CN101867530B - Things-internet gateway system based on virtual machine and data interactive method - Google Patents
Things-internet gateway system based on virtual machine and data interactive method Download PDFInfo
- Publication number
- CN101867530B CN101867530B CN201010188081A CN201010188081A CN101867530B CN 101867530 B CN101867530 B CN 101867530B CN 201010188081 A CN201010188081 A CN 201010188081A CN 201010188081 A CN201010188081 A CN 201010188081A CN 101867530 B CN101867530 B CN 101867530B
- Authority
- CN
- China
- Prior art keywords
- module
- virtual machine
- user
- data
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a things-internet gateway system based on a virtual machine and a data interactive method, which mainly solves the safety integration problem of a things-internet user network and a service provision network. In the system, a virtual machine monitor is built on a hardware layer of the gateway, and a safety virtual machine and a service virtual machine are arranged on the virtual machine monitor, so as to separate different functional modules. The safety virtual machine comprises a secret key management module, an authentication module, an encryption and decryption module, an information processing module and a judgment module; the service virtual machine comprises a multi-network interface module, a user management module, an information management module, a perception node management module and an information publishing module; restricted data is transmitted among the virtual machines by a safety data channel in the virtual machine monitor, the safety virtual machine has no external interface, and users only can access the service virtual machine; in the invention, the safety of the things-internet gateway is improved, security protocol integration difficulty among different networks in the things internet is reduced, and the system is suitable for integration of different networks in the things internet.
Description
Technical field
The invention belongs to communication technical field, relate to gateway structural design and use in the Internet of Things, specifically is a kind of Internet of Things Convergence gateway system and method for using based on virtual machine technique, communication that is applied to merge between heterogeneous networks in the Internet of Things and security fields.
Background technology
" Internet of Things " this notion is on the basis of the Internet notion, and its user side is extended and expands between any article and the article, carries out information exchange and a kind of network concept of communicating by letter.Wherein wireless sensor network, RFID network etc. are as terminal induction network; Interconnected with existing Internet network or cordless communication network; Be connected actual article with the Internet through respective protocol, carry out the notion of information exchange and a kind of network configuration of communicating by letter.Internet of Things comes from the research to radio sensing network the earliest.2005, International Telecommunication Union formally proposed the notion of " Internet of Things ".
Internet of Things is considered to have " more thorough perception; interconnect widely; more deep intellectuality "; The Internet of Things industry is considered to the information technology tide again after computer industry, communications industry, and predict according to authoritative institution: following Internet of Things industry will be 30 times of Internet industry.Internet of Things can be applied to many industries and fields such as intelligent identification, location, tracking, monitoring and management.All begun to have carried out application progressively at aspects such as wired home, health care, environmental monitorings.And along with the proposition of notions such as " perception China ", " the wisdom earth ", Internet of Things has got into the stage of accelerated development, begins to carry out application in a big way gradually.
" virtual machine " can be traced back to the VM/370 of IBM the earliest.Use virtual machine technique on a physical computer, simulating one or more virtual computer, these virtual machines carry out work just as real computer that kind fully.And because virtual machine technique can the different application of good isolation, it can be used to isolate the application of different fail safes, and then prevents that comparatively dangerous application from exerting an adverse impact to the higher application of security requirement.Therefore at secure context some research and explorations based on the safety approach of virtual machine have been arranged.
Existing Internet of Things network research is few for the research of gateway structure, for the research of gateway security structure still less.Because Internet of Things is the network configuration that a kind of many nets merge, some important perception informations will be at public legacy network, and as transmitting in Internet or the mobile communications network, so fail safe is very important for the realization of Internet of Things.Gateway is owing to be the key position that merges, and its fail safe is extremely important.If effectively security information and the security process in the service use of separate users and the gateway then makes gateway be subjected to be directed to this malicious attack probably.And because the difference of security protocol between heterogeneous networks in the Internet of Things, the fusion difficulty between different security protocols is bigger.If can not on the gateway structure of a safety, accomplish the transfer process of security protocol simultaneously, the fail safe of these security protocols is all greatly reduced.
