CN111935109B - Secure communication module remote agent system, private protocol implementation method and device - Google Patents

Secure communication module remote agent system, private protocol implementation method and device Download PDF

Info

Publication number
CN111935109B
CN111935109B CN202010724695.3A CN202010724695A CN111935109B CN 111935109 B CN111935109 B CN 111935109B CN 202010724695 A CN202010724695 A CN 202010724695A CN 111935109 B CN111935109 B CN 111935109B
Authority
CN
China
Prior art keywords
module
upper computer
security
middleware
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010724695.3A
Other languages
Chinese (zh)
Other versions
CN111935109A (en
Inventor
姚红娥
李涛涛
杨廷
马骥
刘熙胖
王平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Jiean Information Technology Co Ltd
Original Assignee
Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Jiean Information Technology Co Ltd filed Critical Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority to CN202010724695.3A priority Critical patent/CN111935109B/en
Publication of CN111935109A publication Critical patent/CN111935109A/en
Application granted granted Critical
Publication of CN111935109B publication Critical patent/CN111935109B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/133Protocols for remote procedure calls [RPC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a secure communication module remote agent system, a private protocol implementation method and a device, wherein the system comprises: the system comprises an upper computer and a safety communication module, wherein the upper computer comprises an upper computer application, an upper computer safety middleware and an upper computer hardware interface; the safety communication module comprises a safety module, a module safety middleware and a module hardware interface; the upper computer and the safety communication module carry out serial port communication through an upper computer hardware interface and a module hardware interface; when the upper computer application executes the safety function, a data instruction is sent to the upper computer safety middleware, the upper computer safety middleware calls a read-write port of the safety communication module in a remote agent mode to transmit the safety parameters issued by the upper computer application to the module safety middleware, the safety parameters are processed by the module safety middleware-to-safety module and then returned to the upper computer safety middleware in a remote agent mode.

