CN107734028A - A kind of things-internet gateway system and its implementation of data safety storage - Google Patents
A kind of things-internet gateway system and its implementation of data safety storage Download PDFInfo
- Publication number
- CN107734028A CN107734028A CN201710948664.4A CN201710948664A CN107734028A CN 107734028 A CN107734028 A CN 107734028A CN 201710948664 A CN201710948664 A CN 201710948664A CN 107734028 A CN107734028 A CN 107734028A
- Authority
- CN
- China
- Prior art keywords
- data
- things
- module
- internet
- internet gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Abstract
The invention discloses the things-internet gateway system and its implementation of a kind of data safety storage, including gateway device, the gateway device includes communication protocol bound cell, main control unit, and the gateway server being connected with main control unit;Wherein described communication protocol bound cell and internet of things equipment physical connection, for externally providing the protocol processes plug-in unit of various internet of things equipment, third party system communication interface;The gateway server includes data acquisition service module, data calculate service module, data storage service module, data encryption services module and data upload service module.The equipment that the present invention solves gateway system accesses technical problem that is quick, supporting multi-client use and raising security of system, data storage is based on cloud computing mode, so as to be applied to sensing layer and Internet isomery, heterogeneous situation, improve the versatility of data-storage system so that data storage is more convenient.
Description
Technical field
The present invention relates to internet of things field, the things-internet gateway system of specifically a kind of data safety storage and in fact
Existing method.
Background technology
Things-internet gateway main function is that solve sensing layer and the communication issue of Internet.A variety of access sides are integrated first
Formula, the key equipment of objective network is uniformly accessed into, realizes local and wide area interconnection.Next play sensing network and communication network it
Between data transfer pivotal role, realize the agreement between sensing network and communication network and between different type sensing network
Conversion.Possesses equipment Management Function again, user is configured and managed to gateway device by the network platform.End user can
To obtain the real time status information of each node of sensing layer, and realize remote control.
With the development of sensor technology, network technology, mobile interchange technology and cloud computing technology, Internet of Things is in intelligence
Building, wisdom cell, building energy conservation, public safety, smart city Deng Ge fields are obtained for and are widely applied.In the market
Things-internet gateway equipment have the disadvantage that:(1) protocol extension is poor:Be mainly manifested in equipment and application field correlation,
Specificity is too strong, and support deficiency is quickly accessed to industry main flow communications protocol and new agreement;(2) availability of data is poor:To access
The initial data of internet of things equipment or subsystem lacks further calculating analysis and storage processing, it is impossible to obtains what is be actually needed
Data after arrangement.(3) it is poor for applicability:Data acquisition single goal of the equipment mostly only as host computer uses, it is impossible to is adapted to
Small-sized Intranet application, the multipurpose combination purpose of large-scale distributed application use;(4) security of system is poor:Generally data are led to
News lack the empowerment management of encryption and remote control, leaking data and illegal control hidden danger be present, reduce whole system
Security.For a set of Internet of Things storage system, because equipment used in sensing layer is from different production firms,
Different manufacturers often uses different data communication protocols, and can not be connected each other between different data communication protocols,
Bottom isomerism and heterogeneity with distinctness.If user needs to gather all data on the whole, more sets are needed not
Same Internet of Things collection and storage system, add cost, simultaneously as the opening of Internet of Things, the collection of data, storage peace
Full blast is nearly bigger.Therefore, the data based on Internet of Things communication protocol are extracted automatically and the method for secure storing based on high in the clouds, will
Data acquisition efficiency and security can significantly be increased.
The content of the invention
It is an object of the invention to provide the things-internet gateway system and its implementation of a kind of data safety storage, with solution
The problem of being proposed in certainly above-mentioned background technology.
A kind of things-internet gateway system of data safety storage, including gateway device, the gateway device include communication protocol
Bound cell, main control unit, and the gateway server being connected with main control unit;Wherein described communication protocol bound cell and thing
Networked devices physical connection, for externally providing the protocol processes plug-in unit of various internet of things equipment, third party system communication interface;
The gateway server includes data acquisition service module, data calculate service module, data storage service module, data encryption
Service module and data upload service module;The main control unit control data collection service module is set according to the Internet of Things of connection
Standby configuration file, communication interaction and data parsing collection are carried out by communication protocol;The main control unit control data calculates clothes
The data that business module, data storage service module obtain to data acquisition service module are calculated and storage processing;The control
Place is encrypted to the data after being computed and storing in unit control data cryptographic service module and data upload service module processed
Externally it is transmitted after reason.
Further, a kind of things-internet gateway system of described data safety storage also includes a service bus, Yi Jitong
Cross the management tool unit that described service bus is connected with the gateway server;The service bus is using a variety of cross-platform
Service interface, for externally provide things-internet gateway system function services;Described management work tool unit includes configuration
Management tool module, web administration tool model and development management tool model;Wherein described configuration management tool module, is used for
User carries out parameter configuration by Local or Remote mode to things-internet gateway system, the management that project is downloaded;The web administration
Tool model, overall operation is carried out to things-internet gateway system by HTTPS agreements for user and monitored;The development management
Tool model, the template type exploitation, assembling management and agreement of communication protocol plug-in unit are carried out to things-internet gateway system for user
Library management.
Further, the communication protocol bound cell includes providing RS232/RS485 strings with internet of things equipment physical connection
All kinds of internet of things equipment of line interface are attached, and all kinds of internet of things equipment with providing RJ45 Ethernet interfaces are connected
Connect.