Summary of the invention
The present invention is in order to address the above problem; A kind of things-internet gateway system and data interactive method thereof based on virtual machine proposed; Effectively to isolate security information and security process with user and external interface; Improve the fail safe of gateway, simplified variant network security fusion difficulty in the Internet of Things simultaneously, improve overall security such as Internet of Things.
For realizing above-mentioned purpose; Things-internet gateway system of the present invention; Comprise multi-network interface module, information issuing module, user management module, information management module, sensing node administration module, message processing module, key management module, authentication module and encryption and decryption module; Wherein: built virtual machine monitor on the hardware layer of gateway, on virtual machine monitor, set up secure virtual machine and service virtual machine; Described key management module, authentication module encryption and decryption module and message processing module are arranged in the secure virtual machine; Described multi-network interface module, user management module, information management module, sensing node administration module and information issuing module are arranged in the service virtual machine, to realize the isolation to plaintext, key, encryption and decryption process, verification process and information process and user and external interface.
Transmit restricted data through the safe data channel in the virtual machine monitor between described secure virtual machine and the service virtual machine, this restricted data only comprises the authentication information of data ciphertext, user data requirement, more new demand, subscriber identity information, node identity information and user and node.
Described service virtual machine is through multi-network interface module correspondence with foreign country, and secure virtual machine does not have external communication interface, and promptly the user can only the access services virtual machine, can't the access security virtual machine.
Be provided with determination module in the described secure virtual machine; Be used to judge that the data demand whether user is arranged, the warning of sensing node require or more new demand; When new demand more, the sensing node administration module in the notification service virtual machine sends the Data Update requirement to sensing node; When user data requirement or the requirement of sensing node warning message, send user identity ID
UGive the encryption and decryption module and require information temporary in its encryption safe virtual machine.
For realizing above-mentioned purpose, the present invention is based on the things-internet gateway data interactive method of virtual machine, comprise the steps:
(1) user is through multi-network interface module IAD; User management module obtains the user through the multi-network interface module and belongs to network information Field, and user authentication information is sent to the authentication module of secure virtual machine, the authentication module identifying user identity authentication information of secure virtual machine; And will verify that the result sends to user management module; If user authentication information checking is correct, success identity user then, user management module is with user instruction, identity ID
UBelong to network information Field with the user and be transmitted to information management module, otherwise to user's denial of service;
(2) information management module is made configuration according to the control information in the user instruction, with data demand and the user identity ID in the instruction
USend to the determination module of secure virtual machine through safe data channel, and according to the user configured time to the requirement of determination module timed sending Data Update;
(3) whether determination module is according to having data demand or alarm requirement generation to require the encryption and decryption module to carry out the notice of data encryption; If do not require, then data temporary in the secure virtual machine are not carried out cryptographic operation, if requirement is arranged; Then produce the notice that requires the encryption and decryption module that the data that are temporarily stored in secure virtual machine are encrypted; Whether this moment is according to having more new demand to carry out the renewal of temporal data, if not more new demand is then sent the notice that produces and required related user identity ID
UTo the encryption and decryption module,, then Update Information through sensing node administration module notice sensing node if more new demand is arranged;
(4) after the encryption and decryption module is received the notice of determination module, according to the user identity ID that receives
UInquiring user communication key K in key management module
UT, and use K
UTData message temporary in the virtual machine is encrypted, sent the data ciphertext through safe data channel afterwards and give information management module;
(5) information management module belongs to network information Field and user identity ID with data ciphertext, user
USend to information issuing module, information issuing module is according to user's identity ID
UWith place network information Field, select to send network through the multi-network interface module, the data cipher-text information is sent to the user;
(6) sensing node is received when Updating Information of step (3) requires perhaps to perceive incident; Insert the sensing node administration module through the multi-network interface module, the sensing node administration module sends to the authentication module of secure virtual machine, the authentication module checking node authentication information of secure virtual machine with the sensing node authentication information; And will verify that the result sends to the sensing node administration module; If identity information checking is correct, then think authentication success, with information data ciphertext and sensing node identity ID
NSend to the encryption and decryption module of secure virtual machine, otherwise refusal is accepted the data of sensing node;
(7) the encryption and decryption module is received after the data ciphertext according to sensing node identity ID
NInquiry sensing node communication key K in key management module
NT, and use K
NTTo decrypt ciphertext, send data and expressly give data processing module;
Whether (9) data processing module expressly merges data, and the data processing after will merging is after being easy to standardized data format that the user uses, according to being that warning information is operated; If warning information is then kept in the data after handling, and alarm is required to send to determination module; Return step (3), if not warning information does not then send the alarm requirement; Data after temporary the processing are returned step (3).
