CN113766019B - Internet of things system based on cloud and edge computing combination - Google Patents
Internet of things system based on cloud and edge computing combination Download PDFInfo
- Publication number
- CN113766019B CN113766019B CN202111021393.0A CN202111021393A CN113766019B CN 113766019 B CN113766019 B CN 113766019B CN 202111021393 A CN202111021393 A CN 202111021393A CN 113766019 B CN113766019 B CN 113766019B
- Authority
- CN
- China
- Prior art keywords
- tunnel
- data
- service
- control center
- centralized control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000000875 corresponding effect Effects 0.000 claims description 31
- 238000013507 mapping Methods 0.000 claims description 17
- 238000007726 management method Methods 0.000 claims description 16
- 238000012423 maintenance Methods 0.000 claims description 14
- 238000004891 communication Methods 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 7
- 230000002159 abnormal effect Effects 0.000 claims description 6
- 230000000977 initiatory effect Effects 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000013500 data storage Methods 0.000 claims description 4
- 230000007246 mechanism Effects 0.000 claims description 3
- 238000004364 calculation method Methods 0.000 claims description 2
- 238000000034 method Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/088—Access security using filters or firewalls
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an Internet of things system combining cloud and edge computing, which comprises a centralized control center of the cloud, edge service nodes of the edges, internet of things equipment of the edges and a user side, wherein the centralized control center is connected with the user side and the edge service nodes through the Internet, so that all terminal Internet of things equipment deployed on the Internet can be centralized and controlled, the edge service nodes can be connected, managed and used for simultaneously connecting and serving a plurality of Internet of things equipment, the edge service nodes actively establish links to the centralized control center and tunnel through the centralized control center, register to the centralized system, and enable external access of the user side to be transmitted to the edge service nodes through tunnel agents and access route services in the centralized control center, and the edge service nodes report data to the centralized control center. The invention has high reliability and high safety.
Description
Technical Field
The invention relates to the technology of the Internet of things, in particular to an Internet of things system based on the combination of cloud and edge computing.
Background
The internet of things (Internet of Things, IOT for short) refers to the intelligent sensing, identification and management of objects and processes by collecting any object or process needing to be monitored, connected and interacted in real time through various devices and technologies such as various information sensors, radio frequency identification technologies, global positioning systems, infrared sensors, laser scanners and the like, collecting various needed information, and realizing the connection of the objects and people through network access. The internet of things is an information carrier based on the internet, a traditional telecommunication network and the like, and enables all common physical objects which can be independently addressed to form an interconnection network.
Cloud computing (clouding) is one type of distributed computing, which refers to decomposing a huge data computing process program into numerous small programs through a network "cloud", and then processing and analyzing the small programs through a system composed of multiple servers to obtain results and returning the results to users. By this technique, processing of tens of thousands of data can be completed in a short time, thereby achieving a powerful network service.
The internet of things data is huge, in order to realize management of the internet of things system, the internet of things and cloud computing are combined, data processing efficiency is high, and the characteristics of virtualization, multiple users and high reliability of the cloud computing can be fully exerted. However, in the existing internet of things system, the internet of things equipment is directly connected with the cloud server through the internet, when the network bandwidth is limited or connection is unreliable, data loss is easy to occur, the reliability is insufficient, and the internet of things equipment is exposed on the internet, so that the safety is still to be improved.
Disclosure of Invention
The invention aims to: aiming at the problems in the prior art, the invention provides the cloud end and edge computing combined Internet of things system with higher reliability and higher safety.
The technical scheme is as follows: the internet of things system combining cloud and edge calculation comprises a centralized control center of the cloud, edge service nodes of the edge, internet of things equipment of the edge and a user side; wherein:
the internet of things equipment is connected with the nearby edge service nodes, and is used for collecting object data, uploading the collected data to the edge service nodes and executing corresponding actions after receiving control instructions of the edge service nodes;
The edge service node is connected with the central control node through the Internet, and is used for establishing a tunnel agent with the central control center, forwarding collected data to the central control center in a non-real-time batch mode in a tunnel mode, executing corresponding actions or forwarding the corresponding actions to corresponding Internet of things equipment when a control instruction issued by the central control center is intercepted, and setting a local service state to independently finish the service management of the Internet of things equipment after the tunnel connection with the central control center is disconnected;
The centralized control center is used for mapping the service of the edge service node into virtual local service through a tunnel proxy mode, receiving and storing data uploaded by the edge service node according to the virtual local service mode, providing data support according to a data access request sent by a user side, and sending a control instruction to the corresponding edge service node according to an Internet of things equipment control request sent by the user side;
The user terminal is connected with the centralized control center through the Internet and is used for sending a data access request or a control request of the Internet of things equipment to the centralized control center.