Further, described gateway server also includes a project configuration service module, for providing things-internet gateway system
The parameters configuration of system;Including:Protocol library configuration, data acquisition configuration, data calculate configuration, data storage configuration, data
Encryption configuration, data upload configuration and database configuration.
Further, described gateway server also includes a monitoring of tools module, is set for providing things-internet gateway system
Standby service data parameter monitoring and control, including CPU, internal memory, network and hard disk use parameter.
Further, the main control unit includes Master control chip, the embedded system being embedded in Master control chip, and
Run on safe wireless short range communication module, application communication module and the secure accessing client modules of embedded system;Its
Middle Master control chip, for data safe processing and storage;Embedded system, for realizing system administration to things-internet gateway;
Safe wireless short range communication module, for realizing the information exchange of gateway and wireless short-range communication terminal;And application communication mould
Block, for realizing the information exchange of things-internet gateway and bus type terminal;Secure accessing client modules, for realizing Internet of Things
The Ethernet trusted communications function of gateway and access application network.Application network coupling part includes ethernet module, WiFi
Module and mobile Internet communication module.
Further, the encryption method that the data encryption services module uses is sets the shifting function in KLEIN algorithms
It is calculated as movable random position r, 16≤r≤63.
Further, in the encryption method, first encryption and decryption random number produces in key agreement phase, later encryption and decryption
Random number be that the 8th byte of ciphertext caused by last time encryption is mapped as number between one 16 to 63.
Another aspect, present invention also offers a kind of implementation method of the things-internet gateway system of data safety storage, adopt
With described things-internet gateway system, comprise the following steps:Step S1, things-internet gateway equipment are connected to by Ethernet interface
The network switch;Step S2, communication protocol bound cell and internet of things equipment physical connection;Step S3, gather service module root
According to the configuration file of the internet of things equipment of connection, communication interaction and data parsing collection are carried out by communication protocol;Step S4, data
Calculate service module, the data that data storage service module obtains to data acquisition service module are calculated and storage processing;
After the data after being computed and storing are encrypted for step S5, data encryption services module and data upload service module
Externally it is transmitted.
Wherein, data storage is based on cloud computing, and its storage method is:
A1:Data source uploads data, system activation parsing module to system;
A2:Parsing module parses to data slot, if successfully resolved, is transferred to step A3;If parsing failure, is transferred to
Step B1;
B1:Data slot is uploaded to Cloud Server by cloud identification module;
B2:Cloud Server to data used by communication protocol parse, corresponding analytical algorithm is downloaded and is added to this
Ground parsing module, it is transferred to step A2;
A3:The randomizer of encrypting module automatically generates one group of random number p, and encrypts and be sent to Cloud Server;
A4:Cloud Server generates key kp according to the algorithm seed sp set in p and server, and kp encryptions are sent to and added
Close module;
A5:Data are encrypted using key kp for encrypting module;
A6:Encrypting module generates RSA public keys, and uses the data after being encrypted in RSA public key encryption keys kp and step A5;
A7:Data after encryption are classified and are stored in cloud database by memory module;
A8:System manager carries out necessary operation by data management module to data.
A kind of things-internet gateway system of data safety storage and the beneficial effect of its implementation of the present invention is to pass through
The communication protocol bound cell of setting, industry main flow built in realization communicate Protocol Plug, there is provided development management instrument and plug-in unit mould
Block, which melts, gives out a contract for a project, and realizes to support quickly accessing for new equipment.Further through the service bus of the opening of setting, service bus uses
A variety of cross-platform service interfaces, multi-client is supported to use.Again by the data encryption module of setting, data message is carried out
Encryption, gateway system is improved in local and the safety and reliability of wide area Interconnection Environment, is entered based on cloud computing mode
Row data storage, suitable for sensing layer and Internet isomery, heterogeneous situation, the versatility of data-storage system is improved, is made
It is more convenient to obtain data storage.
Brief description of the drawings
Fig. 1 is the structural representation of the things-internet gateway system of the data safety storage of the present invention;
Fig. 2 is the wheel improved encryption schematic diagram in the AES of the data encryption services module of the present invention;
Fig. 3 is that the round key extension in the AES of the data encryption services module of the present invention improves schematic diagram.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made
Embodiment, belong to the scope of protection of the invention.
Embodiment 1
As shown in figure 1, the invention provides a kind of things-internet gateway system of data safety storage, including gateway device, the net
Closing equipment includes communication protocol bound cell, main control unit, and the gateway server being connected with main control unit;It is wherein described logical
Protocol Plug unit and internet of things equipment physical connection are believed, for externally providing various internet of things equipment, third party system communication
The protocol processes plug-in unit of interface;The gateway server includes data acquisition service module, data calculate service module, data are deposited
Store up service module, data encryption services module and data upload service module;The main control unit control data collection service mould
Root tuber carries out communication interaction and data parsing collection according to the configuration file of the internet of things equipment of connection by communication protocol;The master
Control unit control data calculates service module, the data that data storage service module obtains to data acquisition service module are counted
Calculate and storage is handled;Described control unit control data cryptographic service module and data upload service module are to being computed and storing
Data afterwards are externally transmitted after being encrypted.