The present invention has following advantage:
1) the present invention is owing to proposed a kind of things-internet gateway system structure based on virtual machine; Through on virtual machine monitor, setting up the mode of service virtual machine and secure virtual machine; Plaintext, key, data handling procedure, encryption and decryption process and verification process and user and external interface are isolated; Guarantee that user and external program can't improve fail safe to the directly visit of secure virtual machine part;
2) the present invention is owing to used the structure of isolating; Do not require user equipment network and the identical cryptographic algorithm agreement of sensing node network use; Conversion process safety in gateway of the present invention of concrete security protocol is realized; Simplified the fusion between security protocol between heterogeneous networks, applicability has preferably been arranged in many nets are fused to main Internet of Things;
Description of drawings
Fig. 1 is an application scenarios sketch map of the present invention;
Fig. 2 is the things-internet gateway system structural representation that the present invention is based on virtual machine;
Fig. 3 is based on the things-internet gateway data interactive method flow chart of virtual machine among the present invention.
Embodiment
The applied scene of the present invention is as shown in Figure 1; Serving in Internet of Things based on the things-internet gateway system of virtual machine provides between network and the communication networks such as Internet or mobile communications network; Service provides network; Like wireless sensor network, RFID network, comprise a large amount of sensing nodes, and the user communicates through Internet or mobile communications network mainly.Things-internet gateway provides the sensing node in the network to communicate by letter through the multi-network interface module with service; And through multi-network interface module access Internet or mobile communications network; The user passes through various network access way access Internet or mobile communications network separately, communicates by letter with things-internet gateway.
Service provides a large amount of sense node in the network respectively the incident in the geographic range separately to be carried out perception; And send to things-internet gateway to perception data; Gateway is accomplished the conversion of data frame format between heterogeneous networks and the conversion of security protocol, and data are carried out the processing of data fusion and standardized format.Gateway is selected the suitable network interface according to the network at user place afterwards, and data encrypted is sent to the user through gateway authentication.
The present invention proposes things-internet gateway system based on virtual machine, and based on the things-internet gateway data interactive method of virtual machine,
With reference to Fig. 2, the present invention is based on the things-internet gateway system of virtual machine, be on the hardware layer of things-internet gateway, to have built virtual machine monitor, on virtual machine monitor, built two virtual machines, comprise secure virtual machine and service virtual machine.Two virtual machine inside comprise functional module separately.The internal module of two virtual machines is isolated each other; Only can be through the mutual limited data of the safe data channel in the virtual machine monitor, these data only comprise the authentication information of data ciphertext, user data requirement, more new demand, subscriber identity information, node identity information and user and node.
Described service virtual machine mainly is responsible for the management of many Network Management, user and sensing node and the issue of information, and it is the directly virtual machine of visit of user, has external interface.The module that comprises in this service virtual machine has: multi-network interface module, user management module, sensing node administration module, information management module and information issuing module.This multi-network interface module, be responsible for many networks agreement realize and be communicated with; This user management module is responsible for the management of gateway to the user, under the help of secure virtual machine authentication module, the user is carried out authentication and to the forwarding of the user instruction that receives; This sensing node administration module is responsible for the management of sensing node, under the help of secure virtual machine authentication module, sends to secure virtual machine to the sensing node authentication and with the data ciphertext that node sends; This information management module is responsible for management of information, according to user's the determination module transmission user data requirement and more new demand of instruction in secure virtual machine, and accepts the ciphertext that secure virtual machine sends; This information issuing module is responsible for the data ciphertext is distributed to the user according to user network Information Selection suitable network.