Further, the edge service node is provided with a firewall, and the edge service node is connected to the internet through the firewall.
Further, the user terminal comprises a browser and a mobile terminal.
Further, the centralized control center specifically includes:
The tunnel proxy service module is used for carrying out identity authentication on the edge service node after the edge service node initiates a tunnel establishment request, keeping the tunnel to the edge service node always connected after the identity authentication is passed, adopting the established tunnel to carry out communication at the follow-up, registering the routing information of the edge service node, and mapping each service of the edge service node into virtual local service so that the edge node service is visible to the centralized control center;
The Web service routing module is used for routing the access request to the Web service module of the centralized control center when the browser user side sends the historical data access request according to the condition of the registration of the edge service node, and routing the access request to the Web service module of the corresponding edge service node when the browser user side sends the real-time data access request;
The Web service module is used for reading the history data of the request from the central database and returning the history data when receiving the history data access request sent by the Web service routing module or the history data access request sent by the mobile terminal user terminal;
The central database is used for storing the data of the centralized control center, the configuration information of all the edge service nodes and the uploaded historical data;
The data service module is used for generating equipment control instructions to be stored in the message queue when receiving an equipment control request of the Internet of things sent by the mobile terminal user terminal, generating data acquisition control instructions to be stored in the message queue when receiving a real-time data access request sent by the mobile terminal user terminal, and providing the data acquisition control instructions to the mobile terminal user terminal and storing the data acquisition control instructions in the central database when receiving acquisition data returned by the message queue;
And the message queue is used for storing and issuing the control instruction sent by the data service module and storing the acquired data uploaded by the edge service node.
Further, the edge service node specifically includes:
The tunnel maintenance service module is used for initiating a tunnel establishment request to the centralized control center at regular time, carrying out identity authentication to the centralized control center through certificate information agreed in advance, sending heartbeat packets at regular time to carry out tunnel maintenance after the identity authentication passes and the tunnel establishment is completed, adopting the established tunnels for communication at the follow-up, and setting a local service state to independently finish the service management of the Internet of things equipment after the tunnel connection with the centralized control center is disconnected;
the Web service module is used for reading the requested data from the data memory and returning the requested data to the centralized control center when receiving the real-time data access request of the centralized control center;
the data storage is used for storing the local configuration information and real-time data uploaded by the Internet of things equipment;
The data service module is used for receiving the data acquisition control instruction issued by the centralized control center through the data downlink service module, reading corresponding data from the data memory, sending the corresponding data to the centralized control center through the data uplink service module, and forwarding the equipment control instruction to the corresponding Internet of things equipment when receiving the equipment control instruction through the data downlink service module;
the data uplink service module is used for sending the acquired data sent by the data service module to a message queue of the centralized control center;
The data downlink service module is used for intercepting a message queue of the centralized control center, and forwarding the message queue to the data service module when intercepting a data acquisition control instruction or a device control instruction aiming at the edge service node.
Further, the tunnel maintenance service module specifically includes:
a tunnel establishment request unit for initiating a tunnel establishment request to the centralized control center at regular time;
the control tunnel establishment unit is used for establishing a control tunnel with the centralized control center after the centralized control center agrees to the tunnel establishment request;
a temporary key negotiation unit for negotiating a temporary key to the centralized control center through the control tunnel;
The identity verification request unit is used for transmitting the agreed certificate information to the centralized control center through the control tunnel after the centralized control center negotiates the temporary key, and requesting identity verification;
The key generation unit is used for generating a key in a random mode, transmitting the key to the local tunnel establishment unit and transmitting the key to the centralized control center through the control tunnel;
The other tunnel establishing units are used for establishing a web service tunnel, an uplink service tunnel and a downlink service tunnel with the centralized control center after the identity authentication of the centralized control center passes and an authentication result is returned, and each tunnel is transmitted in an encrypted mode by using different keys generated by the key generating unit;
The tunnel maintaining unit is used for sending heartbeat packets to the centralized control center at regular time to maintain the tunnel;
And the autonomous service management unit is used for setting a local service state to independently finish the service management of the equipment of the Internet of things after the network quality is poor or the network is disconnected.