Described gateway server selection C++ modes design a kind of cross-platform plug-in architectures of C/C++, with dynamic base (example
Such as win32DLL) form deployment.New communication protocol plug-in unit is, it is necessary to side according to gateway communication plug-in unit standard interface definition
Formula, complete feature API customized development, including initialization (Init), opening (Open), closing (Close), setting moving type
State (Set Active), detection active state (Is Alive), reading data (Read), reception issue data (Write), received
Active reporting data (On Receive) etc..Wherein in plug-in initialization (Init) method, it is necessary to load it is corresponding " passage-
Equipment-point " acquisition parameter configures.One passage represents a communication link, and for serial ports, a serial ports is exactly a passage,
For TCP/UDP, a port is exactly a passage.Gateway server can have plurality of passages simultaneously.Passage sets such as following table
It is shown:
The data volume set connected under one passage is an equipment.There can be multiple equipment under one passage, each
Equipment has oneself independent data volume set.Shown in device configuration following table:
Equipment is data volume set, and each data item in set is exactly a point.Point is the data finally needed.Point configuration
Shown in following table:
After the completion of configuration, first download configuration is into gateway data storehouse, then restarts the gateway server program of gateway system, first
The loading first configured, after the completion of loading, gateway enters normal running status.
The data acquisition service module is carried out using configuration data to each internet of things equipment of access by communications protocol
Card i/f calls, plug-in unit dispatch deal.Data acquisition configuration basic step be exactly:Newly-built passage->Newly-built equipment->It is newly-built
Point, and said process is repeated according to the quantity of passage, equipment, point.Whether data acquisition configuration is supported currently to connect with implementation project
The communications protocol of the internet of things equipment entered is relevant.Communications protocol such as internet of things equipment is not supported, then needs to develop new plug-in unit
Agreement.
It is serial that the things-internet gateway equipment is provided with USB interface, USB interface, RJ45 Ethernet interfaces and RS232/RS485
Interface.Wherein USB interface and USB interface are used for user by local under things-internet gateway system progress parameter configuration, project
The management of load;RJ45 Ethernet interfaces are used for communication protocol bound cell and set with providing all kinds of Internet of Things of RJ45 Ethernet interfaces
It is standby to be attached;The RS485 serial line interfaces are used for communication protocol bound cell with providing all kinds of Internet of Things of RS485 serial line interfaces
Net equipment is attached, and RS485 serial line interfaces are additionally operable to be connected with external test arrangements, with periodically to things-internet gateway system
System is tested.For example, when things-internet gateway system need tested when, by gateway system by RS485 serial ports with
Engineer station is connected, and special-purpose software is run on engineer station and is communicated with gateway.Tester can be selected by software
The specified signal data in gateway system normal course of operation is monitored, mandatory modification signal instruction can also be sent to gateway system
To change the signal data specified, check whether operation result meets whereby, so as to realize the function of test.
Specifically, described communication protocol bound cell is melted using card module and given out a contract for a project, including including OPC, BACNet,
The communications protocol such as Modbus, SNMP, ODBC.Card module melts the module for industry main flow communication Protocol Plug built in realization of giving out a contract for a project
Hair is melted, is easy to support quickly accessing for new equipment, supports the interface shapes such as serial ports, TCP/IP, WebAPI, ODBC quickly to open
Hair, the protocol extension of gateway system is improved, enrich the range of choice of equipment, the association for solving traditional internet gateway
View autgmentability is poor, and equipment is too strong with application field correlation, specificity, and industry main flow communications protocol and new agreement are quickly accessed
Support the problem of insufficient.OPC:It is the automatic field software interface standard of open tissue OPC foundations issue.OPC technology carries
The standard interface to communicate has been supplied between multiple systems, has realized in isomerous environment and controls the unification of network data to integrate.OPC access sides
Formula has three kinds:Synchronization of access, asynchronous access and subscription access.BACnet:It is the communication protocol for intelligent building, is international mark
Standardization tissue (ISO), ANSI (ANSI) and U.S. heating, Refrigeration & Air-Conditioning SE (ASHRAE) are fixed
The communication protocol of justice.BACnet can be used in HVAC system for the designed communication of the application of intelligent building and control system
System (HVAC, including heating, ventilation, air adjustment) can also be used in Lighting control, gate control system, fire detection system and its phase
The equipment of pass.Advantage is to reduce cost needed for maintenance system, there is provided has the conventional standard agreement of five kinds of industries, increase system expands
Filling property and compatibility.Modbus:It is the open interface of open Tissue distribution formula automation interface tissue, is that first, the whole world is real
Bus protocol for industry spot.Standard Modbus is transmitted using RS232/RS485 serial line interfaces, can also be used
TCP/UDP is transmitted.ODBC:It is the general designation of database access interface, has multitype database to provide access interface in the market and deposit
In difference, ODBC standard conventions access various databases with general-purpose interface and obtain data.
Specifically, described data, which calculate the data that service module obtains to data acquisition service module, carries out secondary meter
Calculate, including conventional, cumulative, time type.Data storage service module, including real-time and data storage is carried out to system data,
System data includes configuration data, real time data, historical data, statistical data analysis, daily record data, and storage mode includes internal memory
Real-time storage and medium permanently store two classes.Service module is calculated by data, the initial data for accessing internet of things equipment is pressed
It need to carry out arranging processing and storage accesses, improve the overall availability of data, reduce the use cost of user.
A kind of things-internet gateway system of described data safety storage also includes a service bus, and by described
The management tool unit that service bus is connected with the gateway server;The service bus is connect using a variety of cross-platform services
Mouthful, for externally providing the function services of things-internet gateway system, including:REST, Web Socket, XMPP and database clothes
Business, support the use of desktop end, Web ends and mobile terminal, can flexibly apply to small-sized Intranet application, large-scale distributed application it is more
Purposes combine scenes, the accommodation of gateway system is improved, reduce the use cost of user.Described management work tool unit bag
Include configuration management tool module, web administration tool model and development management tool model;Wherein described configuration management tool mould
Block, parameter configuration is carried out to things-internet gateway system by Local or Remote mode for user, the management that project is downloaded, wherein
Parameter configuration includes:(1) project name connects string with database;(2) protocol library configures:The configuration item of Protocol Plug:ID, agreement
Title, plugin name, plug-in unit description, version number, Engine Version number;(3) data acquisition configures:For configuring the original of acquisition project
Beginning data, outside " passage-equipment-point " configuration information relevant with Data Collection;(4) data calculate configuration:Standard is adopted
Collecting data item can not directly be collected, it is necessary to be calculated by multiple data item in the project.It is internal with
Data calculate relevant " passage-equipment-point " configuration information;(5) data storage configures:The configuration strategy of data storage with
" task -- point " mode tissue, stored record mode and time interval or changing sensitivity;(6) data encryption configures:Including being
No encryption and encryption method selection;(7) data upload configuration:Including upload mode, data renewal time, whether enable and issue control
System.The web administration tool model, overall operation is carried out to things-internet gateway system by HTTPS agreements for user and supervised
Control;The development management tool model, the template type of things-internet gateway system progress communication protocol plug-in unit is developed for user,
Assembling management and agreement library management.
The communication protocol bound cell includes providing RS232/RS485 serial line interfaces with internet of things equipment physical connection
All kinds of internet of things equipment (such as energy consumption acquisition instrument in practical application, become distributing monitoring system etc.) are attached, Yi Jiyu
All kinds of Internet of Things (such as HVAC control system in practical application, the control of water supply and drainage system of RJ45 Ethernet interfaces are provided
System, Lighting Control Assembly etc.) equipment is attached.
Described gateway server also includes a project configuration service module, for providing the items of things-internet gateway system
Parameter configuration;Including:Protocol library configuration, data acquisition configuration, data calculate configuration, data storage configuration, data encryption configuration,
Data upload configuration and database configuration.
Described gateway server also includes a monitoring of tools module, for providing the operation of things-internet gateway system equipment
Data parameters monitor and control, including CPU, internal memory, network and hard disk use parameter.
The main control unit includes Master control chip, the embedded system being embedded in Master control chip, and runs on
Safe wireless short range communication module, application communication module and the secure accessing client modules of embedded system;Wherein master control
Coremaking piece, for data safe processing and storage;Embedded system, for realizing system administration to things-internet gateway;Safe nothing
Line short range communication module, for realizing the information exchange of gateway and wireless short-range communication terminal;And application communication module, it is used for
Realize the information exchange of things-internet gateway and bus type terminal;Secure accessing client modules, for realize things-internet gateway with
Access the Ethernet trusted communications function of application network.Application network coupling part include ethernet module, WiFi module with
And mobile Internet communication module.Specifically, described Master control chip can use X86 or ARM Master control chips.Optionally,
The application communication module is using such as, but not limited to RS-485/RS-232 application communications module.
Optionally, the encryption method that the data encryption services module uses is such as, but not limited to by KLEIN algorithms
Shifting function be designed as movable random position r, 16≤r≤63.In the encryption method, first encryption and decryption random number is in key
Negotiation phase produces, the random number of later encryption and decryption be the 8th byte of ciphertext caused by last time encryption be mapped as one 16 to
Number between 63.
Specifically, the structure of KLEIN algorithms is typical replacement permutation network, block length is 64, supports 64/80/
90 3 kinds of key lengths, respectively correspond to 12/16/20 wheel encryption, often take turns by InvAddRoundKey, Nibble replacement, Nibble displacement,
Nibble obscures order and formed, and end wheel carries out whitening operation.Using block length as 64, the KLEIN-64 that iteration wheel number is 12 is
Example, illustrates KLEIN round function design details:(1) InvAddRoundKey (Add Round Key):64 input states are close with extending
Key carries out XOR by turn;(2) Nibble replaces (Sub Nibbles):The S boxes that AK outputs are performed to 16 lookup 4*4 operate, S
Box has reciprocal characteristics;(3) Nibble shifts (Rotate Nibbles):SN 64 outputs are moved to left into 2 bytes;(4)
Nibble obscures (Mix Nibbles):By the 4*2 Matrix Multiplications of 8 byte input compositions with AES row confusion matrix M [45], obtain
To 64 outputs.Different with AES, KLEIN last wheel obscures operation without row are deleted.
KLEIN cipher key spreadings are made up of displacement, XOR, lookup S box parts.64 initial keys are divided into 32 bits by left and right
Two parts, perform move to left 1 byte manipulation respectively;It is normal that shift left operation right half part exports the 3rd byte XOR cipher key spreading wheel
Amount, it is left 32 to obtain round key output;Result the 2nd, 3 bytes of shift left operation or so two parts output phase XOR search 4 4*4
S boxes, obtain right 32 of round key output.
In the wheel encryption of KLEIN algorithms and cipher key spreading, shifting function is directed to, wherein wheel encryption cycle moves to left 2
Byte, round key Extended Cyclic move to left 1 byte, are a kind of shifting functions of character-oriented nodal pattern.Such shifting function, software are real
It is now very efficient.For existing algebraically bypass attack and selection plaintext differential attack, the present invention proposes a kind of to KLEIN
The safeguard measure of algorithm, referred to as R- KLEIN algorithms, strengthen the security of KLEIN algorithms, as shown in Figures 2 and 3.
No longer it is 2 fixed bytes to the shifting function in original KLEIN algorithms, but movable random position r (16≤r≤
63).But the problem of such operation brings a communicating pair random number synchronization, there is following 3 kinds of solutions:(a) communication one
It is square to produce random number sequence in advance, communication the opposing party is sent to by safe lane, one is once just left out per encryption and decryption at random
Number, but this scheme is not real enough in actual applications;(b) first encryption and decryption random number produces in key agreement phase, often
It is valid data that secondary encryption and decryption, which actually only has 7 bytes, and the 8th byte is that the encryption side of insertion previously generates one random
Number, for encryption and decryption next time, but so causes effective speed there was only 87.5%;(c) first encryption and decryption random number
Produced in key agreement phase, the random number of later encryption and decryption is exactly that the 8th byte of ciphertext caused by last time encryption is mapped as
One 16 --- 63 number, its mapping method can be defined by user oneself.
The 3rd scheme is best in such scheme, is still replacement operator for shifting function is in place;But with regard to byte
For, be the equal of replacement operator when shifting function is integer byte;When shifting function is not integer byte, equivalent to
Replacement operation.In this operating process, both there may exist replacement operator, it is also possible to replacement operation be present, be it is a kind of not
The state of determination.Similarly, in cipher key spreading operation, key shifting function is not a byte but encryption shifting function digit
R half, i.e. r/2.
Shifting function is realized with software, is than relatively time-consuming.Original KLEIN algorithms, shifting function are integer bytes
Reason, exactly in order to ensure the efficiency of running software.Currently for the attack of KLEIN-64 algorithms, at most occur encrypting 8 wheels
Effectively, therefore, it is relatively low in security requirement, the higher occasion of requirement of real-time, it is possible to reduce encryption iteration number reaches real
The requirement of when property.
Analysis to block cipher, mainly analyze the conversion of nonlinear operation S boxes, it is desirable to which linear operation part is clear and definite
Specifically, the improvement to KLEIN algorithms, has used the method for random number in the shifting function of linear operation so that right at present
The method that block cipher is analyzed loses effect.This method can not still be used KLEIN algorithms, in general point
Group password is equally effective.
Embodiment 2
On the basis of embodiment 1, present invention also offers a kind of realization side of the things-internet gateway system of data safety storage
Method, the things-internet gateway system stored using a kind of described data safety, is comprised the following steps:Step S1, things-internet gateway
Equipment is connected to the network switch by Ethernet interface;Step S2, communication protocol bound cell connect with internet of things equipment physics
Connect;Step S3, collection service module according to the configuration file of the internet of things equipment of connection, by communication protocol carry out communication interaction and
Data parsing collection;Step S4, data calculate service module, data storage service module obtains to data acquisition service module
Data are calculated and storage processing;Step S5, data encryption services module and data upload service module are to being computed and depositing
Data after storage are externally transmitted after being encrypted.
Wherein, data storage is based on cloud computing, and its storage method is:
A1:Data source uploads data, system activation parsing module to system;
A2:Parsing module parses to data slot, if successfully resolved, is transferred to step A3;If parsing failure, is transferred to
Step B1;
B1:Data slot is uploaded to Cloud Server by cloud identification module;
B2:Cloud Server to data used by communication protocol parse, corresponding analytical algorithm is downloaded and is added to this
Ground parsing module, it is transferred to step A2;
A3:The randomizer of encrypting module automatically generates one group of random number p, and encrypts and be sent to Cloud Server;
A4:Cloud Server generates key kp according to the algorithm seed sp set in p and server, and kp encryptions are sent to and added
Close module;
A5:Data are encrypted using key kp for encrypting module;
A6:Encrypting module generates RSA public keys, and uses the data after being encrypted in RSA public key encryption keys kp and step A5;
A7:Data after encryption are classified and are stored in cloud database by memory module;
A8:System manager carries out necessary operation by data management module to data.
The memory module, the data after encryption can be divided data according to data type, data acquisition time etc.
Class, then it is stored in corresponding cloud database.
The things-internet gateway system and its implementation of a kind of data safety storage of the present invention, in specific Intranet application
In, the communication server that the present invention can manage host computer as local monitor uses, by the number of all kinds of internet of things equipment in system
According to automatic data collection to gateway, there is provided used to monitoring management host computer., can be by the requirement again of host computer when Network Abnormal
System data is passed, improves the safety and stability of system data transmission.
In specific small-sized Intranet application, the present invention can use as the monitoring management main frame of local, will be each in system
The automatic data collection of class internet of things equipment is calculated and stored to intra-gateway, and the control instruction for receiving monitoring system is sent
Actually performed on to internet of things equipment.
In specific large-scale distributed application, the present invention can use as multisegment gateway router, i.e., as local
Gateway, gateway use is uploaded, different settings are carried out to the network address of gateway, different sieves can be done to the gathered data of gateway
Choosing, encryption and upload.
It is complete by above-mentioned description, relevant staff using the above-mentioned desirable embodiment according to the present invention as enlightenment
Various changes and amendments can be carried out without departing from the scope of the technological thought of the present invention' entirely.The technology of this invention
Property scope is not limited to the content on specification, it is necessary to determines its technical scope according to right.
Claims (10)
1. a kind of things-internet gateway system of data safety storage, it is characterised in that including gateway device, the gateway device includes
Communication protocol bound cell, main control unit, and the gateway server being connected with main control unit;Wherein described communication protocol plug-in unit
Unit and internet of things equipment physical connection, for externally providing the agreement of various internet of things equipment, third party system communication interface
Handle plug-in unit;The gateway server includes data acquisition service module, data calculate service module, data storage service mould
Block, data encryption services module and data upload service module;The main control unit control data collection service module is according to even
The configuration file of the internet of things equipment connect, communication interaction and data parsing collection are carried out by communication protocol;The main control unit control
The data that data processed calculate service module, data storage service module obtains to data acquisition service module are calculated and stored
Processing;Described control unit control data cryptographic service module and data upload service module are to the data after being computed and storing
Externally it is transmitted after being encrypted.
A kind of 2. things-internet gateway system of data safety storage according to claim 1, it is characterised in that described thing
Networking gateway system also includes a service bus, and the management being connected by described service bus with the gateway server
Tool unit;The service bus uses a variety of cross-platform service interfaces, for externally providing the work(of things-internet gateway system
Can service;Described management work tool unit includes configuration management tool module, web administration tool model and development management instrument
Module;Wherein described configuration management tool module, things-internet gateway system is carried out by Local or Remote mode for user
The management that parameter configuration, project are downloaded;The web administration tool model, for user by HTTPS agreements to things-internet gateway
System carries out overall operation monitoring;The development management tool model, things-internet gateway system is communicated for user
Template type exploitation, assembling management and the agreement library management of Protocol Plug.
A kind of 3. things-internet gateway system of data safety storage according to claim 2, it is characterised in that the communication
All kinds of internet of things equipment that Protocol Plug unit includes providing RS232/RS485 serial line interfaces with internet of things equipment physical connection enter
Row connection, and all kinds of internet of things equipment with providing RJ45 Ethernet interfaces are attached.
A kind of 4. things-internet gateway system of data safety storage according to claim 3, it is characterised in that described net
Closing server also includes a project configuration service module, and the parameters for providing things-internet gateway system configure;Including:Association
Discuss storehouse configuration, data acquisition configuration, data calculating configuration, data storage configuration, data encryption configuration, data upload configuration sum
Configured according to storehouse.
A kind of 5. things-internet gateway system of data safety storage according to claim 4, it is characterised in that described net
Closing server also includes a monitoring of tools module, and the service data parameter for providing things-internet gateway system equipment monitors and control
System, including CPU, internal memory, network and hard disk use parameter.
A kind of 6. things-internet gateway system of data safety storage according to claim 1, it is characterised in that the master control
Unit includes Master control chip, the embedded system being embedded in Master control chip, and runs on the safety of embedded system
Wireless short range communication module, application communication module and secure accessing client modules;Wherein Master control chip, pacify for data
Full processing and storage;Embedded system, for realizing system administration to things-internet gateway;Safe wireless short range communication module, use
In the information exchange for realizing gateway and wireless short-range communication terminal;And application communication module, for realize things-internet gateway with
The information exchange of bus type terminal;Secure accessing client modules, for realize things-internet gateway with access application network with
Too network trusted communication function.
A kind of 7. things-internet gateway system of data safety storage according to claim 1, it is characterised in that the data
The encryption method that cryptographic service module uses for by the shifting function in KLEIN algorithms be designed as movable random position r, 16≤r≤
63。
A kind of 8. things-internet gateway system of data safety storage according to claim 7, it is characterised in that the encryption
In method, first encryption and decryption random number produces in key agreement phase, and the random number of later encryption and decryption is that last time encryption produces
The 8th byte of ciphertext be mapped as number between one 16 to 63.
9. a kind of implementation method of the things-internet gateway system of data safety storage, it is characterised in that using such as claim 1-8
Any described things-internet gateway system, comprises the following steps:
Step S1, things-internet gateway equipment are connected to the network switch by Ethernet interface;
Step S2, communication protocol bound cell and internet of things equipment physical connection;
Step S3, collection service module carry out communication interaction according to the configuration file of the internet of things equipment of connection by communication protocol
Parse and gather with data;
Step S4, the data that data calculate service module, data storage service module obtains to data acquisition service module are carried out
Calculate and storage is handled;
Place is encrypted to the data after being computed and storing in step S5, data encryption services module and data upload service module
Externally it is transmitted after reason.
10. a kind of implementation method of the things-internet gateway system of data safety storage according to claim 9, its feature exist
In data storage is based on cloud computing, and its storage method is:
A1:Data source uploads data, system activation parsing module to system;
A2:Parsing module parses to data slot, if successfully resolved, is transferred to step A3;If parsing failure, is transferred to step
Rapid B1;
B1:Data slot is uploaded to Cloud Server by cloud identification module;
B2:Cloud Server to data used by communication protocol parse, corresponding analytical algorithm is downloaded and is added to this
Ground parsing module, it is transferred to step A2;
A3:The randomizer of encrypting module automatically generates one group of random number p, and encrypts and be sent to Cloud Server;
A4:Cloud Server generates key kp according to the algorithm seed sp set in p and server, and kp encryptions are sent into encryption
Module;
A5:Data are encrypted using key kp for encrypting module;
A6:Encrypting module generates RSA public keys, and uses the data after being encrypted in RSA public key encryption keys kp and step A5;
A7:Data after encryption are classified and are stored in cloud database by memory module;
A8:System manager carries out necessary operation by data management module to data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710948664.4A CN107734028A (en) | 2017-10-12 | 2017-10-12 | A kind of things-internet gateway system and its implementation of data safety storage |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710948664.4A CN107734028A (en) | 2017-10-12 | 2017-10-12 | A kind of things-internet gateway system and its implementation of data safety storage |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107734028A true CN107734028A (en) | 2018-02-23 |
Family
ID=61210390
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710948664.4A Pending CN107734028A (en) | 2017-10-12 | 2017-10-12 | A kind of things-internet gateway system and its implementation of data safety storage |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107734028A (en) |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108521472A (en) * | 2018-06-07 | 2018-09-11 | 辽宁邮电规划设计院有限公司 | A kind of IOT systems based on public mobile communications network |
CN108536469A (en) * | 2018-05-28 | 2018-09-14 | 苏州德姆斯信息技术有限公司 | Internet of Things data resolution system based on configuration script and analytic method |
CN109164776A (en) * | 2018-10-10 | 2019-01-08 | 江苏极熵物联科技有限公司 | A kind of distribution type data collection method towards industrial equipment |
CN109167829A (en) * | 2018-08-23 | 2019-01-08 | 北方工业大学 | Internet of things communication method and cloud gateway |
CN109284619A (en) * | 2018-11-07 | 2019-01-29 | 重庆光电信息研究院有限公司 | The region Locating Type edge calculations system and method for heterologous city Internet of Things |
CN110138655A (en) * | 2019-07-02 | 2019-08-16 | 佳源科技有限公司 | A kind of comprehensive energy gateway based on Internet of Things |
CN110581888A (en) * | 2019-09-06 | 2019-12-17 | 北京方研矩行科技有限公司 | management method, gateway and system for terminal security session of Internet of things |
CN110611610A (en) * | 2019-08-27 | 2019-12-24 | 江苏斯菲尔电气股份有限公司 | Embedded Internet of things energy gateway and Internet of things system |
CN112016104A (en) * | 2020-07-14 | 2020-12-01 | 北京淇瑀信息科技有限公司 | Encryption method, device and system for financial sensitive data |
CN112153125A (en) * | 2020-09-11 | 2020-12-29 | 福建星网视易信息系统有限公司 | Internet of things implementation method, intelligent control box and digital entertainment system based on Internet of things |
CN112187546A (en) * | 2020-09-30 | 2021-01-05 | 福建星网视易信息系统有限公司 | Data management method and system based on Internet of things |
CN112671637A (en) * | 2020-12-29 | 2021-04-16 | 南京衍构科技有限公司 | Data acquisition network relation and method supporting multi-industry protocol |
CN112866182A (en) * | 2019-11-28 | 2021-05-28 | 浙江宇视科技有限公司 | Data interfacing method, device and computer-readable storage medium |
CN113609048A (en) * | 2021-07-20 | 2021-11-05 | 国网天津市电力公司 | Cloud-side business collaborative interaction method for power Internet of things |
CN114338289A (en) * | 2022-01-07 | 2022-04-12 | 德微电技术(深圳)有限公司 | Intelligent Internet of things equipment gateway system |
CN114363122A (en) * | 2021-12-31 | 2022-04-15 | 科大讯飞股份有限公司 | Gateway device and device access system |
CN115314571A (en) * | 2022-06-20 | 2022-11-08 | 国网信息通信产业集团有限公司 | Cloud protocol gateway implementation method and system supporting heterogeneous device access |
CN115484131A (en) * | 2022-08-31 | 2022-12-16 | 江苏奥立信数字科技有限公司 | Internet of things gateway and equipment data storage system for same |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103701848A (en) * | 2013-11-07 | 2014-04-02 | 江南大学 | Internet of Things data security storage method based on cloud computing and system |
CN106790605A (en) * | 2016-12-29 | 2017-05-31 | 深圳新基点智能股份有限公司 | A kind of things-internet gateway system and its implementation |
-
2017
- 2017-10-12 CN CN201710948664.4A patent/CN107734028A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103701848A (en) * | 2013-11-07 | 2014-04-02 | 江南大学 | Internet of Things data security storage method based on cloud computing and system |
CN106790605A (en) * | 2016-12-29 | 2017-05-31 | 深圳新基点智能股份有限公司 | A kind of things-internet gateway system and its implementation |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108536469A (en) * | 2018-05-28 | 2018-09-14 | 苏州德姆斯信息技术有限公司 | Internet of Things data resolution system based on configuration script and analytic method |
CN108521472A (en) * | 2018-06-07 | 2018-09-11 | 辽宁邮电规划设计院有限公司 | A kind of IOT systems based on public mobile communications network |
CN109167829B (en) * | 2018-08-23 | 2019-05-28 | 北方工业大学 | Internet of things communication method and cloud gateway |
CN109167829A (en) * | 2018-08-23 | 2019-01-08 | 北方工业大学 | Internet of things communication method and cloud gateway |
CN109164776A (en) * | 2018-10-10 | 2019-01-08 | 江苏极熵物联科技有限公司 | A kind of distribution type data collection method towards industrial equipment |
CN109284619A (en) * | 2018-11-07 | 2019-01-29 | 重庆光电信息研究院有限公司 | The region Locating Type edge calculations system and method for heterologous city Internet of Things |
CN109284619B (en) * | 2018-11-07 | 2022-05-06 | 重庆光电信息研究院有限公司 | Regional fixed edge computing system and method for heterogeneous city Internet of things |
CN110138655A (en) * | 2019-07-02 | 2019-08-16 | 佳源科技有限公司 | A kind of comprehensive energy gateway based on Internet of Things |
CN110611610A (en) * | 2019-08-27 | 2019-12-24 | 江苏斯菲尔电气股份有限公司 | Embedded Internet of things energy gateway and Internet of things system |
CN110581888A (en) * | 2019-09-06 | 2019-12-17 | 北京方研矩行科技有限公司 | management method, gateway and system for terminal security session of Internet of things |
CN112866182A (en) * | 2019-11-28 | 2021-05-28 | 浙江宇视科技有限公司 | Data interfacing method, device and computer-readable storage medium |
CN112866182B (en) * | 2019-11-28 | 2023-05-23 | 浙江宇视科技有限公司 | Data docking method, device and computer readable storage medium |
CN112016104A (en) * | 2020-07-14 | 2020-12-01 | 北京淇瑀信息科技有限公司 | Encryption method, device and system for financial sensitive data |
CN112016104B (en) * | 2020-07-14 | 2024-04-23 | 北京淇瑀信息科技有限公司 | Encryption method, device and system for financial sensitive data |
CN112153125A (en) * | 2020-09-11 | 2020-12-29 | 福建星网视易信息系统有限公司 | Internet of things implementation method, intelligent control box and digital entertainment system based on Internet of things |
CN112153125B (en) * | 2020-09-11 | 2023-08-18 | 福建星网视易信息系统有限公司 | Internet of things implementation method, intelligent control box and digital entertainment system based on Internet of things |
CN112187546A (en) * | 2020-09-30 | 2021-01-05 | 福建星网视易信息系统有限公司 | Data management method and system based on Internet of things |
CN112671637A (en) * | 2020-12-29 | 2021-04-16 | 南京衍构科技有限公司 | Data acquisition network relation and method supporting multi-industry protocol |
CN113609048A (en) * | 2021-07-20 | 2021-11-05 | 国网天津市电力公司 | Cloud-side business collaborative interaction method for power Internet of things |
CN114363122A (en) * | 2021-12-31 | 2022-04-15 | 科大讯飞股份有限公司 | Gateway device and device access system |
CN114363122B (en) * | 2021-12-31 | 2024-02-13 | 科大讯飞股份有限公司 | Gateway device and device access system |
CN114338289A (en) * | 2022-01-07 | 2022-04-12 | 德微电技术(深圳)有限公司 | Intelligent Internet of things equipment gateway system |
CN115314571A (en) * | 2022-06-20 | 2022-11-08 | 国网信息通信产业集团有限公司 | Cloud protocol gateway implementation method and system supporting heterogeneous device access |
CN115484131A (en) * | 2022-08-31 | 2022-12-16 | 江苏奥立信数字科技有限公司 | Internet of things gateway and equipment data storage system for same |
CN115484131B (en) * | 2022-08-31 | 2024-04-12 | 江苏奥立信数字科技有限公司 | Internet of things gateway and equipment data storage system for same |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107734028A (en) | A kind of things-internet gateway system and its implementation of data safety storage | |
CN106790605A (en) | A kind of things-internet gateway system and its implementation | |
CN104932364B (en) | The OPC UA conversion equipments and method of a kind of Modbus communications protocol | |
CN108123931A (en) | Ddos attack defence installation and method in a kind of software defined network | |
CN102280929B (en) | System for information safety protection of electric power supervisory control and data acquisition (SCADA) system | |
CN104936312B (en) | The method of work of Internet of Things intelligent node with data prediction and equipment Management Function | |
CN112995022A (en) | Industrial Internet of things gateway | |
CN104468609A (en) | Data collection gateway of internet of things and data encryption method | |
CN108319161A (en) | A kind of industry SCADA system emulation platform | |
CN104793612B (en) | A kind of UAV ground control station's test and collecting method and its system | |
CN105653315A (en) | Block chain technology-based node operation system downloading method | |
CN104283897A (en) | Trojan horse communication feature fast extraction method based on clustering analysis of multiple data streams | |
CN101753639B (en) | Service role recognition method based on flow communication mode | |
CN104539502A (en) | Method for adding modbus equipment in customized manner | |
CN102438017B (en) | Routing function-based conversion apparatus of Modbus protocol and BACnet Ethernet protocol and conversion method thereof | |
CN105978738A (en) | Distributed energy consumption monitoring unit based on smart Internet of things and monitoring method | |
CN104751282A (en) | Energy supervision information sharing system and method | |
CN103220136A (en) | Internet of things intelligent electricity meter with embedded information security management module | |
CN201048388Y (en) | Blade server based kilomega switching blade | |
CN107466478A (en) | Between the Optimization deployment and BLE equipment of BLE networks the effect of data exchange and safety management | |
Wu et al. | A secure system framework for an agricultural IoT application | |
Zhang et al. | Nonintrusive load management based on distributed edge and secure key agreement | |
CN107465716A (en) | Structure of network instrument system and method based on LXI buses | |
De Stefani et al. | Renvdb, a restful database for pervasive environmental wireless sensor networks | |
CN107925630A (en) | Communication strategy control in machine-to-machine communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180223 |