Described secure virtual machine mainly is responsible for management and the storage expressly of key and data, and it is a virtual machine of forbidding user capture, does not have external interface.The module that comprises in this secure virtual machine has: key management module, encryption and decryption module, authentication module, message processing module and determination module.This key management module is responsible for the management of key, is used to store communication key and authenticate key with inquiring user and sensing node; This encryption and decryption module is responsible for accomplishing the encryption and decryption process according to telex network key or sensing node communication key; This authentication module is responsible for the authenticate key according to user and sensing node, and the sensing node of access and user's authentication information are verified; This message processing module is responsible for fusion, standardization and generation alarm requirement to information; This determination module is responsible for requiring to require notice encryption and decryption module to carry out encrypted work with alarm according to user data, Updates Information according to new demand notice sensing node administration module requirement sensing node more.
With reference to Fig. 3, the data interactive method that the present invention is based on the things-internet gateway system of virtual machine technique may further comprise the steps:
Step 1, access authentication of user sends with instruction.
(1a) user inserts through the multi-network interface module, sends user instruction and authentication information and gives user management module;
(1b) user management module sends to authentication module with user authentication information through safe data channel;
(1c) the identity ID that claims through authentication information of authentication module
UIn key management module, search corresponding K
UI, the identity verification authentication information, and will verify that the result sends to user management module;
(1d) user management module is operated according to authentication information checking result, if the authentication information checking is correct, thinks that then authentification of user is successful, with user identity ID
U, user's instruction of belonging to network information Field and user sends to information management module, if the identity information authentication error is then thought user authentication failure, the user management module refusal is served the user.
Step 2, information management module is operated according to user instruction.
(2a) information management module is according to the update time of the control information configure user data demand in the user instruction, and according to sending more new demand to determination module the update time of configuration;
(2b) information management module storage user identity ID
UBelong to network information Field with the user;
Data demand during (2c) information management module will instruct and user identity ID
USend to the determination module of secure virtual machine through safe data channel.
Step 3, determination module requires to produce the notice that requires encryption and decryption module encrypt data according to data demand or alarm.
Whether determination module is followed according to current time has user data from information management module to require or requires to produce the notice that requires the encryption and decryption module to carry out data encryption from the alarm of data processing module; If user data requires and alarm requires neither to exist; Then the data that are temporarily stored in the virtual machine are not handled, proceeded step 4; If user data requires or report to the police to require both arbitrary existence, then obtain the user identity ID that relates in corresponding user data requirement or the warning requirement
UAnd produce the notice that requires the encryption and decryption module to encrypt, proceed step 4.
Step 4, determination module basis more new demand Updates Information.
Whether the determination module in the secure virtual machine has from the more new demand of information management module according to current time is upgraded data temporary in the secure virtual machine, if more new demand is arranged, then sends more new demand to the sensing node administration module, gets into step 8; If not more new demand is then with notice that requires the work of encryption and decryption module in the step 3 and the user identity ID that relates to
USend to the encryption and decryption module, get into step 5, if the notice that requires the work of encryption and decryption module of not keeping in this moment is then returned step 3.
Step 5, the encryption and decryption module is encrypted data temporary in the virtual machine.
After encryption and decryption module in the secure virtual machine is received the notice from determination module, according to the user identity ID that relates to
UIn key management module, find corresponding telex network key K
UT, and data temporary in the secure virtual machine of customer requirements are encrypted, with data encrypted and user identity ID
USend to information management module through safe data channel.
Step 6, information management module transmit the data ciphertext and user profile is given information issuing module.
(6a) information management module is in the data ciphertext and corresponding user identity ID received from secure virtual machine
UAfter, according to ID
UInquiring user place network information Field;
(6b) information management module is with user identity ID
U, the user belongs to network information Field and the data ciphertext sends to information issuing module.
Step 7, information issuing module is according to user identity ID
UBelong to network information Field with the user and in the multi-network interface module, select the suitable network interface, the data ciphertext is sent to the user.
After step 8, sensing node administration module are received the more new demand that determination module sends in the step 4, send instruction, require sensing node to Update Information to sensing node.
Step 9, sensing node access authentication and perception data ciphertext are sent.
