CN103312682A - Method and system for accessing gateway safely - Google Patents
Method and system for accessing gateway safely Download PDFInfo
- Publication number
- CN103312682A CN103312682A CN2012100707719A CN201210070771A CN103312682A CN 103312682 A CN103312682 A CN 103312682A CN 2012100707719 A CN2012100707719 A CN 2012100707719A CN 201210070771 A CN201210070771 A CN 201210070771A CN 103312682 A CN103312682 A CN 103312682A
- Authority
- CN
- China
- Prior art keywords
- node
- gateway
- security
- safe class
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000011156 evaluation Methods 0.000 claims description 28
- 238000012790 confirmation Methods 0.000 claims description 9
- 230000002452 interceptive effect Effects 0.000 claims description 8
- 230000009286 beneficial effect Effects 0.000 abstract description 13
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 230000001960 triggered effect Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000013139 quantization Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Abstract
The invention discloses a method for accessing a gateway safely. The method comprises the following steps that a safety level management platform interacts with the gateway, adds and authenticates the gateway, and adds a node application ID (Identity); a terminal sends an authentication request to the gateway; and the gateway inquires a node safety level according the node ID, and accesses the node according to a safe access coefficient which corresponds to the node safety level. The invention further discloses a system for accessing the gateway safely. According to the method for accessing the gateway safely disclosed by the invention, a method for evaluating the node safety level by using ''application level-node information'' is adopted, so that the self-adaptability of safe access of the gateway is realized, system resources are saved, the system running efficiency is increased, and the beneficial effect of balancing system resources and information safety to the maximum extent is achieved.
Description
Technical field
The present invention relates to technical field of the computer network, relate in particular to a kind of method and system of gateway security access.
Background technology
Gateway claims again gateway, protocol converter, is used for two network interconnections that upper-layer protocol is different, both can be used for the wide area network interconnection, also can be used for local area network interconnection.Gateway is a kind of computer system or equipment of changing important task that serves as, and using different communication protocol, data format or language, even between the diverse two kinds of systems of architecture, gateway is a translater.Gateway can be repacked the information of receiving, with the demand of adaptation to end system.Simultaneously, gateway also can provide and filter and safety function.
Things-internet gateway will be played the part of very important role in the Internet of Things epoch in future, and it will become the tie that connects sensing network and conventional communication networks.As gateway device, things-internet gateway can be realized the protocol conversion between sensing network, communication network and the dissimilar sensing network.Because things-internet gateway role's particularity and importance, isomerism, dynamic and the unpredictability of its sensing network Access Layer node, therefore in the things-internet gateway compass of competency, there is certain potential safety hazard in node, such as the pretending to be of node, replay, data theft, illegal processes user data, Denial of Service attack, virus etc.The node of sensing network generally function simple, carry little energy, the application of safe practice has been proposed the requirement of " lightweight ".Simultaneously, things-internet gateway need to possess widely access capability, different application types, and different access devices need to adopt different safe access control.Therefore complete gateway should be able to provide between heterogeneous network effectively avenues of communication, finishes convergence, transmission; The whole sensing network of intelligent management and node device; Support multiple authenticated encryption technology, realize the access of different safety class.Because the complexity of gateway function, how to improve running efficiency of system, conserve system resources is one of focus of industry extensive concern.
In the prior art, less to the research of things-internet gateway safety; The gateway security access technology of using (such as intelligent home gateway, remote monitoriong of electric power system) for concrete wireless sense network has comparatively ripe research.In the prior art, based on IPSec (Internet Protocol Security, internet protocol security) network layer solution is a kind of a whole set of architecture of guaranteeing end to end IP layer network data communications security, and the Station To Station that is applicable to the mass data exchange connects.And Internet of Things is in sensing layer operation standard IP protocol comparison difficulty, and Internet of things node energy and computing capability are limited, the complicated ipsec protocol that can't turn round, and this mechanism is unsuitable for mutual between gateway and the node.Transport layer solution based on SSL (Security Socket Layer, SSL) is a kind of Transport Layer Security, is used for realizing Web (network) secure communication.SSL can provide DEA, authentication, decipherment algorithm and hash function.But the particularity of Internet of things node is not considered in the design of SSL, and the design of SSL has increased the amount of communication data of node, has reduced the response speed of network, and the limited sensing network of computing capability can't be born such performance consumption.Solution based on application layer is with the security mechanism of the embedded SSL realization different safety class equipment of HTTP (Hyper Text Transport Protocol, HTML (Hypertext Markup Language)) digest authentication and customization for certain concrete use (such as intelligent home gateway, electric power monitoring system).This scheme does not have safe class to divide the universal standard, can only specifically use concrete analysis, does not have versatility.Simultaneously safe class is divided just according to the level of security of access resources, does not consider safe access mechanism that terminal equipment can be supported and the actual treatment ability of equipment.
Summary of the invention
Main purpose of the present invention provides a kind of method of gateway security access, being intended to can be for different equipment and the different different safe class of application settings, effectively realize the adaptivity of gateway security access, conserve system resources, raising running efficiency of system, the maximization balance of realization system resource and information security.
The invention provides a kind of method of gateway security access, may further comprise the steps:
Safe class management platform and gateway are mutual, carry out interpolation and the authentication of gateway, and add node application identification code ID;
Terminal sends the access authentication request to described gateway;
Described gateway carries out the node access according to described node ID query node safe class according to safe connected factor corresponding to described node security grade.