Description

Secure communication module remote agent system, private protocol implementation method and device
Technical Field
The invention relates to the field of data security, in particular to a secure communication module remote agent system, a private protocol implementation method and a device.
Background
In the fields of internet of things and industrial internet, with the network connection of mass devices, a wide range of security threats are faced in the data transmission process. Traditional thing networking device or industrial control equipment do not have security abilities such as encryption and decryption, if realize security ability, then need reform transform this type of equipment, realize encryption and decryption, authentication function through external security module and modes such as reform transform host computer program, consequently, cause equipment transformation cost and hardware cost to drop into higher, the technical degree of difficulty is higher, economic benefits is relatively poor.
Disclosure of Invention
In order to solve the above problems, it is necessary to provide a secure communication module remote agent system, a private protocol implementation method and a device, in which a secure middleware is embedded in an upper computer, a mechanism of remote agent is implemented by using multiple protocols, and the secure module communicates with a secure module of a secure communication module and provides a secure function, so as to reduce the technical difficulty of upgrading and transforming the traditional internet of things equipment or industrial control equipment, save raw materials and reduce cost.
In a first aspect, the present invention provides a secure communication module remote agent system, including: the safety communication module comprises a safety module, a module safety middleware and a module hardware interface, and the upper computer and the safety communication module are in serial port communication through the upper computer hardware interface and the module hardware interface; when the upper computer application executes the safety function, the data instruction is sent to the upper computer safety middleware, the upper computer safety middleware calls a read-write port of the safety communication module in a remote agent mode to transmit the safety parameters issued by the upper computer application to the module safety middleware, and the safety parameters are processed by the module safety middleware-to-safety module and then returned to the upper computer safety middleware in a remote agent mode.
Furthermore, the upper computer security middleware is provided with an APDU (advanced peripheral data Unit) state encryption parameter data transmission mode conforming to an ISO7816 transmission protocol, and when the APDU state encryption parameter data transmission mode conforming to the ISO7816 transmission protocol is adopted, an APDU instruction is packaged into an AT (automatic terminal) command, and then a specific serial port protocol is selected to transmit the data to an upper computer hardware interface.
Furthermore, the upper computer security middleware is also provided with a private protocol data transmission mode; when the upper computer application executes the safety function through the private protocol:
the upper computer security middleware receives a data instruction sent by an upper computer application, responds to and analyzes the data instruction, and starts remote agent com port reading operation;
the upper computer security middleware processes data in a private protocol specified mode and then transmits security parameters to be analyzed to an upper computer hardware interface through a private protocol serial port; the security parameters to be analyzed comprise data contents to be encrypted or decrypted by the upper computer;
the upper computer hardware interface transmits the security parameters to be analyzed to the module hardware interface; the module hardware interface receives the security parameters to be analyzed, and after the security parameters to be analyzed are transmitted to the com interface reading operation of the security communication module, the module protocol analysis module analyzes the security parameters to be analyzed in a remote proxy mode and then sends the security parameters to the module security middleware;
the module security middleware converts the analyzed data content into a security module for processing, and the security module encrypts or decrypts the analyzed data content and returns the data content to the module security middleware;
the module safety middleware packages and packs the encrypted or decrypted data and then transmits the data to a com port writing operation of the safety communication module, and transmits the packaged data to an upper computer hardware interface through a module hardware interface;
after the upper computer hardware interface transmits the received data to the upper computer com interface for writing operation, the upper computer protocol analysis module performs basic interface data packaging on the received data and returns the data to the upper computer security middleware;
and the upper computer security middleware returns the encrypted or decrypted data to the upper computer for application.
Further, when a private protocol is adopted to realize remote proxy, the upper computer security middleware and the module security middleware adopt an epoll asynchronous monitoring mode to acquire communication messages in real time.
Further, the communication message content comprises a protocol version, a message type, a message ID, a payload length and a payload content.
Furthermore, the upper computer security middleware calls a read-write port of the security communication module in a remote proxy mode, wherein the port comprises read, write and lseek.