(9a) sensing node is when the Data Update of receiving step 8 requires or perceives incident and takes place, and the ciphertext and the sensing node authentication information of perception data sent to the node administration module;
(9b) the logical authentication information with sensing node of node administration module sends to the authentication module in the secure virtual machine through safe data channel;
(9c) ID that claims through the sensing node authentication information of authentication module
NIn key management module, search authenticate key K
NI, the identity verification authentication information also sends to the sensing node administration module with the result;
(9d) the sensing node administration module is operated according to authentication information checking result, if the authentication information authentication error is then thought the sensing node authentification failure, the user management module refusal is accepted the data of sensing node; If the Information Authentication of authentication card is correct, think that then entity authentication is successful, with sensing node identity ID
NSend to secure virtual machine with the data ciphertext through safe data channel.
Step 10, the encryption and decryption module to sensing node send the data ciphertext decipher.
Encryption and decryption module in the secure virtual machine is after the data ciphertext of receiving from the sensing node administration module, according to sensing node identity ID
NIn key management module, find corresponding sensing node communication key K
NT, use K
NTThe data ciphertext is deciphered, and the data that obtain after will deciphering expressly send to message processing module.
Step 11, message processing module is expressly handled data.
(11a) message processing module expressly merges the data that step 10 produces, and the data processing after will merging is for ease of the standardized data format of user's use;
(11b) whether message processing module according to there being warning information to send alarm in the data after handling requires to determination module.If warning information is arranged, then send alarm and require to determination module, the data after handling are temporarily stored in the secure virtual machine, get into and issue after step 3 is judged; If there is not warning information, then do not send alarm and require to determination module, the data after handling are temporarily stored in the secure virtual machine, get into step 3.
Symbol description
ID
U: subscriber identity information
ID
N: the sensing node identity information
Field: the user belongs to the network information
K
UI: subscriber authentication key
K
NI: the sensing node authenticate key
K
UT: the telex network key
K
NT: the sensing node communication key.
Claims (2)
1. things-internet gateway system based on virtual machine technique; Comprise multi-network interface module, information issuing module, user management module, information management module, sensing node administration module, message processing module, key management module, authentication module and encryption and decryption module; It is characterized in that: built virtual machine monitor on the hardware layer of gateway; On virtual machine monitor, set up secure virtual machine and service virtual machine; Two virtual machine inside comprise functional module separately; The internal module of two virtual machines is isolated each other, only can be through the mutual limited data of the safe data channel in the virtual machine monitor, and these data only comprise the authentication information of data ciphertext, user data requirement, more new demand, subscriber identity information, node identity information and user and node;
Described service virtual machine; Be responsible for the management of many Network Management, user and sensing node and the issue of information; It is the directly virtual machine of visit of user; Have external interface, comprise in this service virtual machine: multi-network interface module, user management module, sensing node administration module, information management module and information issuing module;
Described secure virtual machine; Be responsible for management and the storage expressly of key and data; It is a virtual machine of forbidding user capture; Do not have external interface, comprise in this secure virtual machine: key management module, encryption and decryption module, authentication module, message processing module and determination module, this determination module are used to judge that the data demand whether user is arranged, the warning of sensing node require or more new demand; When new demand more, the sensing node administration module in the notification service virtual machine sends the Data Update requirement to sensing node; When user data requirement or the requirement of sensing node warning message, send user identity ID
UGive the encryption and decryption module and require information temporary in its encryption safe virtual machine;
Described key management module, authentication module, encryption and decryption module and message processing module are arranged in the secure virtual machine; Described multi-network interface module, user management module, information management module, sensing node administration module and information issuing module are arranged in the service virtual machine, to realize the isolation to plaintext, key, encryption and decryption process, verification process and information process and user and external interface.