Preferably, described terminal also comprises step before to the step that gateway sends the access authentication request:
The safe class management platform is received the nodal information update notification, triggers and carries out the renewal of node security grade.
Preferably, described safe class management platform is received the nodal information update notification, triggers the step of carrying out the renewal of node security grade and specifically comprises:
After described safe class management platform was received the nodal information update notification, identification needed the nodal information of renewal, and the first node information after will upgrading is kept at the nodal information tabulation;
Use the node application level that ID arranges according to described first node information with according to node, the node security grade of reappraising, and the Section Point information after will reappraising is sent to gateway.
Preferably, described safe class management platform is received the nodal information update notification, triggers the step of carrying out the renewal of node security grade and also comprises step before:
Described gateway is registered node.
Preferably, described gateway step that node is registered specifically comprises:
After the registration of node finishing equipment, the service registry request that receiving node sends, and according to node application ID, whether decision node has the adding authority; If, then to node distribution node ID and send registration confirmation;
The nodal information of described node is sent to the safe class management platform, and the node security grade according to returning after the assessment of safe class management platform configures safe connected factor corresponding to described node, and described safe connected factor is sent to node.
Preferably, the step of described safe class management platform assessment node security grade specifically comprises:
Nodal information assessment nodal community state parameter according to gateway sends gets egress level evaluation value;
According to node application level and the described node level evaluation value of correspondence, assessment node security grade.
Preferably, but gateway interval preset time sends the state information request to node, according to the state information that node returns, the safe class of node is upgraded.
The present invention also provides a kind of system of gateway security access, comprising:
The safe class management platform for mutual with gateway, is carried out interpolation and the authentication of gateway, and adds node and use ID;
Terminal is used for sending the access authentication request to described gateway;
Described gateway is used for according to node ID query node safe class, carries out the node access according to safe connected factor corresponding to described node security grade.
Preferably, described safe class management platform also is used for:
Receive the nodal information update notification, trigger and carry out the renewal of node security grade.
Preferably, described safe class management platform specifically comprises:
User interactive module for mutual with the territory administration module, is carried out interpolation and the authentication of gateway, and adds and use ID, and application level is set;
The territory administration module, after being used for receiving the nodal information update notification, identification needs the nodal information of renewal, and the first node information after will upgrading is kept at the nodal information tabulation;
The safe class administration module is used for using the node application level that ID arranges according to described first node information with according to node, the node security grade of reappraising, and the Section Point information after will reappraising is sent to described gateway.
Preferably, described gateway also is used for:
Node is registered.
Preferably, described gateway comprises:
The node administration module is used for after the registration of node finishing equipment, the service registry request that receiving node sends, and according to node application ID, whether decision node has the adding authority; If, then to node distribution node ID and send registration confirmation;
Safe access module, be used for the nodal information of described node is sent to the safe class management platform, node security grade according to returning after the assessment of safe class management platform configures safe connected factor corresponding to described node, and described safe connected factor is sent to node.
Preferably, described safe class administration module specifically comprises:
The safe class assessment unit, the nodal information that is used for sending according to gateway is assessed the nodal community state parameter, gets egress level evaluation value; According to node application level and the described node level evaluation value of correspondence, assessment node security grade;
The safe class setup unit is used for described node security grade is write the nodal information tabulation and is sent to gateway.
Preferably, but gateway interval preset time sends the state information request to node, according to the state information that node returns, the safe class of node is upgraded.
The method of gateway security of the present invention access is by triggering the method for the hierarchy method assessment node security grade of upgrading the node security grade or regularly upgrading node security grade and employing " application level-nodal information ", realized the gateway security access adaptivity, conserve system resources, raising running efficiency of system, reach the beneficial effect that system resource and information security maximize balance.
Description of drawings
Fig. 1 is the method first embodiment schematic flow sheet of gateway security access of the present invention;
Fig. 2 is the method second embodiment schematic flow sheet of gateway security access of the present invention;
Fig. 3 is that the safe class management platform is received the nodal information update notification, triggered and carry out the node security grade and upgrade an embodiment schematic flow sheet in the method for gateway security of the present invention access;
Fig. 4 is method the 3rd embodiment schematic flow sheet of gateway security access of the present invention;
Fig. 5 is that gateway is registered an embodiment schematic flow sheet to node in the method for gateway security of the present invention access;
Fig. 6 is safe class management platform assessment node security grade one embodiment schematic flow sheet in the method for gateway security of the present invention access;
Fig. 7 is system's one example structure schematic diagram of gateway security access of the present invention;
Fig. 8 is safe class management platform one example structure schematic diagram in the system of gateway security of the present invention access;
Fig. 9 is gateway one example structure schematic diagram in the system of gateway security of the present invention access;
Figure 10 is safe class administration module one example structure schematic diagram in the system of gateway security of the present invention access.
The realization of the object of the invention, functional characteristics and advantage are described further with reference to accompanying drawing in connection with embodiment.
Embodiment
Further specify technical scheme of the present invention below in conjunction with Figure of description and specific embodiment.Should be appreciated that specific embodiment described herein only in order to explain the present invention, is not intended to limit the present invention.
With reference to Fig. 1, Fig. 1 is the method first embodiment schematic flow sheet of gateway security access of the present invention.As shown in Figure 1, the method for gateway security access of the present invention may further comprise the steps:
Step S01, safe class management platform and gateway are mutual, carry out interpolation and the authentication of gateway, and add node and use ID;
At first to carry out the authentication of gateway, gateway and safe class management platform are carried out finishing interpolation and the authentication thereof of gateway device alternately.Only set gateway, just can carry out the mutually intercommunication between the heterogeneous networks, this is the prerequisite of gateway security access mechanism.The user uses ID by safe class management platform artificial node that adds in the administration module of the territory of safe class management platform, assesses the reference of node security grade as the safe class administration module of safe class management platform.