Further, the tunnel proxy service module specifically includes:
the control tunnel establishment unit is used for replying to the edge service node to establish a control tunnel after receiving a tunnel establishment request initiated by the edge service node;
a temporary key negotiation unit for negotiating a temporary key with the edge service node through the control tunnel;
The identity authentication unit is used for carrying out identity authentication after decrypting the received encrypted certificate information by adopting a temporary key and sending an authentication result to the edge service node;
The other tunnel establishing units are used for establishing web service tunnels, uplink service tunnels and downlink service tunnels with the centralized control center, and each tunnel is transmitted by using different keys sent by the edge service node in an encryption way;
The local mapping unit is used for registering the routing information of the edge service node, establishing local service connection mapping, mapping the web service tunnel of the edge service node into a local port, establishing a message forwarding mechanism with the message queue, and forwarding corresponding messages to the uplink service tunnel and the downlink service tunnel respectively;
and the tunnel maintaining unit is used for receiving the heartbeat packet of the edge service node, maintaining tunnel connection when the heartbeat packet is normal, and disconnecting the tunnel connection when the heartbeat packet is abnormal.
Further, the edge service node temporarily stores real-time data of the internet of things equipment, and transmits the real-time data to the centralized control center in batches at indefinite time when the network is unobstructed, the data is deleted after the transmission is successful, and the data is suspended to be transmitted to the centralized control center when the network is not unobstructed.
Furthermore, all the equipment configuration information is unified in the centralized control center for centralized configuration management, when the network is normal, the centralized control center pushes configuration change to the edge service node through the tunnel, and when the network is abnormal, the local configuration information of the edge service node is used for maintaining the service of the Internet of things.
Further, when the Web service routing module routes the access request to the Web service module of the corresponding edge service node, if the network is not smooth, the access request is cached, and the access request is issued after the network is smooth.
The beneficial effects are that: compared with the prior art, the invention has the remarkable advantages that:
1. According to the invention, the edge service node is deployed near the edge Internet of things equipment, is connected with the nearby Internet of things equipment, forwards data and provides service for the Internet of things equipment, the edge service node maps the service of the edge service node into the virtual node local service of the centralized control center in a tunnel proxy mode, and the service proxy and the mapping perfectly integrate the centralized central Internet service mode and the distributed edge service mode, so that when the network bandwidth of the centralized control center and the edge service node is limited or the connection is unreliable and the tunnel is disconnected, the edge service node temporarily stores data, and still can provide stable and reliable service support for the edge Internet of things equipment, the reliability is higher, and the edge service node can upload data in batches after the network is established, so that the reliability is further improved, and the reliability of the whole system is very high;
2. According to the method, a cloud and edge deployment combination mode is adopted, the Internet of things equipment at the edge does not need to be exposed on the Internet, pure intranet deployment does not receive external active network connection, an Internet interface is not exposed, a user can only send instructions and query data to the Internet of things equipment through a centralized control center, and the safety is high; the centralized control center can carry out unique identity authentication on the edge service node, so that the safety of the edge service node is ensured; the centralized control center and the edge service node communicate through the established tunnel, so that the safety of communication is further improved, and the safety of the whole system is very high.
Drawings
Fig. 1 is a system block diagram of an internet of things system combining cloud computing and edge computing provided by the invention;
FIG. 2 is a schematic flow chart of data transmission from the Internet of things device to the centralized control center;
fig. 3 is a flow chart illustrating a tunnel establishment procedure between a central control center and an edge service node.
Detailed Description
The embodiment provides an internet of things system combining cloud and edge computing, as shown in fig. 1, specifically including a centralized control center of the cloud, edge service nodes of the edge, internet of things equipment of the edge and a user side; the device comprises an Internet of things device, an edge service node, a plurality of data processing units and a control unit, wherein the Internet of things device is connected with the edge service node nearby, one edge service node can be connected with one or more Internet of things devices, the Internet of things device is used for collecting object data, uploading the collected data to the edge service node, and executing corresponding actions after receiving a control instruction of the edge service node; the edge service node is connected with the central control node through the Internet, is used for establishing a tunnel agent with the central control center, forwarding collected data to the central control center in a tunnel mode in a non-real-time batch mode, executing corresponding actions or forwarding the collected data to corresponding Internet of things equipment when a control instruction issued by the central control center is intercepted, setting a local service state to independently complete service management of the Internet of things equipment after the tunnel connection with the central control center is disconnected, and in addition, the edge service node is provided with a firewall, and is connected to the Internet through the firewall; the centralized control center is used for mapping the service of the edge service node into virtual local service through a tunnel proxy mode, receiving and storing data uploaded by the edge service node according to the virtual local service mode, providing data support according to a data access request sent by a user side, and sending a control instruction to the corresponding edge service node according to an Internet of things equipment control request sent by the user side; the user terminal is connected with the centralized control center through the Internet and is used for sending a data access request or a control request of the Internet of things equipment to the centralized control center, the user terminal comprises a browser of a PC terminal or other terminals and a mobile terminal, the mobile terminal comprises, but is not limited to, a mobile phone, a tablet computer, a videophone watch and the like, and also comprises an APP, an applet or a public number and the like which are installed on the terminal. And the centralized control center pushes configuration changes to the edge service node through the tunnel when the network is normal, and the configuration information local to the edge service node is used for maintaining the Internet of things service when the network is abnormal. Each device is described in detail below.