2. things-internet gateway data interactive method based on virtual machine; Be on the hardware layer of things-internet gateway, to have built virtual machine monitor; Two virtual machines on virtual machine monitor, have been built; Comprise secure virtual machine and service virtual machine, two virtual machine inside comprise functional module separately, and the internal module of two virtual machines is isolated each other; Only can be through the mutual limited data of the safe data channel in the virtual machine monitor, these data only comprise the authentication information of data ciphertext, user data requirement, more new demand, subscriber identity information, node identity information and user and node; Described service virtual machine; Be responsible for the management of many Network Management, user and sensing node and the issue of information; It is the directly virtual machine of visit of user; Have external interface, the module that comprises in this service virtual machine has: multi-network interface module, user management module, sensing node administration module, information management module and information issuing module; Described secure virtual machine; Be responsible for management and the storage expressly of key and data; It is a virtual machine of forbidding user capture, does not have external interface, and the module that comprises in this secure virtual machine has: key management module, encryption and decryption module, authentication module, message processing module and determination module; Its data interaction comprises the steps:
(1) user is through multi-network interface module IAD; User management module obtains the user through the multi-network interface module and belongs to network information Field, and user authentication information is sent to the authentication module of secure virtual machine, the authentication module identifying user identity authentication information of secure virtual machine through safe data channel; And will verify that the result sends to user management module through safe data channel; If user authentication information checking is correct, success identity user then is with user identity ID
U, user's instruction of belonging to network information Field and user sends to information management module, otherwise to user's denial of service;
(2) information management module is according to the update time of the control information configure user data demand in the user instruction, and according to sending more new demand to determination module the update time of configuration; Information management module storage user identity ID
UBelong to network information Field with the user; Data demand during information management module will instruct and user identity ID
USend to the determination module of secure virtual machine through safe data channel;
(3) whether determination module is according to having data demand or alarm requirement generation to require the encryption and decryption module to carry out the notice of data encryption; If do not require, then data temporary in the secure virtual machine are not carried out cryptographic operation, if requirement is arranged; Then produce the notice that requires the encryption and decryption module that the data that are temporarily stored in secure virtual machine are encrypted; Whether this moment is according to having more new demand to carry out the renewal of temporal data, if not more new demand is then sent the notice that produces and required related user identity ID
UTo the encryption and decryption module,, then Update Information through sensing node administration module notice sensing node if more new demand is arranged;
(4) after the encryption and decryption module is received the notice of determination module, according to the user identity ID that receives
UInquiring user communication key K in key management module
UT, and use K
UTData message temporary in the virtual machine is encrypted, sent the data ciphertext through safe data channel afterwards and give information management module;
(5) information management module belongs to network information Field and user identity ID with data ciphertext, user
USend to information issuing module, information issuing module is according to user's identity ID
UWith place network information Field, select to send network through the multi-network interface module, the data ciphertext is sent to the user;
(6) sensing node is received when Updating Information of step (3) requires perhaps to perceive incident; Insert the sensing node administration module through the multi-network interface module; The sensing node administration module sends to the authentication information of sensing node the authentication module of secure virtual machine through safe data channel; The authentication information of the authentication module checking sensing node of secure virtual machine, and will verify that the result sends to the sensing node administration module through safe data channel, if the checking of the authentication information of sensing node is correct; Then think authentication success, with data ciphertext and sensing node identity ID
NSend to the encryption and decryption module of secure virtual machine through safe data channel, otherwise refuse to accept the data of sensing node;
(7) the encryption and decryption module is received after the data ciphertext according to sensing node identity ID
NInquiry sensing node communication key K in key management module
NT, and use K
NTTo the data decrypt ciphertext, send data and expressly give message processing module;
Whether (8) message processing module expressly merges data, and the data processing after will merging is after being easy to standardized data format that the user uses, according to being that warning information is operated; If warning information is then kept in the data after handling, and alarm is required to send to determination module; Return step (3), if not warning information does not then send the alarm requirement; Data after temporary the processing are returned step (3).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010188081A CN101867530B (en) | 2010-05-31 | 2010-05-31 | Things-internet gateway system based on virtual machine and data interactive method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010188081A CN101867530B (en) | 2010-05-31 | 2010-05-31 | Things-internet gateway system based on virtual machine and data interactive method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101867530A CN101867530A (en) | 2010-10-20 |
CN101867530B true CN101867530B (en) | 2012-10-24 |
Family
ID=42959099
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201010188081A Expired - Fee Related CN101867530B (en) | 2010-05-31 | 2010-05-31 | Things-internet gateway system based on virtual machine and data interactive method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101867530B (en) |
Families Citing this family (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101984706A (en) * | 2010-11-04 | 2011-03-09 | 中国电信股份有限公司 | Gateway of Internet of things and automatic adaptation method of communication protocol |
CN102045896A (en) * | 2010-11-22 | 2011-05-04 | 中山爱科数字科技有限公司 | Virtual Internet-of-things gateway system capable of realizing multiprotocol and network self-adapting |
CN102571338B (en) * | 2010-12-23 | 2015-09-23 | 北京时代凌宇科技有限公司 | A kind of Internet of Things authentication method based on PKI technology and system |
CN102025577B (en) * | 2011-01-06 | 2012-07-04 | 西安电子科技大学 | Network system of Internet of things and data processing method thereof |
US8566899B2 (en) * | 2011-03-16 | 2013-10-22 | Symantec Corporation | Techniques for securing a checked-out virtual machine in a virtual desktop infrastructure |
CN102801658A (en) * | 2011-05-23 | 2012-11-28 | 镇江金钛软件有限公司 | Configurable access gateway for Internet of things |
CN102215180A (en) * | 2011-05-26 | 2011-10-12 | 苏州震旦科技有限公司 | Access gateway of internet of things |
CN102882676A (en) * | 2011-07-15 | 2013-01-16 | 深圳市汇川控制技术有限公司 | Method and system for equipment to safely access Internet of things |
CN102663278B (en) * | 2012-03-09 | 2016-09-28 | 浪潮通信信息系统有限公司 | Cloud computing mode platform of internet of things data process method for security protection |
CN103312682B (en) * | 2012-03-16 | 2016-12-14 | 中兴通讯股份有限公司 | The method and system that gateway security accesses |
CN103428627B (en) * | 2012-05-22 | 2016-12-14 | 中国移动通信集团江苏有限公司 | The transfer approach of data, Internet of things system and related device in Internet of things system |
CN102932459B (en) * | 2012-11-05 | 2016-02-10 | 广州杰赛科技股份有限公司 | A kind of method of controlling security of virtual machine |
CN102984258A (en) * | 2012-11-30 | 2013-03-20 | 易程科技股份有限公司 | Internet of things data transmission method and adapter |
CN103107994B (en) * | 2013-02-06 | 2017-02-08 | 中电长城网际系统应用有限公司 | Vitualization environment data security partition method and system |
CN103544089B (en) * | 2013-10-13 | 2016-05-25 | 西安电子科技大学 | Operating system recognition methods based on Xen |
CN103957242B (en) * | 2014-04-16 | 2017-06-20 | 北京大学工学院南京研究院 | A kind of things-internet gateway of IP virtualizations conversion |
US10805147B2 (en) | 2015-08-26 | 2020-10-13 | Tatung Company | Fail recovery method and internet of things system and charging system using the same |
SG11201901572PA (en) * | 2016-08-22 | 2019-03-28 | fybr | System for distributed intelligent remote sensing systems |
CN108123917B (en) * | 2016-11-29 | 2021-07-23 | 中国移动通信有限公司研究院 | Method and equipment for updating authentication voucher of terminal of Internet of things |
US10140147B2 (en) | 2017-02-16 | 2018-11-27 | Sanctum Solutions Inc. | Intelligently assisted IoT endpoint device |
US10382450B2 (en) | 2017-02-21 | 2019-08-13 | Sanctum Solutions Inc. | Network data obfuscation |