Step S02, terminal send the access authentication request to gateway;
The node of terminal sends the access authentication request to gateway, carries out alternately with gateway, begins communication; When node sends the access authentication request to gateway, attach self node ID;
Step S03, gateway carry out the node access according to node ID query node safe class according to safe connected factor corresponding to node security grade.
Gateway obtains the node security grade according to node ID query node information list; The safe connected factor corresponding according to described node security grade, gateway and node carry out alternately, realize the authentication to node, and authorize the access of permission node, and then carry out a series of interactive operations such as transfer of data, information exchange with node.
The method of gateway security access of the present invention is upgraded the node security grade by triggering or is regularly upgraded the method for the hierarchy method assessment node security grade of node security grade and employing " application level-nodal information ", has effectively realized the beneficial effect of adaptivity, conserve system resources, raising running efficiency of system, realization system resource and the information security maximization balance of gateway security access.
With reference to Fig. 2, Fig. 2 is the method second embodiment schematic flow sheet of gateway security access of the present invention.As shown in Figure 2, in the method for gateway security access of the present invention, terminal also comprises step before to the step that gateway sends the access authentication request:
Step S04, safe class management platform are received the nodal information update notification, trigger and carry out the renewal of node security grade.
The safe class management platform is received the nodal information update notification, and this notice may from the safe access module in platform of user management, the gateway or the gateway interactive module in the node, trigger and carry out the renewal of node security grade.
In a preferred embodiment, described node security grade can also be carried out timing and upgrade the node security grade except above-mentioned trigger-type is upgraded.But gateway interval preset time sends the state information request to node, carries out the renewal of corresponding node security grade according to attribute and state information that node returns.Because the restriction of node self attributes, described gateway is unsuitable long to the interval preset time that node sends the state information request, because the timing of described node security grade renewal should not be too frequent.
The method of gateway security access of the present invention is received the nodal information update notification, is triggered and carry out the method that the node security grade is upgraded by the safe class management platform, has effectively realized the beneficial effect of adaptivity, conserve system resources, raising running efficiency of system, realization system resource and the information security maximization balance of gateway security access.
With reference to Fig. 3, Fig. 3 is that the safe class management platform is received the nodal information update notification, triggered and carry out the node security grade and upgrade an embodiment schematic flow sheet in the method for gateway security of the present invention access.As shown in Figure 3, in the method for gateway security of the present invention access, the safe class management platform receives the nodal information update notification, trigger and carry out the step that the node security grade upgrades and comprise:
Step S11, receive the nodal information update notification after, the nodal information that identification need to be upgraded, and the first node information after will upgrading is kept at nodal information and tabulates;
Territory administration module in the safe class management platform is received the nodal information update notification, and described nodal information update notification may be from platform of user management, perhaps the safe access module in the gateway, perhaps the gateway interactive module in the node.The territory administration module upgrades according to the nodal information of update notification identification needs renewal and to it, the first node information after upgrading is deposited in the nodal information tabulation in the nodal information tabulation after obtaining upgrading.
Step S12, use the node application level that ID arranges according to first node information with according to node, the node security grade of reappraising, and the Section Point information after will reappraising is sent to gateway;
Behind the nodal information list update, the node administration module in the gateway is according to described first node information list, sends immediately first node information after upgrading and the corresponding node application level safe class administration module to the safe class management platform.According to the first node information after the described renewal and corresponding node application level, the reappraise safe class of described node of the safe class administration module in the safe class management platform, and the node security grade after will assessing sends to the territory administration module immediately; Section Point information after the territory administration module will upgrade sends to gateway, and the Section Point information after the described renewal comprises new node security grade and nodal community state.
The method of gateway security access of the present invention is received the nodal information update notification, is triggered and carry out the method that the node security grade is upgraded by the safe class management platform, has effectively realized the beneficial effect of adaptivity, conserve system resources, raising running efficiency of system, realization system resource and the information security maximization balance of gateway security access.
With reference to Fig. 4, Fig. 4 is method the 3rd embodiment schematic flow sheet of gateway security access of the present invention.As shown in Figure 4, in the method for gateway security access of the present invention, described safe class management platform is received the nodal information update notification, triggers the step of carrying out the renewal of node security grade and also comprises step before:
S05, gateway are registered node;
When the first access network of a certain node, need to register to gateway, except basic facility registration, also need carry out service registry.In a preferred embodiment, device discovery and service discovery process in Zigbee (Internet of Things) network, the neighbor discovery process of 6Lowpan (a kind of access standard of wireless network) network all need node is registered.
In a preferred embodiment, also can all require the node of each access network to register.
The method of the method that gateway security of the present invention accesses by before receiving the nodal information update notification in execution safe class management platform, triggering the step of carrying out the renewal of node security grade node being registered realized that effectively adaptivity, conserve system resources, raising running efficiency of system, realization system resource and the information security of gateway security access maximize the beneficial effect of balance.