The centralized control center is the center of the whole Internet of things system, plays a role in centralized control on the whole system, and specifically comprises a tunnel proxy service module, a Web service routing module, a Web service module, a central database, a data service module and a message queue. The tunnel proxy service module is used for carrying out identity authentication on the edge service node after the edge service node initiates a tunnel establishment request, keeping the tunnel to the edge service node always connected after the identity authentication is passed, adopting the established tunnel to carry out communication at the follow-up, registering the routing information of the edge service node, and mapping each service of the edge service node into virtual local service so that the edge node service is visible to the centralized control center; the Web service routing module is used for routing the access request to the Web service module of the centralized control center when the browser user side sends the historical data access request according to the condition of the registration of the edge service nodes, and routing the access request to the Web service module of the corresponding edge service node when the browser user side sends the real-time data access request, if the network is not smooth, caching the access request, and delivering the access request after the network is smooth, so that the high availability of the system under the unreliable network condition is ensured, and in addition, the Web service routing module realizes the routing of the access request to the correct node, so that the user browser can access the services of all the nodes at the same time without switching domain names; the Web service module is used for reading the history data of the request from the central database and returning the history data when receiving the history data access request sent by the Web service routing module or the history data access request sent by the mobile terminal user terminal; the central database is used for storing the data of the centralized control center, the configuration information of all the edge service nodes and the uploaded historical data; the data service module is used for generating equipment control instructions (such as air conditioner starting control instructions) to be stored in the message queue when receiving an Internet of things equipment control request (such as air conditioner starting control request when the Internet of things equipment is an air conditioner) sent by the mobile terminal user terminal, generating data acquisition control instructions to be stored in the message queue when receiving a real-time data access request sent by the mobile terminal user terminal, and providing the data acquisition control instructions to the mobile terminal user terminal and storing the data acquisition control instructions in the central database when receiving acquisition data returned by the message queue; the message queue is used for storing and issuing the control instruction sent by the data service module and storing the acquired data uploaded by the edge service nodes, and can realize the relay of the uplink data and the downlink data of the edge nodes, so that the Internet of things equipment between any two edge service nodes can also carry out communication and information interaction under the condition of no centralized control center service coordination.
The edge service node provides service support for the internet of things equipment at the edge, temporarily stores real-time data of the internet of things equipment, transmits the real-time data to the centralized control center in an irregular and batched mode when the network is smooth, deletes the data after the transmission is successful, pauses the transmission to the centralized control center when the network is not smooth, and uses the local configuration service internet of things equipment, as shown in fig. 2. The edge service node specifically comprises a tunnel maintenance service module, a Web service module, a data storage, a data service module, a data uplink service module and a data downlink service module; the tunnel maintenance service module is used for initiating a tunnel establishment request to the centralized control center at regular time, carrying out identity authentication to the centralized control center through certificate information agreed in advance, sending heartbeat packets at regular time to carry out tunnel maintenance after the identity authentication passes and the tunnel establishment is completed, carrying out communication by adopting the established tunnels at the follow-up, and setting a local service state to independently finish the service management of the Internet of things equipment after the tunnel connection with the centralized control center is disconnected, wherein the tunnel maintenance service module can enable the edge not to be required to have a fixed IP or an open network port; the Web service module is used for reading the requested data from the data memory and returning the requested data to the centralized control center when receiving the real-time data access request of the centralized control center; the data storage is used for storing the local configuration information and real-time data uploaded by the Internet of things equipment; the data service module is used for receiving a data acquisition control instruction issued by the centralized control center through the data downlink service module, reading corresponding data from the data memory, sending the corresponding data to the centralized control center through the data uplink service module, and forwarding the equipment control instruction to corresponding Internet of things equipment when receiving the equipment control instruction through the data downlink service module; the data uplink service module is used for sending the acquired data sent by the data service module to a message queue of the centralized control center; the data downlink service module is used for intercepting a message queue of the centralized control center, and when intercepting a data acquisition control instruction or a device control instruction aiming at the edge service node, the data downlink service module is forwarded to the data service module.
