CN101867530A - Things-internet gateway system based on virtual machine and data interactive method - Google Patents
Things-internet gateway system based on virtual machine and data interactive method Download PDFInfo
- Publication number
- CN101867530A CN101867530A CN 201010188081 CN201010188081A CN101867530A CN 101867530 A CN101867530 A CN 101867530A CN 201010188081 CN201010188081 CN 201010188081 CN 201010188081 A CN201010188081 A CN 201010188081A CN 101867530 A CN101867530 A CN 101867530A
- Authority
- CN
- China
- Prior art keywords
- module
- virtual machine
- data
- user
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a things-internet gateway system based on a virtual machine and a data interactive method, which mainly solves the safety integration problem of a things-internet user network and a service provision network. In the system, a virtual machine monitor is built on a hardware layer of the gateway, and a safety virtual machine and a service virtual machine are arranged on the virtual machine monitor, so as to separate different functional modules. The safety virtual machine comprises a secret key management module, an authentication module, an encryption and decryption module, an information processing module and a judgment module; the service virtual machine comprises a multi-network interface module, a user management module, an information management module, a perception node management module and an information publishing module; restricted data is transmitted among the virtual machines by a safety data channel in the virtual machine monitor, the safety virtual machine has no external interface, and users only can access the service virtual machine; in the invention, the safety of the things-internet gateway is improved, security protocol integration difficulty among different networks in the things internet is reduced, and the system is suitable for integration of different networks in the things internet.
Description
Technical field
The invention belongs to communication technical field, relate to gateway structural design and use in the Internet of Things, specifically is a kind of Internet of Things Convergence gateway system and using method based on virtual machine technique, communication that is applied to merge between heterogeneous networks in the Internet of Things and security fields.
Background technology
" Internet of Things " this notion is on the basis of the Internet notion, its user side is extended and expands between any article and the article, carries out information exchange and a kind of network concept of communicating by letter.Wherein wireless sensor network, RFID network etc. are as terminal induction network, interconnected with existing Internet network or cordless communication network, by respective protocol actual article are connected with the Internet, carry out the notion of information exchange and a kind of network configuration of communicating by letter.Internet of Things comes from the research to radio sensing network the earliest.2005, International Telecommunication Union formally proposed the notion of " Internet of Things ".
Internet of Things is considered to have " more thorough perception; interconnect widely; more deep intellectuality ", the Internet of Things industry is considered to the information technology tide again after computer industry, communications industry, and predict according to authoritative institution: following Internet of Things industry will be 30 times of Internet industry.Internet of Things can be applied to all conglomeraties and fields such as intelligent identification, location, tracking, monitoring and management.All begun to have carried out application progressively at aspects such as wired home, health care, environmental monitorings.And along with the proposition of notions such as " perception China ", " the wisdom earth ", Internet of Things has entered the stage of accelerated development, begins to carry out application in a big way gradually.
" virtual machine " can trace back to the VM/370 of IBM the earliest.Use virtual machine technique simulating one or more virtual computer on a physical computer, these virtual machines carry out work just as real computer fully.And because virtual machine technique can the different application of good isolation, it can be used to isolate the application of different fail safes, and then prevents that comparatively dangerous application from exerting an adverse impact to the higher application of security requirement.Therefore at secure context some research and explorations based on the safety approach of virtual machine have been arranged.
Existing Internet of Things network research is few for the research of gateway structure, for the research of gateway security structure still less.Because Internet of Things is the network configuration that a kind of many nets merge, some important perception informations will be at public legacy network, and as transmitting in Internet or the mobile communications network, so fail safe is very important for the realization of Internet of Things.Gateway is owing to be the key position that merges, and its fail safe is extremely important.If effectively security information and the security process in the service use of separate users and the gateway then makes gateway be subjected to be directed to this malicious attack probably.And because the difference of security protocol between heterogeneous networks in the Internet of Things, the fusion difficulty between different security protocols is bigger.If can not on the gateway structure of a safety, finish the transfer process of security protocol simultaneously, the fail safe of these security protocols is all greatly reduced.
Summary of the invention
The present invention is in order to address the above problem, a kind of things-internet gateway system and data interactive method thereof based on virtual machine proposed, effectively security information and security process are isolated with user and external interface, improve the fail safe of gateway, simplify variant network security fusion difficulty in the Internet of Things simultaneously, improved overall security such as Internet of Things.
For achieving the above object, things-internet gateway system of the present invention, comprise multi-network interface module, release module, user management module, information management module, sensing node administration module, message processing module, key management module, authentication module and encryption and decryption module, wherein: built virtual machine monitor on the hardware layer of gateway, on virtual machine monitor, set up secure virtual machine and service virtual machine; Described key management module, authentication module encryption and decryption module and message processing module are arranged in the secure virtual machine, described multi-network interface module, user management module, information management module, sensing node administration module and information issuing module are arranged in the service virtual machine, to realize the isolation to plaintext, key, encryption and decryption process, verification process and information process and user and external interface.
Transmit restricted data by the safe data channel in the virtual machine monitor between described secure virtual machine and the service virtual machine, this restricted data only comprises the authentication information of data ciphertext, user data requirement, more new demand, subscriber identity information, node identity information and user and node.
Described service virtual machine is by multi-network interface module correspondence with foreign country, and secure virtual machine does not have external communication interface, and promptly the user can only the access services virtual machine, can't the access security virtual machine.
Be provided with determination module in the described secure virtual machine, be used to judge that the data demand whether user is arranged, the warning of sensing node require or more new demand, when new demand more, the sensing node administration module in the notification service virtual machine sends the Data Update requirement to sensing node; When user data requirement or the requirement of sensing node warning message, send user identity ID
UGive the encryption and decryption module and require information temporary in its encryption safe virtual machine.
For achieving the above object, the present invention is based on the things-internet gateway data interactive method of virtual machine, comprise the steps:
(1) user is by multi-network interface module IAD, user management module obtains user place network information Field by the multi-network interface module, user authentication information is sent to the authentication module of secure virtual machine, the authentication module identifying user identity authentication information of secure virtual machine, and will verify that the result sends to user management module, if user authentication information checking is correct, success identity user then, user management module is with user instruction, identity ID
UNetwork information Field is transmitted to information management module with the user place, otherwise to user's denial of service;
(2) information management module is made configuration according to the control information in the user instruction, with data demand and the user identity ID in the instruction
USend to the determination module of secure virtual machine by safe data channel, and according to the user configured time to the requirement of determination module timed sending Data Update;
(3) whether determination module is according to having data demand or alarm requirement generation to require the encryption and decryption module to carry out the notice of data encryption, if do not require, then data temporary in the secure virtual machine are not carried out cryptographic operation, if requirement is arranged, then produce the notice that requires the encryption and decryption module that the data that are temporarily stored in secure virtual machine are encrypted, whether this moment is according to having more new demand to carry out the renewal of temporal data, if not more new demand then sends the notice that produces and requires related user identity ID
UTo the encryption and decryption module,, then notify more new data of sensing node by the sensing node administration module if more new demand is arranged;
(4) after the encryption and decryption module is received the notice of determination module, according to the user identity ID that receives
UInquiring user communication key K in key management module
UTAnd use K
UTData message temporary in the virtual machine is encrypted, sent the data ciphertext to information management module by safe data channel afterwards;
(5) information management module is with data ciphertext, user place network information Field and user identity ID
USend to release module, release module is according to user's identity ID
UWith place network information Field, select to send network by the multi-network interface module, the data cipher-text information is sent to the user;
When (6) sensing node is received the renewal data demand of step (3) or is perceived incident, insert the sensing node administration module by the multi-network interface module, the sensing node administration module sends to the sensing node authentication information authentication module of secure virtual machine, the authentication module checking node authentication information of secure virtual machine, and will verify that the result sends to the sensing node administration module, if identity information checking is correct, then think authentication success, with information data ciphertext and sensing node identity ID
NSend to the encryption and decryption module of secure virtual machine, otherwise refusal is accepted the data of sensing node;
(7) the encryption and decryption module is received after the data ciphertext according to sensing node identity ID
NInquiry sensing node communication key K in key management module
NT, and use K
NTTo decrypt ciphertext, send data expressly to data processing module;
(9) data processing module expressly merges data, and the data processing after will merging is after being easy to the standardized data format of user's use, according to whether being that warning information is operated, if warning information is then kept in the data after handling, and alarm required to send to determination module, return step (3), if not warning information does not then send the alarm requirement, data after temporary the processing are returned step (3).
The present invention has following advantage:
1) the present invention is owing to proposed a kind of things-internet gateway system structure based on virtual machine, by on virtual machine monitor, setting up the mode of service virtual machine and secure virtual machine, plaintext, key, data handling procedure, encryption and decryption process and verification process and user and external interface are isolated, guarantee that user and external program can't improve fail safe to the directly visit of secure virtual machine part;
2) the present invention is owing to used the structure of isolating, do not require user equipment network and the identical cryptographic algorithm agreement of sensing node network use, conversion process safety in gateway of the present invention of concrete security protocol is realized, simplified the fusion between security protocol between heterogeneous networks, applicability has preferably been arranged in many nets are fused to main Internet of Things;
Description of drawings
Fig. 1 is an application scenarios schematic diagram of the present invention;
Fig. 2 is the things-internet gateway system structural representation that the present invention is based on virtual machine;
Fig. 3 is based on the things-internet gateway data interactive method flow chart of virtual machine among the present invention.
Embodiment
The applied scene of the present invention as shown in Figure 1, serving in Internet of Things based on the things-internet gateway system of virtual machine provides between network and the communication networks such as Internet or mobile communications network, service provides network, as wireless sensor network, RFID network, comprise a large amount of sensing nodes, and the user communicates by Internet or mobile communications network mainly.Things-internet gateway provides the sensing node in the network to communicate by letter by the multi-network interface module with service, and by multi-network interface module access Internet or mobile communications network, the user inserts Internet or mobile communications network by different separately network access modes, communicates by letter with things-internet gateway.
Service provides a large amount of sense node in the network respectively the incident in the geographic range separately to be carried out perception, and perception data sent to things-internet gateway, gateway is finished the conversion of data frame format between heterogeneous networks and the conversion of security protocol, and the processing of data being carried out data fusion and standardized format.Gateway is according to the network at user place afterwards, selects the suitable network interface, and data encrypted is sent to user by gateway authentication.
The present invention proposes things-internet gateway system based on virtual machine, and based on the things-internet gateway data interactive method of virtual machine,
With reference to Fig. 2, the present invention is based on the things-internet gateway system of virtual machine, be on the hardware layer of things-internet gateway, to have built virtual machine monitor, on virtual machine monitor, built two virtual machines, comprise secure virtual machine and service virtual machine.Two virtual machine inside comprises functional module separately.The internal module of two virtual machines is isolated mutually, only can be by the mutual limited data of the safe data channel in the virtual machine monitor, these data only comprise the authentication information of data ciphertext, user data requirement, more new demand, subscriber identity information, node identity information and user and node.
Described service virtual machine mainly is responsible for the management of many Network Management, user and sensing node and the issue of information, and it is the directly virtual machine of visit of user, has external interface.The module that comprises in this service virtual machine has: multi-network interface module, user management module, sensing node administration module, information management module and release module.This multi-network interface module, be responsible for many networks agreement realize and be communicated with; This user management module is responsible for the management of gateway to the user, under the help of secure virtual machine authentication module the user is authenticated and to the forwarding of the user instruction that receives; This sensing node administration module is responsible for the management of sensing node, sends to secure virtual machine to the sensing node authentication and with the data ciphertext that node sends under the help of secure virtual machine authentication module; This information management module is responsible for management of information, according to user's determination module transmission user data requirement and the more new demand of instruction in secure virtual machine, and accepts the ciphertext that secure virtual machine sends; This release module is responsible for the data ciphertext is distributed to the user according to user network Information Selection suitable network.
Described secure virtual machine mainly is responsible for management and the storage expressly of key and data, and it is a virtual machine of forbidding user capture, does not have external interface.The module that comprises in this secure virtual machine has: key management module, encryption and decryption module, authentication module, message processing module and determination module.This key management module is responsible for the management of key, is used to store communication key and authenticate key with inquiring user and sensing node; This encryption and decryption module is responsible for finishing the encryption and decryption process according to telex network key or sensing node communication key; This authentication module is responsible for the authenticate key according to user and sensing node, and the sensing node of access and user's authentication information are verified; This message processing module is responsible for fusion, standardization and generation alarm requirement to information; This determination module is responsible for requiring and alarm requires notice encryption and decryption module to carry out encrypted work according to user data, according to the new data more of new demand notice sensing node administration module requirement sensing node more.
With reference to Fig. 3, the data interactive method that the present invention is based on the things-internet gateway system of virtual machine technique may further comprise the steps:
Step 1, access authentication of user and instruction send.
(1a) user inserts by the multi-network interface module, sends user instruction and authentication information to user management module;
(1b) user management module sends to authentication module with user authentication information by safe data channel;
(1c) the identity ID that claims by authentication information of authentication module
UIn key management module, search corresponding K
UI, the identity verification authentication information, and will verify that the result sends to user management module;
(1d) user management module is operated according to authentication information checking result, if the authentication information checking is correct, thinks that then authentification of user is successful, with user identity ID
U, user place network information Field and user instruction send to information management module, if the identity information authentication error is then thought user authentication failure, the user management module refusal is served the user.
Step 2, information management module is operated according to user instruction.
(2a) information management module is according to the update time of the control information configure user data demand in the user instruction, and according to sending more new demand to judge module the update time of configuration;
(2b) information management module storage user identity ID
UWith user place network information Field;
Data demand during (2c) information management module will instruct and user identity ID
USend to the determination module of secure virtual machine by safe data channel.
Step 3, determination module requires to produce the notice that requires encryption and decryption module encrypt data according to data demand or alarm.
Whether determination module is followed according to current time has user data from information management module to require or requires to produce the notice that requires the encryption and decryption module to carry out data encryption from the alarm of data processing module, if user data requires and alarm requires neither to exist, then the data that are temporarily stored in the virtual machine are not handled, proceeded step 4; If user data requires or report to the police to require both arbitrary existence, then obtain the user identity ID that relates in corresponding user data requirement or the warning requirement
UAnd produce the notice that requires the encryption and decryption module to encrypt, proceed step 4.
Step 4, determination module basis more new demand is upgraded data.
Whether the determination module in the secure virtual machine has from the more new demand of information management module according to current time is upgraded data temporary in the secure virtual machine, if more new demand is arranged, then sends more new demand to the sensing node administration module, enters step 8; If not more new demand is then with notice that requires the work of encryption and decryption module in the step 3 and the user identity ID that relates to
USend to the encryption and decryption module, enter step 5, if the notice that requires the work of encryption and decryption module of not keeping in this moment is then returned step 3.
Step 5, the encryption and decryption module is encrypted data temporary in the virtual machine.
After encryption and decryption module in the secure virtual machine is received notice from determination module, according to the user identity ID that relates to
UIn key management module, find corresponding telex network key K
UT, and data temporary in the secure virtual machine of customer requirements are encrypted, with data encrypted and user identity ID
USend to information management module by safe data channel.
Step 6, information management module transmit the data ciphertext and user profile is given release module.
(6a) information management module is at the data ciphertext and the corresponding user identity ID that receive from secure virtual machine
UAfter, according to ID
UInquiring user place network information Field;
(6b) information management module is with user identity ID
U, user place network information Field and data ciphertext send to release module.
Step 7, release module is according to user identity ID
UIn the multi-network interface module, select the suitable network interface with user place network information Field, the data ciphertext is sent to the user.
After step 8, sensing node administration module are received the more new demand that determination module sends in the step 4, send instruction, require more new data of sensing node to sensing node.
Step 9, sensing node access authentication and perception data ciphertext send.
(9a) sensing node is when the Data Update of receiving step 8 requires or perceives incident and takes place, and the ciphertext and the sensing node authentication information of perception data sent to the node administration module;
(9b) the logical authentication information with sensing node of node administration module sends to authentication module in the secure virtual machine by safe data channel;
(9c) ID that claims by the sensing node authentication information of authentication module
NIn key management module, search authenticate key K
NI, the identity verification authentication information also sends to the sensing node administration module with the result;
(9d) the sensing node administration module is operated according to authentication information checking result, if the authentication information authentication error is then thought the sensing node authentification failure, the user management module refusal is accepted the data of sensing node; If the Information Authentication of authentication card is correct, think that then entity authentication is successful, with sensing node identity ID
NSend to secure virtual machine with the data ciphertext by safe data channel.
Step 10, the encryption and decryption module to sensing node send the data ciphertext be decrypted.
Encryption and decryption module in the secure virtual machine is after the data ciphertext of receiving from the sensing node administration module, according to sensing node identity ID
NIn key management module, find corresponding sensing node communication key K
NT, use K
NTThe data ciphertext is decrypted, and the data that obtain after will deciphering expressly send to message processing module.
Step 11, message processing module is expressly handled data.
(11a) message processing module expressly merges the data that step 10 produces, and the data processing after will merging is for ease of the standardized data format of user's use;
(11b) whether message processing module according to there being warning information to send alarm in the data after handling requires to determination module.If warning information is arranged, then send alarm and require to determination module, the data after handling are temporarily stored in the secure virtual machine, enter and issue after step 3 is judged; If there is not warning information, then do not send alarm and require to determination module, the data after handling are temporarily stored in the secure virtual machine, enter step 3.
Symbol description
ID
U: subscriber identity information
ID
N: the sensing node identity information
Field: the user place network information
K
UI: subscriber authentication key
K
NI: the sensing node authenticate key
K
UT: the telex network key
K
NT: the sensing node communication key.
Claims (5)
1. things-internet gateway system based on virtual machine technique, comprise multi-network interface module, release module, user management module, information management module, sensing node administration module, message processing module, key management module, authentication module and encryption and decryption module, it is characterized in that: built virtual machine monitor on the hardware layer of gateway, on virtual machine monitor, set up secure virtual machine and service virtual machine; Described key management module, authentication module, encryption and decryption module and message processing module are arranged in the secure virtual machine, described multi-network interface module, user management module, information management module, sensing node administration module and information issuing module are arranged in the service virtual machine, to realize the isolation to plaintext, key, encryption and decryption process, verification process and information process and user and external interface.
2. according to right 1 described things-internet gateway system, it is characterized in that: transmit restricted data by the safe data channel in the virtual machine monitor between secure virtual machine and the service virtual machine, this restricted data only comprises the authentication information of data ciphertext, user data requirement, more new demand, subscriber identity information, node identity information and user and node.
3. according to right 1 described things-internet gateway system, it is characterized in that: service virtual machine is by multi-network interface module correspondence with foreign country, and secure virtual machine does not have external communication interface, and promptly the user can only the access services virtual machine, can't the access security virtual machine.
4. according to right 1 described things-internet gateway system, it is characterized in that: be provided with determination module in the secure virtual machine, be used to judge that the data demand whether user is arranged, the warning of sensing node require or more new demand, when new demand more, the sensing node administration module in the notification service virtual machine sends the Data Update requirement to sensing node; When user data requirement or the requirement of sensing node warning message, send user identity ID
UGive the encryption and decryption module and require information temporary in its encryption safe virtual machine.
5. the things-internet gateway data interactive method based on virtual machine comprises the steps:
(1) user is by multi-network interface module IAD, user management module obtains user place network information Field by the multi-network interface module, user authentication information is sent to the authentication module of secure virtual machine, the authentication module identifying user identity authentication information of secure virtual machine, and will verify that the result sends to user management module, if user authentication information checking is correct, success identity user then, user management module is with user instruction, identity ID
UNetwork information Field is transmitted to information management module with the user place, otherwise to user's denial of service;
(2) information management module is made configuration according to the control information in the user instruction, with data demand and the user identity ID in the instruction
USend to the determination module of secure virtual machine by safe data channel, and according to the user configured time to the requirement of determination module timed sending Data Update;
(3) whether determination module is according to having data demand or alarm requirement generation to require the encryption and decryption module to carry out the notice of data encryption, if do not require, then data temporary in the secure virtual machine are not carried out cryptographic operation, if requirement is arranged, then produce the notice that requires the encryption and decryption module that the data that are temporarily stored in secure virtual machine are encrypted, whether this moment is according to having more new demand to carry out the renewal of temporal data, if not more new demand then sends the notice that produces and requires related user identity ID
UTo the encryption and decryption module,, then notify more new data of sensing node by the sensing node administration module if more new demand is arranged;
(4) after the encryption and decryption module is received the notice of determination module, according to the user identity ID that receives
UInquiring user communication key K in key management module
UTAnd use K
UTData message temporary in the virtual machine is encrypted, sent the data ciphertext to information management module by safe data channel afterwards;
(5) information management module is with data ciphertext, user place network information Field and user identity ID
USend to release module, release module is according to user's identity ID
UWith place network information Field, select to send network by the multi-network interface module, the data cipher-text information is sent to the user;
When (6) sensing node is received the renewal data demand of step (3) or is perceived incident, insert the sensing node administration module by the multi-network interface module, the sensing node administration module sends to the sensing node authentication information authentication module of secure virtual machine, the authentication module checking node authentication information of secure virtual machine, and will verify that the result sends to the sensing node administration module, if identity information checking is correct, then think authentication success, with information data ciphertext and sensing node identity ID
NSend to the encryption and decryption module of secure virtual machine, otherwise refusal is accepted the data of sensing node;
(7) the encryption and decryption module is received after the data ciphertext according to sensing node identity ID
NInquiry sensing node communication key K in key management module
NT, and use K
NTTo decrypt ciphertext, send data expressly to data processing module;
(9) data processing module expressly merges data, and the data processing after will merging is after being easy to the standardized data format of user's use, according to whether being that warning information is operated, if warning information is then kept in the data after handling, and alarm required to send to determination module, return step (3), if not warning information does not then send the alarm requirement, data after temporary the processing are returned step (3).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010188081A CN101867530B (en) | 2010-05-31 | 2010-05-31 | Things-internet gateway system based on virtual machine and data interactive method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010188081A CN101867530B (en) | 2010-05-31 | 2010-05-31 | Things-internet gateway system based on virtual machine and data interactive method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101867530A true CN101867530A (en) | 2010-10-20 |
| CN101867530B CN101867530B (en) | 2012-10-24 |
Family
ID=42959099
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010188081A Expired - Fee Related CN101867530B (en) | 2010-05-31 | 2010-05-31 | Things-internet gateway system based on virtual machine and data interactive method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101867530B (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101984706A (en) * | 2010-11-04 | 2011-03-09 | 中国电信股份有限公司 | Gateway of Internet of things and automatic adaptation method of communication protocol |
| CN102025577A (en) * | 2011-01-06 | 2011-04-20 | 西安电子科技大学 | Network system of Internet of things and data processing method thereof |
| CN102045896A (en) * | 2010-11-22 | 2011-05-04 | 中山爱科数字科技有限公司 | Virtual Internet-of-things gateway system capable of realizing multiprotocol and network self-adapting |
| CN102215180A (en) * | 2011-05-26 | 2011-10-12 | 苏州震旦科技有限公司 | Access gateway of internet of things |
| CN102571338A (en) * | 2010-12-23 | 2012-07-11 | 北京时代凌宇科技有限公司 | PKI (Public Key Infrastructure)-based method and system for certifying internet of things |
| CN102663278A (en) * | 2012-03-09 | 2012-09-12 | 浪潮通信信息系统有限公司 | Cloud computing mode Internet of Things platform data processing safety protection method |
| CN102801658A (en) * | 2011-05-23 | 2012-11-28 | 镇江金钛软件有限公司 | Configurable access gateway for Internet of things |
| CN102882676A (en) * | 2011-07-15 | 2013-01-16 | 深圳市汇川控制技术有限公司 | Method and system for equipment to safely access Internet of things |
| CN102932459A (en) * | 2012-11-05 | 2013-02-13 | 广州杰赛科技股份有限公司 | Security control method of virtual machine |
| CN102984258A (en) * | 2012-11-30 | 2013-03-20 | 易程科技股份有限公司 | Internet of things data transmission method and adapter |
| CN103107994A (en) * | 2013-02-06 | 2013-05-15 | 中电长城网际系统应用有限公司 | Vitualization environment data security partition method and system |
| CN103312682A (en) * | 2012-03-16 | 2013-09-18 | 中兴通讯股份有限公司 | Method and system for accessing gateway safely |
| CN103428627A (en) * | 2012-05-22 | 2013-12-04 | 中国移动通信集团江苏有限公司 | Method for transferring data in internet of things, internet of things system and corresponding device |
| CN103544089A (en) * | 2013-10-13 | 2014-01-29 | 西安电子科技大学 | Xen-based operating system identification method |
| CN103917982A (en) * | 2011-03-16 | 2014-07-09 | 赛门铁克公司 | Techniques for securing checked-out virtual machine in virtual desktop infrastructure |
| CN103957242A (en) * | 2014-04-16 | 2014-07-30 | 北京大学工学院南京研究院 | Internet-of-things gateway achieving IP virtualization conversion |
| CN106487578A (en) * | 2015-08-26 | 2017-03-08 | 大同股份有限公司 | Error recovery method, and Internet of things system and charging system applying same |
| CN107026870A (en) * | 2017-05-03 | 2017-08-08 | 桂斌 | It is a kind of to encrypt the outdoor public Internet of Things access stack of dynamic group net safely |
| CN107908940A (en) * | 2017-11-06 | 2018-04-13 | 深圳市文鼎创数据科技有限公司 | The method and terminal device of a kind of fingerprint recognition |
| CN108123917A (en) * | 2016-11-29 | 2018-06-05 | 中国移动通信有限公司研究院 | A kind of newer method and apparatus of the Service Ticket of internet-of-things terminal |
| CN108696388A (en) * | 2018-04-19 | 2018-10-23 | 郑州科技学院 | A kind of hardware debugging management method based on Intelligent internet of things gateway |
| US10140147B2 (en) | 2017-02-16 | 2018-11-27 | Sanctum Solutions Inc. | Intelligently assisted IoT endpoint device |
| CN109845226A (en) * | 2016-08-22 | 2019-06-04 | Fybr有限责任公司 | System for distributed intelligence remote sensing system |
| US10382450B2 (en) | 2017-02-21 | 2019-08-13 | Sanctum Solutions Inc. | Network data obfuscation |
| CN110766886A (en) * | 2018-07-25 | 2020-02-07 | 新智数字科技有限公司 | Driving device, method for driving card reader to realize card service and self-service payment system |
| CN113709139A (en) * | 2021-08-26 | 2021-11-26 | 江苏省未来网络创新研究院 | Openstack east-west forwarding performance optimization method and system based on NUMA architecture |
| CN114244515A (en) * | 2022-02-25 | 2022-03-25 | 中瓴智行(成都)科技有限公司 | Hypervisor-based virtual machine communication method and device, readable storage medium and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1805441A (en) * | 2005-11-23 | 2006-07-19 | 西安电子科技大学 | Integrated WLAN authentication architecture and method of implementing structural layers |
| WO2008012567A1 (en) * | 2006-07-28 | 2008-01-31 | Hewlett-Packard Development Company, L.P. | Secure use of user secrets on a computing platform |
| CN101600198A (en) * | 2009-07-08 | 2009-12-09 | 西安电子科技大学 | Wireless sensor network security trust method based on identity |
| EP2172862A1 (en) * | 2008-10-02 | 2010-04-07 | Broadcom Corporation | Secure virtual machine manager |
-
2010
- 2010-05-31 CN CN201010188081A patent/CN101867530B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1805441A (en) * | 2005-11-23 | 2006-07-19 | 西安电子科技大学 | Integrated WLAN authentication architecture and method of implementing structural layers |
| WO2008012567A1 (en) * | 2006-07-28 | 2008-01-31 | Hewlett-Packard Development Company, L.P. | Secure use of user secrets on a computing platform |
| EP2172862A1 (en) * | 2008-10-02 | 2010-04-07 | Broadcom Corporation | Secure virtual machine manager |
| CN101600198A (en) * | 2009-07-08 | 2009-12-09 | 西安电子科技大学 | Wireless sensor network security trust method based on identity |
Non-Patent Citations (4)
| Title |
|---|
| 《西安电子科技大学学报(自然科学版)》 20090228 张志勇等 支持验证代理方的远程证明模型及其安全协议 第58-63页 1-5 第36卷, 第1期 * |
| 《西安电子科技大学学报(自然科学版)》 20090228 张志勇等 支持验证代理方的远程证明模型及其安全协议 第58-63页 1-5 第36卷, 第1期 2 * |
| 《计算机工程》 20080229 王结太等 无线传感器网络移动Agent的应用 第133-135页 1-5 第34卷, 第3期 * |
| 《计算机工程》 20080229 王结太等 无线传感器网络移动Agent的应用 第133-135页 1-5 第34卷, 第3期 2 * |
Cited By (41)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101984706A (en) * | 2010-11-04 | 2011-03-09 | 中国电信股份有限公司 | Gateway of Internet of things and automatic adaptation method of communication protocol |
| CN102045896A (en) * | 2010-11-22 | 2011-05-04 | 中山爱科数字科技有限公司 | Virtual Internet-of-things gateway system capable of realizing multiprotocol and network self-adapting |
| CN102571338A (en) * | 2010-12-23 | 2012-07-11 | 北京时代凌宇科技有限公司 | PKI (Public Key Infrastructure)-based method and system for certifying internet of things |
| CN102571338B (en) * | 2010-12-23 | 2015-09-23 | 北京时代凌宇科技有限公司 | A kind of Internet of Things authentication method based on PKI technology and system |
| CN102025577A (en) * | 2011-01-06 | 2011-04-20 | 西安电子科技大学 | Network system of Internet of things and data processing method thereof |
| CN102025577B (en) * | 2011-01-06 | 2012-07-04 | 西安电子科技大学 | Network system of Internet of things and data processing method thereof |
| CN103917982B (en) * | 2011-03-16 | 2016-09-28 | 赛门铁克公司 | The technology publishing virtual machine in protection virtual desktop infrastructure |
| CN103917982A (en) * | 2011-03-16 | 2014-07-09 | 赛门铁克公司 | Techniques for securing checked-out virtual machine in virtual desktop infrastructure |
| CN102801658A (en) * | 2011-05-23 | 2012-11-28 | 镇江金钛软件有限公司 | Configurable access gateway for Internet of things |
| CN102215180A (en) * | 2011-05-26 | 2011-10-12 | 苏州震旦科技有限公司 | Access gateway of internet of things |
| CN102882676A (en) * | 2011-07-15 | 2013-01-16 | 深圳市汇川控制技术有限公司 | Method and system for equipment to safely access Internet of things |
| CN102663278B (en) * | 2012-03-09 | 2016-09-28 | 浪潮通信信息系统有限公司 | Cloud computing mode platform of internet of things data process method for security protection |
| CN102663278A (en) * | 2012-03-09 | 2012-09-12 | 浪潮通信信息系统有限公司 | Cloud computing mode Internet of Things platform data processing safety protection method |
| CN103312682A (en) * | 2012-03-16 | 2013-09-18 | 中兴通讯股份有限公司 | Method and system for accessing gateway safely |
| CN103312682B (en) * | 2012-03-16 | 2016-12-14 | 中兴通讯股份有限公司 | The method and system that gateway security accesses |
| CN103428627B (en) * | 2012-05-22 | 2016-12-14 | 中国移动通信集团江苏有限公司 | The transfer approach of data, Internet of things system and related device in Internet of things system |
| CN103428627A (en) * | 2012-05-22 | 2013-12-04 | 中国移动通信集团江苏有限公司 | Method for transferring data in internet of things, internet of things system and corresponding device |
| CN102932459A (en) * | 2012-11-05 | 2013-02-13 | 广州杰赛科技股份有限公司 | Security control method of virtual machine |
| CN102932459B (en) * | 2012-11-05 | 2016-02-10 | 广州杰赛科技股份有限公司 | A kind of method of controlling security of virtual machine |
| CN102984258A (en) * | 2012-11-30 | 2013-03-20 | 易程科技股份有限公司 | Internet of things data transmission method and adapter |
| CN103107994A (en) * | 2013-02-06 | 2013-05-15 | 中电长城网际系统应用有限公司 | Vitualization environment data security partition method and system |
| CN103107994B (en) * | 2013-02-06 | 2017-02-08 | 中电长城网际系统应用有限公司 | Vitualization environment data security partition method and system |
| CN103544089A (en) * | 2013-10-13 | 2014-01-29 | 西安电子科技大学 | Xen-based operating system identification method |
| CN103544089B (en) * | 2013-10-13 | 2016-05-25 | 西安电子科技大学 | Operating system recognition methods based on Xen |
| CN103957242B (en) * | 2014-04-16 | 2017-06-20 | 北京大学工学院南京研究院 | A kind of things-internet gateway of IP virtualizations conversion |
| CN103957242A (en) * | 2014-04-16 | 2014-07-30 | 北京大学工学院南京研究院 | Internet-of-things gateway achieving IP virtualization conversion |
| US10805147B2 (en) | 2015-08-26 | 2020-10-13 | Tatung Company | Fail recovery method and internet of things system and charging system using the same |
| CN106487578A (en) * | 2015-08-26 | 2017-03-08 | 大同股份有限公司 | Error recovery method, and Internet of things system and charging system applying same |
| CN109845226A (en) * | 2016-08-22 | 2019-06-04 | Fybr有限责任公司 | System for distributed intelligence remote sensing system |
| CN108123917B (en) * | 2016-11-29 | 2021-07-23 | 中国移动通信有限公司研究院 | Method and equipment for updating authentication voucher of terminal of Internet of things |
| CN108123917A (en) * | 2016-11-29 | 2018-06-05 | 中国移动通信有限公司研究院 | A kind of newer method and apparatus of the Service Ticket of internet-of-things terminal |
| US10140147B2 (en) | 2017-02-16 | 2018-11-27 | Sanctum Solutions Inc. | Intelligently assisted IoT endpoint device |
| US10382450B2 (en) | 2017-02-21 | 2019-08-13 | Sanctum Solutions Inc. | Network data obfuscation |
| CN107026870A (en) * | 2017-05-03 | 2017-08-08 | 桂斌 | It is a kind of to encrypt the outdoor public Internet of Things access stack of dynamic group net safely |
| CN107908940A (en) * | 2017-11-06 | 2018-04-13 | 深圳市文鼎创数据科技有限公司 | The method and terminal device of a kind of fingerprint recognition |
| CN108696388A (en) * | 2018-04-19 | 2018-10-23 | 郑州科技学院 | A kind of hardware debugging management method based on Intelligent internet of things gateway |
| CN110766886A (en) * | 2018-07-25 | 2020-02-07 | 新智数字科技有限公司 | Driving device, method for driving card reader to realize card service and self-service payment system |
| CN110766886B (en) * | 2018-07-25 | 2023-01-10 | 新智数字科技有限公司 | Driving device, method for driving card reader to realize card service and self-service payment system |
| CN113709139A (en) * | 2021-08-26 | 2021-11-26 | 江苏省未来网络创新研究院 | Openstack east-west forwarding performance optimization method and system based on NUMA architecture |
| CN113709139B (en) * | 2021-08-26 | 2023-03-24 | 江苏省未来网络创新研究院 | Openstack east-west forwarding performance optimization method and system based on NUMA architecture |
| CN114244515A (en) * | 2022-02-25 | 2022-03-25 | 中瓴智行(成都)科技有限公司 | Hypervisor-based virtual machine communication method and device, readable storage medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101867530B (en) | 2012-10-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101867530B (en) | Things-internet gateway system based on virtual machine and data interactive method | |
| JP4621200B2 (en) | Communication apparatus, communication system, and authentication method | |
| EP1713289B1 (en) | A method for establishing security association between the roaming subscriber and the server of the visited network | |
| KR101438243B1 (en) | Sim based authentication | |
| CN101119206B (en) | Identification based integrated network terminal united access control method | |
| CN103139768B (en) | Authentication method in fusing wireless network and authentication device | |
| CN110267270B (en) | Identity authentication method for sensor terminal access edge gateway in transformer substation | |
| EP2590356A1 (en) | Method, device and system for authenticating gateway, node and server | |
| CN108173822A (en) | Intelligent door lock management-control method, intelligent door lock and computer readable storage medium | |
| CN102143487B (en) | Negotiation method and negotiation system for end-to-end session key | |
| CN101222322B (en) | Safety ability negotiation method in super mobile broadband system | |
| CN105307108A (en) | Internet of things information interactive communication method and system | |
| CN1973495A (en) | Device and process for wireless local area network association and correspondent product | |
| CN101640887A (en) | Authentication method, communication device and communication system | |
| CN101296138B (en) | Wireless terminal configuration generating method, system and device | |
| CN101895882A (en) | Data transmission method, system and device in WiMAX system | |
| WO2014177938A2 (en) | Digital credential with embedded authentication instructions | |
| CN108734812A (en) | Remote unlocking method, apparatus based on ZigBee and system | |
| WO2014183535A1 (en) | Method and system for secure transmission of small data of mtc device group | |
| CN100579012C (en) | Method for terminal user safety access soft handoff network | |
| CN105007163A (en) | Pre-shared key (PSK) transmitting and acquiring methods and transmitting and acquiring devices | |
| CN103152326A (en) | Distributed authentication method and authentication system | |
| CN101877852B (en) | User access control method and system | |
| KR101308498B1 (en) | authentification method based cipher and smartcard for WSN | |
| CN105873059A (en) | United identity authentication method and system for power distribution communication wireless private network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121024 Termination date: 20160531 |