With reference to Fig. 5, Fig. 5 is that gateway is registered an embodiment schematic flow sheet to node in the method for gateway security of the present invention access.As shown in Figure 5, in the method for gateway security access of the present invention, the step that gateway is registered node specifically comprises:
Step S21, to after the node finishing equipment registration, the service registry request that receiving node sends;
When node is registered, at first carry out the facility registration of node; Node device information comprises that node type number, joint behavior, node support node attribute and the node states such as node is online, residue energy of node, node surplus resources such as algorithm.After the registration of node finishing equipment, send the service registry request to gateway.
Step S22, use ID according to node, judge whether described node has the adding authority; If, execution in step S23 then; If not, then refuse node and add, node is registered overall process finish;
Step S23, to node distribution node ID and send registration confirmation;
Gateway is used ID according to node, judges whether described node has the adding authority.Described node is used ID and is manually set by the user; Node administration module in the gateway is used ID according to node, and application message and the decision node of the artificial described node that arranges of inquiring user add authority.If node can add then for this reason node distribution node ID, and send registration confirmation to node; Described registration confirmation mainly comprises node ID; Simultaneously node also the node administration module in the gateway send the self attributes state information, use during to node administration and security evaluation in order to follow-up.If node does not add authority, then to refuse node and add, the overall process that node is registered finishes.
Step S24, the nodal information of described node is sent to the safe class management platform, according to the node security grade of returning after the assessment of safe class management platform, configure safe connected factor corresponding to described node, and described safe connected factor is sent to node.
Gateway is to safe class management platform sending node information, and described nodal information comprises node ID, node application ID, nodal community state.The safe class management platform deposits described nodal information in the nodal information tabulation of self in.The safe class management platform is carried out security evaluation according to nodal informations such as node application level and node device attributes to node, set the safe class of described node, and described node security grade is kept in the nodal information tabulation for user's inquiry, be sent to simultaneously gateway, deposit in the nodal information tabulation in the gateway, call for gateway.The tabulation of gateway inquiry self nodal information, the node security grade of returning according to the safe class management platform configures the safe connected factor of described node, and the safe connected factor that described node is corresponding is sent to the node of terminal.The corresponding safe connected factor of each grade of described node is all configurable in gateway.
The method of gateway security of the present invention access is by carrying out facility registration and service registry and configure the safe class of described node and the method for corresponding safe connected factor to node, effectively realized the gateway security access adaptivity, conserve system resources, raising running efficiency of system, realize that system resource and information security maximize the beneficial effect of balance.
With reference to Fig. 6, Fig. 6 is safe class management platform assessment node security grade one embodiment schematic flow sheet in the method for gateway security of the present invention access.As shown in Figure 6, in the method for gateway security access of the present invention, the step of safe class management platform assessment node security grade specifically comprises:
Step S31, according to the nodal information assessment nodal community state parameter that gateway sends, get egress level evaluation value;
The safe class management platform is at first assessed each attribute status parameter of node, gets egress level evaluation value, and this is the assessment quantization stage.In a preferred embodiment, the assessment of described safe class management platform foundation is node application level and nodal information; Described node application level is that the user uses the artificial setting of ID according to node.Described nodal information comprises nodal community, node state and node data amount size and node data type, described nodal community comprises the node registration information of node registration phase, comprise node device model, node memory, node storage capacity, node support authentication, node encrytion algorithm, be mounting hardware and the software attributes of node device, as the fundamental of evaluation grade; Described node state comprises that node presence (On/Off enables/forbid), residue energy of node, node resource take situation, and node state is sent to the node administration module of gateway by node in node registration phase or node state update stage; The node real-time status has determined the ability of node processing authenticated encryption scheduling algorithm, has determined the treatment effeciency of whole system; Described node data amount size and node data type send in the node state update stage as the part of node state, system is according to size and the employed cryptographic algorithm of node data type decided of node data amount, the inefficient high algorithm of the high but inefficient authentication encryption algorithm of safety in utilization complexity or fail safe complexity in this way is by the maximization balance of this machine-processed feasible system efficient and information transmission security.
In a preferred embodiment, adopt following method assessment nodal community state parameter, get egress level evaluation value; With the third-class example that is divided into, with reference to table 1, table 1 is the residue energy of node quantified evaluation scale.
| Magnitude of voltage/V | 0 | 0~2 | 2~4 | 4~5 |
| Assessed value E1 | 0 | 1 | 2 | 3 |
To draw thus, if N, then N attribute status assessed value E
1, E
2, E
3E
N, again with N assessed value weighted sum, namely get egress level evaluation value.Node level evaluation value computing formula is as follows:
E
Node=C
1E
1+ C
2E
2+ ... + C
NE
N, C
1+ C
2+ ... + C
N=1; If E
i=0, then E
Node=0; C wherein
NBe weights corresponding to this attribute, its size is determined by the priority of each assessment factor; This is because the application scenario is different, then C
NArrange also different; The node level evaluation value E that obtains according to above-mentioned node level evaluation value computing formula
NodeSatisfy 0≤E
Node≤ 3, E wherein
Node=0 expression node can't be communicated by letter because of problems such as fault or depleted of energy; E
NodeUnder=3 expression perfect conditions, the ability of node temporary transient also without any consumption.
Step S32, according to node application level and the described node level evaluation value of correspondence, assessment node security grade.
In conjunction with the node application level, draw the final node safe class according to described node level evaluation value.
In a preferred embodiment, the artificial application level that arranges of user is three grades, is respectively the highest level of security A, medium level of security B, lower security rank C.With reference to table 2, table 2 is node security level evaluation tables.As shown in table 2, in conjunction with node application level and each node level evaluation value E
Node, assessment node security grade.