The tunnel proxy service module of the centralized control center and the tunnel maintaining service module of the edge service node are communicated with each other, so that tunnel establishment and maintenance are realized. The tunnel proxy service module of the centralized control center specifically comprises a control tunnel establishment unit, a temporary key negotiation unit, an identity authentication unit, other tunnel establishment units, a local mapping unit and a tunnel maintenance unit; the control tunnel establishment unit is used for replying to the edge service node to establish a control tunnel after receiving a tunnel establishment request initiated by the edge service node; the temporary key negotiation unit is used for negotiating a temporary key with the edge service node through the control tunnel; the identity authentication unit is used for decrypting the received encrypted certificate information by adopting a temporary key, then carrying out identity authentication, and sending an authentication result to the edge service node; the other tunnel establishing units are used for establishing web service tunnels, uplink service tunnels and downlink service tunnels with the centralized control center, and each tunnel is transmitted by using different keys sent by the edge service node in an encryption way; the local mapping unit is used for registering the routing information of the edge service node, establishing local service connection mapping, mapping the web service tunnel of the edge service node into a local port, establishing a message forwarding mechanism with the message queue, and forwarding corresponding messages to the uplink service tunnel and the downlink service tunnel respectively; the tunnel maintaining unit is used for receiving the heartbeat packet of the edge service node, maintaining tunnel connection when the heartbeat packet is normal, and disconnecting the tunnel connection when the heartbeat packet is abnormal. The tunnel maintenance service module of the edge service node specifically comprises a tunnel establishment request unit, a control tunnel establishment unit, a temporary key negotiation unit, an identity verification request unit, a key generation unit, other tunnel establishment units, a tunnel maintenance unit and an autonomous service management unit; the tunnel establishment request unit is used for initiating a tunnel establishment request to the centralized control center at regular time; the control tunnel establishment unit is used for establishing a control tunnel with the centralized control center after the centralized control center agrees to the tunnel establishment request; the temporary key negotiation unit is used for negotiating a temporary key to the centralized control center through the control tunnel; the identity verification request unit is used for transmitting the agreed certificate information to the centralized control center through the control tunnel after the centralized control center negotiates a temporary key, and requesting identity verification; the key generation unit is used for generating a key in a random mode, transmitting the key to the local tunnel establishment unit and transmitting the key to the centralized control center through the control tunnel; the other tunnel establishing units are used for establishing a web service tunnel, an uplink service tunnel and a downlink service tunnel with the centralized control center after the identity authentication of the centralized control center passes and an authentication result is returned, and each tunnel is transmitted in an encrypted mode by using different keys generated by the key generating unit; the tunnel maintaining unit is used for sending heartbeat packets to the centralized control center at regular time to maintain the tunnel; the autonomous service management unit is used for setting a local service state to independently finish the service management of the equipment of the Internet of things after the network quality is poor or the network is disconnected. The process of tunnel proxy and hold is shown in figure 3.
The above disclosure is only a preferred embodiment of the present invention and should not be construed as limiting the scope of the invention, which is defined by the appended claims.
Claims (8)
1. Internet of things system based on combination of cloud and edge calculation is characterized in that: the cloud terminal comprises a centralized control center of a cloud terminal, edge service nodes of edges, internet of things equipment of the edges and a user terminal; wherein:
the internet of things equipment is connected with the nearby edge service nodes, and is used for collecting object data, uploading the collected data to the edge service nodes and executing corresponding actions after receiving control instructions of the edge service nodes;
the edge service node is connected with the centralized control center through the Internet, is used for establishing a tunnel agent with the centralized control center, forwarding collected data to the centralized control center in a non-real-time batch mode in a tunnel mode, executing corresponding actions or forwarding the corresponding actions to corresponding Internet of things equipment when a control instruction issued by the centralized control center is intercepted, and setting a local service state to independently finish the service management of the Internet of things equipment after the tunnel connection with the centralized control center is disconnected;
The centralized control center is used for mapping the service of the edge service node into virtual local service through a tunnel proxy mode, receiving and storing data uploaded by the edge service node according to the virtual local service mode, providing data support according to a data access request sent by a user side, and sending a control instruction to the corresponding edge service node according to an Internet of things equipment control request sent by the user side;
The user terminal is connected with the centralized control center through the Internet and is used for sending a data access request or a control request of the Internet of things equipment to the centralized control center;
the centralized control center specifically comprises:
the tunnel proxy service module is used for carrying out identity authentication on the edge service node after the edge service node initiates a tunnel establishment request, keeping the tunnel to the edge service node always connected after the identity authentication is passed, adopting the established tunnel to carry out communication at the follow-up, registering the routing information of the edge service node, and mapping each service of the edge service node into virtual local service so that the edge node service is visible to the centralized control center;
The Web service routing module is used for routing the access request to the Web service module of the centralized control center when the browser user side sends the historical data access request according to the condition of the registration of the edge service node, and routing the access request to the Web service module of the corresponding edge service node when the browser user side sends the real-time data access request;
The Web service module is used for reading the history data of the request from the central database and returning the history data when receiving the history data access request sent by the Web service routing module or the history data access request sent by the mobile terminal user terminal;
The central database is used for storing the data of the centralized control center, the configuration information of all the edge service nodes and the uploaded historical data;
The data service module is used for generating equipment control instructions to be stored in the message queue when receiving an equipment control request of the Internet of things sent by the mobile terminal user terminal, generating data acquisition control instructions to be stored in the message queue when receiving a real-time data access request sent by the mobile terminal user terminal, and providing the data acquisition control instructions to the mobile terminal user terminal and storing the data acquisition control instructions in the central database when receiving acquisition data returned by the message queue;
The message queue is used for storing and issuing the control instruction sent by the data service module and storing the acquired data uploaded by the edge service node;
the tunnel proxy service module specifically comprises:
the control tunnel establishment unit is used for replying to the edge service node to establish a control tunnel after receiving a tunnel establishment request initiated by the edge service node;
a temporary key negotiation unit for negotiating a temporary key with the edge service node through the control tunnel;
The identity authentication unit is used for carrying out identity authentication after decrypting the received encrypted certificate information by adopting a temporary key and sending an authentication result to the edge service node;
The other tunnel establishing units are used for establishing web service tunnels, uplink service tunnels and downlink service tunnels with the centralized control center, and each tunnel is transmitted by using different keys sent by the edge service node in an encryption way;
The local mapping unit is used for registering the routing information of the edge service node, establishing local service connection mapping, mapping the web service tunnel of the edge service node into a local port, establishing a message forwarding mechanism with the message queue, and forwarding corresponding messages to the uplink service tunnel and the downlink service tunnel respectively;
and the tunnel maintaining unit is used for receiving the heartbeat packet of the edge service node, maintaining tunnel connection when the heartbeat packet is normal, and disconnecting the tunnel connection when the heartbeat packet is abnormal.
2. The internet of things system based on the combination of cloud and edge computing as claimed in claim 1, wherein: the edge service node is provided with a firewall, and the edge service node is connected to the Internet through the firewall.
3. The internet of things system based on the combination of cloud and edge computing as claimed in claim 1, wherein: the user terminal comprises a browser and a mobile terminal.
4. The internet of things system based on the combination of cloud and edge computing as claimed in claim 1, wherein: the edge service node specifically comprises:
The tunnel maintenance service module is used for initiating a tunnel establishment request to the centralized control center at regular time, carrying out identity authentication to the centralized control center through certificate information agreed in advance, sending heartbeat packets at regular time to carry out tunnel maintenance after the identity authentication passes and the tunnel establishment is completed, adopting the established tunnels for communication at the follow-up, and setting a local service state to independently finish the service management of the Internet of things equipment after the tunnel connection with the centralized control center is disconnected;
the Web service module is used for reading the requested data from the data memory and returning the requested data to the centralized control center when receiving the real-time data access request of the centralized control center;
the data storage is used for storing the local configuration information and real-time data uploaded by the Internet of things equipment;
The data service module is used for receiving the data acquisition control instruction issued by the centralized control center through the data downlink service module, reading corresponding data from the data memory, sending the corresponding data to the centralized control center through the data uplink service module, and forwarding the equipment control instruction to the corresponding Internet of things equipment when receiving the equipment control instruction through the data downlink service module;
the data uplink service module is used for sending the acquired data sent by the data service module to a message queue of the centralized control center;
The data downlink service module is used for intercepting a message queue of the centralized control center, and forwarding the message queue to the data service module when intercepting a data acquisition control instruction or a device control instruction aiming at the edge service node.
5. The internet of things system based on the combination of cloud and edge computing as claimed in claim 4, wherein: the tunnel maintenance service module specifically comprises:
a tunnel establishment request unit for initiating a tunnel establishment request to the centralized control center at regular time;
the control tunnel establishment unit is used for establishing a control tunnel with the centralized control center after the centralized control center agrees to the tunnel establishment request;
a temporary key negotiation unit for negotiating a temporary key to the centralized control center through the control tunnel;
The identity verification request unit is used for transmitting the agreed certificate information to the centralized control center through the control tunnel after the centralized control center negotiates the temporary key, and requesting identity verification;
The key generation unit is used for generating a key in a random mode, transmitting the key to the local tunnel establishment unit and transmitting the key to the centralized control center through the control tunnel;
The other tunnel establishing units are used for establishing a web service tunnel, an uplink service tunnel and a downlink service tunnel with the centralized control center after the identity authentication of the centralized control center passes and an authentication result is returned, and each tunnel is transmitted in an encrypted mode by using different keys generated by the key generating unit;
The tunnel maintaining unit is used for sending heartbeat packets to the centralized control center at regular time to maintain the tunnel;
And the autonomous service management unit is used for setting a local service state to independently finish the service management of the equipment of the Internet of things after the network quality is poor or the network is disconnected.
6. The internet of things system based on the combination of cloud and edge computing as claimed in claim 1, wherein: the edge service node temporarily stores real-time data of the Internet of things equipment, and transmits the real-time data to the centralized control center in batches at indefinite time when the network is unobstructed, the data is deleted after the transmission is successful, and the data is suspended to be transmitted to the centralized control center when the network is unobstructed.
7. The internet of things system based on the combination of cloud and edge computing as claimed in claim 1, wherein: and the centralized control center pushes configuration changes to the edge service node through the tunnel when the network is normal, and the configuration information local to the edge service node is used for maintaining the Internet of things service when the network is abnormal.
8. The internet of things system based on the combination of cloud and edge computing as claimed in claim 1, wherein: when the Web service routing module routes the access request to the Web service module of the corresponding edge service node, if the network is not smooth, the access request is cached, and the access request is issued after the network is smooth.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111021393.0A CN113766019B (en) | 2021-09-01 | 2021-09-01 | Internet of things system based on cloud and edge computing combination |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111021393.0A CN113766019B (en) | 2021-09-01 | 2021-09-01 | Internet of things system based on cloud and edge computing combination |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113766019A CN113766019A (en) | 2021-12-07 |
| CN113766019B true CN113766019B (en) | 2024-04-30 |
Family
ID=78792461
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111021393.0A Active CN113766019B (en) | 2021-09-01 | 2021-09-01 | Internet of things system based on cloud and edge computing combination |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113766019B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114500527A (en) * | 2021-12-27 | 2022-05-13 | 天翼云科技有限公司 | Out-of-band management system and method for edge device |
| CN114500554B (en) * | 2022-02-09 | 2024-04-26 | 南京戎光软件科技有限公司 | Internet of things system management method |
| CN115208884B (en) * | 2022-07-13 | 2023-04-25 | 四三九九网络股份有限公司 | Local and cloud network communication method |
| CN115208922B (en) * | 2022-07-15 | 2023-11-03 | 鹿马智能科技(上海)有限公司 | Hotel management system based on edge calculation |
| CN116723507B (en) * | 2023-08-10 | 2023-09-29 | 深圳市迈拓诚悦科技有限公司 | Terminal security method and device for edge network |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102255920A (en) * | 2011-08-24 | 2011-11-23 | 杭州华三通信技术有限公司 | Method and device for sending VPN (Virtual Private Network) configuration information |
| CN103001844A (en) * | 2011-09-09 | 2013-03-27 | 华耀(中国)科技有限公司 | IPv6 (internet protocol version 6) network system and data transmission method thereof |
| KR20150060050A (en) * | 2013-11-25 | 2015-06-03 | 한국전자통신연구원 | Network device and method of forming tunnel of network device |
| CN107872823A (en) * | 2016-09-28 | 2018-04-03 | 维布络有限公司 | The method and system of communication operational mode in the mobile edge calculations environment of identification |
| CN111464609A (en) * | 2020-03-27 | 2020-07-28 | 北京金山云网络技术有限公司 | Data communication method and device and electronic equipment |
| CN111885136A (en) * | 2020-07-15 | 2020-11-03 | 北京时代凌宇科技股份有限公司 | Edge computing gateway cluster operation method and system based on edge cloud cooperation |
| CN112073379A (en) * | 2020-08-12 | 2020-12-11 | 国网江苏省电力有限公司南京供电分公司 | Lightweight Internet of things security key negotiation method based on edge calculation |
| CN112383416A (en) * | 2020-11-02 | 2021-02-19 | 之江实验室 | Kubeedge and EdgeX fountain based intelligent edge device control platform |
| CN112860441A (en) * | 2021-03-12 | 2021-05-28 | 山东产业技术研究院智能计算研究院 | Distributed machine learning system and method facing edge equipment and data security |
| CN112910955A (en) * | 2021-01-15 | 2021-06-04 | 上海中通吉网络技术有限公司 | Cloud and edge data communication method and device and edge computing system |
| CN113259479A (en) * | 2021-06-18 | 2021-08-13 | 腾讯科技(深圳)有限公司 | Data processing method and equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8284656B2 (en) * | 2006-04-28 | 2012-10-09 | Alcatel Lucent | System and method for resilient VPLS over multi-nodal APS protected provider edge nodes |
| US9729430B2 (en) * | 2015-04-21 | 2017-08-08 | Raytheon Bbn Technologies Corp. | System, device, and method of dense-mode multicast tunneling using interlayer group membership control |
-
2021
- 2021-09-01 CN CN202111021393.0A patent/CN113766019B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102255920A (en) * | 2011-08-24 | 2011-11-23 | 杭州华三通信技术有限公司 | Method and device for sending VPN (Virtual Private Network) configuration information |
| CN103001844A (en) * | 2011-09-09 | 2013-03-27 | 华耀(中国)科技有限公司 | IPv6 (internet protocol version 6) network system and data transmission method thereof |
| KR20150060050A (en) * | 2013-11-25 | 2015-06-03 | 한국전자통신연구원 | Network device and method of forming tunnel of network device |
| CN107872823A (en) * | 2016-09-28 | 2018-04-03 | 维布络有限公司 | The method and system of communication operational mode in the mobile edge calculations environment of identification |
| CN111464609A (en) * | 2020-03-27 | 2020-07-28 | 北京金山云网络技术有限公司 | Data communication method and device and electronic equipment |
| CN111885136A (en) * | 2020-07-15 | 2020-11-03 | 北京时代凌宇科技股份有限公司 | Edge computing gateway cluster operation method and system based on edge cloud cooperation |
| CN112073379A (en) * | 2020-08-12 | 2020-12-11 | 国网江苏省电力有限公司南京供电分公司 | Lightweight Internet of things security key negotiation method based on edge calculation |
| CN112383416A (en) * | 2020-11-02 | 2021-02-19 | 之江实验室 | Kubeedge and EdgeX fountain based intelligent edge device control platform |
| CN112910955A (en) * | 2021-01-15 | 2021-06-04 | 上海中通吉网络技术有限公司 | Cloud and edge data communication method and device and edge computing system |
| CN112860441A (en) * | 2021-03-12 | 2021-05-28 | 山东产业技术研究院智能计算研究院 | Distributed machine learning system and method facing edge equipment and data security |
| CN113259479A (en) * | 2021-06-18 | 2021-08-13 | 腾讯科技(深圳)有限公司 | Data processing method and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113766019A (en) | 2021-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113766019B (en) | Internet of things system based on cloud and edge computing combination | |
| Yaacoub et al. | Secure transmission of IoT mHealth patient monitoring data from remote areas using DTN | |
| CN112291200B (en) | Method and system for trusted access of edge computing APP to Internet of things edge agent | |
| CN108600376A (en) | Data transmission method, device, LoRa gateways, system based on LoRa and storage medium | |
| JPH07107083A (en) | Cipher communication system | |
| CN109905409A (en) | Things-internet gateway real time bidirectional communication system based on Socket.IO | |
| US20100103851A1 (en) | System for enabling communication over a wireless intermittently connected network | |
| CN113572835B (en) | Data processing method, network element equipment and readable storage medium | |
| US20230300106A1 (en) | Data processing method, network element device and readable storage medium | |
| CN111083187A (en) | Industrial application service processing method and system | |
| JP7476366B2 (en) | Relay method, relay system, and relay program | |
| US11647069B2 (en) | Secure remote computer network | |
| US20130315391A1 (en) | Secure communication system and communication apparatus | |
| CN112134744B (en) | Management method of nodes in distributed management system | |
| CN111030914B (en) | Data transmission method and data transmission system | |
| CN114025010B (en) | Method for establishing connection and network equipment | |
| CN109150661A (en) | A kind of method for discovering equipment and device | |
| CN114070606A (en) | Network security terminal device based on domestic operating system and working method | |
| CN106302635A (en) | A kind of conventional data trunking method based on wireless communication technology | |
| US8036218B2 (en) | Technique for achieving connectivity between telecommunication stations | |
| JP6971118B2 (en) | Devices, methods and programs for sending and receiving data to and from IoT devices | |
| CN108322941B (en) | Information communication method and device | |
| CN115190168B (en) | Edge server management system and server cluster | |
| JPH07107084A (en) | Cipher communication system | |
| EP3720087A1 (en) | Node for storage of data in a network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |