B)),
where A and B are the coefficients learned from the training data.
[0034] Pursuant to assigning the confidence value for each of the non-anomalous input data record based on the respective level of relevancy, an initial hash key is generated for all the non-anomalous input data records.
[0035] In an embodiment, the initial hash key generated is for a pre-defined time period. The pre-defined time period may be for example for a day.
[0036] In an alternate embodiment, the initial hash key may be generated for a pre-defined number of non-anomalous input data records filtered.
[0037] The hash key may be set of alphanumeric characters that is generated using a hash function by the controller.
[0038] In a preferred embodiment, the controller 110 is configured to selectively store at least one of the non-anomalous input data record at the blockchain storage system 120 or storage unit having the confidence value equal or greater than a pre-determined threshold confidence value. While storing the selected non-anomalous input data record, the controller 110 also combines the respective initial hash key and the confidence value. Advantageously, only relevant non-anomalous input data records in relation to the output data records are stored in the blockchain, thereby increasing the efficiency to detect any tamper activity. In addition, the controller 110 may also store a signature along with the initial hash key, the respective confidence value and the non-anomalous input data record at the blockchain storage system 120 in order to enhance security of the non-anomalous input data record.
[0039] In an alternative embodiment, each of the non-anomalous input data record along with the corresponding initial hash key and the confidence value are stored at the blockchain storage system 120 or the storage unit irrespective of the confidence value being greater or lesser than the pre-determined threshold confidence value.
[0040] Once the non-anomalous input data records are stored in the blockchain storage system 120, third party users may use the verification system 115 as shown in FIG. 1 to check for tamper detection of data. In an embodiment, the party which initiates the storage of non-anomalous input data records at the blockchain storage system 120 may be different from the party which would like to check for tamper detection of data. For example, let us consider that party A has ensured that the non-anomalous input data records are stored at the blockchain storage system 120. Party A will have to provide to party B, the relevant details of the data stored at the blockchain storage system 120 or indicate in which chain of the blockchain storage system 120 does the data reside. Party B using the verification system 115 which includes a processor/microprocessor may check for tamper detection of data, if any. The verification system 115 is configured to first select a non-anomalous input data record of interest from the storage unit or the blockchain storage system 120. In an embodiment, the user of the verification system 115 may pre-define the criteria for selecting the non-anomalous input data record of interest.
[0041] In a preferred embodiment, the user may pre-define that only such non-anomalous input data record of interest is selected from the blockchain storage system 120 which has the confidence value greater than the pre-determined threshold confidence value. Based on the pre-defined criteria, the non-anomalous input data record of interest is selected by the verification system 115. Thereafter, an instant hash key is generated for the same. Thereafter, the instant hash key generated is compared with the initial hash key generated initially for the respective non-anomalous input data records stored at the blockchain storage system 120. In the event, the instant hash key doesn’t match with the initial hash key for the corresponding non-anomalous input data record of interest, the verification system 115 notifies via a display that a tamper detection has occurred. Advantageously, the system 100 ensures that only relevant tamper detection notifications for non-anomalous input data records having the confidence value greater than the pre-determined threshold confidence value, are sent to the user of the system 100, thereby maintaining the system 100 efficient. In the event a tamper detection is detected for a non-anomalous input data record which has a confidence value below the pre-determined threshold confidence value, then the verification system 115 may not notify that tamper has been detected since the non-anomalous input data record is not relevant to the output data record due to low confidence value.
[0042] In an alternate embodiment, any non-anomalous input data record may be selected which is of interest to the system or the user, without considering the corresponding confidence value. In this situation, the verification system 115 may issue notifications of tamper detection in case the instant hash key doesn’t match with the initial hash key of the respective non-anomalous input data record. In addition, while issuing the tamper detection notifications, the verification system may also indicate whether the tamper detection has occurred for the non-anomalous input data record having the confidence value greater than or lesser than the pre-determined threshold confidence value. Advantageously, the system 100 ensures that a detailed tamper notification is communicated to the user. This kind of detailed tamper detection notification issued by the system 100, provides the user flexibility to take informed decision on resolving the issue.
[0043] In an embodiment, the pre-determined threshold confidence value is generated dynamically by the controller after expiration of a pre-defined time period.
[0044] In an embodiment, the notifications may be sent to a user via the display such as, but not limited to, a mobile phone.
[0045] The controller 110 of the system 100 is the controller that may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the processor is configured to fetch and execute computer-readable instructions stored in the memory.
[0046] In an embodiment, the blockchain storage system 120 may be a distributed database shared among a computer network’s nodes. Storing data on the blockchain storage system 120 facilitates in ensuring the data is secure.
[0047] Further, the memory 130 referred herein, in general includes memory and any other storage means and/or units may include any computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes.
[0048] FIG. 3 shows a flowchart of a method for tamper detection of data. For the purpose of description, the method is described with the embodiments as illustrated in Fig. 1 to Fig. 2. The method comprises the steps as indicated below:
[0049] At step 305, detecting, by a detection unit, operational parameters of an entity.
[0050] At step 310, categorizing, by a controller, received data records pertaining to the operational parameters from the detection unit as input data records and output data records.
[0051] At step 315, filtering, by the controller, non-anomalous input data records based on comparison of each of the input data records with a corresponding trained dataset.
[0052] At step 320, assigning, by the controller, a confidence value to each of the non-anomalous input data record.
[0053] At step 325, generating, by the controller, an initial hash key for the non-anomalous input data records filtered for a pre-defined time period.
[0054] At step 330, selecting, by a verification system, at least one non-anomalous input data record of interest for tamper detection.
[0055] At step 335, comparing, by a verification system, an instant hash key generated for the at least one of a non-anomalous input data record of interest with the initial hash key generated for the corresponding non-anomalous input data records.
[0056] At step 340, notifying, by the verification system, tamper detection of the at least one of the non-anomalous input data record of interest in response to the instant hash key not matching with the initial hash key
[0057] While aspects of the present invention have been particularly shown and described with reference to the embodiments above, it will be understood by those skilled in the art that various additional embodiments may be contemplated by the modification of the disclosed machines, systems and methods without departing from the scope of what is disclosed. Such embodiments should be understood to fall within the scope of the present invention as determined based upon the claims and any equivalents thereof.
, Claims:We Claim:
1. A system for tamper detection of data, the system comprising:
a detection unit including a plurality of sensors, configured to detect operational parameters of an entity;
a controller including a trained module, in communication with the detection unit, the controller configured to:
categorize received data records pertaining to the operational parameters from the detection unit as input data records and output data records;
filter non-anomalous input data records based on comparison of each of the input data records with a corresponding trained dataset;
assign a confidence value to each of the non-anomalous input data record; and
generate an initial hash key for the non-anomalous input data records filtered for a pre-defined time period;
a verification system in communication with the controller, configured to:
select at least one non-anomalous input data record of interest for tamper detection;
compare an instant hash key generated for the at least one of a non-anomalous input data record of interest with the initial hash key generated for the corresponding non-anomalous input data records; and
notify tamper detection of the at least one of the non-anomalous input data record of interest in response to the instant hash key not matching with the initial hash key.

2. The system as claimed in claim 1, wherein the confidence value assigned to each of the non-anomalous input data record is based on a level of relevancy of the respective data record in relation to the output data record.

3. The system as claimed in claim 1, wherein the level of relevancy of each non-anomalous input data record is based on clustering of trustable values and calculating distance of a new value of the non-anomalous input data record from the clustered trustable values in a n-dimensional space.

4. The system as claimed in claim 1, wherein the data records are categorized as input data records when the said data records are representative of an input measure in relation to at least one output data record.

5. The system as claimed in claim 1, wherein the controller is further configured to one of:
selectively, store at least one of the non-anomalous input data record at the blockchain storage system having the confidence value greater than a pre-determined threshold confidence value; and
store each of the non-anomalous input data record along with the corresponding initial hash key and the confidence value at a blockchain storage system.

6. The system as claimed in claim 1, wherein the controller is configured to generate the initial hash key for the non-anomalous input data records having the confidence value equal to or greater than the pre-determined threshold confidence value.

7. The system as claimed in claim 1, wherein the controller is configured to dynamically generate the pre-determined threshold confidence value after expiration of a pre-defined time period.

8. The system as claimed in claim 1, wherein the controller is configured to select the at least one non-anomalous input data record of interest for tamper detection depending on the respective confidence value being greater than or equal to a pre-determined threshold confidence value.

9. A method for tamper detection of data, the method comprising the steps of:
detecting, by a detection unit, operational parameters of an entity;
categorizing, by a controller, received data records pertaining to the operational parameters from the detection unit as input data records and output data records;
filtering, by the controller, non-anomalous input data records based on comparison of each of the input data records with a corresponding trained dataset;
assigning, by the controller, a confidence value to each of the non-anomalous input data record;
generating, by the controller, an initial hash key for the non-anomalous input data records filtered for a pre-defined time period;
selecting, a verification system at least one non-anomalous input data record of interest for tamper detection;
comparing, by the verification system, an instant hash key generated for the at least one of a non-anomalous input data record of interest with the initial hash key generated for the corresponding non-anomalous input data records; and
notifying, by the verification system, tamper detection of the at least one of the non-anomalous input data record of interest in response to the instant hash key not matching with the initial hash key.