Furthermore, the message sent to the module security middleware by the upper computer security middleware does not need to transmit a handle, the load lengths of the read and write messages are the load lengths of the header message, and the content of the lseek message is offset information.
Further, the module security middleware returns read, write and lseek messages of the upper computer security middleware as actual values for calling the security module.
Furthermore, the upper computer application can also directly send an AT command to the safety communication module, the safety communication module processes the AT command in a remote proxy mode and then transfers the AT command to the module safety middleware, and the module safety middleware calls the safety module to execute a safety function and then returns the AT command to the upper computer.
Further, the safety communication module is a 4G module or an NB-IOT module.
In a second aspect, the present invention provides a private protocol implementation method, applied to any one of the above secure communication module remote proxy systems, including the following steps:
the upper computer security middleware is also provided with a private protocol data transmission mode; when the upper computer application executes the safety function through the private protocol:
the upper computer security middleware receives a data instruction sent by an upper computer application, responds to and analyzes the data instruction, and starts remote agent com port reading operation;
the upper computer security middleware processes data in a private protocol specified mode and then transmits security parameters to be analyzed to an upper computer hardware interface through a private protocol serial port; the security parameters to be analyzed comprise data contents to be encrypted or decrypted by the upper computer;
the upper computer hardware interface transmits the security parameters to be analyzed to the module hardware interface; the module hardware interface receives the security parameters to be analyzed, and after the security parameters to be analyzed are transmitted to the com interface reading operation of the security communication module, the module protocol analysis module analyzes the security parameters to be analyzed in a remote proxy mode and then sends the security parameters to the module security middleware;
the module security middleware converts the analyzed data content into a security module for processing, and the security module encrypts or decrypts the analyzed data content and returns the data content to the module security middleware;
the module safety middleware packages and packs the encrypted or decrypted data and then transmits the data to a com port writing operation of the safety communication module, and transmits the packaged data to an upper computer hardware interface through a module hardware interface;
after the upper computer hardware interface transmits the received data to the upper computer com interface for writing operation, the upper computer protocol analysis module performs basic interface data packaging on the received data and returns the data to the upper computer security middleware;
and the upper computer security middleware returns the encrypted or decrypted data to the upper computer for application.
In a third aspect, the present invention provides a device, which is applied to any one of the above described secure communication module remote agent systems, wherein the device is an upper computer; the upper computer comprises an upper computer application, an upper computer security middleware, an upper computer protocol analysis module and an upper computer hardware interface, and executes the functions of the upper computer in any one of the secure communication module remote agent systems.
In a fourth aspect, the present invention further provides a device, which is applied to any one of the secure communication module remote agent systems described above, where the device is a secure communication module, where the secure communication module includes a secure module, a module security middleware, a module protocol parsing module, and a module hardware interface, and executes the functions of the secure communication module in any one of the secure communication module remote agent systems described above.
The invention has the beneficial effects that:
(1) according to the invention, the read-write port of the safety communication module is called by the upper computer safety middleware in a remote proxy mode to transmit safety parameters to the module safety middleware, and the safety parameters are returned to the upper computer safety middleware in a remote proxy mode after being processed by the module safety middleware to the safety module, so that the problems of high cost and difficulty in configuration caused by the need of externally hanging the safety module and modifying an upper computer program of a traditional device upper computer are solved, the hardware resource investment and the technical investment are saved, and certain economic benefit and social benefit are achieved;
(2) the invention realizes agent encryption and decryption by various modes such as AT command, private protocol and the like, and meets the adaptability of different manufacturers and different devices when configuring the safety function;
(3) the upper computer intermediate safety piece is only responsible for transmitting messages, does not bear the actual read-write function, and does not need to modify the program code of the upper computer (equipment to be upgraded) except for being embedded into the upper computer intermediate safety piece, thereby further reducing the technical difficulty of upgrading and transforming the upper computer;