CN107026870A (en) * | 2017-05-03 | 2017-08-08 | 桂斌 | It is a kind of to encrypt the outdoor public Internet of Things access stack of dynamic group net safely |
CN107908940B (en) * | 2017-11-06 | 2020-05-19 | 深圳市文鼎创数据科技有限公司 | Fingerprint identification method and terminal equipment |
CN108696388A (en) * | 2018-04-19 | 2018-10-23 | 郑州科技学院 | A kind of hardware debugging management method based on Intelligent internet of things gateway |
CN110766886B (en) * | 2018-07-25 | 2023-01-10 | 新智数字科技有限公司 | Driving device, method for driving card reader to realize card service and self-service payment system |
CN113709139B (en) * | 2021-08-26 | 2023-03-24 | 江苏省未来网络创新研究院 | Openstack east-west forwarding performance optimization method and system based on NUMA architecture |
CN114244515B (en) * | 2022-02-25 | 2022-06-28 | 中瓴智行(成都)科技有限公司 | Hypervisor-based virtual machine communication method and device, readable storage medium and electronic equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1805441A (en) * | 2005-11-23 | 2006-07-19 | 西安电子科技大学 | Integrated WLAN authentication architecture and method of implementing structural layers |
WO2008012567A1 (en) * | 2006-07-28 | 2008-01-31 | Hewlett-Packard Development Company, L.P. | Secure use of user secrets on a computing platform |
CN101600198A (en) * | 2009-07-08 | 2009-12-09 | 西安电子科技大学 | Wireless sensor network security trust method based on identity |
EP2172862A1 (en) * | 2008-10-02 | 2010-04-07 | Broadcom Corporation | Secure virtual machine manager |
-
2010
- 2010-05-31 CN CN201010188081A patent/CN101867530B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1805441A (en) * | 2005-11-23 | 2006-07-19 | 西安电子科技大学 | Integrated WLAN authentication architecture and method of implementing structural layers |
WO2008012567A1 (en) * | 2006-07-28 | 2008-01-31 | Hewlett-Packard Development Company, L.P. | Secure use of user secrets on a computing platform |
EP2172862A1 (en) * | 2008-10-02 | 2010-04-07 | Broadcom Corporation | Secure virtual machine manager |
CN101600198A (en) * | 2009-07-08 | 2009-12-09 | 西安电子科技大学 | Wireless sensor network security trust method based on identity |
Non-Patent Citations (2)
Title |
---|
张志勇等.支持验证代理方的远程证明模型及其安全协议.《西安电子科技大学学报(自然科学版)》.2009,第36卷(第1期),第58-63页. * |
王结太等.无线传感器网络移动Agent的应用.《计算机工程》.2008,第34卷(第3期),第133-135页. * |
Also Published As
Publication number | Publication date |
---|---|
CN101867530A (en) | 2010-10-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101867530B (en) | Things-internet gateway system based on virtual machine and data interactive method | |
CN101119206B (en) | Identification based integrated network terminal united access control method | |
CN105307108B (en) | A kind of Internet of Things information exchange communication means and system | |
EP0998080B1 (en) | Method for securing over-the-air communication in a wireless system | |
CN101478753B (en) | Security management method and system for IMS network access by WAPI terminal | |
CN110267270B (en) | Identity authentication method for sensor terminal access edge gateway in transformer substation | |
CN102724175B (en) | The telecommunication safety management framework of ubiquitous green community net control and method | |
EP2590356A1 (en) | Method, device and system for authenticating gateway, node and server | |
CN108173822A (en) | Intelligent door lock management-control method, intelligent door lock and computer readable storage medium | |
CN102143487B (en) | Negotiation method and negotiation system for end-to-end session key | |
CN101222322B (en) | Safety ability negotiation method in super mobile broadband system | |
EP0663124A1 (en) | Method and apparatus for efficient real-time authentication and encryption in a communication system | |
KR20080104180A (en) | Sim based authentication | |
CN102547680A (en) | System of internet of things and safety management method for system of internet of things | |
CN101640887A (en) | Authentication method, communication device and communication system | |
CN101895882A (en) | Data transmission method, system and device in WiMAX system | |
CN105792194A (en) | Base station legality authentication method, device and system and network device | |
WO2014177938A2 (en) | Digital credential with embedded authentication instructions | |
CN103220174A (en) | Method of configuring a node, related node and configuration server | |
CN105007163A (en) | Pre-shared key (PSK) transmitting and acquiring methods and transmitting and acquiring devices | |
CN103220279A (en) | Safe data transmission method and system | |
CN108833113A (en) | A kind of authentication method and system of the enhancing communication security calculated based on mist | |
CN101877852B (en) | User access control method and system | |
CN103152326A (en) | Distributed authentication method and authentication system | |
CN101534236A (en) | Encryption method and device for relay station communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121024 Termination date: 20160531 |