Above-mentioned table 2 only is node grade basic evaluation scheme, shown in the quantization level of node security grade can depend on the circumstances.The safe class of node changed as described in the change of nodal information (such as the renewal of node state) can make, but the safe class of same node can only change in the application level scope under it.
In a preferred embodiment, some attribute status of described node can't simply be assessed with quantized value, the data type of the authentication encryption algorithm that can support such as node, node transmission describedly of the same typely can't all need the safe class assessment unit of safe class administration module to be assessed in addition with the factor that quantized value carry out the simple assessment of node security grade.
The method that gateway security of the present invention accesses is passed through the method that the safe class management platform is assessed the node security grade according to nodal information and the corresponding node application level of gateway transmission, has effectively realized the beneficial effect of adaptivity, conserve system resources, raising running efficiency of system, realization system resource and information security maximization balance that gateway security accesses.
With reference to Fig. 7, Fig. 7 is system's one example structure schematic diagram of gateway security access of the present invention.As shown in Figure 7, the system of gateway security access of the present invention comprises:
Safe class management platform 01 for mutual with gateway, is carried out interpolation and the authentication of gateway, and adds node and use ID;
Safe class management platform 01 is in the upper strata of system, the safety level information of all nodes in 01 pair of a certain network design of described safe class management platform manages, use application domain of distribution for each, its compass of competency can cover a plurality of heterogeneous wireless networks and gateway thereof; Safe class management platform 01 is mutual with gateway 03, carries out interpolation and the authentication of gateway 03, and when receiving the nodal information update notification, triggers the node security grade of carrying out terminal 02 and upgrade.When node IAD 03 was arranged, nodal terminal 02 carried out the authentication of the mutual and node of node and gateway 03 to gateway 03 sending node access authentication request.Gateway 03 is used ID and node ID query node information list according to node in the terminal 02, obtain the node security grade, according to described node security grade, node security connected factor corresponding to the gateway 03 described node security grade of configuration, and according to described node security connected factor, gateway 03 exchanges with the node of terminal 02, realizes the authentication to node in the terminal 02, and authorize the access of permission node, and then carry out a series of interactive operations such as transfer of data, information exchange with node.
The system of gateway security access of the present invention upgrades the node security grade by triggering or regularly upgrades the method for the hierarchy method assessment node security grade of node security grade and employing " application level-nodal information ", has effectively realized the beneficial effect of adaptivity, conserve system resources, raising running efficiency of system, realization system resource and the information security maximization balance of gateway security access.
With reference to Fig. 8, Fig. 8 is safe class management platform one example structure schematic diagram in the system of gateway security of the present invention access.As shown in Figure 8, in the system of gateway security access of the present invention, safe class management platform 01 specifically comprises:
User interactive module 011 for mutual with the territory administration module, is carried out interpolation and the authentication of gateway, and adds and use ID, and application level is set;
Territory administration module 012, after being used for receiving the nodal information update notification, identification needs the nodal information of renewal, and the first node information after will upgrading is kept at the nodal information tabulation;
Safe class administration module 013 is used for using the node application level that ID arranges according to first node information with according to node, the node security grade of reappraising, and the Section Point information after will reappraising is sent to gateway.
In a preferred embodiment, described territory administration module 012 comprises domain information tabulation and nodal information tabulation.
User interactive module 011 is added application ID, and corresponding application level is set, as the reference of safety management module 013 assessment node security grade; After territory administration module 012 is received the nodal information update notification, the nodal information that identification need be upgraded, and the first node information after will upgrading is kept at the nodal information tabulation; Territory administration module 012 carries out user management according to application domain and the nodal information of storage, receives the nodal information of gateway 03 transmission and corresponding node and uses ID; The node application level that nodal information after the renewal that safe class administration module 013 provides according to territory administration module 012 and gateway 03 send after upgrading, assessment node security grade writes described node security grade the nodal information tabulation and is sent to gateway 03.
The system of gateway security access of the present invention has realized the beneficial effect of adaptivity, conserve system resources, raising running efficiency of system, realization system resource and the information security maximization balance of gateway security access effectively by the method for the safe class administration module assessment node security grade of safe class management platform.
With reference to Fig. 9, Fig. 9 is gateway one example structure schematic diagram in the system of gateway security of the present invention access.As shown in Figure 9, in the system of gateway security access of the present invention, gateway 03 specifically comprises:
The nodal information tabulation of node administration module 031 storage gateway 03 management is carried out alternately with node, safe class management platform 01 and the safe access module 032 of terminal 02; When terminal 02 had node to register, after 031 pair of node finishing equipment registration of node administration module, the service registry request that receiving node sends was used ID according to node, and whether decision node has the adding authority; In the situation that having, described node adds authority, to described node distribution node ID and send registration confirmation; When terminal 02 had node requirement IAD 03, node administration module 031 judged whether described node has the access authority; The nodal information that the gateway Switching Module 021 of node administration module 031 receiving terminal 02 sends, and described nodal information is sent to the territory administration module 012 of safe class management platform 01; When having the node security grade to reappraise, the nodal information that has upgraded that node administration module 031 acceptance domain administration module 012 sends also safe connected factor corresponding to the safe access module 032 described node security grade of configuration notifies; The node security grade that safe access module 032 sends according to node administration module 031, the nodal information tabulation of inquiry gateway 03, the safe connected factor of configuration node, and described node security connected factor is sent to the node of terminal 02 correspondence.
The system of gateway security access of the present invention carries out facility registration and service registry to node by gateway method has realized that effectively adaptivity, conserve system resources, raising running efficiency of system, realization system resource and the information security of gateway security access maximize the beneficial effect of balance.
With reference to Figure 10, Figure 10 is safe class administration module one example structure schematic diagram in the system of gateway security of the present invention access.As shown in figure 10, in the system of gateway security access of the present invention, safe class administration module 013 comprises:
Safe class assessment unit 131, the nodal information that is used for sending according to gateway is assessed the nodal community state parameter, gets egress level evaluation value; According to node application level and the described node level evaluation value of correspondence, assessment node security grade;
Safe class setup unit 132 is used for described node security grade is write the nodal information tabulation and is sent to gateway.
Safe class assessment unit 131, nodal information and corresponding node application level that territory administration module 012 is provided deposit the nodal information tabulation in, according to described nodal information tabulation assessment nodal community state parameter, get egress level evaluation value; According to node application level and the described node level evaluation value of correspondence, assessment node security grade; In a preferred embodiment, the assessment of described safe class assessment unit 131 foundation is node application level and nodal information; Safe class setup unit 132 writes described node security grade the nodal information tabulation and is sent to gateway 03.
The system of gateway security access of the present invention has realized the beneficial effect of adaptivity, conserve system resources, raising running efficiency of system, realization system resource and the information security maximization balance of gateway security access effectively by the method for the safe class administration module assessment node security grade of safe class management platform.
The system of gateway security access of the present invention is by triggering the method for the hierarchy method assessment node security grade of upgrading the node security grade or regularly upgrading node security grade and employing " application level-nodal information ", when effectively having realized setting different safe classes for distinct device and different application, gateway all can access safely and have adaptivity, the beneficial effect of conserve system resources, raising running efficiency of system, realization system resource and information security maximization balance.
The above only is the preferred embodiments of the present invention; be not so limit its claim; every equivalent structure or equivalent flow process conversion that utilizes specification of the present invention and accompanying drawing content to do; directly or indirectly be used in other relevant technical fields, all in like manner be included in the scope of patent protection of the present invention.
Claims (14)
1. the method for a gateway security access is characterized in that, may further comprise the steps:
Safe class management platform and gateway are mutual, carry out interpolation and the authentication of gateway, and add node application identification code ID;
Terminal sends the access authentication request to described gateway;
Described gateway carries out the node access according to described node ID query node safe class according to safe connected factor corresponding to described node security grade.
2. the method for gateway security access according to claim 1 is characterized in that, described terminal also comprises step before to the step that gateway sends the access authentication request:
The safe class management platform is received the nodal information update notification, triggers and carries out the renewal of node security grade.
3. the method for gateway security access according to claim 2 is characterized in that, described safe class management platform is received the nodal information update notification, triggers the step of carrying out the renewal of node security grade and specifically comprises:
After described safe class management platform was received the nodal information update notification, identification needed the nodal information of renewal, and the first node information after will upgrading is kept at the nodal information tabulation;
Use the node application level that ID arranges according to described first node information with according to node, the node security grade of reappraising, and the Section Point information after will reappraising is sent to described gateway.
4. according to claim 2 or the method for 3 described gateway securitys access, it is characterized in that, described safe class management platform is received the nodal information update notification, triggers and carries out also comprising before the step that the node security grade upgrades step:
Described gateway is registered node.
5. the method for gateway security access according to claim 4 is characterized in that, the step that described gateway is registered node specifically comprises:
After the registration of node finishing equipment, the service registry request that receiving node sends, and according to node application ID, whether decision node has the adding authority; If, then to node distribution node ID and send registration confirmation;
The nodal information of described node is sent to the safe class management platform, and the node security grade according to returning after the assessment of safe class management platform configures safe connected factor corresponding to described node, and described safe connected factor is sent to node.
6. the method for gateway security access according to claim 5 is characterized in that, the step of described safe class management platform assessment node security grade specifically comprises:
Nodal information assessment nodal community state parameter according to gateway sends gets egress level evaluation value;
According to node application level and the described node level evaluation value of correspondence, assessment node security grade.
7. according to claim 1 to the method for 6 each described gateway security accesses, it is characterized in that, but gateway interval preset time sends the state information request to node, according to the state information that node returns, the safe class of node is upgraded.
8. the system of a gateway security access is characterized in that, comprising:
The safe class management platform for mutual with gateway, is carried out interpolation and the authentication of gateway, and adds node and use ID;
Terminal is used for sending the access authentication request to described gateway;
Gateway is used for according to described node ID query node safe class, carries out the node access according to safe connected factor corresponding to described node security grade.
9. the system of gateway security access according to claim 8 is characterized in that, described safe class management platform also is used for:
Receive the nodal information update notification, trigger and carry out the renewal of node security grade.
10. according to claim 8 or the system of 9 described gateway securitys access, it is characterized in that, described safe class management platform specifically comprises:
User interactive module for mutual with the territory administration module, is carried out interpolation and the authentication of gateway, and adds and use ID, and application level is set;
The territory administration module, after being used for receiving the nodal information update notification, identification needs the nodal information of renewal, and the first node information after will upgrading is kept at the nodal information tabulation;
The safe class administration module is used for using the node application level that ID arranges according to described first node information with according to node, the node security grade of reappraising, and the Section Point information after will reappraising is sent to described gateway.
11. the system of gateway security access according to claim 8 is characterized in that, described gateway also is used for:
Node is registered.
12. according to claim 8 or the system of 11 described gateway securitys access, it is characterized in that, described gateway comprises:
The node administration module is used for after the registration of node finishing equipment, the service registry request that receiving node sends, and according to node application ID, whether decision node has the adding authority; If, then to node distribution node ID and send registration confirmation;
Safe access module, be used for the nodal information of described node is sent to the safe class management platform, node security grade according to returning after the assessment of safe class management platform configures safe connected factor corresponding to described node, and described safe connected factor is sent to node.
13. according to claim 7 or the system of 10 described gateway securitys access, it is characterized in that, described safe class administration module specifically comprises:
The safe class assessment unit, the nodal information that is used for sending according to gateway is assessed the nodal community state parameter, gets egress level evaluation value; According to node application level and the described node level evaluation value of correspondence, assessment node security grade;
The safe class setup unit writes described node security grade the nodal information tabulation and is sent to gateway.
14. to the system of 13 each described gateway security accesses, it is characterized in that, but gateway interval preset time sends the state information request to node according to claim 8, according to the state information that node returns, the safe class of node is upgraded.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210070771.9A CN103312682B (en) | 2012-03-16 | 2012-03-16 | The method and system that gateway security accesses |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210070771.9A CN103312682B (en) | 2012-03-16 | 2012-03-16 | The method and system that gateway security accesses |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103312682A true CN103312682A (en) | 2013-09-18 |
| CN103312682B CN103312682B (en) | 2016-12-14 |
Family
ID=49137468
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210070771.9A Active CN103312682B (en) | 2012-03-16 | 2012-03-16 | The method and system that gateway security accesses |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103312682B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105634808A (en) * | 2015-12-30 | 2016-06-01 | 上海下一代广播电视网应用实验室有限公司 | Realization method of authentication management system of wired intelligent device |
| CN105991626A (en) * | 2015-03-06 | 2016-10-05 | 小米科技有限责任公司 | Network access method and network access device |
| CN106230645A (en) * | 2016-08-31 | 2016-12-14 | 陕西哥莱信息科技有限公司 | A kind of for the low-consumption wireless communication means between monitoring node and aggregation gateway |
| CN106341416A (en) * | 2016-09-29 | 2017-01-18 | 中国联合网络通信集团有限公司 | Access method of multi-level data center and multi-level data center |
| CN107302479A (en) * | 2017-06-27 | 2017-10-27 | 广州市威士丹利智能科技有限公司 | Intelligent home gateway based on various communications protocols |
| CN108141431A (en) * | 2015-10-13 | 2018-06-08 | 瑞典爱立信有限公司 | Transmitting entity and it is executed by it method for transmitting from one or more packets to receiving entity |
| CN111600914A (en) * | 2020-07-27 | 2020-08-28 | 北京信安世纪科技股份有限公司 | Data transmission method, server and client |
| CN114338085A (en) * | 2021-12-03 | 2022-04-12 | 珠海格力电器股份有限公司 | Method for improving information security and networking efficiency of microgrid system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1941778A (en) * | 2005-09-20 | 2007-04-04 | 埃森哲全球服务有限公司 | Third party access gateway for telecommunications services |
| CN101867530A (en) * | 2010-05-31 | 2010-10-20 | 西安电子科技大学 | Things-internet gateway system based on virtual machine and data interactive method |
| CN101883123A (en) * | 2009-05-04 | 2010-11-10 | 华为技术有限公司 | Method, equipment and system for authenticating safe state of telecommunication equipment |
-
2012
- 2012-03-16 CN CN201210070771.9A patent/CN103312682B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1941778A (en) * | 2005-09-20 | 2007-04-04 | 埃森哲全球服务有限公司 | Third party access gateway for telecommunications services |
| CN101883123A (en) * | 2009-05-04 | 2010-11-10 | 华为技术有限公司 | Method, equipment and system for authenticating safe state of telecommunication equipment |
| CN101867530A (en) * | 2010-05-31 | 2010-10-20 | 西安电子科技大学 | Things-internet gateway system based on virtual machine and data interactive method |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991626A (en) * | 2015-03-06 | 2016-10-05 | 小米科技有限责任公司 | Network access method and network access device |
| CN108141431B (en) * | 2015-10-13 | 2021-02-26 | 瑞典爱立信有限公司 | Transmitting entity and method performed thereby for transmitting one or more data packets to a receiving entity |
| CN108141431A (en) * | 2015-10-13 | 2018-06-08 | 瑞典爱立信有限公司 | Transmitting entity and it is executed by it method for transmitting from one or more packets to receiving entity |
| CN105634808A (en) * | 2015-12-30 | 2016-06-01 | 上海下一代广播电视网应用实验室有限公司 | Realization method of authentication management system of wired intelligent device |
| CN105634808B (en) * | 2015-12-30 | 2021-05-04 | 东方有线网络有限公司 | Method for realizing authentication management system of wired intelligent equipment |
| CN106230645A (en) * | 2016-08-31 | 2016-12-14 | 陕西哥莱信息科技有限公司 | A kind of for the low-consumption wireless communication means between monitoring node and aggregation gateway |
| CN106341416A (en) * | 2016-09-29 | 2017-01-18 | 中国联合网络通信集团有限公司 | Access method of multi-level data center and multi-level data center |
| CN106341416B (en) * | 2016-09-29 | 2019-07-09 | 中国联合网络通信集团有限公司 | A kind of access method at multi-stage data center and multi-stage data center |
| CN107302479A (en) * | 2017-06-27 | 2017-10-27 | 广州市威士丹利智能科技有限公司 | Intelligent home gateway based on various communications protocols |
| CN111600914A (en) * | 2020-07-27 | 2020-08-28 | 北京信安世纪科技股份有限公司 | Data transmission method, server and client |
| CN111600914B (en) * | 2020-07-27 | 2020-11-24 | 北京信安世纪科技股份有限公司 | Data transmission method, server and client |
| CN114338085A (en) * | 2021-12-03 | 2022-04-12 | 珠海格力电器股份有限公司 | Method for improving information security and networking efficiency of microgrid system |
| CN114338085B (en) * | 2021-12-03 | 2022-09-13 | 珠海格力电器股份有限公司 | Method for improving information security and networking efficiency of microgrid system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103312682B (en) | 2016-12-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103312682A (en) | Method and system for accessing gateway safely | |
| Yu et al. | A survey on the edge computing for the Internet of Things | |
| Abir et al. | Iot-enabled smart energy grid: Applications and challenges | |
| Rehmani et al. | Software defined networks-based smart grid communication: A comprehensive survey | |
| Luo et al. | Cloud-based information infrastructure for next-generation power grid: Conception, architecture, and applications | |
| CN102365855B (en) | The method and apparatus of network ambient services | |
| Tran et al. | SCADA as a service approach for interoperability of micro-grid platforms | |
| CN102035660B (en) | Internet data center (IDC) network-based service processing method, equipment and system | |
| CN109922160A (en) | A kind of terminal security cut-in method, apparatus and system based on electric power Internet of Things | |
| CN102891877B (en) | Realize the Online Processing System and method of terminal applies | |
| CN110535627A (en) | A kind of data query method and block platform chain | |
| CN104243496A (en) | Software defined network cross-domain security agent method and software defined network cross-domain security agent system | |
| CN101777792A (en) | Safety communication system and method of electric network | |
| CN101616405A (en) | Wireless Internet access method and wireless router | |
| CN109298937A (en) | Document analysis method and the network equipment | |
| CN103796343B (en) | M2M gateway devices and its application process | |
| Guo et al. | When network operation meets blockchain: An artificial-intelligence-driven customization service for trusted virtual resources of IoT | |
| Lo et al. | A secure IoT firmware update framework based on MQTT protocol | |
| Flauzac et al. | An SDN approach to route massive data flows of sensor networks | |
| Meng et al. | Residual-adaptive key provisioning in quantum-key-distribution enhanced internet of things (q-iot) | |
| CN105814930A (en) | Charging control device, method and system | |
| Sicari et al. | Secure OM2M service platform | |
| Subhani et al. | A survey of technical challenges in wireless machine-to-machine communication for smart grids | |
| Mishra et al. | MoCCA: A mobile cellular cloud architecture | |
| CN101141307A (en) | Tactical management based method and architecture used for communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201216 Address after: 215163 8 Jinfeng Road, science and Technology City, Suzhou high tech Zone, Jiangsu Patentee after: Suzhou Medical Device Industry Development Co.,Ltd. Address before: 518057 Ministry of justice, Zhongxing building, South Science and technology road, Nanshan District hi tech Industrial Park, Shenzhen, Guangdong Patentee before: ZTE Corp. |
|
| TR01 | Transfer of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method and system of gateway secure access Effective date of registration: 20211209 Granted publication date: 20161214 Pledgee: Suzhou jinhesheng Holding Co.,Ltd. Pledgor: Suzhou Medical Device Industry Development Co.,Ltd. Registration number: Y2021320010540 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20130918 Assignee: Suzhou jinhesheng Holding Co.,Ltd. Assignor: Suzhou Medical Device Industry Development Co.,Ltd. Contract record no.: X2021320010049 Denomination of invention: Method and system of gateway secure access Granted publication date: 20161214 License type: Exclusive License Record date: 20211209 |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 215163 8 Jinfeng Road, science and Technology City, Suzhou high tech Zone, Jiangsu Patentee after: Suzhou Medical Device Industry Development Group Co.,Ltd. Address before: 215163 8 Jinfeng Road, science and Technology City, Suzhou high tech Zone, Jiangsu Patentee before: Suzhou Medical Device Industry Development Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| PM01 | Change of the registration of the contract for pledge of patent right |
Change date: 20230801 Registration number: Y2021320010540 Pledgor after: Suzhou Medical Device Industry Development Group Co.,Ltd. Pledgor before: Suzhou Medical Device Industry Development Co.,Ltd. |
|
| PM01 | Change of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20230804 Granted publication date: 20161214 Pledgee: Suzhou jinhesheng Holding Co.,Ltd. Pledgor: Suzhou Medical Device Industry Development Group Co.,Ltd. Registration number: Y2021320010540 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| EM01 | Change of recordation of patent licensing contract |
Change date: 20230824 Contract record no.: X2021320010049 Assignor after: Suzhou Medical Device Industry Development Group Co.,Ltd. Assignor before: Suzhou Medical Device Industry Development Co.,Ltd. |
|
| EM01 | Change of recordation of patent licensing contract | ||
| EC01 | Cancellation of recordation of patent licensing contract |
Assignee: Suzhou jinhesheng Holding Co.,Ltd. Assignor: Suzhou Medical Device Industry Development Group Co.,Ltd. Contract record no.: X2021320010049 Date of cancellation: 20230830 |
|
| EC01 | Cancellation of recordation of patent licensing contract |