(4) the data instruction applied by the upper computer is transmitted to the safety communication module by adopting an APDU (advanced peripheral Unit) state secret parameter or a private protocol, so that the safety and reliability of serial port communication between the upper computer and the safety communication module are enhanced on the premise of reducing the reconstruction cost, and the data is prevented from being leaked or illegally tampered.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 illustrates a first aspect system architecture diagram;
FIG. 2 is a schematic diagram illustrating a first aspect of a computer security middleware implementing a remote agent;
FIG. 3 is a schematic diagram illustrating another manner in which a host computer implements a remote agent according to the first aspect;
FIG. 4 illustrates a schematic diagram of a first aspect private protocol implementing a remote proxy;
FIG. 5 shows a schematic diagram of a second aspect private protocol implementation;
FIG. 6 shows a block diagram of an apparatus of the third aspect;
fig. 7 shows a block diagram of an apparatus of the fourth aspect.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
APDU (application protocol data unit), and pdu (protocol data unit) refers to a data unit transferred between peer layers.
In a first aspect, the present invention provides a secure communication module remote agent system, as shown in fig. 1, the system includes: the safety communication module comprises a safety module, a module safety middleware and a module hardware interface, and the upper computer and the safety communication module are in serial port communication through the upper computer hardware interface and the module hardware interface; when the upper computer application executes the safety function, the data instruction is sent to the upper computer safety middleware, the upper computer safety middleware calls a read-write port of the safety communication module in a remote agent mode to transmit the safety parameters issued by the upper computer application to the module safety middleware, and the safety parameters are processed by the module safety middleware-to-safety module and then returned to the upper computer safety middleware in a remote agent mode. The security parameters comprise data contents to be encrypted or decrypted and corresponding protocol parameters applied by the upper computer.
It should be noted that the security middleware is a separate system software or service, and the distributed application software shares resources among different technologies by using the software. Connected systems, even if they have different interfaces, can still exchange information with each other via the security middleware. The remote agent is realized through the security middleware, the upper computer security middleware represents a certain real object (module security middleware), and the agent (the upper computer security middleware) is communicated with a remote real object (module security middleware) by utilizing a network behind the agent. The upper computer security middleware is supposed to be a real object, but all actions are that the module security middleware (proxy object) of the security communication module communicates with the real security module by using a network and returns a processing result to the upper computer through hardware interfaces at two sides.
Further, as shown in fig. 2, the upper computer security middleware includes two data transmission modes, one data transmission mode is: the APDU national encryption parameter which accords with the ISO7816 transmission protocol is adopted to transmit data, and the other data transmission mode is as follows: adopting a private protocol to transmit data; when APDU cryptographic parameters conforming to ISO7816 transmission protocol are used for transmitting data, APDU commands are packaged into AT commands, and then specific serial protocol is selected to transmit data to the hardware interface of the upper computer; when the private protocol is adopted to transmit data, the data is processed in a private protocol specified mode and then transmitted to an upper computer hardware interface through a private protocol serial port.
It should be noted that the APDU national secret parameter conforming to the ISO7816 transmission protocol is used to transmit data, and the data can be adapted to a security module or a security chip supporting the national secret, generally, the security module supports SM2, SM3, SM4, SM9 national standard cryptographic algorithm and international algorithms such as AES, DES, 3DES, SHA series, RSA and the like, and has a file and a secret key security storage area inside, and an application interface conforms to ISO/IEC 7816-4 and SPI specifications. Meanwhile, a private protocol can be integrated in the security middleware at the two sides, and data transmission is carried out according to the provision of the private protocol.
It can be understood that if the user has a high requirement on the data security level, the data is transmitted through the APDU cryptographic parameter conforming to the ISO7816 transmission protocol; if the user generally requires the data security level, the private protocol is adopted to transmit data, and even if the private protocol is adopted to transmit data, because the private protocol is not public, the serial port communication between the upper computer and the secure communication module is still safe and reliable.
Further, as shown in fig. 3, the upper computer security middleware is provided with a private protocol data transmission mode; when the upper computer application executes the safety function through the private protocol:
the upper computer security middleware receives a data instruction sent by an upper computer application, responds to and analyzes the data instruction, and starts remote agent com port reading operation;
the upper computer security middleware processes data in a private protocol specified mode and then transmits security parameters to be analyzed to an upper computer hardware interface through a private protocol serial port; the security parameters to be analyzed comprise data contents to be encrypted or decrypted by the upper computer;
the upper computer hardware interface transmits the security parameters to be analyzed to the module hardware interface; the module hardware interface receives the security parameters to be analyzed, and after the security parameters to be analyzed are transmitted to the com interface reading operation of the security communication module, the module protocol analysis module analyzes the security parameters to be analyzed in a remote proxy mode and then sends the security parameters to the module security middleware;
the module security middleware converts the analyzed data content into a security module for processing, and the security module encrypts or decrypts the analyzed data content and returns the data content to the module security middleware;
the module safety middleware packages and packs the encrypted or decrypted data and then transmits the data to a com port writing operation of the safety communication module, and transmits the packaged data to an upper computer hardware interface through a module hardware interface;
after the upper computer hardware interface transmits the received data to the upper computer com interface for writing operation, the upper computer protocol analysis module performs basic interface data packaging on the received data and returns the data to the upper computer security middleware;
and the upper computer security middleware returns the encrypted or decrypted data to the upper computer for application.
It should be noted that, after the upper computer security middleware responds and analyzes the data instruction, a remote agent com port reading operation instruction is generated, the remote agent com port reading operation instruction is transmitted to the security communication module through the upper computer hardware interface, the serial port line and the module hardware interface, and after the security communication module receives the remote agent com port reading operation instruction, the remote agent com port reading operation is started.
It should be noted that the hardware interface of the upper computer also transmits configuration parameters (such as port numbers) and other parameters conforming to the international standard to the hardware interface of the module, so that the communication between the upper computer and the secure communication module is smooth.
Further, when a private protocol is adopted to realize remote proxy, the upper computer security middleware and the module security middleware adopt an epoll asynchronous monitoring mode to acquire communication messages in real time.
It should be noted that the invention does not limit what way to use for asynchronous monitoring, and select, poll, epoll are all selectable ways, and because epoll is driven by an event, stability and performance are better; preferably, the embodiment uses an epoll mode to monitor the message sent by the reading partner.
Further, the communication message content comprises a protocol version, a message type, a message ID, a payload length and a payload content. Taking the format of the message sent from the host to the security module as an example, the following details are as follows:
struct {
uint8 version;
uint8 type;
uint32 id;
uint32 length;
select (type) {
case 0x00: msg_write;
case 0x01: msg_read;
case 0x02: msg_lseed;
} content;
}
wherein, version is protocol version, and when the message format is changed, the protocol version number can be increased; type is a message type, including read, write, lseek, mentioned above; the ID of the message is specified by the sender, and if the message needs to be replied, the ID of the replied message is consistent with that in the request message; length is the length of the load, which refers to the length of the content, and is the byte order of the host; content is payload content, and the specific format depends on type. The message format sent to the upper computer by the security module side is the same, and is not described any more.
It should be noted that, the data format of the communication message is agreed between the upper computer and the safety communication module, so as to ensure the stability and safety of communication between the two parties; and the sender designates the message ID, and if the message ID corresponding to the reply processing result is inconsistent with the message ID designated by the sender, the data is discarded, so that illegal data is prevented from being imported into the upper computer.
Further, messages sent to the module security middleware by the upper computer security middleware do not need to be transmitted with handles; the load length of read and write messages is the load length of the head message, and the content of lseek message is offset information. Namely, the upper computer intermediate safety piece is only responsible for transmitting messages, does not undertake the actual read-write function, and does not need to modify the program codes of the upper computer (equipment to be upgraded) except embedding the upper computer intermediate safety piece, thereby further reducing the technical difficulty of upgrading and transforming the upper computer.
Among them, a Handle (Handle) is an identifier for identifying an object or an item, and may be used to describe a form, a file, or the like.
Furthermore, the upper computer security middleware calls a read-write port of the security communication module in a remote proxy mode, wherein the port comprises read, write and lseek. Where read is the read port, write is the write port, and lseek is the addressing-based content port.
Further, the module security middleware returns read, write and lseek messages of the upper computer security middleware as actual values for calling the security module. Namely, the upper computer security middleware processes the message content through the remote agent delivery module security middleware, and returns the message content to the module security middleware after the actual processing is finished by the security module.
Further, as shown in fig. 4, in addition to the security middleware, the upper computer application may also directly send an AT command to the security communication module, the security communication module processes the AT command in a remote proxy manner and then transfers the AT command to the security middleware, and the security middleware calls the security module to execute a security function and then returns the AT command to the upper computer.
It should be noted that, specifically, the remote agent calls the security module by using the upper computer security middleware or the AT command, which is determined according to different service scenarios, different security communication modules communicating with the security module may support different modes, and the security communication module may not support both modes AT the same time in general.
Further, the safety communication module is a 4G module or an NB-IOT module. It should be noted that, when the upper computer application needs to transmit data to other devices through a network, the security module of the secure communication module encrypts the data and transmits the encrypted data through the 4G module or the NB-IOT module; the safety communication module can also receive encrypted data of other equipment through the 4G module or the NB-IOT module, and transmits the encrypted data to the upper computer after decryption processing; and the communication safety and reliability between the upper computer and other equipment are ensured. When the upper computer application does not need to transmit data to other equipment through a network, the data are encrypted and decrypted by the safety module of the safety communication module and then transmitted back to the upper computer.
In a second aspect, the present invention provides a private protocol implementation method, which is applied to any one of the secure communication module remote proxy systems described above, as shown in fig. 5, where the method includes:
the upper computer security middleware is also provided with a private protocol data transmission mode; when the upper computer application executes the safety function through the private protocol:
the upper computer security middleware receives a data instruction sent by an upper computer application, responds to and analyzes the data instruction, and starts remote agent com port reading operation;
the upper computer security middleware processes data in a private protocol specified mode and then transmits security parameters to be analyzed to an upper computer hardware interface through a private protocol serial port; the security parameters to be analyzed comprise data contents to be encrypted or decrypted by the upper computer;
the upper computer hardware interface transmits the security parameters to be analyzed to the module hardware interface; the module hardware interface receives the security parameters to be analyzed, and after the security parameters to be analyzed are transmitted to the com interface reading operation of the security communication module, the module protocol analysis module analyzes the security parameters to be analyzed in a remote proxy mode and then sends the security parameters to the module security middleware;
the module security middleware converts the analyzed data content into a security module for processing, and the security module encrypts or decrypts the analyzed data content and returns the data content to the module security middleware;
the module safety middleware packages and packs the encrypted or decrypted data and then transmits the data to a com port writing operation of the safety communication module, and transmits the packaged data to an upper computer hardware interface through a module hardware interface;
after the upper computer hardware interface transmits the received data to the upper computer com interface for writing operation, the upper computer protocol analysis module performs basic interface data packaging on the received data and returns the data to the upper computer security middleware;
and the upper computer security middleware returns the encrypted or decrypted data to the upper computer for application.
It should be noted that, after the upper computer protocol analysis module performs basic interface data encapsulation on the received data, it means that the encapsulated and encapsulated data returned by the secure communication module is processed into a data packet (the content of the data packet is unchanged) recognizable by the upper computer security middleware, so that the upper computer security middleware can monitor the processing result and inform the upper computer of application.
In a third aspect, as shown in fig. 6, the present invention provides a device, which is applied to any one of the above described secure communication module remote agent systems, where the device is an upper computer, where the upper computer includes an upper computer application, an upper computer security middleware, an upper computer protocol parsing module, and an upper computer hardware interface, and executes the functions of the upper computer in any one of the above described secure communication module remote agent systems.
In a fourth aspect, as shown in fig. 7, the present invention further provides a device, which is applied to any one of the secure communication module remote agent systems described above, where the device is a secure communication module, where the secure communication module includes a secure module, a module security middleware, a module protocol parsing module, and a module hardware interface, and executes the function of the secure communication module in any one of the secure communication module remote agent systems described above.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (13)

1. A secure communications module remote proxy system, comprising: the safety communication module comprises a safety module, a module safety middleware and a module hardware interface, and the upper computer and the safety communication module are in serial port communication through the upper computer hardware interface and the module hardware interface; when the upper computer application executes the safety function, the data instruction is sent to the upper computer safety middleware, the upper computer safety middleware calls a read-write port of the safety communication module in a remote agent mode to transmit the safety parameters issued by the upper computer application to the module safety middleware, and the safety parameters are processed by the module safety middleware-to-safety module and then returned to the upper computer safety middleware in a remote agent mode.
2. The remote proxy system of a secure communication module as claimed in claim 1, wherein the upper computer security middleware is provided with an APDU cryptographic parameter data transmission mode conforming to ISO7816 transmission protocol, and when the APDU cryptographic parameter data transmission mode conforming to ISO7816 transmission protocol is adopted, the APDU command is encapsulated into an AT command, and then a specific serial protocol is selected to transmit the data to the upper computer hardware interface.
3. The secure communication module remote agent system of claim 1, wherein the upper computer security middleware further provides a private protocol data transfer mode; when the upper computer application executes the safety function through the private protocol:
the upper computer security middleware receives a data instruction sent by an upper computer application, responds to and analyzes the data instruction, and starts remote agent com port reading operation;
the upper computer security middleware processes data in a private protocol specified mode and then transmits security parameters to be analyzed to an upper computer hardware interface through a private protocol serial port; the security parameters to be analyzed comprise data contents to be encrypted or decrypted by the upper computer;
the upper computer hardware interface transmits the security parameters to be analyzed to the module hardware interface; the module hardware interface receives the security parameters to be analyzed, and after the security parameters to be analyzed are transmitted to the com interface reading operation of the security communication module, the module protocol analysis module analyzes the security parameters to be analyzed in a remote proxy mode and then sends the security parameters to the module security middleware;
the module security middleware converts the analyzed data content into a security module for processing, and the security module encrypts or decrypts the analyzed data content and returns the data content to the module security middleware;
the module safety middleware packages and packs the encrypted or decrypted data and then transmits the data to a com port writing operation of the safety communication module, and transmits the packaged data to an upper computer hardware interface through a module hardware interface;
after the upper computer hardware interface transmits the received data to the upper computer com interface for writing operation, the upper computer protocol analysis module performs basic interface data packaging on the received data and returns the data to the upper computer security middleware;
and the upper computer security middleware returns the encrypted or decrypted data to the upper computer for application.
4. The remote proxy system for the secure communication module as claimed in claim 3, wherein when the remote proxy is implemented by using a private protocol, the upper computer security middleware and the module security middleware use epoll asynchronous monitoring to obtain the communication message immediately.
5. The secure communications module remote proxy system of claim 4, wherein the content of the communication message includes a protocol version, a message type, a message ID, a payload length, and a payload content.
6. The remote proxy system for a secure communication module of claim 1, wherein the upper computer security middleware calls read/write ports of the secure communication module by means of remote proxy, and the ports comprise read, write and lseek.
7. The remote proxy system of claim 6, wherein the message sent by the upper computer security middleware to the module security middleware does not need to transfer a handle, the load lengths of the read and write messages are the load lengths of the header messages, and the lseek message content is the offset information.
8. The secure communications module remote proxy system of claim 6, wherein the read, write, lseek message returned by the module security middleware to the upper computer security middleware is the actual value of the invoking security module.
9. The remote agent system of claim 1, wherein the upper computer application further sends an AT command directly to the secure communication module, the secure communication module processes the AT command in a remote agent manner and then transfers to the module security middleware, and the module security middleware calls the security module to perform the security function and then returns to the upper computer.
10. The remote agent system of any of claims 1 to 9, wherein the secure communication module is a 4G module or an NB-IOT module.
11. A method for implementing a private protocol, comprising the steps of:
when the upper computer application executes the safety function through the private protocol:
the upper computer security middleware receives a data instruction sent by an upper computer application, responds to and analyzes the data instruction, and starts remote agent com port reading operation;
the upper computer security middleware processes data in a private protocol specified mode and then transmits security parameters to be analyzed to an upper computer hardware interface through a private protocol serial port; the security parameters to be analyzed comprise data contents to be encrypted or decrypted by the upper computer;
the upper computer hardware interface transmits the security parameters to be analyzed to the module hardware interface; the module hardware interface receives the security parameters to be analyzed, and after the security parameters to be analyzed are transmitted to the com interface reading operation of the security communication module, the module protocol analysis module analyzes the security parameters to be analyzed in a remote proxy mode and then sends the security parameters to the module security middleware;
the module security middleware converts the analyzed data content into a security module for processing, and the security module encrypts or decrypts the analyzed data content and returns the data content to the module security middleware;
the module safety middleware packages and packs the encrypted or decrypted data and then transmits the data to a com port writing operation of the safety communication module, and transmits the packaged data to an upper computer hardware interface through a module hardware interface;
after the upper computer hardware interface transmits the received data to the upper computer com interface for writing operation, the upper computer protocol analysis module performs basic interface data packaging on the received data and returns the data to the upper computer security middleware;
and the upper computer security middleware returns the encrypted or decrypted data to the upper computer for application.
12. A device, characterized in that the device is an upper computer; the upper computer comprises an upper computer application, an upper computer security middleware, an upper computer protocol analysis module and an upper computer hardware interface, and executes the functions of the upper computer in the secure communication module remote agent system according to any one of claims 1 to 10.
13. An apparatus, characterized in that the apparatus is a secure communication module, wherein the secure communication module comprises a security module, a module security middleware, a module protocol parsing module and a module hardware interface, and performs the function of the secure communication module in the secure communication module remote agent system according to any one of claims 1 to 10.
CN202010724695.3A 2020-07-24 2020-07-24 Secure communication module remote agent system, private protocol implementation method and device Active CN111935109B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010724695.3A CN111935109B (en) 2020-07-24 2020-07-24 Secure communication module remote agent system, private protocol implementation method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010724695.3A CN111935109B (en) 2020-07-24 2020-07-24 Secure communication module remote agent system, private protocol implementation method and device

Publications (2)

Publication Number Publication Date
CN111935109A CN111935109A (en) 2020-11-13
CN111935109B true CN111935109B (en) 2022-02-11

Family

ID=73314570

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010724695.3A Active CN111935109B (en) 2020-07-24 2020-07-24 Secure communication module remote agent system, private protocol implementation method and device

Country Status (1)

Country Link
CN (1) CN111935109B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113726728B (en) * 2021-07-13 2023-10-17 上海数慧系统技术有限公司 Safety protection system and application system transformation processing method and device
CN114416076A (en) * 2022-01-30 2022-04-29 重庆长安汽车股份有限公司 Service-based vehicle thermal management software architecture
CN117560151B (en) * 2024-01-09 2024-03-19 北京电子科技学院 Double-core password engineering experiment system and experiment method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104698978A (en) * 2015-03-17 2015-06-10 华中科技大学 Numerical control system remote monitoring and debugging method based on virtualization technology
CN105610582A (en) * 2015-12-28 2016-05-25 天津市通卡公用网络系统有限公司 Encrypted communication method for single chip microcomputer and remote server
CN110958224A (en) * 2019-11-05 2020-04-03 郑州信大捷安信息技术股份有限公司 Remote serial port debugging system and method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180359639A1 (en) * 2017-06-12 2018-12-13 Francesco Trama Methods and Systems for Protecting Computer Networks by Masking Ports

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104698978A (en) * 2015-03-17 2015-06-10 华中科技大学 Numerical control system remote monitoring and debugging method based on virtualization technology
CN105610582A (en) * 2015-12-28 2016-05-25 天津市通卡公用网络系统有限公司 Encrypted communication method for single chip microcomputer and remote server
CN110958224A (en) * 2019-11-05 2020-04-03 郑州信大捷安信息技术股份有限公司 Remote serial port debugging system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
工业设备的网络远程测控系统研究;李长彬;《微计算机信息》;20101231;全文 *

Also Published As

Publication number Publication date
CN111935109A (en) 2020-11-13

Similar Documents

Publication Publication Date Title
CN111935109B (en) Secure communication module remote agent system, private protocol implementation method and device
KR101547696B1 (en) Method and system for secure communication in near field communication network
US8892891B1 (en) Method and system for establishing a communications pipe between a personal security device and a remote computer system
CN107689868B (en) Communication method and device for client application and trusted application and terminal
CN113765713A (en) Data interaction method based on Internet of things equipment acquisition
CN111756627A (en) Cloud platform security access gateway of electric power monitored control system
CN100566337C (en) Strengthen the method for wireless LAN safety
CN110620762A (en) RDMA (remote direct memory Access) -based data transmission method, network card, server and medium
CN101540675B (en) Smart key equipment and communication method and system of application software
CN113904766A (en) Encrypted communication method, device, equipment and medium
CN102082669A (en) Security certification method and device
CN114499990A (en) Vehicle control method, device, equipment and storage medium
EP2077517A1 (en) Delegation of access conditions between portable tokens
CN105678542B (en) payment service interaction method, payment terminal and payment cloud terminal
CN112437087A (en) Encryption and decryption method and system for gas meter with safety chip and gas meter system
CN109088733B (en) Method and device for realizing application expansion of smart card
CN111818517B (en) Multi-channel secure communication module, communication system and method
EP3908950B1 (en) Near field communication forum data exchange format (ndef) messages with authenticated encryption
Urien et al. A new cooperative architecture for sharing services managed by secure elements controlled by android phones with IP objects
CN112333656B (en) Gas meter data transmission method and gas meter
CN114553498B (en) Line protection method and system suitable for chip
CN102307100A (en) Data processing device and data processing method thereof
CN113726720B (en) Internet of things equipment communication method, equipment, server and communication system
EP2711903A1 (en) Method to securely manage and confirm a transaction
CN110557755A (en) method, system and device for realizing information processing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant